dns/dnssec-rr: new port - a DNSSEC toolkit written in C

Differential Revision: https://reviews.freebsd.org/D50969 Reviewed by: diizzy Sponsored by: SkunkWerks, GmbH
3 days ago · 2b7eb930ad
6 changed files with 79 additions and 0 deletions
--- a/dns/Makefile
+++ b/dns/Makefile
@ -42,6 +42,7 @@
    SUBDIR += dnsproxy
    SUBDIR += dnsrecon
    SUBDIR += dnsreflector
+    SUBDIR += dnssec-rr
    SUBDIR += dnstable
    SUBDIR += dnstable-convert
    SUBDIR += dnstop
--- a/dns/dnssec-rr/Makefile
+++ b/dns/dnssec-rr/Makefile
@ -0,0 +1,46 @@
+PORTNAME=	dnssec-rr
+DISTVERSION=	0.2
+CATEGORIES=	dns security
+MASTER_SITES=	https://git.sr.ht/~mcf/dnssec-rr/refs/download/${DISTVERSION}/
+
+MAINTAINER=	dch@FreeBSD.org
+COMMENT=	Set of C programs for working with DNSSEC
+WWW=		https://git.sr.ht/~mcf/dnssec-rr
+
+LICENSE=	ISCL
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+LIB_DEPENDS=	libbearssl.so:security/bearssl
+
+USES=		localbase:ldflags
+
+PLIST_FILES=	bin/dnskey \
+		bin/ds \
+		bin/nsec \
+		bin/rrsig \
+		bin/tlsa \
+		share/man/man1/dnskey.1.gz \
+		share/man/man1/ds.1.gz \
+		share/man/man1/nsec.1.gz \
+		share/man/man1/rrsig.1.gz \
+		share/man/man1/tlsa.1.gz
+
+PORTDOCS=	README.md
+
+OPTIONS_DEFINE=	DOCS
+
+do-install:
+	${MKDIR} ${STAGEDIR}${MANDIRS}/man1
+.for i in dnskey ds nsec rrsig tlsa
+	${INSTALL_MAN} ${WRKSRC}/$i.1 \
+		${STAGEDIR}${MANDIRS}/man1
+	${INSTALL_PROGRAM} ${WRKSRC}/$i \
+		${STAGEDIR}${PREFIX}/bin
+.endfor
+
+do-install-DOCS-on:
+	${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/README.md \
+		${STAGEDIR}${DOCSDIR}
+
+.include <bsd.port.mk>
--- a/dns/dnssec-rr/distinfo
+++ b/dns/dnssec-rr/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1750592067
+SHA256 (dnssec-rr-0.2.tar.gz) = 658699a0c094ae1715c7b6bc2b638dac24f21f25c889aaf4c27359a4cf40bdaf
+SIZE (dnssec-rr-0.2.tar.gz) = 19425
--- a/dns/dnssec-rr/files/patch-Makefile
+++ b/dns/dnssec-rr/files/patch-Makefile
@ -0,0 +1,10 @@
+--- Makefile.orig	2025-06-21 08:07:07 UTC
+++ Makefile
+@@ -1,7 +1,5 @@
+ .PHONY: all install clean
+ 
+--include config.mk
+-
+ PREFIX?=/usr/local
+ BINDIR?=$(PREFIX)/bin
+ MANDIR?=$(PREFIX)/share/man
--- a/dns/dnssec-rr/files/patch-zone.c
+++ b/dns/dnssec-rr/files/patch-zone.c
@ -0,0 +1,10 @@
+--- zone.c.orig	2025-06-21 08:09:31 UTC
+++ zone.c
+@@ -4,6 +4,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <arpa/inet.h>
+#include <sys/socket.h>
+ #include "dnssec.h"
+ 
+ struct input {
--- a/dns/dnssec-rr/pkg-descr
+++ b/dns/dnssec-rr/pkg-descr
@ -0,0 +1,9 @@
+A set of tools for working with DNSSEC, using BearSSL for cryptography.
+
+- dnskey: generate DNSKEY records from private keys
+- ds: generate DS records for parent zones
+- nsec: generate NSEC records for zones
+- rrsig: sign records in zones, generating RRSIG records
+- tlsa: generate DANE TLSA records for certificates
+
+See also https://mforney.org/blog/2020-05-21-securing-your-zone-with-dnssec-and-dane.html