Menu ▾ ▴
openvpn-devel — OpenVPN developers list
You can subscribe to this list here.
| 2002 | Jan | Feb | Mar | Apr (24) | May (14) | Jun (29) | Jul (33) | Aug (3) | Sep (8) | Oct (18) | Nov (1) | Dec (10) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 | Jan (3) | Feb (33) | Mar (7) | Apr (28) | May (30) | Jun (5) | Jul (10) | Aug (7) | Sep (32) | Oct (41) | Nov (20) | Dec (10) |
| 2004 | Jan (24) | Feb (18) | Mar (57) | Apr (40) | May (55) | Jun (48) | Jul (77) | Aug (15) | Sep (56) | Oct (80) | Nov (74) | Dec (52) |
| 2005 | Jan (38) | Feb (42) | Mar (39) | Apr (56) | May (79) | Jun (73) | Jul (16) | Aug (23) | Sep (68) | Oct (77) | Nov (52) | Dec (27) |
| 2006 | Jan (27) | Feb (18) | Mar (51) | Apr (62) | May (28) | Jun (50) | Jul (36) | Aug (33) | Sep (47) | Oct (50) | Nov (77) | Dec (13) |
| 2007 | Jan (15) | Feb (8) | Mar (14) | Apr (18) | May (25) | Jun (16) | Jul (16) | Aug (19) | Sep (32) | Oct (17) | Nov (5) | Dec (5) |
| 2008 | Jan (64) | Feb (25) | Mar (25) | Apr (6) | May (28) | Jun (20) | Jul (10) | Aug (27) | Sep (28) | Oct (59) | Nov (37) | Dec (43) |
| 2009 | Jan (40) | Feb (25) | Mar (12) | Apr (57) | May (46) | Jun (29) | Jul (39) | Aug (10) | Sep (20) | Oct (42) | Nov (50) | Dec (57) |
| 2010 | Jan (82) | Feb (165) | Mar (256) | Apr (260) | May (36) | Jun (87) | Jul (53) | Aug (89) | Sep (107) | Oct (51) | Nov (88) | Dec (117) |
| 2011 | Jan (69) | Feb (60) | Mar (113) | Apr (71) | May (67) | Jun (90) | Jul (88) | Aug (90) | Sep (48) | Oct (64) | Nov (69) | Dec (118) |
| 2012 | Jan (49) | Feb (528) | Mar (351) | Apr (190) | May (238) | Jun (193) | Jul (104) | Aug (100) | Sep (57) | Oct (41) | Nov (47) | Dec (51) |
| 2013 | Jan (94) | Feb (57) | Mar (96) | Apr (105) | May (77) | Jun (102) | Jul (27) | Aug (81) | Sep (32) | Oct (53) | Nov (127) | Dec (65) |
| 2014 | Jan (113) | Feb (59) | Mar (104) | Apr (259) | May (70) | Jun (70) | Jul (146) | Aug (45) | Sep (58) | Oct (149) | Nov (77) | Dec (83) |
| 2015 | Jan (53) | Feb (66) | Mar (86) | Apr (50) | May (135) | Jun (76) | Jul (151) | Aug (83) | Sep (97) | Oct (262) | Nov (245) | Dec (231) |
| 2016 | Jan (131) | Feb (233) | Mar (97) | Apr (138) | May (221) | Jun (254) | Jul (92) | Aug (248) | Sep (168) | Oct (275) | Nov (477) | Dec (445) |
| 2017 | Jan (218) | Feb (217) | Mar (146) | Apr (172) | May (216) | Jun (252) | Jul (164) | Aug (192) | Sep (190) | Oct (143) | Nov (255) | Dec (182) |
| 2018 | Jan (295) | Feb (164) | Mar (113) | Apr (147) | May (64) | Jun (262) | Jul (184) | Aug (90) | Sep (69) | Oct (364) | Nov (102) | Dec (101) |
| 2019 | Jan (119) | Feb (64) | Mar (64) | Apr (102) | May (57) | Jun (154) | Jul (84) | Aug (81) | Sep (76) | Oct (102) | Nov (233) | Dec (89) |
| 2020 | Jan (38) | Feb (170) | Mar (155) | Apr (172) | May (120) | Jun (223) | Jul (461) | Aug (227) | Sep (268) | Oct (113) | Nov (56) | Dec (124) |
| 2021 | Jan (121) | Feb (48) | Mar (334) | Apr (345) | May (207) | Jun (136) | Jul (71) | Aug (112) | Sep (122) | Oct (173) | Nov (184) | Dec (223) |
| 2022 | Jan (197) | Feb (206) | Mar (156) | Apr (212) | May (192) | Jun (170) | Jul (143) | Aug (380) | Sep (182) | Oct (148) | Nov (128) | Dec (269) |
| 2023 | Jan (248) | Feb (196) | Mar (264) | Apr (36) | May (123) | Jun (66) | Jul (120) | Aug (48) | Sep (157) | Oct (198) | Nov (300) | Dec (273) |
| 2024 | Jan (271) | Feb (147) | Mar (207) | Apr (78) | May (107) | Jun (168) | Jul (151) | Aug (51) | Sep (438) | Oct (221) | Nov (302) | Dec (357) |
| 2025 | Jan (451) | Feb (219) | Mar (326) | Apr (232) | May (306) | Jun (181) | Jul (452) | Aug (282) | Sep (620) | Oct (793) | Nov (682) | Dec |
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| | | | 1 (8) | 2 (3) | 3 (8) | 4 |
| 5 | 6 (9) | 7 (3) | 8 (12) | 9 (30) | 10 (5) | 11 (2) |
| 12 | 13 (10) | 14 (10) | 15 (14) | 16 (9) | 17 (1) | 18 (2) |
| 19 (1) | 20 (14) | 21 (13) | 22 (19) | 23 (21) | 24 (14) | 25 |
| 26 | 27 (16) | 28 (13) | 29 (9) | 30 (8) | 31 (10) | |
| From: Lev S. <lst...@gm...> - 2023-03-31 15:55:15 |
Reviewed in Gerrit. Acked-by: Lev Stipakov <lst...@gm...> pe 31. maalisk. 2023 klo 18.43 Frank Lichtenheld (fr...@li...) kirjoitti: > > So it is easier to check the merge status. > > Change-Id: Ia1f8a8d26d4752a7dda1a20521c59ded06bc7c52 > Signed-off-by: Frank Lichtenheld <fr...@li...> > --- > ...1-Allow-the-build-to-succeed-if-configured-with-disabl.patch | 2 ++ > .../vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch | 2 ++ > .../pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch | 2 ++ > 3 files changed, 6 insertions(+) > > diff --git a/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch b/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch > index 102be4ec..16fa7042 100644 > --- a/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch > +++ b/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch > @@ -12,6 +12,8 @@ Signed-off-by: Frank Lichtenheld <fr...@li...> > lib/Makefile.am | 2 ++ > 2 files changed, 3 insertions(+) > > +upstream PR: https://github.com/OpenSC/pkcs11-helper/pull/62 > + > diff --git a/configure.ac b/configure.ac > index a7e9760..f154ae3 100644 > --- a/configure.ac > diff --git a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch > index 84fba080..56e3486e 100644 > --- a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch > +++ b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch > @@ -1,3 +1,5 @@ > +upstream PR: https://github.com/OpenSC/pkcs11-helper/pull/4 > + > commit 90590b02085edc3830bdfe0942a46c4e7bf3f1ab (HEAD -> master) > Author: David Woodhouse <Dav...@in...> > Date: Thu Apr 30 14:58:24 2015 +0100 > diff --git a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch > index 325dea8b..6d674581 100644 > --- a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch > +++ b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch > @@ -11,6 +11,8 @@ set original values as defaults, use verbatim (user-supplied) value > lib/pkcs11h-core.c | 13 +++++++++++-- > 3 files changed, 23 insertions(+), 3 deletions(-) > > +upstream PR: https://github.com/OpenSC/pkcs11-helper/pull/59 > + > diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h > index 9028c277..56f87718 100644 > --- a/include/pkcs11-helper-1.0/pkcs11h-core.h > -- > 2.34.1 > > > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel -- -Lev |
| From: Lev S. <lst...@gm...> - 2023-03-31 15:54:42 |
Reviewed in Gerrit. Acked-by: Lev Stipakov <lst...@gm...> pe 31. maalisk. 2023 klo 18.43 Frank Lichtenheld (fr...@li...) kirjoitti: > > To be in line with current vcpkg packaging policies. > > Change-Id: Ifad0965a2b724b0b278783ba9c0ad5a82274445d > Signed-off-by: Frank Lichtenheld <fr...@li...> > --- > .github/workflows/build.yaml | 1 + > contrib/vcpkg-ports/pkcs11-helper/CONTROL | 4 ---- > contrib/vcpkg-ports/pkcs11-helper/vcpkg.json | 7 +++++++ > 3 files changed, 8 insertions(+), 4 deletions(-) > delete mode 100644 contrib/vcpkg-ports/pkcs11-helper/CONTROL > create mode 100644 contrib/vcpkg-ports/pkcs11-helper/vcpkg.json > > diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml > index 0f352dcd..0c16d379 100644 > --- a/.github/workflows/build.yaml > +++ b/.github/workflows/build.yaml > @@ -445,6 +445,7 @@ jobs: > uses: lukka/run-vcpkg@v10 > with: > vcpkgGitCommitId: 'd10d511f25620ca0f315cd83dcef6485efc63010' > + vcpkgJsonGlob: '**/openvpn/vcpkg.json' > appendedCacheKey: '${{matrix.triplet}}' > > - name: Run MSBuild consuming vcpkg.json > diff --git a/contrib/vcpkg-ports/pkcs11-helper/CONTROL b/contrib/vcpkg-ports/pkcs11-helper/CONTROL > deleted file mode 100644 > index 1ead697e..00000000 > --- a/contrib/vcpkg-ports/pkcs11-helper/CONTROL > +++ /dev/null > @@ -1,4 +0,0 @@ > -Source: pkcs11-helper > -Version: 1.29-1 > -Homepage: https://github.com/OpenSC/pkcs11-helper > -Description: pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications. > diff --git a/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json b/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json > new file mode 100644 > index 00000000..12f918b7 > --- /dev/null > +++ b/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json > @@ -0,0 +1,7 @@ > +{ > + "name": "pkcs11-helper", > + "version": "1.29.0", > + "description": "pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications.", > + "homepage": "https://github.com/OpenSC/pkcs11-helper", > + "license": "BSD-3-Clause OR GPL-2.0-only" > +} > -- > 2.34.1 > > > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel -- -Lev |
