Skip to content
GitLab
Hide whitespace changes
Inline Side-by-side
debian/openvpn.service
View file @ e1e1377b
......@@ -9,7 +9,6 @@ After=network.target
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true
WorkingDirectory=/etc/openvpn
[Install]
......
debian/openvpn@.service
View file @ e1e1377b
[Unit]
Description=OpenVPN connection to %i
PartOf=openvpn.service
ReloadPropagatedFrom=openvpn.service
Before=systemd-user-sessions.service
After=network-online.target
Wants=network-online.target
......@@ -16,7 +15,6 @@ WorkingDirectory=/etc/openvpn
ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid
PIDFile=/run/openvpn/%i.pid
KillMode=process
ExecReload=/bin/kill -HUP $MAINPID
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
LimitNPROC=100
DeviceAllow=/dev/null rw
......
debian/patches/auth-pam_libpam_so_filename.patch
View file @ e1e1377b
......@@ -6,7 +6,7 @@ Index: trunk/src/plugins/auth-pam/auth-pam.c
--- trunk.orig/src/plugins/auth-pam/auth-pam.c
+++ trunk/src/plugins/auth-pam/auth-pam.c
@@ -716,7 +716,7 @@ pam_server(int fd, const char *service,
struct user_pass up;
char ac_file_name[PATH_MAX];
int command;
#ifdef USE_PAM_DLOPEN
- static const char pam_so[] = "libpam.so";
......
debian/patches/debian_nogroup_for_sample_files.patch
View file @ e1e1377b
......@@ -23,32 +23,6 @@ Index: openvpn/sample/sample-config-files/tls-home.conf
# for extra security.
; user nobody
-; group nobody
+; group nogroup
# If you built OpenVPN with
# LZO compression, uncomment
Index: openvpn/sample/sample-config-files/static-home.conf
===================================================================
--- openvpn.orig/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100
+++ openvpn/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100
@@ -43,7 +43,7 @@
# "nobody" after initialization
# for extra security.
; user nobody
-; group nobody
+; group nogroup
# If you built OpenVPN with
# LZO compression, uncomment
Index: openvpn/sample/sample-config-files/static-office.conf
===================================================================
--- openvpn.orig/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100
+++ openvpn/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100
@@ -40,7 +40,7 @@
# "nobody" after initialization
# for extra security.
; user nobody
-; group nobody
+; group nogroup
# If you built OpenVPN with
......
debian/patches/fix-openssl-error.patch
View file @ e1e1377b
......@@ -19,13 +19,13 @@ situation (this also clears the stack).
src/openvpn/ssl_openssl.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 5955c6bd..555cbbdf 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx)
{
crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
Index: trunk/src/openvpn/ssl_openssl.c
===================================================================
--- trunk.orig/src/openvpn/ssl_openssl.c
+++ trunk/src/openvpn/ssl_openssl.c
@@ -120,6 +120,11 @@ tls_ctx_server_new(struct tls_root_ctx *
crypto_msg(M_WARN, "Warning: TLS server context initialisation "
"has warnings.");
}
+ if (ERR_peek_error() != 0)
+ {
......@@ -35,17 +35,15 @@ index 5955c6bd..555cbbdf 100644
}
void
@@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx)
{
crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
@@ -135,6 +140,11 @@ tls_ctx_client_new(struct tls_root_ctx *
}
+ if (ERR_peek_error() != 0)
+ {
if (ERR_peek_error() != 0)
{
+ crypto_msg(M_WARN, "Warning: TLS client context initialisation "
+ "has warnings.");
+ }
}
void
--
2.26.0
+ if (ERR_peek_error() != 0)
+ {
crypto_msg(M_WARN, "Warning: TLS client context initialisation "
"has warnings.");
}
debian/patches/kfreebsd_support.patch
View file @ e1e1377b
Description: Improve kFreeBSD support
Author: Gonéri Le Bouder <goneri@rulezlan.org>
Bug-Debian: http://bugs.debian.org/626062
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -1693,7 +1693,7 @@
Index: trunk/src/openvpn/route.c
===================================================================
--- trunk.orig/src/openvpn/route.c
+++ trunk/src/openvpn/route.c
@@ -1721,7 +1721,7 @@ add_route(struct route_ipv4 *r,
argv_msg(D_ROUTE, &argv);
status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed");
......@@ -12,7 +14,7 @@ Bug-Debian: http://bugs.debian.org/626062
argv_printf(&argv, "%s add",
ROUTE_PATH);
@@ -1879,7 +1879,7 @@
@@ -1914,7 +1914,7 @@ add_route_ipv6(struct route_ipv6 *r6, co
network = print_in6_addr( r6->network, 0, &gc);
gateway = print_in6_addr( r6->gateway, 0, &gc);
......@@ -21,7 +23,7 @@ Bug-Debian: http://bugs.debian.org/626062
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
|| defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
@@ -2047,7 +2047,7 @@
@@ -2073,7 +2073,7 @@ add_route_ipv6(struct route_ipv6 *r6, co
argv_msg(D_ROUTE, &argv);
status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
......@@ -30,7 +32,7 @@ Bug-Debian: http://bugs.debian.org/626062
argv_printf(&argv, "%s add -inet6 %s/%d",
ROUTE_PATH,
@@ -2239,7 +2239,7 @@
@@ -2268,7 +2268,7 @@ delete_route(struct route_ipv4 *r,
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed");
......@@ -39,16 +41,16 @@ Bug-Debian: http://bugs.debian.org/626062
argv_printf(&argv, "%s delete -net %s %s %s",
ROUTE_PATH,
@@ -2346,7 +2346,7 @@
network = print_in6_addr( r6->network, 0, &gc);
@@ -2385,7 +2385,7 @@ delete_route_ipv6(const struct route_ipv
gateway = print_in6_addr( r6->gateway, 0, &gc);
#endif
-#if defined(TARGET_DARWIN) \
+#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
|| defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
@@ -2481,7 +2481,7 @@
@@ -2503,7 +2503,7 @@ delete_route_ipv6(const struct route_ipv
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
......@@ -57,7 +59,7 @@ Bug-Debian: http://bugs.debian.org/626062
argv_printf(&argv, "%s delete -inet6 %s/%d",
ROUTE_PATH,
@@ -3532,7 +3532,8 @@
@@ -3405,7 +3405,8 @@ get_default_gateway_ipv6(struct route_ip
#elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
......@@ -67,9 +69,11 @@ Bug-Debian: http://bugs.debian.org/626062
#include <sys/types.h>
#include <sys/socket.h>
