Bug 188437 - New port: security/softether
Summary: New port: security/softether
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Kurt Jaeger
URL:
Keywords:
: 199195 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-04-10 18:40 UTC by net
Modified: 2016-04-27 11:43 UTC (History)
8 users (show)

See Also:


Attachments
file.shar (8.25 KB, text/plain)
2014-04-10 18:40 UTC, net
no flags Details
Output of make check-orphans, make package, make install, make deinstall, pkg add, make package (3.42 KB, text/plain)
2014-08-08 08:43 UTC, T. S.
no flags Details
Output of: env DEVELOPER=yes make stage >&! other_logs && make check-plist >>&! other_logs && make package >>&! other_logs (119.06 KB, text/plain)
2014-08-08 08:44 UTC, T. S.
no flags Details
Updated port - newer version, stage (8.14 KB, text/plain)
2014-08-08 08:46 UTC, T. S.
no flags Details
Directory patch (14.96 KB, patch)
2014-09-09 14:12 UTC, T. S.
no flags Details | Diff
Updated port (4.87 KB, application/x-gtar-compressed)
2015-04-14 17:15 UTC, net
no flags Details
Update to version 4.18.9570 (4.85 KB, application/gzip)
2015-09-01 08:56 UTC, net
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description net 2014-04-10 18:40:00 UTC
New port for SoftEther VPN. An OpenSource multi-protocol and multi-platform VPN client server solution. The port includes the configuration tool (vpncmd), the server component and the client component.

Fix: Patch attached with submission follows:
Comment 1 John Marino freebsd_committer 2014-08-07 15:32:48 UTC
Hi, if you are still interested in having this port in FreeBSD, it may (or may not) need to be reworked to support stage, and it may need updating to other newer conventions such as "USES" which is expanding all time.
For staging, see http://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-May/000080.html


Additionally, you need to provide some sort of quality assurance.    
In order of preference, we are looking for:

1) "poudriere testport" or "poudriere bulk -t" logs
2) Redports or tinderbox logs
3) at least this: https://www.freebsd.org/doc/en/books/porters-handbook/porting-testing.html

Please provide an updated shar file and attach a test log.  Alternatively, please indicate if you are no longer interested in having this software in the Ports Collection and that we can close the PR.

Thanks!
Comment 2 T. S. 2014-08-08 08:43:40 UTC
Created attachment 145509 [details]
Output of make check-orphans, make package, make install, make deinstall, pkg add, make package
Comment 3 T. S. 2014-08-08 08:44:18 UTC
Created attachment 145510 [details]
Output of: env DEVELOPER=yes make stage >&! other_logs && make check-plist >>&! other_logs && make package >>&! other_logs
Comment 4 T. S. 2014-08-08 08:46:33 UTC
Created attachment 145511 [details]
Updated port - newer version, stage
Comment 5 T. S. 2014-08-08 08:47:11 UTC
See the 3 new attachments. Wish such quality assurance would be required for other parts of FreeBSD
Comment 6 John Marino freebsd_committer 2014-08-08 08:51:16 UTC
Okay, this is good. The only thing that wasn't tested is dependencies and file system violations (you need poudriere for that) but let's be optimistic and move this to patch-ready.
Comment 7 T. S. 2014-08-08 08:58:15 UTC
Well - thing is - once started Softether puts binary files (configurations, data files) into the same directory where the binaries are put.
So placing the commands into ${prefix}/bin isn't a good option, there other files then binaries shouldn't be placed.
So libexec/softether is maybe a possible location, though putting everything in /var/softether (or somewhere) else isn't maybe an option too.
That's the way Softether works and without going deep into the source it can't be changed.
So installing it, using it for some time, then removing it will leave files back in libexec/softether - or somewhere else where the binaries are put.
If there's some standard where to put binaries, data files and configurations - when being unable to split everything into sbin, etc, share, ... I can change the port easily and modify the wrappers that get installed.
Comment 8 John Marino freebsd_committer 2014-08-08 09:05:18 UTC
(In reply to T. S. from comment #7)
> Well - thing is - once started Softether puts binary files (configurations,
> data files) into the same directory where the binaries are put.

That's unfortunate.  That's not allowed.


> So placing the commands into ${prefix}/bin isn't a good option, there other
> files then binaries shouldn't be placed.
> So libexec/softether is maybe a possible location, though putting everything
> in /var/softether (or somewhere) else isn't maybe an option too.

libexec isn't allowed either.
The s/w can create all the files it wants in /var/softether but it can't but the binary there.


> That's the way Softether works and without going deep into the source it
> can't be changed.
> So installing it, using it for some time, then removing it will leave files
> back in libexec/softether - or somewhere else where the binaries are put.

I think you are going to have to change this.  /usr/local could be mounted ready only.  Any program that doesn't work on such a mount is considered broken, and definitely it can't litter in /usr/local  (exception is /usr/local/etc)


> If there's some standard where to put binaries, data files and
> configurations - when being unable to split everything into sbin, etc,
> share, ... I can change the port easily and modify the wrappers that get
> installed.

binaries: /usr/local/bin and /usr/local/libexec
data: /usr/local/share/$PORTNAME/ usually
config: /usr/local/etc/

Do you want to take this back and work on it some more?  Thank you for telling us about this issue up front.
Comment 9 John Marino freebsd_committer 2014-08-08 09:06:44 UTC
(In reply to John Marino from comment #8)
> data: /usr/local/share/$PORTNAME/ usually

Oh you mean user data.
That would be $HOME or /var/ether I think.
Comment 10 T. S. 2014-08-08 09:13:15 UTC
Well - I'm aware it's not really nice to put everything into one directory, though the situation is that the binaries write data files into the same directory where the binaries are put - it's coded this way.
/home/softether isn't the place, in my opinion, where server software should be put, /var/softether (or some kind of sub-directory) too.

For now - please put this on hold - will see if the authors of the software can modify it in some way that data files, dynamic configuration etc. are placed where they should belong.
Comment 11 John Marino freebsd_committer 2014-08-08 09:25:01 UTC
(In reply to T. S. from comment #10)
> Well - I'm aware it's not really nice to put everything into one directory,
> though the situation is that the binaries write data files into the same
> directory where the binaries are put - it's coded this way.
> /home/softether isn't the place, in my opinion, where server software should
> be put, /var/softether (or some kind of sub-directory) too.

Maybe this hack would be alright:
1) install softether not in /usr/local/bin and not executable
2) Make an executable script that copies (if it doesn't exist) softether to $HOME directory, make it executable, and run it there.

your script just has to known where to only execute or copy then execute first.
At least this would be legal.


> For now - please put this on hold - will see if the authors of the software
> can modify it in some way that data files, dynamic configuration etc. are
> placed where they should belong.

This sounds like a good idea.  I don't know any package system that would tolerate this, so it's surprising that it's set up this way.
Comment 12 T. S. 2014-08-08 09:36:32 UTC
I wrote the authors already an email - because there's a CentOS spec file and a Debian directory included in the source this might affect the Linux version in a positive way as well.
From both the CentOS and Debian files I don't see any patching, things are put into /usr/vpnbridge, /usr/vpnserver etc. - still also Linux allows to mount /usr as read-only or via NFS (of course SystemD might think different ;) ).
So for now - maybe putting this on-hold until the authors replied back that doesn't require any FreeBSD specific patching (and maybe breaking something unintended).
Comment 13 John Marino freebsd_committer 2014-08-08 09:42:12 UTC
i already moved it back to "open" status which can be used for "on hold".  It's fine, just comment on this PR when you want to change the state.
Comment 14 Chris Rees freebsd_committer 2014-08-27 09:04:22 UTC
(In reply to T. S. from comment #10)
> Well - I'm aware it's not really nice to put everything into one directory,
> though the situation is that the binaries write data files into the same
> directory where the binaries are put - it's coded this way.
> /home/softether isn't the place, in my opinion, where server software should
> be put, /var/softether (or some kind of sub-directory) too.
> 
> For now - please put this on hold - will see if the authors of the software
> can modify it in some way that data files, dynamic configuration etc. are
> placed where they should belong.

Take a look at:

http://www.bayofrum.net/cgi-bin/fossil/softether/ci/95da163d4b5766e0531e468353ea8ee1448f57b5?sbs=0

This fixes several issues, and hopefully catches all of the opening files.

Otherwise, another thing to do is to change working directory to /var/db/softether.. but I don't think this'd work.

Please give it a try and let me know.
Comment 15 T. S. 2014-09-09 14:12:02 UTC
Created attachment 147112 [details]
Directory patch

Hello,

after some try & error and modifying several files the attached patch should be it and modify the source / headers files that everything points to /var/db/softether while the binaries are in ${PREFIX}/libexec/softether

The proposed link modifies also Windows-only files (e.g. winpcap) that this patch won't touch.

Though - still untested - remote administration from a Windows machine. Once a VM is setup, I'll do this the next days to check if everything really gets placed into /var/db/softether.

The patch may not be really nice by hard-coding the var/db directory, still it introduces some kind of separation between data and binary files.
Comment 16 John Marino freebsd_committer 2014-10-05 21:24:47 UTC
(In reply to T. S. from comment #15)
> The patch may not be really nice by hard-coding the var/db directory, still
> it introduces some kind of separation between data and binary files.

I think hardcoding to /var/db is okay.
Did you run this through poudriere, by any chance?
Comment 17 c_dornig 2015-03-10 17:26:47 UTC
Hi *,

Are the port already done ?
I could help to test the port ?

Regards,
Cliff
Comment 18 c_dornig 2015-03-16 17:31:56 UTC
Short update.


For FreeBSD 10 and maybe later versions, the ports need to build with converters/libiconv instead of the base iconv:

I added:

BUILD_DEPENDS=   libiconv>=1.14:${PORTSDIR}/converters/libiconv

With base iconv, the compile failed with message:

/usr/bin/ld:  cannot found -liconv



Regards,
C.
Comment 19 takumiiinn 2015-04-14 15:11:49 UTC
*** Bug 199195 has been marked as a duplicate of this bug. ***
Comment 20 net 2015-04-14 17:15:52 UTC
Created attachment 155592 [details]
Updated port

Hello,

thanks to everyone involved in testing and giving feedback, the port should be ready.
The "softether.tgz" is an updated attachment to the newest version, as well as updated to patches to manually let it use /var/db/softether for storing data files.
Tested under:

10.1 i386 / amd64
9.4 i386 / amd64

Running as client, server and bridge with Linux / Windows clients. Additionally tested the ability to remote-configure the server from a Windows client.

The patch looks good so far so if there's nothing else, it might be open for the good of the public.

Port builds fine with the usual "make && make install && make package".

Portlint report:

---- BEGIN HERE ----
WARN: Makefile: [61]: do not use muted INSTALL_foo commands (i.e., those that start with '@').  These should be printed.
WARN: Makefile: "BUILD_DEPENDS" has to appear earlier.
WARN: /usr/src/ports/security/softether/files/patch-src__Cedar__Cedar.h: [4]: patch contains ^M characters. Consider defining USES=dos2unix to remove DOS line endings from source files.
WARN: /usr/src/ports/security/softether/files/patch-src__Cedar__Client.h: [4]: patch contains ^M characters. Consider defining USES=dos2unix to remove DOS line endings from source files.
WARN: /usr/src/ports/security/softether/files/patch-src__Cedar__Nat.h: [4]: patch contains ^M characters. Consider defining USES=dos2unix to remove DOS line endings from source files.
WARN: /usr/src/ports/security/softether/files/patch-src__Cedar__Server.c: [4]: patch contains ^M characters. Consider defining USES=dos2unix to remove DOS line endings from source files.
WARN: /usr/src/ports/security/softether/files/patch-src__Mayaqua__Cfg.c: [4]: patch contains ^M characters. Consider defining USES=dos2unix to remove DOS line endings from source files.
WARN: /usr/src/ports/security/softether/files/patch-src__Mayaqua__Cfg.h: [4]: patch contains ^M characters. Consider defining USES=dos2unix to remove DOS line endings from source files.
WARN: /usr/src/ports/security/softether/files/patch-src__Mayaqua__Kernel.c: [4]: patch contains ^M characters. Consider defining USES=dos2unix to remove DOS line endings from source files.
WARN: /usr/src/ports/security/softether/files/patch-src__Mayaqua__Table.h: [4]: patch contains ^M characters. Consider defining USES=dos2unix to remove DOS line endings from source files.
WARN: /usr/src/ports/security/softether/files/patch-src__Mayaqua__Unix.c: [4]: patch contains ^M characters. Consider defining USES=dos2unix to remove DOS line endings from source files.
0 fatal errors and 11 warnings found.
---- END HERE ----

The warnings from the files directory are ok, the patches are applied at DOS line ending files, being later converted.
Comment 21 net 2015-04-14 17:17:25 UTC
Meant of course 9.3 instead of 9.4 for the comment above - sry for the typo.
Comment 22 c_dornig 2015-06-30 16:24:54 UTC
Hi *,


Any news about when this port will be commited ?


Regards,
C.
Comment 23 net 2015-09-01 08:56:32 UTC
Created attachment 160582 [details]
Update to version 4.18.9570

Hi,

an update to the newest version (4.18.9570) has been attached. Tested with 9.3 and 10.2 (i386 and amd64).
Comment 24 Kurt Jaeger freebsd_committer 2015-09-01 15:40:46 UTC
Testing@work
Comment 25 commit-hook freebsd_committer 2015-09-01 16:31:20 UTC
A commit references this bug:

Author: pi
Date: Tue Sep  1 16:30:34 UTC 2015
New revision: 395779
URL: https://svnweb.freebsd.org/changeset/ports/395779

Log:
  New port: security/softether

  SoftEther VPN ("SoftEther" means "Software Ethernet") is a powerful,
  multi-OS and easy-to-use multi-protocol VPN software. It supports
  SSL-VPN (HTTPS), as well as OpenVPN, IPsec, L2TP, MS-SSTP, L2TPv3
  and EtherIP tunneling protocols and has a clone function to support
  OpenVPN clients.

  WWW: http://www.softether.org

  PR:		188437
  Submitted by:	net@arrishq.net
  Reviewed by:	marino

Changes:
  head/security/Makefile
  head/security/softether/
  head/security/softether/Makefile
  head/security/softether/distinfo
  head/security/softether/files/
  head/security/softether/files/patch-src__Cedar__Cedar.h
  head/security/softether/files/patch-src__Cedar__Client.h
  head/security/softether/files/patch-src__Cedar__Nat.h
  head/security/softether/files/patch-src__Cedar__Server.c
  head/security/softether/files/patch-src__Mayaqua__Cfg.c
  head/security/softether/files/patch-src__Mayaqua__Cfg.h
  head/security/softether/files/patch-src__Mayaqua__Kernel.c
  head/security/softether/files/patch-src__Mayaqua__Table.h
  head/security/softether/files/patch-src__Mayaqua__Unix.c
  head/security/softether/files/softether_bridge.in
  head/security/softether/files/softether_client.in
  head/security/softether/files/softether_server.in
  head/security/softether/files/vpncmd.in
  head/security/softether/pkg-descr
  head/security/softether/pkg-message
  head/security/softether/pkg-plist
Comment 26 Kurt Jaeger freebsd_committer 2015-09-01 16:34:07 UTC
Build-tested on current-amd64, 10.2-amd64, 9.3-amd64, 10.2-i386.

Committed, thanks for your patience!

As this port has complex features, I would like to see run-test-reports and
success reports against several clients 8-}

Maybe my colleague will have the opportunity to test it against android/iphone.
Comment 27 Roman 2016-01-04 06:41:46 UTC
Please Help

VPN Client>niccreat
NicCreate command - Create New Virtual Network Adapter
Virtual Network Adapter Name: vpn

Error occurred. (Error code: 31)
Installation of the Virtual Network Adapter device driver failed.
VPN Client>

FreeBSD 10.2
Comment 28 Bartek Rutkowski freebsd_committer 2016-04-27 11:43:17 UTC
Seems like this is already completed and there's no action on it for a while, so I'm closing this PR.