From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Nov 4 13:10:15 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23C3316A41F for ; Fri, 4 Nov 2005 13:10:15 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 380AF43D4C for ; Fri, 4 Nov 2005 13:10:14 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jA4DADS4042166 for ; Fri, 4 Nov 2005 13:10:14 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jA4DADSr042162; Fri, 4 Nov 2005 13:10:13 GMT (envelope-from gnats) Resent-Date: Fri, 4 Nov 2005 13:10:13 GMT Resent-Message-Id: <200511041310.jA4DADSr042162@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthias Andree Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C9E816A41F; Fri, 4 Nov 2005 13:04:20 +0000 (GMT) (envelope-from matthias.andree@gmx.de) Received: from mail.dt.e-technik.uni-dortmund.de (krusty.dt.E-Technik.Uni-Dortmund.DE [129.217.163.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2DFC43D45; Fri, 4 Nov 2005 13:04:19 +0000 (GMT) (envelope-from matthias.andree@gmx.de) Received: from localhost (localhost [127.0.0.1]) by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id AD8CE445AE; Fri, 4 Nov 2005 14:04:17 +0100 (CET) Received: from mail.dt.e-technik.uni-dortmund.de ([127.0.0.1]) by localhost (krusty [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05639-03; Fri, 4 Nov 2005 14:04:15 +0100 (CET) Received: from m2a2.dyndns.org (p50914360.dip0.t-ipconnect.de [80.145.67.96]) by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id 6B76344562; Fri, 4 Nov 2005 14:04:14 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by merlin.emma.line.org (Postfix) with ESMTP id 76EF1201FCE; Fri, 4 Nov 2005 14:04:13 +0100 (CET) Received: from m2a2.dyndns.org ([127.0.0.1]) by localhost (m2a2.dyndns.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20190-03; Fri, 4 Nov 2005 14:04:12 +0100 (CET) Received: from libertas.emma.line.org (libertas.emma.line.org [192.168.1.2]) by merlin.emma.line.org (Postfix) with ESMTP id 6E5A0201F47; Fri, 4 Nov 2005 14:04:12 +0100 (CET) Received: from emma by libertas.emma.line.org with local (Exim 4.54 (FreeBSD)) id 1EY1Ep-000Abl-RJ; Fri, 04 Nov 2005 14:04:11 +0100 Message-Id: Date: Fri, 04 Nov 2005 14:04:11 +0100 From: Matthias Andree Sender: Matthias Andree To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: dinoex@FreeBSD.org Subject: ports/88488: [MAINTAINER] security/openvpn: support self-tests in jail X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Nov 2005 13:10:15 -0000 >Number: 88488 >Category: ports >Synopsis: [MAINTAINER] security/openvpn: support self-tests in jail >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Nov 04 13:10:13 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD libertas.emma.line.org 5.4-STABLE FreeBSD 5.4-STABLE #0: Thu Nov 3 23:33:53 CET >Description: This patch enables self-tests with WITH_JAIL again and patches the scripts so they relax the Source IP checking when run in FreeBSD jails. This requires working "uname -s" and "sysctl -n security.jail.jailed". The script updates have been submitted upstream to the openvpn-devel@ mailing list for inclusion into the next release. Added file(s): - files/patch-tests-for-jail Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: >Fix: --- openvpn-2.0.5_1.patch begins here --- diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile --- /usr/ports/security/openvpn/Makefile Fri Nov 4 11:43:09 2005 +++ /usr/home/emma/ports/security/openvpn/Makefile Fri Nov 4 13:51:42 2005 @@ -7,6 +7,7 @@ PORTNAME= openvpn PORTVERSION= 2.0.5 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://openvpn.net/release/ @@ -44,10 +45,8 @@ .endif # self-tests here -.if !defined(WITH_JAIL) post-build: cd ${WRKSRC} && ${MAKE} check -.endif post-install: .if !defined(NOPORTDOCS) diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/patch-tests-for-jail /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail --- /usr/ports/security/openvpn/files/patch-tests-for-jail Thu Jan 1 01:00:00 1970 +++ /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail Fri Nov 4 13:50:36 2005 @@ -0,0 +1,63 @@ +Index: t_lpback.sh +=================================================================== +--- t_lpback.sh (revision 774) ++++ t_lpback.sh (working copy) +@@ -19,11 +19,13 @@ + # 02110-1301, USA. + + set -e +-trap "rm -f key.$$ log.$$ ; false" 1 2 3 15 ++trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15 ++trap "rm -f key.$$ log.$$ ; exit 1" 0 3 + ./openvpn --genkey --secret key.$$ + set +e + ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1 + e=$? + if [ $e != 0 ] ; then cat log.$$ ; fi +-rm key.$$ ++rm key.$$ log.$$ ++trap 0 + exit $e +Index: t_cltsrv.sh +=================================================================== +--- t_cltsrv.sh (revision 774) ++++ t_cltsrv.sh (working copy) +@@ -20,19 +20,33 @@ + + set -e + echo "the following test will run about two minutes..." >&2 +-trap "rm -f log.$$ ; false" 1 2 3 15 ++trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15 ++trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3 ++addopts= ++case `uname -s` in ++ FreeBSD) ++ # FreeBSD jails map the outgoing IP to the jail IP - we need to ++ # allow the real IP unless we want the test to run forever. ++ if test `sysctl -n security.jail.jailed` != 0 ; then ++ addopts="--float" ++ fi ++ ;; ++esac + set +e + ( +-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server & +-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client +-) >log.$$ 2>&1 ++./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server & ++./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client ++) 3>log.$$.signal >log.$$ 2>&1 + e1=$? + wait $! + e2=$? ++grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; } ++ + set -e + + if [ $e1 != 0 ] || [ $e2 != 0 ] ; then + cat log.$$ + exit 1 + fi +-rm log.$$ ++rm log.$$ log.$$.signal ++trap 0 --- openvpn-2.0.5_1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: