mail/py-tlsrpt-reporter: new port

tlsrpt-reporter is a TLSRPT reporting service for SMTP TLS Reporting
as defined in RFC 8460. It receives TLSRPT datagrams from a MTA,
collects them, creates a report in conformance with the TLSRPT
Reporting Schema and finally delivers the report either via SMTP,
indirectly by submitting it to a local MTA which ultimately will be
responsible for delivering the report, or directly via HTTP POST.

PR:     285012
Reported by:	Yusuf Yaman

GIDs

@@ -322,7 +322,7 @@ walletd:*:378:
 renterd:*:379:
 spoofdpi:*:380:
 hydroxide:*:381:
-# free: 382
+_tlsrpt:*:382:
 # free: 383
 # free: 384
 # free: 385

UIDs

@@ -328,7 +328,7 @@ walletd:*:378:378::0:0:walletd Daemon:/nonexistent:/usr/sbin/nologin
 renterd:*:379:379::0:0:renterd Daemon:/nonexistent:/usr/sbin/nologin
 spoofdpi:*:380:380::0:0:SpoofDPI Daemon:/nonexistent:/usr/sbin/nologin
 hydroxide:*:381:381::0:0:Hydroxide Daemon:/var/db/hydroxide:/usr/sbin/nologin
-# free: 382
+_tlsrpt:*:382:382::0:0:TLSRPT Daemon:/nonexistent:/usr/sbin/nologin
 # free: 383
 # free: 384
 # free: 385

mail/Makefile

@@ -545,6 +545,7 @@
     SUBDIR += py-pyzmail
     SUBDIR += py-rfc6555
     SUBDIR += py-spf-engine
+    SUBDIR += py-tlsrpt-reporter
     SUBDIR += py-validate_email
     SUBDIR += pymsgauth
     SUBDIR += pyzor

mail/py-tlsrpt-reporter/Makefile

@@ -0,0 +1,63 @@
+PORTNAME=	tlsrpt-reporter
+DISTVERSIONPREFIX=	v
+DISTVERSION=	0.5.0
+CATEGORIES=	mail python
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	matthew@FreeBSD.org
+COMMENT=	Collectd, fetcher and reportd software for SMTP TLS reporting
+WWW=		https://github.com/sys4/tlsrpt-reporter
+
+LICENSE=	GPLv3+
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}build>=1.2.2:devel/py-build@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}hatchling>=0:devel/py-hatchling@${PY_FLAVOR} \
+		asciidoctor:textproc/rubygem-asciidoctor
+RUN_DEPENDS=	curl:ftp/curl \
+		${PYTHON_PKGNAMEPREFIX}sqlite3>=0:databases/py-sqlite3@${PY_FLAVOR}
+
+USES=		gmake python shebangfix
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	sys4
+
+USE_PYTHON=	autoplist pep517 unittest
+
+NO_ARCH=	yes
+USERS?=		_tlsrpt
+GROUPS?=	_tlsrpt
+
+SHEBANG_FILES=	./tlsrpt_reporter/tlsrpt_*.py
+
+CFGFILE=	${ETCDIR}/${PORTNAME}.cfg
+
+USE_RC_SUBR=	tlsrpt-collectd \
+		tlsrpt-reportd
+SUB_FILES=	${PORTNAME}.cfg
+SUB_LIST=	RUNDIR=/var/run/${PORTNAME} \
+		DBDIR=/var/db/${PORTNAME} \
+		LOGDIR=/var/log/${PORTNAME} \
+		PYTHON_CMD=${PYTHON_CMD} \
+		CFGFILE=${CFGFILE} \
+		USER=${USERS} \
+		GROUP=${GROUPS}
+
+PLIST_FILES=	"@sample ${CFGFILE}.sample" \
+		share/man/man1/tlsrpt-collectd.1.gz \
+		share/man/man1/tlsrpt-fetcher.1.gz \
+		share/man/man1/tlsrpt-reportd.1.gz
+
+TEST_ENV=	PYTHONPATH=${STAGEDIR}${PYTHONPREFIX_SITELIBDIR}
+
+post-build:
+	(cd ${WRKSRC}/doc && \
+	    ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${MAKE_ARGS} ${ALL_TARGET})
+
+post-install:
+	${MKDIR} ${STAGEDIR}${ETCDIR}
+	${INSTALL_DATA} ${WRKDIR}/${PORTNAME}.cfg ${STAGEDIR}${CFGFILE}.sample
+	(cd ${WRKSRC}/doc && \
+	    ${INSTALL_MAN} ./*.1 ${STAGEDIR}${PREFIX}/share/man/man1)
+
+.include <bsd.port.mk>

