security/trillian: New port

General transparency

Trillian is an implementation of the concepts described in the
Verifiable Data Structures white paper, which in turn is an extension
and generalisation of the ideas which underpin Certificate Transparency.

Trillian implements a Merkle tree whose contents are served from a data
storage layer, to allow scalability to extremely large trees. On top of
this Merkle tree, Trillian provides the following:

- An append-only Log mode, analogous to the original Certificate
  Transparency logs. In this mode, the Merkle tree is effectively filled
  up from the left, giving a dense Merkle tree.

Note that Trillian requires particular applications to provide their own
personalities on top of the core transparent data store functionality.

WWW: https://github.com/google/trillian

GIDs

@@ -804,7 +804,7 @@ opensearch:*:855:
 plocate:*:860:
 # free: 861
 # free: 862
-# free: 863
+trillian:*:863:
 mediamtx:*:864:
 z2m:*:865:
 vglusers:*:866:

UIDs

@@ -810,7 +810,7 @@ opensearch:*:855:855::0:0:opensearch user:/nonexistent:/usr/sbin/nologin
 # free: 860
 # free: 861
 # free: 862
-# free: 863
+trillian:*:863:863::0:0:trillian user:/nonexistent:/usr/sbin/nologin
 mediamtx:*:864:864::0:0:mediamtx:/nonexistent:/usr/sbin/nologin
 z2m:*:865:865::0:0:zigbee2mqtt:/usr/local/z2m:/usr/sbin/nologin
 # free: 866

security/Makefile

@@ -1368,6 +1368,7 @@
     SUBDIR += tpm2-tss
     SUBDIR += transcrypt
     SUBDIR += trezord
+    SUBDIR += trillian
     SUBDIR += tripwire
     SUBDIR += trivy
     SUBDIR += trousers

security/trillian/Makefile

@@ -0,0 +1,33 @@
+PORTNAME=	trillian
+DISTVERSIONPREFIX=	v
+DISTVERSION=	1.7.2
+CATEGORIES=	security
+
+MAINTAINER=	bofh@FreeBSD.org
+COMMENT=	General transparency
+WWW=		https://github.com/google/trillian
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+USES=		go:1.24,modules
+USE_RC_SUBR=	trillian_log_server trillian_log_signer
+
+GO_MODULE=	github.com/google/trillian
+GO_TARGET=	./cmd/createtree \
+		./cmd/deletetree \
+		./cmd/trillian_log_server \
+		./cmd/trillian_log_signer \
+		./cmd/updatetree
+
+USERS=		${PORTNAME}
+GROUPS=		${PORTNAME}
+
+post-install:
+	${MKDIR} ${STAGEDIR}${ETCDIR}
+	${INSTALL_DATA} ${FILESDIR}/trillian_log_server.conf \
+		${STAGEDIR}${ETCDIR}/trillian_log_server.conf.sample
+	${INSTALL_DATA} ${FILESDIR}/trillian_log_signer.conf \
+		${STAGEDIR}${ETCDIR}/trillian_log_signer.conf.sample
+
+.include <bsd.port.mk>

security/trillian/distinfo

@@ -0,0 +1,5 @@
+TIMESTAMP = 1746297835
+SHA256 (go/security_trillian/trillian-v1.7.2/v1.7.2.mod) = d22d6349374cf164ac10240d5075da9cf5d896a3393c4e8705f9a184a0835687
+SIZE (go/security_trillian/trillian-v1.7.2/v1.7.2.mod) = 10012
+SHA256 (go/security_trillian/trillian-v1.7.2/v1.7.2.zip) = ed6db0f457762c8b8068fbc7ee697510a270c93ce5ca11dc2d73597e082b6336
+SIZE (go/security_trillian/trillian-v1.7.2/v1.7.2.zip) = 2592461

