diff options
-rw-r--r-- | pcr/tcpcrypt/PKGBUILD | 21 | ||||
-rw-r--r-- | pcr/tcpcrypt/PKGBUILD.sig | bin | 543 -> 543 bytes | |||
-rw-r--r-- | pcr/tcpcrypt/tcpcrypt.install | 26 | ||||
-rw-r--r-- | pcr/tcpcrypt/tcpcrypt.service | 12 |
4 files changed, 42 insertions, 17 deletions
diff --git a/pcr/tcpcrypt/PKGBUILD b/pcr/tcpcrypt/PKGBUILD index be0373beb..28ace4614 100644 --- a/pcr/tcpcrypt/PKGBUILD +++ b/pcr/tcpcrypt/PKGBUILD @@ -1,6 +1,7 @@ # Maintainer: Luke R. <g4jc@openmailbox.org> GPG: rsa4096/3EAE8697 # Contributor: Marti Raudsepp <marti@juffo.org> # Contributor: mutantmonkey <aur@mutantmonkey.in> +# Contributor: grawity pkgname=tcpcrypt pkgver=0.3 @@ -10,28 +11,26 @@ arch=(i686 x86_64) url="http://tcpcrypt.org/" license=('BSD') depends=('libnetfilter_queue' 'openssl' 'iptables') -makedepends=('git' 'sed') +makedepends=('git' 'sed' 'openssl') provides=('tcpcrypt') conflicts=('tcpcrypt') source=('https://github.com/scslab/tcpcrypt/archive/v0.3-rc1.tar.gz' 'PKGBUILD.sig' 'PKGBUILD' -'tcpcrypt.service') +'tcpcrypt.service' +'tcpcrypt.install') +install='tcpcrypt.install' validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key sha512sums=('53fcbe63bd0cd65d50341312972f393620058269cf027d283ca033392d6582cf7c0a4478ec21e37f5dd24b62381aa33915179e235e204c3be9243428a0744fa7' 'SKIP' 'SKIP' -'eb13ebcbe5cf30d7f28cedf1c3f911904860f30eba589ef58400634b3622c0de0e1209d4dd82f903e3f165dd2fb48751f0bbdc0473ff57ed88fbdba7d82ef039') +'f44342325e831a94ed24cd5d2838dfc64d84d0eaceab13f1928c754db51ccc29f643c5ef2dab022f3000f1b82214f1a4b97388e5c2475e0401041d2fff747da8' +'0d64943f2bc778cbf1a52debe349413f00b729d605d26f35e1335c8e4c0f9aff8526593835d48e4e4847e0fcada2c6a980f60baddb2c66eb445099a9f89bdaeb') pkgver() { tar -ztvf $pkgname-$pkgver.tar.gz | head -n1 | awk '{print $6}' | sed "s/tcpcrypt-//" | sed "s/\///" # get latest version number } -prepare() { - cd $_gitname -## TO-DO Reinsert patch for systemd here. -} - build() { gpg --verify PKGBUILD.sig PKGBUILD echo "Note: If the GPG verification fails, import the PKGBUILD maintainer's GPG key. See: https://wiki.parabola.nu/GnuPG#Import_key" @@ -43,13 +42,9 @@ build() { } package() { - cd $srcdir/$pkgname-$pkgver-rc1 - sed -i 's.TCPCRYPTD=`dirname $0`/src/tcpcryptd.TCPCRYPTD=/usr/local/bin/tcpcryptd\ -f\ -C\ aes.g' launch_tcpcryptd.sh # Makes it so we can use the test launcher script in /usr/bin as well as skip the built-in test and use AES. - sed -i 's.OMIT_PORTS="22.OMIT_PORTS= # "22.g' launch_tcpcryptd.sh # Make it run on ALL ports cd $srcdir/$pkgname-$pkgver make DESTDIR=$pkgdir install install -Dm644 $srcdir/$pkgname-$pkgver-rc1/LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE - install -Dm644 $srcdir/$pkgname-$pkgver-rc1/launch_tcpcryptd.sh $pkgdir/usr/bin/launch_tcpcryptd.sh - install -Dm644 "$srcdir"/tcpcrypt.service "$pkgdir"/usr/lib/systemd/system + install -Dm644 "$srcdir"/tcpcrypt.service "$pkgdir"/usr/lib/systemd/system/tcpcrypt.service } diff --git a/pcr/tcpcrypt/PKGBUILD.sig b/pcr/tcpcrypt/PKGBUILD.sig Binary files differindex 720629c1b..693404f57 100644 --- a/pcr/tcpcrypt/PKGBUILD.sig +++ b/pcr/tcpcrypt/PKGBUILD.sig diff --git a/pcr/tcpcrypt/tcpcrypt.install b/pcr/tcpcrypt/tcpcrypt.install new file mode 100644 index 000000000..0bf2ed9bd --- /dev/null +++ b/pcr/tcpcrypt/tcpcrypt.install @@ -0,0 +1,26 @@ +post_install() { +JAIL_DIR=/var/run/tcpcryptd +JAIL_USER=tcpcryptd + if [ ! -d "$JAIL_DIR" ] + then + echo "Creating jail directory $JAIL_DIR" + (umask 077 && mkdir $JAIL_DIR) + fi + + id $JAIL_USER >/dev/null 2>&1 + if [ $? -ne 0 ] + then + echo "Creating user and group '$JAIL_USER'" + useradd -s /nonexistent -d /nonexistent -M -U $JAIL_USER + fi +} + +post_upgrade() { + post_install $1 +} + +pre_remove() { + userdel tcpcryptd &>/dev/null + groupdel tcpcryptd &>/dev/null + rm -rf /var/run/tcpcryptd +}
\ No newline at end of file diff --git a/pcr/tcpcrypt/tcpcrypt.service b/pcr/tcpcrypt/tcpcrypt.service index 99784c7c0..b83a7b65c 100644 --- a/pcr/tcpcrypt/tcpcrypt.service +++ b/pcr/tcpcrypt/tcpcrypt.service @@ -1,10 +1,14 @@ [Unit] -Description=Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. (If servers also run tcpcrypt.) +Description=Network traffic encryption (tcpcrypt) After=network.target [Service] -ExecStart=/usr/bin/launch_tcpcryptd.sh -Restart=on-abort +ExecStart=/usr/bin/tcpcryptd -f -C aes -U tcpcryptd -J /var/run/tcpcryptd -p 777 +PrivateDevices=yes +ExecStartPost=/usr/bin/iptables -I INPUT ! -i lo -p tcp -j NFQUEUE --queue-num 777 +ExecStartPost=/usr/bin/iptables -I OUTPUT ! -o lo -p tcp -j NFQUEUE --queue-num 777 +ExecStopPost=/usr/bin/iptables -D INPUT ! -i lo -p tcp -j NFQUEUE --queue-num 777 +ExecStopPost=/usr/bin/iptables -D OUTPUT ! -o lo -p tcp -j NFQUEUE --queue-num 777 [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target
\ No newline at end of file |