diff options
Diffstat (limited to 'testing/scripts')
| -rwxr-xr-x | testing/scripts/build-baseimage | 12 | ||||
| -rwxr-xr-x | testing/scripts/build-guestimages | 8 | ||||
| -rwxr-xr-x | testing/scripts/load-testconfig | 6 | ||||
| -rw-r--r-- | testing/scripts/recipes/004_wpa_supplicant.mk (renamed from testing/scripts/recipes/004_iptables.mk) | 20 | ||||
| -rw-r--r-- | testing/scripts/recipes/005_anet.mk | 21 | ||||
| -rw-r--r-- | testing/scripts/recipes/006_tkm-rpc.mk | 23 | ||||
| -rw-r--r-- | testing/scripts/recipes/007_x509-ada.mk | 21 | ||||
| -rw-r--r-- | testing/scripts/recipes/008_xfrm-ada.mk | 23 | ||||
| -rw-r--r-- | testing/scripts/recipes/009_tkm.mk | 21 | ||||
| -rw-r--r-- | testing/scripts/recipes/010_strongswan.mk (renamed from testing/scripts/recipes/005_strongswan.mk) | 9 | ||||
| -rw-r--r-- | testing/scripts/recipes/011_xfrm-proxy.mk | 21 | ||||
| -rw-r--r-- | testing/scripts/recipes/patches/iptables-xfrm-hooks | 61 | ||||
| -rw-r--r-- | testing/scripts/recipes/patches/wpa_supplicant-eap-tnc | 47 | ||||
| -rwxr-xr-x | testing/scripts/restore-defaults | 1 |
14 files changed, 216 insertions, 78 deletions
diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage index 1355d7a05..c426f0af5 100755 --- a/testing/scripts/build-baseimage +++ b/testing/scripts/build-baseimage @@ -15,10 +15,11 @@ INC=build-essential,gperf,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libxerces-c2-dev,libltdl-dev INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core -INC=$INC,less,acpid,acpi-support-base -SERVICES="apache2 dbus isc-dhcp-server slapd" +INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,screen +INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev +INC=$INC,libalog0.4.1-base-dev,hostapd +SERVICES="apache2 dbus isc-dhcp-server slapd bind9" INC=$INC,${SERVICES// /,} -EXC=iptables CACHEDIR=$BUILDDIR/cache APTCACHE=$LOOPDIR/var/cache/apt/archives @@ -65,7 +66,10 @@ execute "mount -o bind $CACHEDIR $APTCACHE" do_on_exit graceful_umount $APTCACHE log_action "Running debootstrap ($BASEIMGSUITE, $BASEIMGARCH)" -execute "debootstrap --arch=$BASEIMGARCH --include=$INC --exclude $EXC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR" +execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR" + +execute "mount -t proc none $LOOPDIR/proc" +do_on_exit graceful_umount $LOOPDIR/proc for service in $SERVICES do diff --git a/testing/scripts/build-guestimages b/testing/scripts/build-guestimages index f5669040e..f7fb1f85c 100755 --- a/testing/scripts/build-guestimages +++ b/testing/scripts/build-guestimages @@ -46,6 +46,8 @@ do execute "mount $NBDPARTITION $LOOPDIR" 0 execute "cp -rf $HOSTSDIR/${host}/etc $LOOPDIR" 0 execute "cp -rf $HOSTSDIR/default/* $LOOPDIR" 0 + execute_chroot "ldconfig" 0 + if [ "$host" = "winnetou" ] then execute "mkdir $LOOPDIR/var/log/apache2/ocsp" 0 @@ -57,9 +59,13 @@ do execute_chroot "rm -rf /var/lib/ldap/*" 0 execute_chroot "slapadd -l /etc/ldap/ldif.txt -f /etc/ldap/slapd.conf" 0 execute_chroot "chown -R openldap:openldap /var/lib/ldap" 0 + execute_chroot "dnssec-signzone -K /etc/bind -o strongswan.org. /etc/bind/db.strongswan.org" 0 + execute_chroot "dnssec-signzone -K /etc/bind -o org. /etc/bind/db.org" 0 + execute_chroot "dnssec-signzone -K /etc/bind -o . /etc/bind/db.root" 0 + execute_chroot "update-rc.d bind9 defaults" 0 fi sync - execute "umount $LOOPDIR" 0 + execute "umount -l $LOOPDIR" 0 execute "qemu-nbd -d $NBDEV" 0 log_status 0 done diff --git a/testing/scripts/load-testconfig b/testing/scripts/load-testconfig index 0ea4fbf00..5f35c129e 100755 --- a/testing/scripts/load-testconfig +++ b/testing/scripts/load-testconfig @@ -17,6 +17,7 @@ DIR=$(dirname `readlink -f $0`) . $DIR/../testing.conf . $DIR/function.sh +SSHCONF="-F $DIR/../ssh_config" ########################################################################## # load-testconfig requires a testname as an argument @@ -59,11 +60,12 @@ done ########################################################################## -# clear radius.log on FreeRadius servers +# clear daemon.log and radius.log on FreeRadius servers # for host in $RADIUSHOSTS do eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" - ssh $SSHCONF $HOSTLOGIN 'rm -f /var/log/freeradius/radius.log' > /dev/null 2>&1 + ssh $SSHCONF $HOSTLOGIN 'rm -f /var/log/daemon.log /var/log/freeradius/radius.log; \ + kill -SIGHUP `cat /var/run/rsyslogd.pid`' > /dev/null 2>&1 done diff --git a/testing/scripts/recipes/004_iptables.mk b/testing/scripts/recipes/004_wpa_supplicant.mk index 51200201a..14b64ea78 100644 --- a/testing/scripts/recipes/004_iptables.mk +++ b/testing/scripts/recipes/004_wpa_supplicant.mk @@ -1,16 +1,18 @@ #!/usr/bin/make -PV = 1.4.16.3 -PKG = iptables-$(PV) -TAR = $(PKG).tar.bz2 -SRC = http://www.netfilter.org/projects/iptables/files/$(TAR) +PV = 2.0 +PKG = wpa_supplicant-$(PV) +TAR = $(PKG).tar.gz +SRC = http://hostap.epitest.fi/releases/$(TAR) NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) CONFIG_OPTS = PATCHES = \ - iptables-xfrm-hooks + wpa_supplicant-eap-tnc + +SUBDIR = wpa_supplicant all: install @@ -18,7 +20,7 @@ $(TAR): wget $(SRC) .$(PKG)-unpacked: $(TAR) - tar xfj $(TAR) + tar xfz $(TAR) @touch $@ .$(PKG)-patches-applied: .$(PKG)-unpacked @@ -26,12 +28,12 @@ $(TAR): @touch $@ .$(PKG)-configured: .$(PKG)-patches-applied - cd $(PKG) && ./configure $(CONFIG_OPTS) + cp $(PKG)/$(SUBDIR)/defconfig $(PKG)/$(SUBDIR)/.config @touch $@ .$(PKG)-built: .$(PKG)-configured - cd $(PKG) && make -j $(NUM_CPUS) + cd $(PKG)/$(SUBDIR) && make -j $(NUM_CPUS) @touch $@ install: .$(PKG)-built - cd $(PKG) && make install + cd $(PKG)/$(SUBDIR) && make install diff --git a/testing/scripts/recipes/005_anet.mk b/testing/scripts/recipes/005_anet.mk new file mode 100644 index 000000000..2a3023c42 --- /dev/null +++ b/testing/scripts/recipes/005_anet.mk @@ -0,0 +1,21 @@ +#!