mail/py-tlsrpt-reporter/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1747214231
+SHA256 (sys4-tlsrpt-reporter-v0.5.0_GH0.tar.gz) = ea6aa950634380080fd52e3a2721c9c0c8ab2b44367284669e0ad105954a0f8d
+SIZE (sys4-tlsrpt-reporter-v0.5.0_GH0.tar.gz) = 59230

mail/py-tlsrpt-reporter/files/tlsrpt-collectd.in

@@ -0,0 +1,76 @@
+#!/bin/sh
+
+# PROVIDE: tlsrpt_collectd
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable tlsrpt_collectd:
+#
+# tlsrpt_collectd_enable="YES"
+#
+# Other rc.conf variables:
+#
+# tlsrpt_collectd_conffile="%%CFGFILE%%"
+#                            -- path to config file
+# tlsrpt_collectd_user="%%USER%%"
+#                            -- user to run tlsrpt_collectd as
+# tlsrpt_collectd_group="%%GROUP%%"
+#                            -- group to run tlsrpt_collectd as
+# tlsrpt_collectd_dbdir="%%DBDIR%%"
+#                            -- location of directory containing
+#                               working database.  Must match
+#                               setting in %%CFGFILE%%
+# tlsrpt_collectd_logdir="%%LOGDIR%%"
+#                            -- location of tlsrpt_collectd logfile
+# tlsrpt_collectd_flags=""
+#                            -- additional flags for tlsrpt_collectd
+
+. /etc/rc.subr
+
+name="tlsrpt_collectd"
+rcvar=tlsrpt_collectd_enable
+
+load_rc_config $name
+
+: ${tlsrpt_collectd_enable:="NO"}
+: ${tlsrpt_collectd_conffile="%%CFGFILE%%"}
+: ${tlsrpt_collectd_user="%%USER%%"}
+: ${tlsrpt_collectd_group="%%GROUP%%"}
+: ${tlsrpt_collectd_dbdir="%%DBDIR%%"}
+: ${tlsrpt_collectd_logdir="%%LOGDIR%%"}
+: ${tlsrpt_collectd_flags=""}
+
+start_precmd=${name}_startprecmd
+start_cmd=${name}_start
+
+command=%%PYTHON_CMD%%
+pidfile=%%RUNDIR%%/tlsrpt-collectd.pid
+
+tlsrpt_collectd_startprecmd()
+{
+    local piddir=$(dirname ${pidfile})
+
+    for d in ${piddir} ${tlsrpt_collectd_dbdir} ${tlsrpt_collectd_logdir}; do
+	mkdir -m 0755 -p ${d}
+	chown -R ${tlsrpt_collectd_user}:${tlsrpt_collectd_group} ${d}
+    done
+}
+
+tlsrpt_collectd_start()
+{
+    case "${tlsrpt_collectd_flags}" in
+	*--config_file\ *)
+	    echo "Warning: \$tlsrpt_collectd_flags includes --config_file" \
+		 "option. Please use \$tlsrpt_collectd_conffile instead."
+	    ;;
+	*)
+	    options="--config_file ${tlsrpt_collectd_conffile} ${tlsrpt_collectd_flags}"
+	    ;;
+    esac
+
+    /usr/sbin/daemon -c -f -u ${tlsrpt_collectd_user} \
+		     tlsrpt-collectd ${options}
+}
+
+run_rc_command "$1"

