Bug#900805: Test results

Tue, 19 Feb 2019 06:21:41 -0800 

Hi,

I'm Robert's colleague and the author of the simpler, hopefully less
invasive patch submitted upstream. Besides the tests that I had done
myself that I mentioned in the commit message, I asked two colleagues
who also use YubiKey NEO as PKCS#11 token and who run Debian/buster to
try the following:

- Make sure that libpkcs11-helper1=1.25.1-1 is installed. (We had been
  experimenting with a custom-built pkcs11-helper without threads
  support before.)
- Install an openvpn build provided by me (see below).
- run "openvpn $CONFIG"

Both reported that everything works fine whereas previously, OpenVPN
would hang right after logging "/sbin/ip link set dev $TUN up mtu $MTU".

The custom openvpn build was created in a sid chroot using sbuild. The
relevant patch is attached.

Cheers,
-Hilko

>From c17d6d46a9d0cb42811c983649148f2005b34f32 Mon Sep 17 00:00:00 2001
From: Hilko Bengen <ben...@debian.org>
Date: Tue, 19 Feb 2019 10:37:53 +0100
Subject: [PATCH 1/2] Avoid hangs when spawhning child processes by not setting
 pkcs11-helper "safe fork mode" (Closes: #772812, #900805, #907452)

---
 debian/patches/fix-pkcs11-helper-hang.patch | 13 +++++++++++++
 debian/patches/series                       |  1 +
 2 files changed, 14 insertions(+)
 create mode 100644 debian/patches/fix-pkcs11-helper-hang.patch

diff --git a/debian/patches/fix-pkcs11-helper-hang.patch b/debian/patches/fix-pkcs11-helper-hang.patch
new file mode 100644
index 0000000..41d9be1
--- /dev/null
+++ b/debian/patches/fix-pkcs11-helper-hang.patch
@@ -0,0 +1,13 @@
+Index: openvpn/src/openvpn/pkcs11.c
+===================================================================
+--- openvpn.orig/src/openvpn/pkcs11.c
++++ openvpn/src/openvpn/pkcs11.c
+@@ -312,7 +312,7 @@ pkcs11_initialize(
+ 
+     pkcs11h_setLogLevel(_pkcs11_msg_openvpn2pkcs11(get_debug_level()));
+ 
+-    if ((rv = pkcs11h_setForkMode(TRUE)) != CKR_OK)
++    if ((rv = pkcs11h_setForkMode(FALSE)) != CKR_OK)
+     {
+         msg(M_FATAL, "PKCS#11: Cannot set fork mode %ld-'%s'", rv, pkcs11h_getMessage(rv));
+         goto cleanup;
diff --git a/debian/patches/series b/debian/patches/series
index a903d3d..8b19c3d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ kfreebsd_support.patch
 match-manpage-and-command-help.patch
 spelling_errors.patch
 systemd.patch
+fix-pkcs11-helper-hang.patch
-- 
2.20.1

Reply via email to