| From: Lev S. <lst...@gm...> - 2023-03-31 15:54:14 |
Reviewed in Gerrit. Acked-by: Lev Stipakov <lst...@gm...> pe 31. maalisk. 2023 klo 18.43 Frank Lichtenheld (fr...@li...) kirjoitti: > > Annoyingly this requires custom vcpkg triplets because > the mingw toolchain definition and the vcpkg_configure_make > function use incompatible default triplets (-pc-mingw32 vs > -w64-mingw32). > > Change-Id: I4e671938220e9bfd798f91819f34b6f8ceaa45f5 > Signed-off-by: Frank Lichtenheld <fr...@li...> > --- > ...to-succeed-if-configured-with-disabl.patch | 46 +++++++++++++++++++ > .../vcpkg-ports/pkcs11-helper/portfile.cmake | 33 ++++++++++--- > contrib/vcpkg-triplets/x64-mingw-ovpn.cmake | 8 ++++ > contrib/vcpkg-triplets/x86-mingw-ovpn.cmake | 8 ++++ > 4 files changed, 88 insertions(+), 7 deletions(-) > create mode 100644 contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch > create mode 100644 contrib/vcpkg-triplets/x64-mingw-ovpn.cmake > create mode 100644 contrib/vcpkg-triplets/x86-mingw-ovpn.cmake > > diff --git a/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch b/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch > new file mode 100644 > index 00000000..102be4ec > --- /dev/null > +++ b/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch > @@ -0,0 +1,46 @@ > +From 7171396a151a2edb3474c7a321b7ae4ff7e171fc Mon Sep 17 00:00:00 2001 > +From: Frank Lichtenheld <fr...@li...> > +Date: Wed, 29 Mar 2023 12:44:44 +0200 > +Subject: [PATCH] Allow the build to succeed if configured with > + --disable-shared > + > +Do not try to install a file that does not exist. > + > +Signed-off-by: Frank Lichtenheld <fr...@li...> > +--- > + configure.ac | 1 + > + lib/Makefile.am | 2 ++ > + 2 files changed, 3 insertions(+) > + > +diff --git a/configure.ac b/configure.ac > +index a7e9760..f154ae3 100644 > +--- a/configure.ac > ++++ b/configure.ac > +@@ -581,6 +581,7 @@ AC_SUBST([LIBPKCS11_HELPER_LT_AGE]) > + AC_SUBST([LIBPKCS11_HELPER_LT_OLDEST]) > + AC_SUBST([WIN_LIBPREFIX]) > + AC_SUBST([PKCS11H_FEATURES]) > ++AM_CONDITIONAL([ENABLE_SHARED], [test "${enable_shared}" = "yes" ]) > + AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"]) > + AM_CONDITIONAL([CYGWIN], [test "${CYGWIN}" = "yes"]) > + AM_CONDITIONAL([ENABLE_DOC], [test "${enable_doc}" = "yes"]) > +diff --git a/lib/Makefile.am b/lib/Makefile.am > +index 31b928f..3cba32f 100644 > +--- a/lib/Makefile.am > ++++ b/lib/Makefile.am > +@@ -128,10 +128,12 @@ if ENABLE_PKCS11H_TOKEN > + endif > + > + if WIN32 > ++if ENABLE_SHARED > + mylibdir=$(libdir) > + mylib_DATA=.libs/@WIN_LIBPREFIX@pkcs11-helper-@LIBPKCS11_HELPER_LT_OLDEST@.dll.def > + .libs/@WIN_LIBPREFIX@pkcs11-helper-@LIBPKCS11_HELPER_LT_OLDEST@.dll.def: libpkcs11-helper.la > + endif > ++endif > + > + RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ > + $(AM_CPPFLAGS) $(CPPFLAGS) > +-- > +2.34.1 > + > diff --git a/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake > index 1c6cedac..67e9a2bf 100644 > --- a/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake > +++ b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake > @@ -13,24 +13,43 @@ vcpkg_extract_source_archive_ex( > PATCHES > 0001-nmake-compatibility-with-vcpkg-nmake.patch > 0002-config-w32-vc.h.in-indicate-OpenSSL.patch > + 0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch > pkcs11-helper-001-RFC7512.patch > pkcs11-helper-002-dynamic_loader_flags.patch > ) > > -vcpkg_build_nmake( > +if(VCPKG_TARGET_IS_WINDOWS AND NOT VCPKG_TARGET_IS_MINGW) > + vcpkg_build_nmake( > SOURCE_PATH ${SOURCE_PATH} > PROJECT_SUBPATH lib > PROJECT_NAME Makefile.w32-vc > OPTIONS > OPENSSL=1 > OPENSSL_HOME=${CURRENT_PACKAGES_DIR}/../openssl_${TARGET_TRIPLET} > -) > + ) > + > + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/lib) > + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/debug/lib) > + > + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/bin) > + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/debug/bin) > + > + file(INSTALL ${SOURCE_PATH}/include/pkcs11-helper-1.0 DESTINATION ${CURRENT_PACKAGES_DIR}/include/) > + > +else() > + find_program(man_to_html man2html REQUIRED) > + > + vcpkg_configure_make( > + SOURCE_PATH ${SOURCE_PATH} > + OPTIONS --disable-crypto-engine-gnutls --disable-crypto-engine-nss > + --disable-crypto-engine-polarssl --disable-crypto-engine-mbedtls > + ) > + vcpkg_install_make() > + vcpkg_fixup_pkgconfig() > > -file(INSTALL ${SOURCE_PATH}/include/pkcs11-helper-1.0 DESTINATION ${CURRENT_PACKAGES_DIR}/include/) > -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/lib) > -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/debug/lib) > + file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/share") > +endif() > > -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/bin) > -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/debug/bin) > +vcpkg_copy_pdbs() > > file(INSTALL ${SOURCE_PATH}/COPYING DESTINATION ${CURRENT_PACKAGES_DIR}/share/${PORT} RENAME copyright) > diff --git a/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake b/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake > new file mode 100644 > index 00000000..3676cdb0 > --- /dev/null > +++ b/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake > @@ -0,0 +1,8 @@ > +set(VCPKG_TARGET_ARCHITECTURE x64) > +set(VCPKG_CRT_LINKAGE dynamic) > +set(VCPKG_LIBRARY_LINKAGE static) > +set(VCPKG_ENV_PASSTHROUGH PATH) > + > +set(VCPKG_CMAKE_SYSTEM_NAME MinGW) > + > +set(VCPKG_MAKE_BUILD_TRIPLET --host=x86_64-w64-mingw32) > diff --git a/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake b/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake > new file mode 100644 > index 00000000..9e65f67f > --- /dev/null > +++ b/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake > @@ -0,0 +1,8 @@ > +set(VCPKG_TARGET_ARCHITECTURE x86) > +set(VCPKG_CRT_LINKAGE dynamic) > +set(VCPKG_LIBRARY_LINKAGE static) > +set(VCPKG_ENV_PASSTHROUGH PATH) > + > +set(VCPKG_CMAKE_SYSTEM_NAME MinGW) > + > +set(VCPKG_MAKE_BUILD_TRIPLET --host=i686-w64-mingw32) > -- > 2.34.1 > > > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel -- -Lev |
| From: Lev S. <lst...@gm...> - 2023-03-31 15:53:18 |
Reviewed in Gerrit. Acked-by: Lev Stipakov <lst...@gm...> pe 31. maalisk. 2023 klo 18.43 Frank Lichtenheld (fr...@li...) kirjoitti: > > The biggest change is that this allows to build this port > with mingw, not just MSVC > (which will become important with my CMake patch that > will include mingw vcpkg builds) > > Some smaller cleanups as well. > > Was reviewed by Lev in Gerrit at > https://gerrit.openvpn.net/q/topic:pkcs11-helper-vcpkg-mingw > > Frank Lichtenheld (3): > vcpkg-ports/pkcs11-helper: Make compatible with mingw build > vcpkg-ports/pkcs11-helper: Convert CONTROL to vcpkg.json > vcpkg-ports/pkcs11-helper: reference upstream PRs in patches > > .github/workflows/build.yaml | 1 + > ...to-succeed-if-configured-with-disabl.patch | 48 +++++++++++++++++++ > contrib/vcpkg-ports/pkcs11-helper/CONTROL | 4 -- > .../pkcs11-helper-001-RFC7512.patch | 2 + > ...cs11-helper-002-dynamic_loader_flags.patch | 2 + > .../vcpkg-ports/pkcs11-helper/portfile.cmake | 33 ++++++++++--- > contrib/vcpkg-ports/pkcs11-helper/vcpkg.json | 7 +++ > contrib/vcpkg-triplets/x64-mingw-ovpn.cmake | 8 ++++ > contrib/vcpkg-triplets/x86-mingw-ovpn.cmake | 8 ++++ > 9 files changed, 102 insertions(+), 11 deletions(-) > create mode 100644 contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch > delete mode 100644 contrib/vcpkg-ports/pkcs11-helper/CONTROL > create mode 100644 contrib/vcpkg-ports/pkcs11-helper/vcpkg.json > create mode 100644 contrib/vcpkg-triplets/x64-mingw-ovpn.cmake > create mode 100644 contrib/vcpkg-triplets/x86-mingw-ovpn.cmake > > -- > 2.34.1 > > > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel -- -Lev |
| From: Frank L. <fr...@li...> - 2023-03-31 15:42:31 |
