From 81b1544861de5fef87dcfeae86b9287a02294b62 Mon Sep 17 00:00:00 2001 From: icp Date: Wed, 4 Dec 2024 00:18:27 +0530 Subject: [PATCH] strongswan: update to 6.0.0. --- srcpkgs/strongswan/INSTALL.msg | 1 + srcpkgs/strongswan/files/strongswan/run | 2 +- .../strongswan/patches/0001-fix-musl.patch | 41 -- .../strongswan/patches/0002-fix-musl.patch | 62 --- .../patches/rm-test_fetch_http.patch | 365 ++++++++++++++++++ .../strongswan/patches/rm-test_stream.patch | 303 +++++++++++++++ srcpkgs/strongswan/template | 47 +-- 7 files changed, 694 insertions(+), 127 deletions(-) create mode 100644 srcpkgs/strongswan/INSTALL.msg delete mode 100644 srcpkgs/strongswan/patches/0001-fix-musl.patch delete mode 100644 srcpkgs/strongswan/patches/0002-fix-musl.patch create mode 100644 srcpkgs/strongswan/patches/rm-test_fetch_http.patch create mode 100644 srcpkgs/strongswan/patches/rm-test_stream.patch diff --git a/srcpkgs/strongswan/INSTALL.msg b/srcpkgs/strongswan/INSTALL.msg new file mode 100644 index 00000000000..a4b64698429 --- /dev/null +++ b/srcpkgs/strongswan/INSTALL.msg @@ -0,0 +1 @@ +Configuration via ipsec.conf, ipsec.secrets, and ipsec.d using the stroke plugin, as well as using the ipsec command, has been invalidated. Refer to https://wiki.strongswan.org/projects/strongswan/wiki/IpsecConf for further details. \ No newline at end of file diff --git a/srcpkgs/strongswan/files/strongswan/run b/srcpkgs/strongswan/files/strongswan/run index 5963bb28e66..52e67105908 100644 --- a/srcpkgs/strongswan/files/strongswan/run +++ b/srcpkgs/strongswan/files/strongswan/run @@ -1,3 +1,3 @@ #!/bin/sh exec 2>&1 -exec ipsec start --nofork +exec /usr/libexec/ipsec/charon diff --git a/srcpkgs/strongswan/patches/0001-fix-musl.patch b/srcpkgs/strongswan/patches/0001-fix-musl.patch deleted file mode 100644 index eb9233f2a44..00000000000 --- a/srcpkgs/strongswan/patches/0001-fix-musl.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 540881627fe8083207f9a2cfd01b931164c7ef4e Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Fri, 22 Mar 2024 10:42:34 +0100 -Subject: [PATCH] farp: Fix build with musl C library - -Same issue as described in the previous commit. - -Fixes: 187c72d1afdc ("dhcp: Port the plugin to FreeBSD/macOS") ---- - src/libcharon/plugins/farp/farp_spoofer.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/libcharon/plugins/farp/farp_spoofer.c b/src/libcharon/plugins/farp/farp_spoofer.c -index 65451263f5f..7f2c9bef419 100644 ---- a/src/libcharon/plugins/farp/farp_spoofer.c -+++ b/src/libcharon/plugins/farp/farp_spoofer.c -@@ -20,12 +20,14 @@ - - #include - #include -+#include - #include - - #if !defined(__APPLE__) && !defined(__FreeBSD__) - #include --#include --#include -+#include -+#include -+#include - #include - #else - #include -@@ -33,7 +35,6 @@ - #include - #endif /* !defined(__APPLE__) && !defined(__FreeBSD__) */ - --#include - #include - #include - #include diff --git a/srcpkgs/strongswan/patches/0002-fix-musl.patch b/srcpkgs/strongswan/patches/0002-fix-musl.patch deleted file mode 100644 index a83cb14afd9..00000000000 --- a/srcpkgs/strongswan/patches/0002-fix-musl.patch +++ /dev/null @@ -1,62 +0,0 @@ -From f5b1ca4ef60bc4fca91f0d1e852ef8447d23c99a Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Fri, 22 Mar 2024 09:57:07 +0100 -Subject: [PATCH] pf-handler: Fix build with musl C library - -musl's headers define a lot of networking structs. For some, the -definition in the Linux UAPI headers is then