[pkg] update openvpn build script

7 files changed, 161 insertions, 324 deletions

diff --git a/Makefile b/Makefile
index 80ef8654..001788f8 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,7 @@ DIST=dist/bitmask
 NEXT_VERSION = $(shell cat pkg/next-version)
 DIST_VERSION = dist/bitmask-$(NEXT_VERSION)/
 include pkg/pyinst/build.mk
+include pkg/thirdparty/openvpn/build.mk
 
 clean:
 	find . -type f -name "*.py[co]" -delete
diff --git a/pkg/thirdparty/openvpn/README b/pkg/thirdparty/openvpn/README
deleted file mode 100644
index bf2205c2..00000000
--- a/pkg/thirdparty/openvpn/README
+++ /dev/null
@@ -1,6 +0,0 @@
-OpenVPN binary, build scripts
-Works using a GCC minGW32 cross-compiler on Debian/Ubuntu
-Produces a working MS Windows executable
-openvpn.exe: PE32 executable (DLL) (console) Intel 80386, for MS Windows
-goes smooth for the 99%, might still need some slapping the flags around now and then
- -jrml
diff --git a/pkg/thirdparty/openvpn/Sources b/pkg/thirdparty/openvpn/Sources
deleted file mode 100644
index e2fe7bb3..00000000
--- a/pkg/thirdparty/openvpn/Sources
+++ /dev/null
@@ -1,4 +0,0 @@
-lzo		-2.06	.tar.gz
-opensc		-0.12.2	.tar.gz
-openssl		-1.0.1c	.tar.gz
-polarssl	-1.1.4	.tgz
diff --git a/pkg/thirdparty/openvpn/build.mk b/pkg/thirdparty/openvpn/build.mk
new file mode 100644
index 00000000..dadc0bad
--- /dev/null
+++ b/pkg/thirdparty/openvpn/build.mk
@@ -0,0 +1,12 @@
+build_static_openvpn:
+	pkg/thirdparty/openvpn/build_openvpn.sh
+	strip ~/openvpn_build/openvpn/install/sbin/openvpn
+
+upload_openvpn:
+	rsync --rsh='ssh' -avztlpog --progress --partial ~/openvpn_build/openvpn/install/sbin/openvpn downloads.leap.se:./public/thirdparty/linux/openvpn/
+
+download_openvpn:
+	wget https://downloads.leap.se/thirdparty/linux/openvpn/openvpn
+
+clean_openvpn_build:
+	rm -rf ~/openvpn_build
diff --git a/pkg/thirdparty/openvpn/build.zsh.old b/pkg/thirdparty/openvpn/build.zsh.old
deleted file mode 100755
index b36717c1..00000000
--- a/pkg/thirdparty/openvpn/build.zsh.old
+++ /dev/null
@@ -1,191 +0,0 @@
-#!/bin/zsh
-#
-# Copyright (C) 2012 Denis Roio <jaromil@dyne.org>
-#
-# This source  code is free  software; you can redistribute  it and/or
-# modify it under the terms of  the GNU Public License as published by
-# the Free  Software Foundation; either  version 3 of the  License, or
-# (at your option) any later version.
-#
-# This source code is distributed in  the hope that it will be useful,
-# but  WITHOUT ANY  WARRANTY;  without even  the  implied warranty  of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-# Please refer to the GNU Public License for more details.
