Re: UPDATE: collectd-4.10.1
Hi, On Wed, Aug 18, 2010 at 11:45:14AM +0200, Simon Kuhnle wrote: Hi, this patch updates sysutils/collectd to version 4.10.1 Changelog: http://collectd.org/news.shtml#news85 the 4.10.0 port does not build on armish. the new version includes this patch: http://github.com/octo/collectd/commit/df69fe8118215a80bb1f2e4b1a68c508abffb054 so it builds and run also on armish. thomas
Re: update: vpnc
i'm running this port since i send the diff fulltime on a macppc without problems. it would be nice if this can be commited. regards thomas On Mon, Mar 31, 2008 at 10:06:37AM -0400, Okan Demirmen wrote: it seems an update to security/vpnc has been tossed around for a while now. so, i chose the latest one (from Thomas Schoeller, with comments from others) and have been running with it for about 2 months now. confirmed it works on i386 and amd64; my sparc64 is not currently in a net-location to test functionality, but it compiles. - update to 0.5.1 - adds a sample split vpn script one thing i did take out was the work-around for amd64 (-O0). i'm unsure why that was in there, for i have vpnc running on amd64 without it. can someone provide the failure details? final comments, oks? Index: Makefile === RCS file: /cvs/ports/security/vpnc/Makefile,v retrieving revision 1.12 diff -u -p -r1.12 Makefile --- Makefile 15 Sep 2007 23:30:01 - 1.12 +++ Makefile 31 Mar 2008 13:58:49 - @@ -2,8 +2,7 @@ COMMENT= client for Cisco 3000 VPN concentrators -DISTNAME=vpnc-0.3.3 -PKGNAME= ${DISTNAME}p1 +DISTNAME=vpnc-0.5.1 CATEGORIES= security net HOMEPAGE=http://www.unix-ag.uni-kl.de/~massar/vpnc/ @@ -25,6 +24,7 @@ NO_REGRESS= Yes do-configure: @perl -pi -e s,/etc,${SYSCONFDIR},g ${WRKSRC}/{README,config.c} @sed -e s,%%PREFIX%%,${PREFIX},g ${FILESDIR}/vpnc.sh ${WRKBUILD}/vpnc.sh + @sed -e s,%%PREFIX%%,${PREFIX},g ${FILESDIR}/split.sh ${WRKBUILD}/split.sh do-install: ${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin @@ -33,6 +33,7 @@ do-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc + ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc ${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8 Index: distinfo === RCS file: /cvs/ports/security/vpnc/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo 5 Apr 2007 17:26:10 - 1.6 +++ distinfo 31 Mar 2008 13:58:49 - @@ -1,5 +1,5 @@ -MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag== -RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo= -SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo= -SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c= -SIZE (vpnc-0.3.3.tar.gz) = 59939 +MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw== +RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI= +SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0= +SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0= +SIZE (vpnc-0.5.1.tar.gz) = 91496 Index: files/split.sh === RCS file: files/split.sh diff -N files/split.sh --- /dev/null 1 Jan 1970 00:00:00 - +++ files/split.sh31 Mar 2008 13:58:49 - @@ -0,0 +1,19 @@ +#!/bin/sh + +# this effectively disables changes to /etc/resolv.conf +INTERNAL_IP4_DNS= + +# This sets up split networking regardless +# of the concentrators specifications. +# You can add as many routes as you want, +# but you must set the counter $CISCO_SPLIT_INC +# accordingly +CISCO_SPLIT_INC=1 +CISCO_SPLIT_INC_0_ADDR=10.0.0.0 +CISCO_SPLIT_INC_0_MASK=255.255.0.0 +CISCO_SPLIT_INC_0_MASKLEN=16 +CISCO_SPLIT_INC_0_PROTOCOL=0 +CISCO_SPLIT_INC_0_SPORT=0 +CISCO_SPLIT_INC_0_DPORT=0 + +. /etc/vpnc/vpnc-script Index: patches/patch-Makefile === RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v retrieving revision 1.3 diff -u -p -r1.3 patch-Makefile --- patches/patch-Makefile11 Nov 2005 19:38:07 - 1.3 +++ patches/patch-Makefile31 Mar 2008 13:58:49 - @@ -1,16 +1,18 @@ $OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $ Makefile.origSun May 1 22:30:35 2005 -+++ Makefile Fri Nov 4 00:03:54 2005 -@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc - SBINDIR=$(PREFIX)/sbin - MANDIR=$(PREFIX)/share/man +--- Makefile.origThu Sep 6 16:05:15 2007 Makefile Wed Sep 19 06:05:20 2007 +@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION) + #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION + #OPENSSLLIBS = -lcrypto -CC=gcc --CFLAGS=-W -Wall -O -g '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) --LDFLAGS=-g $(shell libgcrypt-config --libs) -+CC?=gcc -+CFLAGS+=-W -Wall '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) -+LDFLAGS+=$(shell libgcrypt-config --libs
Re: openvpn_bsdauth-4
hi felix, here is a first attempt to make a port out of this ldap auth program. https://tiifp.org/quentin/OpenBSD/ports/ldapauth.tar.gz maybe someone is interessed.. thomas On Wed, Nov 21, 2007 at 04:40:47PM +0100, Felix kronlage wrote: On Wed, Nov 21, 2007 at 05:29:05PM +0200, Alexey Suslikov wrote: Hi Alexey, Guys, take a look at http://dpw.threerings.net/projects/openvpn-auth-ldap/ It is LDAP authentication plugin for OpenVPN and it integrates nicely with tables in OpenBSD PF. openvpn-auth-ldap needs re2c to build but it is in ports tree since mid of October (credits to sthen@). cool. I will take a look at it. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: Notes on vpnc
