dns/kadnode: update 2.3.0 -> 2.4.1, un-deprecate

Upstream is alive and active, has 1-st class FreeBSD support. They had switched to mbedtls3 since version 2.4.0. Using their ready-to-use port with minor changes: * Fix files/kadnode.in mode (0755 -> 0644) * Improve pkg-descr * Some linting PR: 283954 Reviewed by: diizzy Approved by: moritzwarning@web.de (maintainer)
2025-01-09 14:15:35 +04:00 · 2025-01-09 14:15:35 +04:00 · c19a49d41d
commit c19a49d41d
parent 3a3b1819c6
9 changed files with 48 additions and 61 deletions
--- a/dns/kadnode/Makefile
+++ b/dns/kadnode/Makefile
@ -1,18 +1,16 @@
 PORTNAME=	kadnode
 DISTVERSIONPREFIX=	v
-DISTVERSION=	2.3.0
-PORTREVISION=	5
+DISTVERSION=	2.4.1
 CATEGORIES=	dns

 MAINTAINER=	moritzwarning@web.de
 COMMENT=	P2P name resolution daemon
-WWW=		https://github.com/mwarning/KadNode
+WWW=		https://github.com/mwarning/KadNode/

 LICENSE=	MIT
 LICENSE_FILE=	${WRKSRC}/LICENSE

 USES=		cpe gmake
-CPE_VENDOR=	${PORTNAME}_project
 USE_GITHUB=	yes
 GH_ACCOUNT=	mwarning
 GH_PROJECT=	KadNode
@ -34,7 +32,8 @@ NATPMP_DESC=	NAT-PMP support (remote port forwarding on the router)
 NSS_DESC=	Name Service Switch support to intercept host queries
 UPNP_DESC=	UPnP support (remote port forwarding on the router)

-AUTH_LIB_DEPENDS=	libmbedtls.so:security/mbedtls2
+AUTH_LIB_DEPENDS=	libmbedtls.so:security/mbedtls3
+AUTH_USES=		localbase:ldflags
 AUTH_VARS=		FEATURES+="bob tls"

 CMD_VARS=		FEATURES+="cmd"
@ -51,6 +50,7 @@ NATPMP_VARS=		FEATURES+="natpmp"
 NSS_VARS=		FEATURES+="nss"

 UPNP_LIB_DEPENDS=	libminiupnpc.so:net/miniupnpc
+UPNP_USES=		localbase:ldflags
 UPNP_VARS=		FEATURES+="upnp"

 do-install:
@ -62,19 +62,10 @@ do-install:
 	${INSTALL_DATA} ${WRKDIR}/kadnode.conf \
 		${STAGEDIR}${ETCDIR}/kadnode.conf.sample
 	${INSTALL_MAN} ${WRKSRC}/misc/manpage \
-		${STAGEDIR}${PREFIX}/share/man/man1/kadnode.1
+		${STAGEDIR}${MANDIRS}/man1/kadnode.1

 do-install-NSS-on:
-	${INSTALL_LIB} ${WRKSRC}/build/libnss_kadnode-2.0.so \
+	${INSTALL_LIB} ${WRKSRC}/build/libnss_kadnode.so \
 		${STAGEDIR}${PREFIX}/lib/nss_kadnode.so.1
-	${RLN} ${STAGEDIR}${PREFIX}/lib/nss_kadnode.so.1 \
-		${STAGEDIR}${PREFIX}/lib/nss_kadnode.so
-
-.include <bsd.port.options.mk>
-
-.if ${PORT_OPTIONS:MAUTH}
-DEPRECATED=	Depends on expired security/mbedtls2
-EXPIRATION_DATE=2025-03-31
-.endif

 .include <bsd.port.mk>
--- a/dns/kadnode/distinfo
+++ b/dns/kadnode/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1581337724
-SHA256 (mwarning-KadNode-v2.3.0_GH0.tar.gz) = abb2ca66fb525fab53157d5486bbb43e3a522a4bdc9280a3dcb8cb403ee08583
-SIZE (mwarning-KadNode-v2.3.0_GH0.tar.gz) = 450082
+TIMESTAMP = 1736416439
+SHA256 (mwarning-KadNode-v2.4.1_GH0.tar.gz) = 748c8917134ad9c127f05a32369aa5726482c9de98d71ef5e722b2a9d588a5e9
+SIZE (mwarning-KadNode-v2.4.1_GH0.tar.gz) = 464380
--- a/dns/kadnode/files/kadnode.conf.in
+++ b/dns/kadnode/files/kadnode.conf.in
@ -6,15 +6,15 @@
 # --tls-server-cert mydomain.crt,mydomain.key
 # The domain in the Common Name field of the certificate will be announced.
 #
-# For domain lookup, we need to provide appropiate CA certificates.
+# For domain lookup, we need to provide appropriate CA certificates.
 # Try various locations:
--tls-client-cert %%LOCALBASE%%/share/certs
+--tls-client-cert /usr/share/certs/trusted

 # As an alternative, create a secret/public key via 'kadnode --bob-create-key'
 # and load the secret keys as PEM file:
 # --bob-load-key <secret-key-pem-file>
 #
-# Other nodes can use <public-key-hex>.p2p in the browser to resolve the node.
+# Other nodes can use <public-key>.p2p in the browser to resolve the node.

