Update to ocserv-0.12.0.
Upstream replaced the configuration parser with inih parser eliminating the dependency on gettext. OK sthen@
This commit is contained in:
parent
1f2365e27b
commit
4d41f888cf
@ -1,26 +1,25 @@
|
||||
# $OpenBSD: Makefile,v 1.32 2018/04/23 09:01:10 bket Exp $
|
||||
# $OpenBSD: Makefile,v 1.33 2018/04/25 18:31:29 bket Exp $
|
||||
|
||||
COMMENT= server implementing the AnyConnect SSL VPN protocol
|
||||
|
||||
DISTNAME= ocserv-0.11.12
|
||||
DISTNAME= ocserv-0.12.0
|
||||
EXTRACT_SUFX= .tar.xz
|
||||
|
||||
CATEGORIES= net
|
||||
|
||||
HOMEPAGE= https://ocserv.gitlab.io/www/
|
||||
|
||||
MAINTAINER= Bjorn Ketelaars <bjorn.ketelaars@hydroxide.nl>
|
||||
MAINTAINER= Bjorn Ketelaars <bket@openbsd.org>
|
||||
|
||||
# GPLv2+
|
||||
PERMIT_PACKAGE_CDROM= Yes
|
||||
|
||||
WANTLIB = c curses ev gnutls intl lz4 m nettle oath pam protobuf-c
|
||||
WANTLIB += radcli readline talloc
|
||||
WANTLIB+= c curses ev gnutls lz4 m nettle oath pam protobuf-c
|
||||
WANTLIB+= radcli readline talloc
|
||||
|
||||
MASTER_SITES= ftp://ftp.infradead.org/pub/ocserv/
|
||||
|
||||
LIB_DEPENDS= archivers/lz4 \
|
||||
devel/gettext \
|
||||
devel/libev \
|
||||
devel/libtalloc \
|
||||
devel/protobuf-c \
|
||||
@ -32,12 +31,11 @@ TEST_DEPENDS= net/openconnect \
|
||||
shells/bash \
|
||||
sysutils/coreutils
|
||||
|
||||
USE_GMAKE= Yes
|
||||
CONFIGURE_STYLE= autoconf
|
||||
CONFIGURE_ARGS= --enable-local-libopts \
|
||||
--without-docker-tests \
|
||||
CONFIGURE_ARGS= --without-docker-tests \
|
||||
--without-geoip \
|
||||
--without-http-parser \
|
||||
--without-nuttcp-tests \
|
||||
--without-pcl-lib
|
||||
|
||||
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
|
||||
@ -47,14 +45,18 @@ AUTOCONF_VERSION= 2.69
|
||||
|
||||
post-extract:
|
||||
sed -i 's,#!/bin/bash,#!${LOCALBASE}/bin/bash,' \
|
||||
${WRKSRC}/tests/test-{iroute,append-routes,user-config}
|
||||
${WRKSRC}/tests/test-{iroute,append-routes,user-config} \
|
||||
${WRKSRC}/tests/haproxy-connect \
|
||||
${WRKSRC}/tests/multiple-routes
|
||||
sed -i 's,/usr/sbin/openconnect,${LOCALBASE}/sbin/openconnect,' \
|
||||
${WRKSRC}/tests/common.sh
|
||||
sed -i 's,/etc/ocserv,${SYSCONFDIR}/ocserv,' \
|
||||
${WRKSRC}/src/ocpasswd/ocpasswd.c
|
||||
cd ${WRKSRC}; \
|
||||
sed -i 's,/usr/bin/ocserv-fw,${SYSCONFDIR}/ocserv/ocserv-fw,g' \
|
||||
src/ocserv-args.def src/main-user.c doc/ocserv.8 doc/sample.config
|
||||
sed -i 's,/usr/bin/ocserv-fw,${SYSCONFDIR}/ocserv/ocserv-fw,g' \
|
||||
${WRKSRC}/src/main-user.c \
|
||||
${WRKSRC}/doc/sample.config
|
||||
sed -i 's,/usr/bin/ocserv\\-fw,${SYSCONFDIR}/ocserv/ocserv\\-fw,g' \
|
||||
${WRKSRC}/doc/ocserv.8
|
||||
|
||||
post-install:
|
||||
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ocserv
|
||||
@ -64,6 +66,7 @@ post-install:
|
||||
${SUBST_CMD} -c -m ${SHAREMODE} -o ${SHAREOWN} -g ${SHAREGRP} \
|
||||
${WRKSRC}/doc/sample.config \
|
||||
${PREFIX}/share/examples/ocserv/sample.config
|
||||
${INSTALL_MAN} ${WRKSRC}/doc/*.8 ${PREFIX}/man/man8/
|
||||
|
||||
pre-test:
|
||||
ln -fs ${LOCALBASE}/bin/gtimeout ${WRKDIR}/bin/timeout
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (ocserv-0.11.12.tar.xz) = SRlQt7/jb8P1LBC9aAkC1l4Hda/BiaosI9j9smdKUk8=
|
||||
SIZE (ocserv-0.11.12.tar.xz) = 785956
|
||||
SHA256 (ocserv-0.12.0.tar.xz) = /btyQQEzQZdWQLuYUbFO0Wx4YClGboG3nN+84h99yJ8=
|
||||
SIZE (ocserv-0.12.0.tar.xz) = 679420
|
||||
|
@ -1,8 +1,8 @@
|
||||
$OpenBSD: patch-configure_ac,v 1.8 2017/10/10 09:20:48 sthen Exp $
|
||||
$OpenBSD: patch-configure_ac,v 1.9 2018/04/25 18:31:29 bket Exp $
|
||||
Index: configure.ac
|
||||
--- configure.ac.orig
|
||||
+++ configure.ac
|
||||
@@ -162,7 +162,7 @@ if test "$test_for_geoip" = yes;then
|
||||
@@ -168,7 +168,7 @@ if test "$test_for_geoip" = yes;then
|
||||
fi
|
||||
|
||||
have_readline=no
|
||||
|
@ -1,11 +1,11 @@
|
||||
$OpenBSD: patch-doc_sample_config,v 1.19 2018/01/12 22:28:51 sthen Exp $
|
||||
$OpenBSD: patch-doc_sample_config,v 1.20 2018/04/25 18:31:29 bket Exp $
|
||||
|
||||
no seccomp, gssapi
|
||||
|
||||
Index: doc/sample.config
|
||||
--- doc/sample.config.orig
|
||||
+++ doc/sample.config
|
||||
@@ -34,15 +34,6 @@
|
||||
@@ -35,15 +35,6 @@
|
||||
# Acct-Interim-Interval, and Session-Timeout values.
|
||||
#
|
||||
# See doc/README-radius.md for the supported radius configuration atributes.
|
||||
@ -21,16 +21,16 @@ Index: doc/sample.config
|
||||
|
||||
#auth = "pam"
|
||||
#auth = "pam[gid-min=1000]"
|
||||
@@ -55,8 +46,6 @@ auth = "plain[passwd=./sample.passwd]"
|
||||
# for authentication. That is, if set, any of the methods enabled
|
||||
# will be sufficient to login.
|
||||
@@ -58,8 +49,6 @@ auth = "plain[passwd=./sample.passwd]"
|
||||
# When multiple options are present, they are OR composed (any of them
|
||||
# succeeding allows login).
|
||||
#enable-auth = "certificate"
|
||||
-#enable-auth = "gssapi"
|
||||
-#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]"
|
||||
|
||||
# Accounting methods available:
|
||||
# radius: can be combined with any authentication method, it provides
|
||||
@@ -99,8 +88,8 @@ udp-port = 443
|
||||
@@ -102,8 +91,8 @@ udp-port = 443
|
||||
|
||||
# The user the worker processes will be run as. It should be
|
||||
# unique (no other services run as this user).
|
||||
@ -41,7 +41,7 @@ Index: doc/sample.config
|
||||
|
||||
# socket file used for IPC with occtl. You only need to set that,
|
||||
# if you use more than a single servers.
|
||||
@@ -109,7 +98,7 @@ run-as-group = daemon
|
||||
@@ -112,7 +101,7 @@ run-as-group = daemon
|
||||
# socket file used for server IPC (worker-main), will be appended with .PID
|
||||
# It must be accessible within the chroot environment (if any), so it is best
|
||||
# specified relatively to the chroot directory.
|
||||
@ -49,8 +49,8 @@ Index: doc/sample.config
|
||||
+socket-file = ${LOCALSTATEDIR}/run/ocserv-socket
|
||||
|
||||
# The default server directory. Does not require any devices present.
|
||||
#chroot-dir = /path/to/chroot
|
||||
@@ -163,16 +152,6 @@ ca-cert = ../tests/certs/ca.pem
|
||||
#chroot-dir = /var/lib/ocserv
|
||||
@@ -172,16 +161,6 @@ ca-cert = ../tests/certs/ca.pem
|
||||
### failures during the reloading time.
|
||||
|
||||
|
||||
@ -67,7 +67,7 @@ Index: doc/sample.config
|
||||
# A banner to be displayed on clients
|
||||
#banner = "Welcome"
|
||||
|
||||
@@ -328,9 +307,8 @@ min-reauth-time = 300
|
||||
@@ -337,9 +316,8 @@ min-reauth-time = 300
|
||||
# Banning clients in ocserv works with a point system. IP addresses
|
||||
# that get a score over that configured number are banned for
|
||||
# min-reauth-time seconds. By default a wrong password attempt is 10 points,
|
||||
@ -79,7 +79,7 @@ Index: doc/sample.config
|
||||
#
|
||||
# Score banning cannot be reliably used when receiving proxied connections
|
||||
# locally from an HTTP server (i.e., when listen-clear-file is used).
|
||||
@@ -344,7 +322,6 @@ ban-reset-time = 1200
|
||||
@@ -353,7 +331,6 @@ ban-reset-time = 1200
|
||||
# In case you'd like to change the default points.
|
||||
#ban-points-wrong-password = 10
|
||||
#ban-points-connection = 1
|
||||
@ -87,7 +87,7 @@ Index: doc/sample.config
|
||||
|
||||
# Cookie timeout (in seconds)
|
||||
# Once a client is authenticated he's provided a cookie with
|
||||
@@ -411,7 +388,7 @@ rekey-method = ssl
|
||||
@@ -420,7 +397,7 @@ rekey-method = ssl
|
||||
use-occtl = true
|
||||
|
||||
# PID file. It can be overridden in the command line.
|
||||
@ -96,7 +96,7 @@ Index: doc/sample.config
|
||||
|
||||
# Set the protocol-defined priority (SO_PRIORITY) for packets to
|
||||
# be sent. That is a number from 0 to 6 with 0 being the lowest
|
||||
@@ -526,6 +503,11 @@ no-route = 192.168.5.0/255.255.255.0
|
||||
@@ -535,6 +512,11 @@ no-route = 192.168.5.0/255.255.255.0
|
||||
# any other routes. In case of defaultroute, the no-routes are restricted.
|
||||
# All the routes applied by ocserv can be reverted using /etc/ocserv/ocserv-fw
|
||||
# --removeall. This option can be set globally or in the per-user configuration.
|
||||
@ -108,7 +108,7 @@ Index: doc/sample.config
|
||||
#restrict-user-to-routes = true
|
||||
|
||||
# This option implies restrict-user-to-routes set to true. If set, the
|
||||
@@ -598,23 +580,6 @@ no-route = 192.168.5.0/255.255.255.0
|
||||
@@ -607,23 +589,6 @@ no-route = 192.168.5.0/255.255.255.0
|
||||
# and '%{G}', if present will be replaced by the username and group name.
|
||||
#proxy-url = http://example.com/
|
||||
#proxy-url = http://example.com/%{U}/
|
||||
|
14
net/ocserv/patches/patch-tests_multiple-routes
Normal file
14
net/ocserv/patches/patch-tests_multiple-routes
Normal file
@ -0,0 +1,14 @@
|
||||
$OpenBSD: patch-tests_multiple-routes,v 1.1 2018/04/25 18:31:29 bket Exp $
|
||||
|
||||
Index: tests/multiple-routes
|
||||
--- tests/multiple-routes.orig
|
||||
+++ tests/multiple-routes
|
||||
@@ -49,7 +49,7 @@ echo ok
|
||||
|
||||
echo -n "Checking number of routes... "
|
||||
|
||||
-CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Split-Include|wc -l`
|
||||
+CONTENTS=`cat ${TMPFILE1}|grep X-CSTP-Split-Include|wc -l|sed 's/^ *//'`
|
||||
if test "$CONTENTS" != "256";then
|
||||
cat ${TMPFILE1}|grep X-CSTP-Split-Include
|
||||
fail $PID "Temporary file contents are not correct; 256 routes were not found"
|
Loading…
Reference in New Issue
Block a user