[openvpn3] Update, adapt upstream build, cleanup, test (#40677)

2024-11-24 03:00:19 +08:00 · 2024-09-03 21:28:36 +02:00 · 2024-09-03 21:28:36 +02:00 · 401175db30
commit 401175db30
parent 2d2b7d172d
14 changed files with 238 additions and 60 deletions
--- a/ports/openvpn3/CMakeLists.txt
+++ b/ports/openvpn3/CMakeLists.txt
@ -1,42 +0,0 @@
-cmake_minimum_required(VERSION 3.5)
-project(openvpncli CXX)
-
-find_path(ASIO_HPP asio.hpp)
-find_library(MBEDTLS_LIB mbedtls)
-find_library(MBEDCRYPTO_LIB mbedcrypto)
-find_library(MBEDX509_LIB mbedx509)
-
-include_directories(. ${ASIO_HPP})
-
-if(WIN32) 
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /bigobj")
-endif()
-
-add_definitions(-DNOMINMAX -DUSE_ASIO -DUSE_MBEDTLS -D_WIN32_WINNT=0x0600)
-if(LINUX)
-  add_compile_options(-include bits/endian.h)
-endif()
-
-add_library(ovpncli client/ovpncli.cpp)
-target_link_libraries(ovpncli PRIVATE Iphlpapi.lib Wininet.lib Setupapi.lib Cfgmgr32.lib Rpcrt4.lib Fwpuclnt.lib Wtsapi32.lib ${MBEDTLS_LIB} ${MBEDCRYPTO_LIB} ${MBEDX509_LIB})
-
-target_include_directories(ovpncli PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}> $<INSTALL_INTERFACE:include>)
-
-install(
-    TARGETS ovpncli
-    EXPORT unofficial-openvpnConfig
-    RUNTIME DESTINATION bin
-    LIBRARY DESTINATION lib
-    ARCHIVE DESTINATION lib
-)
-
-INSTALL(EXPORT unofficial-openvpnConfig
-    NAMESPACE unofficial::openvpn3::
-    DESTINATION share/unofficial-openvpn
-)
-
-if(BUILD_TOOL)
-    add_executable(cli test/ovpncli/cli.cpp)
-    target_compile_definitions(cli PRIVATE -DTAP_WIN_COMPONENT_ID=tap0901)
-    target_link_libraries(cli PRIVATE ovpncli)    
-endif()
--- a/ports/openvpn3/dependencies.diff
+++ b/ports/openvpn3/dependencies.diff
@ -0,0 +1,55 @@
+diff --git a/cmake/findcoredeps.cmake b/cmake/findcoredeps.cmake
+index b7d00d4..b13eed1 100644
+--- a/cmake/findcoredeps.cmake
+++ b/cmake/findcoredeps.cmake
+@@ -30,7 +30,7 @@ endif ()
+ function(add_ssl_library target)
+     if (${USE_MBEDTLS})
+         find_package(mbedTLS REQUIRED)
+-        set(SSL_LIBRARY mbedTLS::mbedTLS)
+        set(SSL_LIBRARY "${MBEDTLS_LIBRARIES}")
+         target_compile_definitions(${target} PRIVATE -DUSE_MBEDTLS)
+     else ()
+         find_package(OpenSSL REQUIRED)
+@@ -38,7 +38,7 @@ function(add_ssl_library target)
+         target_compile_definitions(${target} PRIVATE -DUSE_OPENSSL)
+     endif ()
+ 
+-    target_link_libraries(${target} ${SSL_LIBRARY})
+    target_link_libraries(${target} PUBLIC ${SSL_LIBRARY})
+ endfunction()
+ 
+ 
+@@ -93,10 +93,10 @@ function(add_core_dependencies target)
+     # a patched version. So we want to prefer its include
+     # directories.
+     find_package(asio REQUIRED)
+-    target_link_libraries(${target} asio::asio)
+    target_link_libraries(${target} PUBLIC asio::asio)
+ 
+     find_package(lz4 REQUIRED)
+-    target_link_libraries(${target} lz4::lz4)
+    target_link_libraries(${target} PUBLIC lz4::lz4)
+ 
+     add_ssl_library(${target})
+ 
+@@ -105,14 +105,16 @@ function(add_core_dependencies target)
+         find_library(iokit IOKit)
+         find_library(coreServices CoreServices)
+         find_library(systemConfiguration SystemConfiguration)
+-        target_link_libraries(${target} ${coreFoundation} ${iokit} ${coreServices} ${systemConfiguration} ${lz4})
+        target_link_libraries(${target} PUBLIC ${coreFoundation} ${iokit} ${coreServices} ${systemConfiguration} ${lz4})
+     endif()
+ 
+     if(UNIX)
+-        target_link_libraries(${target} pthread)
+        set(THREADS_PREFER_PTHREAD_FLAG 1)
+        find_package(Threads REQUIRED)
+        target_link_libraries(${target} PUBLIC Threads::Threads)
+     endif()
+ 
+-    target_link_libraries(${target} ${EXTRA_LIBS})
+    target_link_libraries(${target} PUBLIC ${EXTRA_LIBS})
+ 
+     if (USE_WERROR)
+         if (MSVC)
--- a/ports/openvpn3/mbedtls-compat.diff
+++ b/ports/openvpn3/mbedtls-compat.diff
@ -0,0 +1,50 @@
+diff --git a/openvpn/mbedtls/mbedtls_compat.hpp b/openvpn/mbedtls/mbedtls_compat.hpp
+index 19e6f25..9db4e01 100644
+--- a/openvpn/mbedtls/mbedtls_compat.hpp