On Tue, Oct 09, 2007 at 09:08:42AM +0200, Thomas Schoeller wrote: hello, any doubts this could go in? could someone commit this? thanks thomas On Fri, Oct 05, 2007 at 03:54:37PM +0200, Thomas Schoeller wrote: On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote: can you send a diff -u with those in please? (I usually 'cvs diff -RuN' against an anoncvs server or local mirrored repository, which includes the version information, is easy to read and apply, and handles added/removed files nicely, but any 'diff -u' would be good) here is a updated diff. thank you stuart. new diff that not revert 1.12 Index: Makefile === RCS file: /cvs/ports/security/vpnc/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile15 Sep 2007 23:30:01 - 1.12 +++ Makefile11 Oct 2007 19:27:59 - @@ -2,8 +2,7 @@ COMMENT= client for Cisco 3000 VPN concentrators -DISTNAME= vpnc-0.3.3 -PKGNAME= ${DISTNAME}p1 +DISTNAME= vpnc-0.5.1 CATEGORIES=security net HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/ @@ -22,9 +21,15 @@ USE_GMAKE= Yes NO_REGRESS=Yes +# amd64 works only with -O0 +.if ${MACHINE_ARCH} == amd64 +CFLAGS+= -O0 +.endif + do-configure: @perl -pi -e s,/etc,${SYSCONFDIR},g ${WRKSRC}/{README,config.c} @sed -e s,%%PREFIX%%,${PREFIX},g ${FILESDIR}/vpnc.sh ${WRKBUILD}/vpnc.sh + @sed -e s,%%PREFIX%%,${PREFIX},g ${FILESDIR}/split.sh ${WRKBUILD}/split.sh do-install: ${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin @@ -33,6 +38,7 @@ ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc + ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc ${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8 Index: distinfo === RCS file: /cvs/ports/security/vpnc/distinfo,v retrieving revision 1.6 diff -u -r1.6 distinfo --- distinfo5 Apr 2007 17:26:10 - 1.6 +++ distinfo11 Oct 2007 19:27:59 - @@ -1,5 +1,5 @@ -MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag== -RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo= -SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo= -SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c= -SIZE (vpnc-0.3.3.tar.gz) = 59939 +MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw== +RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI= +SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0= +SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0= +SIZE (vpnc-0.5.1.tar.gz) = 91496 Index: files/split.sh === RCS file: files/split.sh diff -N files/split.sh --- /dev/null 1 Jan 1970 00:00:00 - +++ files/split.sh 11 Oct 2007 19:27:59 - @@ -0,0 +1,19 @@ +#!/bin/sh + +# this effectively disables changes to /etc/resolv.conf +INTERNAL_IP4_DNS= + +# This sets up split networking regardless +# of the concentrators specifications. +# You can add as many routes as you want, +# but you must set the counter $CISCO_SPLIT_INC +# accordingly +CISCO_SPLIT_INC=1 +CISCO_SPLIT_INC_0_ADDR=10.0.0.0 +CISCO_SPLIT_INC_0_MASK=255.255.0.0 +CISCO_SPLIT_INC_0_MASKLEN=16 +CISCO_SPLIT_INC_0_PROTOCOL=0 +CISCO_SPLIT_INC_0_SPORT=0 +CISCO_SPLIT_INC_0_DPORT=0 + +. /etc/vpnc/vpnc-script Index: patches/patch-Makefile === RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v retrieving revision 1.3 diff -u -r1.3 patch-Makefile --- patches/patch-Makefile 11 Nov 2005 19:38:07 - 1.3 +++ patches/patch-Makefile 11 Oct 2007 19:27:59 - @@ -1,16 +1,18 @@ $OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $ Makefile.orig Sun May 1 22:30:35 2005 -+++ Makefile Fri Nov 4 00:03:54 2005 -@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc - SBINDIR=$(PREFIX)/sbin - MANDIR=$(PREFIX)/share/man +--- Makefile.orig Thu Sep 6 16:05:15 2007 Makefile Wed Sep 19 06:05:20 2007 +@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION) + #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION + #OPENSSLLIBS = -lcrypto -CC=gcc --CFLAGS=-W -Wall -O -g '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) --LDFLAGS=-g $(shell libgcrypt-config --libs) -+CC?=gcc -+CFLAGS+=-W -Wall '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) -+LDFLAGS+=$(shell libgcrypt-config --libs) +-CFLAGS ?= -O3 -g +-CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings +-CFLAGS
Re: Notes on vpnc
hello, any doubts this could go in? could someone commit this? thanks thomas On Fri, Oct 05, 2007 at 03:54:37PM +0200, Thomas Schoeller wrote: On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote: can you send a diff -u with those in please? (I usually 'cvs diff -RuN' against an anoncvs server or local mirrored repository, which includes the version information, is easy to read and apply, and handles added/removed files nicely, but any 'diff -u' would be good) here is a updated diff. thank you stuart. Index: Makefile === RCS file: /cvs/ports/security/vpnc/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile 15 Sep 2007 23:30:01 - 1.12 +++ Makefile 5 Oct 2007 13:25:26 - @@ -1,9 +1,8 @@ -# $OpenBSD: Makefile,v 1.12 2007/09/15 23:30:01 merdely Exp $ +# $OpenBSD: Makefile,v 1.11 2006/08/03 23:28:12 espie Exp $ -COMMENT= client for Cisco 3000 VPN concentrators +COMMENT= client for Cisco 3000 VPN concentrators -DISTNAME=vpnc-0.3.3 -PKGNAME= ${DISTNAME}p1 +DISTNAME=vpnc-0.5.1 CATEGORIES= security net HOMEPAGE=http://www.unix-ag.uni-kl.de/~massar/vpnc/ @@ -22,9 +21,15 @@ USE_GMAKE= Yes NO_REGRESS= Yes +# amd64 works only with -O0 +.if ${MACHINE_ARCH} == amd64 +CFLAGS+= -O0 +.endif + do-configure: @perl -pi -e s,/etc,${SYSCONFDIR},g ${WRKSRC}/{README,config.c} @sed -e s,%%PREFIX%%,${PREFIX},g ${FILESDIR}/vpnc.sh ${WRKBUILD}/vpnc.sh + @sed -e s,%%PREFIX%%,${PREFIX},g ${FILESDIR}/split.sh ${WRKBUILD}/split.sh do-install: ${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin @@ -33,6 +38,7 @@ ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc + ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc ${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8 Index: distinfo === RCS file: /cvs/ports/security/vpnc/distinfo,v retrieving revision 1.6 diff -u -r1.6 distinfo --- distinfo 5 Apr 2007 17:26:10 - 1.6 +++ distinfo 5 Oct 2007 13:25:26 - @@ -1,5 +1,5 @@ -MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag== -RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo= -SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo= -SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c= -SIZE (vpnc-0.3.3.tar.gz) = 59939 +MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw== +RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI= +SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0= +SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0= +SIZE (vpnc-0.5.1.tar.gz) = 91496 Index: files/split.sh === RCS file: files/split.sh diff -N files/split.sh --- /dev/null 1 Jan 1970 00:00:00 - +++ files/split.sh5 Oct 2007 13:25:26 - @@ -0,0 +1,19 @@ +#!