Attachment #256745 for bug #283954




PORTNAME=	kadnode
DISTVERSIONPREFIX=	v
DISTVERSION=	2.4.1
PORTREVISION=	5
CATEGORIES=	dns

MAINTAINER=	moritzwarning@web.de
COMMENT=	P2P name resolution daemon
WWW=		https://github.com/mwarning/KadNode/

LICENSE=	MIT
LICENSE_FILE=	${WRKSRC}/LICENSE

MAKE_ENV=	FEATURES="${FEATURES}"
SUB_FILES=	kadnode.conf

OPTIONS_DEFINE=		AUTH CMD DEBUG DNS LPD NATPMP NSS UPNP
OPTIONS_DEFAULT=	AUTH CMD LPD NSS
OPTIONS_SUB=	yes


NSS_DESC=	Name Service Switch support to intercept host queries
UPNP_DESC=	UPnP support (remote port forwarding on the router)

AUTH_LIB_DEPENDS=	libmbedtls.so:security/mbedtls3
AUTH_USES=		localbase:ldflags
AUTH_VARS=		FEATURES+="bob tls"

CMD_VARS=		FEATURES+="cmd"

DEBUG_VARS=		FEATURES+="debug"

DNS_VARS=		FEATURES+="dns"

LPD_VARS=		FEATURES+="lpd"

NATPMP_LIB_DEPENDS=	libnatpmp.so:net/libnatpmp
NATPMP_VARS=		FEATURES+="natpmp"

NSS_VARS=		FEATURES+="nss"

UPNP_LIB_DEPENDS=	libminiupnpc.so:net/miniupnpc
UPNP_VARS=		FEATURES+="upnp"


	${INSTALL_DATA} ${WRKDIR}/kadnode.conf \
		${STAGEDIR}${ETCDIR}/kadnode.conf.sample
	${INSTALL_MAN} ${WRKSRC}/misc/manpage \
		${STAGEDIR}${MANDIRS}/man1/kadnode.1

do-install-NSS-on:
	${INSTALL_LIB} ${WRKSRC}/build/libnss_kadnode.so \
		${STAGEDIR}${PREFIX}/lib/nss_kadnode.so.1
	${RLN} ${STAGEDIR}${PREFIX}/lib/nss_kadnode.so.1 \
		${STAGEDIR}${PREFIX}/lib/nss_kadnode.so

.include <bsd.port.options.mk>

.if ${PORT_OPTIONS:MAUTH}
DEPRECATED=	Depends on expired security/mbedtls2
EXPIRATION_DATE=2025-03-31
.endif

.include <bsd.port.mk>

Lines 1-3 Link Here

(-)b/dns/kadnode/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1581337724	1	TIMESTAMP = 1737080240
2	SHA256 (mwarning-KadNode-v2.3.0_GH0.tar.gz) = abb2ca66fb525fab53157d5486bbb43e3a522a4bdc9280a3dcb8cb403ee08583	2	SHA256 (mwarning-KadNode-v2.4.1_GH0.tar.gz) = 748c8917134ad9c127f05a32369aa5726482c9de98d71ef5e722b2a9d588a5e9
3	SIZE (mwarning-KadNode-v2.3.0_GH0.tar.gz) = 450082	3	SIZE (mwarning-KadNode-v2.4.1_GH0.tar.gz) = 464380




# --tls-server-cert mydomain.crt,mydomain.key
# The domain in the Common Name field of the certificate will be announced.
#
# For domain lookup, we need to provide appropriate CA certificates.
# Try various locations:
--tls-client-cert /usr/share/certs/trusted

# As an alternative, create a secret/public key via 'kadnode --bob-create-key'
# and load the secret keys as PEM file:
# --bob-load-key <secret-key-pem-file>
#
# Other nodes can use <public-key>.p2p in the browser to resolve the node.

