ports/88488: [MAINTAINER] security/openvpn: support self-tests in jail
Matthias Andree
matthias.andree at gmx.de
Fri Nov 4 13:10:15 UTC 2005
>Number: 88488
>Category: ports
>Synopsis: [MAINTAINER] security/openvpn: support self-tests in jail
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Nov 04 13:10:13 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Matthias Andree
>Release: FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD libertas.emma.line.org 5.4-STABLE FreeBSD 5.4-STABLE #0: Thu Nov 3 23:33:53 CET
>Description:
This patch enables self-tests with WITH_JAIL again and patches the scripts so
they relax the Source IP checking when run in FreeBSD jails. This requires
working "uname -s" and "sysctl -n security.jail.jailed".
The script updates have been submitted upstream to the openvpn-devel@ mailing
list for inclusion into the next release.
Added file(s):
- files/patch-tests-for-jail
Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:
--- openvpn-2.0.5_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile
--- /usr/ports/security/openvpn/Makefile Fri Nov 4 11:43:09 2005
+++ /usr/home/emma/ports/security/openvpn/Makefile Fri Nov 4 13:51:42 2005
@@ -7,6 +7,7 @@
PORTNAME= openvpn
PORTVERSION= 2.0.5
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= http://openvpn.net/release/
@@ -44,10 +45,8 @@
.endif
# self-tests here
-.if !defined(WITH_JAIL)
post-build:
cd ${WRKSRC} && ${MAKE} check
-.endif
post-install:
.if !defined(NOPORTDOCS)
diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/patch-tests-for-jail /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail
--- /usr/ports/security/openvpn/files/patch-tests-for-jail Thu Jan 1 01:00:00 1970
+++ /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail Fri Nov 4 13:50:36 2005
@@ -0,0 +1,63 @@
+Index: t_lpback.sh
+===================================================================
+--- t_lpback.sh (revision 774)
++++ t_lpback.sh (working copy)
+@@ -19,11 +19,13 @@
+ # 02110-1301, USA.
+
+ set -e
+-trap "rm -f key.$$ log.$$ ; false" 1 2 3 15
++trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
++trap "rm -f key.$$ log.$$ ; exit 1" 0 3
+ ./openvpn --genkey --secret key.$$
+ set +e
+ ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1
+ e=$?
+ if [ $e != 0 ] ; then cat log.$$ ; fi
+-rm key.$$
++rm key.$$ log.$$
++trap 0
+ exit $e
+Index: t_cltsrv.sh
+===================================================================
+--- t_cltsrv.sh (revision 774)
++++ t_cltsrv.sh (working copy)
+@@ -20,19 +20,33 @@
+
+ set -e
+ echo "the following test will run about two minutes..." >&2
+-trap "rm -f log.$$ ; false" 1 2 3 15
++trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
++trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
++addopts=
++case `uname -s` in
++ FreeBSD)
++ # FreeBSD jails map the outgoing IP to the jail IP - we need to
++ # allow the real IP unless we want the test to run forever.
++ if test `sysctl -n security.jail.jailed` != 0 ; then
++ addopts="--float"
++ fi
++ ;;
++esac
+ set +e
+ (
+-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
+-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client
+-) >log.$$ 2>&1
++./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &
++./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client
++) 3>log.$$.signal >log.$$ 2>&1
+ e1=$?
+ wait $!
+ e2=$?
++grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }
++
+ set -e
+
+ if [ $e1 != 0 ] || [ $e2 != 0 ] ; then
+ cat log.$$
+ exit 1
+ fi
+-rm log.$$
++rm log.$$ log.$$.signal
++trap 0
--- openvpn-2.0.5_1.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list