/bin/sh + +# this effectively disables changes to /etc/resolv.conf +INTERNAL_IP4_DNS= + +# This sets up split networking regardless +# of the concentrators specifications. +# You can add as many routes as you want, +# but you must set the counter $CISCO_SPLIT_INC +# accordingly +CISCO_SPLIT_INC=1 +CISCO_SPLIT_INC_0_ADDR=10.0.0.0 +CISCO_SPLIT_INC_0_MASK=255.255.0.0 +CISCO_SPLIT_INC_0_MASKLEN=16 +CISCO_SPLIT_INC_0_PROTOCOL=0 +CISCO_SPLIT_INC_0_SPORT=0 +CISCO_SPLIT_INC_0_DPORT=0 + +. /etc/vpnc/vpnc-script Index: patches/patch-Makefile === RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v retrieving revision 1.3 diff -u -r1.3 patch-Makefile --- patches/patch-Makefile11 Nov 2005 19:38:07 - 1.3 +++ patches/patch-Makefile5 Oct 2007 13:25:26 - @@ -1,16 +1,18 @@ $OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $ Makefile.origSun May 1 22:30:35 2005 -+++ Makefile Fri Nov 4 00:03:54 2005 -@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc - SBINDIR=$(PREFIX)/sbin - MANDIR=$(PREFIX)/share/man +--- Makefile.origThu Sep 6 16:05:15 2007 Makefile Wed Sep 19 06:05:20 2007 +@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION) + #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION + #OPENSSLLIBS = -lcrypto -CC=gcc --CFLAGS=-W -Wall -O -g '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) --LDFLAGS=-g $(shell libgcrypt-config --libs) -+CC?=gcc -+CFLAGS+=-W -Wall '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) -+LDFLAGS+=$(shell
Re: Notes on vpnc
On Thu, Sep 20, 2007 at 11:24:27PM -0500, Aaron Hsu wrote: I have not really had the time to follow the vpnc porting efforts lately, but I believe I recalled someone mentioning that vpnc failed to maintain a connection? I wanted to report that I experience the same thing, where vpnc just stops forwarding connections or something. I can kill vpnc and restart it, and this works, but then eventually, that stops working and I have to reconfigure the network devices, and then start vpnc again. I cannot tell whether this is caused by my Universities vpn or not. :-/ Are there any problems still outstanding? i'm running this patch for 3weeks in production for a connection to a client. it is much better as the 3.3.0 in ports. i have still disconnects, but it terminates the process. in the old version the process was not terminated and just did not forward packets. imho it is also much more stable. the patch attached also runs on amd64. it seams that the network configure script has issues in restoring the routing table if more than 1 ip address is assigned to an interface. i think someone can commit this port. thomas diff -r -N /usr/ports/security/vpnc/Makefile /usr/ports/mystuff/security/vpnc/Makefile 5,6c5,6 DISTNAME= vpnc-0.3.3 PKGNAME= ${DISTNAME}p1 --- DISTNAME= vpnc-0.5.1 PKGNAME= ${DISTNAME} 24a25,29 CFLAGS= -O3 .if ${MACHINE_ARCH} == amd64 CFLAGS= -O0 .endif 27a33 @sed -e s,%%PREFIX%%,${PREFIX},g ${FILESDIR}/split.sh ${WRKBUILD}/split.sh 35a42 ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc diff -r -N /usr/ports/security/vpnc/distinfo /usr/ports/mystuff/security/vpnc/distinfo 1,5c1,5 MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag== RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo= SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo= SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c= SIZE (vpnc-0.3.3.tar.gz) = 59939 --- MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw== RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI= SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0= SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0= SIZE (vpnc-0.5.1.tar.gz) = 91496 diff -r -N /usr/ports/security/vpnc/files/split.sh /usr/ports/mystuff/security/vpnc/files/split.sh 0a1,19 #!/bin/sh # this effectively disables changes to /etc/resolv.conf INTERNAL_IP4_DNS= # This sets up split networking regardless # of the concentrators specifications. # You can add as many routes as you want, # but you must set the counter $CISCO_SPLIT_INC # accordingly CISCO_SPLIT_INC=1 CISCO_SPLIT_INC_0_ADDR=10.0.0.0 CISCO_SPLIT_INC_0_MASK=255.255.0.0 CISCO_SPLIT_INC_0_MASKLEN=16 CISCO_SPLIT_INC_0_PROTOCOL=0 CISCO_SPLIT_INC_0_SPORT=0 CISCO_SPLIT_INC_0_DPORT=0 . /etc/vpnc/vpnc-script diff -r -N /usr/ports/security/vpnc/patches/patch-Makefile /usr/ports/mystuff/security/vpnc/patches/patch-Makefile 2,6c2,6 --- Makefile.orig Sun May 1 22:30:35 2005 +++ Makefile Fri Nov 4 00:03:54 2005 @@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc SBINDIR=$(PREFIX)/sbin MANDIR=$(PREFIX)/share/man --- --- Makefile.orig Thu Sep 6 16:05:15 2007 +++ Makefile Wed Sep 19 06:05:20 2007 @@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION) #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION #OPENSSLLIBS = -lcrypto 9,13c9,16 -CFLAGS=-W -Wall -O -g '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) -LDFLAGS=-g $(shell libgcrypt-config --libs) +CC?=gcc +CFLAGS+=-W -Wall '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) +LDFLAGS+=$(shell libgcrypt-config --libs) --- -CFLAGS ?= -O3 -g -CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings -CFLAGS += $(shell libgcrypt-config --cflags) +CC ?