security/trillian/files/trillian_log_server.conf

@@ -0,0 +1,141 @@
+# NOTE: Comments are NOT allowed. Please remove ALL comments (including this
+# one) and add each command line argument desired. See
+# https://github.com/google/trillian/issues/2724 for details.
+
+# log to standard error as well as files
+#--alsologtostderr
+
+# Fraction of merkle keyspace to dequeue from, set to zero to disable. (default 0.75)
+#--cloudspanner_dequeue_bucket_fraction float
+
+# Interval betweek pinging sessions.
+#--cloudspanner_healthcheck_interval duration
+
+# Max concurrent create session requests.
+#--cloudspanner_max_burst_sessions uint
+
+# Max idle sessions.
+#--cloudspanner_max_idle_sessions uint
+
+# Max open sessions.
+#--cloudspanner_max_open_sessions uint
+
+# Min open sessions.
+#--cloudspanner_min_open_sessions uint
+
+# Number of gRPC channels to use to talk to CloudSpanner.
+#--cloudspanner_num_channels int
+
+# Number of health check workers for Spanner session pool.
+#--cloudspanner_num_healthcheckers int
+
+# How far in the past to perform readonly operations. Within limits, raising this should help to increase performance/reduce latency. (default 1m0s)
+#--cloudspanner_readonly_staleness duration
+
+# determines whether the session pool will keep track of the stacktrace of the goroutines that take sessions from the pool.
+#--cloudspanner_track_session_handles
+
+# Connection URI for CloudSpanner database
+#--cloudspanner_uri string
+
+# Fraction of write capable sessions to maintain.
+#--cloudspanner_write_sessions float
+
+# Config file containing flags, file contents can be overridden by command line flags
+#--config string
+
+# If set, write CPU profile to this file
+#--cpuprofile string
+
+# Service name to announce our HTTP endpoint under (default "trillian-logserver-http")
+#--etcd_http_service string
+
+# A comma-separated list of etcd servers; no etcd registration if empty
+#--etcd_servers string
+
+# Service name to announce ourselves under (default "trillian-logserver")
+#--etcd_service string
+
+# Timeout used during healthz checks (default 5s)
+#--healthz_timeout duration
+
+# Endpoint for HTTP metrics (host:port, empty means disabled) (default "localhost:8091")
+#--http_endpoint string
+
+# when logging hits line file:N, emit a stack trace
+#--log_backtrace_at value
+
+# If non-empty, write log files in this directory
+#--log_dir string
+
+# log to standard error instead of files
+#--logtostderr
+
+# Max number of unsequenced rows before rate limiting kicks in. Only effective for quota_system=mysql. (default 500000)
+#--max_unsequenced_rows int
+
+# If set, write memory profile to this file
+#--memprofile string
+
+# Maximum connections to the database
+#--mysql_max_conns int
+
+# Maximum idle database connections in the connection pool (default -1)
+#--mysql_max_idle_conns int
+
+# Connection URI for MySQL database (default "test:zaphod@tcp(127.0.0.1:3306)/test")
+#--mysql_uri string
+
+# Max number of concurrent workers concurrently populating subtrees (default 256)
+#--populate_subtree_concurrency int
+
+# If true no requests are blocked due to lack of tokens
+#--quota_dry_run
+
+# Max number of quota specs in the quota cache. Zero or lower means batching is disabled. Applicable for etcd quotas. (default 1000)
+#--quota_max_cache_entries int
+
+# Minimum number of tokens to request from the quota system. Zero or lower means batching is disabled. Applicable for etcd quotas. (default 100)
+#--quota_min_batch_size int
+
+# Quota system to use. One of: [noop etcd mysql] (default "mysql")
+#--quota_system string
+
+# Endpoint for RPC requests (host:port) (default "localhost:8090")
+#--rpc_endpoint string
+
+# logs at or above this threshold go to stderr
+#--stderrthreshold value
+
+# Storage system to use. One of: [mysql cloud_spanner] (default "mysql")
+#--storage_system string
+
+# Path to the TLS server certificate. If unset, the server will use unsecured connections.
+#--tls_cert_file string
+
+# Path to the TLS server key. If unset, the server will use unsecured connections.
+#--tls_key_file string
+
+# If true opencensus Stackdriver tracing will be enabled. See https://opencensus.io/.
+#--tracing
+
+# Percent of requests to be traced. Zero is a special case to use the DefaultSampler
+#--tracing_percent int
+
+# project ID to pass to stackdriver. Can be empty for GCP, consult docs for other platforms.
+#--tracing_project_id string
+
+# Minimum interval between tree garbage collection sweeps. Actual runs happen randomly between [minInterval,2*minInterval). (default 4h0m0s)
+#--tree_delete_min_run_interval duration
+
+# Minimum period a tree has to remain deleted before being hard-deleted (default 168h0m0s)
+#--tree_delete_threshold duration
+
+# If true, tree garbage collection (hard-deletion) is periodically performed (default true)
+#--tree_gc
+
+# log level for V logs
+#--v value
+
+# comma-separated list of pattern=N settings for file-filtered logging
+#--vmodule value