# Enable DNS proxy behavior. Reads /etc/resolv.conf by default.
# --dns-proxy-enable

# --dns-proxy-server <IP-address>

# Disable UPnP/NAT-PMP support
# --fwd-disable

# Disable multicast peer discovery
# --lpd-disable

Lines 12-19 rcvar=kadnode_enable Link Here

(-)b/dns/kadnode/files/kadnode.in (-1 / +3 lines)
12		12
13	pidfile="/var/run/kadnode.pid"	13	pidfile="/var/run/kadnode.pid"
14	required_files="%%PREFIX%%/etc/kadnode/kadnode.conf"	14	required_files="%%PREFIX%%/etc/kadnode/kadnode.conf"
		15	configfile="%%PREFIX%%/etc/kadnode/kadnode.conf"
15	command="%%PREFIX%%/bin/kadnode"	16	command="%%PREFIX%%/bin/kadnode"
16	command_args="--config %%PREFIX%%/etc/kadnode/kadnode.conf --pidfile $pidfile --daemon"	17
		18	command_args="--config $configfile --pidfile $pidfile --daemon"
17		19
18	load_rc_config $name	20	load_rc_config $name
19	: ${kadnode_enable:=yes}	21	: ${kadnode_enable:=yes}

Removed Link Here

(-)a/dns/kadnode/files/patch-src_peerfile.c (-10 lines)
1	--- src/peerfile.c.orig 2020-02-09 21:48:57 UTC
2	+++ src/peerfile.c
3	@@ -4,6 +4,7 @@
4	#include <string.h>
5	#include <errno.h>
6	#include <netdb.h>
7	+#include <sys/socket.h>
8
9	#include "main.h"
10	#include "conf.h"




--- src/upnp.c.orig	2020-02-09 21:48:57 UTC
+++ src/upnp.c
@@ -134,8 +134,13 @@ int upnp_handler(struct upnp_handle_t *handle, uint16_
 			handle->retry = now + (10 * 60);
 			handle->state = UPNP_STATE_DISCOVER_GATEWAY;
 			return PF_RETRY;
+#if (MINIUPNPC_API_VERSION >= 18)
 		} else if (UPNP_GetValidIGD(devlist, &handle->urls, &handle->data,
+				handle->addr, sizeof(handle->addr), NULL, 0) == 1) {
+#else
+		} else if (UPNP_GetValidIGD(devlist, &handle->urls, &handle->data,
 				handle->addr, sizeof(handle->addr)) == 1) {
+#endif                  
 			freeUPNPDevlist(devlist);
 			log_info("UPnP: Found gateway device \"%s\".", handle->urls.controlURL);
 			handle->state = UPNP_STATE_GET_PORTMAPPING;




KadNode finds the IP address of other instances on the Internet or local
network. It is used like DNS, but is based on the decentralized BitTorrent
network.

KadNode intercepts .p2p domain queries on the systems level and resolves them
using a decentralized Kademlia DHT network. Additionally, TLS authentication can
be used to make sure the correct IP address was found. If successful, the IP
address is passed to the application making the request.

Features:

* Support for two kinds of domains:
**  public key domains as <public-key>.p2p
***   No need to exchange any further keys/certificates
***   Uses secp256r1 ECC key pairs
**  named domains like yourdomain.com.p2p
***   Needs pre-shared certificates (self-signed root certificates or e.g.
      Let's Encrypt)
***   Uses TLS session handshake for authentication
* IPv4/IPv6 support
* UPnP/NAT-PMP support
* Local peer discovery
* Small size / ~100KB depending on features / ~50KB compressed
* Command line control program
* NSS support through /etc/nsswitch.conf
* DNS server interface and DNS proxy
**  Handles A (IPv4 address),AAAA (IPv6), and SRV requests
* Packages for ArchLinux, Debian, FreeBSD, MacOSX, OpenWrt, Windows
* Peer file import/export on startup/shutdown and every 24h
* Uses sha256 hash method




