Import hitch-1.2.0 as security/hitch (based on wip/hitch).

Hitch is a libev-based high performance SSL/TLS proxy by Varnish
Software.

9 files changed, 196 insertions, 0 deletions

diff --git a/security/hitch/DESCR b/security/hitch/DESCR
new file mode 100644
index 00000000000..91887668d50
--- /dev/null
+++ b/security/hitch/DESCR
@@ -0,0 +1,2 @@
+Hitch is a libev-based high performance SSL/TLS proxy by Varnish
+Software.
diff --git a/security/hitch/MESSAGE b/security/hitch/MESSAGE
new file mode 100644
index 00000000000..a36ee0458ca
--- /dev/null
+++ b/security/hitch/MESSAGE
@@ -0,0 +1,10 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2016/05/25 20:15:35 fhajny Exp $
+
+Make sure the following PEM file contains the private key, certificate
+and any intermediate CA certificates, or reconfigure the location
+in hitch.conf:
+
+  ${HITCH_CERTS}
+
+===========================================================================
diff --git a/security/hitch/Makefile b/security/hitch/Makefile
new file mode 100644
index 00000000000..853e7d812bb
--- /dev/null
+++ b/security/hitch/Makefile
@@ -0,0 +1,58 @@
+# $NetBSD: Makefile,v 1.1 2016/05/25 20:15:35 fhajny Exp $
+
+DISTNAME=	hitch-1.2.0
+CATEGORIES=	security
+MASTER_SITES=	https://hitch-tls.org/source/
+
+MAINTAINER=	filip@joyent.com
+HOMEPAGE=	https://hitch-tls.org/
+COMMENT=	High performance SSL/TLS proxy
+LICENSE=	2-clause-bsd
+
+BUILD_DEPENDS+=	${PYPKGPREFIX}-docutils-[0-9]*:../../textproc/py-docutils
+
+GNU_CONFIGURE=	yes
+USE_TOOLS+=	pkg-config
+
+.include "../../mk/bsd.prefs.mk"
+
+CONFIGURE_ARGS+=	--with-rst2man=${PREFIX}/bin/rst2man.py${PYVERSSUFFIX}
+
+CPPFLAGS.SunOS+=	-D__EXTENSIONS__
+LIBS.SunOS+=		-lsocket
+
+BUILD_DEFS+=		HITCH_USER HITCH_GROUP HITCH_CERTS
+
+HITCH_USER?=		hitch
+HITCH_GROUP?=		hitch
+HITCH_CERTS?=		${PKG_SYSCONFDIR}/certs.pem
+
+PKG_GROUPS+=		${HITCH_GROUP}
+PKG_USERS+=		${HITCH_USER}:${HITCH_GROUP}
+PKG_GECOS.${HITCH_USER}=hitch daemon user
+
+RCD_SCRIPTS=		hitch
+
+MESSAGE_SUBST+=		HITCH_CERTS=${HITCH_CERTS}
+
+SUBST_CLASSES+=		dir
+SUBST_STAGE.dir=	pre-configure
+SUBST_FILES.dir=	hitch.conf.ex
+SUBST_VARS.dir=		HITCH_USER HITCH_GROUP HITCH_CERTS
+SUBST_MESSAGE.dir=	Setting default configuration values
+
+PKG_SYSCONFSUBDIR=	hitch
+CONF_FILES+=		share/examples/hitch/hitch.conf.ex \
+			${PKG_SYSCONFDIR}/hitch.conf
+
+INSTALLATION_DIRS+=	share/examples/hitch
+
+post-install:
+	${MV} ${DESTDIR}${PREFIX}/share/doc/hitch/hitch.conf.ex \
+		${DESTDIR}${PREFIX}/share/examples/hitch
+
+PYTHON_FOR_BUILD_ONLY=	yes
+.include "../../lang/python/pyversion.mk"
+.include "../../devel/libev/buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/hitch/PLIST b/security/hitch/PLIST
new file mode 100644
index 00000000000..b5958dbc919
--- /dev/null
+++ b/security/hitch/PLIST
@@ -0,0 +1,6 @@
+@comment $NetBSD: PLIST,v 1.1 2016/05/25 20:15:35 fhajny Exp $
+man/man8/hitch.8
+sbin/hitch
+share/doc/hitch/CHANGES.rst
+share/doc/hitch/README.md
+share/examples/hitch/hitch.conf.ex
diff --git a/security/hitch/distinfo b/security/hitch/distinfo
new file mode 100644
index 00000000000..91687cc7e8c
--- /dev/null
+++ b/security/hitch/distinfo
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1 2016/05/25 20:15:35 fhajny Exp $
+
+SHA1 (hitch-1.2.0.tar.gz) = 9a5b2f3eee59892c36f45b4f50e201f2937f04a3
+RMD160 (hitch-1.2.0.tar.gz) = 029b22cf45b5d76819e197df7609afcbd2c35b02
+SHA512 (hitch-1.2.0.tar.gz) = e214d305e49dbd3bb4b741a094d50978f867e97bcd24e2775ce8a1ac450f6607fd638b801c9b41db0d7a22bda56b212a7e9eef053c2ce194f690f27301bd1f98
+Size (hitch-1.2.0.tar.gz) = 238079 bytes
+SHA1 (patch-hitch.conf.ex) = 6a97612d3817928a6e1d54bc98d2680dadce0b41
+SHA1 (patch-src_hitch.c) = f16c5010a704291fd1c986b73bb987fd92148616