security/trillian/files/trillian_log_server.in

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# PROVIDE: trillian_log_server
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# trillian_log_server_enable (bool):	Set it to YES to enable trillian_log_server.
+#			Default is "NO".
+# trillian_log_server_user (user):	Set user to run trillian_log_server.
+#			Default is "trillian".
+# trillian_log_server_group (group):	Set group to run trillian_log_server.
+#			Default is "trillian".
+# trillian_log_server_config (file):	Set trillian_log_server config file.
+#			Default is "%%PREFIX%%/etc/trillian/trillian_log_server.conf".
+
+. /etc/rc.subr
+
+name=trillian_log_server
+rcvar=trillian_log_server_enable
+
+load_rc_config $name
+
+: ${trillian_log_server_enable:="NO"}
+: ${trillian_log_server_user:="trillian"}
+: ${trillian_log_server_group:="trillian"}
+: ${trillian_log_server_config:="%%PREFIX%%/etc/trillian/trillian_log_server.conf"}
+
+pidfile=/var/run/trillian_log_server.pid
+procname="%%PREFIX%%/bin/trillian_log_server"
+command="/usr/sbin/daemon"
+command_args="-f -t ${name} -p ${pidfile} ${procname} server -config=${trillian_log_server_config}"
+
+start_precmd=trillian_log_server_startprecmd
+required_files="$trillian_log_server_config"
+
+trillian_log_server_startprecmd()
+{
+        if [ ! -e ${pidfile} ]; then
+                install -o ${trillian_log_server_user} -g ${trillian_log_server_group} /dev/null ${pidfile};
+        fi
+}
+
+run_rc_command "$1"

security/trillian/files/trillian_log_signer.conf

@@ -0,0 +1,147 @@
+# NOTE: Comments are NOT allowed. Please remove ALL comments (including this
+# one) and add each command line argument desired. See
+# https://github.com/google/trillian/issues/2724 for details.
+
+# log to standard error as well as files
+#--alsologtostderr
+
+# Max number of leaves to process per batch (default 1000)
+#--batch_size int
+
+# Fraction of merkle keyspace to dequeue from, set to zero to disable. (default 0.75)
+#--cloudspanner_dequeue_bucket_fraction float
+
+# Interval betweek pinging sessions.
+#--cloudspanner_healthcheck_interval duration
+
+# Max concurrent create session requests.
+#--cloudspanner_max_burst_sessions uint
+
+# Max idle sessions.
+#--cloudspanner_max_idle_sessions uint
+
+# Max open sessions.
+#--cloudspanner_max_open_sessions uint
+
+# Min open sessions.
+#--cloudspanner_min_open_sessions uint
+
+# Number of gRPC channels to use to talk to CloudSpanner.
+#--cloudspanner_num_channels int
+
+# Number of health check workers for Spanner session pool.
+#--cloudspanner_num_healthcheckers int
+
+# How far in the past to perform readonly operations. Within limits, raising this should help to increase performance/reduce latency. (default 1m0s)
+#--cloudspanner_readonly_staleness duration
+
+# determines whether the session pool will keep track of the stacktrace of the goroutines that take sessions from the pool.
+#--cloudspanner_track_session_handles
+
+# Connection URI for CloudSpanner database
+#--cloudspanner_uri string
+
+# Fraction of write capable sessions to maintain.
+#--cloudspanner_write_sessions float
+
+# Config file containing flags, file contents can be overridden by command line flags
+#--config string
+
+# If set, write CPU profile to this file
+#--cpuprofile string
+
+# Service name to announce our HTTP endpoint under (default "trillian-logsigner-http")
+#--etcd_http_service string
+
+# A comma-separated list of etcd servers; no etcd registration if empty
+#--etcd_servers string
+
+# If true, assume master for all logs
+#--force_master
+
+# Timeout used during healthz checks (default 5s)
+#--healthz_timeout duration
+
+# Endpoint for HTTP (host:port, empty means disabled) (default "localhost:8091")
+#--http_endpoint string
+
+# etcd lock file directory path (default "/test/multimaster")
+#--lock_file_path string
+
+# when logging hits line file:N, emit a stack trace
+#--log_backtrace_at value
+
+# If non-empty, write log files in this directory
+#--log_dir string
+
+# log to standard error instead of files
+#--logtostderr
+
+# Minimum interval to hold mastership for (default 1m0s)
+#--master_hold_interval duration
+
+# Maximal random addition to --master_hold_interval (default 2m0s)
+#--master_hold_jitter duration
+
+# Max number of unsequenced rows before rate limiting kicks in. Only effective for quota_system=mysql. (default 500000)
+#--max_unsequenced_rows int
+
+# If set, write memory profile to this file
+#--memprofile string
+
+# Maximum connections to the database
+#--mysql_max_conns int
+
+# Maximum idle database connections in the connection pool (default -1)
+#--mysql_max_idle_conns int
+
+# Connection URI for MySQL database (default "test:zaphod@tcp(127.0.0.1:3306)/test")
+#--mysql_uri string
+
+# Number of sequencer workers to run in parallel (default 10)
+#--num_sequencers int
+
+# Max number of concurrent workers concurrently populating subtrees (default 256)
+#--populate_subtree_concurrency int
+
+# Maximum time to wait before starting elections (default 1s)
+#--pre_election_pause duration
+
+# Increase factor for tokens replenished by sequencing-based quotas (1 means a 1:1 relationship between sequenced leaves and replenished tokens).Only effective for --quota_system=etcd. (default 1.1)
+#--quota_increase_factor float
+
+# Max number of quota specs in the quota cache. Zero or lower means batching is disabled. Applicable for etcd quotas. (default 1000)
+#--quota_max_cache_entries int
+
+# Minimum number of tokens to request from the quota system. Zero or lower means batching is disabled. Applicable for etcd quotas. (default 100)
+#--quota_min_batch_size int
+
+# Quota system to use. One of: [noop etcd mysql] (default "mysql")
+#--quota_system string
+
+# Endpoint for RPC requests (host:port) (default "localhost:8090")
+#--rpc_endpoint string
+
+# If set, the time elapsed before submitted leaves are eligible for sequencing
+#--sequencer_guard_window duration
+
+# Time between each sequencing pass through all logs (default 100ms)
+#--sequencer_interval duration
+
+# logs at or above this threshold go to stderr
+#--stderrthreshold value
+
+# Storage system to use. One of: [cloud_spanner mysql] (default "mysql")
+#--storage_system string
+
+# Path to the TLS server certificate. If unset, the server will use unsecured connections.
+#--tls_cert_file string
+
+# Path to the TLS server key. If unset, the server will use unsecured connections.
+#--tls_key_file string
+
+# log level for V logs
+#--v value
+
+# comma-separated list of pattern=N settings for file-filtered logging
+#--vmodule value

