# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 PortSystem 1.0 PortGroup perl5 1.0 perl5.require_variant yes perl5.conflict_variants yes perl5.branches 5.28 5.30 5.32 5.34 perl5.default_branch 5.34 perl5.create_variants ${perl5.branches} name wallet version 1.3 revision 2 categories net security license MIT maintainers kornel.us:karl openmaintainer description Kerberos-authenticated secure data management long_description The wallet is a system for managing secure data, \ authorization rules to retrieve or change that data, \ and audit rules for documenting actions taken on that \ data. Objects of various types may be stored in the \ wallet or generated on request and retrieved by \ authorized users. The wallet tracks ACLs, metadata, \ and trace information. It uses Kerberos \ authentication. One of the object types it supports \ is Kerberos keytabs, making it suitable as a \ user-accessible front-end to Kerberos kadmind with \ richer ACL and metadata operations. homepage https://eyrie.org/~eagle/software/wallet/ master_sites https://archives.eyrie.org/software/kerberos/ \ https://archives.eyrie.org/software/ARCHIVE/wallet/ checksums rmd160 188b3561fcffe99342fcfb1312b58df3f3d919b5 \ sha256 676d3d6e407509fc9da1dd87d98fadc71920dabfbc4bdeb8cde5e2bc937268b8 \ size 475277 # Start with the dependencies we know we need depends_lib-append port:kerberos5 \ port:remctl # Add a dependency on Module::Build # Used during build only # remove unnecessary conditional # perl5.major is always set in this context depends_build-append \ port:p${perl5.major}-module-build # wallet 1.3 does not support Perl paths other than /usr/bin/perl, nor does it # support perl binaries not named "perl". The perl/Build.PL script is also # missing some testing prerequisites. # Since we are patching autoconf and automake files, we need autoreconf. patchfiles patch-autogen.diff \ patch-configure.ac.diff \ patch-Makefile.am.diff \ patch-README.diff \ patch-perl-Build.PL.diff \ patch-portable-system.h.diff \ patch-rename-server-keytab-backend.diff \ patch-rename-server-wallet-admin.diff \ patch-rename-server-wallet-backend.diff \ patch-rename-server-wallet-report.diff \ patch-tests-client-full-t.in.diff \ patch-tests-client-prompt-t.in.diff use_autoreconf yes # Use configure, and pass in the paths to MacPorts kerberos5, remctl, and perl. configure.args --enable-reduced-depends \ --with-remctl=${prefix} \ PATH_KRB5_CONFIG=${prefix}/bin/krb5-config \ PERL=${perl5.bin} # Our top-level port installs the Wallet client. # The Wallet client is just a couple of binaries, plus man pages and docs. # We override the destroot to just install client stuff. destroot { # First, install common files from the distribution xinstall -d ${destroot}${prefix}/share/doc/wallet xinstall -m 644 ${worksrcpath}/LICENSE \ ${worksrcpath}/NEWS \ ${worksrcpath}/README \ ${worksrcpath}/TODO \ ${destroot}${prefix}/share/doc/wallet # Install the wallet client executables # ${destroot}${prefix}/bin already exists xinstall -m 755 ${worksrcpath}/client/wallet \ ${worksrcpath}/client/wallet-rekey \ ${destroot}${prefix}/bin # Install the wallet client man pages xinstall -d ${destroot}${prefix}/share/man/man1 xinstall -m 644 ${worksrcpath}/client/wallet.1 \ ${worksrcpath}/client/wallet-rekey.1 \ ${destroot}${prefix}/share/man/man1 } # The Wallet server is entirely Perl, spawned by the remctl daemon. # TODO: Patch wallet remctl config files to use ${destroot}${prefix} subport wallet-server { # We can't use perl5.setup because it overrides alot of settings that # we need. #perl5.setup Wallet 1.003 platforms {darwin any} supported_archs noarch long_description-append The wallet server, run by remctld, maintains \ the database of object metadata and secure \ objects, and responds to requests from the \ wallet client. depends_lib-append port:p${perl5.major}-datetime \ port:p${perl5.major}-dbi \ port:p${perl5.major}-dbix-class \ port:p${perl5.major}-digest-md5 \ port:p${perl5.major}-sql-translator \ port:p${perl5.major}-timedate depends_build-append port:p${perl5.major}-crypt-generatepassword \ port:p${perl5.major}-datetime-format-sqlite # TODO: Tests have a Stanford-specific part, and a NetDB-verifier part, # which need to be disabled. # test.run yes # test.target check # We have our own destroot process, to install just server bits. destroot { # First, install common files from the distribution xinstall -d ${destroot}${prefix}/share/doc/${subport} xinstall -m 644 ${worksrcpath}/LICENSE \ ${worksrcpath}/NEWS \ ${worksrcpath}/README \ ${worksrcpath}/TODO \ ${destroot}${prefix}/share/doc/${subport} # If