net/fort: new port: FORT Validator

FORT Validator is an open source RPKI validator.  This solution
allows operators to validate BGP routing information against the
RPKI repository for use in router configuration and resolution.

Submitted by:	Toni Kalombo <toni@devboks.com> (maintainer)
Tested by:	Mark Tinka <mark@tinka.africa>

(cherry picked from commit a679f9da38655155d6293ba194ce140f7531609c)

8 files changed, 140 insertions, 0 deletions

diff --git a/net/Makefile b/net/Makefile
index d5df5e4db1d6..449ad8cc492e 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -155,6 +155,7 @@
     SUBDIR += findomain
     SUBDIR += flower
     SUBDIR += foreman-proxy
+    SUBDIR += fort
     SUBDIR += fpc-ldap
     SUBDIR += fpc-libenet
     SUBDIR += fpc-pcap
diff --git a/net/fort/Makefile b/net/fort/Makefile
new file mode 100644
index 000000000000..dd163a3ca597
--- /dev/null
+++ b/net/fort/Makefile
@@ -0,0 +1,41 @@
+PORTNAME=	fort
+DISTVERSION=	1.5.2
+CATEGORIES=	net
+
+MAINTAINER=	toni@devboks.com
+COMMENT=	FORT Validator is an open source RPKI validator
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+LIB_DEPENDS=	libcurl.so:ftp/curl libjansson.so:devel/jansson \
+		libxml2.so:textproc/libxml2
+RUN_DEPENDS=	${LOCALBASE}/bin/rsync:net/rsync
+
+USES=		autoreconf pkgconfig ssl
+USE_GCC=	yes
+USE_GITHUB=	yes
+USE_RC_SUBR=	fort
+
+GH_ACCOUNT=	NICMx
+GH_PROJECT=	FORT-validator
+
+GNU_CONFIGURE=	yes
+
+SUB_FILES=	pkg-message
+
+post-patch:
+	@${REINPLACE_CMD} -e "s|/tmp/fort|${ETCDIR}|" \
+		${WRKSRC}/examples/config.json
+	@${REINPLACE_CMD} -e "s|/usr/local/ssl|/etc/ssl|" \
+		${WRKSRC}/examples/config.json
+	@${REINPLACE_CMD} -e "s|rsync\",|${LOCALBASE}/bin/rsync\",|" \
+		${WRKSRC}/examples/config.json
+	@${REINPLACE_CMD} -e "/\"daemon\": false,/d" \
+		${WRKSRC}/examples/config.json
+post-install:
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/repository ${STAGEDIR}${ETCDIR}/tal
+	${INSTALL_DATA} ${WRKSRC}/examples/config.json \
+		${STAGEDIR}${ETCDIR}/fort-config.json.sample
+
+.include <bsd.port.mk>
diff --git a/net/fort/distinfo b/net/fort/distinfo
new file mode 100644
index 000000000000..9a35cf2481e2
--- /dev/null
+++ b/net/fort/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1634812159
+SHA256 (NICMx-FORT-validator-1.5.2_GH0.tar.gz) = c49b7badcf6dae05b7c9ae9cb3b1514d2b742d868b83f8b8deb0d7ae0a3e6bf2
+SIZE (NICMx-FORT-validator-1.5.2_GH0.tar.gz) = 482094
diff --git a/net/fort/files/fort.in b/net/fort/files/fort.in
new file mode 100644
index 000000000000..57350ee26020
--- /dev/null
+++ b/net/fort/files/fort.in
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+# PROVIDE: fort
+# REQUIRE: DAEMON fort
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Define fort_enable in /etc/rc.conf[.local] to enable it.
+#
+# fort_enable (bool):  Set to "NO" by default.
+#                             Set it to "YES" to enable fort.
+
+. /etc/rc.subr
+
+name="fort"
+rcvar=fort_enable
+start_precmd=check_init
+command="%%PREFIX%%/bin/${name}"
+
+load_rc_config $name
+: ${fort_enable="NO"}