Annoyingly this requires custom vcpkg triplets because the mingw toolchain definition and the vcpkg_configure_make function use incompatible default triplets (-pc-mingw32 vs -w64-mingw32). Change-Id: I4e671938220e9bfd798f91819f34b6f8ceaa45f5 Signed-off-by: Frank Lichtenheld <fr...@li...> --- ...to-succeed-if-configured-with-disabl.patch | 46 +++++++++++++++++++ .../vcpkg-ports/pkcs11-helper/portfile.cmake | 33 ++++++++++--- contrib/vcpkg-triplets/x64-mingw-ovpn.cmake | 8 ++++ contrib/vcpkg-triplets/x86-mingw-ovpn.cmake | 8 ++++ 4 files changed, 88 insertions(+), 7 deletions(-) create mode 100644 contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch create mode 100644 contrib/vcpkg-triplets/x64-mingw-ovpn.cmake create mode 100644 contrib/vcpkg-triplets/x86-mingw-ovpn.cmake diff --git a/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch b/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch new file mode 100644 index 00000000..102be4ec --- /dev/null +++ b/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch @@ -0,0 +1,46 @@ +From 7171396a151a2edb3474c7a321b7ae4ff7e171fc Mon Sep 17 00:00:00 2001 +From: Frank Lichtenheld <fr...@li...> +Date: Wed, 29 Mar 2023 12:44:44 +0200 +Subject: [PATCH] Allow the build to succeed if configured with + --disable-shared + +Do not try to install a file that does not exist. + +Signed-off-by: Frank Lichtenheld <fr...@li...> +--- + configure.ac | 1 + + lib/Makefile.am | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/configure.ac b/configure.ac +index a7e9760..f154ae3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -581,6 +581,7 @@ AC_SUBST([LIBPKCS11_HELPER_LT_AGE]) + AC_SUBST([LIBPKCS11_HELPER_LT_OLDEST]) + AC_SUBST([WIN_LIBPREFIX]) + AC_SUBST([PKCS11H_FEATURES]) ++AM_CONDITIONAL([ENABLE_SHARED], [test "${enable_shared}" = "yes" ]) + AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"]) + AM_CONDITIONAL([CYGWIN], [test "${CYGWIN}" = "yes"]) + AM_CONDITIONAL([ENABLE_DOC], [test "${enable_doc}" = "yes"]) +diff --git a/lib/Makefile.am b/lib/Makefile.am +index 31b928f..3cba32f 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -128,10 +128,12 @@ if ENABLE_PKCS11H_TOKEN + endif + + if WIN32 ++if ENABLE_SHARED + mylibdir=$(libdir) + mylib_DATA=.libs/@WIN_LIBPREFIX@pkcs11-helper-@LIBPKCS11_HELPER_LT_OLDEST@.dll.def + .libs/@WIN_LIBPREFIX@pkcs11-helper-@LIBPKCS11_HELPER_LT_OLDEST@.dll.def: libpkcs11-helper.la + endif ++endif + + RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) +-- +2.34.1 + diff --git a/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake index 1c6cedac..67e9a2bf 100644 --- a/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake +++ b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake @@ -13,24 +13,43 @@ vcpkg_extract_source_archive_ex( PATCHES 0001-nmake-compatibility-with-vcpkg-nmake.patch 0002-config-w32-vc.h.in-indicate-OpenSSL.patch + 0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch pkcs11-helper-001-RFC7512.patch pkcs11-helper-002-dynamic_loader_flags.patch ) -vcpkg_build_nmake( +if(VCPKG_TARGET_IS_WINDOWS AND NOT VCPKG_TARGET_IS_MINGW) + vcpkg_build_nmake( SOURCE_PATH ${SOURCE_PATH} PROJECT_SUBPATH lib PROJECT_NAME Makefile.w32-vc OPTIONS OPENSSL=1 OPENSSL_HOME=${CURRENT_PACKAGES_DIR}/../openssl_${TARGET_TRIPLET} -) + ) + + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/lib) + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/debug/lib) + + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/bin) + file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/debug/bin) + + file(INSTALL ${SOURCE_PATH}/include/pkcs11-helper-1.0 DESTINATION ${CURRENT_PACKAGES_DIR}/include/) + +else() + find_program(man_to_html man2html REQUIRED) + + vcpkg_configure_make( + SOURCE_PATH ${SOURCE_PATH} + OPTIONS --disable-crypto-engine-gnutls --disable-crypto-engine-nss + --disable-crypto-engine-polarssl --disable-crypto-engine-mbedtls + ) + vcpkg_install_make() + vcpkg_fixup_pkgconfig() -file(INSTALL ${SOURCE_PATH}/include/pkcs11-helper-1.0 DESTINATION ${CURRENT_PACKAGES_DIR}/include/) -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/lib) -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/debug/lib) + file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/share") +endif() -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/bin) -file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/debug/bin) +vcpkg_copy_pdbs() file(INSTALL ${SOURCE_PATH}/COPYING DESTINATION ${CURRENT_PACKAGES_DIR}/share/${PORT} RENAME copyright) diff --git a/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake b/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake new file mode 100644 index 00000000..3676cdb0 --- /dev/null +++ b/contrib/vcpkg-triplets/x64-mingw-ovpn.cmake @@ -0,0 +1,8 @@ +set(VCPKG_TARGET_ARCHITECTURE x64) +set(VCPKG_CRT_LINKAGE dynamic) +set(VCPKG_LIBRARY_LINKAGE static) +set(VCPKG_ENV_PASSTHROUGH PATH) + +set(VCPKG_CMAKE_SYSTEM_NAME MinGW) + +set(VCPKG_MAKE_BUILD_TRIPLET --host=x86_64-w64-mingw32) diff --git a/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake b/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake new file mode 100644 index 00000000..9e65f67f --- /dev/null +++ b/contrib/vcpkg-triplets/x86-mingw-ovpn.cmake @@ -0,0 +1,8 @@ +set(VCPKG_TARGET_ARCHITECTURE x86) +set(VCPKG_CRT_LINKAGE dynamic) +set(VCPKG_LIBRARY_LINKAGE static) +set(VCPKG_ENV_PASSTHROUGH PATH) + +set(VCPKG_CMAKE_SYSTEM_NAME MinGW) + +set(VCPKG_MAKE_BUILD_TRIPLET --host=i686-w64-mingw32) -- 2.34.1 |
| From: Frank L. <fr...@li...> - 2023-03-31 15:42:31 |
So it is easier to check the merge status. Change-Id: Ia1f8a8d26d4752a7dda1a20521c59ded06bc7c52 Signed-off-by: Frank Lichtenheld <fr...@li...> --- ...1-Allow-the-build-to-succeed-if-configured-with-disabl.patch | 2 ++ .../vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch | 2 ++ .../pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch | 2 ++ 3 files changed, 6 insertions(+) diff --git a/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch b/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch index 102be4ec..16fa7042 100644 --- a/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch +++ b/contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch @@ -12,6 +12,8 @@ Signed-off-by: Frank Lichtenheld <fr...@li...> lib/Makefile.am | 2 ++ 2 files changed, 3 insertions(+) +upstream PR: https://github.com/OpenSC/pkcs11-helper/pull/62 + diff --git a/configure.ac b/configure.ac index a7e9760..f154ae3 100644 --- a/configure.ac diff --git a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch index 84fba080..56e3486e 100644 --- a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch +++ b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch @@ -1,3 +1,5 @@ +upstream PR: https://github.com/OpenSC/pkcs11-helper/pull/4 + commit 90590b02085edc3830bdfe0942a46c4e7bf3f1ab (HEAD -> master) Author: David Woodhouse <Dav...@in...> Date: Thu Apr 30 14:58:24 2015 +0100 diff --git a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch index 325dea8b..6d674581 100644 --- a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch +++ b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch @@ -11,6 +11,8 @@ set original values as defaults, use verbatim (user-supplied) value lib/pkcs11h-core.c | 13 +++++++++++-- 3 files changed, 23 insertions(+), 3 deletions(-) +upstream PR: https://github.com/OpenSC/pkcs11-helper/pull/59 + diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h index 9028c277..56f87718 100644 --- a/include/pkcs11-helper-1.0/pkcs11h-core.h -- 2.34.1 |
| From: Frank L. <fr...@li...> - 2023-03-31 15:42:31 |
To be in line with current vcpkg packaging policies. Change-Id: Ifad0965a2b724b0b278783ba9c0ad5a82274445d Signed-off-by: Frank Lichtenheld <fr...@li...> --- .github/workflows/build.yaml | 1 + contrib/vcpkg-ports/pkcs11-helper/CONTROL | 4 ---- contrib/vcpkg-ports/pkcs11-helper/vcpkg.json | 7 +++++++ 3 files changed, 8 insertions(+), 4 deletions(-) delete mode 100644 contrib/vcpkg-ports/pkcs11-helper/CONTROL create mode 100644 contrib/vcpkg-ports/pkcs11-helper/vcpkg.json diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0f352dcd..0c16d379 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -445,6 +445,7 @@ jobs: uses: lukka/run-vcpkg@v10 with: vcpkgGitCommitId: 'd10d511f25620ca0f315cd83dcef6485efc63010' + vcpkgJsonGlob: '**/openvpn/vcpkg.json' appendedCacheKey: '${{matrix.triplet}}' - name: Run MSBuild consuming vcpkg.json diff --git a/contrib/vcpkg-ports/pkcs11-helper/CONTROL b/contrib/vcpkg-ports/pkcs11-helper/CONTROL deleted file mode 100644 index 1ead697e..00000000 --- a/contrib/vcpkg-ports/pkcs11-helper/CONTROL +++ /dev/null @@ -1,4 +0,0 @@ -Source: pkcs11-helper -Version: 1.29-1 -Homepage: https://github.com/OpenSC/pkcs11-helper -Description: pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications. diff --git a/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json b/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json new file mode 100644 index 00000000..12f918b7 --- /dev/null +++ b/contrib/vcpkg-ports/pkcs11-helper/vcpkg.json @@ -0,0 +1,7 @@ +{ + "name": "pkcs11-helper", + "version": "1.29.0", + "description": "pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications.", + "homepage": "https://github.com/OpenSC/pkcs11-helper", + "license": "BSD-3-Clause OR GPL-2.0-only" +} -- 2.34.1 |
