Diff below brings ocserv to 1.1.0. Biggest change is that ocserv switched from fork to fork/exec model to achieve better scaling. Implementation of this fork/exec model does not really agree with OpenBSD because it depends heavily on procfs, which we do not have. Upstream was so friendly to address this issue in the upcoming release (1.1.1). In the meantime I propose to cherry-pick the fix.
Overview on changes can be found at https://gitlab.com/openconnect/ocserv/-/blob/1.1.0/NEWS. 'make test' runs successfully. Run tested on amd64. Comments/OK? diff --git Makefile Makefile index 6c0b80e762d..5bbae2e5aa3 100644 --- Makefile +++ Makefile @@ -2,7 +2,7 @@ COMMENT= server implementing the AnyConnect SSL VPN protocol -DISTNAME= ocserv-1.0.1 +DISTNAME= ocserv-1.1.0 EXTRACT_SUFX= .tar.xz CATEGORIES= net @@ -34,7 +34,8 @@ LIB_DEPENDS= archivers/lz4 \ security/openpam TEST_DEPENDS= net/openconnect \ shells/bash \ - sysutils/coreutils + sysutils/coreutils \ + textproc/gsed CONFIGURE_STYLE= autoconf CONFIGURE_ARGS= --without-docker-tests \ @@ -79,6 +80,7 @@ post-install: # tests use socket_wrapper, which is not in ports. pre-test: ln -fs ${LOCALBASE}/bin/gtimeout ${WRKDIR}/bin/timeout + ln -fs ${LOCALBASE}/bin/gsed ${WRKDIR}/bin/sed sed -i 's#\/bin\/true#\/usr\/bin\/true#g' ${WRKSRC}/tests/test-* post-test: diff --git distinfo distinfo index d426fcd637a..9bf8734762b 100644 --- distinfo +++ distinfo @@ -1,2 +1,2 @@ -SHA256 (ocserv-1.0.1.tar.xz) = Wdnvehrrlf9udi4qDyMbP64upCD2ihzwnTmiY5UED0s= -SIZE (ocserv-1.0.1.tar.xz) = 787800 +SHA256 (ocserv-1.1.0.tar.xz) = o/r+hHsIvexams1y5pjf13zpeZyxkUZndSbmeUuUp3k= +SIZE (ocserv-1.1.0.tar.xz) = 806964 diff --git patches/patch-configure_ac patches/patch-configure_ac index e2a13a78076..b9f58a5cc1e 100644 --- patches/patch-configure_ac +++ patches/patch-configure_ac @@ -1,8 +1,12 @@ $OpenBSD: patch-configure_ac,v 1.12 2019/12/29 07:28:22 bket Exp $ + +OpenBSD does not have procfs. Taken from +https://gitlab.com/openconnect/ocserv/-/merge_requests/184 + Index: configure.ac --- configure.ac.orig +++ configure.ac -@@ -199,7 +199,7 @@ if test "$test_for_geoip" = yes && test "$have_maxmind +@@ -211,7 +211,7 @@ if test "$test_for_geoip" = yes && test "$have_maxmind fi have_readline=no @@ -11,3 +15,12 @@ Index: configure.ac #include <stdio.h> #include <readline/readline.h>], [rl_replace_line(0,0);]) if test x$ac_cv_libreadline = xyes; then +@@ -641,6 +641,8 @@ fi + + AM_CONDITIONAL(ENABLE_OIDC_AUTH, test "x$enable_oidc_auth" = xyes) + AM_CONDITIONAL(ENABLE_OIDC_AUTH_TESTS, test "x$enable_oidc_auth" = xyes) ++ ++AC_CHECK_FILE(/proc/self/exe, AC_DEFINE([PROC_FS_SUPPORTED],[1], [procfs supported]), []) + + uid=$(id -u) + gid=$(id -g) diff --git patches/patch-src_config_c patches/patch-src_config_c new file mode 100644 index 00000000000..fc4755622e5 --- /dev/null +++ patches/patch-src_config_c @@ -0,0 +1,44 @@ +$OpenBSD$ + +OpenBSD does not have procfs. Taken from +https://gitlab.com/openconnect/ocserv/-/merge_requests/184 + +Index: src/config.c +--- src/config.c.orig ++++ src/config.c +@@ -1130,6 +1130,7 @@ static void parse_cfg_file(void *pool, const char *fil + ctx.reload = (flags&CFG_FLAG_RELOAD)?1:0; + ctx.head = head; + ++#if defined(PROC_FS_SUPPORTED) + // Worker always reads from snapshot + if ((flags & CFG_FLAG_WORKER) == CFG_FLAG_WORKER) { + char * snapshot_file = NULL; +@@ -1192,6 +1193,27 @@ static void parse_cfg_file(void *pool, const char *fil + } + + } ++#else ++ const char * cfg_file = file; ++ ++ if (cfg_file == NULL) { ++ fprintf(stderr, ERRSTR"no config file!