= gcc +CFLAGS += -W -Wall '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) CPPFLAGS += -DVERSION=\$(VERSION)\ $(OPENSSL_GPL_VIOLATION) -LDFLAGS ?= -g LDFLAGS += $(shell libgcrypt-config --libs) $(OPENSSLLIBS) 15,16c18 ifeq ($(shell uname -s), Linux) SYSDEP=sysdep-linux.o --- ifeq ($(shell uname -s), SunOS) diff -r -N /usr/ports/security/vpnc/patches/patch-tunip_c /usr/ports/mystuff/security/vpnc/patches/patch-tunip_c 1,21d0 $OpenBSD: patch-tunip_c,v 1.3 2005/11/11 19:38:07 sturm Exp $ --- tunip.c.orig Thu May 5 12:25:00 2005 +++ tunip.c Fri Nov 4 00:09:30 2005 @@ -436,7 +436,7 @@ int update_sa_addr(struct sa_desc *p) if (new_addr.sin_addr.s_addr != p-source.sin_addr.s_addr) { char addr1[16]; p-source.sin_addr = new_addr.sin_addr; - strcpy(addr1, inet_ntoa(p-dest.sin_addr)); + strlcpy(addr1, inet_ntoa(p-dest.sin_addr), sizeof(addr1)); syslog(LOG_NOTICE, local address for %s is %s, addr1, inet_ntoa(p-source.sin_addr));
Re: Notes on vpnc
On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote: can you send a diff -u with those in please? (I usually 'cvs diff -RuN' against an anoncvs server or local mirrored repository, which includes the version information, is easy to read and apply, and handles added/removed files nicely, but any 'diff -u' would be good) here is a updated diff. thank you stuart. Index: Makefile === RCS file: /cvs/ports/security/vpnc/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile15 Sep 2007 23:30:01 - 1.12 +++ Makefile5 Oct 2007 13:25:26 - @@ -1,9 +1,8 @@ -# $OpenBSD: Makefile,v 1.12 2007/09/15 23:30:01 merdely Exp $ +# $OpenBSD: Makefile,v 1.11 2006/08/03 23:28:12 espie Exp $ -COMMENT= client for Cisco 3000 VPN concentrators +COMMENT= client for Cisco 3000 VPN concentrators -DISTNAME= vpnc-0.3.3 -PKGNAME= ${DISTNAME}p1 +DISTNAME= vpnc-0.5.1 CATEGORIES=security net HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/ @@ -22,9 +21,15 @@ USE_GMAKE= Yes NO_REGRESS=Yes +# amd64 works only with -O0 +.if ${MACHINE_ARCH} == amd64 +CFLAGS+= -O0 +.endif + do-configure: @perl -pi -e s,/etc,${SYSCONFDIR},g ${WRKSRC}/{README,config.c} @sed -e s,%%PREFIX%%,${PREFIX},g ${FILESDIR}/vpnc.sh ${WRKBUILD}/vpnc.sh + @sed -e s,%%PREFIX%%,${PREFIX},g ${FILESDIR}/split.sh ${WRKBUILD}/split.sh do-install: ${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin @@ -33,6 +38,7 @@ ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc + ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc ${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8 Index: distinfo === RCS file: /cvs/ports/security/vpnc/distinfo,v retrieving revision 1.6 diff -u -r1.6 distinfo --- distinfo5 Apr 2007 17:26:10 - 1.6 +++ distinfo5 Oct 2007 13:25:26 - @@ -1,5 +1,5 @@ -MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag== -RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo= -SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo= -SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c= -SIZE (vpnc-0.3.3.tar.gz) = 59939 +MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw== +RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI= +SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0= +SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0= +SIZE (vpnc-0.5.1.tar.gz) = 91496 Index: files/split.sh === RCS file: files/split.sh diff -N files/split.sh --- /dev/null 1 Jan 1970 00:00:00 - +++ files/split.sh 5 Oct 2007 13:25:26 - @@ -0,0 +1,19 @@ +#!/bin/sh + +# this effectively disables changes to /etc/resolv.conf +INTERNAL_IP4_DNS= + +# This sets up split networking regardless +# of the concentrators specifications. +# You can add as many routes as you want, +# but you must set the counter $CISCO_SPLIT_INC +# accordingly +CISCO_SPLIT_INC=1 +CISCO_SPLIT_INC_0_ADDR=10.0.0.0 +CISCO_SPLIT_INC_0_MASK=255.255.0.0 +CISCO_SPLIT_INC_0_MASKLEN=16 +CISCO_SPLIT_INC_0_PROTOCOL=0 +CISCO_SPLIT_INC_0_SPORT=0 +CISCO_SPLIT_INC_0_DPORT=0 + +. /etc/vpnc/vpnc-script Index: patches/patch-Makefile === RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v retrieving revision 1.3 diff -u -r1.3 patch-Makefile --- patches/patch-Makefile 11 Nov 2005 19:38:07 - 1.3 +++ patches/patch-Makefile 5 Oct 2007 13:25:26 - @@ -1,16 +1,18 @@ $OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $ Makefile.orig Sun May 1 22:30:35 2005 -+++ Makefile Fri Nov 4 00:03:54 2005 -@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc - SBINDIR=$(PREFIX)/sbin - MANDIR=$(PREFIX)/share/man +--- Makefile.orig Thu Sep 6 16:05:15 2007 Makefile Wed Sep 19 06:05:20 2007 +@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION) + #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION + #OPENSSLLIBS = -lcrypto -CC=gcc --CFLAGS=-W -Wall -O -g '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) --LDFLAGS=-g $(shell libgcrypt-config --libs) -+CC?=gcc -+CFLAGS+=-W -Wall '-DVERSION=$(shell cat VERSION)' $(shell libgcrypt-config --cflags) -+LDFLAGS+=$(shell libgcrypt-config --libs) +-CFLAGS ?= -O3 -g +-CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings +-CFLAGS += $(shell libgcrypt-config --cflags) ++CC ?= gcc ++CFLAGS += -W -Wall '-DVERSION=$(shell cat
Re: UPDATE: vpnc - 0.5.1
On Tue, Sep 18, 2007 at 02:34:42PM +0100, Stuart Henderson wrote: On 2007/09/18 14:29, Stuart Henderson wrote: On 2007/09/17 19:11, Frederick C. Druseikis wrote: Works reliably on amd64 if compiled with egcc (gcc-4.2-2007xx) from ports; fails in odd ways on amd64 if compiled under obsd cc 4.1 (this is a gcc 3.x problem known to vpnc devs) I think gcc 3 would be preferable if can be made to work, can you try it with -O0? oh, hang on... try this patch instead. http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=109;list=vpnc this patch is already in the vpnc tree.
