Bug 130893

Summary: security/openvpn: add ability to use LOG_OPENVPN for openvpn sysloging
Product: Ports & Packages Reporter: Michael Scheidell <scheidell>
Component: Individual Port(s)Assignee: Beech Rintoul <beech>
Status: Closed FIXED    
Severity: Affects Only Me CC: matthias.andree
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff
none
file.diff
none
openvpn.patch
none
openvpn-devel.patch none

Description Michael Scheidell 2009-01-22 16:20:01 UTC 
this is something that will enhance the diagnostics of openvpn, is 100% 
upward compatible with old versions, and won't break anything.
(as the p5-Mail-SpamAssassin maintainer, I get lots of requests like 
this, but this one has been tested and really will help)
I always look at the patch, and see if it will break something (and thus 
cause more support issues), if the patch is something supported by the 
original software (it is)

and I really hate it when they say is broke and I dont get any patches.

openvpn has the ability to set logging facility to something other then 
the default, but its not a .conf or command line option, it is a compile 
option.

during compile, CFLAGS needs to have LOG_OPENVPN=  and the log facility 
in order for it to work.

make LOG_OPENVPN=LOG_LOCAL6 doesn't do anything (yet), putting 

LOG_OPENVPN=LOG_LOCAL6 in /etc/make.conf doesn't do anything (yet), but 
with this patch, first for openvpn, then for openvpn-devel, the system 
administrator or maintainer can either put LOG_OPENVPN= and facility in 
the make.conf, pkg_tooks.conf or on the command line as:
make LOG_OPENVPN=LOG_LOCAL6 and CFLAGS will be set and openvpn will log 
to log facility of your choice.

Fix: no need to bump version, if user has openvpn installed and working, this 
doesn't enhance anything, and will still require CLI or make.conf or 
pkg_conf stuff.

I have tested (with this patch)
make LOG_OPENVPN=LOG_LOCAL6

echo "LOG_OPENVPN=LOG_LOCAL6" >> /etc/make.conf

and with pkg_tools.conf

for openvpn patch: (you could bump to 2.09 to quiet the helpful folks..)
This doesn't, just addresses the log facility

cd /usr/ports/security/openvpn

now for openvpn-devel:

 diff -bBru /tmp/Makefile Makefile 
How-To-Repeat: make LOG_OPENVPN=LOG_LOCAL6

watch compile, it never sets the variable LOG_OPENVPN.
with patch it will:

gcc -O2 -Wall -fPIC -shared -Wl,-soname,openvpn-down-root.so -o 
openvpn-down-root.so down-root.o -lc
cd 
/usr/ports/security/openvpn-devel/work/openvpn-2.1_rc15/plugin/auth-pam 
&& cc  -I../.. -DDLOPEN_PAM=0 -O2 -fno-strict-aliasing -pipe 
-march=pentium4 -DLOG_OPENVPN=LOG_LOCAL6 -fPIC -shared 
-Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.c 
pamdl.c -lc -lpam

I tried to submit it to openvpn themselves, and they didn't seem to 
understand that freebsd make file wasn't passing the env variable anyway 
;-)

http://openvpn.net/archive/openvpn-users/2005-08/msg00317.html
this patch below is better.
Comment 1 Beech Rintoul freebsd_committer freebsd_triage 2009-01-23 11:07:35 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->beech

I'll take it
Comment 2 Beech Rintoul freebsd_committer freebsd_triage 2009-01-23 11:23:28 UTC 
State Changed
From-To: open->feedback

Submitter not maintainer
Comment 3 Beech Rintoul freebsd_committer freebsd_triage 2009-01-23 11:30:07 UTC 
Maintainer of security/openvpn,

Please note that PR ports/130893 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and I will take care of it.

The full text of the PR can be found at:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/130893
-- 
---------------------------------------------------------------------------------------
Beech Rintoul - FreeBSD Developer - beech@FreeBSD.org
/"\   ASCII Ribbon Campaign  | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail   | http://people.freebsd.org/~beech
 X  - NO Word docs in e-mail | Skype: akbeech
/ \  - http://www.FreeBSD.org/releases/7.1R/announce.html
---------------------------------------------------------------------------------------
Comment 4 Matthias Andree 2009-01-24 20:25:45 UTC 
On Fri, 23 Jan 2009, Beech Rintoul wrote:

> Maintainer of security/openvpn,
> 
> Please note that PR ports/130893 has just been submitted.
> 
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and I will take care of it.

Hi Beech,

Please use the attached patches instead.

Hi Michael,

thanks for your patches!

Best regards

-- 
Matthias Andree
Comment 5 dfilter service freebsd_committer freebsd_triage 2009-01-25 08:11:12 UTC 
beech       2009-01-25 08:10:59 UTC

  FreeBSD ports repository

  Modified files:
    security/openvpn     Makefile 
    security/openvpn-devel Makefile 
  Log:
  - Add logging knob
  
  PR:             ports/130893
  Submitted by:   Michael Scheidell <scheidell@secnap.net>
  Approved by:    Matthias Andree <matthias.andree@gmx.de> (maintainer)
  
  Revision  Changes    Path
  1.46      +16 -0     ports/security/openvpn-devel/Makefile
  1.39      +16 -0     ports/security/openvpn/Makefile
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 6 Beech Rintoul freebsd_committer freebsd_triage 2009-01-25 08:11:23 UTC 
State Changed
From-To: feedback->closed

Committed, Thanks!