diff --git a/security/hitch/files/hitch.sh b/security/hitch/files/hitch.sh
new file mode 100644
index 00000000000..9d76a1f7380
--- /dev/null
+++ b/security/hitch/files/hitch.sh
@@ -0,0 +1,18 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: hitch.sh,v 1.1 2016/05/25 20:15:35 fhajny Exp $
+#
+
+# PROVIDE: hitch
+# REQUIRE: LOGIN
+
+. /etc/rc.subr
+
+name="hitch"
+rcvar=$name
+command="@PREFIX@/sbin/hitch"
+command_args="--config=@PKG_SYSCONFDIR@/hitch.conf"
+required_files="@PKG_SYSCONFDIR@/hitch.conf"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/security/hitch/files/smf/manifest.xml b/security/hitch/files/smf/manifest.xml
new file mode 100644
index 00000000000..795995f3858
--- /dev/null
+++ b/security/hitch/files/smf/manifest.xml
@@ -0,0 +1,29 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='@SMF_NAME@'>
+  <service name='@SMF_PREFIX@/@SMF_NAME@' type='service' version='1'>
+    <create_default_instance enabled='false' />
+    <single_instance />
+    <dependency name='network' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/milestone/network:default' />
+    </dependency>
+    <dependency name='filesystem' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local' />
+    </dependency>
+    <exec_method type='method' name='start' exec='@PREFIX@/sbin/hitch --config=%{config_file}' timeout_seconds='60' />
+    <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' />
+    <property_group name='startd' type='framework'>
+      <propval name='duration' type='astring' value='contract' />
+      <propval name='ignore_error' type='astring' value='core,signal' />
+    </property_group>
+    <property_group name='application' type='application'>
+      <propval name='config_file' type='astring' value='@PKG_SYSCONFDIR@/hitch.conf' />
+    </property_group>
+    <stability value='Evolving' />
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>Hitch Daemon</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>
diff --git a/security/hitch/patches/patch-hitch.conf.ex b/security/hitch/patches/patch-hitch.conf.ex
new file mode 100644
index 00000000000..6bd02272e39
--- /dev/null
+++ b/security/hitch/patches/patch-hitch.conf.ex
@@ -0,0 +1,48 @@
+$NetBSD: patch-hitch.conf.ex,v 1.1 2016/05/25 20:15:35 fhajny Exp $
+
+Sane default options.
+
+--- hitch.conf.ex.orig	2016-03-18 17:55:17.000000000 +0000
++++ hitch.conf.ex
+@@ -43,7 +43,7 @@ backend = "[127.0.0.1]:6081"
+ # only available for a specific listen endpoint.
+ #
+ # type: string
+-pem-file = ""
++pem-file = "@HITCH_CERTS@"
+ 
+ # SSL protocol.
+ #
+@@ -94,12 +94,12 @@ chroot = ""
+ # Set uid after binding a socket
+ #
+ # type: string
+-user = ""
++user = "@HITCH_USER@"
+ 
+ # Set gid after binding a socket
+ #
+ # type: string
+-group = ""
++group = "@HITCH_GROUP@"
+ 
+ # Quiet execution, report only error messages
+ #
+@@ -109,7 +109,7 @@ quiet = off
+ # Use syslog for logging
+ #
+ # type: boolean
+-syslog = off
++syslog = on
+ 
+ # Syslog facility to use
+ #
+@@ -119,7 +119,7 @@ syslog-facility = "daemon"
+ # Run as daemon
+ #
+ # type: boolean
+-daemon = off
++daemon = on
+ 
+ # Report client address by writing IP before sending data
+ #
diff --git a/security/hitch/patches/patch-src_hitch.c b/security/hitch/patches/patch-src_hitch.c
new file mode 100644
index 00000000000..268894d48fb
--- /dev/null
+++ b/security/hitch/patches/patch-src_hitch.c
@@ -0,0 +1,17 @@
+$NetBSD: patch-src_hitch.c,v 1.1 2016/05/25 20:15:35 fhajny Exp $
+
+Need sys/filio on SunOS for FIONBIO.
+
+--- src/hitch.c.orig	2016-01-26 14:58:56.000000000 +0000
++++ src/hitch.c
+@@ -77,6 +77,10 @@
+ #include <sys/prctl.h>
+ #endif
+ 
++#ifdef __sun
++#include <sys/filio.h>
++#endif
++
+ #include "uthash.h"
+ #include "ringbuffer.h"
+ #include "miniobj.h"