Re: UPDATE: vpnc - 0.5.1
hello, runs fine for me on macppc and i386 against a Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.7.Q suggestions: - remove .orig files - install a sample split tunnel script split.sh: #!/bin/sh # this effectively disables changes to /etc/resolv.conf INTERNAL_IP4_DNS= # This sets up split networking regardless # of the concentrators specifications. # You can add as many routes as you want, # but you must set the counter $CISCO_SPLIT_INC # accordingly CISCO_SPLIT_INC=1 CISCO_SPLIT_INC_0_ADDR=10.0.0.0 CISCO_SPLIT_INC_0_MASK=255.255.0.0 CISCO_SPLIT_INC_0_MASKLEN=16 CISCO_SPLIT_INC_0_PROTOCOL=0 CISCO_SPLIT_INC_0_SPORT=0 CISCO_SPLIT_INC_0_DPORT=0 . /etc/vpnc/vpnc-script - patch against vpnc-script that not existing routes get not removed(prevents error messages in split tunnel mode). but i do know how to check if a route exists which handle special netmask because route/netstat shows routes in cidr notation. tomorrow i will see if dead peer detection and rekeying works. thomas On Wed, Sep 12, 2007 at 09:47:08PM -0500, Aaron Hsu wrote: The compressed archive of the port is available at http://www.sacrificumdeo.net/vpnc.tar.gz -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;))
Re: UPDATE: vpnc - 0.5.1
here is a port with all these suggestions On Thu, Sep 13, 2007 at 04:46:37PM +0200, Thomas Schoeller wrote: hello, runs fine for me on macppc and i386 against a Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.7.Q suggestions: - remove .orig files - install a sample split tunnel script split.sh: #!/bin/sh # this effectively disables changes to /etc/resolv.conf INTERNAL_IP4_DNS= # This sets up split networking regardless # of the concentrators specifications. # You can add as many routes as you want, # but you must set the counter $CISCO_SPLIT_INC # accordingly CISCO_SPLIT_INC=1 CISCO_SPLIT_INC_0_ADDR=10.0.0.0 CISCO_SPLIT_INC_0_MASK=255.255.0.0 CISCO_SPLIT_INC_0_MASKLEN=16 CISCO_SPLIT_INC_0_PROTOCOL=0 CISCO_SPLIT_INC_0_SPORT=0 CISCO_SPLIT_INC_0_DPORT=0 . /etc/vpnc/vpnc-script - patch against vpnc-script that not existing routes get not removed(prevents error messages in split tunnel mode). but i do know how to check if a route exists which handle special netmask because route/netstat shows routes in cidr notation. tomorrow i will see if dead peer detection and rekeying works. thomas On Wed, Sep 12, 2007 at 09:47:08PM -0500, Aaron Hsu wrote: The compressed archive of the port is available at http://www.sacrificumdeo.net/vpnc.tar.gz -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) vpnc.tar.gz Description: application/tar-gz
Re: [PATCH] NTLM/winbind support for squid
On Fri, Oct 27, 2006 at 01:07:55PM +0200, Thomas Schoeller wrote: i have not tried you patch. but i did something similar to this. and it runs fine in production for 6months. PLIST should be updated. i will do this when i got some time. i would be really happy if this goes into the cvs. thomas On Thu, Oct 26, 2006 at 04:30:06PM -0200, Eduardo Alvarenga wrote: 2006/9/25, Eduardo Alvarenga [EMAIL PROTECTED]: 2006/9/25, Antoine Jacoutot [EMAIL PROTECTED]: On Mon, 25 Sep 2006, Eduardo Alvarenga wrote: +FLAVORS= transparent snmp ntlm-winbind I don't think ntlm-winbind is a correct syntax. Either use ntlm or winbind. Well, It can be ntlm or even ntlmssp. But just winbind may confuse people I think. I'd like to have feedbacks about the patch. Since I'm not subscribed to ports@, please be gentle and CC me too. Did anyone cared about this patch? It is really useful. Worth trying. -- Eduardo Alvarenga
Re: NEW: www/nginx
hello, it builds fine for me on macppc. and lynx localhost shows the welcome page. dont know what else to test. On Wed, Oct 11, 2006 at 01:23:10PM +0300, nikns wrote: COMMENT=robust and small HTTP server and IMAP/POP3 proxy server nginx [engine x] is a HTTP server and IMAP/POP3 proxy server. The basic HTTP features: * the handling of the static files, index files, and autoindexing; * the accelerated reverse proxying without caching, simple load balancing and fault tolerance; * the accelerated support without caching of the remote FastCGI servers, simple load balancing and fault tolerance; * the modular architecture, the filters including gzipping, byte ranges, chunked responses, and SSI-filter; the several subrequests in one page handling in SSI-filter via FastCGI or proxy are running in parallel; * the SSL support; The IMAP/POP3 proxy server features: * the user redirection to IMAP/POP3 backend using an external HTTP authentication server; * the plain text authentication (LOGIN, USER/PASS); * the SSL and STARTTLS support; http://secure.lv/~nikns/stuff/ports/nginx-0.4.7.tar Tested on i386, alpha.
