summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pcr/tcpcrypt/PKGBUILD21
-rw-r--r--pcr/tcpcrypt/PKGBUILD.sigbin543 -> 543 bytes
-rw-r--r--pcr/tcpcrypt/tcpcrypt.install26
-rw-r--r--pcr/tcpcrypt/tcpcrypt.service12
4 files changed, 42 insertions, 17 deletions
diff --git a/pcr/tcpcrypt/PKGBUILD b/pcr/tcpcrypt/PKGBUILD
index be0373beb..28ace4614 100644
--- a/pcr/tcpcrypt/PKGBUILD
+++ b/pcr/tcpcrypt/PKGBUILD
@@ -1,6 +1,7 @@
# Maintainer: Luke R. <g4jc@openmailbox.org> GPG: rsa4096/3EAE8697
# Contributor: Marti Raudsepp <marti@juffo.org>
# Contributor: mutantmonkey <aur@mutantmonkey.in>
+# Contributor: grawity
pkgname=tcpcrypt
pkgver=0.3
@@ -10,28 +11,26 @@ arch=(i686 x86_64)
url="http://tcpcrypt.org/"
license=('BSD')
depends=('libnetfilter_queue' 'openssl' 'iptables')
-makedepends=('git' 'sed')
+makedepends=('git' 'sed' 'openssl')
provides=('tcpcrypt')
conflicts=('tcpcrypt')
source=('https://github.com/scslab/tcpcrypt/archive/v0.3-rc1.tar.gz'
'PKGBUILD.sig'
'PKGBUILD'
-'tcpcrypt.service')
+'tcpcrypt.service'
+'tcpcrypt.install')
+install='tcpcrypt.install'
validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key
sha512sums=('53fcbe63bd0cd65d50341312972f393620058269cf027d283ca033392d6582cf7c0a4478ec21e37f5dd24b62381aa33915179e235e204c3be9243428a0744fa7'
'SKIP'
'SKIP'
-'eb13ebcbe5cf30d7f28cedf1c3f911904860f30eba589ef58400634b3622c0de0e1209d4dd82f903e3f165dd2fb48751f0bbdc0473ff57ed88fbdba7d82ef039')
+'f44342325e831a94ed24cd5d2838dfc64d84d0eaceab13f1928c754db51ccc29f643c5ef2dab022f3000f1b82214f1a4b97388e5c2475e0401041d2fff747da8'
+'0d64943f2bc778cbf1a52debe349413f00b729d605d26f35e1335c8e4c0f9aff8526593835d48e4e4847e0fcada2c6a980f60baddb2c66eb445099a9f89bdaeb')
pkgver() {
tar -ztvf $pkgname-$pkgver.tar.gz | head -n1 | awk '{print $6}' | sed "s/tcpcrypt-//" | sed "s/\///" # get latest version number
}
-prepare() {
- cd $_gitname
-## TO-DO Reinsert patch for systemd here.
-}
-
build() {
gpg --verify PKGBUILD.sig PKGBUILD
echo "Note: If the GPG verification fails, import the PKGBUILD maintainer's GPG key. See: https://wiki.parabola.nu/GnuPG#Import_key"
@@ -43,13 +42,9 @@ build() {
}
package() {
- cd $srcdir/$pkgname-$pkgver-rc1
- sed -i 's.TCPCRYPTD=`dirname $0`/src/tcpcryptd.TCPCRYPTD=/usr/local/bin/tcpcryptd\ -f\ -C\ aes.g' launch_tcpcryptd.sh # Makes it so we can use the test launcher script in /usr/bin as well as skip the built-in test and use AES.
- sed -i 's.OMIT_PORTS="22.OMIT_PORTS= # "22.g' launch_tcpcryptd.sh # Make it run on ALL ports
cd $srcdir/$pkgname-$pkgver
make DESTDIR=$pkgdir install
install -Dm644 $srcdir/$pkgname-$pkgver-rc1/LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
- install -Dm644 $srcdir/$pkgname-$pkgver-rc1/launch_tcpcryptd.sh $pkgdir/usr/bin/launch_tcpcryptd.sh
- install -Dm644 "$srcdir"/tcpcrypt.service "$pkgdir"/usr/lib/systemd/system
+ install -Dm644 "$srcdir"/tcpcrypt.service "$pkgdir"/usr/lib/systemd/system/tcpcrypt.service
}
diff --git a/pcr/tcpcrypt/PKGBUILD.sig b/pcr/tcpcrypt/PKGBUILD.sig
index 720629c1b..693404f57 100644
--- a/pcr/tcpcrypt/PKGBUILD.sig
+++ b/pcr/tcpcrypt/PKGBUILD.sig
Binary files differ
diff --git a/pcr/tcpcrypt/tcpcrypt.install b/pcr/tcpcrypt/tcpcrypt.install
new file mode 100644
index 000000000..0bf2ed9bd
--- /dev/null
+++ b/pcr/tcpcrypt/tcpcrypt.install
@@ -0,0 +1,26 @@
+post_install() {
+JAIL_DIR=/var/run/tcpcryptd
+JAIL_USER=tcpcryptd
+ if [ ! -d "$JAIL_DIR" ]
+ then
+ echo "Creating jail directory $JAIL_DIR"
+ (umask 077 && mkdir $JAIL_DIR)
+ fi
+
+ id $JAIL_USER >/dev/null 2>&1
+ if [ $? -ne 0 ]
+ then
+ echo "Creating user and group '$JAIL_USER'"
+ useradd -s /nonexistent -d /nonexistent -M -U $JAIL_USER
+ fi
+}
+
+post_upgrade() {
+ post_install $1
+}
+
+pre_remove() {
+ userdel tcpcryptd &>/dev/null
+ groupdel tcpcryptd &>/dev/null
+ rm -rf /var/run/tcpcryptd
+} \ No newline at end of file
diff --git a/pcr/tcpcrypt/tcpcrypt.service b/pcr/tcpcrypt/tcpcrypt.service
index 99784c7c0..b83a7b65c 100644
--- a/pcr/tcpcrypt/tcpcrypt.service
+++ b/pcr/tcpcrypt/tcpcrypt.service
@@ -1,10 +1,14 @@
[Unit]
-Description=Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. (If servers also run tcpcrypt.)
+Description=Network traffic encryption (tcpcrypt)
After=network.target
[Service]
-ExecStart=/usr/bin/launch_tcpcryptd.sh
-Restart=on-abort
+ExecStart=/usr/bin/tcpcryptd -f -C aes -U tcpcryptd -J /var/run/tcpcryptd -p 777
+PrivateDevices=yes
+ExecStartPost=/usr/bin/iptables -I INPUT ! -i lo -p tcp -j NFQUEUE --queue-num 777
+ExecStartPost=/usr/bin/iptables -I OUTPUT ! -o lo -p tcp -j NFQUEUE --queue-num 777
+ExecStopPost=/usr/bin/iptables -D INPUT ! -i lo -p tcp -j NFQUEUE --queue-num 777
+ExecStopPost=/usr/bin/iptables -D OUTPUT ! -o lo -p tcp -j NFQUEUE --queue-num 777
[Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target \ No newline at end of file