Date: Mon, 25 Feb 2019 05:07:09 +0000 (UTC) From: Koichiro Iwao <meta@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r493835 - in head/security: . softether softether-devel softether5 softether5/files Message-ID: <201902250507.x1P5796L092763@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: meta Date: Mon Feb 25 05:07:08 2019 New Revision: 493835 URL: https://svnweb.freebsd.org/changeset/ports/493835 Log: New port: security/softether5: SoftEther VPN 5 (Developer Edition) SoftEther VPN ("SoftEther" means "Software Ethernet") is an open-source cross-platform multi-protocol VPN program, created as an academic project in the University of Tsukuba. Its protocol is very fast and it can be used in very restricted environments, as it's able to transfer packets over DNS and ICMP. A NAT-Traversal function is also available, very useful in case the required ports cannot be opened on the firewall. The supported third party protocols are OpenVPN, L2TP/IPSec and SSTP. This port is a bleeding-edge developer version of SoftEther, not for production use. If you're looking for a solid and stable version, use security/softether (RTM version) or security/softether-devel (stable version) instead. This version is available also on other other than i386/amd64 processors. Users who want to use SoftEther on single board computers such as Raspberry Pi, BeagleBoard or other embedded devices, try this port. WWW: https://www.softether.org Added: head/security/softether5/ head/security/softether5/Makefile (contents, props changed) head/security/softether5/distinfo (contents, props changed) head/security/softether5/files/ head/security/softether5/files/extra-patch-unrestrict-enterprise-functions (contents, props changed) head/security/softether5/files/patch-chain-certs-dir (contents, props changed) head/security/softether5/files/patch-piddir (contents, props changed) head/security/softether5/files/patch-use-system-cpu_features (contents, props changed) head/security/softether5/files/pkg-message.in (contents, props changed) head/security/softether5/files/softether_bridge.in (contents, props changed) head/security/softether5/files/softether_client.in (contents, props changed) head/security/softether5/files/softether_server.in (contents, props changed) head/security/softether5/pkg-descr (contents, props changed) head/security/softether5/pkg-plist (contents, props changed) Modified: head/security/Makefile head/security/softether-devel/Makefile head/security/softether/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Mon Feb 25 03:20:32 2019 (r493834) +++ head/security/Makefile Mon Feb 25 05:07:08 2019 (r493835) @@ -1258,6 +1258,7 @@ SUBDIR += snuffleupagus SUBDIR += softether SUBDIR += softether-devel + SUBDIR += softether5 SUBDIR += softhsm SUBDIR += softhsm2 SUBDIR += sops Modified: head/security/softether-devel/Makefile ============================================================================== --- head/security/softether-devel/Makefile Mon Feb 25 03:20:32 2019 (r493834) +++ head/security/softether-devel/Makefile Mon Feb 25 05:07:08 2019 (r493835) @@ -36,7 +36,7 @@ OPTIONS_DEFINE= DOCS UNLOCK UNLOCK_DESC= Unlock regional lockout (JP and CN) UNLOCK_EXTRA_PATCHES= ${FILESDIR}/extra-patch-unrestrict-enterprise-functions -CONFLICTS_INSTALL= softether +CONFLICTS_INSTALL= softether-4.* softether5 PORTDOCS= AUTHORS.TXT ChangeLog LICENSE README THIRD_PARTY.TXT WARNING.TXT LOGDIR?