testing/tang: new aport

Server for binding data to network presence
https://github.com/latchset/tang

testing/tang/APKBUILD

@@ -0,0 +1,56 @@
+# Contributor: Michał Polański <michal@polanski.me>
+# Maintainer: Michał Polański <michal@polanski.me>
+pkgname=tang
+pkgver=11
+pkgrel=0
+pkgdesc="Server for binding data to network presence"
+url="https://github.com/latchset/tang"
+license="GPL-3.0-or-later"
+arch="all"
+depends="jose"
+makedepends="asciidoc meson http-parser-dev jose-dev"
+subpackages="$pkgname-dbg $pkgname-doc $pkgname-openrc"
+install="$pkgname.pre-install"
+source="https://github.com/latchset/tang/archive/v$pkgver/tang-$pkgver.tar.gz
+	$pkgname.initd
+	tangd-wrapper
+	man-pages.patch
+	"
+
+prepare() {
+	default_prepare
+
+	# conform to FHS
+	find . -type f -exec sed -i 's|/var/db/tang|/var/lib/tang|g' {} \;
+}
+
+build() {
+	abuild-meson . output
+	meson compile ${JOBS:+-j ${JOBS}} -C output
+}
+
+check() {
+	meson test --no-rebuild -v -C output
+}
+
+package() {
+	DESTDIR="$pkgdir" meson install --no-rebuild -C output
+
+	install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -Dm755 "$srcdir"/tangd-wrapper -t "$pkgdir"/usr/libexec/
+
+	rm -r "$pkgdir"/usr/lib/systemd
+}
+
+openrc() {
+	default_openrc
+
+	depends="socat"
+}
+
+sha512sums="
+a1115c7192224f2d09d026776768b4247632333ad152f2cb700567404ff33a220dc1280e4f588c6408775c4b9dc5049b5601bbee6336c8ff7f39ec6f28e26599  tang-11.tar.gz
+b91085ab94e0f2b884ea2aa5a9ca966b4532426996f170cc78b903f4ed7b729f82dbbad9d0b9106ee74e287d38421f5eb409d1ab61cb96278cdec73fae82c44b  tang.initd
+d32a0da3ab91a42e6c2b2ebf00e9e4b7c95c329a0d13cc30a373c4b387d69e6ff62280d89b57b3c8809e57de953fb4abc9735ad6cad1d347ba6b64b500335d01  tangd-wrapper
+5fabfcb62db2c40c171f0059a34165faae40c3c08a2631a1b2b1e15ef2bc5bd090f612622641af16d30cc01a971265bd9010f125cce254c628067c48312e382d  man-pages.patch
+"

testing/tang/man-pages.patch

@@ -0,0 +1,20 @@
+diff --git a/doc/tang.8.adoc b/doc/tang.8.adoc
+index 3031a13..36105bb 100644
+--- a/doc/tang.8.adoc
++++ b/doc/tang.8.adoc
+@@ -40,13 +40,8 @@ protocol, see the Tang project's homepage.
+ 
+ Getting a Tang server up and running is simple:
+ 
+-ifdef::freebsd[]
+-    $ sudo service tangd enable
+-    $ sudo service tangd start
+-endif::[]
+-ifndef::freebsd[]
+-    $ sudo systemctl enable tangd.socket --now
+-endif::[]
++    $ doas rc-update add tang
++    $ doas service tang start
+ 
+ That's it. The server is now running with a fresh set of cryptographic keys
+ and will automatically start on the next reboot.

testing/tang/tang.initd

@@ -0,0 +1,27 @@
+#!/sbin/openrc-run
+
+name="Tang server"
+description="Server for binding data to network presence"
+
+: ${tang_port:="7500"}
+: ${tang_address:="127.0.0.1"}
+: ${socat_address:="tcp-listen:$tang_port,bind=$tang_address,fork"}
+
+command="/usr/bin/socat"
+command_user="tang:tang"
+command_args="$socat_address exec:/usr/libexec/tangd-wrapper"
+command_background="yes"
+
+extra_commands="rotate_keys"
+description_rotate_keys="Perform rotation of tang keys"
+pidfile="/run/$RC_SVCNAME.pid"
+
+rotate_keys() {
+	ebegin "Performing rotation of tang keys"
+	su ${command_user%:*} -s /bin/sh -c "/usr/libexec/tangd-rotate-keys -d /var/lib/tang"
+	eend $?
+}
+
+start_pre() {
+	checkpath -d -m 0750 -o $command_user /var/lib/tang
+}

testing/tang/tang.pre-install

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+user=tang
+group=tang
+gecos="Tang server"
+
+addgroup -S $group 2>/dev/null
+adduser -S -D -H -h /var/lib/$user -s /sbin/nologin -G $group -g "$gecos" $user 2>/dev/null
+
+exit 0

testing/tang/tangd-wrapper

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# pipe stderr to logger and leave stdin/stdout unaffected
+{ /usr/libexec/tangd /var/lib/tang 2>&1 >&3 3>&- | logger -t tangd -p daemon.info 3>&-; } 3>&1