 # Enable DNS proxy behavior. Reads /etc/resolv.conf by default.
 # --dns-proxy-enable
@ -23,7 +23,7 @@
 # --dns-proxy-server <IP-address>

 # Disable UPnP/NAT-PMP support
-# --disable-forwarding
+# --fwd-disable

 # Disable multicast peer discovery
 # --lpd-disable
--- a/dns/kadnode/files/kadnode.in
+++ b/dns/kadnode/files/kadnode.in
@ -12,8 +12,10 @@ rcvar=kadnode_enable

 pidfile="/var/run/kadnode.pid"
 required_files="%%PREFIX%%/etc/kadnode/kadnode.conf"
+configfile="%%PREFIX%%/etc/kadnode/kadnode.conf"
 command="%%PREFIX%%/bin/kadnode"
-command_args="--config %%PREFIX%%/etc/kadnode/kadnode.conf --pidfile $pidfile --daemon"
+
+command_args="--config $configfile --pidfile $pidfile --daemon"

 load_rc_config $name
 : ${kadnode_enable:=yes}
--- a/dns/kadnode/files/patch-src_peerfile.c
+++ b/dns/kadnode/files/patch-src_peerfile.c
@ -1,10 +0,0 @@
--- src/peerfile.c.orig	2020-02-09 21:48:57 UTC
-+++ src/peerfile.c
-@@ -4,6 +4,7 @@
- #include <string.h>
- #include <errno.h>
- #include <netdb.h>
-+#include <sys/socket.h>
- 
- #include "main.h"
- #include "conf.h"
--- a/dns/kadnode/files/patch-src_upnp.c
+++ b/dns/kadnode/files/patch-src_upnp.c
@ -1,16 +0,0 @@
--- src/upnp.c.orig	2020-02-09 21:48:57 UTC
-+++ src/upnp.c
-@@ -134,8 +134,13 @@ int upnp_handler(struct upnp_handle_t *handle, uint16_
- 			handle->retry = now + (10 * 60);
- 			handle->state = UPNP_STATE_DISCOVER_GATEWAY;
- 			return PF_RETRY;
-+#if (MINIUPNPC_API_VERSION >= 18)
- 		} else if (UPNP_GetValidIGD(devlist, &handle->urls, &handle->data,
-+				handle->addr, sizeof(handle->addr), NULL, 0) == 1) {
-+#else
-+		} else if (UPNP_GetValidIGD(devlist, &handle->urls, &handle->data,
- 				handle->addr, sizeof(handle->addr)) == 1) {
-+#endif                  
- 			freeUPNPDevlist(devlist);
- 			log_info("UPnP: Found gateway device \"%s\".", handle->urls.controlURL);
- 			handle->state = UPNP_STATE_GET_PORTMAPPING;
--- a/dns/kadnode/pkg-descr
+++ b/dns/kadnode/pkg-descr
@ -1,3 +1,30 @@
-KadNode is a small decentralized DNS resolver that can use existing
-public key infrastructures. It utilizes the BitTorrent P2P network
-and mbedtls for TLS/crypto support.
+KadNode finds the IP address of other instances on the Internet or local
+network. It is used like DNS, but is based on the decentralized BitTorrent
+network.
+
+KadNode intercepts .p2p domain queries on the systems level and resolves them
+using a decentralized Kademlia DHT network. Additionally, TLS authentication can
+be used to make sure the correct IP address was found. If successful, the IP
+address is passed to the application making the request.
+
+Features:
+
+* Support for two kinds of domains:
+**  public key domains as <public-key>.p2p
+***   No need to exchange any further keys/certificates
+***   Uses secp256r1 ECC key pairs
+**  named domains like yourdomain.com.p2p
+***   Needs pre-shared certificates (self-signed root certificates or e.g.
+      Let's Encrypt)
+***   Uses TLS session handshake for authentication
+* IPv4/IPv6 support
+* UPnP/NAT-PMP support
+* Local peer discovery
+* Small size / ~100KB depending on features / ~50KB compressed
+* Command line control program
+* NSS support through /etc/nsswitch.conf
+* DNS server interface and DNS proxy
+**  Handles A (IPv4 address),AAAA (IPv6), and SRV requests
+* Packages for ArchLinux, Debian, FreeBSD, MacOSX, OpenWrt, Windows
+* Peer file import/export on startup/shutdown and every 24h
+* Uses sha256 hash method
--- a/dns/kadnode/pkg-message
+++ b/dns/kadnode/pkg-message
@ -1,12 +1,6 @@
-[
-{ type: install
-  message: <<EOM
 In order to resolve domains using kadnode all over the system, add this
 line to your /etc/nsswitch.conf:

-hosts: kadnode dns
+hosts: files kadnode dns

 If the hosts line already exists, just add kadnode before the dns entry.
-EOM
-}
-]
--- a/dns/kadnode/pkg-plist
+++ b/dns/kadnode/pkg-plist
@ -2,6 +2,5 @@ bin/kadnode
 bin/kadnode-ctl
@sample %%ETCDIR%%/kadnode.conf.sample
@sample %%ETCDIR%%/peers.txt.sample
-%%NSS%%lib/nss_kadnode.so
 %%NSS%%lib/nss_kadnode.so.1
 share/man/man1/kadnode.1.gz