| From: Frank L. <fr...@li...> - 2023-03-31 15:42:31 |
The biggest change is that this allows to build this port with mingw, not just MSVC (which will become important with my CMake patch that will include mingw vcpkg builds) Some smaller cleanups as well. Was reviewed by Lev in Gerrit at https://gerrit.openvpn.net/q/topic:pkcs11-helper-vcpkg-mingw Frank Lichtenheld (3): vcpkg-ports/pkcs11-helper: Make compatible with mingw build vcpkg-ports/pkcs11-helper: Convert CONTROL to vcpkg.json vcpkg-ports/pkcs11-helper: reference upstream PRs in patches .github/workflows/build.yaml | 1 + ...to-succeed-if-configured-with-disabl.patch | 48 +++++++++++++++++++ contrib/vcpkg-ports/pkcs11-helper/CONTROL | 4 -- .../pkcs11-helper-001-RFC7512.patch | 2 + ...cs11-helper-002-dynamic_loader_flags.patch | 2 + .../vcpkg-ports/pkcs11-helper/portfile.cmake | 33 ++++++++++--- contrib/vcpkg-ports/pkcs11-helper/vcpkg.json | 7 +++ contrib/vcpkg-triplets/x64-mingw-ovpn.cmake | 8 ++++ contrib/vcpkg-triplets/x86-mingw-ovpn.cmake | 8 ++++ 9 files changed, 102 insertions(+), 11 deletions(-) create mode 100644 contrib/vcpkg-ports/pkcs11-helper/0001-Allow-the-build-to-succeed-if-configured-with-disabl.patch delete mode 100644 contrib/vcpkg-ports/pkcs11-helper/CONTROL create mode 100644 contrib/vcpkg-ports/pkcs11-helper/vcpkg.json create mode 100644 contrib/vcpkg-triplets/x64-mingw-ovpn.cmake create mode 100644 contrib/vcpkg-triplets/x86-mingw-ovpn.cmake -- 2.34.1 |
| From: Arne S. <ar...@rf...> - 2023-03-31 13:48:42 |
Am 31.03.23 um 15:24 schrieb Frank Lichtenheld: > Basically -Werror for docutils. > > Fix all issues raised by this. The following issue > classes were reported: > > Possible title underline, too short for the title. > Treating it as ordinary text because it's so short. > (:: at the start of the line directly below text, > either add empty line of merge into : on previous line) > > Enumerated list start value not ordinal-1 > (error in numbering) Thanks. That helps catching these mistakes early. Acked-By: Arne Schwabe <ar...@rf...> |
| From: Frank L. <fr...@li...> - 2023-03-31 13:24:49 |
Basically -Werror for docutils. Fix all issues raised by this. The following issue classes were reported: Possible title underline, too short for the title. Treating it as ordinary text because it's so short. (:: at the start of the line directly below text, either add empty line of merge into : on previous line) Enumerated list start value not ordinal-1 (error in numbering) Change-Id: Id3b0f7be4602f70115c60e6ddb89f6ed58e94e64 Signed-off-by: Frank Lichtenheld <fr...@li...> --- doc/Makefile.am | 6 ++- doc/man-sections/connection-profiles.rst | 3 +- doc/man-sections/example-fingerprint.rst | 7 ++- doc/man-sections/examples.rst | 51 +++++++------------ .../virtual-routing-and-forwarding.rst | 6 ++- 5 files changed, 30 insertions(+), 43 deletions(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index 13e6a64e..bb9c935d 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -68,19 +68,21 @@ openvpn-examples.5 openvpn-examples.5.html: $(openvpn_examples_sections) SUFFIXES = .8.rst .8 .8.html .5.rst .5 .5.html +RST_FLAGS = --strict + MAINTAINERCLEANFILES = \ $(srcdir)/Makefile.in .8.rst.8 .5.rst.5 : if HAVE_PYDOCUTILS - $(RST2MAN) $< > $@ + $(RST2MAN) $(RST_FLAGS) $< > $@ else @echo "Missing python-docutils - skipping man page generation ($@)" endif .8.rst.8.html .5.rst.5.html : if HAVE_PYDOCUTILS - $(RST2HTML) $< > $@ + $(RST2HTML) $(RST_FLAGS) $< > $@ else @echo "Missing python-docutils - skipping html page generation ($@)" endif diff --git a/doc/man-sections/connection-profiles.rst b/doc/man-sections/connection-profiles.rst index fd3382b2..c8816e10 100644 --- a/doc/man-sections/connection-profiles.rst +++ b/doc/man-sections/connection-profiles.rst @@ -16,8 +16,7 @@ achieves a successful connection. ``--remote-random`` can be used to initially "scramble" the connection list. -Here is an example of connection profile usage: -:: +Here is an example of connection profile usage:: client dev tun diff --git a/doc/man-sections/example-fingerprint.rst b/doc/man-sections/example-fingerprint.rst index 852cca49..7cdda190 100644 --- a/doc/man-sections/example-fingerprint.rst +++ b/doc/man-sections/example-fingerprint.rst @@ -34,8 +34,7 @@ Server setup SHA256 Fingerprint=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff -3. Write a server configuration (`server.conf`): -:: +4. Write a server configuration (`server.conf`):: # The server certificate we created in step 1 cert server.crt @@ -65,9 +64,9 @@ Server setup # Ping every 60s, restart if no data received for 5 minutes keepalive 60 300 -4. Add at least one client as described in the client section. +5. Add at least one client as described in the client section. -5. Start the server. +6. Start the server. - On systemd based distributions move `server.crt`, `server.key` and `server.conf` to :code:`/etc/openvpn/server` and start it via systemctl diff --git a/doc/man-sections/examples.rst b/doc/man-sections/examples.rst index 31486017..94cc726a 100644 --- a/doc/man-sections/examples.rst +++ b/doc/man-sections/examples.rst @@ -63,27 +63,23 @@ you will get a weird feedback loop. Example 1: A simple tunnel without security (not recommended) ------------------------------------------------------------- -On bob: -:: +On bob:: openvpn --remote alice.example.com --dev tun1 \ --ifconfig 10.4.0.1 10.4.0.2 --verb 9 -On alice: -:: +On alice:: openvpn --remote bob.example.com --dev tun1 \ --ifconfig 10.4.0.2 10.4.0.1 --verb 9 Now verify the tunnel is working by pinging across the tunnel. -On bob: -:: +On bob:: ping 10.4.0.2 -On alice: -:: +On alice:: ping 10.4.0.1 @@ -96,13 +92,13 @@ Example 2: A tunnel with self-signed certificates and fingerprint ----------------------------------------------------------------- First build a self-signed certificate on bob and display its fingerprint. + :: openssl req -x509 -newkey ec:<(openssl ecparam -name secp384r1) -keyout bob.pem -out bob.pem -nodes -sha256 -days 3650 -subj '/CN=bob' openssl x509 -noout -sha256 -fingerprint -in bob.pem -and the same on alice: -:: +and the same on alice:: openssl req -x509 -newkey ec:<(openssl ecparam -name secp384r1) -keyout alice.pem -out alice.pem -nodes -sha256 -days 3650 -subj '/CN=alice' openssl x509 -noout -sha256 -fingerprint -in alice.pem @@ -113,30 +109,26 @@ that contain both self-signed certificate and key and show the fingerprint of th Transfer the fingerprints over a secure medium such as by using the ``scp``\(1) or ``ssh``\(1) program. -On bob: -:: +On bob:: openvpn --ifconfig 10.4.0.1 10.4.0.2 --tls-server --dev tun --dh none \ --cert bob.pem --key bob.pem --cipher AES-256-GCM \ --peer-fingerprint "$fingerprint_of_alices_cert" -On alice: -:: +On alice:: openvpn --remote bob.example.com --tls-client --dev tun1 \ --ifconfig 10.4.0.2 10.4.0.1 --cipher AES-256-GCM \ - --cert alice.pem --key alice.pem + --cert alice.pem --key alice.pem \ --peer-fingerprint "$fingerprint_of_bobs_cert" Now verify the tunnel is working by pinging across the tunnel. -On bob: -:: +On bob:: ping 10.4.0.2 -On alice: -:: +On alice:: ping 10.4.0.1 @@ -170,8 +162,7 @@ For Diffie Hellman parameters you can use the included file and keys included in the OpenVPN distribution are totally insecure and should be used for testing only. -On bob: -:: +On bob:: openvpn --remote alice.example.com --dev tun1 \ --ifconfig 10.4.0.1 10.4.0.2 \ @@ -179,8 +170,7 @@ On bob: --cert client.crt --key client.key \ --reneg-sec 60 --verb 5 -On alice: -:: +On alice:: openvpn --remote