mail/py-tlsrpt-reporter/files/tlsrpt-reportd.in

@@ -0,0 +1,78 @@
+#!/bin/sh
+
+# PROVIDE: tlsrpt-reportd
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable tlsrpt_reportd:
+#
+# tlsrpt_reportd_enable="YES"
+#
+# Other rc.conf variables:
+#
+# tlsrpt_reportd_conffile="%%CFGFILE%%"
+#                            -- path to config file
+# tlsrpt_reportd_user="%%USER%%"
+#                            -- user to run tlsrpt_reportd as
+# tlsrpt_reportd_group="%%GROUP%%"
+#                            -- group to run tlsrpt_reportd as
+# tlsrpt_reportd_dbdir="%%DBDIR%%"
+#                            -- location of directory containing
+#                               working database.  Must match
+#                               setting in %%CFGFILE%%
+# tlsrpt_reportd_logdir="%%LOGDIR%%"
+#                            -- location of tlsrpt_reportd logfile
+# tlsrpt_reportd_flags=""
+#                            -- additional flags for tlsrpt_reportd
+
+. /etc/rc.subr
+
+name="tlsrpt_reportd"
+rcvar=tlsrpt_reportd_enable
+
+load_rc_config $name
+
+: ${tlsrpt_reportd_enable:="NO"}
+: ${tlsrpt_reportd_conffile="%%CFGFILE%%"}
+: ${tlsrpt_reportd_user="%%USER%%"}
+: ${tlsrpt_reportd_group="%%GROUP%%"}
+: ${tlsrpt_reportd_dbdir="%%DBDIR%%"}
+: ${tlsrpt_reportd_logdir="%%LOGDIR%%"}
+: ${tlsrpt_reportd_flags=""}
+
+start_precmd=${name}_startprecmd
+start_cmd=${name}_start
+
+command=%%PYTHON_CMD%%
+pidfile=%%RUNDIR%%/tlsrpt-reportd.pid
+
+tlsrpt_reportd_startprecmd()
+{
+    local piddir=$(dirname ${pidfile})
+
+    for d in ${piddir} ${tlsrpt_reportd_dbdir} ${tlsrpt_reportd_logdir};
+    do
+	mkdir -m 0755 -p ${d}
+	chown -R ${tlsrpt_reportd_user}:${tlsrpt_reportd_group} ${d}
+    done
+}
+
+tlsrpt_reportd_start()
+{
+    case "${tlsrpt_reportd_flags}" in
+	*--config_file\ *)
+	    echo "Warning: \$tlsrpt_reportd_flags includes --config_file" \
+		 "option. Please use \$tlsrpt_reportd_conffile instead."
+	    ;;
+	*)
+	    options="--config_file ${tlsrpt_reportd_conffile} ${tlsrpt_reportd_flags}"
+	    ;;
+    esac
+
+    /usr/sbin/daemon -c -f -u ${tlsrpt_reportd_user} \
+		     tlsrpt-reportd ${options}
+}
+
+run_rc_command "$1"
+

mail/py-tlsrpt-reporter/files/tlsrpt-reporter.cfg.in

@@ -0,0 +1,32 @@
+[tlsrpt_collectd]
+pidfilename = %%RUNDIR%%/tlsrpt-collectd.pid
+storage = sqlite://%%DBDIR%%/tlsrpt-collectd.sqlite
+socketname = %%RUNDIR%%/tlsrpt-collectd.socket
+logfilename = %%LOGDIR%%/tlsrpt-collectd.log
+#daily_rollover_script = /usr/local/bin/example-script.sh
+dump_path_for_invalid_datagram = /tmp/debug-payload
+log_level = debug
+
+[tlsrpt_fetcher]
+storage = sqlite://%%DBDIR%%/tlsrpt-collectd.sqlite
+logfilename = %%LOGDIR%%/tlsrpt-fetcher.log
+log_level = debug
+
+[tlsrpt_reportd]
+organization_name = EXAMPLE.inc
+contact_info = smtp-tls-reporting@example.com
+sender_address = noreply@example.com
+pidfilename = %%RUNDIR%%/tlsrpt-reportd.pid
+dbname = %%DBDIR%%/tlsrpt-reportd.sqlite
+logfilename = %%LOGDIR%%/tlsrpt-reportd.log
+log_level = debug
+http_script = curl --silent --header 'Content-Type: application/tlsrpt+gzip' --data-binary @-
+fetchers = tlsrpt_fetcher.py --config_file %%CFGFILE%%
+interval_main_loop = 10
+max_retries_domainlist = 2
+min_wait_domainlist = 0
+max_wait_domainlist = 1
+max_retries_domaindetails = 2
+min_wait_domaindetails = 0
+max_wait_domaindetails = 1
+spread_out_delivery = 14400

mail/py-tlsrpt-reporter/pkg-descr

@@ -0,0 +1,6 @@
+tlsrpt-reporter is a TLSRPT reporting service for SMTP TLS Reporting
+as defined in RFC 8460. It receives TLSRPT datagrams from a MTA,
+collects them, creates a report in conformance with the TLSRPT
+Reporting Schema and finally delivers the report either via SMTP,
+indirectly by submitting it to a local MTA which ultimately will be
+responsible for delivering the report, or directly via HTTP POST.