\n"); ++ exit(1); ++ } ++ ++ /* parse configuration ++ */ ++ ret = ini_parse(cfg_file, cfg_ini_handler, &ctx); ++ if (ret < 0 && file != NULL && strcmp(file, DEFAULT_CFG_FILE) == 0) { ++ cfg_file = OLD_DEFAULT_CFG_FILE; ++ ret = ini_parse(cfg_file, cfg_ini_handler, &ctx); ++ } ++ ++ if (ret < 0) { ++ fprintf(stderr, ERRSTR"cannot load config file %s\n", cfg_file); ++ exit(1); ++ } ++#endif + + /* apply configuration not yet applied. + * We start from the last, which is the default server (firstly diff --git patches/patch-src_main_c patches/patch-src_main_c new file mode 100644 index 00000000000..e28883b602d --- /dev/null +++ patches/patch-src_main_c @@ -0,0 +1,53 @@ +$OpenBSD$ + +OpenBSD does not have procfs. Taken from +https://gitlab.com/openconnect/ocserv/-/merge_requests/184 + +Index: src/main.c +--- src/main.c.orig ++++ src/main.c +@@ -1009,9 +1009,7 @@ static void listen_watcher_cb (EV_P_ ev_io *w, int rev + int cmd_fd[2]; + pid_t pid; + hmac_component_st hmac_components[3]; +- char path[_POSIX_PATH_MAX]; + char worker_path[_POSIX_PATH_MAX]; +- size_t path_length; + + if (ltmp->sock_type == SOCK_TYPE_TCP || ltmp->sock_type == SOCK_TYPE_UNIX) { + /* connection on TCP port */ +@@ -1111,16 +1109,27 @@ static void listen_watcher_cb (EV_P_ ev_io *w, int rev + safe_memset((uint8_t*)s->hmac_key, 0, sizeof(s->hmac_key)); + + set_env_from_ws(s); +- path_length = readlink("/proc/self/exe", path, sizeof(path)-1); +- if (path_length == -1) { +- mslog(s, NULL, LOG_ERR, "readlink failed %s", strerror(ret)); +- exit(1); ++#if defined(PROC_FS_SUPPORTED) ++ { ++ char path[_POSIX_PATH_MAX]; ++ size_t path_length; ++ path_length = readlink("/proc/self/exe", path, sizeof(path)-1); ++ if (path_length == -1) { ++ mslog(s, NULL, LOG_ERR, "readlink failed %s", strerror(ret)); ++ exit(1); ++ } ++ path[path_length] = '\0'; ++ if (snprintf(worker_path, sizeof(worker_path), "%s-worker", path) >= sizeof(worker_path)) { ++ mslog(s, NULL, LOG_ERR, "snprint of path %s and ocserv-worker failed", path); ++ exit(1); ++ } + } +- path[path_length] = '\0'; +- if (snprintf(worker_path, sizeof(worker_path), "%s-worker", path) >= sizeof(worker_path)) { +- mslog(s, NULL, LOG_ERR, "snprint of path %s and ocserv-worker failed", path); ++#else ++ if (snprintf(worker_path, sizeof(worker_path), "%s-worker", worker_argv[0]) >= sizeof(worker_path)) { ++ mslog(s, NULL, LOG_ERR, "snprint of path %s and ocserv-worker failed", worker_argv[0]); + exit(1); + } ++#endif + + worker_argv[0] = worker_path; + execv(worker_path, worker_argv); diff --git patches/patch-src_occtl_occtl_c patches/patch-src_occtl_occtl_c index c921e90f255..4e302651af5 100644 --- patches/patch-src_occtl_occtl_c +++ patches/patch-src_occtl_occtl_c @@ -2,7 +2,7 @@ $OpenBSD: patch-src_occtl_occtl_c,v 1.4 2018/01/12 22:28:51 sthen Exp $ Index: src/occtl/occtl.c --- src/occtl/occtl.c.orig +++ src/occtl/occtl.c -@@ -249,7 +249,7 @@ static int handle_help_cmd(CONN_TYPE * conn, const cha +@@ -264,7 +264,7 @@ static int handle_help_cmd(CONN_TYPE * conn, const cha static int handle_reset_cmd(CONN_TYPE * conn, const char *arg, cmd_params_st *params) { rl_reset_terminal(NULL); diff --git patches/patch-tests_common_sh patches/patch-tests_common_sh new file mode 100644 index 00000000000..b1dae805f02 --- /dev/null +++ patches/patch-tests_common_sh @@ -0,0 +1,14 @@ +$OpenBSD$ + +Index: tests/common.sh +--- tests/common.sh.orig ++++ tests/common.sh +@@ -23,7 +23,7 @@ + + builddir=${builddir:-.} + +-OPENCONNECT=${OPENCONNECT:-$(which openconnect)} ++OPENCONNECT=${LOCALBASE}/sbin/openconnect + + if test -z "${OPENCONNECT}" || ! test -x ${OPENCONNECT};then + echo "You need openconnect to run this test" diff --git pkg/PLIST pkg/PLIST index ff2feaeb728..1f85d474737 100644 --- pkg/PLIST +++ pkg/PLIST @@ -8,6 +8,7 @@ @man man/man8/ocpasswd.8 @man man/man8/ocserv.8 @bin sbin/ocserv +@bin sbin/ocserv-worker share/examples/ocserv/ share/examples/ocserv/ocserv-fw share/examples/ocserv/profile.xml
