From 55e9fe41e172e5f36557902b91e82155d62e39ab Mon Sep 17 00:00:00 2001
From: Damien Stuart <dstart@dstuart.org>
Date: Sat, 31 Jul 2010 19:11:22 +0000
Subject: [PATCH] Added some OpenWRT-related files to the extras directory.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@274 510a4753-2344-4c79-9c09-4d669213fbeb
---
 extras/openwrt/README.openwrt                 | 19 +++++
 extras/openwrt/package/fwknop/Makefile        | 80 ++++++++++++++++++
 .../openwrt/package/fwknop/files/fwknopd.init | 29 +++++++
 extras/openwrt/package/gpgme/Makefile         | 82 +++++++++++++++++++
 4 files changed, 210 insertions(+)
 create mode 100644 extras/openwrt/README.openwrt
 create mode 100644 extras/openwrt/package/fwknop/Makefile
 create mode 100644 extras/openwrt/package/fwknop/files/fwknopd.init
 create mode 100644 extras/openwrt/package/gpgme/Makefile

diff --git a/extras/openwrt/README.openwrt b/extras/openwrt/README.openwrt
new file mode 100644
index 00000000..28fd51d5
--- /dev/null
+++ b/extras/openwrt/README.openwrt
@@ -0,0 +1,19 @@
+This directory holds files and subdirectories related to fwknop and the
+OpenWRT platform.
+
+The "package" directory contains the individual OpenWRT package directories.
+Each of these package directories hold the Makefile and addtional patch or
+file directories used by teh OpenWRT build sytem.
+
+At present, the packages we include are "fwknop" and "gpgpme".  The gpgme
+package is include because it does not appear to be available on any of
+the OpenWRT package repositories I found.
+
+It is assumed that if you are going to use these files, you already know
+what you are doing (or at least have an idea).
+
+You can find additional information on building OpenWRT packages at:
+
+    http://kamikaze.openwrt.org/docs/openwrt.html#x1-460002.1.2
+
+-Damien
diff --git a/extras/openwrt/package/fwknop/Makefile b/extras/openwrt/package/fwknop/Makefile
new file mode 100644
index 00000000..136a5ff9
--- /dev/null
+++ b/extras/openwrt/package/fwknop/Makefile
@@ -0,0 +1,80 @@
+#
+# Copyright (C) 2006-2009 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fwknop
+PKG_VERSION:=2.0.0rc1
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.dstuart.org/fwknop/
+PKG_MD5SUM:=86c41edbe78bd15e6e5e351741cb26dd
+
+include $(INCLUDE_DIR)/package.mk
+
+PKG_INSTALL=1
+
+define Package/fwknop
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+gpgme +libgdbm +libpcap +iptables
+  TITLE:=Firewall KNock OPerator - fwknop
+  URL:=http://www.cipherdyne.org/fwknop
+endef
+
+define Package/fwknop/description
+	Fwknop implements an authorization scheme known as Single Packet
+	Authorization (SPA) for Linux systems running iptables.  This mechanism
+	requires only a single encrypted and non-replayed packet to communicate
+	various pieces of information including desired access through an iptables
+	policy. The main application of this program is to use iptables in a
+	default-drop stance to protect services such as SSH with an additional
+	layer of security in order to make the exploitation of vulnerabilities
+	(both 0-day and unpatched code) much more difficult.