+++ b/openvpn/mbedtls/mbedtls_compat.hpp
+@@ -27,11 +27,11 @@
+ #include <mbedtls/version.h>
+ #include <mbedtls/pem.h>
+ 
+-#if not defined(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION)
+#if !defined(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION)
+ #define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
+ #endif
+ 
+-#if not defined(MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE)
+#if !defined(MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE)
+ #define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
+ #endif
+ 
+diff --git a/openvpn/mbedtls/ssl/sslctx.hpp b/openvpn/mbedtls/ssl/sslctx.hpp
+index f6c3d28..83763e4 100644
+--- a/openvpn/mbedtls/ssl/sslctx.hpp
+++ b/openvpn/mbedtls/ssl/sslctx.hpp
+@@ -1589,10 +1589,13 @@ class MbedTLSContext : public SSLFactoryAPI
+                     digest_prefix_len = sizeof(PKCS1::DigestPrefix::SHA512);
+                     break;
+                 default:
+# if MBEDTLS_VERSION_NUMBER < 0x03000000
+#  define MAYBE_LOG_MODE << "mode=" << mode
+# else
+#  define MAYBE_LOG_MODE
+# endif
+                     OVPN_LOG_INFO("MbedTLSContext::epki_sign unrecognized hash_id"
+-#if MBEDTLS_VERSION_NUMBER < 0x03000000
+-                                  << "mode=" << mode
+-#endif
+                                  MAYBE_LOG_MODE
+                                   << " md_alg=" << md_alg << " hashlen=" << hashlen);
+                     return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+                 }
+@@ -1627,9 +1630,7 @@ class MbedTLSContext : public SSLFactoryAPI
+             else
+             {
+                 OVPN_LOG_INFO("MbedTLSContext::epki_sign unrecognized parameters"
+-#if MBEDTLS_VERSION_NUMBER < 0x03000000
+-                              << "mode=" << mode
+-#endif
+                              MAYBE_LOG_MODE
+                               << " md_alg=" << md_alg << " hashlen=" << hashlen);
+                 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+             }
--- a/ports/openvpn3/only-library.diff
+++ b/ports/openvpn3/only-library.diff
@ -0,0 +1,52 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 6cf519d..d07321c 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -32,11 +32,13 @@ include(ovpn-doxygen)
+ 
+ add_subdirectory(client)
+ add_subdirectory(test/unittests)
+if(BUILD_TOOLS)
+ add_subdirectory(test/ovpncli)
+ 
+ add_subdirectory(openvpn/omi)
+ add_subdirectory(openvpn/ovpnagent/win)
+ add_subdirectory(openvpn/ovpnagent/mac)
+endif()
+ 
+ if (ENABLE_DOXYGEN)
+     # Exclude some project specific directories
+diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt
+index e1ecf8f..5afe6ec 100644
+--- a/client/CMakeLists.txt
+++ b/client/CMakeLists.txt
+@@ -1,5 +1,29 @@
+ include(findcoredeps)
+ include(findswigdeps)
+add_library(ovpnclilib ovpncli.cpp)
+add_core_dependencies(ovpnclilib)
+target_compile_features(ovpnclilib PUBLIC cxx_std_17)
+target_include_directories(ovpnclilib PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}" PUBLIC "$<INSTALL_INTERFACE:include>")
+set_target_properties(ovpnclilib PROPERTIES
+    OUTPUT_NAME ovpncli
+    EXPORT_NAME ovpncli
+)
+install(TARGETS ovpnclilib EXPORT unofficial-openvpn3-targets)
+install(EXPORT unofficial-openvpn3-targets
+    NAMESPACE unofficial::openvpn3::
+    DESTINATION share/unofficial-openvpn3
+)
+file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/unofficial-openvpn3-config.cmake" "\
+include(CMakeFindDependencyMacro)
+find_dependency(asio CONFIG)
+find_dependency(lz4 CONFIG)
+if(UNIX)
+  set(THREADS_PREFER_PTHREAD_FLAG 1)
+  find_dependency(Threads)
+endif()
+include(\"\${CMAKE_CURRENT_LIST_DIR}/unofficial-openvpn3-targets.cmake\")
+")
+install(FILES "${CMAKE_CURRENT_BINARY_DIR}/unofficial-openvpn3-config.cmake" DESTINATION share/unofficial-openvpn3)
+ 
+ if (BUILD_SWIG_LIB)
+     set_property(SOURCE ovpncli.i PROPERTY CPLUSPLUS ON)
--- a/ports/openvpn3/portfile.cmake
+++ b/ports/openvpn3/portfile.cmake
@ -1,23 +1,35 @@
-set(VCPKG_LIBRARY_LINKAGE static)
+if(VCPKG_TARGET_IS_WINDOWS)
+    vcpkg_check_linkage(ONLY_STATIC_LIBRARY)
+endif()

