Software Supply Chain Transparency Log
Rekor's goals are to provide an immutable tamper resistant ledger of
metadata generated within a software projects supply chain. Rekor will
enable software maintainers and build systems to record signed metadata
to an immutable record. Other parties can then query said metadata to
enable them to make informed decisions on trust and non-repudiation of
an object's lifecycle.
The Rekor project provides a restful API based server for validation and
a transparency log for storage. A CLI application is available to make
and verify entries, query the transparency log for inclusion proof,
integrity verification of the transparency log or retrieval of entries
by either public key or artifact.
Rekor fulfils the signature transparency role of sigstore's software
signing infrastructure. However, Rekor can be run on its own and is
designed to be extensible to working with different manifest schemas and
PKI tooling.
WWW: https://www.sigstore.dev/
Service for issuing RFC 3161 timestamps
Trusted timestamping is a process that has been around for some time. It
provides a timestamp record of when a document was created or modified.
A timestamp authority creates signed timestamps using public key
infrastructure. The operator of the timestamp authority must secure the
signing key material to prevent unauthorized timestamp signing.
A timestamp authority should also verify its own clock. We provide a
configuration to periodically check the current time against well-known
NTP sources.
WWW: https://sigstore.dev/
General transparency
Trillian is an implementation of the concepts described in the
Verifiable Data Structures white paper, which in turn is an extension
and generalisation of the ideas which underpin Certificate Transparency.
Trillian implements a Merkle tree whose contents are served from a data
storage layer, to allow scalability to extremely large trees. On top of
this Merkle tree, Trillian provides the following:
- An append-only Log mode, analogous to the original Certificate
Transparency logs. In this mode, the Merkle tree is effectively filled
up from the left, giving a dense Merkle tree.
Note that Trillian requires particular applications to provide their own
personalities on top of the core transparent data store functionality.
WWW: https://github.com/google/trillian
An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in
and logs their activity. sshesame accepts and logs SSH connections and activity
(channels, requests), without doing anything on the host (e.g. executing
commands, making network requests).
renterd is an advanced Sia renter engineered by the Sia
Foundation. Designed to cater to both casual users seeking
straightforward data storage and developers requiring a robust API for
building apps on Sia.
hostd is an advanced Sia host solution created by the Sia Foundation,
designed to enhance the experience for storage providers within the
Sia network. Tailored for both individual and large-scale storage
providers, hostd boasts a user-friendly interface and a robust API,
empowering providers to efficiently manage their storage resources and
revenue. hostd incorporates an embedded web-UI, simplifying deployment
and enabling remote management capabilities, ensuring a smooth user
experience across a diverse range of devices.
walletd is the flagship Sia wallet, suitable for miners, exchanges,
and everyday hodlers. Its client-server architecture gives you the
flexibility to access your funds from anywhere, on any device, without
compromising the security of your private keys. The server is
agnostic, so you can derive those keys from a 12-word seed phrase, a
legacy (siad) 28-word phrase, a Ledger hardware wallet, or another
preferred method. Like other Foundation node software, walletd ships
with a slick embedded UI, but developers can easily build headless
integrations leveraging its powerful JSON API. Whether you're using a
single address or millions, walletd scales to your needs.
WWW: https://sia.tech/software/hostd
WWW: https://sia.tech/software/renterd
WWW: https://sia.tech/software/walletd
PR: 285367
un-break arm64 by installing both esbuild arches
- stop lang/go from fetching newer toolchains during build
- pet port with portfmt & portclippy, fix pkg-plist
run under non-root user by default
- add UID, GID for opengist user
- amend rc script to support user
PR: 285179
Reviewed by: fox
Sponsored by: SkunkWerks, GmbH
Remove rpicamera support, patch obtained from Alpine Linux
MediaMTX is a ready-to-use and zero-dependency real-time media server and
media proxy that allows to publish, read, proxy, record and playback video and
audio streams. It supports multiple protocols such as SRT, WebRTC, RTSP, RTMP,
HLS, UDP/MPEG-TS and also able to record and serve media on demand.
WWW: https://github.com/bluenviron/mediamtx
Source:
https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/79233
This is a FUSE file system driver that allows mounting a
WebDAV server as a local file system, like a disk drive.
PR: 267518 (heavily modified)
Submitted by: Ali Abdallah (current main developer)
zigbee2mqtt allows you to use your Zigbee devices without the vendor's
bridge or gateway.
It bridges events and allows you to control your Zigbee devices via
MQTT. In this way you can integrate your Zigbee devices with whatever
smart home infrastructure you are using.
Snac is a simple, minimalistic ActivityPub instance.
It features:
- Lightweight, minimal dependencies
- Extensive support of ActivityPub operations.
- Multiuser
- Mastodon API support, so Mastodon-compatible apps can be used
- Simple but effective web interface
- Easily-accessed MUTE button
- Tested interoperability with related software
- No database needed
- Totally JavaScript-free
PR: 278385
Reviewed by: bofh
Supysonic is a Python implementation of the Subsonic server API.
Current supported features are:
* browsing (by folders or tags)
* streaming of various audio files formats
* transcoding
* user or random playlists
* cover art
* starred tracks/albums and ratings
* lastfm scrobbling
* Jukebox mode
WWW: https://supysonic.readthedocs.io/
PR: 270751
OpenBao exists to provide a software solution to manage, store, and
distribute sensitive data including secrets, certificates, and keys.