[
{ type: install
  message: <<EOM
In order to resolve domains using kadnode all over the system, add this
line to your /etc/nsswitch.conf:

hosts: files kadnode dns

If the hosts line already exists, just add kadnode before the dns entry.
EOM
}
]

Lines 2-7 bin/kadnode Link Here

(-)b/dns/kadnode/pkg-plist (-2 lines)
2	bin/kadnode-ctl	2	bin/kadnode-ctl
3	@sample %%ETCDIR%%/kadnode.conf.sample	3	@sample %%ETCDIR%%/kadnode.conf.sample
4	@sample %%ETCDIR%%/peers.txt.sample	4	@sample %%ETCDIR%%/peers.txt.sample
5	%%NSS%%lib/nss_kadnode.so
6	%%NSS%%lib/nss_kadnode.so.1	5	%%NSS%%lib/nss_kadnode.so.1
7	share/man/man1/kadnode.1.gz	6	share/man/man1/kadnode.1.gz
8	-

Return to bug 283954

Lines 1-12 Link Here

(-)b/dns/kadnode/Makefile (-24 / +7 lines)
1	PORTNAME= kadnode	1	PORTNAME= kadnode
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 2.3.0	3	DISTVERSION= 2.4.1
4	PORTREVISION= 5
5	CATEGORIES= dns	4	CATEGORIES= dns
6		5
7	MAINTAINER= moritzwarning@web.de	6	MAINTAINER= moritzwarning@web.de
8	COMMENT= P2P name resolution daemon	7	COMMENT= P2P name resolution daemon
9	WWW= https://github.com/mwarning/KadNode	8	WWW= https://github.com/mwarning/KadNode/
10		9
11	LICENSE= MIT	10	LICENSE= MIT
12	LICENSE_FILE= ${WRKSRC}/LICENSE	11	LICENSE_FILE= ${WRKSRC}/LICENSE
Lines 21-27 USE_RC_SUBR= kadnode Link Here
21	MAKE_ENV= FEATURES="${FEATURES}"	20	MAKE_ENV= FEATURES="${FEATURES}"
22	SUB_FILES= kadnode.conf	21	SUB_FILES= kadnode.conf
23		22
24	OPTIONS_DEFINE= AUTH CMD DEBUG DNS LPD NATPMP NSS UPNP	23	OPTIONS_DEFINE= AUTH CMD DEBUG DNS LPD NATPMP NSS UPNP
25	OPTIONS_DEFAULT= AUTH CMD LPD NSS	24	OPTIONS_DEFAULT= AUTH CMD LPD NSS
26	OPTIONS_SUB= yes	25	OPTIONS_SUB= yes
27		26
Lines 34-55 NATPMP_DESC= NAT-PMP support (remote port forwarding on the router) Link Here
34	NSS_DESC= Name Service Switch support to intercept host queries	33	NSS_DESC= Name Service Switch support to intercept host queries
35	UPNP_DESC= UPnP support (remote port forwarding on the router)	34	UPNP_DESC= UPnP support (remote port forwarding on the router)
36		35
37	AUTH_LIB_DEPENDS= libmbedtls.so:security/mbedtls2	36	AUTH_LIB_DEPENDS= libmbedtls.so:security/mbedtls3
		37	AUTH_USES= localbase:ldflags
38	AUTH_VARS= FEATURES+="bob tls"	38	AUTH_VARS= FEATURES+="bob tls"
39
40	CMD_VARS= FEATURES+="cmd"	39	CMD_VARS= FEATURES+="cmd"
41
42	DEBUG_VARS= FEATURES+="debug"	40	DEBUG_VARS= FEATURES+="debug"
43
44	DNS_VARS= FEATURES+="dns"	41	DNS_VARS= FEATURES+="dns"
45
46	LPD_VARS= FEATURES+="lpd"	42	LPD_VARS= FEATURES+="lpd"
47
48	NATPMP_LIB_DEPENDS= libnatpmp.so:net/libnatpmp	43	NATPMP_LIB_DEPENDS= libnatpmp.so:net/libnatpmp
49	NATPMP_VARS= FEATURES+="natpmp"	44	NATPMP_VARS= FEATURES+="natpmp"
50
51	NSS_VARS= FEATURES+="nss"	45	NSS_VARS= FEATURES+="nss"
52
53	UPNP_LIB_DEPENDS= libminiupnpc.so:net/miniupnpc	46	UPNP_LIB_DEPENDS= libminiupnpc.so:net/miniupnpc
54	UPNP_VARS= FEATURES+="upnp"	47	UPNP_VARS= FEATURES+="upnp"
55		48
Lines 62-80 do-install: Link Here
62	${INSTALL_DATA} ${WRKDIR}/kadnode.conf \	55	${INSTALL_DATA} ${WRKDIR}/kadnode.conf \
63	${STAGEDIR}${ETCDIR}/kadnode.conf.sample	56	${STAGEDIR}${ETCDIR}/kadnode.conf.sample
64	${INSTALL_MAN} ${WRKSRC}/misc/manpage \	57	${INSTALL_MAN} ${WRKSRC}/misc/manpage \
65	${STAGEDIR}${PREFIX}/share/man/man1/kadnode.1	58	${STAGEDIR}${MANDIRS}/man1/kadnode.1
66
67	do-install-NSS-on:	59	do-install-NSS-on:
68	${INSTALL_LIB} ${WRKSRC}/build/libnss_kadnode-2.0.so \	60	${INSTALL_LIB} ${WRKSRC}/build/libnss_kadnode.so \
69	${STAGEDIR}${PREFIX}/lib/nss_kadnode.so.1	61	${STAGEDIR}${PREFIX}/lib/nss_kadnode.so.1
70	${RLN} ${STAGEDIR}${PREFIX}/lib/nss_kadnode.so.1 \
71	${STAGEDIR}${PREFIX}/lib/nss_kadnode.so
72
73	.include <bsd.port.options.mk>
74
75	.if ${PORT_OPTIONS:MAUTH}
76	DEPRECATED= Depends on expired security/mbedtls2
77	EXPIRATION_DATE=2025-03-31
78	.endif
79		62
80	.include <bsd.port.mk>	63	.include <bsd.port.mk>

