On 14/06/12 16:44, Gert Doering wrote: > Hi, > > openvpn-devel in the current openwrt tree is broken, due to upstream- > breakage. > > For the record, it's built like this: > > $ ./configure --target=mips-openwrt-linux --host=mips-openwrt-linux > --build=i686-pc-linux-gnu --program-prefix= --program-suffix= --prefix=/usr > --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin > --libexecdir=/usr/lib --sysconfdir=/etc --datadir=/usr/share > --localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls > --enable-small --disable-selinux --disable-systemd --disable-plugins > --disable-debug --disable-eurephia --disable-pkcs11 --enable-lzo > --disable-crypto disable-x509-alt-username-ssl --enable-server > --disable-management --enable-socks --enable-http --enable-fragment > --enable-multihome --disable-iproute2 --enable-def-auth --enable-pf > --enable-ssl --enable-crypto --with-crypto-library=polarssl > > ... and the real breakage is the combination of --enable-pf, > --disable-plugins, --disable-management and --with-crypto-library=polarssl. > > What this will do is: > > - config.h defines ENABLE_PF > > /* Enable internal packet filter */ > #define ENABLE_PF 1 > > - syshead.h turns it off again > > #if defined(ENABLE_DEF_AUTH) && P2MP_SERVER && defined(ENABLE_MANAGEMENT) > #define MANAGEMENT_DEF_AUTH > #endif > ... > /* > * Enable packet filter? > */ > #if defined(ENABLE_PF) && P2MP_SERVER && defined(ENABLE_PLUGIN) && > defined(HAVE_STAT) > #define PLUGIN_PF > #endif > #if defined(ENABLE_PF) && P2MP_SERVER && defined(MANAGEMENT_DEF_AUTH) > #define MANAGEMENT_PF > #endif > #if !defined(PLUGIN_PF) && !defined(MANAGEMENT_PF) > #undef ENABLE_PF > #endif > > - so pf.c gets compiled into an empty pf.o module (all ok) > > - now, init.c does more interesting things > > - include "config.h" -> #define ENABLE_PF 1 > - include "syshead.h" -> #undef ENABLE_PF > - include "init.h" > include "openvpn.h" > include "ssl.h" > include "ssl_backend.h" > include "ssl_polarssl.h" > include "config.h" --> #define ENABLE_PF 1 > > - so init.c and multi.c get compiled with the function calls towards > pf.c, but pf.o is empty -> linker fails > > This cannot be triggered with --disable-pf, or OpenSSL (because ssl_openssl.h > does not include config.h), or if either plugins or management are enabled. > > > The quick fix is "remove config.h from ssl_polarssl.h" - because all .c > modules right now include this anyway, as the first thing, including all > SSL modules. I would propose to do that right away (patch attached), but > would like confirmation from Adriaan that I'm not overlooking anything. > > The "right" fix is manyfold (and I think I'll agree with Alon here) > > - stop calling our own include files many layers deep > > - stop modifying config.h variables from sysdep.h - if we want to > override ENABLE_PF depending on other options, let's do it in > configure > > - cleanup the amazing heap of #ifdefs in sysdep.h
Applied to master.
commit dc4abbb3a8a184d9c696dbba90cdb98b7da70e77
Author: Gert Doering <g...@greenie.muc.de>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Thu Jun 14 16:41:37 2012 +0200
Remove #include "config.h" from ssl_polarssl.h
This include is superfluous, as all callers already include config.h -
and under certain combinations of configure options and syshead.h
Signed-off-by: Gert Doering <g...@greenie.muc.de>
Acked-by: Alon Bar-Lev <alon.bar...@gmail.com>
Message-Id: 20120614144454.gx1...@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/6723
Signed-off-by: David Sommerseth <dav...@redhat.com>
kind regards,
David Sommerseth
signature.asc
Description: OpenPGP digital signature
