# $Id$

PortSystem 1.0
name		fwknop
version		1.9.12
revision    1
categories	net security
maintainers	blair
description	'FireWall KNock OPerator': a port knocker to Linux servers
homepage	http://www.cipherdyne.org/fwknop/
platforms	darwin

long_description \
		fwknop stands for the 'FireWall KNock OPerator', and \
		implements an authorization scheme called Single \
		Packet Authorization (SPA) that is based around \
		Netfilter and libpcap.  SPA requires only a single \
		encrypted packet in order to communicate various \
		pieces of information including desired access through \
		a Netfilter policy and/or complete commands to execute \
		on the target system.  By using Netfilter to maintain \
		a 'default drop' stance, the main application of this \
		program is to protect services such as OpenSSH with an \
		additional layer of security in order to make the \
		exploitation of vulnerabilities (both 0-day and \
		unpatched code) much more difficult.  The \
		authorization server passively monitors authorization \
		packets via libcap and hence there is no 'server' to \
		which to connect in the traditional sense.  Access to \
		a protected service is only granted after a valid \
		encrypted and non-replayed packet is monitored.  This \
		port installs the client side script that you run to \
		gain access to a Linux box.

master_sites	${homepage}download/

checksums	md5	4e190dfd31921ddcc0aa6ded8cdae6ae \
		sha1	ece88ad7653bebee46ae348d9854f3e8751f392c \
		rmd160	6b52cce7efb57409d02e4b97b1724d9ebdbb61fd

use_bzip2	yes

depends_lib	port:p5.12-crypt-cbc \
		port:p5.12-crypt-rijndael \
		port:p5.12-digest-sha \
		port:p5.12-net-ipv4addr \
		port:p5.12-net-ping-external \
		port:p5.12-term-readkey \
		port:p5.12-unix-syslog

use_configure	no
build		{}

destroot {
	system "cd ${worksrcpath} && ${prefix}/bin/perl5.12 -w -p -i -e 's:^#!/usr/bin/perl -w$:#!${prefix}/bin/perl5.12 -w:' fwknop"
	system "cd ${worksrcpath} && ${prefix}/bin/perl5.12 -w -p -i -e 's:^use lib ./usr/lib/fwknop.;::' fwknop"
	xinstall -m 755 ${worksrcpath}/fwknop ${destroot}${prefix}/bin
	xinstall -m 644 ${worksrcpath}/fwknop.8 ${destroot}${prefix}/share/man/man8
}