installing the server or kdc variants, make common directories # These are also created by wallet-kdc xinstall -d ${destroot}${prefix}/etc/remctl/acl xinstall -d ${destroot}${prefix}/etc/remctl/conf.d # Install a set of starter remctl ACLs and configurations # ${destroot}${prefix}/etc/remctl/acl is created above xinstall -m 644 ${worksrcpath}/config/wallet-report.acl \ ${destroot}${prefix}/etc/remctl/acl/wallet-report # ${destroot}${prefix}/etc/remctl/conf.d is created above xinstall -m 644 ${worksrcpath}/config/wallet \ ${destroot}${prefix}/etc/remctl/conf.d/wallet # Install the wallet server executables # ${destroot}${prefix}/sbin already exists xinstall -m 755 ${worksrcpath}/server/wallet-admin \ ${worksrcpath}/server/wallet-backend \ ${worksrcpath}/server/wallet-report \ ${destroot}${prefix}/sbin # Install the wallet server man pages # ${destroot}${prefix}/share/man/man8 already exists xinstall -m 644 ${worksrcpath}/server/wallet-admin.8 \ ${worksrcpath}/server/wallet-backend.8 \ ${worksrcpath}/server/wallet-report.8 \ ${destroot}${prefix}/share/man/man8 # Install protocol documentataion xinstall -m 644 {*}[glob ${worksrcpath}/docs/*] \ ${destroot}${prefix}/share/doc/${subport} # The Perl components of Wallet server are installed by a # Module::Build installer that is normally run by the Makefile. # PERL_INSTALL_ROOT is used to set the destroot path; we don't # set a prefix because that is already configured into MacPorts # Perl, and so Module::Build uses it automatically. system "env 'PERL_INSTALL_ROOT=${destroot}' '${perl5.bin}' '${worksrcpath}/perl/Build' 'install'" } # We have some post-activation setup that the user needs to do. notes-append " Before using the Wallet server, you will need to choose a database\ backend to use. MySQL, Postgres, and SQLite are known to work.\ Then you will need to install the p5-datetime-format-* and p5-dbd-*\ ports that match the database backend you chose. If you want to support getting keytabs through Wallet, then your KDC\ will need to have the wallet-kdc port installed. Other Perl modules may be required, depending on what you want to\ support. Read ${prefix}/share/doc/wallet/setup\ for additional server configuration instructions. Wallet server runs via remctl, so be sure that remctld is running,\ and is configured correctly! " } # wallet-kdc just installs a couple of helper files that a Kerberos 5 KDC # can use to generate unchanging keytabs for a Wallet server. # TODO: Patch keytab and wallet remctl config files to use ${destroot}${prefix} subport wallet-kdc { platforms any supported_archs noarch long_description-append This port contains a remctl script, to be \ run on the Kerberos 5 KDC, that will generate \ keytabs at the request of a Wallet server. This \ variant is only meant to be installed on a KDC, \ and does not include Wallet server or client. # We have our own destroot process, to install just KDC bits. destroot { # First, install common files from the distribution xinstall -d ${destroot}${prefix}/share/doc/${subport} xinstall -m 644 ${worksrcpath}/LICENSE \ ${worksrcpath}/NEWS \ ${worksrcpath}/README \ ${worksrcpath}/TODO \ ${destroot}${prefix}/share/doc/${subport} # Create some common directories. # (These are also created by wallet-server) xinstall -d ${destroot}${prefix}/etc/remctl/acl xinstall -d ${destroot}${prefix}/etc/remctl/conf.d # Install a stub KDC ACL that keytab-backend will use xinstall -d ${destroot}${prefix}/etc/krb5kdc xinstall -m 640 ${worksrcpath}/config/allow-extract \ ${destroot}${prefix}/etc/krb5kdc/allow-extract # Install example remctl ACLs and configurations # ${destroot}${prefix}/etc/remctl/acl is created above xinstall -m 644 ${worksrcpath}/config/keytab.acl \ ${destroot}${prefix}/etc/remctl/acl/keytab # ${destroot}${prefix}/etc/remctl/conf.d is created above xinstall -m 644 ${worksrcpath}/config/keytab \ ${destroot}${prefix}/etc/remctl/conf.d/keytab # Install the keytab-backend executable # ${destroot}${prefix}/sbin already exists xinstall -m 755 ${worksrcpath}/server/keytab-backend \ ${destroot}${prefix}/sbin # Install the keytab-backend man page # ${destroot}${prefix}/share/man/man8 already exists xinstall -m 644 ${worksrcpath}/server/keytab-backend.8 \ ${destroot}${prefix}/share/man/man8/keytab-backend.8 } # We have some post-activation setup that the user needs to do. notes-append " To configure your KDC to generate keytabs for the Wallet server,\ you will need to configure etc/krb5kdc/allow-extract, as well as\ /etc/remctl/acl/keytab. This uses remctl, so remctld must also\ be running and configured properly. " }