app-crypt/tang: initial import

Signed-off-by: Julien Roy <julien@jroy.ca>

5 files changed, 83 insertions, 0 deletions

diff --git a/app-crypt/tang/Manifest b/app-crypt/tang/Manifest
new file mode 100644
index 000000000..c79d202ff
--- /dev/null
+++ b/app-crypt/tang/Manifest
@@ -0,0 +1 @@
+DIST tang-11.tar.gz 38502 BLAKE2B cc440780eda3aa2ded7dfa6bea62794c2f08d3c7e89573c4002d5f2644f5cd809357400031c9df94f5128fb24e3e038a56f3df14f8f7762c071404fdb7b62444 SHA512 a1115c7192224f2d09d026776768b4247632333ad152f2cb700567404ff33a220dc1280e4f588c6408775c4b9dc5049b5601bbee6336c8ff7f39ec6f28e26599
diff --git a/app-crypt/tang/files/tangd.initd b/app-crypt/tang/files/tangd.initd
new file mode 100644
index 000000000..4b7e42991
--- /dev/null
+++ b/app-crypt/tang/files/tangd.initd
@@ -0,0 +1,16 @@
+#!/sbin/openrc-run
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+port=8888
+bind=0.0.0.0
+tangd=/usr/libexec/tangd
+tangdir=/var/db/tang
+
+name="tang daemon"
+description="Tang binding daemon"
+command=/usr/bin/socat
+pidfile="/var/run/${RC_SVCNAME}.pid"
+command_user="tang"
+command_args="TCP-LISTEN:${port},bind=${bind},fork SYSTEM:'${tangd} ${tangdir}'"
+command_background=true
diff --git a/app-crypt/tang/files/tangd.service b/app-crypt/tang/files/tangd.service
new file mode 100644
index 000000000..59625d974
--- /dev/null
+++ b/app-crypt/tang/files/tangd.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Tang Server
+
+[Service]
+ExecStart=/usr/bin/socat TCP-LISTEN:8888,bind=0.0.0.0,fork SYSTEM:'/usr/libexec/tangd /var/db/tang'
+User=tang
diff --git a/app-crypt/tang/metadata.xml b/app-crypt/tang/metadata.xml
new file mode 100644
index 000000000..97ba7c28b
--- /dev/null
+++ b/app-crypt/tang/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>julien@jroy.ca</email>
+		<name>Julien Roy</name>
+	</maintainer>
+</pkgmetadata>
diff --git a/app-crypt/tang/tang-11.ebuild b/app-crypt/tang/tang-11.ebuild
new file mode 100644
index 000000000..94b1883d7
--- /dev/null
+++ b/app-crypt/tang/tang-11.ebuild
@@ -0,0 +1,52 @@
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit meson
+
+DESCRIPTION="Tang binding daemon"
+HOMEPAGE="https://github.com/latchset/tang"
+SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="systemd"
+
+DEPEND="acct-user/tang
+	app-text/asciidoc
+	net-misc/socat
+	>=net-libs/http-parser-2.8.0
+	>=dev-libs/jose-8"
+RDEPEND="${DEPEND}"
+BDEPEND=""
+
+src_install(){
+	meson_install
+	newinitd "${FILESDIR}"/tangd.initd tangd
+
+	dodir /var/db/tang
+	keepdir /var/db/tang
+	fowners tang:tang /var/db/tang
+	fperms 770 /var/db/tang
+
+	if use systemd; then
+		insinto /usr/lib/systemd/system
+		doins ${FILESDIR}/tangd.service
+	fi
+}
+
+pkg_postinst(){
+	einfo "By default, tang runs on port 8888 and listens on address 0.0.0.0"
+	einfo "It also stores JWKs in /var/db/tang."
+	if use systemd; then
+		einfo "If you want to change this, modify /usr/lib/systemd/system/tangd.service directly."
+	else
+		einfo "If you want to change this, modify /etc/init.d/tangd directly."
+	fi
+
+	if use systemd; then
+		systemctl daemon-reload
+	fi
+}