 vcpkg_from_github(
    OUT_SOURCE_PATH SOURCE_PATH
    REPO OpenVPN/openvpn3
-    REF release/3.7
-    SHA512 de95bd2b1a01179aa81e1612be175540c2486b856f66880372d09966655bbbadd71d874ed49b032566dde2896207bc76298c5cfcf73e86272c04d5aaa977d660
+    REF "release/${VERSION}"
+    SHA512 f096644078c10022685c1a8f7e0afddf352b4a5c229a772d24adbc6ec3f44e27501beabd28c4da1b6b182ae9d220b80865757693d52d085817d42f2322b71213
    HEAD_REF master
+    PATCHES
+        dependencies.diff
+        mbedtls-compat.diff
+        only-library.diff
 )
-
-file(COPY "${CMAKE_CURRENT_LIST_DIR}/CMakeLists.txt" DESTINATION "${SOURCE_PATH}")
+file(REMOVE_RECURSE "${SOURCE_PATH}/deps")

 vcpkg_cmake_configure(
    SOURCE_PATH "${SOURCE_PATH}"
+    OPTIONS
+        -DBUILD_SWIG_LIB=OFF
+        -DBUILD_TESTING=OFF
+        -DCMAKE_DISABLE_FIND_PACKAGE_Python3=ON
+        -DCMAKE_DISABLE_FIND_PACKAGE_SWIG=ON
+        -DCMAKE_FIND_PACKAGE_PREFER_CONFIG=ON
+        -DUSE_MBEDTLS=1   # vcpkg legacy choice
 )

 vcpkg_cmake_install()

-file(COPY "${SOURCE_PATH}/openvpn" DESTINATION "${CURRENT_PACKAGES_DIR}/include")
 file(COPY "${SOURCE_PATH}/client/ovpncli.hpp" DESTINATION "${CURRENT_PACKAGES_DIR}/include/openvpn")
+file(COPY "${SOURCE_PATH}/openvpn" DESTINATION "${CURRENT_PACKAGES_DIR}/include")

 file(GLOB_RECURSE HEADERS "${CURRENT_PACKAGES_DIR}/include/openvpn/*")
 foreach(HEADER IN LISTS HEADERS)
@ -29,9 +41,9 @@ foreach(HEADER IN LISTS HEADERS)
    file(WRITE "${HEADER}" "${_contents}")
 endforeach()

-vcpkg_cmake_config_fixup(PACKAGE_NAME unofficial-openvpn CONFIG_PATH share/unofficial-openvpn)
+vcpkg_cmake_config_fixup(PACKAGE_NAME unofficial-openvpn3)
+# Transitional
+file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/unofficial-openvpnConfig.cmake" DESTINATION "${CURRENT_PACKAGES_DIR}/share/unofficial-openvpn")