+endef
+
+TARGET_CFLAGS += $(FPIC)
+
+define Build/Configure
+	$(call Build/Configure/Default, \
+		--enable-shared \
+		--enable-static \
+		--with-gpgme \
+		--with-gpg=/usr/bin/gpg \
+		--with-iptables=/usr/sbin/iptables \
+		--with-sh=/bin/sh \
+	)
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include
+	$(INSTALL_DATA) \
+		$(PKG_INSTALL_DIR)/usr/include/fko.h \
+		$(1)/usr/include/
+
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DATA) \
+		$(PKG_INSTALL_DIR)/usr/lib/libfko.{la,a,so*} \
+		$(1)/usr/lib/
+endef
+
+define Package/fwknop/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libfko.so.* $(1)/usr/lib/
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fwknop $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/fwknopd $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/etc/fwknop
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/fwknop/fwknopd.conf $(1)/etc/fwknop/
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/fwknop/access.conf $(1)/etc/fwknop/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/fwknopd.init $(1)/etc/init.d/fwknopd
+endef
+
+$(eval $(call BuildPackage,fwknop))
diff --git a/extras/openwrt/package/fwknop/files/fwknopd.init b/extras/openwrt/package/fwknop/files/fwknopd.init
new file mode 100644
index 00000000..bf8980b1
--- /dev/null
+++ b/extras/openwrt/package/fwknop/files/fwknopd.init
@@ -0,0 +1,29 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006-2010 OpenWrt.org
+# Copyright (C) 2010 Damien Stuart
+#
+START=60
+
+FWKNOPD_BIN=/usr/sbin/fwknopd
+
+start()
+{
+	$FWKNOPD_BIN
+}
+
+stop()
+{
+	$FWKNOPD_BIN -K
+}
+
+restart()
+{
+    stop;
+    sleep 1;
+    start;
+}
+
+reload()
+{
+	$FWKNOPD_BIN -R
+}
diff --git a/extras/openwrt/package/gpgme/Makefile b/extras/openwrt/package/gpgme/Makefile
new file mode 100644
index 00000000..667a9055
--- /dev/null
+++ b/extras/openwrt/package/gpgme/Makefile
@@ -0,0 +1,82 @@
+#
+# Copyright (C) 2006-2009 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gpgme
+PKG_VERSION:=1.1.8
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.dstuart.org/gpgme/
+PKG_MD5SUM:=c4045e6533bd78cbf952ed9597dbdd7c
+
+include $(INCLUDE_DIR)/package.mk
+
+PKG_INSTALL=1
+
+define Package/gpgme
+  SECTION:=libs
+  CATEGORY:=Libraries
+  DEPENDS:=+gnupg
+  TITLE:=GPGME - GnuPG Made Easy
+  URL:=http://www.gnupg.org/
+endef
+
+define Package/gpgme/description
+	GnuPG Made Easy (GPGME) is a C language library that allows to add
+	support for cryptography to a program.  It is designed to make access
+	to public key crypto engines like GnuPG or GpgSM easier for
+	applications.  GPGME provides a high-level crypto API for encryption,
+	decryption, signing, signature verification and key management.
+endef
+
+TARGET_CFLAGS += $(FPIC)
+
+define Build/Configure
+	$(call Build/Configure/Default, \
+		--with-gpg=/usr/bin/gpg \
+		--without-gpgsm \
+		--without-gpgconf \
+		--enable-shared \
+		--enable-static \
+		--disable-rpath \
+	)
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(2)/bin $(1)/usr/bin
+	$(INSTALL_BIN) \
+		$(PKG_INSTALL_DIR)/usr/bin/gpgme-config \
+		$(2)/bin/
+	$(SED) \
+		's,^\(prefix\|exec_prefix\)=.*,\1=$(STAGING_DIR)/usr,g' \
+		$(2)/bin/gpgme-config
+	ln -sf $(STAGING_DIR)/host/bin/gpgme-config $(1)/usr/bin/gpgme-config
+
+	$(INSTALL_DIR) $(1)/usr/include
+	$(INSTALL_DATA) \
+		$(PKG_INSTALL_DIR)/usr/include/gpgme.h \
+		$(1)/usr/include/
+
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/lib/libgpgme.{la,a,so*} \
+		$(1)/usr/lib/
+
+	$(INSTALL_DIR) $(1)/usr/share/aclocal
+	$(INSTALL_DATA) \
+		$(PKG_INSTALL_DIR)/usr/share/aclocal/gpgme.m4 \
+		$(1)/usr/share/aclocal/
+endef
+
+define Package/gpgme/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgpgme.so.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,gpgme))