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -845,7 +845,7 @@
Index: trunk/src/openvpn/tun.c
===================================================================
--- trunk.orig/src/openvpn/tun.c
+++ trunk/src/openvpn/tun.c
@@ -972,7 +972,7 @@ delete_route_connected_v6_net(const stru
#endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */
#if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
......@@ -78,16 +82,16 @@ Bug-Debian: http://bugs.debian.org/626062
/* we can't use true subnet mode on tun on all platforms, as that
* conflicts with IPv6 (wants to use ND then, which we don't do),
* but the OSes want "a remote address that is different from ours"
@@ -1429,7 +1429,7 @@
add_route_connected_v6_net(tt, es);
}
@@ -1471,7 +1471,7 @@ do_ifconfig_ipv4(struct tuntap *tt, cons
add_route(&r, tt, 0, NULL, es, NULL);
}
-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
+#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
in_addr_t remote_end; /* for "virtual" subnet topology */
in_addr_t remote_end; /* for "virtual" subnet topology */
@@ -2785,7 +2785,7 @@
@@ -2798,7 +2798,7 @@ read_tun(struct tuntap *tt, uint8_t *buf
}
}
......@@ -96,9 +100,11 @@ Bug-Debian: http://bugs.debian.org/626062
static inline int
freebsd_modify_read_write_return(int len)
--- a/src/openvpn/lladdr.c
+++ b/src/openvpn/lladdr.c
@@ -50,7 +50,7 @@
Index: trunk/src/openvpn/lladdr.c
===================================================================
--- trunk.orig/src/openvpn/lladdr.c
+++ trunk/src/openvpn/lladdr.c
@@ -47,7 +47,7 @@ set_lladdr(openvpn_net_ctx_t *ctx, const
"%s %s lladdr %s",
IFCONFIG_PATH,
ifname, lladdr);
......@@ -107,9 +113,11 @@ Bug-Debian: http://bugs.debian.org/626062
argv_printf(&argv,
"%s %s ether %s",
IFCONFIG_PATH,
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -297,7 +297,7 @@
Index: trunk/src/openvpn/syshead.h
===================================================================
--- trunk.orig/src/openvpn/syshead.h
+++ trunk/src/openvpn/syshead.h
@@ -299,7 +299,7 @@
#endif /* TARGET_OPENBSD */
......@@ -118,9 +126,11 @@ Bug-Debian: http://bugs.debian.org/626062
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2270,7 +2270,7 @@
Index: trunk/src/openvpn/ssl.c
===================================================================
--- trunk.orig/src/openvpn/ssl.c
+++ trunk/src/openvpn/ssl.c
@@ -2229,7 +2229,7 @@ push_peer_info(struct buffer *buf, struc
buf_printf(&out, "IV_PLAT=mac\n");
#elif defined(TARGET_NETBSD)
buf_printf(&out, "IV_PLAT=netbsd\n");
......
debian/patches/match-manpage-and-command-help.patch
View file @ e1e1377b
......@@ -7,11 +7,11 @@ Subject: [PATCH] Change command help to match man page and implementation
src/openvpn/options.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: openvpn/src/openvpn/options.c
Index: trunk/src/openvpn/options.c
===================================================================
--- openvpn.orig/src/openvpn/options.c 2017-06-22 13:17:12.806680520 +0200
+++ openvpn/src/openvpn/options.c 2017-06-22 13:17:12.802680492 +0200
@@ -197,7 +197,7 @@
--- trunk.orig/src/openvpn/options.c
+++ trunk/src/openvpn/options.c
@@ -196,7 +196,7 @@ static const char usage_message[] =
" is established. Multiple routes can be specified.\n"
" netmask default: 255.255.255.255\n"
" gateway default: taken from --route-gateway or --ifconfig\n"
......
debian/patches/openvpn-pkcs11warn.patch
View file @ e1e1377b
......@@ -5,7 +5,7 @@ Index: trunk/src/openvpn/options.c
===================================================================
--- trunk.orig/src/openvpn/options.c
+++ trunk/src/openvpn/options.c
@@ -6824,6 +6824,20 @@ add_option(struct options *options,
@@ -7180,6 +7180,20 @@ add_option(struct options *options,
options->port_share_port = p[2];
options->port_share_journal_dir = p[3];
}
......
debian/patches/series
View file @ e1e1377b
move_log_dir.patch
auth-pam_libpam_so_filename.patch
debian_nogroup_for_sample_files.patch
#debian_nogroup_for_sample_files.patch
openvpn-pkcs11warn.patch
kfreebsd_support.patch
#kfreebsd_support.patch
match-manpage-and-command-help.patch
spelling_errors.patch
systemd.patch
fix-openssl-error.patch
debian/patches/spelling_errors.patch deleted 100644 → 0
View file @ e3856827
Description: correct tspelling errors
Author: Jörg Frings-Fürst <debian@jff.email>
Last-Update: 2018-07-29
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: trunk/src/openvpn/buffer.c
===================================================================
--- trunk.orig/src/openvpn/buffer.c
+++ trunk/src/openvpn/buffer.c
@@ -44,7 +44,7 @@ array_mult_safe(const size_t m1, const s
unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra;
if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit))
{
- msg(M_FATAL, "attemped allocation of excessively large array");
+ msg(M_FATAL, "attempted allocation of excessively large array");
}
return (size_t) res;
}
Index: trunk/src/openvpn/options.c
===================================================================
--- trunk.orig/src/openvpn/options.c
+++ trunk/src/openvpn/options.c
@@ -448,7 +448,7 @@ static const char usage_message[] =
" user/pass via environment, if method='via-file', pass\n"
" user/pass via temporary file.\n"
"--auth-gen-token [lifetime] Generate a random authentication token which is pushed\n"
- " to each client, replacing the password. Usefull when\n"
+ " to each client, replacing the password. Useful when\n"
" OTP based two-factor auth mechanisms are in use and\n"
" --reneg-* options are enabled. Optionally a lifetime in seconds\n"
" for generated tokens can be set.\n"
Index: trunk/doc/openvpn.8
===================================================================
--- trunk.orig/doc/openvpn.8
+++ trunk/doc/openvpn.8
@@ -2181,7 +2181,7 @@ that
is parsed on the command line even though
the daemonization point occurs later. If one of the
.B \-\-log
-options is present, it will supercede syslog
+options is present, it will supersede syslog
redirection.
The optional
@@ -2292,7 +2292,7 @@ If
already exists it will be truncated.