-#
-# You should have received a copy of the GNU Public License along with
-# this source code; if not, write to:
-# Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-
-REPO="http://files.dyne.org/leap/openvpn/sources"
-TOPSRC=`pwd`
-QUIET=0
-DEBUG=0
-
-
-autoload colors; colors
-# standard output message routines
-# it's always useful to wrap them, in case we change behaviour later
-notice() { if [[ $QUIET == 0 ]]; then print "$fg_bold[green][*]$fg_no_bold[default] $1" >&2; fi }
-error()  { if [[ $QUIET == 0 ]]; then print "$fg[red][!]$fg[default] $1" >&2; fi }
-func()   { if [[ $DEBUG == 1 ]]; then print "$fg[blue][D]$fg[default] $1" >&2; fi }
-act()    {
-    if [[ $QUIET == 0 ]]; then
-	if [ "$1" = "-n" ]; then
-	    print -n "$fg_bold[white] . $fg_no_bold[default] $2" >&2;
-	else
-	    print "$fg_bold[white] . $fg_no_bold[default] $1" >&2;
-	fi
-    fi
-}
-
-{ test "$1" = "clean" } && {
-	notice "Cleaning up all build in ${TOPSRC}"
-	for src in `cat Sources | awk '
-/^#/ {next}
-/^./ { print $1 }'`; do
-		{ test "$src" != "" } && { rm -rf "${src}" }
-	done
-	act "Done."
-	return 0
-}
-
-os="`uname -s`"
-target="$1"
-notice "OpenVPN build on $os for $target in ${TOPSRC}"
-
-prepare_sources() {
-    notice "Preparing sources"
-    # look for a file names "Sources", download and decompress entries
-    # format of file: name version compression (complete filename when merged)
-    { test -r Sources } || {
-	error "Sources not found, nothing to build here"
-	return 1
-    }
-    for src in `cat Sources | awk '
-/^#/ {next}
-/^./ { print $1 ";" $2 ";" $3 }'`; do
-	name="${src[(ws:;:)1]}"
-	ver="${src[(ws:;:)2]}"
-	arch="${src[(ws:;:)3]}"
-	file="${name}${ver}${arch}"
-	func "preparing source for ${name}${ver}"
-
-	{ test "$1" != "" } && {
-	    test "$1" != "$name" } && {
-	    continue }
-
-	# download the file
-	{ test -r ${file} } || {
-	    act "downloading ${file}"
-	    curl ${REPO}/${file} -o ${file}
-	}
-	# decompress the file
-	{ test -r ${name} } || {
-	    act "decompressing ${name}"
-	    case $arch in
-		## BARE SOURCE
-		.tar.gz)  tar xfz ${file}; mv ${name}${ver} ${name} ;;
-		.tar.bz2) tar xfj ${file}; mv ${name}${ver} ${name} ;;
-		.tgz) tar xfz ${file}; mv ${name}${ver} ${name} ;;
-		*) error "compression not supported: $arch"
-	    esac
-	}
-	act "${name} source ready"
-    done
-}
-
-act "Downloading sources"
-
-# git clone latest openvpn
-{ test -r openvpn } || { git clone https://github.com/OpenVPN/openvpn.git }
-
-case "$os" in
-    Darwin)
-	prepare_sources lzo
-	prepare_sources polarssl
-	;;
-    Linux) # Cross-compile for Win32
-	prepare_sources lzo
-	prepare_sources opensc
-	prepare_sources openssl
-	# tap windows
-	{ test -r tap-windows } || { git clone https://github.com/OpenVPN/tap-windows.git }
-	;;
-esac
-
-notice "Sources ready, now compiling..."
-LOG="`pwd`/build.log"; touch ${LOG}
-act "logs saved in build.log"
-
-case "$target" in
-    osx)
-	{ test -r polarssl/library/libpolarssl.a } || {
-	    act "building PolarSSL..."
-	    pushd polarssl
-	    CC=clang cmake . >> ${LOG}
-	    make -C library clean
-	    cat CMakeCache.txt | awk '
-/^CMAKE_C_COMPILER/ { print "CMAKE_C_COMPILER:FILEPATH=/usr/bin/clang"; next }
-/^CMAKE_BUILD_TYPE/ { print $1 "Release"; next }
-/^CMAKE_C_FLAGS:STRING/ { print "CMAKE_C_FLAGS:STRING=-arch x86_64 -arch i386"; next }
-{ print $0 }
-' > CMakeCache.leap
-	    cp CMakeCache.leap CMakeCache.txt
-	    make -C library >> ${LOG}
-	    popd
-	    act "done."