security/trillian/files/trillian_log_signer.in

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# PROVIDE: trillian_log_signer
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# trillian_log_signer_enable (bool):	Set it to YES to enable trillian_log_signer.
+#			Default is "NO".
+# trillian_log_signer_user (user):	Set user to run trillian_log_signer.
+#			Default is "trillian".
+# trillian_log_signer_group (group):	Set group to run trillian_log_signer.
+#			Default is "trillian".
+# trillian_log_signer_config (file):	Set trillian_log_signer config file.
+#			Default is "%%PREFIX%%/etc/trillian/trillian_log_signer.conf".
+
+. /etc/rc.subr
+
+name=trillian_log_signer
+rcvar=trillian_log_signer_enable
+
+load_rc_config $name
+
+: ${trillian_log_signer_enable:="NO"}
+: ${trillian_log_signer_user:="trillian"}
+: ${trillian_log_signer_group:="trillian"}
+: ${trillian_log_signer_config:="%%PREFIX%%/etc/trillian/trillian_log_signer.conf"}
+
+pidfile=/var/run/trillian_log_signer.pid
+procname="%%PREFIX%%/bin/trillian_log_signer"
+command="/usr/sbin/daemon"
+command_args="-f -t ${name} -p ${pidfile} ${procname} signer -config=${trillian_log_signer_config}"
+
+start_precmd=trillian_log_signer_startprecmd
+required_files="$trillian_log_signer_config"
+
+trillian_log_signer_startprecmd()
+{
+        if [ ! -e ${pidfile} ]; then
+                install -o ${trillian_log_signer_user} -g ${trillian_log_signer_group} /dev/null ${pidfile};
+        fi
+}
+
+run_rc_command "$1"

security/trillian/pkg-descr

@@ -0,0 +1,14 @@
+Trillian is an implementation of the concepts described in the
+Verifiable Data Structures white paper, which in turn is an extension
+and generalisation of the ideas which underpin Certificate Transparency.
+
+Trillian implements a Merkle tree whose contents are served from a data
+storage layer, to allow scalability to extremely large trees. On top of
+this Merkle tree, Trillian provides the following:
+
+- An append-only Log mode, analogous to the original Certificate
+  Transparency logs. In this mode, the Merkle tree is effectively filled
+  up from the left, giving a dense Merkle tree.
+
+Note that Trillian requires particular applications to provide their own
+personalities on top of the core transparent data store functionality.

security/trillian/pkg-plist

@@ -0,0 +1,7 @@
+bin/createtree
+bin/deletetree
+bin/trillian_log_server
+bin/trillian_log_signer
+bin/updatetree
+@sample %%ETCDIR%%/trillian_log_server.conf.sample
+@sample %%ETCDIR%%/trillian_log_signer.conf.sample