This option takes effect
immediately when it is parsed in the command line
-and will supercede syslog output if
+and will supersede syslog output if
.B \-\-daemon
or
.B \-\-inetd
debian/rules
View file @ e1e1377b
......@@ -5,8 +5,8 @@ ifeq ($(DEB_HOST_ARCH_OS), kfreebsd)
ENV_VARS := IFCONFIG=/sbin/ifconfig ROUTE=/lib/freebsd/route
EXTRA_ARGS :=
else
ENV_VARS := SYSTEMD_ASK_PASSWORD=/bin/systemd-ask-password IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route IPROUTE=/sbin/ip SYSTEMD_UNIT_DIR=/lib/systemd/system TMPFILES_DIR=/usr/lib/tmpfiles.d
EXTRA_ARGS := --enable-systemd --enable-iproute2
ENV_VARS := SYSTEMD_ASK_PASSWORD=/bin/systemd-ask-password SYSTEMD_UNIT_DIR=/lib/systemd/system TMPFILES_DIR=/usr/lib/tmpfiles.d
EXTRA_ARGS := --enable-systemd --enable-dco
endif
#export DH_VERBOSE=1
......
debian/tests/control 0 → 100644
View file @ e1e1377b
Tests: server-setup-with-ca
Depends: openvpn, easy-rsa
Restrictions: needs-root, isolation-machine
Tests: server-setup-with-static-key
Restrictions: needs-root, isolation-machine
debian/tests/server-setup-with-ca 0 → 100755
View file @ e1e1377b
#!/bin/bash
# ----------------------------------------------
# Test an OpenVPN server setup with CA
# ----------------------------------------------
set -e
CONFIG_DIR=/etc/openvpn
CA_DIR=easy-rsa
CA_VARS_FILE=vars
DEVICE=tun1
IP_NETWORK=10.9.8.0
NETWORK_MASK=255.255.255.0
LOG_FILE=$AUTOPKGTEST_TMP/openvpn.log
# Print information message to stdout
info() {
echo "[I] $1"
}
info "Create the CA directory inside the config directory"
cd $CONFIG_DIR
make-cadir $CA_DIR
cd $CA_DIR
info \
"Add some variables to the $CA_VARS_FILE to build the CA and keys in a non interactive mode"
cat << EOF >> $CA_VARS_FILE
set_var EASYRSA_REQ_COUNTRY "US"
set_var EASYRSA_REQ_PROVINCE "California"
set_var EASYRSA_REQ_CITY "San Francisco"
set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
set_var EASYRSA_REQ_EMAIL "me@example.net"
set_var EASYRSA_REQ_OU "My Organizational Unit"
set_var EASYRSA_BATCH "1"
EOF
info "Setup the CA and the server keys"
./easyrsa --batch init-pki
./easyrsa --batch build-ca nopass 2>/dev/null
./easyrsa --batch build-server-full server nopass 2>/dev/null
./easyrsa --batch gen-dh 2>/dev/null
info "Create the OpenVPN server config file"
cat << EOF > /etc/openvpn/server.conf
dev $DEVICE
server $IP_NETWORK $NETWORK_MASK
ca $CONFIG_DIR/$CA_DIR/pki/ca.crt
cert $CONFIG_DIR/$CA_DIR/pki/issued/server.crt
key $CONFIG_DIR/$CA_DIR/pki/private/server.key
dh $CONFIG_DIR/$CA_DIR/pki/dh.pem
EOF
info "Start an OpenVPN process in background and redirect its output to a file"
openvpn --config $CONFIG_DIR/server.conf --verb 6 > $LOG_FILE &
info "Give some time to start the process, check if the TUN device is opened"
count=1
until [ -f $LOG_FILE ] && cat $LOG_FILE | grep "TUN/TAP device $DEVICE opened"; do
[ $count -gt 9 ] && exit 5
count=$(expr $count + 1)
sleep 1
done
info "Check if the $DEVICE was created and if the state is UNKNOWN at this point"
ip address show $DEVICE | grep 'state UNKNOWN'
info "Check if OpenVPN is listening on port 1194 (default port)"
ss -lnptu | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}:1194.*users:\(\(\"openvpn\"'
info "Check if Diffie-Hellman was initialized"
cat $LOG_FILE | grep 'Diffie-Hellman initialized'
info "Check if the $DEVICE is linked"
cat $LOG_FILE | grep "net_iface_up: set $DEVICE up"
info "Check if the network route was correctly configured"
cat $LOG_FILE | grep "net_route_v4_add: $IP_NETWORK/24 via"
info "Check if the Initialization Sequence completed"
cat $LOG_FILE | grep 'Initialization Sequence Completed'
# Clean up: kill tha OpenVPN process, remove the $DEVICE created and CA dir
cleanup() {
pkill openvpn
rm -rf $CONFIG_DIR/$CA_DIR
}
trap cleanup INT TERM EXIT
debian/tests/server-setup-with-static-key 0 → 100755
View file @ e1e1377b
#!/bin/bash
# ----------------------------------------------
# Test an OpenVPN server setup with a static key
# ----------------------------------------------
set -e
CONFIG_DIR=/etc/openvpn
STATIC_KEY=static.key
DEVICE=tun0
IP_SERVER=10.9.8.1
IP_CLIENT=10.9.8.2
LOG_FILE=$AUTOPKGTEST_TMP/openvpn.log
# Print information message to stdout
info() {
echo "[I] $1"
}
info "Generate the static key inside the config directory"
cd $CONFIG_DIR
openvpn --genkey --secret $STATIC_KEY
info "Create the config file"
cat << EOF > $CONFIG_DIR/$DEVICE.conf
dev $DEVICE
ifconfig $IP_SERVER $IP_CLIENT
secret $CONFIG_DIR/$STATIC_KEY
EOF
info "Start an OpenVPN process in background and redirect its output to a file"
openvpn --config $CONFIG_DIR/$DEVICE.conf --verb 6 > $LOG_FILE &
info "Give some time to start the process, check if the TUN device is opened"
count=1
until [ -f $LOG_FILE ] && cat $LOG_FILE | grep "TUN/TAP device $DEVICE opened"; do
[ $count -gt 9 ] && exit 5
count=$(expr $count + 1)
sleep 1
done
info "Check if the $DEVICE was created and if the state is UNKNOWN at this point"
ip address show $DEVICE | grep 'state UNKNOWN'
info "Check if OpenVPN is listening on port 1194 (default port)"
ss -lnptu | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}:1194.*users:\(\(\"openvpn\"'
info "Check if the $STATIC_KEY is used by OpenVPN"
cat $LOG_FILE | grep "shared_secret_file = '$CONFIG_DIR/$STATIC_KEY'"
info "Check if the $DEVICE is linked"
cat $LOG_FILE | grep "net_iface_up: set $DEVICE up"
info "Check if the specified IP addresses were configured"
cat $LOG_FILE | grep "net_addr_ptp_v4_add: $IP_SERVER peer $IP_CLIENT dev tun0"
# Clean up: kill tha OpenVPN process, remove the $DEVICE created and $STATIC_KEY
cleanup() {
pkill openvpn
rm $CONFIG_DIR/$STATIC_KEY
}
trap cleanup INT TERM EXIT
depcomp deleted 100755 → 0
View file @ e3856827
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2018-03-07.03; # UTC
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
case $1 in
'')
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: depcomp [--help] [--version] PROGRAM [ARGS]
Run PROGRAMS ARGS to compile a file, generating dependencies
as side-effects.
Environment variables:
depmode Dependency tracking mode.
source Source file read by 'PROGRAMS ARGS'.
object Object file output by 'PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
tmpdepfile Temporary file to use when outputting dependencies.
libtool Whether libtool is used (yes/no).
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "depcomp $scriptversion"
exit $?
;;
esac
# Get the directory component of the given path, and save it in the
# global variables '$dir'. Note that this directory component will
# be either empty or ending with a '/' character. This is deliberate.
set_dir_from ()
{
case $1 in
*/*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
*) dir=;;
esac
}
# Get the suffix-stripped basename of the given path, and save it the
# global variable '$base'.
set_base_from ()
{
base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
}
# If no dependency file was actually created by the compiler invocation,
# we still have to create a dummy depfile, to avoid errors with the
# Makefile "include basename.Plo" scheme.
make_dummy_depfile ()
{
echo "#dummy" > "$depfile"
}
# Factor out some common post-processing of the generated depfile.
# Requires the auxiliary global variable '$tmpdepfile' to be set.
aix_post_process_depfile ()
{
# If the compiler actually managed to produce a dependency file,
# post-process it.
if test -f "$tmpdepfile"; then
# Each line is of the form 'foo.o: dependency.h'.
# Do two passes, one to just change these to
# $object: dependency.h
# and one to simply output
# dependency.h:
# which is needed to avoid the deleted-header problem.
{ sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
} > "$depfile"
rm -f "$tmpdepfile"
else
make_dummy_depfile
fi
}
# A tabulation character.
tab=' '
# A newline character.
nl='
'
# Character ranges might be problematic outside the C locale.
# These definitions help.
upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
lower=abcdefghijklmnopqrstuvwxyz
digits=0123456789
alpha=${upper}${lower}
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
fi
# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
depfile=${depfile-`echo "$object" |
sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
rm -f "$tmpdepfile"
# Avoid interferences from the environment.
gccflag= dashmflag=
# Some modes work just like other modes, but use different flags. We
# parameterize here, but still list the modes in the big case below,
# to make depend.m4 easier to write. Note that we *cannot* use a case
# here, because this file can only contain one case statement.
if test "$depmode" = hp; then
# HP compiler uses -M and no extra arg.
gccflag=-M
depmode=gcc
fi
if test "$depmode" = dashXmstdout; then
# This is just like dashmstdout with a different argument.
dashmflag=-xM
depmode=dashmstdout
fi
cygpath_u="cygpath -u -f -"
if test "$depmode" = msvcmsys; then
# This is just like msvisualcpp but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvisualcpp
fi
if test "$depmode" = msvc7msys; then
# This is just like msvc7 but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvc7
fi
if test "$depmode" = xlc; then
# IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
gccflag=-qmakedep=gcc,-MF
depmode=gcc
fi
case "$depmode" in
gcc3)
## gcc 3 implements dependency tracking that does exactly what
## we want. Yay! Note: for some reason libtool 1.4 doesn't like
## it if -MD -MP comes after the -MF stuff. Hmm.
## Unfortunately, FreeBSD c89 acceptance of flags depends upon
## the command line argument order; so add the flags where they
## appear in depend2.am. Note that the slowdown incurred here
## affects only configure: in makefiles, %FASTDEP% shortcuts this.
for arg
do
case $arg in
-c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
*) set fnord "$@" "$arg" ;;
esac
shift # fnord
shift # $arg
done
"$@"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
mv "$tmpdepfile" "$depfile"
;;
gcc)
## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
## (see the conditional assignment to $gccflag above).
## There are various ways to get dependency output from gcc. Here's
## why we pick this rather obscure method:
## - Don't want to use -MD because we'd like the dependencies to end
## up in a subdir. Having to rename by hand is ugly.
## (We might end up doing this anyway to support other compilers.)
## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
## -MM, not -M (despite what the docs say). Also, it might not be
## supported by the other compilers which use the 'gcc' depmode.
## - Using -M directly means running the compiler twice (even worse
## than renaming).
if test -z "$gccflag"; then
gccflag=-MD,
fi
"$@" -Wp,"$gccflag$tmpdepfile"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
# The second -e expression handles DOS-style file names with drive
# letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
## This next piece of magic avoids the "deleted header file" problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
## Some versions of gcc put a space before the ':'. On the theory
## that the space means something, we add a space to the output as
## well. hp depmode also adds that space, but also prefixes the VPATH
## to the object. Take care to not repeat it in the output.
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
sgi)
if test "$libtool" = yes; then
"$@" "-Wp,-MDupdate,$tmpdepfile"
else
"$@" -MDupdate "$tmpdepfile"
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
echo "$object : \\" > "$depfile"
# Clip off the initial element (the dependent). Don't try to be
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
# the IRIX cc adds comments like '#:fec' to the end of the
# dependency line.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
| tr "$nl" ' ' >> "$depfile"
echo >> "$depfile"
# The second pass generates a dummy entry for each header file.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> "$depfile"
else
make_dummy_depfile
fi
rm -f "$tmpdepfile"
;;
xlc)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
# current directory. Also, the AIX compiler puts '$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.u
tmpdepfile2=$base.u
tmpdepfile3=$dir.libs/$base.u
"$@" -Wc,-M
else
tmpdepfile1=$dir$base.u
tmpdepfile2=$dir$base.u
tmpdepfile3=$dir$base.u
"$@" -M
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
aix_post_process_depfile
;;
tcc)
# tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
# FIXME: That version still under development at the moment of writing.
# Make that this statement remains true also for stable, released
# versions.
# It will wrap lines (doesn't matter whether long or short) with a
# trailing '\', as in:
#
# foo.o : \
# foo.c \
# foo.h \
#
# It will put a trailing '\' even on the last line, and will use leading
# spaces rather than leading tabs (at least since its commit 0394caf7
# "Emit spaces for -MD").
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
# Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
# We have to change lines of the first kind to '$object: \'.
sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
# And for each line of the second kind, we have to emit a 'dep.h:'
# dummy dependency, to avoid the deleted-header problem.
sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
rm -f "$tmpdepfile"
;;
## The order of this option in the case statement is important, since the
## shell code in configure will try each of these formats in the order
## listed in this file. A plain '-MD' option would be understood by many
## compilers, so we must ensure this comes after the gcc and icc options.
pgcc)
# Portland's C compiler understands '-MD'.
# Will always output deps to 'file.d' where file is the root name of the
# source file under compilation, even if file resides in a subdirectory.
# The object file name does not affect the name of the '.d' file.
# pgcc 10.2 will output
# foo.o: sub/foo.c sub/foo.h
# and will wrap long lines using '\' :
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
set_dir_from "$object"
# Use the source, not the object, to determine the base name, since
# that's sadly what pgcc will do too.
set_base_from "$source"
tmpdepfile=$base.d
# For projects that build the same source file twice into different object
# files, the pgcc approach of using the *source* file root name can cause
# problems in parallel builds. Use a locking strategy to avoid stomping on
# the same $tmpdepfile.
lockdir=$base.d-lock
trap "
echo '$0: caught signal, cleaning up...' >&2
rmdir '$lockdir'
exit 1
" 1 2 13 15
numtries=100
i=$numtries
while test $i -gt 0; do
# mkdir is a portable test-and-set.
if mkdir "$lockdir" 2>/dev/null; then
# This process acquired the lock.
"$@" -MD
stat=$?
# Release the lock.
rmdir "$lockdir"
break
else
# If the lock is being held by a different process, wait
# until the winning process is done or we timeout.
while test -d "$lockdir" && test $i -gt 0; do
sleep 1
i=`expr $i - 1`
done
fi
i=`expr $i - 1`
done
trap - 1 2 13 15
if test $i -le 0; then
echo "$0: failed to acquire lock after $numtries attempts" >&2
echo "$0: check lockdir '$lockdir'" >&2
exit 1
fi
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
# Each line is of the form `foo.o: dependent.h',
# or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp2)
# The "hp" stanza above does not work with aCC (C++) and HP's ia64
# compilers, which have integrated preprocessors. The correct option
# to use with these is +Maked; it writes dependencies to a file named
# 'foo.d', which lands next to the object file, wherever that
# happens to be.
# Much of this is similar to the tru64 case; see comments there.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir.libs/$base.d
"$@" -Wc,+Maked
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
"$@" +Maked
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
do
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
# Add 'dependent.h:' lines.
sed -ne '2,${
s/^ *//
s/ \\*$//
s/$/:/
p
}' "$tmpdepfile" >> "$depfile"
else
make_dummy_depfile
fi
rm -f "$tmpdepfile" "$tmpdepfile2"
;;
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
# effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
# dependencies in 'foo.d' instead, so we check for that too.
# Subdirectories are respected.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
# Libtool generates 2 separate objects for the 2 libraries. These
# two compilations output dependencies in $dir.libs/$base.o.d and
# in $dir$base.o.d. We have to check for both files, because
# one of the two compilations can be disabled. We should prefer
# $dir$base.o.d over $dir.libs/$base.o.d because the latter is
# automatically cleaned when .libs/ is deleted, while ignoring
# the former would cause a distcleancheck panic.
tmpdepfile1=$dir$base.o.d # libtool 1.5
tmpdepfile2=$dir.libs/$base.o.d # Likewise.
tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504
"$@" -Wc,-MD
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
tmpdepfile3=$dir$base.d
"$@" -MD
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
# Same post-processing that is required for AIX mode.
aix_post_process_depfile
;;
msvc7)
if test "$libtool" = yes; then
showIncludes=-Wc,-showIncludes
else
showIncludes=-showIncludes
fi
"$@" $showIncludes > "$tmpdepfile"
stat=$?
grep -v '^Note: including file: ' "$tmpdepfile"
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
# The first sed program below extracts the file names and escapes
# backslashes for cygpath. The second sed program outputs the file
# name when reading, but also accumulates all include files in the
# hold buffer in order to output them again at the end. This only
# works with sed implementations that can handle large buffers.
sed < "$tmpdepfile" -n '
/^Note: including file: *\(.*\)/ {
s//\1/
s/\\/\\\\/g
p
}' | $cygpath_u | sort -u | sed -n '
s/ /\\ /g
s/\(.*\)/'"$tab"'\1 \\/p
s/.\(.*\) \\/\1:/
H
$ {
s/.*/'"$tab"'/
G
p
}' >> "$depfile"
echo >> "$depfile" # make sure the fragment doesn't end with a backslash
rm -f "$tmpdepfile"
;;
msvc7msys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
#nosideeffect)
# This comment above is used by automake to tell side-effect
# dependency tracking mechanisms from slower ones.
dashmstdout)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout, regardless of -o.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove '-o $object'.
IFS=" "
for arg
do
case $arg in
-o)
shift
;;
$object)
shift
;;
*)
set fnord "$@" "$arg"
shift # fnord
shift # $arg
;;
esac
done
test -z "$dashmflag" && dashmflag=-M
# Require at least two characters before searching for ':'
# in the target name. This is to cope with DOS-style filenames:
# a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
"$@" $dashmflag |
sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this sed invocation
# correctly. Breaking it into two sed invocations is a workaround.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
dashXmstdout)
# This case only exists to satisfy depend.m4. It is never actually
# run, as this mode is specially recognized in the preamble.
exit 1
;;
makedepend)
"$@" || exit $?
# Remove any Libtool call
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# X makedepend
shift
cleared=no eat=no
for arg
do
case $cleared in
no)
set ""; shift
cleared=yes ;;
esac
if test $eat = yes; then
eat=no
continue
fi
case "$arg" in
-D*|-I*)
set fnord "$@" "$arg"; shift ;;
# Strip any option that makedepend may not understand. Remove
# the object too, otherwise makedepend will parse it as a source file.
-arch)
eat=yes ;;
-*|$object)
;;
*)
set fnord "$@" "$arg"; shift ;;
esac
done
obj_suffix=`echo "$object" | sed 's/^.*\././'`
touch "$tmpdepfile"
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
rm -f "$depfile"
# makedepend may prepend the VPATH from the source file name to the object.
# No need to regex-escape $object, excess matching of '.' is harmless.
sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process the last invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed '1,2d' "$tmpdepfile" \
| tr ' ' "$nl" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile" "$tmpdepfile".bak
;;
cpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove '-o $object'.
IFS=" "
for arg
do
case $arg in
-o)
shift
;;
$object)
shift
;;
*)
set fnord "$@" "$arg"
shift # fnord
shift # $arg
;;
esac
done
"$@" -E \
| sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
| sed '$ s: \\$::' > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
cat < "$tmpdepfile" >> "$depfile"
sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
msvisualcpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
IFS=" "
for arg
do
case "$arg" in
-o)
shift
;;
$object)
shift
;;
"-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
set fnord "$@"
shift
shift
;;
*)
set fnord "$@" "$arg"
shift
shift
;;
esac
done
"$@" -E 2>/dev/null |
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
echo "$tab" >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;
msvcmsys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
none)
exec "$@"
;;
*)
echo "Unknown depmode $depmode" 1>&2
exit 1
;;
esac
exit 0
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
dev-tools/gen-release-tarballs.sh 0 → 100755
View file @ e1e1377b
#!/bin/sh
# gen-release-tarballs.sh - Generates release tarballs with signatures
#
# Copyright (C) 2017-2022 - David Sommerseth <davids@openvpn.net>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
set -u
if [ $# -ne 4 ]; then
echo "Usage: $0 <remote-name> <tag-name> <sign-key> <dest-dir>"
echo ""
echo " remote-name -- valid remotes: `git remote | tr \\\n ' '`"
echo " tag-name -- An existing release tag"
echo " sign-key -- PGP key used to sign all files"
echo " dest-dir -- Where to put the complete set of release tarballs"
echo ""
echo " Example: $0 origin v2.4.2 /tmp/openvpn-release"
echo
exit 1
fi
arg_remote_name="$1"
arg_tag_name="$2"
arg_sign_key="$3"
arg_dest_dir="$4"
#
# Sanity checks
#
# Check that the tag exists
git tag | grep "$arg_tag_name" 1>/dev/null
if [ $? -ne 0 ]; then
echo "** ERROR ** The tag '$arg_tag_name' does not exist"
exit 2
fi
# Extract the git URL
giturl="`git remote get-url $arg_remote_name 2>/dev/null`"
if [ $? -ne 0 ]; then
echo "** ERROR ** Invalid git remote name: $arg_remote_name"
exit 2
fi
# Check we have the needed signing key
echo "test" | gpg -a --clearsign -u "$arg_sign_key" 2>/dev/null 1>/dev/null
if [ $? -ne 0 ]; then
echo "** ERROR ** Failed when testing the PGP signing. Wrong signing key?"
exit 2;
fi
#
# Helper functions
#
get_filename()
{
local wildcard="$1"
res="`find . -maxdepth 1 -type f -name \"$wildcard\" | head -n1 | cut -d/ -f2-`"
if [ $? -ne 0 ]; then
echo "-- 'find' failed."
exit 5
fi
if [ -z "$res" ]; then
echo "-- Could not find a file with the wildcard: $wildcard"
exit 4
fi
echo "$res"
}
copy_files()
{
local fileext="$1"
local dest="$2"
file="`get_filename openvpn-*.*.*.$fileext`"
if [ -z "$file" ]; then
echo "** ERROR Failed to find source file"
exit 5
fi
echo "-- Copying $file"
cp "$file" "$dest"
if [ $? -ne 0 ]; then
echo "** ERROR ** Failed to copy $file to $destdir"
exit 3;
fi
}
sign_file()
{
local signkey="$1"
local srchfile="$2"
local signtype="$3"
local file="`get_filename $srchfile`"
echo "-- Signing $file ..."
case "$signtype" in
inline)
# Have the signature in the same file as the data
gpg -a --clearsign -u "$signkey" "$file" 2>/dev/null
res=$?
if [ $res -eq 0 ]; then
rm -f "$file"
fi
;;
detached)
# Have the signature in a separate file
gpg -a --detach-sign -u "$signkey" "$file" 2>/dev/null
res=$?
;;
*)
echo "** ERROR ** Unknown signing type \"$signtype\"."
exit 4;
esac
if [ $res -ne 0 ]; then
echo "** ERROR ** Failed to sign the file $PWD/$file"
exit 4;
fi
}
#
# Preparations
#
# Create the destination directory, using a sub-dir with the tag-name
destdir=""
case "$arg_dest_dir" in
/*) # Absolute path
destdir="$arg_dest_dir/$arg_tag_name"
;;
*) # Make absolute path from relative path
destdir="$PWD/$arg_dest_dir/$arg_tag_name"
;;
esac
echo "-- Destination directory: $destdir"
if [ -e "$destdir" ]; then
echo "** ERROR ** Destination directory already exists. "
echo " Please check your command line carefully."
exit 2
fi
mkdir -p "$destdir"
if [ $? -ne 0 ]; then
echo "** ERROR ** Failed to create destination directory"
exit 2
fi
#
# Start the release process
#
# Clone the remote repository
workdir="`mktemp -d -p /var/tmp openvpn-build-release-XXXXXX`"
cd $workdir
echo "-- Working directory: $workdir"
echo "-- git clone $giturl"
git clone $giturl openvpn-gen-tarball 2> "$workdir/git-clone.log" 1>&2
if [ $? -ne 0 ]; then
echo "** ERROR ** git clone failed. See $workdir/git-clone.log for details"
exit 3;
fi
cd openvpn-gen-tarball
# Check out the proper release tag
echo "-- Checking out tag $arg_tag_name ... "
git checkout -b mkrelease "$arg_tag_name" 2> "$workdir/git-checkout-tag.log" 1>&2
if [ $? -ne 0 ]; then
echo "** ERROR ** git checkout failed. See $workdir/git-checkout-tag.log for details"
exit 3;
fi
# Prepare the source tree
echo "-- Running autoreconf + a simple configure ... "
(autoreconf -vi && ./configure) 2> "$workdir/autotools-prep.log" 1>&2
if [ $? -ne 0 ]; then
echo "** ERROR ** Failed running autotools. See $workdir/autotools-prep.log for details"
exit 3;
fi
# Generate the tar/zip files
echo "-- Running make distcheck (generates .tar.gz) ... "
(make distcheck) 2> "$workdir/make-distcheck.log" 1>&2
if [ $? -ne 0 ]; then
echo "** ERROR ** make distcheck failed. See $workdir/make-distcheck.log for details"
exit 3;
fi
copy_files tar.gz "$destdir"
echo "-- Running make dist-xz (generates .tar.xz) ... "
(make dist-xz) 2> "$workdir/make-dist-xz.log" 1>&2
if [ $? -ne 0 ]; then
echo "** ERROR ** make dist-xz failed. See $workdir/make-dist-xz.log for details"
exit 3;
fi
copy_files tar.xz "$destdir"
echo "-- Running make dist-zip (generates .zip) ... "
(make dist-zip) 2> "$workdir/make-dist-zip.log" 1>&2
if [ $? -ne 0 ]; then
echo "** ERROR ** make dist-zip failed. See $workdir/make-dist-zip.log for details"
exit 3;
fi
copy_files zip "$destdir"
# Generate SHA256 checksums
cd "$destdir"
sha256sum openvpn-*.tar.{gz,xz} openvpn-*.zip > "openvpn-$arg_tag_name.sha256sum"
# Sign all the files
echo "-- Signing files ... "
sign_file "$arg_sign_key" "openvpn-$arg_tag_name.sha256sum" inline
sign_file "$arg_sign_key" "openvpn-*.tar.gz" detached
sign_file "$arg_sign_key" "openvpn-*.tar.xz" detached
sign_file "$arg_sign_key" "openvpn-*.zip" detached
# Create a tar-bundle with everything
echo "-- Creating final tarbundle with everything ..."
tar cf "openvpn-$arg_tag_name.tar" openvpn-*.{tar.gz,tar.xz,zip}{,.asc} openvpn-*.sha256sum.asc
echo "-- Cleaning up ..."
# Save the log files
mkdir -p "$destdir/logs"
mv $workdir/*.log "$destdir/logs"
# Finally, done!
rm -rf "$workdir"
echo "-- Done"
exit 0
dev-tools/git-pre-commit-uncrustify.sh 0 → 100755
View file @ e1e1377b
#!/bin/sh
# Copyright (c) 2015, David Martin
# 2022, Heiko Hund
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# git pre-commit hook that runs an Uncrustify stylecheck.
# Features:
# - abort commit when commit does not comply with the style guidelines
# - create a patch of the proposed style changes
#
# More info on Uncrustify: http://uncrustify.sourceforge.net/
# This file was taken from a set of unofficial pre-commit hooks available
# at https://github.com/ddddavidmartin/Pre-commit-hooks and modified to
# fit the openvpn project's needs
# exit on error
set -e
# If called so, install this script as pre-commit hook
if [ "$1" = "install" ] ; then
TARGET="$(git rev-parse --git-path hooks)/pre-commit"
if [ -e "$TARGET" ] ; then
printf "$TARGET file exists. Won't overwrite.\n"
printf "Aborting installation.\n"
exit 1
fi
read -p "Install as $TARGET? [y/N] " INPUT
[ "$INPUT" = "y" ] || exit 0
cp "$0" "$TARGET"
chmod +x $TARGET
exit 0
fi
# check whether the given file matches any of the set extensions
matches_extension() {
local filename="$(basename -- "$1")"
local extension=".${filename##*.}"
local ext
for ext in .c .h ; do [ "$ext" = "$extension" ] && return 0; done
return 1
}
# necessary check for initial commit
if git rev-parse --verify HEAD >/dev/null 2>&1 ; then
against=HEAD
else
# Initial commit: diff against an empty tree object
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
fi
UNCRUSTIFY=$(command -v uncrustify)
UNCRUST_CONFIG="$(git rev-parse --show-toplevel)/dev-tools/uncrustify.conf"
# make sure the config file and executable are correctly set
if [ ! -f "$UNCRUST_CONFIG" ] ; then
printf "Error: uncrustify config file not found.\n"
printf "Expected to find it at $UNCRUST_CONFIG.\n"
printf "Aborting commit.\n"
exit 1
fi
if [ -z "$UNCRUSTIFY" ] ; then
printf "Error: uncrustify executable not found.\n"
printf "Is it installed and in your \$PATH?\n"
printf "Aborting commit.\n"
exit 1
fi
# create a filename to store our generated patch
patch=$(mktemp /tmp/ovpn-fmt-XXXXXX)
# create one patch containing all changes to the files
# sed to remove quotes around the filename, if inserted by the system
# (done sometimes, if the filename contains special characters, like the quote itself)
git diff-index --cached --diff-filter=ACMR --name-only $against -- | \
sed -e 's/^"\(.*\)"$/\1/' | \
while read file
do
# ignore file if we do check for file extensions and the file
# does not match any of the extensions specified in $FILE_EXTS
if ! matches_extension "$file"; then
continue;
fi
# escape special characters in the source filename:
# - '\': backslash needs to be escaped
# - '*': used as matching string => '*' would mean expansion
# (curiously, '?' must not be escaped)
# - '[': used as matching string => '[' would mean start of set
# - '|': used as sed split char instead of '/', so it needs to be escaped
# in the filename
# printf %s particularly important if the filename contains the % character
file_escaped_source=$(printf "%s" "$file" | sed -e 's/[\*[|]/\\&/g')
# escape special characters in the target filename:
# phase 1 (characters escaped in the output diff):
# - '\': backslash needs to be escaped in the output diff
# - '"': quote needs to be escaped in the output diff if present inside
# of the filename, as it used to bracket the entire filename part
# phase 2 (characters escaped in the match replacement):
# - '\': backslash needs to be escaped again for sed itself
# (i.e. double escaping after phase 1)
# - '&': would expand to matched string
# - '|': used as sed split char instead of '/'
# printf %s particularly important if the filename contains the % character
file_escaped_target=$(printf "%s" "$file" | sed -e 's/[\"]/\\&/g' -e 's/[\&|]/\\&/g')
# uncrustify our sourcefile, create a patch with diff and append it to our $patch
# The sed call is necessary to transform the patch from
# --- $file timestamp
# +++ - timestamp
# to both lines working on the same file and having a a/ and b/ prefix.
# Else it can not be applied with 'git apply'.
"$UNCRUSTIFY" -q -c "$UNCRUST_CONFIG" -f "$file" | \
diff -u -- "$file" - | \
sed -e "1s|--- $file_escaped_source|--- \"a/$file_escaped_target\"|" -e "2s|+++ -|+++ \"b/$file_escaped_target\"|" >> "$patch"
done
# if no patch has been generated all is ok, clean up the file stub and exit
if [ ! -s "$patch" ] ; then
rm -f "$patch"
exit 0
fi
# a patch has been created, notify the user and exit
printf "Formatting of some code does not follow the project guidelines.\n"
if [ $(wc -l < $patch) -gt 80 ] ; then
printf "The file $patch contains the necessary fixes.\n"
else
printf "Here's the patch that fixes the formatting:\n\n"
cat $patch
fi
printf "\nYou can apply these changes with:\n git apply $patch\n"
printf "(from the root directory of the repository) and then commit again.\n"
printf "\nAborting commit.\n"
