Imported Upstream version 5.5.0

13 files changed, 236 insertions, 55 deletions

diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage
index d9500cb35..1264bd7ee 100755
--- a/testing/scripts/build-baseimage
+++ b/testing/scripts/build-baseimage
@@ -12,16 +12,27 @@ running_any $STRONGSWANHOSTS && die "Please stop test environment before running
 check_commands debootstrap mkfs.ext3 partprobe qemu-img qemu-nbd sfdisk
 
 # package includes/excludes
-INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext
+INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext,less
 INC=$INC,build-essential,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool
 INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc
-INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libxerces-c2-dev,libltdl-dev
-INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core,iperf
-INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,screen
-INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev,htop
-INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev,ca-certificates,unzip
-INC=$INC,python,python-setuptools,python-dev,python-pip
+INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,liblog4cxx10-dev
+INC=$INC,libboost-thread-dev,libboost-system-dev,git-core,iperf,htop,screen
+INC=$INC,gnat,gprbuild,acpid,acpi-support-base,libldns-dev,libunbound-dev
+INC=$INC,dnsutils,libsoup2.4-dev,ca-certificates,unzip
+INC=$INC,python,python-setuptools,python-dev,python-pip,apt-transport-https
 INC=$INC,libjson0-dev,libxslt1-dev,libapache2-mod-wsgi,iptables-dev
+case "$BASEIMGSUITE" in
+wheezy)
+	INC=$INC,libxerces-c2-dev,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev
+	INC=$INC,libalog0.4.1-base-dev
+	;;
+jessie)
+	INC=$INC,libxerces-c-dev,libahven4-dev,libxmlada5-dev,libgmpada5-dev
+	INC=$INC,libalog1-dev,libgcrypt20-dev
+	;;
+*)
+	echo_warn "Package list for '$BASEIMGSUITE' might has to be updated"
+esac
 SERVICES="apache2 dbus isc-dhcp-server slapd bind9"
 INC=$INC,${SERVICES// /,}
 
@@ -45,7 +56,7 @@ execute "qemu-nbd -c $NBDEV $BASEIMG"
 do_on_exit qemu-nbd -d $NBDEV
 
 log_action "Partitioning disk"
-sfdisk /dev/nbd0 -D -uM >>$LOGFILE 2>&1 << EOF
+sfdisk /dev/nbd0 >>$LOGFILE 2>&1 << EOF
 ;
 EOF
 if [ $? != 0 ]
@@ -75,12 +86,39 @@ execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $
 execute "mount -t proc none $LOOPDIR/proc" 0
 do_on_exit graceful_umount $LOOPDIR/proc
 
+log_action "Downloading signing key for custom apt repo"
+execute_chroot "wget -q $BASEIMGEXTKEY -O /tmp/key"
+log_action "Installing signing key for custom apt repo"
+execute_chroot "apt-key add /tmp/key"
+
+log_action "Enabling custom apt repo"
+cat > $LOOPDIR/etc/apt/sources.list.d/strongswan.list << EOF
+deb $BASEIMGEXTREPO $BASEIMGSUITE main
+EOF
+log_status $?
+
+log_action "Prioritize custom apt repo"
+cat > $LOOPDIR/etc/apt/preferences.d/strongswan.pref << EOF
+Package: *
+Pin: origin "$BASEIMGEXTREPOHOST"
+Pin-Priority: 1001
+EOF
+log_status $?
+
+log_action "Update package sources"
+execute_chroot "apt-get update"
+log_action "Install packages from custom repo"
+execute_chroot "apt-get -y upgrade"
+
 for service in $SERVICES
 do
-	log_action "Stopping service $service"
-	execute_chroot "/etc/init.d/$service stop"
 	log_action "Disabling service $service"
-	execute_chroot "update-rc.d -f $service remove"
+	if [ "$BASEIMGSUITE" == "wheezy" ]
+	then
+		execute_chroot "update-rc.d -f $service remove"
+	else
+		execute_chroot "systemctl disable $service"
+	fi
 done
 
 log_action "Disabling root password"
diff --git a/testing/scripts/build-guestimages b/testing/scripts/build-guestimages
index 3e107c062..e2ec422b1 100755
--- a/testing/scripts/build-guestimages
+++ b/testing/scripts/build-guestimages
@@ -60,17 +60,25 @@ do
 	then
 		execute "mkdir $LOOPDIR/var/log/apache2/ocsp" 0
 		execute "cp -rf $DIR/../images $LOOPDIR/var/www/" 0
+		execute_chroot "a2enmod -q cgid" 0
 		execute_chroot "ln -s /etc/openssl/certs /var/www/certs" 0
 		execute_chroot "/etc/openssl/generate-crl" 0
-		execute_chroot "update-rc.d apache2 defaults" 0
-		execute_chroot "update-rc.d slapd defaults" 0
 		execute_chroot "rm -rf /var/lib/ldap/*" 0
 		execute_chroot "slapadd -l /etc/ldap/ldif.txt -f /etc/ldap/slapd.conf" 0
 		execute_chroot "chown -R openldap:openldap /var/lib/ldap" 0
 		execute_chroot "dnssec-signzone -K /etc/bind -o strongswan.org. /etc/bind/db.strongswan.org" 0
 		execute_chroot "dnssec-signzone -K /etc/bind -o org. /etc/bind/db.org" 0
 		execute_chroot "dnssec-signzone -K /etc/bind -o . /etc/bind/db.root" 0
-		execute_chroot "update-rc.d bind9 defaults" 0
+
+		for service in "apache2 slapd bind9"
+		do
+			if [ "$BASEIMGSUITE" == "wheezy" ]
+			then
+				execute_chroot "update-rc.d $service defaults" 0
+			else
+				execute_chroot "systemctl enable $service" 0
+			fi
+		done
 	fi
 	sync
 	execute "umount -l $LOOPDIR" 0
diff --git a/testing/scripts/chroot b/testing/scripts/chroot
new file mode 100755
index 000000000..4f4245515
--- /dev/null
+++ b/testing/scripts/chroot
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+DIR=$(dirname `readlink -f $0`)
+. $DIR/../testing.conf
+. $DIR/function.sh
+
+[ `id -u` -eq 0 ] || die "You must be root to run $0"
+running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
+
+[ -n "$1" ] || die "$0 <image to mount: base|root|<guest>>"
+
+check_commands partprobe qemu-nbd
+
+load_qemu_nbd
+
+mkdir -p $LOOPDIR
+mkdir -p $IMGDIR
+mkdir -p $SHAREDDIR
+
+echo "Mounting image"
+
+case "$1" in
+base)
+	[ -f "$BASEIMG" ] || die "Base image $BASEIMG not found"
+	log_action "Connecting base image to NBD device $NBDEV"
+	execute "qemu-nbd -c $NBDEV $BASEIMG"
+	affected="root and guest"
+	;;
+root)
+	[ -f "$ROOTIMG" ] || die "Root image $ROOTIMG not found"
+	log_action "Connecting root image to NBD device $NBDEV"
+	execute "qemu-nbd -c $NBDEV $ROOTIMG"
+	affected="guest"
+	;;
+*)
+	echo $STRONGSWANHOSTS | grep -q "\b$1\b" || die "Guest $1 not found"
+	GUESTIMG="$IMGDIR/$1.$IMGEXT"
+	[ -f "$GUESTIMG" ] || die "Guest image $GUESTIMG not found"
+	log_action "Connecting guest image to NBD device $NBDEV"
+	execute "qemu-nbd -c $NBDEV $GUESTIMG"
+	;;
+esac
+
+do_on_exit qemu-nbd -d $NBDEV
+partprobe $NBDEV
+
+log_action "Mounting $NBDPARTITION to $LOOPDIR"
+execute "mount $NBDPARTITION $LOOPDIR"
+do_on_exit umount $LOOPDIR
+
+log_action "Mounting proc filesystem to $LOOPDIR/proc"
+execute "mount -t proc none $LOOPDIR/proc"
+do_on_exit umount $LOOPDIR/proc
+
+mkdir -p $LOOPDIR/root/shared
+log_action "Mounting $SHAREDDIR as /root/shared"
+execute "mount -o bind $SHAREDDIR $LOOPDIR/root/shared"
+do_on_exit umount $LOOPDIR/root/shared
+
+if [ -n "$affected" ]; then
+echo
+echo "Rebuild the $affected images after making changes to this image!"
+echo
+fi
+
+export debian_chroot="$1"
+chroot $LOOPDIR /bin/bash -i
diff --git a/testing/scripts/function.sh b/testing/scripts/function.sh
index bab2f7422..9a32c44ab 100755
--- a/testing/scripts/function.sh
+++ b/testing/scripts/function.sh
@@ -17,6 +17,7 @@
 export TERM=xterm
 RED=$(tput setaf 1)
 GREEN=$(tput setaf 2)
+YELLOW=$(tput setaf 3)
 NORMAL=$(tput op)
 