= /var/log/softether Modified: head/security/softether/Makefile ============================================================================== --- head/security/softether/Makefile Mon Feb 25 03:20:32 2019 (r493834) +++ head/security/softether/Makefile Mon Feb 25 05:07:08 2019 (r493835) @@ -36,7 +36,7 @@ OPTIONS_DEFINE= DOCS UNLOCK UNLOCK_DESC= Unlock regional lockout (JP and CN) UNLOCK_EXTRA_PATCHES= ${FILESDIR}/extra-patch-unrestrict-enterprise-functions -CONFLICTS_INSTALL= softether-devel +CONFLICTS_INSTALL= softether-devel-4.* softether5 PORTDOCS= AUTHORS.TXT ChangeLog LICENSE README THIRD_PARTY.TXT WARNING.TXT LOGDIR?= /var/log/softether Added: head/security/softether5/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/Makefile Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,109 @@ +# $FreeBSD$ + +PORTNAME= softether +DISTVERSION= 5.01.9669 +CATEGORIES= security +PKGNAMESUFFIX= 5 + +MAINTAINER= meta@FreeBSD.org +COMMENT= SoftEther VPN 5 (Developer Edition) + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${LOCALBASE}/include/cpu_features_macros.h:devel/cpu_features + +USES+= cmake:noninja dos2unix iconv:wchar_t localbase:ldflags ncurses readline ssl +USE_RC_SUBR= softether_bridge softether_client softether_server +USE_LDCONFIG= yes +USE_GITHUB= yes + +DOS2UNIX_GLOB= *.h *.c + +GH_ACCOUNT= SoftEtherVPN +GH_PROJECT= SoftEtherVPN + +OPTIONS_DEFINE= DOCS UNLOCK + +# Use of some functions in Japan and China is restricted. +# This option Unlocks regional lockout following functions: +# - RADIUS / NT Domain user authentication function +# - RSA certificate user authentication function +# - Deep-inspect packet logging function +# - Source IP address control list function +# - syslog transfer function +UNLOCK_DESC= Unlock regional lockout (JP and CN) +UNLOCK_EXTRA_PATCHES= ${FILESDIR}/extra-patch-unrestrict-enterprise-functions + +PORTDOCS= DISCLAIMER.md WARNING.TXT +CONFLICTS_INSTALL= softether-4.[0-9]* softether-devel-4.[0-9]* + +SE_DBDIR?= /var/db/${PORTNAME} +SE_LOGDIR?= /var/log/${PORTNAME} +PLIST_SUB= SE_DBDIR="${SE_DBDIR}" SE_LOGDIR="${SE_LOGDIR}" +SUB_LIST= SE_DBDIR="${SE_DBDIR}" SE_LOGDIR="${SE_LOGDIR}" +SUB_FILES= pkg-message + +.include <bsd.port.options.mk> + +pre-configure: + # not a GNU configure + @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ./configure + +post-patch: + # SoftEther scatters logs, config files and PID files in PREFIX/libexec + # directory. To write them in the right place, replace it. + ${REINPLACE_CMD} \ + -e "s|@vpn_server_template|${SE_DBDIR}/vpn_server_template|" \ + -e "s|@vpn_server|${SE_DBDIR}/vpn_server|" \ + -e "s|@vpn_bridge|${SE_DBDIR}/vpn_bridge|" \ + -e "s|@vpn_gate_svc|${SE_DBDIR}/vpn_gate_svc|" \ + -e "s|@vpn_gate_relay|${SE_DBDIR}/vpn_gate_relay|" \ + ${WRKSRC}/src/Cedar/Server.c + + ${REINPLACE_CMD} \ + -e "s|@adminip|${SE_DBDIR}/adminip|" \ + -e "s|@etherlogger|${SE_DBDIR}/etherlogger|" \ + -e "s|@vpn_client|${SE_DBDIR}/vpn_client|" \ + -e "s|@vpn_router|${SE_DBDIR}/vpn_router|" \ + -e "s|@custom|${SE_DBDIR}/custom|" \ + -e "s|@backup|${SE_DBDIR}/backup|" \ + -e "s|@save_binary|${SE_DBDIR}/save_binary|" \ + -e "s|@lang|${SE_DBDIR}/lang|" \ + -e "s|@azureserver|${SE_DBDIR}/azureserver|" \ + -e "s|@server_log|${DIR}/server|" \ + -e "s|@security_log|${SE_LOGDIR}/security|" \ + -e "s|@packet_log|${SE_LOGDIR}/packet|" \ + -e "s|@secure_nat_log|${SE_LOGDIR}/secure_nat|" \ + -e "s|@client_log|${SE_LOGDIR}/client|" \ + -e "s|@tiny_log|${SE_LOGDIR}/tiny|" \ + -e "s|@carrier_log|${SE_LOGDIR}/carrier|" \ + -e "s|@etherlogger_log|${SE_LOGDIR}/etherlogger|" \ + ${WRKSRC}/src/Cedar/Cedar.h \ + ${WRKSRC}/src/Cedar/Client.h \ + ${WRKSRC}/src/Cedar/Nat.h \ + ${WRKSRC}/src/Cedar/Server.c \ + ${WRKSRC}/src/Mayaqua/Cfg.c \ + ${WRKSRC}/src/Mayaqua/Cfg.h \ + ${WRKSRC}/src/Mayaqua/Table.h + + ${REINPLACE_CMD} \ + -e "s|abort_error_log\.txt|${SE_LOGDIR}/abort_error_log.txt|" \ + ${WRKSRC}/src/Mayaqua/Kernel.c + + ${REINPLACE_CMD} \ + -e "s|%%SE_DBDIR%%|${SE_DBDIR}|g" \ + ${WRKSRC}/src/Cedar/Protocol.c \ + ${WRKSRC}/src/Mayaqua/Unix.c \ + ${WRKSRC}/src/Mayaqua/Network.c + +post-install: + @${MKDIR} ${STAGEDIR}${SE_LOGDIR} ${STAGEDIR}${SE_DBDIR} + +post-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} +.for doc in ${PORTDOCS} + ${FIND} ${WRKSRC} -name ${doc} -exec ${INSTALL_DATA} {} ${STAGEDIR}${DOCSDIR} \; +.endfor + +.include <bsd.port.mk> Added: head/security/softether5/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/distinfo Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,3 @@ +TIMESTAMP = 1549591284 +SHA256 (SoftEtherVPN-SoftEtherVPN-5.01.9669_GH0.tar.gz) = e40597094bd551767043fd5a8553ca03bfb5ab3938ea2523414d03b1bb7fddd5 +SIZE (SoftEtherVPN-SoftEtherVPN-5.01.9669_GH0.tar.gz) = 65709105 Added: head/security/softether5/files/extra-patch-unrestrict-enterprise-functions ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/files/extra-patch-unrestrict-enterprise-functions Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,27 @@ +--- src/Cedar/Server.c.orig 2019-02-04 04:43:50.000000000 +0900 ++++ src/Cedar/Server.c 2019-02-15 17:50:18.825945000 +0900 +@@ -10566,23 +10566,7 @@ + // + bool SiIsEnterpriseFunctionsRestrictedOnOpenSource(CEDAR *c) + { +- char region[128]; +- bool ret = false; +- // Validate arguments +- if (c == NULL) +- { +- return false; +- } +- +- +- SiGetCurrentRegion(c, region, sizeof(region)); +- +- if (StrCmpi(region, "JP") == 0 || StrCmpi(region, "CN") == 0) +- { +- ret = true; +- } +- +- return ret; ++ return false; + } + + // Update the current region Added: head/security/softether5/files/patch-chain-certs-dir ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/files/patch-chain-certs-dir Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,31 @@ +--- src/Cedar/Protocol.c.orig 2019-02-03 19:43:50 UTC ++++ src/Cedar/Protocol.c +@@ -58,7 +58,7 @@ bool TryGetRootCertChain(LIST *o, X *x, bool auto_save + wchar_t exedir[MAX_SIZE]; + + GetExeDirW(exedir, sizeof(exedir)); +- CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); ++ CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs"); + MakeDirExW(dirname); + + if (auto_save) +@@ -365,7 +365,7 @@ void AddAllChainCertsToCertList(LIST *o) + + GetExeDirW(exedir, sizeof(exedir)); + +- CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); ++ CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs"); + + MakeDirExW(dirname); + +--- src/Mayaqua/Network.c.orig 2019-02-03 19:43:50 UTC ++++ src/Mayaqua/Network.c +@@ -11520,7 +11520,7 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx + + GetExeDirW(exedir, sizeof(exedir)); + +- CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); ++ CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs"); + + MakeDirExW(dirname); + Added: head/security/softether5/files/patch-piddir ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/files/patch-piddir Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,29 @@ +--- src/Mayaqua/Unix.c.orig 2019-02-03 19:43:50 UTC ++++ src/Mayaqua/Unix.c +@@ -774,7 +774,7 @@ void *UnixNewSingleInstance(char *instance_name) + GetExeDir(dir, sizeof(dir)); + + // File name generation +- Format(name, sizeof(name), "%s/.