suppressed by e.g. -__UAPI_DEF_ETHHDR. - -Since we included musl's net/ethernet.h, which includes netinet/if_ether.h -that defines `struct ethhdr` (and the above constant), **after** we -include linux/if_ether.h, there was a compilation error because the -struct was defined multiple times. - -However, simply moving that include doesn't fix the problem because for -ARP-specific structs the Linux headers don't provide __UAPI_DEF* checks. -So instead of directly including the linux/ headers, we include those -provided by the C library. For glibc these usually just include the -Linux headers, but for musl this allows them to define the struct -directly. We also need to move if.h and add packet.h, which define -other structs (or include headers that do so) that we use. - -Fixes: 187c72d1afdc ("dhcp: Port the plugin to FreeBSD/macOS") ---- - src/libcharon/network/pf_handler.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/libcharon/network/pf_handler.c b/src/libcharon/network/pf_handler.c -index 91b0e7507f9..43ef432ba60 100644 ---- a/src/libcharon/network/pf_handler.c -+++ b/src/libcharon/network/pf_handler.c -@@ -20,23 +20,23 @@ - - #include - #include -+#include -+#include -+#include -+#include - - #if !defined(__APPLE__) && !defined(__FreeBSD__) --#include --#include -+#include -+#include -+#include - #include - #else - #include - #include - #include --#include - #include - #endif /* !defined(__APPLE__) && !defined(__FreeBSD__) */ - --#include --#include --#include -- - #if !defined(__APPLE__) && !defined(__FreeBSD__) - - /** diff --git a/srcpkgs/strongswan/patches/rm-test_fetch_http.patch b/srcpkgs/strongswan/patches/rm-test_fetch_http.patch new file mode 100644 index 00000000000..52d005366db --- /dev/null +++ b/srcpkgs/strongswan/patches/rm-test_fetch_http.patch @@ -0,0 +1,365 @@ +--- a/src/libstrongswan/tests/Makefile.am ++++ b/src/libstrongswan/tests/Makefile.am +@@ -33,7 +33,6 @@ libstrongswan_tests_SOURCES = tests.h tests.c \ + suites/test_process.c \ + suites/test_watcher.c \ + suites/test_stream.c \ +- suites/test_fetch_http.c \ + suites/test_utils.c \ + suites/test_settings.c \ + suites/test_vectors.c \ +diff --git a/src/libstrongswan/tests/suites/test_fetch_http.c b/src/libstrongswan/tests/suites/test_fetch_http.c +deleted file mode 100644 +index b087a1e79..000000000 +--- a/src/libstrongswan/tests/suites/test_fetch_http.c ++++ /dev/null +@@ -1,337 +0,0 @@ +-/* +- * Copyright (C) 2014 Martin Willi +- * +- * Copyright (C) secunet Security Networks AG +- * +- * This program is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License as published by the +- * Free Software Foundation; either version 2 of the License, or (at your +- * option) any later version. See . +- * +- * This program is distributed in the hope that it will be useful, but +- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * for more details. +- */ +- +-#include "test_suite.h" +- +-#include +-#include +- +-#define HTTP_SUCCESS(status) ((status) >= 200 && (status) < 300) +- +-/** +- * HTTP test definition +- */ +-typedef struct { +- /* HTTP Method */ +- char *meth; +- /* HTTP 1.x minor version */ +- int minor; +- /* host to connect to */ +- char *host; +- /* HTTP service port */ +- int port; +- /* path on host to fetch from */ +- char *path; +- /* request Content-Type, if any */ +- char *type; +- /* request data, if any */ +- void *req; +- /* length of request data */ +- int req_len; +- /* response data, if any */ +- void *res; +- /* length of response data */ +- int res_len; +- /* status code, defaults to 200 */ +- u_int code; +-} test_service_t; +- +-static char large[] = { +- 0x88,0x3e,0xa3,0xe3,0x95,0x67,0x53,0x93,0xc8,0xce,0x5c,0xcd,0x8c,0x03,0x0c,0xa8, +- 0x94,0xaf,0x49,0xf6,0xc6,0x50,0xad,0xb8,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc, +- 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f, +- 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6, +- 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32, +- 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7, +- 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15, +- 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02, +- 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc, +- 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f, +- 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6, +- 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32, +- 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7, +- 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15, +- 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f, +- 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6, +- 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32, +- 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7, +- 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15, +- 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02, +- 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc, +- 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f, +- 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6, +- 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32, +- 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7, +- 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15, +- 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02, +- 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc, +-}; +- +-static bool servicing(void *data, stream_t *stream) +-{ +- test_service_t *test = (test_service_t*)data; +- char buf[1024], hdr[256], *start, *end = NULL, *body = NULL, *type = NULL; +- struct tm tm; +- time_t t; +- ssize_t len, tot = 0; +- int nr = 0; +- +- start = buf; +- +- /* parse method and headers */ +- while (end != start) +- { +- len = stream->read(stream, buf + tot, sizeof(buf) - tot, TRUE); +- ck_assert(len > 0); +- tot += len; +- +- while (TRUE) +- { +- end = memchr(start, '\n', tot); +- if (!end) +- { +- break; +- } +- *end = '\0'; +- ck_assert(end > buf); +- ck_assert(*(--end) == '\r'); +- *end = '\0'; +- if (end == start) +- { +- body = end + strlen("\r\n"); +- break; +- } +- switch (nr++) +- { +- case 0: +- snprintf(hdr, sizeof(hdr), "%s %s HTTP/1.%u", +- test->meth, test->path, test->minor); +- ck_assert_str_eq(hdr, start); +- break; +- default: +- if (strcasepfx(start, "Content-Length: ")) +- { +- ck_assert_int_eq( +- atoi(start + strlen("Content-Length: ")), +- test->req_len); +- } +- if (strcasepfx(start, "Content-Type: ")) +- { +- type = start + strlen("Content-Type: "); +- } +- break; +- } +- start = end + strlen("\r\n"); +- } +- } +- +- if (test->type) +- { +- ck_assert(type); +- ck_assert_str_eq(type, test->type); +- } +- +- /* request body */ +- if (test->req_len) +- { +- ck_assert(stream->read_all(stream, buf + tot, +- test->req_len - (tot - (body - buf)))); +- ck_assert(memeq(body, test->req, test->req_len)); +- } +- +- if (!test->code) +- { +- test->code = 200; +- } +- +- /* response headers */ +- snprintf(buf, sizeof(buf), "HTTP/1.