-	}
-
-	act "building OpenVPN"
-	pushd openvpn
-	CC=clang CFLAGS="-arch x86_64 -arch i386" \
-	    LZO_LIBS="/opt/local/lib/liblzo2.a" LZO_CFLAGS="-I/opt/local/include" \
-	    POLARSSL_CFLAGS="-I${TOPSRC}/polarssl/include" \
-	    POLARSSL_LIBS="${TOPSRC}/polarssl/library/libpolarssl.a" \
-	    ./configure --with-crypto-library=polarssl >> ${LOG}
-	make src/openvpn/openvpn
-	popd
-	act "done."
-	;;
-
-    win32)
-	{ test -r lzo/src/liblzo2.la } || { pushd lzo
-	    act "building LZO lib"
-	    ./configure --host=i586-mingw32msvc >> ${LOG}
-	    make >> ${LOG}; popd }
-	# openssl
-	{ test -r openssl/libssl.a } || {
-	    act "building OpenSSL lib"
-	    pushd openssl
-	    ./Configure --cross-compile-prefix=i586-mingw32msvc- mingw >> ${LOG}
-	    make ${LOG}; popd }
-
-	pushd openvpn
-	act "building latest OpenVPN"
-	{ test -r configure } || {
-	    sed -i -e 's/-municode//' src/openvpn/Makefile.am
-	    autoreconf -i >> ${LOG}
-	}
-	CFLAGS="-I/usr/i586-mingw32msvc/include/ddk -D_WIN32_WINNT=0x0501" \
-	    LZO_LIBS="${TOPSRC}/lzo/src/liblzo2.la" \
-	    LZO_CFLAGS="-I${TOPSRC}/lzo/include" \
-	    TAP_CFLAGS="-I${TOPSRC}/tap-windows/src" \
-	    OPENSSL_SSL_CFLAGS="-I${TOPSRC}/openssl/include" \
-	    OPENSSL_CRYPTO_CFLAGS="-I${TOPSRC}/openssl/crypto" \
-	    OPENSSL_SSL_LIBS="${TOPSRC}/openssl/libssl.a" \
-	    OPENSSL_CRYPTO_LIBS="${TOPSRC}/openssl/libcrypto.a" \
-	    ./configure --host=i586-mingw32msvc >> ${LOG}
-	make >> ${LOG}
-	popd
-
-	act "If OpenVPN build reports a final error on linkage, it might be due to a libtool bug"
-	act "(something like undefined reference to _WinMain@16)"
-	act "You need to go inside openvpn/src/openvpn and issue the last compile line manually"
-	act "adding an flat '-shared' at the end of it, then do 'cp .libs/openvpn.exe .'"
-	act "Happy hacking."
-	;;
-    *)
-	error "Unknown target: $target"
-	;;
-esac
diff --git a/pkg/thirdparty/openvpn/build_openvpn.sh b/pkg/thirdparty/openvpn/build_openvpn.sh
new file mode 100755
index 00000000..a9007aa7
--- /dev/null
+++ b/pkg/thirdparty/openvpn/build_openvpn.sh
@@ -0,0 +1,148 @@
+#!/bin/bash
+
+#############################################################################
+# Builds OpenVPN statically against polarssl.
