softethervpn: added new package 4.21-9613 #3498
Conversation
|
@fededim eq. architecture: not working eq. to ppc*(eq. https://github.com/lede-project/source/tree/master/target/linux/apm821xx ) ? |
|
Sorry I did not fully understand what you wrote (eq. architecture means ?!?). I tested it on OpenWRT, not LEDE sources so apm821xx is not present (https://github.com/openwrt/openwrt/tree/master/target/linux). What error it gives on apm821xx on LEDE ? p.s. what does the salsa dancer stand for ? |
| $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnclient/vpnclient $(1)/usr/bin/softethervpn | ||
| $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnbridge/vpnbridge $(1)/usr/bin/softethervpn | ||
| $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpncmd/vpncmd $(1)/usr/bin/softethervpn | ||
| $(INSTALL_DATA) files/dummy $(1)/usr/bin/softethervpn/vpn_server.config |
There was a problem hiding this comment.
This should probably go into /etc/softether/ or similar.
| $(MAKE) \ | ||
| $(TARGET_CONFIGURE_OPTS) \ | ||
| CCFLAGS="$(SSL3_SUPP) -I$(STAGING_DIR)/usr/include $(ICONV_CFLAGS)" \ | ||
| LDFLAGS="-L$(STAGING_DIR)/usr/lib $(ICONV_LDFLAGS) -liconv" \ |
There was a problem hiding this comment.
Do not hardcode -liconv see http://lists.en.qi-hardware.com/pipermail/discussion/2011-February/007092.html
There was a problem hiding this comment.
Please disregard the -liconv comment, that part is fine.
| /usr/bin/softethervpn/vpn_server.config | ||
| /usr/bin/softethervpn/vpn_client.config | ||
| /usr/bin/softethervpn/vpn_bridge.config | ||
| /usr/bin/softethervpn/lang.config |
There was a problem hiding this comment.
These should go all into /etc/softether/
There was a problem hiding this comment.
Well it's not possible, softether looks for them in the executable directory see https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.3_VPN_Server_Administration#3.3.7_Configuration_File:
"The Configuration file is created under the file name "vpn_server.config" which is located in the same directory as that containing the VPN Server processes' executable files.".
It uses also the same folder for creating backups, storing certificates, logs etc. Here follows a list of all the files contained my /usr/bin/softethervpn folder
root@nowhere:~# ls -la /usr/bin/softethervpn/
drwxr-xr-x 10 root root 4096 Nov 10 10:35 .
drwxr-xr-x 3 root root 4096 Nov 9 21:09 ..
-rw------- 1 root root 0 Nov 10 01:40 .VPN-D2081D3F75
-rw------- 1 root root 11 Nov 10 01:40 .ctl_D09E56EF60C570C7E5 54DF6A41A2091A
-rw------- 1 root root 5 Nov 10 01:40 .pid_D09E56EF60C570C7E5 54DF6A41A2091A
drwx------ 2 root root 4096 Nov 9 18:03 backup.vpn_bridge.confi g
drwx------ 2 root root 4096 Nov 9 18:04 backup.vpn_client.confi g
drwxr-xr-x 2 root root 4096 Nov 10 10:00 backup.vpn_server.confi g
drwx------ 2 root root 4096 Nov 6 22:29 chain_certs
drwx------ 2 root root 4096 Nov 9 18:03 client_log
-rwxr-xr-x 1 root root 1295369 Oct 29 00:29 hamcore.se2
-rw------- 1 root root 867 Nov 6 22:14 lang.config
drwx------ 3 root root 4096 Nov 6 23:14 packet_log
drwx------ 5 root root 4096 Nov 7 01:45 security_log
drwx------ 2 root root 4096 Nov 10 00:11 server_log
-rw-r--r-- 1 root root 11957 Nov 9 18:07 vpn_bridge.config
-rw------- 1 root root 1227 Nov 9 18:08 vpn_client.config
-rw-r--r-- 1 root root 13621 Nov 10 10:35 vpn_server.config
-rwxr-xr-x 1 root root 1656440 Oct 29 00:29 vpnbridge
-rwxr-xr-x 1 root root 1656440 Oct 29 00:29 vpnclient
-rwxr-xr-x 1 root root 1656440 Oct 29 00:29 vpncmd
-rwxr-xr-x 1 root root 1656440 Oct 29 00:29 vpnserver
That's why I made a subfolder in /usr/bin. And patching softether C code is not so straightforward and not so maintenable.
There was a problem hiding this comment.
I see, well in this case I propose the libexec approach.
| @@ -0,0 +1,113 @@ | |||
| # | |||
| # Copyright (C) 2008-2016 OpenWrt.org | |||
There was a problem hiding this comment.
Use your own copyright here or none at all
There was a problem hiding this comment.
Well in all makefiles I have always used the same copyright (obviously it's for the Makefile not for the program) and there is the same heading in every other makefile. Why do I have to remove it ?
There was a problem hiding this comment.
The rationale is that you cannot disclaim your own copyright and since you (at least I assume so) have no formal, legal contract with OpenWrt to develop this makefile you cannot assign your natural copyright to the OpenWrt entity.
There was a problem hiding this comment.