bob.example.com --dev tun1 \ --ifconfig 10.4.0.2 10.4.0.1 \ @@ -190,13 +180,11 @@ On alice: Now verify the tunnel is working by pinging across the tunnel. -On bob: -:: +On bob:: ping 10.4.0.2 -On alice: -:: +On alice:: ping 10.4.0.1 @@ -221,8 +209,7 @@ networks. We will assume that bob's private subnet is *10.0.0.0/24* and alice's is *10.0.1.0/24*. First, ensure that IP forwarding is enabled on both peers. On Linux, -enable routing: -:: +enable routing:: echo 1 > /proc/sys/net/ipv4/ip_forward @@ -235,13 +222,11 @@ systems guide on how to configure the firewall. You typically want to allow traffic coming from and going to the tun/tap adapter OpenVPN is configured to use. -On bob: -:: +On bob:: route add -net 10.0.1.0 netmask 255.255.255.0 gw 10.4.0.2 -On alice: -:: +On alice:: route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.4.0.1 diff --git a/doc/man-sections/virtual-routing-and-forwarding.rst b/doc/man-sections/virtual-routing-and-forwarding.rst index 28c13eee..db5f1abc 100644 --- a/doc/man-sections/virtual-routing-and-forwarding.rst +++ b/doc/man-sections/virtual-routing-and-forwarding.rst @@ -23,11 +23,13 @@ VRF setup with iproute2 ``````````````````````` Create VRF :code:`vrf_external` and map it to routing table :code:`1023` + :: ip link add vrf_external type vrf table 1023 Move :code:`eth0` into :code:`vrf_external` + :: ip link set master vrf_external dev eth0 @@ -42,8 +44,7 @@ VRF setup with ifupdown For Debian based Distributions :code:`ifupdown2` provides an almost drop-in replacement for :code:`ifupdown` including VRFs and other features. A configuration for an interface :code:`eth0` being part of VRF -code:`vrf_external` could look like this: -:: +code:`vrf_external` could look like this:: auto eth0 iface eth0 @@ -61,6 +62,7 @@ code:`vrf_external` could look like this: OpenVPN configuration ````````````````````` The OpenVPN configuration needs to contain this line: + :: bind-dev vrf_external -- 2.34.1 |
| From: Frank L. <fr...@li...> - 2023-03-30 13:19:33 |
On Sun, Nov 27, 2022 at 09:59:33AM +0100, Arne Schwabe wrote: > Changing the argument of check_malloc_return from const void* to void* > removes the warning from gcc 12.2.0: > > In file included from ../../../openvpn-git/src/openvpn/crypto_openssl.c:40: > ../../../openvpn-git/src/openvpn/buffer.h: In function ‘hmac_ctx_new’: > ../../../openvpn-git/src/openvpn/buffer.h:1030:9: warning: ‘ctx’ may be used uninitialized [-Wmaybe-uninitialized] > 1030 | check_malloc_return((dptr) = (type *) malloc(sizeof(type))); \ > | ^~~~~~~~~~~~~~~~~~~ > ../../../openvpn-git/src/openvpn/buffer.h:1076:1: note: by argument 1 of type ‘const void *’ to ‘check_malloc_return’ declared here > 1076 | check_malloc_return(const void *p) > | ^~~~~~~~~~~~~~~~~~~ > > This more a quick fix/heads up for other people encountering the issue > on GCC 12.2.0 like on Ubuntu 22.10 until we figure out if this is a bug in > our code or a compiler bug. > > Signed-off-by: Arne Schwabe <ar...@rf...> > --- > src/openvpn/buffer.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h > index fece6336d..9ad281562 100644 > --- a/src/openvpn/buffer.h > +++ b/src/openvpn/buffer.h > @@ -1073,7 +1073,7 @@ gc_reset(struct gc_arena *a) > } > > static inline void > -check_malloc_return(const void *p) > +check_malloc_return(void *p) > { > if (!p) > { Seen this with gcc 11.3 on Ubuntu 22.04 as well. It only seems to occur on -O0, probably since check_malloc_return will be inlined otherwise. I would suggest to go ahead with applying the patch. While I think that in our specific case it is a false-positive, the general assumption "a const pointer to a clearly uninitialized area is not useful" is valid in general. Testing the pointer for NULL like we do is literally the one and only thing you can do with it. On anything other than -O0 it will make no difference anyway. And removing the const is much less ugly than to add some pragmas for gcc to suppress the warning. So: Acked-By: Frank Lichtenheld <fr...@li...> Regards, -- Frank Lichtenheld |
| From: Gert D. <ge...@gr...> - 2023-03-30 11:39:36 |
Acked-by: Gert Doering <ge...@gr...> Tested on a normal MinGW build (no MSI installers, just openvpn.exe) and this still works, as do GHA builds. Your patch has been applied to the master branch. commit 93343fdf00f44a683faf12c448a31ef66f6e39ee Author: Frank Lichtenheld Date: Thu Mar 30 11:42:26 2023 +0200 version.sh: remove Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@li...> URL: https://www.mail-archive.com/ope...@li.../msg26560.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering |
| From: Gert D. <ge...@gr...> - 2023-03-30 11:11:23 |
Acked-by: Gert Doering <ge...@gr...> "Buildbot says it still compiles on ALL platforms!" - and that is all I would have tested anyway (Buildbot isn't testing AIX, but I am reasonably sure AIX does not need that either). This is refactoring / code cleanup, which goes to master (only), unless needed for a bugfix. Your patch has been applied to the master branch. commit dbd7e3bea41e8be3fa637a17827236b1fc6db18b Author: Frank Lichtenheld Date: Thu Mar 30 11:42:15 2023 +0200 Do not include net/in_systm.h Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Message-Id: <202...@li...> URL: https://www.mail-archive.com/ope...@li.../msg26559.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering |
| From: Gert D. <ge...@gr...> - 2023-03-30 10:57:06 |
I have no idea what this is about, but I do not need to :-) - Frank and Lev do building, and if they say this is what is needed... Since it's related to MSI building, it needs to go into 2.6 as long as we provide 2.6.x MSU builds ("for a while"). Your patch has been applied to the master and release/2.6 branch. commit b1fc3f25bc27462100bf96d9b677d6a3c31d3303 (master) commit 253a87dccf8c9645fade2426177489fcd8dd0ec8 (release/2.6) Author: Frank Lichtenheld Date: Thu Mar 30 12:15:36 2023 +0200 vcpkg: request tools feature of openssl for MSVC build Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Lev Stipakov <lst...@gm...> Message-Id: <202...@li...> URL: https://www.mail-archive.com/ope...@li.../msg26561.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering |
| From: Lev S. <lst...@gm...> - 2023-03-30 10:44:01 |
GHA seems happy about this change: https://github.com/flichtenheld/openvpn/actions/runs/4562871750/jobs/8050638911 Acked-by: Lev Stipakov <lst...@gm...> to 30. maalisk. 2023 klo 13.17 Frank Lichtenheld (fr...@li...) kirjoitti: > > We need this for the MSI build. Previously this was enabled > by default. > > Signed-off-by: Frank Lichtenheld <fr...@li...> > --- > .github/workflows/build.yaml | 2 +- > src/openvpn/vcpkg.json | 5 ++++- > 2 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml > index 99ae437e..4766efdc 100644 > --- a/.github/workflows/build.yaml > +++ b/.github/workflows/build.yaml > @@ -440,7 +440,7 @@ jobs: > - name: Restore artifacts, or setup vcpkg (do not install any package) > uses: lukka/run-vcpkg@v10 > with: > - vcpkgGitCommitId: 'cafd398be781144787573ca78390e951673c7055' > + vcpkgGitCommitId: 'd10d511f25620ca0f315cd83dcef6485efc63010' > appendedCacheKey: '${{matrix.triplet}}' > > - name: Run MSBuild consuming vcpkg.json > diff --git a/src/openvpn/vcpkg.json b/src/openvpn/vcpkg.json > index 80645677..0afd802c 100644 > --- a/src/openvpn/vcpkg.json > +++ b/src/openvpn/vcpkg.json > @@ -3,7 +3,10 @@ > "name": "openvpn", > "version": "2.6", > "dependencies": [ > - "openssl", > + { > + "name": "openssl", > + "features": ["tools"] > + }, > "tap-windows6", > "lzo", > "lz4", > -- > 2.34.1 > > > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel -- -Lev |
| From: Frank L. <fr...@li...> - 2023-03-30 10:15:55 |
We need this for the MSI build. Previously this was enabled by default. Signed-off-by: Frank Lichtenheld <fr...@li...> --- .github/workflows/build.yaml | 2 +- src/openvpn/vcpkg.json | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 99ae437e..4766efdc 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -440,7 +440,7 @@ jobs: - name: Restore artifacts, or setup vcpkg (do not install any package) uses: lukka/run-vcpkg@v10 with: - vcpkgGitCommitId: 'cafd398be781144787573ca78390e951673c7055' + vcpkgGitCommitId: 'd10d511f25620ca0f315cd83dcef6485efc63010' appendedCacheKey: '${{matrix.triplet}}' - name: Run MSBuild consuming vcpkg.json diff --git a/src/openvpn/vcpkg.json b/src/openvpn/vcpkg.json index 80645677..0afd802c 100644 --- a/src/openvpn/vcpkg.json +++ b/src/openvpn/vcpkg.json @@ -3,7 +3,10 @@ "name": "openvpn", "version": "2.6", "dependencies": [ - "openssl", + { + "name": "openssl", + "features": ["tools"] + }, "tap-windows6", "lzo", "lz4", -- 2.34.1 |
