ports/88488: [MAINTAINER] security/openvpn: support self-tests in jail

Fri Nov 4 13:10:15 UTC 2005

>Number:         88488
>Category:       ports
>Synopsis:       [MAINTAINER] security/openvpn: support self-tests in jail
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 04 13:10:13 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD libertas.emma.line.org 5.4-STABLE FreeBSD 5.4-STABLE #0: Thu Nov  3 23:33:53 CET
>Description:
This patch enables self-tests with WITH_JAIL again and patches the scripts so
they relax the Source IP checking when run in FreeBSD jails. This requires
working "uname -s" and "sysctl -n security.jail.jailed".

The script updates have been submitted upstream to the openvpn-devel@ mailing
list for inclusion into the next release.

Added file(s):
- files/patch-tests-for-jail

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- openvpn-2.0.5_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile
--- /usr/ports/security/openvpn/Makefile	Fri Nov  4 11:43:09 2005
+++ /usr/home/emma/ports/security/openvpn/Makefile	Fri Nov  4 13:51:42 2005
@@ -7,6 +7,7 @@
 
 PORTNAME=	openvpn
 PORTVERSION=	2.0.5
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	http://openvpn.net/release/
 
@@ -44,10 +45,8 @@
 .endif
 
 # self-tests here
-.if !defined(WITH_JAIL)
 post-build:
 	cd ${WRKSRC} && ${MAKE} check
-.endif
 
 post-install:
 .if !defined(NOPORTDOCS)
diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/patch-tests-for-jail /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail
--- /usr/ports/security/openvpn/files/patch-tests-for-jail	Thu Jan  1 01:00:00 1970
+++ /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail	Fri Nov  4 13:50:36 2005
@@ -0,0 +1,63 @@
+Index: t_lpback.sh
+===================================================================
+--- t_lpback.sh	(revision 774)
++++ t_lpback.sh	(working copy)
+@@ -19,11 +19,13 @@
+ # 02110-1301, USA.
+ 
+ set -e
+-trap "rm -f key.$$ log.$$ ; false" 1 2 3 15
++trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
++trap "rm -f key.$$ log.$$ ; exit 1" 0 3
+ ./openvpn --genkey --secret key.$$
+ set +e
+ ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1
+ e=$?
+ if [ $e != 0 ] ; then cat log.$$ ; fi
+-rm key.$$
++rm key.$$ log.$$
++trap 0
+ exit $e
+Index: t_cltsrv.sh
+===================================================================
+--- t_cltsrv.sh	(revision 774)
++++ t_cltsrv.sh	(working copy)
+@@ -20,19 +20,33 @@
+ 
+ set -e
+ echo "the following test will run about two minutes..." >&2
+-trap "rm -f log.$$ ; false" 1 2 3 15
++trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
++trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
++addopts=
++case `uname -s` in
++    FreeBSD)
++    # FreeBSD jails map the outgoing IP to the jail IP - we need to
++    # allow the real IP unless we want the test to run forever.
++    if test `sysctl -n security.jail.jailed` != 0 ; then
++	addopts="--float"
++    fi
++    ;;
++esac
+ set +e
+ (
+-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
+-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client
+-) >log.$$ 2>&1
++./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &
++./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client
++) 3>log.$$.signal >log.$$ 2>&1
+ e1=$?
+ wait $!
+ e2=$?
++grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }
++
+ set -e
+ 
+ if [ $e1 != 0 ] || [ $e2 != 0 ] ; then
+     cat log.$$
+     exit 1
+ fi
+-rm log.$$
++rm log.$$ log.$$.signal
++trap 0
--- openvpn-2.0.5_1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

