-
Notifications
You must be signed in to change notification settings - Fork 584
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added tinc package for pfSense 2.3 #149
Added tinc package for pfSense 2.3 #149
Conversation
+1 |
Thanks for picking this up, dmegyesi, fourbytes. It would have been sad not to have tinc in pfsense. |
Can someone please merge this request? a lot of people have been waiting for it since 2.3 was released. and finally some very kind soul picked it up to maintain, and did all the hard work in making it work properly. |
This would be great to have again. |
I would love to be able to use this on pfsense |
@dmegyesi can you please include necessary changes to have logfile created accordingly? |
@rbgarga can you please verify the modification? |
is there a problem or can this please be merged ???? |
Can this PR be merged? Tinc is really useful. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything seems correct.
+1 , please merge this. Thanks! |
+1 |
DISTFILES= # empty | ||
EXTRACT_ONLY= # empty | ||
|
||
MAINTAINER= dinoex@FreeBSD.org |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dinoex@FreeBSD.org will not maintain pfSense package, you can set maintainership to coreteam@pfsense.org
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
POSSIBILITY OF SUCH DAMAGE. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We moved to APACHE20 license, please modify text accodingly. You can see an example at:
https://github.com/pfsense/FreeBSD-ports/blob/devel/security/pfSense-pkg-sudo/files/etc/inc/priv/sudo.priv.inc#L2
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
POSSIBILITY OF SUCH DAMAGE. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix license text
if ($restart_syslogd) { | ||
system_syslogd_start(); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove clear_log_file() copy from here and require_once system.inc, this function is available there
rename("{$configpath}", "{$configpath}.old"); | ||
safe_mkdir("{$configpath}"); | ||
safe_mkdir("{$configpath}/hosts"); | ||
touch("{$configpath}/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't thing this is necessary, users shoudn't touch config files manually on pfSense at all
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
POSSIBILITY OF SUCH DAMAGE. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix license text
$pbietcpath = '/usr/pbi/tinc-' . php_uname("m") . '/local/etc'; | ||
unlink_if_exists("{$pbietcpath}/tinc"); | ||
symlink($configpath, "{$pbietcpath}/tinc"); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This whole block can be removed
</copyright> | ||
<description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description> | ||
<name>tinc</name> | ||
<version>1.2.8</version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1.2.8 should be replaced by %%PKGVERSION%%
]]> | ||
</copyright> | ||
<name>tinchosts</name> | ||
<version>1.2.8</version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1.2.8 should be replaced by %%PKGVERSION%%
${INSTALL_DATA} ${FILESDIR}${DATADIR}/info.xml \ | ||
${STAGEDIR}${DATADIR} | ||
@${REINPLACE_CMD} -i '' -e "s|%%PKGVERSION%%|${PKGVERSION}|" \ | ||
${STAGEDIR}${DATADIR}/info.xml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Other XML files containing macro %%PKGVERSION%% should be added to this REINPLACE_CMD statement so version is automatically added to them
MAINTAINER= dinoex@FreeBSD.org | ||
COMMENT= pfSense package tinc | ||
|
||
LICENSE= GPLv3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code is APACHE20 and not GPLv3
tinc package for pfSense 2.3.x (PR pfsense#149)
…d interface groups
|
||
LICENSE= APACHE20 | ||
|
||
RUN_DEPENDS= ${LOCALBASE}/sbin/tincd:security/tinc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace spaces by TAB here to silence portlint warnings
www/status_tinc.php | ||
/etc/inc/priv/tinc.priv.inc | ||
%%DATADIR%%/info.xml | ||
@dir /etc/inc/priv |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's missing '@dir /etc/inc' here
I can take care of these 2 last changes during merge |
Added to 2.4.0 and 2.3.3 snapshots, after more testing it can be added to 2.3.2. Thanks! |
Any progress in getting tinc into 2.3.2 too? |
Feature request #86: Change meaning of "RequiredHeaders" such that header validity is always checked, but messages are only rejected on that basis when the flag is set. Based on a patch from Andreas Schulze. Feature request #127: Log SPF results when rejecting. Requested by Patrick Wagner; patch from Andreas Schulze, follow-up patch from Juri Haberland. Feature request #138: Inculde policy and disposition information in an Authentication-Results comment. Based on a patch from Juri Haberland. Feature request #139: Include the client host name if known in failure reports. Suggested by Roland Turner; patch by Andreas Schulze. Fix bug #95: Assume IPv6 for SPF operations. Patch from Juri Haberland. Fix bug #120: Fix control logic around the SPF result. Reported by Christophe Wolfhugel; patch from Andreas Schulze. Fix bug #122: Don't skip the HELO milter phase when SPF is enabled. Reported by Christophe Wolfhugel. Fix bug #157: Fix logging of implicit authserv-ids. Reported by Andreas Schulze; patch from Juri Haberland. Fix bug #158: Log ignored connections. Patch from Andreas Schulze. Fix bug #160: Fix "SyslogFacility" handling. Patch from Juri Haberland. Fix bug #163: Use a larger buffer for the raw MAIL FROM value. Based on a patch from Andreas Schulze. Fix bug #174: Trim "!" suffixes from reporting addresses. Problem noted by Juri Haberland. Fix bug #186: When reloading the configuration file, the public suffix list was read in with the wrong comment indicator. Patch from Federico Omoto. LIBOPENDMARC: Fix bug #115: Fix type mismatch. Patch from Sebastian A. Siewior via Scott Kitterman. LIBOPENDMARC: Fix bug #121: Fix IPv6 CIDR matching in SPF code. Patch from Christophe Wolfhugel. LIBOPENDMARC: Fix bug #125: Compile time IPv6 fix. Reported by Christophe Wolfhugel. LIBOPENDMARC: Fix bug #131: Fix alignment bug. Patch from Andreas Schulze. LIBOPENDMARC: Fix bug #147: Fix stripping of whitespace from DMARC DNS records. Based on a patch from Job Noorman. LIBOPENDMARC: Fix bug #149: Apply "sp" setting, if present and applicable. Patch from Petr Novak. LIBOPENDMARC: Fix bug #154: Fix "rf" and "fo" processing logic. LIBOPENDMARC: Fix bug #156: Fix variable name. Patch by Andreas Schulze. LIBOPENDMARC: Fix bug #165: Fix logic in checking which SPF identifier was used. Patches from Marco Favero and Juri Haberland. LIBOPENDMARC: Fix bug #167: Don't return "fail" when we should return "none". Patch from Marco Favero. REPORTS: Fix bug #134: Handle SMTP errors correctly. Patch from Andreas Schulze. REPORTS: Fix bug #141: Set the HELO parameter correctly. Reported by Alan Smith; patch from Andreas Schulze. REPORTS: Fix bug #143: Fix logic in table truncation. Reported by Wayne Andersen; patch from Juri Haberland. REPORTS: Fix bug #162: Always report "sp" in aggregate reports. Patch from Juri Haberland. REPORTS: Fix bug #166: Fix report start/end time logic. Patch from Juri Haberland. REPORTS: Fix bug #188: Don't delete inputs too early in opendmarc-reports. Patch from Juri Haberland. TOOLS: Fix bug #161: "Forensic" reports were renamed "Failure" reports. Patch from Andreas Schulze. TOOLS: Fix bug #164: Handle IPv6 test addresses. Reported by Andreas Schulze; patch from Juri Haberland. DOCS: Patch #189: Replace the DMARC RFC with an HTML page referencing the relevant specs, since Debian doesn't consider RFCs to be "free". Patch from Scott Kitterman via Juri Haberland. PR: 220902 Submitted by: Dan Mahoney <freebsd@gushi.org> (maintainer), Lukasz Wasikowski <lukasz@wasikowski.net>
ChangeLog: https://www.nlnetlabs.nl/news/2022/Aug/15/ldns-1.8.3-released/ 1.8.3 2022-08-15 * bugfix #183: Assertion failure with OPT record without rdata. * Fix for syntax error in pyldns 1.8.2 2022-08-12 * bugfix #147: Allow for tabs in whitespace before quoted rdata fields. * bugfix #149: Add some missing [out] annotations to doxygen parameters. * Fix build error on Solaris 10 with inet_ntop redeclaration error. * Fix -U flag with ldns-signzone. * Enable compile of SVCB and HTTPS support by default. * bugfix #179: Free line memory even if zone file parsing fails * bugfix #166: Grow buffer when writing chars and fixed size strings when converting to presentation format, preventing potential assersion errors. * bugfix #46: Print network errors when secure tracing. * EDNS0 Option handling and conversion into presentation format. * bugfix #145: ldns-verify-zone should not call occluded records glue. PR: 265859 Reported by: jaap@NLnetLabs.nl (maintainer)
ChangeLog: Core Using vlucas/valitron for user input validation Bumped FontAwesome to version 6.2.0 (#141) PHP versions 7.4 is now the minimal supported versions, older versions are not supported anymore (#143) extended support for PHP 8.1 (#147) Separated some templates into application/views/templates/partials folder (#144) Removed Composer lock file from git repository To avoid any potential issues for users using different version of PHP, composer.lock has been removed from the Git repo Fixed how MVC is implemented by using psr-15 http-handler (#145) Added router and user authentication middlewares Using single pass psr-15 middleware for application routing and user authentication Disabling user authentication does not display a blank page anymore (#140) Improved how exceptions and errors are handled (#145) PHP errors and exception handler and renderer has been refactored (#148) Instantiate Session instance from the Core Controller (#149) Disabling users authentication does not create a fatalog error nor blank page anymore (#135) Dashboard Breadcrumb navigation is now hidden on home page (Dashboard) Jobs report Fixed error with elapsed time when a job haven't been started yet if a job is in pending status, elapsed time column will display 'n/a' Docker image Provided Docker image on Docker Hub (#153) Documentation Update documentation about deprecated version and general security information (#142) Updated / fixed documentation The FAQ has been fixed / updated Security Added security policy and documented know security vulnerabilities (#135 and #140) Fixed New feature(s) Thanks to @sruckh, @skidoo23 and all community users for their feedback, tests, help and bug reports
Mostly it's a straight copy of the 2.2 package, added new 2.3 required meta things and converted PHP status page to use Bootstrap panel to show log file lines.
No attempt has been made otherwise to clean up the existing code.
Notes:
I am willing to work on those issues, but since this doesn't seem to have any major issues perhaps it is OK as a first approximation to get the tinc package working again. If the pull can't be accepted as is, any pointers on how to fix the above issues would be greatly appreciated.
Related forum topic: https://forum.pfsense.org/index.php?topic=109843