Re: NEW: games/airstrike
builds fine on macppc, fullscreen works also. release notes shows an error that the file does not exist. so long thomas On Wed, Oct 11, 2006 at 05:49:39PM +0300, nikns wrote: Yeah, It's fun, after I understood that I must use accelerate to start flying :] For me on i386, switching to fullscreen works fine. But accessing the `About the game' or `Release notes' I get msg on screen Error: could not open 'notes.txt'. On Wed, Oct 11, 2006 at 04:41:52PM +0200, Michael Knudsen wrote: Quoting Andreas Bihlmaier ([EMAIL PROTECTED]): I ported airstrike, see pkg_info below. The game is still an alpha version and development seems to be kind of staled, also there is only one level so far. Why did I port it? Play it once (with a friend), it is really addicting. It's fun, but accessing the `About the game' or `Release notes' in the game doesn't work. Also, the game segfaults when trying to switch to fullscreen from the menu, leaving the screen in a different resolution. -- Five exclamation marks, the sure sign of an insane mind. -- (Terry Pratchett, Reaper Man)
Re: New port, py-silc-0.4
hello, works fine for me, too on i386. also builds fine on macppc. thomas On Sun, Sep 24, 2006 at 11:07:55PM +0300, Martynas Venckus wrote: Hi, I'm writing my own silc client in Python. Below in the link to py-silc-0.4 Python SILC Toolkit Bindings port which i just made. Tested on 3.9-stable (i386) and current (amd64) -- works fine. http://www.altroot.org/py-silc.tar.gz Martynas Venckus
Re: [PATCH] Winbind support for samba
hello again, i have tested it without -lcrypto but the configure aborts. can someone enlight me why its it not working. thanks in advance thomas checking for Active Directory and krb5 support... yes checking for ldap_initialize... yes checking for ldap_add_result_entry... yes checking for kerberos 5 install path... no krb5-path given checking for krb5-config... /usr/ports/net/samba_winbind/w-samba-3.0.23c-winbind /bin/krb5-config checking for working krb5-config... yes checking krb5.h usability... yes checking krb5.h presence... yes checking for krb5.h... yes checking gssapi.h usability... yes checking gssapi.h presence... yes checking for gssapi.h... yes checking gssapi/gssapi_generic.h usability... no checking gssapi/gssapi_generic.h presence... no checking for gssapi/gssapi_generic.h... no checking gssapi/gssapi.h usability... no checking gssapi/gssapi.h presence... no checking for gssapi/gssapi.h... no checking com_err.h usability... yes checking com_err.h presence... yes checking for com_err.h... yes checking for _et_list in -lcom_err... no checking for krb5_encrypt_data in -lk5crypto... no checking for des_set_key in -lcrypto... no checking for copy_Authenticator in -lasn1... no checking for roken_getaddrinfo_hostspec in -lroken... no checking for gss_display_status in -lgssapi... no checking for krb5_mk_req_extended in -lkrb5... no checking for krb5_kt_compare in -lkrb5... no checking for gss_display_status in -lgssapi_krb5... no checking for krb5_set_real_time... no checking for krb5_set_default_in_tkt_etypes... no checking for krb5_set_default_tgs_ktypes... no checking for krb5_principal2salt... no checking for krb5_use_enctype... no checking for krb5_string_to_key... no checking for krb5_get_pw_salt... no checking for krb5_string_to_key_salt... no checking for krb5_auth_con_setkey... no checking for krb5_auth_con_setuseruserkey... no checking for krb5_locate_kdc... no checking for krb5_get_permitted_enctypes... no checking for krb5_get_default_in_tkt_etypes... no checking for krb5_free_ktypes... no checking for krb5_free_data_contents... no checking for krb5_principal_get_comp_string... no checking for krb5_free_unparsed_name... no checking for krb5_free_keytab_entry_contents... no checking for krb5_kt_free_entry... no checking for krb5_krbhst_get_addrinfo... no checking for krb5_c_enctype_compare... no checking for krb5_enctypes_compatible_keys... no checking for krb5_crypto_init... no checking for krb5_crypto_destroy... no checking for krb5_decode_ap_req... no checking for decode_krb5_ap_req... no checking for krb5_free_ap_req... no checking for free_AP_REQ... no checking for krb5_c_verify_checksum... no checking for krb5_principal_compare_any_realm... no checking for krb5_parse_name_norealm... no checking for krb5_princ_size... no checking for krb5_get_init_creds_opt_set_pac_request... no checking for krb5_get_renewed_creds... no checking for krb5_get_kdc_cred... no checking for krb5_free_error_contents... no checking whether krb5_verify_checksum takes 7 arguments... 