Lines 6-20 Link Here

(-)b/dns/kadnode/files/kadnode.conf.in (-4 / +4 lines)
6	# --tls-server-cert mydomain.crt,mydomain.key	6	# --tls-server-cert mydomain.crt,mydomain.key
7	# The domain in the Common Name field of the certificate will be announced.	7	# The domain in the Common Name field of the certificate will be announced.
8	#	8	#
9	# For domain lookup, we need to provide appropiate CA certificates.	9	# For domain lookup, we need to provide appropriate CA certificates.
10	# Try various locations:	10	# Try various locations:
11	--tls-client-cert %%LOCALBASE%%/share/certs	11	--tls-client-cert /usr/share/certs/trusted
12		12
13	# As an alternative, create a secret/public key via 'kadnode --bob-create-key'	13	# As an alternative, create a secret/public key via 'kadnode --bob-create-key'
14	# and load the secret keys as PEM file:	14	# and load the secret keys as PEM file:
15	# --bob-load-key <secret-key-pem-file>	15	# --bob-load-key <secret-key-pem-file>
16	#	16	#
17	# Other nodes can use <public-key-hex>.p2p in the browser to resolve the node.	17	# Other nodes can use <public-key>.p2p in the browser to resolve the node.
18		18
19	# Enable DNS proxy behavior. Reads /etc/resolv.conf by default.	19	# Enable DNS proxy behavior. Reads /etc/resolv.conf by default.
20	# --dns-proxy-enable	20	# --dns-proxy-enable
Lines 23-29 Link Here
23	# --dns-proxy-server <IP-address>	23	# --dns-proxy-server <IP-address>
24		24
25	# Disable UPnP/NAT-PMP support	25	# Disable UPnP/NAT-PMP support
26	# --disable-forwarding	26	# --fwd-disable
27		27
28	# Disable multicast peer discovery	28	# Disable multicast peer discovery
29	# --lpd-disable	29	# --lpd-disable

Removed Link Here

(-)a/dns/kadnode/files/patch-src_upnp.c (-16 lines)
1	--- src/upnp.c.orig 2020-02-09 21:48:57 UTC
2	+++ src/upnp.c
3	@@ -134,8 +134,13 @@ int upnp_handler(struct upnp_handle_t *handle, uint16_
4	handle->retry = now + (10 * 60);
5	handle->state = UPNP_STATE_DISCOVER_GATEWAY;
6	return PF_RETRY;
7	+#if (MINIUPNPC_API_VERSION >= 18)
8	} else if (UPNP_GetValidIGD(devlist, &handle->urls, &handle->data,
9	+ handle->addr, sizeof(handle->addr), NULL, 0) == 1) {
10	+#else
11	+ } else if (UPNP_GetValidIGD(devlist, &handle->urls, &handle->data,
12	handle->addr, sizeof(handle->addr)) == 1) {
13	+#endif
14	freeUPNPDevlist(devlist);
15	log_info("UPnP: Found gateway device \"%s\".", handle->urls.controlURL);
16	handle->state = UPNP_STATE_GET_PORTMAPPING;

Lines 1-3 Link Here

(-)b/dns/kadnode/pkg-descr (-3 / +30 lines)
1	KadNode is a small decentralized DNS resolver that can use existing	1	KadNode finds the IP address of other instances on the Internet or local
2	public key infrastructures. It utilizes the BitTorrent P2P network	2	network. It is used like DNS, but is based on the decentralized BitTorrent
3	and mbedtls for TLS/crypto support.	3	network.
		4
		5	KadNode intercepts .p2p domain queries on the systems level and resolves them
		6	using a decentralized Kademlia DHT network. Additionally, TLS authentication can
		7	be used to make sure the correct IP address was found. If successful, the IP
		8	address is passed to the application making the request.
		9
		10	Features:
		11
		12	* Support for two kinds of domains:
		13	** public key domains as <public-key>.p2p
		14	*** No need to exchange any further keys/certificates
		15	*** Uses secp256r1 ECC key pairs
		16	** named domains like yourdomain.com.p2p
		17	*** Needs pre-shared certificates (self-signed root certificates or e.g.
		18	Let's Encrypt)
		19	*** Uses TLS session handshake for authentication
		20	* IPv4/IPv6 support
		21	* UPnP/NAT-PMP support
		22	* Local peer discovery
		23	* Small size / ~100KB depending on features / ~50KB compressed
		24	* Command line control program
		25	* NSS support through /etc/nsswitch.conf
		26	* DNS server interface and DNS proxy
		27	** Handles A (IPv4 address),AAAA (IPv6), and SRV requests
		28	* Packages for ArchLinux, Debian, FreeBSD, MacOSX, OpenWrt, Windows
		29	* Peer file import/export on startup/shutdown and every 24h
		30	* Uses sha256 hash method

Lines 1-12 Link Here

(-)b/dns/kadnode/pkg-message (-7 / +1 lines)
1	[
2	{ type: install
3	message: <<EOM
4	In order to resolve domains using kadnode all over the system, add this	1	In order to resolve domains using kadnode all over the system, add this
5	line to your /etc/nsswitch.conf:	2	line to your /etc/nsswitch.conf:
6		3
7	hosts: kadnode dns	4	hosts: files kadnode dns
8		5
9	If the hosts line already exists, just add kadnode before the dns entry.	6	If the hosts line already exists, just add kadnode before the dns entry.
10	EOM
11	}
12	]