 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/share")
-file(INSTALL
-    "${SOURCE_PATH}/COPYRIGHT.AGPLV3"
-    DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)
+vcpkg_install_copyright(FILE_LIST "${SOURCE_PATH}/LICENSE.rst" "${SOURCE_PATH}/COPYRIGHT.AGPLV3")
--- a/ports/openvpn3/unofficial-openvpnConfig.cmake
+++ b/ports/openvpn3/unofficial-openvpnConfig.cmake
@ -0,0 +1,4 @@
+file(READ "${CMAKE_CURRENT_LIST_DIR}/usage" usage)
+message(WARNING "find_package(${CMAKE_FIND_PACKAGE_NAME}) is deprecated. Use find_package(unofficial-openvpn3) instead.")
+include(CMakeFindDependencyMacro)
+find_dependency(unofficial-openvpn3 CONFIG)
--- a/ports/openvpn3/vcpkg.json
+++ b/ports/openvpn3/vcpkg.json
@ -1,13 +1,13 @@
 {
  "name": "openvpn3",
-  "version": "3.7.0",
-  "port-version": 2,
+  "version": "3.10",
  "description": "a C++ class library that implements the functionality of an OpenVPN client, and is protocol-compatible with the OpenVPN 2.x branch.",
  "homepage": "https://openvpn.net",
-  "license": "AGPL-3.0",
-  "supports": "!xbox",
+  "license": "AGPL-3.0-only",
+  "supports": "!uwp & !xbox",
  "dependencies": [
    "asio",
+    "lz4",
    "mbedtls",
    {
      "name": "tap-windows6",
--- a/scripts/ci.baseline.txt
+++ b/scripts/ci.baseline.txt
@ -878,8 +878,6 @@ openscap:arm64-osx=fail
 openscap:x64-windows-static=fail
 opensubdiv:x64-android=fail
 openturns:arm64-windows=fail
-openvpn3:x64-osx=fail
-openvpn3:arm64-osx=fail
 openvr:x64-windows-static=fail
 # Conflicts with optional-lite, by the same author
 optional-bare:arm-neon-android=skip
--- a/scripts/test_ports/vcpkg-ci-openvpn3/portfile.cmake
+++ b/scripts/test_ports/vcpkg-ci-openvpn3/portfile.cmake
@ -0,0 +1,4 @@
+set(VCPKG_POLICY_EMPTY_PACKAGE enabled)
+
+vcpkg_cmake_configure(SOURCE_PATH "${CURRENT_PORT_DIR}/project")
+vcpkg_cmake_build()
--- a/scripts/test_ports/vcpkg-ci-openvpn3/project/CMakeLists.txt
+++ b/scripts/test_ports/vcpkg-ci-openvpn3/project/CMakeLists.txt
@ -0,0 +1,7 @@
+cmake_minimum_required(VERSION 3.7)
+project(openvpn3-test CXX)
+
+add_executable(main main.cpp)
+
+find_package(unofficial-openvpn3 CONFIG REQUIRED)
+target_link_libraries(main PRIVATE unofficial::openvpn3::ovpncli)
--- a/scripts/test_ports/vcpkg-ci-openvpn3/project/main.cpp
+++ b/scripts/test_ports/vcpkg-ci-openvpn3/project/main.cpp
@ -0,0 +1,21 @@
+#include <openvpn/ovpncli.hpp>
+
+using namespace openvpn::ClientAPI;
+
+// Cf. https://github.com/OpenVPN/openvpn3/blob/master/README.rst#openvpn-3-client-core
+class Client : public OpenVPNClient
+{
+public:
+    void acc_event(const AppCustomControlMessageEvent &) override {}
+    void event(const Event&) override {}
+    void external_pki_cert_request(ExternalPKICertRequest &) override {}
+    void external_pki_sign_request(ExternalPKISignRequest &) override {}
+    void log(const LogInfo&) override {}
+    bool pause_on_connection_timeout() override { return false; }
+};
+
+int main()
+{
+    Client c;
+    return OpenVPNClient::stats_n();
+}
--- a/scripts/test_ports/vcpkg-ci-openvpn3/vcpkg.json
+++ b/scripts/test_ports/vcpkg-ci-openvpn3/vcpkg.json
@ -0,0 +1,12 @@
+{
+  "name": "vcpkg-ci-openvpn3",
+  "version-string": "ci",
+  "description": "Validates openvpn3",
+  "dependencies": [
+    "openvpn3",
+    {
+      "name": "vcpkg-cmake",
+      "host": true
+    }
+  ]
+}
--- a/versions/baseline.json
+++ b/versions/baseline.json
@ -6681,8 +6681,8 @@
      "port-version": 0
    },
    "openvpn3": {
-      "baseline": "3.7.0",
-      "port-version": 2
+      "baseline": "3.10",
+      "port-version": 0
    },
    "openvr": {
      "baseline": "2.5.1",
--- a/versions/o-/openvpn3.json
+++ b/versions/o-/openvpn3.json
@ -1,5 +1,10 @@
 {
  "versions": [
+    {
+      "git-tree": "f24948a1abcd067f9d1063088f83afa5e2b4270f",
+      "version": "3.10",
+      "port-version": 0
+    },
    {
      "git-tree": "97a26dd437bb027004b075333db96473652ca1fd",
      "version": "3.7.0",