testing/sentinel-minipot: new aport

testing/sentinel-minipot/APKBUILD

@@ -0,0 +1,70 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
+pkgname=sentinel-minipot
+pkgver=2.3.0
+pkgrel=0
+pkgdesc="A minimal honeypot that emulates Telnet, HTTP, FTP and SMTP"
+url="https://gitlab.nic.cz/turris/sentinel/minipot"
+# ppc64le: fails to build
+# s390x: blocked by logc-libs
+arch="all !ppc64le !s390x"
+license="GPL-3.0-or-later"
+makedepends="
+	argp-standalone
+	autoconf
+	automake
+	base64c-dev
+	czmq-dev
+	gperf
+	libevent-dev
+	logc-dev
+	logc-libs-dev
+	msgpack-c-dev
+	"
+checkdepends="check-dev"
+install="$pkgname.pre-install"
+subpackages="$pkgname-openrc"
+source="https://gitlab.nic.cz/turris/sentinel/minipot/-/archive/v$pkgver/minipot-v$pkgver.tar.bz2
+	fix-configure-msgpack-c.patch
+	no-valgrind.patch
+	$pkgname.initd
+	$pkgname.confd
+	"
+builddir="$srcdir/minipot-v$pkgver"
+
+prepare() {
+	default_prepare
+
+	./bootstrap
+}
+
+build() {
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--localstatedir=/var \
+		--enable-tests
+	make
+}
+
+check() {
+	make check
+}
+
+package() {
+	make DESTDIR="$pkgdir" install
+
+	install -D -m755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -D -m644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+}
+
+sha512sums="
+4f442240d413bdad2f6bddf5ef581c410f03842a4b50685be2e7d1d3686811a7644fd0787c26ee31cb99a0997f2867ed1375a6e3f2a2ede09bd5e9217fbe84d6  minipot-v2.3.0.tar.bz2
+f9e127570d256ee9ce7f9f3d28a66cecfde2e0c9d068b68ea99599b0e3e74fb944311b3f69b28fea8f0b7c86ccba7094888f5310dbceb7ad44bf110b56060161  fix-configure-msgpack-c.patch
+8b133216fa6d97d31105ecfecd3ffb3135c65e771c23968af1d186c6589fd3b31ea1866ed3d9bed34034b01f7322518fa4086503d3b12a0b3f8c21479ee46900  no-valgrind.patch
+846e6c30949590026069df19b583847bc1f94d7190d6dd334ca7ae469323b63f94c82a8ff79b757618e656e5a12fa4b51fe25c6dae3344f8ee0eccaa7ffa324e  sentinel-minipot.initd
+2cbdfc997d2f85ef6d24af2b4ce1aa7e01aebcb7e8fddc98d8b2401cba5138898e1668f4018c2609dbe88e35bbb1c1a61a9d3602e6f438e494706651f1ae4418  sentinel-minipot.confd
+"

testing/sentinel-minipot/fix-configure-msgpack-c.patch

@@ -0,0 +1,7 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -16,3 +16,3 @@
+ PKG_CHECK_MODULES([czmq], [libczmq])
+-PKG_CHECK_MODULES([msgpack], [msgpack])
++PKG_CHECK_MODULES([msgpack], [msgpack-c])
+ PKG_CHECK_MODULES([libevent], [libevent])

testing/sentinel-minipot/no-valgrind.patch

@@ -0,0 +1,26 @@
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -8,23 +8,6 @@
+ 	env AM_TAP_AWK='$(AWK)' TEST_OUTPUT_TAP="/dev/stdout" \
+ 	'$(SHELL)' '$(srcdir)/.aux/tap-driver.sh'
+ 
+-# Valgrind #######################################################################
+-VALGRIND_memcheck_FLAGS = \
+-	--leak-check=full \
+-	--show-leak-kinds=definite,indirect,possible \
+-	--track-fds=yes \
+-	--track-origins=yes \
+-	--trace-children=no \
+-	--child-silent-after-fork=yes
+-@VALGRIND_CHECK_RULES@
+-
+-# Rules generated for valgrind are for some reason called *-am. This is just an alias
+-check-valgrind: check-valgrind-am
+-define check_valgrind_rule
+-check-valgrind-$(1): check-valgrind-$(1)-am
+-endef
+-$(foreach tool,$(valgrind_tools),$(eval $(call check_valgrind_rule,$(tool))))
+-
+ # Coverage #######################################################################
+ CODE_COVERAGE_LCOV_OPTIONS := --no-external
+ CODE_COVERAGE_GENHTML_OPTIONS := --prefix $(dir $(abs_top_builddir))

testing/sentinel-minipot/sentinel-minipot.confd

@@ -0,0 +1,38 @@
+# Configuration for /etc/init.d/sentinel-minipot
+
+# MQTT topic for later communication of Sentinel proxy with server.
+# Default is "sentinel/collect/minipot".
+#mqtt_topic=
+
+# Local ZMQ socket for interprocess communication with Sentinel proxy.
+#sentinel_socket="ipc:///run/sentinel_pull.sock"
+
+# Whether to send logs to syslog.
+#syslog=yes
+
+# Send logs to provided file.
+#logfile=
+
+# Log verbosity level. Default is "notice".
+# Options: critical, error, warning, notice, info, debug, trace.
+#loglevel=
+
+# User (and group) to run as.
+#command_user="sentinel-minipot"
+
+# Allow to listen on privileged ports.
+capabilities="^cap_net_bind_service"
+
+## At least one of the following must be set:
+
+# Port for FTP minipot.
+#ftp_port=
+
+# Port for HTTP minipot.
+#http_port=
+
+# Port for SMTP minipot.
+smtp_port=25
+
+# Port for Telnet minipot.
+#telnet_port=

testing/sentinel-minipot/sentinel-minipot.initd

@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+
+name="Sentinel-minipot"
+description="A minimal honeypot that emulates Telnet, HTTP, FTP and SMTP network services"
+
+: ${command_user:="sentinel-minipot"}
+: ${sentinel_socket="ipc:///run/sentinel_pull.sock"}
+: ${syslog:="yes"}
+
+command="/usr/bin/sentinel-minipot"
+command_args="
+	${ftp_port:+"--ftp=$ftp_port"}
+	${http_port:+"--http=$http_port"}
+	${smtp_port:+"--smtp=$smtp_port"}
+	${telnet_port:+"--telnet=$telnet_port"}
+	${mqtt_topic:+"--topic=$mqtt_topic"}
+	${sentinel_socket:+"--socket=$sentinel_socket"}
+	${logfile:+"--log-file=$logfile"}
+	${loglevel:+"--log-level=$loglevel"}
+	$command_args
+	"
+command_background="yes"
+pidfile="/run/$RC_SVCNAME.pid"
+
+depend() {
+	need net
+	use sentinel-proxy
+	after firewall
+}
+
+start_pre() {
+	yesno "${syslog-}" && command_args="$command_args --syslog"
+
+	if [ "${logfile-}" ]; then
+		checkpath -f -m 640 -o "$command_user" "$logfile" || return 1
+	fi
+}

testing/sentinel-minipot/sentinel-minipot.pre-install

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+adduser -S -D -H -h /dev/null -s /sbin/nologin -G nogroup -g sentinel-minipot sentinel-minipot 2>/dev/null
+
+exit 0