search

mrash / fwknop

Single Packet Authorization > Port Knocking
http://www.cipherdyne.org/fwknop/
GNU General Public License v2.0
1.09k stars 228 forks source link

Publish next release #349

Open yonas opened 1 year ago

yonas commented 1 year ago

It would great to get the latest commits in a new release.

mrash commented 1 year ago

Yes indeed. I will work on this over the next couple of days. I want to put fwknop through its paces on various updated platforms.

On Wed, Dec 7, 2022 at 5:39 PM Yonas Yanfa @.***> wrote:

It would great to get the latest commits in a new release.

— Reply to this email directly, view it on GitHub https://github.com/mrash/fwknop/issues/349, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC42RBWTV7DTJXDTG44NFLWMEGZLANCNFSM6AAAAAASXMMVVU . You are receiving this because you are subscribed to this thread.Message ID: @.***>

-- Michael Rash | Founder http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F

bam80 commented 1 year ago

Yes indeed. I will work on this over the next couple of days.

So it didn't happen back then? As the issue is still open.

e40 commented 9 months ago

Just a bump for this. The Homebrew version depends on openssl@1.1, which is now EOL. 

Warning: Some installed formulae are deprecated or disabled.
You should find replacements for the following formulae:
  fwknop
  openssl@1.1

Thanks for the work you do. It is very much appreciated. For the life of me, I can't figure out why more people don't use it.

e40 commented 9 months ago

https://formulae.brew.sh/formula/fwknop#default

It says it's disabled and my users are having having to install from source.

Any chance we can get an update so the Homebrew formula can be reenabled?

e40 commented 8 months ago

@mrash If there is something I can do to help, I will be happy to do so.

As I said above, the current fwknop is dependent on OpenSSL 1.1, which is now EOL.

bam80 commented 8 months ago

As it's silence from the author @mrash again, despite an assurance he is willing to continue the work - maybe it's time to take it in our hands and supply PRs, make forks etc.?

It seems like we are on our own here.

yonas commented 8 months ago

@bam80

I created a fork here: https://github.com/firewall-knock-operator/fwknop/releases/tag/2.6.11

Everyone is invited to submit PRs and automated tests.

Thanks!

bam80 commented 8 months ago

@yonas are you willing to maintain it and do actual work?

I recall there are already some great patches flying around (as IPv6 support), which were never adopted here for unknown reason. Maybe start with integrating that?

yonas commented 8 months ago

@bam80 Oh hell no. I don't know anything about this security sensitive code. I've invited you and @e40 to do the actual hard labour.

mrash commented 8 months ago

Hi all. The issue with OpenSSL 1.1 mentioned above - fwknop does not depend on the OpenSSL project, and it is not listed as a dependency in the referenced link (https://formulae.brew.sh/formula/fwknop#default). OpenSSL supports a ton of functionality that fwknop does not need. Maybe gpgme depends on OpenSSL (I haven't checked), but fwknop itself does not. For example, for fwknop, the Rijndael (AES) implementation is this one: https://metacpan.org/dist/Crypt-Rijndael/source/_rijndael.c. An explicit goal of the fwknop project is to minimize dependencies as articulated here: https://cipherdyne.org/fwknop/docs/fwknop-tutorial.html#minimize-dependencies

bam80 commented 8 months ago

Yes indeed. I will work on this over the next couple of days. I want to put fwknop through its paces on various updated platforms.

Hi @mrash . After a year, it were just a few commits merged. What is your vision how we should progress? In current state, the project seems abandoned.

Should we rely on you for further work, or it's just false hopes?

e40 commented 8 months ago

@mrash

Hi all. The issue with OpenSSL 1.1 mentioned above - fwknop does not depend on the OpenSSL project, and it is not listed as a dependency in the referenced link (https://formulae.brew.sh/formula/fwknop#default). OpenSSL supports a ton of functionality that fwknop does not need. Maybe gpgme depends on OpenSSL (I haven't checked), but fwknop itself does not. For example, for fwknop, the Rijndael (AES) implementation is this one: https://metacpan.org/dist/Crypt-Rijndael/source/_rijndael.c. An explicit goal of the fwknop project is to minimize dependencies as articulated here: https://cipherdyne.org/fwknop/docs/fwknop-tutorial.html#minimize-dependencies

Doesn't the best option seen to be to just rebuild with the latest everything? I realize I can build from source and break the OpenSSL 1.1 dependency. I just don't know how I could get a fixed version into Homebrew that doesn't depend on it. It seems since you own the project, you would need to be the one to do this.

If you want to point me to resources, so I can help out, please do. I just don't know how to update what's in Homebrew. Thanks.

e40 commented 8 months ago

I tried building from source on macOS 14.2.1 with up-to-date Homebrew packages:

checking for GPGME - version >= 0.4.2... yes
checking for gpg... /opt/homebrew/bin/gpg
checking for wget... /opt/homebrew/bin/wget
./configure: line 18861: syntax error near unexpected token `;;'
./configure: line 18861: `   ;;'

This is after running autogen.sh and running autoupdate when needed.