| From: Frank L. <fr...@li...> - 2023-03-30 09:42:39 |
This was added back in commit 6187644b660ce284d0a706811eae2dce7cb411b2 to support the NSIS windows installer. It is now unused. Signed-off-by: Frank Lichtenheld <fr...@li...> --- .gitignore | 1 - Makefile.am | 5 ----- configure.ac | 1 - version.sh.in | 4 ---- 4 files changed, 11 deletions(-) delete mode 100644 version.sh.in Fallout of my quest to understand all users of version.m4 diff --git a/.gitignore b/.gitignore index 813413fe..bedbf519 100644 --- a/.gitignore +++ b/.gitignore @@ -46,7 +46,6 @@ m4/ltversion.m4 m4/lt~obsolete.m4 vcpkg_installed -version.sh msvc-env-local.bat config-msvc-local.h config-msvc-version.h diff --git a/Makefile.am b/Makefile.am index 4ffe5118..297c3399 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,11 +70,6 @@ dist_noinst_HEADERS = \ config-msvc.h \ config-msvc-version.h.in -if WIN32 -rootdir=$(prefix) -root_DATA = version.sh -endif - config-version.h: @CONFIGURE_GIT_CHFILES="`GIT_DIR=\"$(top_srcdir)/.git\" $(GIT) diff-files --name-status -r --ignore-submodules --quiet -- || echo \"+\"`"; \ CONFIGURE_GIT_UNCOMMITTED="`GIT_DIR=\"$(top_srcdir)/.git\" $(GIT) diff-index --cached --quiet --ignore-submodules HEAD || echo \"*\"`"; \ diff --git a/configure.ac b/configure.ac index e1e79ebf..50bccc72 100644 --- a/configure.ac +++ b/configure.ac @@ -1502,7 +1502,6 @@ AC_SUBST([TEST_LDFLAGS]) AC_SUBST([TEST_CFLAGS]) AC_CONFIG_FILES([ - version.sh Makefile build/Makefile build/msvc/Makefile diff --git a/version.sh.in b/version.sh.in deleted file mode 100644 index 2af5a364..00000000 --- a/version.sh.in +++ /dev/null @@ -1,4 +0,0 @@ -OPENVPN_PACKAGE_NAME="@PACKAGE_NAME@" -OPENVPN_PACKAGE_TARNAME="@PACKAGE_TARNAME@" -OPENVPN_PACKAGE_VERSION="@PACKAGE_VERSION@" -OPENVPN_PACKAGE_HOST="@host@" -- 2.34.1 |
| From: Frank L. <fr...@li...> - 2023-03-30 09:42:31 |
This only defines three types and none of them is used anywhere in our source code. Signed-off-by: Frank Lichtenheld <fr...@li...> --- configure.ac | 5 +---- src/openvpn/syshead.h | 16 ---------------- 2 files changed, 1 insertion(+), 20 deletions(-) Suggested by Arne in his CMake patch. Confirmed and tested. diff --git a/configure.ac b/configure.ac index ca85e5ed..e1e79ebf 100644 --- a/configure.ac +++ b/configure.ac @@ -453,7 +453,7 @@ AC_CHECK_HEADERS([ \ fcntl.h io.h \ sys/types.h sys/socket.h \ unistd.h dlfcn.h \ - netinet/in.h netinet/in_systm.h \ + netinet/in.h \ netinet/tcp.h arpa/inet.h netdb.h \ versionhelpers.h \ ]) @@ -489,9 +489,6 @@ SOCKET_INCLUDES=" #ifdef _WIN32 #include <ws2tcpip.h> #endif -#ifdef HAVE_NETINET_IN_SYSTM_H -#include <netinet/in_systm.h> -#endif #ifdef HAVE_NETINET_IP_H #include <netinet/ip.h> #endif diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index 53359225..7181b94d 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -221,10 +221,6 @@ #include <sys/sockio.h> #endif -#ifdef HAVE_NETINET_IN_SYSTM_H -#include <netinet/in_systm.h> -#endif - #ifdef HAVE_NETINET_IP_H #include <netinet/ip.h> #endif @@ -241,10 +237,6 @@ #include <sys/uio.h> #endif -#ifdef HAVE_NETINET_IN_SYSTM_H -#include <netinet/in_systm.h> -#endif - #ifdef HAVE_NETINET_IP_H #include <netinet/ip.h> #endif @@ -265,10 +257,6 @@ #include <sys/uio.h> #endif -#ifdef HAVE_NETINET_IN_SYSTM_H -#include <netinet/in_systm.h> -#endif - #ifdef HAVE_NETINET_IP_H #include <netinet/ip.h> #endif @@ -301,10 +289,6 @@ #include <sys/uio.h> #endif -#ifdef HAVE_NETINET_IN_SYSTM_H -#include <netinet/in_systm.h> -#endif - #ifdef HAVE_NETINET_IP_H #include <netinet/ip.h> #endif -- 2.34.1 |
| From: Antonio Q. <a...@un...> - 2023-03-29 13:01:54 |
On 29/03/2023 14:46, Arne Schwabe wrote: > This can happen if the memory alloc fails. > > Patch V2: add goto error > > Change-Id: Iee66caa794d267ac5f8bee584633352893047171 > Signed-off-by: Arne Schwabe <ar...@rf...> > --- > src/openvpn/dco_linux.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c > index 41540c0f8..95fe94848 100644 > --- a/src/openvpn/dco_linux.c > +++ b/src/openvpn/dco_linux.c > @@ -83,6 +83,13 @@ resolve_ovpn_netlink_id(int msglevel) > int ret; > struct nl_sock *nl_sock = nl_socket_alloc(); > > + if (!nl_sock) > + { > + msg(msglevel, "Allocating net link socket failed"); > + ret = -1; Please use -ENOMEM here - it is always better to return an actual reason rather than just "failed". > + goto err_sock; There is no need to jump to cleanup. You can just return -1 here and save one line. (this is what we do in other functions of this file) Cheers, -- Antonio Quartulli |
| From: Arne S. <ar...@rf...> - 2023-03-29 12:47:04 |
This can happen if the memory alloc fails. Patch V2: add goto error Change-Id: Iee66caa794d267ac5f8bee584633352893047171 Signed-off-by: Arne Schwabe <ar...@rf...> --- src/openvpn/dco_linux.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 41540c0f8..95fe94848 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -83,6 +83,13 @@ resolve_ovpn_netlink_id(int msglevel) int ret; struct nl_sock *nl_sock = nl_socket_alloc(); + if (!nl_sock) + { + msg(msglevel, "Allocating net link socket failed"); + ret = -1; + goto err_sock; + } + ret = genl_connect(nl_sock); if (ret) { -- 2.37.1 (Apple Git-137.1) |
| From: Gianmarco De G. <gia...@ma...> - 2023-03-29 10:12:24 |
Add the ability for users to specify a custom routing table where routes should be installed in. As of now routes are always installed in the main routing table of the operating system, however, with the new --route-table option it is possibile to specify the ID of the default routing table to be used by --route(-ipv6). The --route(-ipv6) directives have been extended with an additional argument (5th for --route) (4th for --route-ipv6) so that each of them can possibly use an independent routing table. Please note: this feature is currently supported only by Linux/SITNL. Support for other platforms should be added in related backends. Signed-off-by: Gianmarco De Gregori <gia...@ma...> --- doc/man-sections/vpn-network-options.rst | 16 +++- src/openvpn/helper.c | 1 + src/openvpn/init.c | 15 +++- src/openvpn/options.c | 44 +++++++++- src/openvpn/options.h | 1 + src/openvpn/route.c | 101 +++++++++++++++++++++-- src/openvpn/route.h | 17 +++- 7 files changed, 179 insertions(+), 16 deletions(-) diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst index 8e3c92ee..c25bbf31 100644 --- a/doc/man-sections/vpn-network-options.rst +++ b/doc/man-sections/vpn-network-options.rst @@ -367,6 +367,14 @@ routing. Like ``--redirect-gateway``, but omit actually changing the default gateway. Useful when pushing private subnets. +--route-table id + Specify a default table id for use with --route. + By default, OpenVPN installs routes in the main routing + table of the operating system, but with this option, + a user defined routing table can be used instead. + + (Supported on Linux only, on other platforms this is a no-op). + --route args Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in @@ -379,6 +387,7 @@ routing. route network/IP netmask route network/IP netmask gateway route network/IP netmask gateway metric + route network/IP netmask gateway metric table-id This option is intended as a convenience proxy for the ``route``\(8) shell command, while at the same time providing portable semantics @@ -394,6 +403,9 @@ routing. ``metric`` default taken from ``--route-metric`` if set, otherwise :code:`0`. + ``table-id`` (Supported on Linux only, on other platforms this is a no-op). + default taken from ``--route-table`` if set, otherwise :code:`0`. + The default can be specified by leaving an option blank or setting it to :code:`default`. @@ -444,12 +456,14 @@ routing. Valid syntax: :: - route-ipv6 ipv6addr/bits [gateway] [metric] + route-ipv6 ipv6addr/bits [gateway] [metric] [table-id] The gateway parameter is only used for IPv6 routes across *tap* devices, and if missing, the ``ipv6remote`` field from ``--ifconfig-ipv6`` or ``--route-ipv6-gateway`` is used. + (table-id