6 checking for checksum in krb5_checksum... yes checking for etype in EncryptedData... yes checking for ticket pointer in krb5_ap_req... no checking for e_data pointer in krb5_error... yes checking for krb5_crypto type... yes checking for krb5_encrypt_block type... no checking for addrtype in krb5_address... no checking for addr_type in krb5_address... yes checking for enc_part2 in krb5_ticket... no checking for keyblock in krb5_creds... no checking for session in krb5_creds... yes checking for keyvalue in krb5_keyblock... yes checking for ENCTYPE_ARCFOUR_HMAC_MD5... yes checking for KEYTYPE_ARCFOUR_56... yes checking for AP_OPTS_USE_SUBKEY... yes checking for KV5M_KEYTAB... no checking for KRB5_KU_OTHER_CKSUM... yes checking for KRB5_KEYUSAGE_APP_DATA_CKSUM... no checking for the krb5_princ_component macro... no checking for key in krb5_keytab_entry... no checking for keyblock in krb5_keytab_entry... yes checking for magic in krb5_address... no configure: error: libkrb5 is needed for Active Directory support *** Error code 1 Stop in /usr/ports/net/samba_winbind (line 1931 of /usr/ports/infrastructure/mk/ bsd.port.mk). On Thu, Oct 05, 2006 at 09:06:26PM +0200, Thomas Schoeller wrote: the howto is still in development. i will try it on a clean machine when i got some time. and i forgot the patch to attach. thanks for your comments On Thu, Oct 05, 2006 at 03:58:46PM -0300, Eduardo Alvarenga wrote: 2006/10/5, Thomas Schoeller [EMAIL PROTECTED]: hello, i tested this patch, and used something similar to this patch for some month in production, too. i have have updated the patch to use the new -current version of samba and added some plist glue. i know that openbsd does not require -lcrypt but i dont tested it without it. i do test this tomorrow if it works without -lcrypt. tomorrow i will also test this on macppc. i've done something like a howto for this too https://tiifp.org/quentin/squid.html any
Re: [new] silc-plugin for irssi
hello, ive build this port on my macppc and it is working great :) hope to have it in the ports sometime. best regards thomas On Sat, Sep 23, 2006 at 12:00:22PM +0200, viq wrote: I was trying to update silc-client to 1.0.3, but that didn't work that well (someone had problems running it on amd64), so I decided to play with this instead, and here are results of it. I'd call it a late alpha, the Makefile needs some cleanup (I left all the mess in there somewhat on purpose, so people can see what else I was trying to do there, and may offer better sugestions; also at first it was going to be a subpackage of irssi, and it shows I think). Couple of things about this port: First, most important one: I had to modify the patches somewhat, due to the issue with fuzzy patching on OpenBSD (and to add one line to one of them) - thus the file with patches is attached to this mail (I hope it will get through), and the Makefile for now points at my box to get them untill c0ffee will incorporate the changes. Second, run-depends. Those two perl modules are there so running the second of recomended scripts, silc-mime.pl will work. Or that could be moved to MESSAGE, something like If you want to run this script you will need xx and yy. Third, there is a lot of patches left from normal irssi build (well, modified to fit the files after some of them are modified). Probably a lot of them are not needed, but I left them for now to have a consistent source with the irssi that gets installed. I rename the theme file to silc.theme, and install it and the script files as @sample to /etc/irssi/{themes,scripts}/ so they are more visible, but that's not really necessary. This port cannot coexist with silc-client, due to some files existing in same locations. I don't know how to fix this, if at all possible. And if not, should I add to makefile some information about conflicting packages? Please comment, test (amd64 is important, seeing as the silc-client port I tried to make didn't want to work there), flame, and generally enjoy ;) -- viq
Re: [PATCH] Winbind support for samba
On Fri, Oct 06, 2006 at 11:35:30AM -0300, Eduardo Alvarenga wrote: 2006/10/6, Thomas Schoeller [EMAIL PROTECTED]: hello again, i have tested it without -lcrypto but the configure aborts. can someone enlight me why its it not working. thanks in advance thomas checking for Active Directory and krb5 support... yes checking for ldap_initialize... yes checking for ldap_add_result_entry... yes checking for kerberos 5 install path... no krb5-path given checking for krb5-config... bg-snip checking for keyblock in krb5_keytab_entry... yes checking for magic in krb5_address... no configure: error: libkrb5 is needed for Active Directory support *** Error code 1 Stop in /usr/ports/net/samba_winbind (line 1931 of /usr/ports/infrastructure/mk/ bsd.port.mk). Why are you trying to avoid libcrypto? It IS necessary. because i read the OpenBSD Proting Policy and there is mentioned that -lcrypt is not necessary, and i overlooked the o in -lcrypto. sorry for the trouble Regards, -- Eduardo Alvarenga
Re: [PATCH] Winbind support for samba
