On Fri 03/07/2020 23:14, Bjorn Ketelaars wrote:
> Diff below brings ocserv to 1.1.0. Biggest change is that ocserv
> switched from fork to fork/exec model to achieve better scaling.
> Implementation of this fork/exec model does not really agree with
> OpenBSD because it depends heavily on procfs, which we do not have.
> Upstream was so friendly to address this issue in the upcoming release
> (1.1.1). In the meantime I propose to cherry-pick the fix.
>
> Overview on changes can be found at
> https://gitlab.com/openconnect/ocserv/-/blob/1.1.0/NEWS.
>
> 'make test' runs successfully. Run tested on amd64.
>
> Comments/OK?
Ping...
Diff enclosed for your convenience.
diff --git Makefile Makefile
index 6c0b80e762d..5bbae2e5aa3 100644
--- Makefile
+++ Makefile
@@ -2,7 +2,7 @@
COMMENT= server implementing the AnyConnect SSL VPN protocol
-DISTNAME= ocserv-1.0.1
+DISTNAME= ocserv-1.1.0
EXTRACT_SUFX= .tar.xz
CATEGORIES= net
@@ -34,7 +34,8 @@ LIB_DEPENDS= archivers/lz4 \
security/openpam
TEST_DEPENDS= net/openconnect \
shells/bash \
- sysutils/coreutils
+ sysutils/coreutils \
+ textproc/gsed
CONFIGURE_STYLE= autoconf
CONFIGURE_ARGS= --without-docker-tests \
@@ -79,6 +80,7 @@ post-install:
# tests use socket_wrapper, which is not in ports.
pre-test:
ln -fs ${LOCALBASE}/bin/gtimeout ${WRKDIR}/bin/timeout
+ ln -fs ${LOCALBASE}/bin/gsed ${WRKDIR}/bin/sed
sed -i 's#\/bin\/true#\/usr\/bin\/true#g' ${WRKSRC}/tests/test-*
post-test:
diff --git distinfo distinfo
index d426fcd637a..9bf8734762b 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (ocserv-1.0.1.tar.xz) = Wdnvehrrlf9udi4qDyMbP64upCD2ihzwnTmiY5UED0s=
-SIZE (ocserv-1.0.1.tar.xz) = 787800
+SHA256 (ocserv-1.1.0.tar.xz) = o/r+hHsIvexams1y5pjf13zpeZyxkUZndSbmeUuUp3k=
+SIZE (ocserv-1.1.0.tar.xz) = 806964
diff --git patches/patch-configure_ac patches/patch-configure_ac
index e2a13a78076..b9f58a5cc1e 100644
--- patches/patch-configure_ac
+++ patches/patch-configure_ac
@@ -1,8 +1,12 @@
$OpenBSD: patch-configure_ac,v 1.12 2019/12/29 07:28:22 bket Exp $
+
+OpenBSD does not have procfs. Taken from
+https://gitlab.com/openconnect/ocserv/-/merge_requests/184
+
Index: configure.ac
--- configure.ac.orig
+++ configure.ac
-@@ -199,7 +199,7 @@ if test "$test_for_geoip" = yes && test "$have_maxmind
+@@ -211,7 +211,7 @@ if test "$test_for_geoip" = yes && test "$have_maxmind
fi
have_readline=no
@@ -11,3 +15,12 @@ Index: configure.ac
#include <stdio.h>
#include <readline/readline.h>], [rl_replace_line(0,0);])
if test x$ac_cv_libreadline = xyes; then
+@@ -641,6 +641,8 @@ fi
+
+ AM_CONDITIONAL(ENABLE_OIDC_AUTH, test "x$enable_oidc_auth" = xyes)
+ AM_CONDITIONAL(ENABLE_OIDC_AUTH_TESTS, test "x$enable_oidc_auth" = xyes)
++
++AC_CHECK_FILE(/proc/self/exe, AC_DEFINE([PROC_FS_SUPPORTED],[1], [procfs
supported]), [])
+
+ uid=$(id -u)
+ gid=$(id -g)
diff --git patches/patch-src_config_c patches/patch-src_config_c
new file mode 100644
index 00000000000..fc4755622e5
--- /dev/null
+++ patches/patch-src_config_c
@@ -0,0 +1,44 @@
+$OpenBSD$
+
+OpenBSD does not have procfs. Taken from
+https://gitlab.com/openconnect/ocserv/-/merge_requests/184
+
+Index: src/config.c
+--- src/config.c.orig
++++ src/config.c
+@@ -1130,6 +1130,7 @@ static void parse_cfg_file(void *pool, const char *fil
+ ctx.reload = (flags&CFG_FLAG_RELOAD)?1:0;
+ ctx.head = head;
+
++#if defined(PROC_FS_SUPPORTED)
+ // Worker always reads from snapshot
+ if ((flags & CFG_FLAG_WORKER) == CFG_FLAG_WORKER) {
+ char * snapshot_file = NULL;
+@@ -1192,6 +1193,27 @@ static void parse_cfg_file(void *pool, const char *fil
+ }
+
+ }
++#else
++ const char * cfg_file = file;
++
++ if (cfg_file == NULL) {
++ fprintf(stderr, ERRSTR"no config file!\n");
++ exit(1);
++ }
++
++ /* parse configuration
++ */
++ ret = ini_parse(cfg_file, cfg_ini_handler, &ctx);
++ if (ret < 0 && file != NULL && strcmp(file, DEFAULT_CFG_FILE) == 0) {
++ cfg_file = OLD_DEFAULT_CFG_FILE;
++ ret = ini_parse(cfg_file, cfg_ini_handler, &ctx);
++ }
++
++ if (ret < 0) {
++ fprintf(stderr, ERRSTR"cannot load config file %s\n", cfg_file);
++ exit(1);
++ }
++#endif
+
+ /* apply configuration not yet applied.