supported on Linux only, on other platforms this is a no-op). + --route-gateway arg Specify a default *gateway* for use with ``--route``. diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c index 7c219fdf..4a0e0d85 100644 --- a/src/openvpn/helper.c +++ b/src/openvpn/helper.c @@ -120,6 +120,7 @@ helper_add_route(const in_addr_t network, const in_addr_t netmask, struct option print_in_addr_t(network, 0, &o->gc), print_in_addr_t(netmask, 0, &o->gc), NULL, + NULL, NULL); } diff --git a/src/openvpn/init.c b/src/openvpn/init.c index d358ad00..8220eb93 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1504,6 +1504,7 @@ do_init_route_list(const struct options *options, const char *gw = NULL; int dev = dev_type_enum(options->dev, options->dev_type); int metric = 0; + uint32_t table_id = 0; /* unspec table */ /* if DCO is enabled we have both regular routes and iroutes in the system * routing table, and normal routes must have a higher metric for that to @@ -1522,6 +1523,10 @@ do_init_route_list(const struct options *options, { gw = options->route_default_gateway; } + if (options->route_default_table_id) + { + table_id = options->route_default_table_id; + } if (options->route_default_metric) { metric = options->route_default_metric; @@ -1530,6 +1535,7 @@ do_init_route_list(const struct options *options, if (init_route_list(route_list, options->routes, gw, + table_id, metric, link_socket_current_remote(link_socket_info), es, @@ -1549,6 +1555,7 @@ do_init_route_ipv6_list(const struct options *options, { const char *gw = NULL; int metric = -1; /* no metric set */ + uint32_t table_id = 0; /* unspec table */ /* see explanation in do_init_route_list() */ if (dco_enabled(options)) @@ -1567,6 +1574,11 @@ do_init_route_ipv6_list(const struct options *options, metric = options->route_default_metric; } + if (options->route_default_table_id) + { + table_id = options->route_default_table_id; + } + /* redirect (IPv6) gateway to VPN? if yes, add a few more specifics */ if (options->routes_ipv6->flags & RG_REROUTE_GW) @@ -1578,7 +1590,7 @@ do_init_route_ipv6_list(const struct options *options, { add_route_ipv6_to_option_list( options->routes_ipv6, string_alloc(opt_list[i], options->routes_ipv6->gc), - NULL, NULL ); + NULL, NULL, NULL ); } } @@ -1586,6 +1598,7 @@ do_init_route_ipv6_list(const struct options *options, options->routes_ipv6, gw, metric, + table_id, link_socket_current_remote_ipv6(link_socket_info), es, ctx)) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 2680f268..0d54883f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -6956,7 +6956,15 @@ add_option(struct options *options, cnol_check_alloc(options); add_client_nat_to_option_list(options->client_nat, p[1], p[2], p[3], p[4], msglevel); } - else if (streq(p[0], "route") && p[1] && !p[5]) + else if (streq(p[0], "route-table") && p[1] && !p[2]) + { +#ifndef ENABLE_SITNL + msg(M_WARN, "NOTE: --route-table specified, but not supported on this platform"); +#endif + VERIFY_PERMISSION(OPT_P_ROUTE); + options->route_default_table_id = positive_atoi(p[1]); + } + else if (streq(p[0], "route") && p[1] && !p[6]) { VERIFY_PERMISSION(OPT_P_ROUTE); rol_check_alloc(options); @@ -6978,9 +6986,22 @@ add_option(struct options *options, goto err; } } - add_route_to_option_list(options->routes, p[1], p[2], p[3], p[4]); + /* at the moment the routing table id is supported only by Linux/SITNL */ +#ifndef ENABLE_SITNL + if (p[5]) + { + static bool route_table_warned = false; + + if (!route_table_warned) + { + msg(M_WARN, "NOTE: table specified for --route, but not supported on this platform"); + route_table_warned = true; + } + } +#endif + add_route_to_option_list(options->routes, p[1], p[2], p[3], p[4], p[5]); } - else if (streq(p[0], "route-ipv6") && p[1] && !p[4]) + else if (streq(p[0], "route-ipv6") && p[1] && !p[5]) { VERIFY_PERMISSION(OPT_P_ROUTE); rol6_check_alloc(options); @@ -6998,7 +7019,22 @@ add_option(struct options *options, } /* p[3] is metric, if present */ } - add_route_ipv6_to_option_list(options->routes_ipv6, p[1], p[2], p[3]); + + /* at the moment the routing table id is supported only by Linux/SITNL */ +#ifndef ENABLE_SITNL + if (p[5]) + { + static bool route6_table_warned = false; + + if (!route6_table_warned) + { + msg(M_WARN, "NOTE: table specified for --route-ipv6, but not supported on this platform"); + route6_table_warned = true; + } + } +#endif + + add_route_ipv6_to_option_list(options->routes_ipv6, p[1], p[2], p[3], p[4]); } else if (streq(p[0], "max-routes") && !p[2]) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index f5890b90..78ff645e 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -411,6 +411,7 @@ struct options const char *route_predown_script; const char *route_default_gateway; const char *route_ipv6_default_gateway; + uint32_t route_default_table_id; int route_default_metric; bool route_noexec; int route_delay; diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 3798bc65..00419dce 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -325,7 +325,6 @@ init_route(struct route_ipv4 *r, CLEAR(*r); r->option = ro; - /* network */ if (!is_route_parm_defined(ro->network)) @@ -437,6 +436,27 @@ init_route(struct route_ipv4 *r, r->flags |= RT_DEFINED; + /* routing table id */ + + r->table_id = 0; + if (ro->table_id) + { + r->table_id = atoi(ro->table_id); + if (r->table_id < 0) + { + msg(M_WARN, PACKAGE_NAME "ROUTE: routing table id for network %s (%s) must be >= 0", + ro->network, + ro->table_id); + goto fail; + } + r->flags |= RT_TABLE_DEFINED; + } + else if (rl->spec.flags & RTSA_DEFAULT_TABLE_ID) + { + r->table_id = rl->spec.table_id; + r->flags |= RT_TABLE_DEFINED; + } + return true; fail: @@ -493,6 +513,27 @@ init_route_ipv6(struct route_ipv6 *r6, r6->flags |= RT_DEFINED; + /* routing table id */ + + r6->table_id = 0; + if (r6o->table_id) + { + r6->table_id = atoi(r6o->table_id); + if (r6->table_id < 0) + { + msg(M_WARN, PACKAGE_NAME "ROUTE: routing table id for network %s (%s) must be >= 0", + r6o->prefix, + r6o->table_id); + goto fail; + } + r6->flags |= RT_TABLE_DEFINED; + } + else if (rl6->spec_flags & RTSA_DEFAULT_TABLE_ID) + { + r6->table_id = rl6->default_route_table_id; + r6->flags |= RT_TABLE_DEFINED; + } + return true; fail: @@ -506,7 +547,8 @@ add_route_to_option_list(struct route_option_list *l, const char *network, const char *netmask, const char *gateway, - const char *metric) + const char *metric, + const char *table_id) { struct route_option *ro; ALLOC_OBJ_GC(ro, struct route_option, l->gc); @@ -514,6 +556,7 @@ add_route_to_option_list(struct route_option_list *l, ro->netmask = netmask; ro->gateway = gateway; ro->metric = metric; + ro->table_id = table_id; ro->next = l->routes; l->routes = ro; @@ -523,13 +566,15 @@ void add_route_ipv6_to_option_list(struct route_ipv6_option_list *l, const char *prefix, const char *gateway, - const char *metric) + const char *metric, + const char *table_id) { struct route_ipv6_option *ro; ALLOC_OBJ_GC(ro, struct route_ipv6_option, l->gc); ro->prefix = prefix; ro->gateway = gateway; ro->metric = metric; + ro->table_id = table_id; ro->next = l->routes_ipv6; l->routes_ipv6 = ro; } @@ -628,6 +673,7 @@ init_route_list(struct route_list *rl, const struct route_option_list *opt, const char *remote_endpoint, int default_metric, + uint32_t table_id, in_addr_t remote_host, struct env_set *es, openvpn_net_ctx_t *ctx) @@ -651,6 +697,12 @@ init_route_list(struct route_list *rl, rl->spec.flags |= RTSA_DEFAULT_METRIC; } + if (table_id) + { + rl->spec.table_id = table_id; + rl->spec.flags |= RTSA_DEFAULT_TABLE_ID; + } + get_default_gateway(&rl->rgi, ctx); if (rl->rgi.flags & RGI_ADDR_DEFINED) { @@ -784,6 +836,7 @@ init_route_ipv6_list(struct route_ipv6_list *rl6, const struct route_ipv6_option_list *opt6, const char *remote_endpoint, int default_metric, + uint32_t table_id, const struct in6_addr *remote_host_ipv6, struct env_set *es, openvpn_net_ctx_t *ctx) @@ -808,6 +861,12 @@ init_route_ipv6_list(struct route_ipv6_list *rl6, rl6->spec_flags |= RTSA_DEFAULT_METRIC; } + if (table_id) + { + rl6->default_route_table_id = table_id; + rl6->spec_flags |= RTSA_DEFAULT_TABLE_ID; + } + msg(D_ROUTE, "GDG6: remote_host_ipv6=%s", remote_host_ipv6 ? print_in6_addr(*remote_host_ipv6, 0, &gc) : "n/a" ); @@ -1598,9 +1657,15 @@ add_route(struct