Far from looking for any contract with Openwrt, I am just one contributor of the Openwrt packages project. All previous packages I added (since 2014) had ALWAYS that copyright and moreover it seems to be present in EVERY makefile of the Github repository (I do not think that every contributor here has a contract with OpenWRT). This makefile has been done by my person, taking the work done by el1n and improving it as stated in the commit message; I have also inserted a reference to el1n in the same Makefile under the copyright (# Based on the initial porting done by el1n) and before doing this package I have asked obviously to el1n the permission to borrow his work after I understood he was not interested in merging his job into OpenWRT repository. I am not a "thief" if this is what you are meaning and anyone can verify this by comparing my makefile and the one done by el1n (https://github.com/el1n/OpenWRT-package-softether/blob/master/softethervpn/Makefile), there a lot of changes. I just want to bring another useful package to the repository since nobody was willing to do this. I do not understand why you are coming out with this absurd rationale, but if you do not want this package to be merged for any reasons fine, but please simply tell.
There was a problem hiding this comment.
Easy :) I'm not having a bad day and no objections to merging due to the above notice. The copyright issue just has been raised a while back and I am trying to make people aware of the fact that the copyright statement as-is is simply invalid and most people simply cargo-cult it.
There was a problem hiding this comment.
Also I'm not sure what kind of absurd rationale you mean, neither was I accusing you of stealing nor did I doubt the origin of your work - I was merely just asking you to put # Copyright (C) 2016 Federico Di Marco <fededim@gmail.com>
There was a problem hiding this comment.
Simply because I do not want to be first, I can amend it later.
| endef | ||
|
|
||
| define Package/softethervpn/install | ||
| $(INSTALL_DIR) $(1)/usr/bin/softethervpn |
There was a problem hiding this comment.
Subdirectories in /usr/bin/ are highly unusual - if the files within that directory or not meant to be directly executable then maybe use /usr/libexec/ instead and symlink the actual commands direclty into /usr/bin/, e.g. /usr/bin/vpnserver -> /usr/libexec/softethervpn/vpnserver
| @@ -0,0 +1,2 @@ | |||
| 103-noeucjp.patch | |||
| 105-nosslv3.patch | |||
There was a problem hiding this comment.
Please drop this file - it is created on demand with make package/softethervpn/{clean,prepare} QUILT=1.
|
What about minterlink-mips16, is it needed ? I have just read https://gcc.gnu.org/ml/gcc-patches/2007-09/msg01419.html, but it is not so much clear to me. Since softether is all written in C I don't think it is needed at all (I mean if a particular target requires that compilation flag, it should already be set in the global CCFLAGS). |
|
I'd say remove the |
And what about the LEDE issue you were mentioning ? |
|
Done, I left -minterlink-mips16 and I had to remove the /usr/bin/ links otherwise the executable won't run (see Makefile). I am still waiting for some information about the lede issues. |
| $(INSTALL_DIR) $(1)/usr/bin | ||
|
|
||
| # we can't use links because each command tries to load hamcore.se2 from the directory of the linked command (/usr/bin) and not from | ||
| # /usr/libexec/softether hence they all fail to start |
There was a problem hiding this comment.
Create an /usr/libexec/softethervpn/launcher.sh with mode 0755 and the following contents:
#!/bin/sh
exec "/usr/libexec/softethervpn/${0##*/}" "$@"
Then symlink that to /usr/bin/vpn{server,bridge,client,cmd}.
There was a problem hiding this comment.
If that still does not work, try this instead of the exec line:
#!/bin/sh
cd /usr/libexec/softethervpn
"./${0##*/}" "$@"
There was a problem hiding this comment.
Ok, thanks for the idea, but is it really necessary ? There are the standard /etc/init.d/ scripts (used also by luci frontend) and moreover there aren't any other parameters for each command, except start/stop. So nobody should be using the /usr/bin symlinks.
There was a problem hiding this comment.
Ah ok - well I just assumed that at least vpncmd is a user utility but fine with me, you can leave out the symlinking then.
There was a problem hiding this comment.
:) Well I missed that because I configured everything through the client application, I'll make the symlink only for it
There was a problem hiding this comment.
Done, first version works fine.
- based on the work done by el1n with his authorization (https://github.com/el1n/OpenWRT-package-softether) - updated softethervpn to latest version - introduced necessary patches for lede compatibility (nossl3) Signed-Off-by: Federico Di Marco <fededim@gmail.com>
|
Hi, thanks for doing this. I believe you could use Host/Prepare and Host/Compile to build HamCoreBuilder, instead of cleaning the tree mid-build. You can have a look at the Makefile I'd forked here |
|
I did not know about Host/Compile and Host/Prepare, well I can do this on the next release of softether. |
|
I have other changes to push to another package I manage, I would be grateful if you could merge this pr otherwise I think that also the new commit for the other package will be merged by this PR. As I told I will update Host/Compile Host/Prepare later. |
|
You can create new branches in your fork to have multiple pending PRs with
different commits.
|
|
Ok did a new branch |
- bugfix openwrt#3498 Signed-Off-by: Federico Di Marco <fededim@gmail.com>
- bugfix openwrt#3498 Signed-Off-by: Federico Di Marco <fededim@gmail.com>
- bugfix openwrt#3498 Signed-Off-by: Federico Di Marco <fededim@gmail.com>
Compile tested: ar71xx, ramips
Run tested: ramips
Signed-Off-by: Federico Di Marco fededim@gmail.com