/usr/bin/make + +PKG = anet +SRC = http://git.codelabs.ch/git/$(PKG).git +REV = v0.2.2 + +PREFIX = /usr/local/ada + +all: install + +.$(PKG)-cloned: + git clone $(SRC) $(PKG) + cd $(PKG) && git checkout $(REV) + @touch $@ + +.$(PKG)-built: .$(PKG)-cloned + cd $(PKG) && make LIBRARY_KIND=static + @touch $@ + +install: .$(PKG)-built + cd $(PKG) && make PREFIX=$(PREFIX) LIBRARY_KIND=static install diff --git a/testing/scripts/recipes/006_tkm-rpc.mk b/testing/scripts/recipes/006_tkm-rpc.mk new file mode 100644 index 000000000..dc6847ca5 --- /dev/null +++ b/testing/scripts/recipes/006_tkm-rpc.mk @@ -0,0 +1,23 @@ +#!/usr/bin/make + +PKG = tkm-rpc +SRC = http://git.codelabs.ch/git/$(PKG).git +REV = v0.1 + +PREFIX = /usr/local/ada + +export ADA_PROJECT_PATH=$(PREFIX)/lib/gnat + +all: install + +.$(PKG)-cloned: + git clone $(SRC) $(PKG) + cd $(PKG) && git checkout $(REV) + @touch $@ + +.$(PKG)-built: .$(PKG)-cloned + cd $(PKG) && make tests && make + @touch $@ + +install: .$(PKG)-built + cd $(PKG) && make PREFIX=$(PREFIX) install diff --git a/testing/scripts/recipes/007_x509-ada.mk b/testing/scripts/recipes/007_x509-ada.mk new file mode 100644 index 000000000..121a14414 --- /dev/null +++ b/testing/scripts/recipes/007_x509-ada.mk @@ -0,0 +1,21 @@ +#!/usr/bin/make + +PKG = x509-ada +SRC = http://git.codelabs.ch/git/$(PKG).git +REV = v0.1 + +PREFIX = /usr/local/ada + +all: install + +.$(PKG)-cloned: + git clone $(SRC) $(PKG) + cd $(PKG) && git checkout $(REV) + @touch $@ + +.$(PKG)-built: .$(PKG)-cloned + cd $(PKG) && make tests && make + @touch $@ + +install: .$(PKG)-built + cd $(PKG) && make PREFIX=$(PREFIX) install diff --git a/testing/scripts/recipes/008_xfrm-ada.mk b/testing/scripts/recipes/008_xfrm-ada.mk new file mode 100644 index 000000000..6ad451340 --- /dev/null +++ b/testing/scripts/recipes/008_xfrm-ada.mk @@ -0,0 +1,23 @@ +#!/usr/bin/make + +PKG = xfrm-ada +SRC = http://git.codelabs.ch/git/$(PKG).git +REV = v0.1 + +PREFIX = /usr/local/ada + +export ADA_PROJECT_PATH=$(PREFIX)/lib/gnat + +all: install + +.$(PKG)-cloned: + git clone $(SRC) $(PKG) + cd $(PKG) && git checkout $(REV) + @touch $@ + +.$(PKG)-built: .$(PKG)-cloned + cd $(PKG) && make + @touch $@ + +install: .$(PKG)-built + cd $(PKG) && make PREFIX=$(PREFIX) install diff --git a/testing/scripts/recipes/009_tkm.mk b/testing/scripts/recipes/009_tkm.mk new file mode 100644 index 000000000..971cd170f --- /dev/null +++ b/testing/scripts/recipes/009_tkm.mk @@ -0,0 +1,21 @@ +#!/usr/bin/make + +PKG = tkm +SRC = http://git.codelabs.ch/git/$(PKG).git +REV = v0.1 + +export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat + +all: install + +.$(PKG)-cloned: + git clone $(SRC) $(PKG) + cd $(PKG) && git checkout $(REV) + @touch $@ + +.$(PKG)-built: .$(PKG)-cloned + cd $(PKG) && make tests && make + @touch $@ + +install: .