Re: [Openvpn-devel] [PATCH] GitHub Actions: trigger openvpn-build GHA on success

[Samuli Seppänen]

Hi,

Il 03/06/22 11:03, Lev Stipakov ha scritto:

From: Lev Stipakov 

After successfult builds on all platforms,
start openvpn-build GHA which produces
Windows MSI installers.

Signed-off-by: Lev Stipakov 
---
  .github/workflows/build.yaml | 21 +++--
  1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d34f4e9a..99968aae 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -1,6 +1,7 @@
  # The name of our workflow
  name: Build
-on: [push, pull_request]
+on:
+  push:


I've understood that this change has no effect, but this is a commonly 
used pattern. So ok with it.


  
  jobs:

checkuncrustify:
@@ -32,6 +33,7 @@ jobs:
- name: Set job status
  run: test ! -s uncrustify-changes.patch
  working-directory: openvpn
+
mingw:
  strategy:
fail-fast: false
@@ -250,7 +252,6 @@ jobs:
- name: make check
  run: make check
  
-

macos:
  runs-on: macos-latest
  strategy:
@@ -344,3 +345,19 @@ jobs:
  ${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.dll
  ${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.pdb
  doc/openvpn.8.html
+
+  trigger_openvpn_build:
+runs-on: windows-latest
+needs: [checkuncrustify, mingw, ubuntu, ubuntu-clang-asan, macos, msvc]
+if: github.ref == 'refs/heads/master'
+env:
+  REPO_DISPATCH: ${{ secrets.OPENVPN_BUILD_REPO_DISPATCH }}
+
+steps:
+- name: Repository Dispatch
+  if: "${{ env.REPO_DISPATCH != '' }}"
+  uses: peter-evans/repository-dispatch@v2
+  with:
+token: ${{ env.REPO_DISPATCH }}
+repository: openvpn/openvpn-build
+event-type: openvpn-commit


Not having done much with GHA I can't tell if this is correct. But we do 
want this feature and Lev has tested it, so ACK.


Samuli


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] [OpenVPN 2.5] Allow running a default configuration with TLS libraries without BF-CBC

[David Sommerseth]

On 03/06/2022 11:52, Arne Schwabe wrote:

Modern TLS libraries might drop Blowfish by default or distributions
might disable Blowfish in OpenSSL/mbed TLS. We still signal OCC
options with BF-CBC compatible strings. To avoid requiring BF-CBC
for this, special this one usage of BF-CBC enough to avoid a hard
requirement on Blowfish in the default configuration.

This patch is cherry-picked from 79ff3f79 and the missing
ciphername = "none"; has been added in the OCC code.

Signed-off-by: Arne Schwabe 
---
  src/openvpn/crypto_backend.h |  2 ++
  src/openvpn/init.c   | 37 +--
  src/openvpn/options.c| 48 +++-
  3 files changed, 73 insertions(+), 14 deletions(-)


Just for the record.  This patch has been included into Fedora 36 and 
EPEL-9 builds, released as openvpn-2.5.7-2.


Fedora 36 users has reported that this patch resolves issues which 
surfaced when upgrading to openvpn-2.5.7-1.


A few references:







--
kind regards,

David Sommerseth
OpenVPN Inc



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel