Totpgate

Changelog

01d4eba Disable rpm strip for cross-compiled binaries via __strip=/bin/true
e636fe1 Fix rpmbuild cross-arch: drop BuildArch, build for host and rename
3ec2618 Cancel previous CI runs on same branch via concurrency
da69fce Fix rpmbuild cross-arch packaging: explicit _topdir and $RPM_BUILD_ROOT
9662bc7 Fix cross-compile strip failure and %m warnings
a5010f7 Format coverage summary as markdown table
d08c0bd Fix NFT_BITWISE_MASK_XOR compat for older kernel headers
bbdae40 Fix YAML heredoc conflict and AGENTS.md table line break
d088cb4 Comprehensive CI/CD pipeline with coverage summary, packaging, and release automation
b8a0a71 Clean TODO.md — all sections complete
4980a34 Update docs for accuracy and completeness
c9aac11 Complete CI/CD workflow and finalize TODO
518004a Add epoll RLIMIT_NOFILE safety check in daemon_setup
395bfc7 Add --secret-file with world-readable warning, tighten hardening
b6ddd84 Add seccomp BPF filter and privilege drop integration
0b36a93 Add privilege drop with --user/--group, extract to separate module
2c5b6ed Add rate limiting with exponential backoff, man pages, and update docs
f7810f2 Add hardening flags and update TODO
745a71f Add client tests, malformed packet tests, and test build infrastructure
145085f Implement client tool and daemon test infrastructure
2d3a966 Add contributor to LICENSE
39c6f4a Implement netlink firewall, UDP listener, and auth packet parsing
c23fa6a Implement TOTP (RFC 6238) with generate, validate, and RFC test vectors
135675d Implement HMAC-SHA1 (RFC 2104) with RFC 2202 test vectors
6ae3469 Implement SHA-1 (RFC 3174) with context-based API and NIST vectors
4a6f505 Implement Encoding Utilities section: base32/hex/base64 decoders with secret_decode dispatcher, 24 tests, 94.8% line coverage on encode.c
c110d47 Update TODO: mark Project Foundation done, note musl-gcc unavailable
9b57438 Swap CLI: --port is now the UDP control port, --target-port is the application port; remove stale --control-port references
73318a0 Add source skeleton with CLI parsing (--control-port, --port, --secret, --timeout, --foreground), stub modules, and test framework
b2331a8 Add --timeout CLI argument (default 30) for ephemeral rule lifetime
aa8fdd5 Add secret encoding dispatch (default base32, hex:, b64: prefixes), implement encode.c for base32/hex/base64 decode, remove stale config-file section from TODO
209e143 Switch to CLI-based design with --control-port/--port, define firewall lifecycle (established/related accept, default-drop for SYN, 30s auth grant), add LICENSE
01ad8f3 Initial scaffold: project docs, domain model, TODO, Makefile, and bug prevention plan