%s", dir, tmp); ++ Format(name, sizeof(name), "/var/db/softether/.%s", tmp); + + fd = open(name, O_WRONLY); + if (fd == -1) +@@ -2194,7 +2194,7 @@ void UnixGenPidFileName(char *name, UINT size) + Md5(hash, exe_name, StrLen(exe_name)); + BinToStr(tmp1, sizeof(tmp1), hash, sizeof(hash)); + +- Format(name, size, "%s/.pid_%s", dir, tmp1); ++ Format(name, size, "/var/db/softether/.pid_%s", tmp1); + } + + // Delete the PID file +@@ -2239,7 +2239,7 @@ void UnixGenCtlFileName(char *name, UINT size) + Md5(hash, exe_name, StrLen(exe_name)); + BinToStr(tmp1, sizeof(tmp1), hash, sizeof(hash)); + +- Format(name, size, "%s/.ctl_%s", dir, tmp1); ++ Format(name, size, "/var/db/softether/.ctl_%s", tmp1); + } + + // Write the CTL file Added: head/security/softether5/files/patch-use-system-cpu_features ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/files/patch-use-system-cpu_features Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,18 @@ +--- src/Mayaqua/CMakeLists.txt.orig 2019-02-03 19:43:50 UTC ++++ src/Mayaqua/CMakeLists.txt +@@ -63,14 +63,10 @@ if(UNIX) + + find_library(LIB_RT rt) + +- target_link_libraries(mayaqua PRIVATE OpenSSL::SSL OpenSSL::Crypto Threads::Threads ZLIB::ZLIB) ++ target_link_libraries(mayaqua PRIVATE OpenSSL::SSL OpenSSL::Crypto Threads::Threads ZLIB::ZLIB cpu_features) + + if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(armv7l|aarch64|s390x)$" OR NOT HAVE_SYS_AUXV) + add_definitions(-DSKIP_CPU_FEATURES) +- else() +- add_subdirectory(3rdparty/cpu_features) +- set_property(TARGET cpu_features PROPERTY POSITION_INDEPENDENT_CODE ON) +- target_link_libraries(mayaqua PRIVATE cpu_features) + endif() + + if(LIB_RT) Added: head/security/softether5/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/files/pkg-message.in Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,24 @@ +************************************************************************** + +To run softether vpn client from startup, run +sysrc softether_client_enable=yes + +To run softether vpn server from startup, run +sysrc softether_server_enable=yes + +To run softether vpn bridge from startup, run +sysrc softether_bridge_enable=yes + +Initial and further configuration of all softether services can be +done either by using a Windows client to connect to the running +services or by vpncmd from command line. + +Please note client and bridge functionality is not fully +supported on FreeBSD right now. + +When removing SoftEther VPN without the desire to reinstall, please +ensure to remove the following dirctories as well: +- %%SE_DBDIR%% +- %%SE_LOGDIR%% + +************************************************************************** Added: head/security/softether5/files/softether_bridge.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/files/softether_bridge.in Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,36 @@ +#!/bin/sh + +# PROVIDE: softether_bridge +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable softether_bridge: +# softether_bridge_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable +# +. /etc/rc.subr + +name=softether_bridge +rcvar=softether_bridge_enable +load_rc_config ${name} + +: ${softether_bridge_enable:=NO} + +command="%%PREFIX%%/libexec/softether/vpnbridge/vpnbridge" + +datadir="/var/db/softether" + +start_precmd="${name}_precmd" +start_cmd="${command} start" +stop_cmd="${command} stop" + +softether_bridge_precmd() +{ + if [ ! -d "${datadir}" ]; then + mkdir -p ${datadir} + fi +} + +run_rc_command "$1" Added: head/security/softether5/files/softether_client.