diff options
Diffstat (limited to 'security/netbird')
6 files changed, 162 insertions, 0 deletions
diff --git a/security/netbird/Makefile b/security/netbird/Makefile new file mode 100644 index 000000000000..d018c374af81 --- /dev/null +++ b/security/netbird/Makefile @@ -0,0 +1,31 @@ +PORTNAME= netbird +DISTVERSIONPREFIX= v +DISTVERSION= 0.56.0 +PORTREVISION= 1 +CATEGORIES= security net net-vpn + +MAINTAINER= hakan.external@netbird.io +COMMENT= Peer-to-peer VPN that seamlessly connects your devices +WWW= https://netbird.io/ + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/LICENSE + +NOT_FOR_ARCHS= i386 +NOT_FOR_ARCHS_REASON= "no 32-bit builds supported" + +RUN_DEPENDS= ca_root_nss>0:security/ca_root_nss + +USES= go:modules +USE_RC_SUBR= ${PORTNAME} + +GO_MODULE= github.com/netbirdio/netbird +GO_TARGET= ./client:${PORTNAME} +GO_BUILDFLAGS= -tags freebsd -o ${PORTNAME} -ldflags \ + "-s -w -X github.com/netbirdio/netbird/version.version=${DISTVERSION}" + +WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION} + +PLIST_FILES= bin/${PORTNAME} + +.include <bsd.port.mk> diff --git a/security/netbird/distinfo b/security/netbird/distinfo new file mode 100644 index 000000000000..842834e94dc7 --- /dev/null +++ b/security/netbird/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1756099179 +SHA256 (go/security_netbird/netbird-v0.56.0/v0.56.0.mod) = e817264ac86111dbad8241ebaa0896fceeeb3c5aa2f8a1d36e84100e05975489 +SIZE (go/security_netbird/netbird-v0.56.0/v0.56.0.mod) = 12619 +SHA256 (go/security_netbird/netbird-v0.56.0/v0.56.0.zip) = 750c6be8736b9b960509f57d245711b0d7a4b97f15c0f2a1a3ac07aadf20ba63 +SIZE (go/security_netbird/netbird-v0.56.0/v0.56.0.zip) = 3126909 diff --git a/security/netbird/files/netbird.in b/security/netbird/files/netbird.in new file mode 100644 index 000000000000..ddd19f27cd52 --- /dev/null +++ b/security/netbird/files/netbird.in @@ -0,0 +1,64 @@ +#!/bin/sh +# +# PROVIDE: netbird +# REQUIRE: SERVERS +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf to enable this service: +# +# netbird_enable (bool): Set it to YES to run netbird on startup. +# Default: NO +# netbird_config (path): Path to the netbird configuration file. +# Default: /var/db/netbird/config.json +# netbird_socket (path): Path to the Unix-domain socket for daemon communication. +# Default: /var/run/netbird.sock +# netbird_loglevel (str): Set to 'panic', 'fatal', 'error', 'warn', 'info', 'debug' or 'trace'. +# Default: 'info' +# netbird_logfile (path): Path to the client log file. +# Default: /var/log/netbird/client.log +# netbird_tun_dev (str): Name of the TUN device used by Netbird for its VPN tunnel. +# Default: wt0 +# + +. /etc/rc.subr + +name="netbird" +rcvar="${name}_enable" + +load_rc_config "$name" + +: ${netbird_enable:="NO"} +: ${netbird_config:="/var/db/netbird/config.json"} +: ${netbird_socket:="/var/run/netbird.sock"} +: ${netbird_loglevel:="info"} +: ${netbird_logfile:="/var/log/netbird/client.log"} +: ${netbird_tun_dev:="wt0"} + +pidfile="/var/run/${name}.pid" +command="/usr/sbin/daemon" +daemon_args="-P ${pidfile} -r -t \"${name}: daemon\"" +command_args="${daemon_args} %%PREFIX%%/bin/netbird service run --config ${netbird_config} --log-level ${netbird_loglevel} --daemon-addr unix://${netbird_socket} --log-file ${netbird_logfile}" +start_precmd="${name}_start_precmd" +stop_postcmd="${name}_stop_postcmd" + +netbird_start_precmd() { + logger -s -t netbird "Starting ${name}." + # Check for orphaned netbird tunnel interface + # And if it exists, then destroy it + if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then + if ! /sbin/ifconfig ${netbird_tun_dev} | fgrep -qw PID; then + logger -s -t netbird "Found orphaned tunnel interface ${netbird_tun_dev}, destroying" + /sbin/ifconfig ${netbird_tun_dev} destroy + fi + fi +} + +netbird_stop_postcmd() { + if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then + logger -s -t netbird "Destroying tunnel interface ${netbird_tun_dev}" + /sbin/ifconfig ${netbird_tun_dev} destroy || \ + logger -s -t netbird "Failed to destroy interface ${netbird_tun_dev}" + fi +} + +run_rc_command "$1" diff --git a/security/netbird/files/patch-vendor_golang.zx2c4.com_wireguard_wgctrl_internal_wgfreebsd_internal_nv_decode.go b/security/netbird/files/patch-vendor_golang.zx2c4.com_wireguard_wgctrl_internal_wgfreebsd_internal_nv_decode.go new file mode 100644 index 000000000000..3d89c7d66a97 --- /dev/null +++ b/security/netbird/files/patch-vendor_golang.zx2c4.com_wireguard_wgctrl_internal_wgfreebsd_internal_nv_decode.go @@ -0,0 +1,11 @@ +--- vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgfreebsd/internal/nv/decode.go.orig 2025-09-06 11:14:13 UTC ++++ vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgfreebsd/internal/nv/decode.go +@@ -13,7 +13,7 @@ func Unmarshal(d []byte, out List) error { + + // Unmarshal decodes a FreeBSD name-value list (nv(9)) to a Go map + func Unmarshal(d []byte, out List) error { +- sz := C.ulong(len(d)) ++ sz := C.size_t(len(d)) + dp := unsafe.Pointer(&d[0]) + nvl := C.nvlist_unpack(dp, sz, 0) + diff --git a/security/netbird/files/patch-vendor_golang.zx2c4.com_wireguard_wgctrl_internal_wgfreebsd_internal_nv_encode.go b/security/netbird/files/patch-vendor_golang.zx2c4.com_wireguard_wgctrl_internal_wgfreebsd_internal_nv_encode.go new file mode 100644 index 000000000000..54a18ac871bf --- /dev/null +++ b/security/netbird/files/patch-vendor_golang.zx2c4.com_wireguard_wgctrl_internal_wgfreebsd_internal_nv_encode.go @@ -0,0 +1,33 @@ +--- vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgfreebsd/internal/nv/encode.go.orig 2025-09-06 11:15:21 UTC ++++ vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgfreebsd/internal/nv/encode.go +@@ -44,7 +44,7 @@ func marshal(m List) (nvl *C.struct_nvlist, err error) + C.nvlist_add_bool(nvl, ckey, C.bool(value)) + + case uint64: +- C.nvlist_add_number(nvl, ckey, C.ulong(value)) ++ C.nvlist_add_number(nvl, ckey, C.uint64_t(value)) + + case []byte: + sz := len(value) +@@ -54,8 +54,8 @@ func marshal(m List) (nvl *C.struct_nvlist, err error) + + case []List: + sz := len(value) +- buf := C.malloc(C.size_t(C.sizeof_nvlist_ptr * sz)) +- items := (*[1<<30 - 1]*C.struct_nvlist)(buf) ++ buf := (**C.struct_nvlist)(C.malloc(C.size_t(C.sizeof_nvlist_ptr * sz))) ++ items := unsafe.Slice(buf, sz) + + for i, val := range value { + if items[i], err = marshal(val); err != nil { +@@ -64,8 +64,8 @@ func marshal(m List) (nvl *C.struct_nvlist, err error) + } + } + +- C.nvlist_add_nvlist_array(nvl, ckey, (**C.struct_nvlist)(buf), C.size_t(sz)) +- C.free(buf) ++ C.nvlist_add_nvlist_array(nvl, ckey, buf, C.size_t(sz)) ++ C.free(unsafe.Pointer(buf)) + } + + C.free(unsafe.Pointer(ckey)) diff --git a/security/netbird/pkg-descr b/security/netbird/pkg-descr new file mode 100644 index 000000000000..e3c155b98d5e --- /dev/null +++ b/security/netbird/pkg-descr @@ -0,0 +1,18 @@ +NetBird is an open-source WireGuard-based overlay network combined with +Zero Trust Network Access, providing secure and reliable connectivity +to internal resources. + +Key features: +- Zero-config VPN: Easily create secure connections between devices without +manual network setup. +- Built on WireGuard: Leverages WireGuard's high-performance encryption for +fast and secure communication. +- Self-hosted or Cloud-managed: Users can deploy their own NetBird management +server or use NetBird Cloud for centralized control. +- Access Control & Routing: Fine-grained access control policies and automatic +network routing simplify connectivity. +- This FreeBSD port provides the NetBird client daemon and CLI tools, allowing +FreeBSD systems to join a NetBird mesh network and securely communicate with +other peers. + +For more details, visit: https://netbird.io |