tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / tools / security / fwknop / default.nix
at netboot-syslinux-multiplatform 72 lines 2.3 kB view raw
1{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook 2, libpcap, texinfo 3, iptables 4, gnupgSupport ? true, gnupg, gpgme # Increases dependencies! 5, wgetSupport ? true, wget 6, buildServer ? true 7, buildClient ? true }: 8 9stdenv.mkDerivation rec { 10 pname = "fwknop"; 11 version = "2.6.10"; 12 13 src = fetchFromGitHub { 14 owner = "mrash"; 15 repo = pname; 16 rev = version; 17 sha256 = "05kvqhmxj9p2y835w75f3jvhr38bb96cd58mvfd7xil9dhmhn9ra"; 18 }; 19 20 patches = [ 21 # Pull patch pending upstream inclusion for -fno-common tollchains: 22 # https://github.com/mrash/fwknop/pull/319 23 (fetchpatch { 24 name = "fno-common.patch"; 25 url = "https://github.com/mrash/fwknop/commit/a8214fd58bc46d23b64b3a55db023c7f5a5ea6af.patch"; 26 sha256 = "0cp1350q66n455hpd3rdydb9anx66bcirza5gyyyy5232zgg58bi"; 27 }) 28 ]; 29 30 nativeBuildInputs = [ autoreconfHook ]; 31 buildInputs = [ libpcap texinfo ] 32 ++ lib.optionals gnupgSupport [ gnupg gpgme.dev ] 33 ++ lib.optionals wgetSupport [ wget ]; 34 35 configureFlags = [ 36 "--sysconfdir=/etc" 37 "--localstatedir=/run" 38 "--with-iptables=${iptables}/sbin/iptables" 39 (lib.enableFeature buildServer "server") 40 (lib.enableFeature buildClient "client") 41 (lib.withFeatureAs wgetSupport "wget" "${wget}/bin/wget") 42 ] ++ lib.optionalString gnupgSupport [ 43 "--with-gpgme" 44 "--with-gpgme-prefix=${gpgme.dev}" 45 "--with-gpg=${gnupg}" 46 ]; 47 48 # Temporary hack to copy the example configuration files into the nix-store, 49 # this'll probably be helpful until there's a NixOS module for that (feel free 50 # to ping me (@primeos) if you want to help). 51 preInstall = '' 52 substituteInPlace Makefile --replace\ 53 "sysconfdir = /etc"\ 54 "sysconfdir = $out/etc" 55 substituteInPlace server/Makefile --replace\ 56 "wknopddir = /etc/fwknop"\ 57 "wknopddir = $out/etc/fwknop" 58 ''; 59 60 meta = with lib; { 61 description = 62 "Single Packet Authorization (and Port Knocking) server/client"; 63 longDescription = '' 64 fwknop stands for the "FireWall KNock OPerator", and implements an 65 authorization scheme called Single Packet Authorization (SPA). 66 ''; 67 homepage = "https://www.cipherdyne.org/fwknop/"; 68 license = licenses.gpl2Plus; 69 platforms = platforms.linux; 70 maintainers = with maintainers; [ primeos ]; 71 }; 72}