PortSystem 1.0
PortGroup       perl5 1.0

name            fwknop
version         1.9.12
revision        8
conflicts       fwknop-client
categories      net security
license         GPL-2
maintainers     {blair @blair} openmaintainer
description     'FireWall KNock OPerator': a port knocker to Linux servers
homepage        http://www.cipherdyne.org/fwknop/
platforms       darwin

long_description \
    fwknop stands for the 'FireWall KNock OPerator', and implements an \
    authorization scheme called Single Packet Authorization (SPA) that \
    is based around Netfilter and libpcap.  SPA requires only a single \
    encrypted packet in order to communicate various pieces of \
    information including desired access through a Netfilter policy \
    and/or complete commands to execute on the target system.  By \
    using Netfilter to maintain a 'default drop' stance, the main \
    application of this program is to protect services such as OpenSSH \
    with an additional layer of security in order to make the \
    exploitation of vulnerabilities (both 0-day and unpatched code) \
    much more difficult.  The authorization server passively monitors \
    authorization packets via libcap and hence there is no 'server' to \
    which to connect in the traditional sense.  Access to a protected \
    service is only granted after a valid encrypted and non-replayed \
    packet is monitored.  This port installs the client side script \
    that you run to gain access to a Linux box.

master_sites    ${homepage}download/

checksums       md5    4e190dfd31921ddcc0aa6ded8cdae6ae \
                sha1   ece88ad7653bebee46ae348d9854f3e8751f392c \
                rmd160 6b52cce7efb57409d02e4b97b1724d9ebdbb61fd

use_bzip2       yes

perl5.branches  5.34

depends_lib     port:p${perl5.major}-crypt-cbc \
                port:p${perl5.major}-crypt-rijndael \
                port:p${perl5.major}-digest-sha \
                port:p${perl5.major}-gnupg-interface \
                port:p${perl5.major}-net-ipv4addr \
                port:p${perl5.major}-net-ping-external \
                port:p${perl5.major}-term-readkey \
                port:p${perl5.major}-unix-syslog

use_configure   no
build           {}

destroot {
    system "cd ${worksrcpath} && ${perl5.bin} -w -p -i -e 's:^#!/usr/bin/perl -w$:#!${perl5.bin} -w:' fwknop"
    system "cd ${worksrcpath} && ${perl5.bin} -w -p -i -e 's:^use lib ./usr/lib/fwknop.;::' fwknop"
    xinstall -m 755 ${worksrcpath}/fwknop ${destroot}${prefix}/bin
    xinstall -m 644 ${worksrcpath}/fwknop.8 ${destroot}${prefix}/share/man/man8
}