route_ipv4 *r, metric = r->metric; } + uint32_t table_id = 0; + if (r->flags & RT_TABLE_DEFINED) + { + table_id = r->table_id; + } + status = RTA_SUCCESS; int ret = net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask), - &r->gateway, iface, 0, metric); + &r->gateway, iface, table_id, metric); if (ret == -EEXIST) { msg(D_ROUTE, "NOTE: Linux route add command failed because route exists"); @@ -1978,10 +2043,16 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, metric = r6->metric; } + uint32_t table_id = 0; + if ((r6->flags & RT_TABLE_DEFINED) && (r6->table_id > 0)) + { + table_id = r6->table_id; + } + status = RTA_SUCCESS; int ret = net_route_v6_add(ctx, &r6->network, r6->netbits, gateway_needed ? &r6->gateway : NULL, - device, 0, metric); + device, table_id, metric); if (ret == -EEXIST) { msg(D_ROUTE, "NOTE: Linux route add command failed because route exists"); @@ -2186,8 +2257,14 @@ delete_route(struct route_ipv4 *r, metric = r->metric; } + uint32_t table_id = 0; + if (r->flags & RT_TABLE_DEFINED) + { + table_id = r->table_id; + } + if (net_route_v4_del(ctx, &r->network, netmask_to_netbits2(r->netmask), - &r->gateway, NULL, 0, metric) < 0) + &r->gateway, NULL, table_id, metric) < 0) { msg(M_WARN, "ERROR: Linux route delete command failed"); } @@ -2361,7 +2438,7 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, { gateway_needed = true; } -#endif +#endif /* ifndef _WIN32 */ struct gc_arena gc = gc_new(); struct argv argv = argv_new(); @@ -2398,8 +2475,16 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, metric = r6->metric; } + uint32_t table_id = 0; + if (r6->flags & RT_TABLE_DEFINED) + { + table_id = r6->table_id; + } + + + if (net_route_v6_del(ctx, &r6->network, r6->netbits, - gateway_needed ? &r6->gateway : NULL, device, 0, + gateway_needed ? &r6->gateway : NULL, device, table_id, metric) < 0) { msg(M_WARN, "ERROR: Linux route v6 delete command failed"); diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 71b4cf4e..b97764db 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -63,12 +63,14 @@ struct route_special_addr #define RTSA_REMOTE_ENDPOINT (1<<0) #define RTSA_REMOTE_HOST (1<<1) #define RTSA_DEFAULT_METRIC (1<<2) +#define RTSA_DEFAULT_TABLE_ID (1<<3) unsigned int flags; in_addr_t remote_endpoint; in_addr_t remote_host; int remote_host_local; /* TLA_x value */ struct route_bypass bypass; + uint32_t table_id; int default_metric; }; @@ -77,6 +79,7 @@ struct route_option { const char *network; const char *netmask; const char *gateway; + const char *table_id; const char *metric; }; @@ -92,6 +95,7 @@ struct route_option { struct route_option_list { unsigned int flags; /* RG_x flags */ + struct route_option *routes; struct gc_arena *gc; }; @@ -101,6 +105,7 @@ struct route_ipv6_option { const char *prefix; /* e.g. "2001:db8:1::/64" */ const char *gateway; /* e.g. "2001:db8:0::2" */ const char *metric; /* e.g. "5" */ + const char *table_id; }; struct route_ipv6_option_list { @@ -113,12 +118,14 @@ struct route_ipv4 { #define RT_DEFINED (1<<0) #define RT_ADDED (1<<1) #define RT_METRIC_DEFINED (1<<2) +#define RT_TABLE_DEFINED (1<<3) struct route_ipv4 *next; unsigned int flags; const struct route_option *option; in_addr_t network; in_addr_t netmask; in_addr_t gateway; + uint32_t table_id; int metric; }; @@ -129,6 +136,7 @@ struct route_ipv6 { unsigned int netbits; struct in6_addr gateway; int metric; + uint32_t table_id; /* gateway interface */ #ifdef _WIN32 DWORD adapter_index; /* interface or ~0 if undefined */ @@ -223,6 +231,7 @@ struct route_ipv6_list { struct in6_addr remote_endpoint_ipv6; /* inside tun */ struct in6_addr remote_host_ipv6; /* --remote address */ int default_metric; + uint32_t default_route_table_id; struct route_ipv6_gateway_info rgi6; unsigned int flags; /* RG_x flags, see route_option_list */ @@ -271,17 +280,20 @@ void add_route_to_option_list(struct route_option_list *l, const char *network, const char *netmask, const char *gateway, - const char *metric); + const char *metric, + const char *table_id); void add_route_ipv6_to_option_list(struct route_ipv6_option_list *l, const char *prefix, const char *gateway, - const char *metric); + const char *metric, + const char *table_id); bool init_route_list(struct route_list *rl, const struct route_option_list *opt, const char *remote_endpoint, int default_metric, + uint32_t table_id, in_addr_t remote_host, struct env_set *es, openvpn_net_ctx_t *ctx); @@ -290,6 +302,7 @@ bool init_route_ipv6_list(struct route_ipv6_list *rl6, const struct route_ipv6_option_list *opt6, const char *remote_endpoint, int default_metric, + uint32_t table_id, const struct in6_addr *remote_host, struct env_set *es, openvpn_net_ctx_t *ctx); -- 2.37.2 |
| From: Gert D. <ge...@gr...> - 2023-03-29 09:41:30 |
I have only loosely followed the discussion, but since this has an ACK *and* passes all GHA compiles and tests, this is good enough for me :-) I have added the "co-authored-by" as requested. Your patch has been applied to the master branch. commit 846951665a60424b98097ad0a77ec6cb1c3d05ac Author: Selva Nair Date: Mon Mar 27 07:49:37 2023 -0400 Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Message-Id: <202...@gm...> URL: https://www.mail-archive.com/ope...@li.../msg26525.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering |
| From: Gert D. <ge...@gr...> - 2023-03-29 09:23:36 |
Having pkcs#11 tests available is most welcome. This said, I have not really looked into "how can I make this do things for my test beds?", but will do... With the #if HAVE_SOFTHSM2, this does not actually do anything for most build environments yet, but patch 3/3 will enable it for GHA Ubuntu 20/22 builds. Your patch has been applied to the master branch. commit 3013fde1c8290830d424b9f4ea84ee7c7dbfb75e Author: Selva Nair Date: Wed Mar 22 18:14:55 2023 -0400 Unit tests: Test for PKCS#11 using a softhsm2 token Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Message-Id: <202...@gm...> URL: https://www.mail-archive.com/ope...@li.../msg26483.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering |
| From: Gert D. <ge...@gr...> - 2023-03-29 09:23:35 |
Ran this through GHA, it claims success, and claims having tested this... [==========] Running 3 test(s). Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 347291425 [ RUN ] test_pkcs11_ids [ OK ] test_pkcs11_ids [ RUN ] test_tls_ctx_use_pkcs11 [ OK ] test_tls_ctx_use_pkcs11 [ RUN ] test_tls_ctx_use_pkcs11__management [ OK ] test_tls_ctx_use_pkcs11__management Found token (b36c3fa5-a027-3fc0-2be4-05ee94b33f21) with matching token label. The token (softhsm2_tokens_53u42S/b36c3fa5-a027-3fc0-2be4-05ee94b33f21) has been deleted. [ PASSED ] 3 test(s). [==========] 3 test(s) run. PASS: pkcs11_testdriver .. very nice! Your patch has been applied to the master branch. commit 9283c3980ff543e20f76fdfb4f4e59d5a9162d62 Author: Selva Nair Date: Wed Mar 22 18:14:56 2023 -0400 Enable pkcs11 an dtest_pkcs11 in github actions Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Message-Id: <202...@gm...> URL: https://www.mail-archive.com/ope...@li.../msg26485.html Signed-off-by: Gert Doering <ge...@gr...> -- kind regards, Gert Doering |
| From: Frank L. <fr...@li...> - 2023-03-29 09:05:05 |
Since we use strlen() to determine the length and then check it ourselves, there is really no point in using strncpy. But the compiler might complain that we use the output of strlen() for the length of strncpy which is usually a sign for bugs: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=] Warning was at least triggered for mingw-gcc version 10-win32 20220113. Signed-off-by: Frank Lichtenheld <fr...@li...> --- src/openvpn/buffer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) v2: - make len size_t and change code to avoid any theoretical overflows - remove useless casts diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index d099795b..886eb2c3 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -316,10 +316,10 @@ buf_catrunc(struct buffer *buf, const char *str) { if (buf_forward_capacity(buf) <= 1) { - int len = (int) strlen(str) + 1; + size_t len = strlen(str); if (len < buf_forward_capacity_total(buf)) { - strncpynt((char *)(buf->data + buf->capacity - len), str, len); + memcpy(buf->data + buf->capacity - len - 1, str, len + 1); } } } -- 2.34.1 |