%u %u OK\r\n", test->minor, test->code); +- ck_assert(stream->write_all(stream, buf, strlen(buf))); +- +- /* if the response code indicates an error the following write operations +- * might fail because the client already terminated the TCP connection */ +-#define may_fail(test, op) ck_assert(op || !HTTP_SUCCESS(test->code)) +- +- t = time(NULL); +- gmtime_r(&t, &tm); +- strftime(buf, sizeof(buf), "%a, %d %b %Y %T %z", &tm); +- may_fail(test, stream->write_all(stream, buf, strlen(buf))); +- snprintf(buf, sizeof(buf), "Server: strongSwan unit test\r\n"); +- may_fail(test, stream->write_all(stream, buf, strlen(buf))); +- +- /* rest of response headers */ +- snprintf(buf, sizeof(buf), "Content-Type: text/plain\r\n"); +- may_fail(test, stream->write_all(stream, buf, strlen(buf))); +- snprintf(buf, sizeof(buf), "Content-Length: %u\r\n", test->res_len); +- may_fail(test, stream->write_all(stream, buf, strlen(buf))); +- snprintf(buf, sizeof(buf), "Connection: close\r\n"); +- may_fail(test, stream->write_all(stream, buf, strlen(buf))); +- snprintf(buf, sizeof(buf), "\r\n"); +- may_fail(test, stream->write_all(stream, buf, strlen(buf))); +- +- /* response body */ +- may_fail(test, stream->write_all(stream, test->res, test->res_len)); +- return FALSE; +-} +- +-static test_service_t gtests[] = { +- { "GET", 1, "127.0.0.1", 6543, "/a/test/?b=c", NULL, +- NULL, 0, "\x12\x34", 2, 0 }, +- { "GET", 0, "localhost", 6543, "/", NULL, +- NULL, 0, NULL, 0, 0 }, +- { "GET", 0, "127.0.0.1", 6543, "/largefile", NULL, +- NULL, 0, large, sizeof(large), 0 }, +- { "GET", 1, "[::1]", 6543, "/ipv6-url", NULL, +- NULL, 0, "\x00\r\n\r\x00testdatablabla", 20, 0 }, +-}; +- +-START_TEST(test_get) +-{ +- stream_service_t *service; +- status_t status; +- chunk_t data, expected; +- char uri[256]; +- +- lib->processor->set_threads(lib->processor, 8); +- +- snprintf(uri, sizeof(uri), "tcp://%s:%u", gtests[_i].host, gtests[_i].port); +- service = lib->streams->create_service(lib->streams, uri, 1); +- ck_assert(service != NULL); +- service->on_accept(service, servicing, >ests[_i], JOB_PRIO_HIGH, 0); +- +- snprintf(uri, sizeof(uri), "http://%s:%u%s", +- gtests[_i].host, gtests[_i].port, gtests[_i].path); +- status = lib->fetcher->fetch(lib->fetcher, uri, &data, +- !gtests[_i].minor ? FETCH_HTTP_VERSION_1_0 : FETCH_END, +- FETCH_END); +- ck_assert_int_eq(status, SUCCESS); +- expected = chunk_create(gtests[_i].res, gtests[_i].res_len); +- ck_assert_msg(chunk_compare(expected, data) == 0, +- "exp %B\ngot %B\n", &expected, &data); +- free(data.ptr); +- +- service->destroy(service); +-} +-END_TEST +- +- +-static test_service_t ptests[] = { +- { "POST", 1, "127.0.0.1", 6543, "/a/test/?b=c", "application/binary", +- "\x23\x45", 2, "\x12\x34", 2, 0 }, +- { "POST", 0, "localhost", 6543, "/largefile", "application/x-large", +- large, sizeof(large), large, sizeof(large), 0 }, +- { "POST", 1, "[::1]", 6543, "/ipv6-url", "text/plain", +- "\x00\r\n\r\x00testdatablabla", 20, "\x00\r\n\r\x00testdatablabla", 20, 0 }, +-}; +- +-START_TEST(test_post) +-{ +- stream_service_t *service; +- status_t status; +- chunk_t data, expected; +- char uri[256]; +- +- lib->processor->set_threads(lib->processor, 8); +- +- snprintf(uri, sizeof(uri), "tcp://%s:%u", ptests[_i].host, ptests[_i].port); +- service = lib->streams->create_service(lib->streams, uri, 1); +- ck_assert(service != NULL); +- service->on_accept(service, servicing, &ptests[_i], JOB_PRIO_HIGH, 