+: ${wrkdir:="%%ETCDIR%%"}
+
+
+fort_config=${fort_conf:-"%%ETCDIR%%/fort-config.json"}
+required_file=${fort_config}
+command_args="--configuration-file=${fort_config} --daemon=true"
+
+check_init() {
+	if [ ! -d ${wrkdir}/tal ]; then
+		echo
+		echo -n "Need to initialize fort with tals, "
+		echo "see man fort"
+		echo
+		exit 1
+	fi
+	if [ ! -f ${fort_config} ]; then
+		echo
+		echo -n "Configuration file not found at ${fort_config} "
+		echo  "Please create one before starting Fort, "
+		echo "see man fort"
+		echo
+		exit 1
+	fi
+}
+
+run_rc_command "$1"
diff --git a/net/fort/files/patch-src_Makefile.am b/net/fort/files/patch-src_Makefile.am
new file mode 100644
index 000000000000..7455183d1f5b
--- /dev/null
+++ b/net/fort/files/patch-src_Makefile.am
@@ -0,0 +1,11 @@
+--- src/Makefile.am.orig	2021-09-20 02:51:17 UTC
++++ src/Makefile.am
+@@ -130,7 +130,7 @@ fort_SOURCES += $(ASN_MODULE_SRCS) $(ASN_MODULE_HDRS)
+ fort_CFLAGS  = -Wall -Wno-cpp -Wpedantic
+ # Feel free to temporarily remove this one if you're not using gcc 7.3.0.
+ #fort_CFLAGS += $(GCC_WARNS)
+-fort_CFLAGS += -std=gnu11 -O2 -g $(FORT_FLAGS) ${XML2_CFLAGS}
++fort_CFLAGS += -std=gnu11 -O2 -g $(FORT_FLAGS) ${XML2_CFLAGS} ${JANSSON_CFLAGS}
+ fort_LDFLAGS = $(LDFLAGS_DEBUG)
+ fort_LDADD   = ${JANSSON_LIBS} ${CURL_LIBS} ${XML2_LIBS}
+ 
diff --git a/net/fort/files/pkg-message.in b/net/fort/files/pkg-message.in
new file mode 100644
index 000000000000..f9994a632db0
--- /dev/null
+++ b/net/fort/files/pkg-message.in
@@ -0,0 +1,25 @@
+[
+{ type: install
+  message: <<EOM
+A default configuration file has been installed in
+%%ETCDIR%%/fort-config.json.sample.
+
+To use FORT, you will need the Trust Anchor Locator (TAL) files.
+You can download these by running "fort --init-tals" as follows:
+
+# fort --init-tals --tal %%ETCDIR%%/tal
+
+When you have downloaded the TAL files, you can start the RTR
+server and validator:
+
+# sysrc fort_enable=YES # or edit /etc/rc.conf manually
+# service fort start
+
+The default configuration will bind the RTR server to localhost
+on port 8323.
+
+Consult the FORT manual for more information:
+https://nicmx.github.io/FORT-validator/run.html
+EOM
+}
+]
diff --git a/net/fort/pkg-descr b/net/fort/pkg-descr
new file mode 100644
index 000000000000..8bf7a5d2318f
--- /dev/null
+++ b/net/fort/pkg-descr
@@ -0,0 +1,7 @@
+FORT validator is an MIT-licensed RPKI Relying Party, this is a tool offered as
+part of the FORT project. It is a solution that allows operators to validate BGP
+routing information against the RPKI repository for use in router configuration
+and resolution. The service performs the validation of the entire RPKI
+repository, and which serves the resulting ROAs for easy access by your routers.
+
+WWW: https://fortproject.net/en/validator
diff --git a/net/fort/pkg-plist b/net/fort/pkg-plist
new file mode 100644
index 000000000000..59996756b0fa
--- /dev/null
+++ b/net/fort/pkg-plist
@@ -0,0 +1,5 @@
+bin/fort
+man/man8/fort.8.gz
+@dir %%ETCDIR%%/repository
+@dir %%ETCDIR%%/tal
+@sample %%ETCDIR%%/fort-config.json.sample