hello, i tested this patch, and used something similar to this patch for some month in production, too. i have have updated the patch to use the new -current version of samba and added some plist glue. i know that openbsd does not require -lcrypt but i dont tested it without it. i do test this tomorrow if it works without -lcrypt. tomorrow i will also test this on macppc. i've done something like a howto for this too https://tiifp.org/quentin/squid.html any comments and testing are welcome. best regards thomas On Mon, Sep 25, 2006 at 02:24:45PM -0300, Eduardo Alvarenga wrote: Hi, This patch makes samba support winbind. Note that this will not make your Windows users appear on you OpenBSD environment. This is not winbind's work. This patch is a requirement for the squid-ntlm-winbind patch I'll send further. I'm running this for about 1 year in production with zero problems. Note that I did not 'update-plist' anything, and did not touch the MESSAGE file either. But it could be something like this: -- $ sudo ${LOCALBASE}/libexec/winbindd # start the samba winbind daemon -- -- diff -urN samba/Makefile samba.winbind/Makefile --- samba/Makefile Wed Aug 9 09:54:04 2006 +++ samba.winbind/Makefile Mon Sep 25 13:01:53 2006 @@ -62,7 +62,7 @@ CONFIGURE_ENV= CPPFLAGS=-I${LOCALBASE}/include \ LDFLAGS=-L${LOCALBASE}/lib -Wl,--export-dynamic -FLAVORS=cups ldap +FLAVORS=cups ldap winbind FLAVOR?= MULTI_PACKAGES= -docs @@ -81,8 +81,15 @@ CONFIGURE_ARGS+= --with-ldap --without-ads LIB_DEPENDS+= ldap,lber::databases/openldap \ utf8::misc/libutf8 +.endif + +.if ${FLAVOR:L:Mwinbind} +CONFIGURE_ARGS+= --with-ldap --with-ads --with-winbind +LIB_DEPENDS+= ldap,lber::databases/openldap \ + utf8::misc/libutf8 +WANTLIB+= gssapi krb5 .else -CONFIGURE_ARGS+= --without-ldap --without-ads +CONFIGURE_ARGS+= --without-ldap --without-ads --without-winbind .endif .if defined(PACKAGING) ${SUBPACKAGE} == -docs @@ -102,6 +109,12 @@ ${WRKSRC}/../docs/registry/*.reg SAMPLE_CONFIG= ${PREFIX}/share/examples/samba/smb.conf.default + +.if ${FLAVOR:L:Mwinbind} +post-extract: + @cp ${FILESDIR}/krb5-config ${WRKDIR}/bin + @chmod a+x ${WRKDIR}/bin/krb5-config +.endif post-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/samba/pdf diff -urN samba/files/krb5-config samba.winbind/files/krb5-config --- samba/files/krb5-config Wed Dec 31 21:00:00 1969 +++ samba.winbind/files/krb5-config Mon Sep 25 12:39:02 2006 @@ -0,0 +1,9 @@ +#! /bin/sh + +case x$1 in +x--libs) + echo '-lgssapi -lkrb5 -lasn1 -lcrypto';; +x--cflags) + echo '-I/usr/include/kerberosV';; +esac +exit 0 -- Please apply it with p1. Regards, -- Eduardo Alvarenga
Re: [PATCH] Winbind support for samba
the howto is still in development. i will try it on a clean machine when i got some time. and i forgot the patch to attach. thanks for your comments On Thu, Oct 05, 2006 at 03:58:46PM -0300, Eduardo Alvarenga wrote: 2006/10/5, Thomas Schoeller [EMAIL PROTECTED]: hello, i tested this patch, and used something similar to this patch for some month in production, too. i have have updated the patch to use the new -current version of samba and added some plist glue. i know that openbsd does not require -lcrypt but i dont tested it without it. i do test this tomorrow if it works without -lcrypt. tomorrow i will also test this on macppc. i've done something like a howto for this too https://tiifp.org/quentin/squid.html any comments and testing are welcome. Nice article. But please note that you MUST patch squid[1] too. The current howto[2] pointed in your document assumes you already have winbind as one of the auth-helpers for squid since it is based on Gentoo Linux. [1] http://marc.theaimsgroup.com/?l=openbsd-portsm=115920576932016w=2 [2] http://mkeadle.org/index.php?p=13 Maybe you can adapt it on you how-to. Would be a great improvement. Best Regards, -- Eduardo Alvarenga diff -r -u -N samba/Makefile samba_winbind/Makefile --- samba/Makefile Tue Oct 3 16:07:10 2006 +++ samba_winbind/Makefile Tue Sep 26 05:51:14 2006 @@ -61,7 +61,7 @@ CONFIGURE_ENV= CPPFLAGS=-I${LOCALBASE}/include \ LDFLAGS=-L${LOCALBASE}/lib -Wl,--export-dynamic -FLAVORS=cups ldap +FLAVORS=cups ldap winbind FLAVOR?= MULTI_PACKAGES= -docs @@ -80,8 +80,15 @@ CONFIGURE_ARGS+= --with-ldap --without-ads LIB_DEPENDS+= ldap,lber::databases/openldap \ utf8::misc/libutf8 +.endif + +.if ${FLAVOR:L:Mwinbind} +CONFIGURE_ARGS+= --with-ldap --with-ads --with-winbind +LIB_DEPENDS+= ldap,lber::databases/openldap \ + utf8::misc/libutf8 +WANTLIB+= gssapi krb5 .else -CONFIGURE_ARGS+= --without-ldap --without-ads +CONFIGURE_ARGS+= --without-ldap --without-ads --without-winbind .endif .if defined(PACKAGING) ${SUBPACKAGE} == -docs @@ -101,6 +108,12 @@ ${WRKSRC}/../docs/registry/*.reg SAMPLE_CONFIG= ${PREFIX}/share/examples/samba/smb.conf.default + +.if ${FLAVOR:L:Mwinbind} +post-extract: + @cp ${FILESDIR}/krb5-config ${WRKDIR}/bin + @chmod a+x ${WRKDIR}/bin/krb5-config +.endif post-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/samba/pdf diff -r -u -N samba/files/krb5-config samba_winbind/files/krb5-config --- samba/files/krb5-config Thu Jan 1 01:00:00 1970 +++ samba_winbind/files/krb5-config Tue Sep 26 02:08:42 2006 @@ -0,0 +1,9 @@ +#! /bin/sh + +case x$1 in +x--libs) + echo '-lgssapi -lkrb5 -lasn1 -lcrypto';; +x--cflags) + echo '-I/usr/include/kerberosV';; +esac +exit 0 diff -r -u -N samba/files/krb5-config.orig samba_winbind/files/krb5-config.orig diff -r -u -N samba/pkg/PFRAG.winbind samba_winbind/pkg/PFRAG.winbind --- samba/pkg/PFRAG.winbind Thu Jan 1 01:00:00 1970 +++ samba_winbind/pkg/PFRAG.winbind Tue Sep 26 06:47:56 2006 @@ -0,0 +1,3 @@ [EMAIL PROTECTED] $OpenBSD: PFRAG.winbind,v 1.1 2006/10/05 14:35:54 ts Exp $ +libexec/winbindd +bin/wbinfo diff -r -u -N samba/pkg/PLIST samba_winbind/pkg/PLIST --- samba/pkg/PLIST Tue Oct 3 16:07:10 2006 +++ samba_winbind/pkg/PLIST Tue Sep 26 07:29:33 2006 @@ -104,3 +104,4 @@ share/swat/include/header.html @sample /var/spool/samba/ %%SHARED%% +%%winbind%%