0); +- +- snprintf(uri, sizeof(uri), "http://%s:%u%s", +- ptests[_i].host, ptests[_i].port, ptests[_i].path); +- status = lib->fetcher->fetch(lib->fetcher, uri, &data, +- FETCH_REQUEST_TYPE, ptests[_i].type, +- FETCH_REQUEST_DATA, +- chunk_create(ptests[_i].req, ptests[_i].req_len), +- !ptests[_i].minor ? FETCH_HTTP_VERSION_1_0 : FETCH_END, +- FETCH_END); +- ck_assert_int_eq(status, SUCCESS); +- expected = chunk_create(ptests[_i].res, ptests[_i].res_len); +- ck_assert_msg(chunk_compare(expected, data) == 0, +- "exp %B\ngot %B\n", &expected, &data); +- free(data.ptr); +- +- service->destroy(service); +-} +-END_TEST +- +- +-static test_service_t rtests[] = { +- { "GET", 1, "localhost", 6544, "/", NULL, NULL, 0, NULL, 0, 200 }, +- { "GET", 1, "localhost", 6544, "/", NULL, NULL, 0, NULL, 0, 204 }, +- { "GET", 1, "localhost", 6544, "/", NULL, NULL, 0, NULL, 0, 400 }, +- { "GET", 1, "localhost", 6544, "/", NULL, NULL, 0, NULL, 0, 404 }, +- { "GET", 1, "localhost", 6544, "/", NULL, NULL, 0, NULL, 0, 500 }, +-}; +- +-START_TEST(test_response_code) +-{ +- stream_service_t *service; +- status_t status; +- chunk_t data = chunk_empty; +- char uri[256]; +- u_int code; +- +- lib->processor->set_threads(lib->processor, 8); +- +- snprintf(uri, sizeof(uri), "tcp://%s:%u", rtests[_i].host, rtests[_i].port); +- service = lib->streams->create_service(lib->streams, uri, 1); +- ck_assert(service != NULL); +- service->on_accept(service, servicing, &rtests[_i], JOB_PRIO_HIGH, 0); +- +- snprintf(uri, sizeof(uri), "http://%s:%u%s", +- rtests[_i].host, rtests[_i].port, rtests[_i].path); +- status = lib->fetcher->fetch(lib->fetcher, uri, &data, +- FETCH_RESPONSE_CODE, &code, FETCH_END); +- ck_assert_int_eq(status, HTTP_SUCCESS(rtests[_i].code) ? SUCCESS : FAILED); +- ck_assert_int_eq(code, rtests[_i].code); +- free(data.ptr); +- +- service->destroy(service); +-} +-END_TEST +- +-Suite *fetch_http_suite_create() +-{ +- Suite *s; +- TCase *tc; +- int no_ipv6 = 0; +- +- s = suite_create("http fetcher"); +- +- if (getenv("TESTS_NO_IPV6")) +- { +- no_ipv6 = 1; +- } +- +- tc = tcase_create("GET"); +- tcase_add_loop_test(tc, test_get, 0, countof(gtests) - no_ipv6); +- test_case_set_timeout(tc, 10); +- suite_add_tcase(s, tc); +- +- tc = tcase_create("POST"); +- tcase_add_loop_test(tc, test_post, 0, countof(ptests) - no_ipv6); +- test_case_set_timeout(tc, 10); +- suite_add_tcase(s, tc); +- +- tc = tcase_create("response code"); +- tcase_add_loop_test(tc, test_response_code, 0, countof(rtests)); +- test_case_set_timeout(tc, 10); +- suite_add_tcase(s, tc); +- +- return s; +-} +diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h +index 9ad712d53..cbabcd113 100644 +--- a/src/libstrongswan/tests/tests.h ++++ b/src/libstrongswan/tests/tests.h +@@ -60,7 +60,6 @@ TEST_SUITE(rng_tester_suite_create) + TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1) + TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256) + TEST_SUITE_DEPEND(prf_plus_suite_create, KDF, KDF_PRF_PLUS) +-TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://") + TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519) + TEST_SUITE_DEPEND(ed448_suite_create, PRIVKEY_GEN, KEY_ED448) + TEST_SUITE(signature_params_suite_create) diff --git a/srcpkgs/strongswan/patches/rm-test_stream.patch b/srcpkgs/strongswan/patches/rm-test_stream.patch new file mode 100644 index 00000000000..a99c5e10c7d --- /dev/null +++ b/srcpkgs/strongswan/patches/rm-test_stream.patch @@ -0,0 +1,303 @@ +--- a/src/libstrongswan/tests/Makefile.am ++++ b/src/libstrongswan/tests/Makefile.am +@@ -32,7 +32,6 @@ libstrongswan_tests_SOURCES = tests.h tests.c \ + suites/test_threading.c \ + suites/test_process.c \ + suites/test_watcher.c \ +- suites/test_stream.c \ + suites/test_utils.c \ + suites/test_settings.c \ + suites/test_vectors.c \ +diff --git a/src/libstrongswan/tests/suites/test_stream.c b/src/libstrongswan/tests/suites/test_stream.c +deleted file mode 100644 +index b3ee72ff3..000000000 +--- a/src/libstrongswan/tests/suites/test_stream.c ++++ /dev/null +@@ -1,275 +0,0 @@ +-/* +- * Copyright (C) 2013 Martin Willi +- * +- * Copyright (C) secunet Security Networks AG +- * +- * This program is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License as published by the +- * Free Software Foundation; either version 2 of the License, or (at your +- * option) any later version. See . +- * +- * This program is distributed in the hope that it will be useful, but +- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * for more details. +- */ +- +-#include "test_suite.h" +- +-#include +- +-static char* services[] = { +-#ifndef WIN32 +- "unix:///tmp/strongswan-test-service.sck", +-#endif +- "tcp://127.0.0.1:7766", +- "tcp://[::1]:7766", +-}; +- +-static char msg[] = "testmessage"; +-static int msglen = 12; +- +-static bool servicing(void *data, stream_t *stream) +-{ +- char buf[64]; +- ssize_t len, total; +- +- ck_assert(streq((char*)data, "test")); +- +- for (total = 0; total < msglen;) +- { +- len = stream->read(stream, buf, sizeof(buf), TRUE); +- ck_assert(len > 0); +- total += len; +- } +- for (total = 0; total < msglen;) +- { +- len = stream->write(stream, buf, len, TRUE); +- ck_assert(len > 0); +- total += len; +- } +- +- return FALSE; +-} +- +-START_TEST(test_sync) +-{ +- char buf[64]; +- stream_service_t *service; +- stream_t *stream; +- ssize_t len, total; +- +- lib->processor->set_threads(lib->processor, 8); +- +- service = lib->streams->create_service(lib->streams, services[_i], 1); +- ck_assert(service != NULL); +- service->on_accept(service, servicing, "test", JOB_PRIO_HIGH, 1); +- +- stream = lib->streams->connect(lib->streams, services[_i]); +- ck_assert(stream != NULL); +- for (total = 0; total < msglen;) +- { +- len = stream->write(stream, msg, msglen, TRUE); +- ck_assert(len > 0); +- total += len; +- } +- for (total = 0; total < msglen;) +- { +- len = stream->read(stream, buf, sizeof(buf), TRUE); +- ck_assert(len > 0); +- total += len; +- } +- ck_assert(streq(buf, msg)); +- stream->destroy(stream); +- +- service->destroy(service); +-} +-END_TEST +- +-static bool on_write(void *data, stream_t *stream) +-{ +- ssize_t len, total; +- +- ck_assert(streq((char*)data, "test-write")); +- for (total = 0; total < msglen;) +- { +- len = stream->write(stream, msg, msglen, TRUE); +- ck_assert(len > 0); +- total += len; +- } +- return FALSE; +-} +- +-static bool read_done = FALSE; +- +-static bool on_read(void *data, stream_t *stream) +-{ +- ssize_t len, total; +- char buf[64]; +- +- ck_assert(streq((char*)data, "test-read")); +- for (total = 0; total < msglen;) +- { +- len = stream->read(stream, buf, sizeof(buf), TRUE); +- ck_assert(len > 0); +- total += len; +- } +- ck_assert(streq(buf, msg)); +- read_done = TRUE; +- return FALSE; +-} +- +-START_TEST(test_async) +-{ +- stream_service_t *service; +- stream_t *stream; +- +- lib->processor->set_threads(lib->processor, 