PortSystem 1.0
PortGroup conflicts_build 1.0
name fwknop-client
version 2.6.10
conflicts fwknop
categories net security
license GPL-2+
maintainers {blair @blair} openmaintainer
description 'FireWall KNock OPerator': a port knocker to Linux servers
homepage http://www.cipherdyne.org/fwknop/
platforms darwin
long_description \
fwknop stands for the 'FireWall KNock OPerator', and implements an \
authorization scheme called Single Packet Authorization (SPA) that \
is based around Netfilter and libpcap. SPA requires only a single \
encrypted packet in order to communicate various pieces of \
information including desired access through a Netfilter policy \
and/or complete commands to execute on the target system. By \
using Netfilter to maintain a 'default drop' stance, the main \
application of this program is to protect services such as OpenSSH \
with an additional layer of security in order to make the \
exploitation of vulnerabilities (both 0-day and unpatched code) \
much more difficult. The authorization server passively monitors \
authorization packets via libcap and hence there is no 'server' to \
which to connect in the traditional sense. Access to a protected \
service is only granted after a valid encrypted and non-replayed \
packet is monitored. This port installs the client side script \
that you run to gain access to a Linux box.
master_sites ${homepage}download
distname fwknop-${version}
use_bzip2 yes
checksums md5 47a9c7c214c40dceb5dc2aa8832e4f32 \
rmd160 6537a0e10f0a7c4b9e9f34483fc06f22d46b3891 \
sha256 f6c09bec97ed8e474a98ae14f9f53e1bcdda33393f20667b6af3fb6bb894ca77 \
size 1787914
depends_lib-append path:bin/gpg:gnupg2 \
port:gpgme
conflicts_build ${name}
use_autoreconf yes
configure.args-append --disable-server
test.run yes
test.target check
livecheck.type regex
livecheck.url [lindex ${master_sites} 0]
livecheck.regex fwknop-(\[\\d.\]+)${extract.suffix}