+ * We start from the last, which is the default server (firstly
diff --git patches/patch-src_main_c patches/patch-src_main_c
new file mode 100644
index 00000000000..e28883b602d
--- /dev/null
+++ patches/patch-src_main_c
@@ -0,0 +1,53 @@
+$OpenBSD$
+
+OpenBSD does not have procfs. Taken from
+https://gitlab.com/openconnect/ocserv/-/merge_requests/184
+
+Index: src/main.c
+--- src/main.c.orig
++++ src/main.c
+@@ -1009,9 +1009,7 @@ static void listen_watcher_cb (EV_P_ ev_io *w, int rev
+ int cmd_fd[2];
+ pid_t pid;
+ hmac_component_st hmac_components[3];
+- char path[_POSIX_PATH_MAX];
+ char worker_path[_POSIX_PATH_MAX];
+- size_t path_length;
+
+ if (ltmp->sock_type == SOCK_TYPE_TCP || ltmp->sock_type ==
SOCK_TYPE_UNIX) {
+ /* connection on TCP port */
+@@ -1111,16 +1109,27 @@ static void listen_watcher_cb (EV_P_ ev_io *w, int rev
+ safe_memset((uint8_t*)s->hmac_key, 0,
sizeof(s->hmac_key));
+
+ set_env_from_ws(s);
+- path_length = readlink("/proc/self/exe", path,
sizeof(path)-1);
+- if (path_length == -1) {
+- mslog(s, NULL, LOG_ERR, "readlink failed %s",
strerror(ret));
+- exit(1);
++#if defined(PROC_FS_SUPPORTED)
++ {
++ char path[_POSIX_PATH_MAX];
++ size_t path_length;
++ path_length = readlink("/proc/self/exe", path,
sizeof(path)-1);
++ if (path_length == -1) {
++ mslog(s, NULL, LOG_ERR, "readlink
failed %s", strerror(ret));
++ exit(1);
++ }
++ path[path_length] = '\0';
++ if (snprintf(worker_path, sizeof(worker_path),
"%s-worker", path) >= sizeof(worker_path)) {
++ mslog(s, NULL, LOG_ERR, "snprint of
path %s and ocserv-worker failed", path);
++ exit(1);
++ }
+ }
+- path[path_length] = '\0';
+- if (snprintf(worker_path, sizeof(worker_path),
"%s-worker", path) >= sizeof(worker_path)) {
+- mslog(s, NULL, LOG_ERR, "snprint of path %s and
ocserv-worker failed", path);
++#else
++ if (snprintf(worker_path, sizeof(worker_path),
"%s-worker", worker_argv[0]) >= sizeof(worker_path)) {
++ mslog(s, NULL, LOG_ERR, "snprint of path %s and
ocserv-worker failed", worker_argv[0]);
+ exit(1);
+ }
++#endif
+
+ worker_argv[0] = worker_path;
+ execv(worker_path, worker_argv);
diff --git patches/patch-src_occtl_occtl_c patches/patch-src_occtl_occtl_c
index c921e90f255..4e302651af5 100644
--- patches/patch-src_occtl_occtl_c
+++ patches/patch-src_occtl_occtl_c
@@ -2,7 +2,7 @@ $OpenBSD: patch-src_occtl_occtl_c,v 1.4 2018/01/12 22:28:51
sthen Exp $
Index: src/occtl/occtl.c
--- src/occtl/occtl.c.orig
+++ src/occtl/occtl.c
-@@ -249,7 +249,7 @@ static int handle_help_cmd(CONN_TYPE * conn, const cha
+@@ -264,7 +264,7 @@ static int handle_help_cmd(CONN_TYPE * conn, const cha
static int handle_reset_cmd(CONN_TYPE * conn, const char *arg, cmd_params_st
*params)
{
rl_reset_terminal(NULL);
diff --git patches/patch-tests_common_sh patches/patch-tests_common_sh
new file mode 100644
index 00000000000..b1dae805f02
--- /dev/null
+++ patches/patch-tests_common_sh
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: tests/common.sh
+--- tests/common.sh.orig
++++ tests/common.sh
+@@ -23,7 +23,7 @@
+
+ builddir=${builddir:-.}
+
+-OPENCONNECT=${OPENCONNECT:-$(which openconnect)}
++OPENCONNECT=${LOCALBASE}/sbin/openconnect
+
+ if test -z "${OPENCONNECT}" || ! test -x ${OPENCONNECT};then
+ echo "You need openconnect to run this test"
diff --git pkg/PLIST pkg/PLIST
index ff2feaeb728..1f85d474737 100644
--- pkg/PLIST
+++ pkg/PLIST
@@ -8,6 +8,7 @@
@man man/man8/ocpasswd.8
@man man/man8/ocserv.8
@bin sbin/ocserv
+@bin sbin/ocserv-worker
share/examples/ocserv/
share/examples/ocserv/ocserv-fw
share/examples/ocserv/profile.xml
