pkgs/tools/security/fwknop/default.nix

   1 { lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook
   2 , libpcap, texinfo
   3 , iptables
   4 , gnupgSupport ? true, gnupg, gpgme # Increases dependencies!
   5 , wgetSupport ? true, wget
   6 , buildServer ? true
   7 , buildClient ? true }:
   8
   9 stdenv.mkDerivation rec {
  10   pname = "fwknop";
  11   version = "2.6.10";
  12
  13   src = fetchFromGitHub {
  14     owner = "mrash";
  15     repo = pname;
  16     rev = version;
  17     sha256 = "05kvqhmxj9p2y835w75f3jvhr38bb96cd58mvfd7xil9dhmhn9ra";
  18   };
  19
  20   patches = [
  21     # Pull patch pending upstream inclusion for -fno-common tollchains:
  22     #   https://github.com/mrash/fwknop/pull/319
  23     (fetchpatch {
  24       name = "fno-common.patch";
  25       url = "https://github.com/mrash/fwknop/commit/a8214fd58bc46d23b64b3a55db023c7f5a5ea6af.patch";
  26       sha256 = "0cp1350q66n455hpd3rdydb9anx66bcirza5gyyyy5232zgg58bi";
  27     })
  28
  29     # Pull patch pending upstream inclusion for `autoconf-2.72` support:
  30     #   https://github.com/mrash/fwknop/pull/357
  31     (fetchpatch {
  32       name = "autoconf-2.72.patch";
  33       url = "https://github.com/mrash/fwknop/commit/bee7958532338499e35c19e75937891c8113f7de.patch";
  34       hash = "sha256-lrro5dSDR0Zz9aO3bV5vFFADNJjoDR9z6P5lFYWyLW8=";
  35     })
  36   ];
  37
  38   nativeBuildInputs = [ autoreconfHook ];
  39   buildInputs = [ libpcap texinfo ]
  40     ++ lib.optionals gnupgSupport [ gnupg gpgme.dev ]
  41     ++ lib.optionals wgetSupport [ wget ];
  42
  43   configureFlags = [
  44     "--sysconfdir=/etc"
  45     "--localstatedir=/run"
  46     "--with-iptables=${iptables}/sbin/iptables"
  47     (lib.enableFeature buildServer "server")
  48     (lib.enableFeature buildClient "client")
  49     (lib.withFeatureAs wgetSupport "wget" "${wget}/bin/wget")
  50   ] ++ lib.optionalString gnupgSupport [
  51     "--with-gpgme"
  52     "--with-gpgme-prefix=${gpgme.dev}"
  53     "--with-gpg=${gnupg}"
  54   ];
  55
  56   # Temporary hack to copy the example configuration files into the nix-store,
  57   # this'll probably be helpful until there's a NixOS module for that (feel free
  58   # to ping me (@primeos) if you want to help).
  59   preInstall = ''
  60     substituteInPlace Makefile --replace\
  61       "sysconfdir = /etc"\
  62       "sysconfdir = $out/etc"
  63     substituteInPlace server/Makefile --replace\
  64       "wknopddir = /etc/fwknop"\
  65       "wknopddir = $out/etc/fwknop"
  66   '';
  67
  68   meta = with lib; {
  69     description =
  70       "Single Packet Authorization (and Port Knocking) server/client";
  71     longDescription = ''
  72       fwknop stands for the "FireWall KNock OPerator", and implements an
  73       authorization scheme called Single Packet Authorization (SPA).
  74     '';
  75     homepage = "https://www.cipherdyne.org/fwknop/";
  76     license = licenses.gpl2Plus;
  77     platforms = platforms.linux;
  78     maintainers = with maintainers; [ primeos ];
  79   };
  80 }