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/files/softether_client.in Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,36 @@ +#!/bin/sh + +# PROVIDE: softether_client +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable softether_client: +# softether_client_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable +# +. /etc/rc.subr + +name=softether_client +rcvar=softether_client_enable +load_rc_config ${name} + +: ${softether_client_enable:=NO} + +command="%%PREFIX%%/libexec/softether/vpnclient/vpnclient" + +datadir="/var/db/softether" + +start_precmd="${name}_precmd" +start_cmd="${command} start" +stop_cmd="${command} stop" + +softether_client_precmd() +{ + if [ ! -d "${datadir}" ]; then + mkdir -p ${datadir} + fi +} + +run_rc_command "$1" Added: head/security/softether5/files/softether_server.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/files/softether_server.in Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,36 @@ +#!/bin/sh + +# PROVIDE: softether_server +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable softether_server: +# softether_server_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable +# +. /etc/rc.subr + +name=softether_server +rcvar=softether_server_enable +load_rc_config ${name} + +: ${softether_server_enable:=NO} + +command="%%PREFIX%%/libexec/softether/vpnserver/vpnserver" + +datadir="/var/db/softether" + +start_precmd="${name}_precmd" +start_cmd="${command} start" +stop_cmd="${command} stop" + +softether_server_precmd() +{ + if [ ! -d "${datadir}" ]; then + mkdir -p ${datadir} + fi +} + +run_rc_command "$1" Added: head/security/softether5/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/pkg-descr Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,18 @@ +SoftEther VPN ("SoftEther" means "Software Ethernet") is an +open-source cross-platform multi-protocol VPN program, created as an +academic project in the University of Tsukuba. Its protocol is very +fast and it can be used in very restricted environments, as it's able +to transfer packets over DNS and ICMP. A NAT-Traversal function is +also available, very useful in case the required ports cannot be +opened on the firewall. The supported third party protocols are +OpenVPN, L2TP/IPSec and SSTP. + +This port is a bleeding-edge developer version of SoftEther, not for +production use. If you're looking for a solid and stable version, +use security/softether (RTM version) or security/softether-devel +(stable version) instead. This version is available also on other +other than i386/amd64 processors. Users who want to use SoftEther on +single board computers such as Raspberry Pi, BeagleBoard or other +embedded devices, try this port. + +WWW: https://www.softether.org Added: head/security/softether5/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/softether5/pkg-plist Mon Feb 25 05:07:08 2019 (r493835) @@ -0,0 +1,20 @@ +bin/vpnbridge +bin/vpnclient +bin/vpncmd +bin/vpnserver +lib/libcedar.so +lib/libmayaqua.so +libexec/softether/vpnbridge/hamcore.se2 +libexec/softether/vpnbridge/vpnbridge +libexec/softether/vpnclient/hamcore.se2 +libexec/softether/vpnclient/vpnclient +libexec/softether/vpncmd/hamcore.se2 +libexec/softether/vpncmd/vpncmd +libexec/softether/vpnserver/hamcore.se2 +libexec/softether/vpnserver/vpnserver +@dir libexec/softether/vpnbridge +@dir libexec/softether/vpnclient +@dir libexec/softether/vpncmd +@dir libexec/softether/vpnserver +@dir %%SE_DBDIR%% +@dir %%SE_LOGDIR%%
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902250507.x1P5796L092763>