 # exit with given error message
@@ -66,6 +67,13 @@ echo_failed()
 	echo -e "${RED}$1${NORMAL}"
 }
 
+# write yellow status message to console
+# $1 - msg
+echo_warn()
+{
+	echo -e "${YELLOW}$1${NORMAL}"
+}
+
 # log an action
 # $1 - current action description
 log_action()
diff --git a/testing/scripts/recipes/002_tnc-fhh.mk b/testing/scripts/recipes/002_tnc-fhh.mk
index 397cef950..d4ed4f99c 100644
--- a/testing/scripts/recipes/002_tnc-fhh.mk
+++ b/testing/scripts/recipes/002_tnc-fhh.mk
@@ -9,6 +9,9 @@ CONFIG_OPTS = \
 	-DCOMPONENT=all \
 	-DNAL=8021x
 
+PATCHES = \
+	tnc-fhh-tncsim
+
 all: install
 
 .$(PKG)-cloned:
@@ -16,7 +19,11 @@ all: install
 	mkdir $(PKG)/build
 	@touch $@
 
-.$(PKG)-configured: .$(PKG)-cloned
+.$(PKG)-patches-applied: .$(PKG)-cloned
+	cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1
+	@touch $@
+
+.$(PKG)-configured: .$(PKG)-patches-applied
 	cd $(PKG)/build && cmake $(CONFIG_OPTS) ../
 	@touch $@
 
diff --git a/testing/scripts/recipes/003_freeradius.mk b/testing/scripts/recipes/003_freeradius.mk
index 05ed8b38c..71cfc238c 100644
--- a/testing/scripts/recipes/003_freeradius.mk
+++ b/testing/scripts/recipes/003_freeradius.mk
@@ -1,6 +1,6 @@
 #!/usr/bin/make
 
-PV  = 2.2.1
+PV  = 2.2.8
 PKG = freeradius-server-$(PV)
 TAR = $(PKG).tar.bz2
 SRC = ftp://ftp.freeradius.org/pub/freeradius/old/$(TAR)
diff --git a/testing/scripts/recipes/004_hostapd.mk b/testing/scripts/recipes/004_hostapd.mk
new file mode 100644
index 000000000..0acd428c9
--- /dev/null
+++ b/testing/scripts/recipes/004_hostapd.mk
@@ -0,0 +1,39 @@
+#!/usr/bin/make
+
+PV  = 2.0
+PKG = hostapd-$(PV)
+TAR = $(PKG).tar.gz
+SRC = http://w1.fi/releases/$(TAR)
+
+NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
+
+CONFIG_OPTS =
+
+PATCHES = \
+	hostapd-config
+
+SUBDIR = hostapd
+
+all: install
+
+$(TAR):
+	wget $(SRC)
+
+.$(PKG)-unpacked: $(TAR)
+	tar xfz $(TAR)
+	@touch $@
+
+.$(PKG)-patches-applied: .$(PKG)-unpacked
+	cd $(PKG) && cat $(addprefix ../patches/, $(PATCHES)) | patch -p1
+	@touch $@
+
+.$(PKG)-configured: .$(PKG)-patches-applied
+	cp $(PKG)/$(SUBDIR)/defconfig $(PKG)/$(SUBDIR)/.config
+	@touch $@
+
+.$(PKG)-built: .$(PKG)-configured
+	cd $(PKG)/$(SUBDIR) && make -j $(NUM_CPUS)
+	@touch $@
+
+install: .$(PKG)-built
+	cd $(PKG)/$(SUBDIR) && make install
diff --git a/testing/scripts/recipes/004_wpa_supplicant.mk b/testing/scripts/recipes/004_wpa_supplicant.mk
index 14b64ea78..4cc870c12 100644
--- a/testing/scripts/recipes/004_wpa_supplicant.mk
+++ b/testing/scripts/recipes/004_wpa_supplicant.mk
@@ -3,7 +3,7 @@
 PV  = 2.0
 PKG = wpa_supplicant-$(PV)
 TAR = $(PKG).tar.gz
-SRC = http://hostap.epitest.fi/releases/$(TAR)
+SRC = http://w1.fi/releases/$(TAR)
 
 NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
 
diff --git a/testing/scripts/recipes/011_openssl-fips.mk b/testing/scripts/recipes/011_openssl-fips.mk
deleted file mode 100644
index 5d28b181e..000000000
--- a/testing/scripts/recipes/011_openssl-fips.mk
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/make
-
-PV  = 2.0.3
-PKG = openssl-fips-$(PV)
-TAR = $(PKG).tar.gz
-SRC = http://www.openssl.org/source/$(TAR)
-
-all: install
-
-$(TAR):
-	wget $(SRC)
-
-$(PKG): $(TAR)
-	tar xfz $(TAR)
-
-configure: $(PKG)
-	cd $(PKG) && ./config
-
-build: configure
-	cd $(PKG) && make
-
-install: build
-	cd $(PKG) && make install
diff --git a/testing/scripts/recipes/012_openssl.mk b/testing/scripts/recipes/012_openssl.mk
deleted file mode 100644
index 16aec239d..000000000
--- a/testing/scripts/recipes/012_openssl.mk
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/make
-
-PV  = 1.0.1e
-PKG = openssl-$(PV)
-SRC = http://download.strongswan.org/testing/openssl-fips/
-
-all: install
-
-$(PKG):
-	wget -r $(SRC) --no-directories --directory-prefix $(PKG) --accept deb --no-parent
-
-install: $(PKG)
-	cd $(PKG) && dpkg -i *.deb
diff --git a/testing/scripts/recipes/patches/freeradius-tnc-fhh b/testing/scripts/recipes/patches/freeradius-tnc-fhh
index 785538323..26a233d48 100644
--- a/testing/scripts/recipes/patches/freeradius-tnc-fhh
+++ b/testing/scripts/recipes/patches/freeradius-tnc-fhh
@@ -5463,8 +5463,8 @@ diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc
 -HEADERS     = eap_tnc.h tncs.h tncs_connect.h ../../eap.h ../../rlm_eap.h
 +SRCS        = rlm_eap_tnc.c eap_tnc.c
 +HEADERS     = eap_tnc.h ../../eap.h ../../rlm_eap.h
- RLM_CFLAGS  = -I../.. -I../../libeap $(OPENSSL_INCLUDE) @eap_tnc_cflags@
- RLM_LIBS    = @eap_tnc_ldflags@ ../../libeap/$(LIBPREFIX)freeradius-eap.la $(OPENSSL_LIBS)
+ RLM_CFLAGS  = -I../.. -I../../libeap @eap_tnc_cflags@
+ RLM_LIBS    = @eap_tnc_ldflags@ ../../libeap/$(LIBPREFIX)freeradius-eap.la
  RLM_INSTALL =
 diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c freeradius-server-2.2.0/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c
 --- freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c	2012-09-10 13:51:34.000000000 +0200
diff --git a/testing/scripts/recipes/patches/hostapd-config b/testing/scripts/recipes/patches/hostapd-config
new file mode 100644
index 000000000..b26d2783f
--- /dev/null
+++ b/testing/scripts/recipes/patches/hostapd-config
@@ -0,0 +1,38 @@
+diff -u -ur hostapd-2.0.orig/hostapd/defconfig hostapd-2.0/hostapd/defconfig
+--- hostapd-2.0.orig/hostapd/defconfig	2013-01-12 16:42:53.000000000 +0100
++++ hostapd-2.0/hostapd/defconfig	2016-06-15 17:32:57.000000000 +0200
+@@ -13,14 +13,14 @@
+ CONFIG_DRIVER_HOSTAP=y
+ 
+ # Driver interface for wired authenticator
+-#CONFIG_DRIVER_WIRED=y
++CONFIG_DRIVER_WIRED=y
+ 
+ # Driver interface for madwifi driver
+ #CONFIG_DRIVER_MADWIFI=y
+ #CFLAGS += -I../../madwifi # change to the madwifi source directory
+ 
+ # Driver interface for drivers using the nl80211 kernel interface
+-CONFIG_DRIVER_NL80211=y
++#CONFIG_DRIVER_NL80211=y
+ 
+ # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+ #CONFIG_DRIVER_BSD=y
+@@ -30,7 +30,7 @@
+ #LIBS_c += -L/usr/local/lib
+ 
+ # Driver interface for no driver (e.g., RADIUS server only)
+-#CONFIG_DRIVER_NONE=y
++CONFIG_DRIVER_NONE=y
+ 
+ # IEEE 802.11F/IAPP
+ CONFIG_IAPP=y
+@@ -152,7 +152,7 @@
+ 
+ # Add support for writing debug log to a file: -f /tmp/hostapd.log
+ # Disabled by default.
+-#CONFIG_DEBUG_FILE=y
++CONFIG_DEBUG_FILE=y
+ 
+ # Remove support for RADIUS accounting
+ #CONFIG_NO_ACCOUNTING=y
\ No newline at end of file
diff --git a/testing/scripts/recipes/patches/tnc-fhh-tncsim b/testing/scripts/recipes/patches/tnc-fhh-tncsim
new file mode 100644
index 000000000..42c714480
--- /dev/null
+++ b/testing/scripts/recipes/patches/tnc-fhh-tncsim
@@ -0,0 +1,12 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index fe65134512ea..3c5255f21ea6 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -101,7 +101,6 @@ IF(${COMPONENT} STREQUAL "ALL")
+ 	add_subdirectory(tncxacml)
+ 	add_subdirectory(imcv)
+ 	add_subdirectory(tncs)
+-	add_subdirectory(tncsim)
+ 			
+ 	IF(${NAL} STREQUAL "8021X" OR ${NAL} STREQUAL "ALL")
+ 		add_subdirectory(naaeap)