$(PKG)-built + cd $(PKG) && make install diff --git a/testing/scripts/recipes/005_strongswan.mk b/testing/scripts/recipes/010_strongswan.mk index 76d2d0882..94abb9ddb 100644 --- a/testing/scripts/recipes/005_strongswan.mk +++ b/testing/scripts/recipes/010_strongswan.mk @@ -27,6 +27,7 @@ CONFIG_OPTS = \ --enable-eap-ttls \ --enable-eap-peap \ --enable-eap-tnc \ + --enable-tnc-ifmap \ --enable-tnc-pdp \ --enable-tnc-imc \ --enable-tnc-imv \ @@ -43,6 +44,7 @@ CONFIG_OPTS = \ --enable-imv-attestation \ --enable-sql \ --enable-sqlite \ + --enable-attr-sql \ --enable-mediation \ --enable-openssl \ --enable-blowfish \ @@ -67,7 +69,12 @@ CONFIG_OPTS = \ --enable-xauth-generic \ --enable-xauth-eap \ --enable-pkcs8 \ - --enable-unity + --enable-unity \ + --enable-unbound \ + --enable-ipseckey \ + --enable-tkm + +export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat all: install diff --git a/testing/scripts/recipes/011_xfrm-proxy.mk b/testing/scripts/recipes/011_xfrm-proxy.mk new file mode 100644 index 000000000..569fbfe3c --- /dev/null +++ b/testing/scripts/recipes/011_xfrm-proxy.mk @@ -0,0 +1,21 @@ +#!/usr/bin/make + +PKG = xfrm-proxy +SRC = http://git.codelabs.ch/git/$(PKG).git +REV = v0.1 + +export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat + +all: install + +.$(PKG)-cloned: + git clone $(SRC) $(PKG) + cd $(PKG) && git checkout $(REV) + @touch $@ + +.$(PKG)-built: .$(PKG)-cloned + cd $(PKG) && make + @touch $@ + +install: .$(PKG)-built + cd $(PKG) && make install diff --git a/testing/scripts/recipes/patches/iptables-xfrm-hooks b/testing/scripts/recipes/patches/iptables-xfrm-hooks deleted file mode 100644 index baa4a65c1..000000000 --- a/testing/scripts/recipes/patches/iptables-xfrm-hooks +++ /dev/null @@ -1,61 +0,0 @@ -From 4553ba0130bb9f0aa266cc1e4c3288a52f34eed6 Mon Sep 17 00:00:00 2001 -From: Martin Willi <martin@revosec.ch> -Date: Wed, 7 Apr 2010 11:40:15 +0200 -Subject: [PATCH] Added XFRM hooks to iptables headers - ---- - include/linux/netfilter.h | 2 ++ - include/linux/netfilter_ipv4.h | 6 +++++- - include/linux/netfilter_ipv6.h | 6 +++++- - 3 files changed, 12 insertions(+), 2 deletions(-) - -diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h -index 2eb00b6..b692c67 100644 ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -35,6 +35,8 @@ enum nf_inet_hooks { - NF_INET_FORWARD, - NF_INET_LOCAL_OUT, - NF_INET_POST_ROUTING, -+ NF_INET_XFRM_IN, -+ NF_INET_XFRM_OUT, - NF_INET_NUMHOOKS - }; - -diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h -index 4d7ba3e..28d3ca9 100644 ---- a/include/linux/netfilter_ipv4.h -+++ b/include/linux/netfilter_ipv4.h -@@ -47,7 +47,11 @@ - #define NF_IP_LOCAL_OUT 3 - /* Packets about to hit the wire. */ - #define NF_IP_POST_ROUTING 4 --#define NF_IP_NUMHOOKS 5 -+/* Packets going into XFRM input transformation. */ -+#define NF_IP_XFRM_IN 5 -+/* Packets going into XFRM output transformation. */ -+#define NF_IP_XFRM_OUT 6 -+#define NF_IP_NUMHOOKS 7 - - enum nf_ip_hook_priorities { - NF_IP_PRI_FIRST = INT_MIN, -diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h -index 7430b39..18590a5 100644 ---- a/include/linux/netfilter_ipv6.h -+++ b/include/linux/netfilter_ipv6.h -@@ -51,7 +51,11 @@ - #define NF_IP6_LOCAL_OUT 3 - /* Packets about to hit the wire. */ - #define NF_IP6_POST_ROUTING 4 --#define NF_IP6_NUMHOOKS 5 -+/* Packets going into XFRM input transformation. */ -+#define NF_IP6_XFRM_IN 5 -+/* Packets going into XFRM output transformation. */ -+#define NF_IP6_XFRM_OUT 6 -+#define NF_IP6_NUMHOOKS 7 - - - enum nf_ip6_hook_priorities { --- -1.6.3.3 - diff --git a/testing/scripts/recipes/patches/wpa_supplicant-eap-tnc b/testing/scripts/recipes/patches/wpa_supplicant-eap-tnc new file mode 100644 index 000000000..2e00e5b44 --- /dev/null +++ b/testing/scripts/recipes/patches/wpa_supplicant-eap-tnc @@ -0,0 +1,47 @@ +diff -urN wpa_supplicant-2.0.ori/src/eap_peer/tncc.c wpa_supplicant-2.0/src/eap_peer/tncc.c +--- wpa_supplicant-2.0.ori/src/eap_peer/tncc.c 2013-01-12 16:42:53.000000000 +0100 ++++ wpa_supplicant-2.0/src/eap_peer/tncc.c 2013-03-23 13:10:22.151059154 +0100 +@@ -465,7 +465,7 @@ + return -1; + } + #else /* CONFIG_NATIVE_WINDOWS */ +- imc->dlhandle = dlopen(imc->path, RTLD_LAZY); ++ imc->dlhandle = dlopen(imc->path, RTLD_LAZY | RTLD_GLOBAL); + if (imc->dlhandle == NULL) { + wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %s", + imc->name, imc->path, dlerror()); +diff -urN wpa_supplicant-2.0.ori/wpa_supplicant/defconfig wpa_supplicant-2.0/wpa_supplicant/defconfig +--- wpa_supplicant-2.0.ori/wpa_supplicant/defconfig 2013-01-12 16:42:53.000000000 +0100 ++++ wpa_supplicant-2.0/wpa_supplicant/defconfig 2013-03-23 13:06:08.759052370 +0100 +@@ -86,7 +86,7 @@ + CONFIG_DRIVER_WEXT=y + + # Driver interface for Linux drivers using the nl80211 kernel interface +-CONFIG_DRIVER_NL80211=y ++#CONFIG_DRIVER_NL80211=y + + # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) + #CONFIG_DRIVER_BSD=y +@@ -193,7 +193,7 @@ + #CONFIG_EAP_GPSK_SHA256=y + + # EAP-TNC and related Trusted Network Connect support (experimental) +-#CONFIG_EAP_TNC=y ++CONFIG_EAP_TNC=y + + # Wi-Fi Protected Setup (WPS) + #CONFIG_WPS=y +diff -urN wpa_supplicant-2.0.ori/wpa_supplicant/Makefile wpa_supplicant-2.0/wpa_supplicant/Makefile +--- wpa_supplicant-2.0.ori/wpa_supplicant/Makefile 2013-01-12 16:42:53.000000000 +0100 ++++ wpa_supplicant-2.0/wpa_supplicant/Makefile 2013-03-23 13:06:08.759052370 +0100 +@@ -6,8 +6,8 @@ + CFLAGS = -MMD -O2 -Wall -g + endif + +-export LIBDIR ?= /usr/local/lib/ +-export BINDIR ?= /usr/local/sbin/ ++export LIBDIR ?= /usr/lib/ ++export BINDIR ?= /usr/sbin/ + PKG_CONFIG ?= pkg-config + + CFLAGS += -I../src diff --git a/testing/scripts/restore-defaults b/testing/scripts/restore-defaults index 953548a1b..173baf820 100755 --- a/testing/scripts/restore-defaults +++ b/testing/scripts/restore-defaults @@ -17,6 +17,7 @@ DIR=$(dirname `readlink -f $0`) . $DIR/../testing.conf . $DIR/function.sh +SSHCONF="-F $DIR/../ssh_config" testname=$1 |