exit 1
dev-tools/reformat-all.sh 0 → 100755
View file @ e1e1377b
#!/bin/sh
# reformat-all.sh - Reformat all git files in the checked out
# git branch using uncrustify.
#
# Copyright (C) 2016-2022 - David Sommerseth <davids@openvpn.net>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
tstamp="$(date +%Y%m%d-%H%M%S)"
files="$(pwd)/reformat-all_files-$tstamp.lst"
log="$(pwd)/reformat-all_log-$tstamp.txt"
srcroot="$(git rev-parse --show-toplevel)"
cfg="$srcroot/dev-tools/uncrustify.conf"
specialfiles="$srcroot/dev-tools/special-files.lst"
export gitfiles=0
export procfiles=0
# Go to the root of the source tree
cd "$srcroot"
{
echo -n "** Starting $0: "
date
# Find all C source/header files
git ls-files | grep -E ".*\.[ch](\.in$|$)" > "${files}.git"
# Manage files which needs special treatment
awk -F\# '{gsub("\n| ", "", $1); print $1}' "$specialfiles" > "${files}.sp"
while read srcfile
do
res=$(grep "$srcfile" "${files}.sp" 2>/dev/null)
if [ $? -ne 0 ]; then
# If grep didn't find the file among special files,
# process it normally
echo "$srcfile" >> "$files"
else
mode=$(echo "$res" | cut -d: -f1)
case "$mode" in
E)
echo "** INFO ** Excluding '$srcfile'"
;;
P)
echo "** INFO ** Pre-patching '$srcfile'"
patchfile="${srcroot}"/dev-tools/reformat-patches/before_$(echo "$srcfile" | tr "/" "_").patch
if [ -r "$patchfile" ]; then
git apply "$patchfile"
if [ $? -ne 0 ]; then
echo "** ERROR ** Failed to apply pre-patch file: $patchfile"
exit 2
fi
else
echo "** WARN ** Pre-patch file for $srcfile is missing: $patchfile"
fi
echo "$srcfile" >> "${files}.postpatch"
echo "$srcfile" >> "$files"
;;
*)
echo "** WARN ** Unknown mode '$mode' for file '$srcfile'"
;;
esac
fi
done < "${files}.git"
rm -f "${files}.git" "${files}.sp"
# Kick off uncrustify
echo
echo "** INFO ** Running: uncrustify -c $cfg --no-backup -l C -F $files"
uncrustify -c "$cfg" --no-backup -l C -F "$files" 2>&1
res=$?
echo "** INFO ** Uncrustify completed (exit code $res)"
} | tee "${log}-1" # Log needs to be closed here, to be processed in next block
{
# Check the results
gitfiles=$(wc -l "$files" | cut -d\ -f1)
procfiles=$(grep "Parsing: " "${log}-1" | wc -l)
echo
echo "C source/header files checked into git: $gitfiles"
echo "Files processed by uncrustify: $procfiles"
echo
# Post-Patch files modified after we uncrustify have adjusted them
if [ -r "${files}.postpatch" ]; then
while read srcfile;
do
patchfile="${srcroot}"/dev-tools/reformat-patches/after_$(echo "$srcfile" | tr "/" "_").patch
if [ -r "$patchfile" ]; then
echo "** INFO ** Post-patching '$srcfile'"
git apply "$patchfile"
if [ $? -ne 0 ]; then
echo "** WARN ** Failed to apply $patchfile"
fi
else
echo "** WARN ** Post-patch file for $srcfile is missing: $patchfile"
fi
done < "${files}.postpatch"
rm -f "${files}.postpatch"
fi
} | tee "${log}-2" # Log needs to be closed here, to be processed in next block
cat "${log}-1" "${log}-2" > "$log"
{
ec=1
echo
if [ "$gitfiles" -eq "$procfiles" ]; then
echo "Reformatting completed successfully"
ec=0
else
last=$(tail -n1 "${log}-1")
echo "** ERROR ** Reformating failed to process all files."
echo " uncrustify exit code: $res"
echo " Last log line: $last"
echo
fi
rm -f "${log}-1" "${log}-2"
} | tee -a "$log"
rm -f "${files}"
exit $ec
dev-tools/special-files.lst 0 → 100644
View file @ e1e1377b
E:doc/doxygen/doc_key_generation.h # @verbatim section gets mistreated, exclude it
E:src/compat/compat-lz4.c # Preserve LZ4 upstream formatting
E:src/compat/compat-lz4.h # Preserve LZ4 upstream formatting
E:src/openvpn/ovpn_dco_linux.h # Preserve ovpn-dco upstream formatting
E:src/openvpn/ovpn-dco-win.h # Preserve ovpn-dco-win upstream formatting
dev-tools/uncrustify.conf 0 → 100644
View file @ e1e1377b
# Use Allman-style
indent_columns=4
indent_braces=false
indent_else_if=false
indent_switch_case=4
indent_label=1
nl_if_brace=add
nl_brace_else=add
nl_elseif_brace=add
nl_else_brace=add
nl_else_if=remove
nl_for_brace=add
nl_while_brace=add
nl_switch_brace=add
nl_fdef_brace=add
nl_do_brace=add
sp_func_proto_paren=Remove
sp_func_def_paren=Remove
sp_func_call_paren=Remove
sp_sizeof_paren=Remove
# No tabs, spaces only
indent_with_tabs=0
align_with_tabs=false
cmt_convert_tab_to_spaces=true
# Do not put spaces between the # and preprocessor statements
pp_space=remove
# Various whitespace fiddling
sp_assign=add
sp_before_sparen=add
sp_inside_sparen=remove
sp_cond_colon=add
sp_cond_question=add
sp_bool=add
sp_else_brace=add
sp_brace_else=add
pos_arith=Lead
pos_bool=Lead
nl_func_type_name=add
nl_before_case=true
nl_assign_leave_one_liners=true
nl_enum_leave_one_liners=true
nl_brace_fparen=add
nl_max=4
nl_after_func_proto=2
# Always use scoping braces for conditionals
mod_full_brace_if=add
mod_full_brace_if_chain=false
mod_full_brace_while=add
mod_full_brace_for=add
mod_full_brace_do=add
# Annotate #else and #endif statements
mod_add_long_ifdef_endif_comment=20
mod_add_long_ifdef_else_comment=5
# Misc cleanup
mod_remove_extra_semicolon=true
# leave blank at end of empty for() statements
sp_after_semi_for_empty=Add
# Use C-style comments (/* .. */)
cmt_c_nl_end=true
cmt_star_cont=true
cmt_cpp_to_c=true
# Use "char **a"-style pointer stars/dereferences
sp_before_ptr_star=Add
sp_between_ptr_star=Remove
sp_after_ptr_star=Remove
sp_before_byref=Add
sp_after_byref=Remove