The OpenBao community intends to provide this software under an
OSI-approved open-source license, led by a community run under open
governance principles.
https://openbao.orghttps://github.com/openbao/openbao
PR: 280619
The Electronic Logbook (ELOG) provides a Web interface to manage notes.
Its general purpose is to make it easy for people to put and access
information online; in the form of short, time stamped text messages
with optional HTML markup for presentation, and optional file
attachments.
WWW: https://elog.psi.ch/elog/
PR: 274813
Changelog:
https://github.com/ngircd/ngircd/releases/tag/rel-27
Change maintainership:
* all commits from 2017 are "maintainer timeout" or "portmgr blanket":
https://cgit.freebsd.org/ports/log/irc/ngircdhttps://www.freshports.org/irc/ngircd/
* fgsch@lodoss.net - no user in bugzilla with this email
Port changes:
* Add a dedicated system user/group pair for better daemon permissions
* Move PLIST files into pkg-plist for better conditional installation
of files
* Fix installation of documentation files to %%DOCSDIR%%
* Put configuration file (and sample) into %%ETCDIR%%
* Run a --configtest before starting daemon for sanity check
* Replace PORTVERSION with DISTVERSION
* Remove GNU_CONFIGURE_MANPREFIX
* Sort options to make happy portclippy
PR: 278919
- hydroxide does want to store some files and users were running
"hydroxide auth" with normal user. Now, hydroxide user has a home
directory, and it does store them there now.
- Change upstream.
PR: 280886
Changes:
* Add rc.d script to run as daemon because users had to run the port
somehow in the background on terminal.
* Minor changes to Makefile.
PR: 280754
SpoofDPI is a simple and fast anti-censorship tool written in Go that
bypasses Deep Packet Inspection (DPI) by splitting HTTPS requests
into chunks and sending the first byte separately.
It can be run as daemon via rc.d script spoofdpi.
https://github.com/xvzc/SpoofDPI
PR: 280591
VictoriaLogs is a fast and easy-to-use, open source logs solution. It can accept
logs from popular log collectors. It provides easy yet powerful query language
with full-text search capabilities across all the log fields via LogsQL query
language and supports fast full-text search over high-cardinality log fields.
Promxy is a prometheus proxy that makes many shards of prometheus appear
as a single API endpoint to the user. This significantly simplifies
operations and use of prometheus at scale (when you have more than one
prometheus host). Promxy delivers this unified access endpoint without
requiring any sidecars, custom-builds, or other changes to your
prometheus infrastructure.
PR: 269195
Update FoundationDB to both main supported versions, and also split
between server and client builds for convenience.
PR: 277262
Reviewed by: dch
Sponsored by: SkunkWerks, GmbH
- Compile without /dev/kmem access. This requires a small patch which
opens libkvm in a dummy mode which uses sysctls to implement most of
its interfaces rather than /dev/kmem access. This way we can drop the
dependency on /dev/kmem without rewriting existing code.
- Add a new snmpd user. Configure snmpd to drop privileges once it's
finished initialization.
- Remove the JAIL option. Now that snmpd avoids using /dev/kmem,
there's no need to have a special mode for running snmpd in jails.
The patch has been proposed upstream here:
https://sourceforge.net/p/net-snmp/mailman/net-snmp-coders/thread/ZjEwNV5BiTOQ-Adi%40nuc/#msg58766857
Approved by: zi
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45031
Benthos solves common data engineering tasks such as transformations,
integrations, and multiplexing with declarative and unit testable
configuration. This allows you to easily and incrementally adapt your data
pipelines as requirements change, letting you focus on the more exciting stuff.
Benthos is able to glue a wide range of sources and sinks together and hook
into a variety of databases, caches, HTTP APIs, lambdas and more, enabling you
to seamlessly drop it into your existing infrastructure.
Orchestrator is a replication topology manager for MySQL.
Features include:
* The topology and status of the replication tree is automatically detected
and monitored.
* Either a GUI, CLI or API can be used to check the status and perform
operations.
* Supports automatic failover of the master, and the replication tree can
be fixed when servers in the tree fail - either manually or automatically.
* It is not dependent on any specific version or flavor of MySQL (MySQL,
Percona Server, MariaDB or even MaxScale binlog servers).
* Orchestrator supports many different types of topologies, from a single
master -> slave to complex multi-layered replication trees consisting of
hundreds of servers.
* Orchestrator can make topology changes and will do so based on the state
at that moment; it does not require a configuration to be defined with what
corresponds to the database topology.
* The GUI is not only there to report the status - one of the cooler things
you can do is change replication just by doing a drag and drop in the web
interface (of course you can do this and much more through the CLI and API
as well).
- Update to 23.0.6
- Add keycloak user and group
- Add pkg-message
- Add support for development(start-dev) and production (start) mode at rc script
- Export JAVA_HOME from rc script
- Add keycloak build function into rc script
PR: 275658 276859
Approved by: maintainer timeout (2 weeks)
Cert Spotter is a Certificate Transparency log monitor from SSLMate
that alerts you when an SSL/TLS certificate is issued for one of your
domains. Cert Spotter is easier to use than other open source CT
monitors, since it does not require a database. It's also more robust,
since it uses a special certificate parser that ensures it won't miss
certificates.