8); +- +- service = lib->streams->create_service(lib->streams, services[_i], 1); +- ck_assert(service != NULL); +- service->on_accept(service, servicing, "test", JOB_PRIO_HIGH, 0); +- +- stream = lib->streams->connect(lib->streams, services[_i]); +- ck_assert(stream != NULL); +- read_done = FALSE; +- stream->on_write(stream, (stream_cb_t)on_write, "test-write"); +- stream->on_read(stream, (stream_cb_t)on_read, "test-read"); +- +- while (!read_done) +- { +- usleep(1000); +- } +- stream->destroy(stream); +- +- service->destroy(service); +-} +-END_TEST +- +-static bool all(void *data, stream_t *stream) +-{ +- char buf[64], *pos; +- ssize_t len; +- int i; +- +- pos = buf; +- for (i = 0; i < msglen; i++) +- { +- len = stream->read(stream, pos, 1, TRUE); +- ck_assert_int_eq(len, 1); +- pos += len; +- } +- pos = buf; +- for (i = 0; i < msglen; i++) +- { +- len = stream->write(stream, pos, 1, TRUE); +- ck_assert_int_eq(len, 1); +- pos += len; +- } +- +- return FALSE; +-} +- +-START_TEST(test_all) +-{ +- char buf[64]; +- stream_service_t *service; +- stream_t *stream; +- +- lib->processor->set_threads(lib->processor, 8); +- +- service = lib->streams->create_service(lib->streams, services[_i], 1); +- ck_assert(service != NULL); +- service->on_accept(service, all, NULL, JOB_PRIO_HIGH, 1); +- +- stream = lib->streams->connect(lib->streams, services[_i]); +- ck_assert(stream != NULL); +- ck_assert(stream->write_all(stream, msg, msglen)); +- ck_assert(stream->read_all(stream, buf, msglen)); +- ck_assert(streq(buf, msg)); +- stream->destroy(stream); +- +- service->destroy(service); +-} +-END_TEST +- +-static bool concurrency(void *data, stream_t *stream) +-{ +- static refcount_t refs = 0; +- u_int current; +- ssize_t len; +- +- current = ref_get(&refs); +- ck_assert(current <= 3); +- len = stream->write(stream, "x", 1, TRUE); +- ck_assert_int_eq(len, 1); +- usleep(1000); +- ignore_result(ref_put(&refs)); +- +- return FALSE; +-} +- +-START_TEST(test_concurrency) +-{ +- stream_service_t *service; +- stream_t *streams[10]; +- ssize_t len; +- char x; +- int i; +- +- lib->processor->set_threads(lib->processor, 8); +- +- service = lib->streams->create_service(lib->streams, services[_i], 10); +- ck_assert(service != NULL); +- service->on_accept(service, concurrency, NULL, JOB_PRIO_HIGH, 3); +- +- for (i = 0; i < countof(streams); i++) +- { +- streams[i] = lib->streams->connect(lib->streams, services[_i]); +- ck_assert(streams[i] != NULL); +- } +- for (i = 0; i < countof(streams); i++) +- { +- len = streams[i]->read(streams[i], &x, 1, TRUE); +- ck_assert_int_eq(len, 1); +- ck_assert_int_eq(x, 'x'); +- } +- for (i = 0; i < countof(streams); i++) +- { +- streams[i]->destroy(streams[i]); +- } +- service->destroy(service); +-} +-END_TEST +- +-Suite *stream_suite_create() +-{ +- Suite *s; +- TCase *tc; +- int count = countof(services); +- +- if (getenv("TESTS_NO_IPV6")) +- { +- count--; +- } +- +- s = suite_create("stream"); +- +- tc = tcase_create("sync"); +- tcase_add_loop_test(tc, test_sync, 0, count); +- suite_add_tcase(s, tc); +- +- tc = tcase_create("async"); +- tcase_add_loop_test(tc, test_async, 0, count); +- suite_add_tcase(s, tc); +- +- tc = tcase_create("all"); +- tcase_add_loop_test(tc, test_all, 0, count); +- suite_add_tcase(s, tc); +- +- tc = tcase_create("concurrency"); +- tcase_add_loop_test(tc, test_concurrency, 0, count); +- suite_add_tcase(s, tc); +- +- return s; +-} +diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h +index cbabcd113..0a0e49caf 100644 +--- a/src/libstrongswan/tests/tests.h ++++ b/src/libstrongswan/tests/tests.h +@@ -29,7 +29,6 @@ TEST_SUITE(traffic_selector_suite_create) + TEST_SUITE(threading_suite_create) + TEST_SUITE(process_suite_create) + TEST_SUITE(watcher_suite_create) +-TEST_SUITE(stream_suite_create) + TEST_SUITE(utils_suite_create) + TEST_SUITE(settings_suite_create) + TEST_SUITE(vectors_suite_create) diff --git a/srcpkgs/strongswan/template b/srcpkgs/strongswan/template index 419273a8266..2fc91ce4097 100644 --- a/srcpkgs/strongswan/template +++ b/srcpkgs/strongswan/template @@ -1,40 +1,41 @@ # Template file for 'strongswan' pkgname=strongswan -version=5.9.14 +version=6.0.0 revision=1 build_style=gnu-configure # tpm support waits on libtss2 configure_args="--disable-static --enable-blowfish --enable-curl --enable-md4 - --enable-openssl --enable-eap-radius --enable-eap-mschapv2 --enable-eap-md5 + --enable-eap-radius --enable-eap-mschapv2 --enable-eap-md5 --enable-eap-identity --enable-eap-dynamic --enable-led --enable-ha --enable-dhcp - --enable-mediation --disable-soup --disable-des --enable-chapoly --enable-nm - --enable-pkcs11" -hostmakedepends="pkg-config flex bison python3" -makedepends="gmp-devel libldns-devel unbound-devel libcurl-devel - NetworkManager-devel openssl-devel" + --enable-mediation --disable-soup --enable-chapoly --enable-nm + --enable-pkcs11 --with-capabilities=libcap" +hostmakedepends="pkg-config automake flex bison python3" +makedepends="libldns-devel unbound-devel libcurl-devel + NetworkManager-devel openssl-devel libcap-devel" depends="iproute2 sqlite" -conf_files="/etc/*.conf /etc/strongswan.d/*.conf /etc/strongswan.d/charon/*.conf /etc/ipsec.secrets" +checkdepends="iana-etc" +conf_files="/etc/strongswan.conf /etc/strongswan.d/*.conf /etc/strongswan.d/charon/*.conf + /etc/swanctl/swanctl.conf" short_desc="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE" maintainer="Toyam Cox " license="GPL-2.0-or-later" homepage="https://www.strongswan.org/" changelog="https://raw.githubusercontent.com/strongswan/strongswan/master/NEWS" distfiles="https://download.strongswan.org/strongswan-${version}.tar.bz2" -checksum=728027ddda4cb34c67c4cec97d3ddb8c274edfbabdaeecf7e74693b54fc33678 -make_dirs="/etc/ipsec.d/ 0755 root root - /etc/ipsec.d/aacerts 0755 root root - /etc/ipsec.d/acerts 0755 root root - /etc/ipsec.d/cacerts 0755 root root - /etc/ipsec.d/oscpcerts 0755 root root - /etc/ipsec.d/certs 0755 root root - /etc/ipsec.d/crls 0755 root root - /etc/ipsec.d/reqs 0755 root root - /etc/ipsec.d/private 0750 root root" - -# CI checks are currently disabled due to a number of tests failing either as a -# result of GitHub Actions having a networking setup that is incompatible with -# them, or some other issue that is difficult to reproduce locally. -make_check=ci-skip +checksum=72fe58b7523155703b65b08c3cc559c2c9a5c96da54afebd8136f6623e7dda82 +make_dirs="/etc/swanctl/conf.d 0755 root root + /etc/swanctl/x509 0755 root root + /etc/swanctl/x509ca 0755 root root + /etc/swanctl/x509aa 0755 root root + /etc/swanctl/x509ocsp 0755 root root + /etc/swanctl/x509crl 0755 root root + /etc/swanctl/x509ac 0755 root root + /etc/swanctl/rsa 0750 root root + /etc/swanctl/ecdsa 0750 root root + /etc/swanctl/pkcs8 0750 root root + /etc/swanctl/pkcs12 0750 root root + /etc/swanctl/private 0750 root root + /etc/swanctl/pubkey 0755 root root" post_install() { vsv strongswan