+# Requirements:  cmake
+#############################################################################
+
+set -e
+set -x
+
+platform='unknown'
+unamestr=`uname`
+if [[ "$unamestr" == 'Linux' ]]; then
+   platform='linux'
+elif [[ "$unamestr" == 'Darwin' ]]; then
+   platform='osx'
+fi
+
+BUILDDIR="openvpn_build"
+mkdir -p ~/$BUILDDIR && cd ~/$BUILDDIR
+
+BASE=`pwd`
+SRC=$BASE/src
+mkdir -p $SRC
+
+LZO="lzo-2.10"
+ZLIB="zlib-1.2.11"
+MBEDTLS="mbedtls-2.4.2"
+OPENVPN="openvpn-2.4.1"
+
+WGET="wget --prefer-family=IPv4"
+DEST=$BASE/install
+LDFLAGS="-L$DEST/lib -L$DEST/usr/local/lib -W"
+CPPFLAGS="-I$DEST/include"
+CFLAGS="-D_FORTIFY_SOURCE=2 -O1 -Wformat -Wformat-security -fstack-protector -pie -fPIE"
+CXXFLAGS=$CFLAGS
+CONFIGURE="./configure --prefix=/install"
+MAKE="make -j2"
+
+
+######## ####################################################################
+# ZLIB # ####################################################################
+######## ####################################################################
+
+function build_zlib()
+{
+	mkdir $SRC/zlib && cd $SRC/zlib
+
+	if [ ! -f $ZLIB.tar.gz ]; then
+	    $WGET http://zlib.net/$ZLIB.tar.gz
+	fi
+	tar zxvf $ZLIB.tar.gz
+	cd $ZLIB
+
+	LDFLAGS=$LDFLAGS \
+	CPPFLAGS=$CPPFLAGS \
+	CFLAGS=$CFLAGS \
+	CXXFLAGS=$CXXFLAGS \
+	./configure \
+	--prefix=/install
+
+	$MAKE
+	make install DESTDIR=$BASE
+}
+
+############ #################################################################
+# POLARSSL # #################################################################
+############ #################################################################
+
+function build_mbedtls()
+{
+	mkdir -p $SRC/polarssl && cd $SRC/polarssl
+	if [ ! -f $MBEDTLS-gpl.tgz ]; then
+	    $WGET https://tls.mbed.org/download/$MBEDTLS-gpl.tgz
+	fi
+	tar zxvf $MBEDTLS-gpl.tgz
+	cd $MBEDTLS
+	mkdir -p build
+	cd build
+	cmake ..
+	$MAKE
+	make install DESTDIR=$BASE/install
+}
+
+######## ####################################################################
+# LZO2 # ####################################################################
+######## ####################################################################
+
+function build_lzo2()
+{
+	mkdir $SRC/lzo2 && cd $SRC/lzo2
+	if [ ! -f $LZO.tar.gz ]; then
+	    $WGET http://www.oberhumer.com/opensource/lzo/download/$LZO.tar.gz
+	fi
+	tar zxvf $LZO.tar.gz
+	cd $LZO
+
+	LDFLAGS=$LDFLAGS \
+	CPPFLAGS=$CPPFLAGS \
+	CFLAGS=$CFLAGS \
+	CXXFLAGS=$CXXFLAGS \
+	$CONFIGURE --enable-static --disable-debug
+
+	$MAKE
+	make install DESTDIR=$BASE
+}
+
+########### #################################################################
+# OPENVPN # #################################################################
+########### #################################################################
+
+function build_openvpn()
+{
+	mkdir $SRC/openvpn && cd $SRC/openvpn
+	if [ ! -f $OPENVPN.tar.gz ]; then
+	    $WGET http://swupdate.openvpn.org/community/releases/$OPENVPN.tar.gz
+	fi
+	tar zxvf $OPENVPN.tar.gz
+	cd $OPENVPN
+
+	POLARSSL_CFLAGS=-I$DEST/usr/local/include \
+	POLARSSL_LIBS=$DEST/lib/ \
+	LDFLAGS=$LDFLAGS \
+	CPPFLAGS=$CPPFLAGS \
+	CFLAGS=$CFLAGS \
+	CXXFLAGS=$CXXFLAGS \
+	$CONFIGURE \
+	--disable-plugin-auth-pam \
+	--enable-password-save \
+	--with-crypto-library=mbedtls \
+	--enable-small \
+	--disable-debug
+
+	$MAKE LIBS="-all-static -lssl -lcrypto -lz -llzo2"
+	make install DESTDIR=$BASE/openvpn
+}
+
+function main()
+{
+    if [[ $platform == 'linux' ]]; then
+        build_zlib
+	build_mbedtls
+	build_lzo2
+	build_openvpn
+    fi
+}
+
+main "$@"
diff --git a/pkg/thirdparty/openvpn/openvpn.sh b/pkg/thirdparty/openvpn/openvpn.sh
deleted file mode 100755
index db63c987..00000000
--- a/pkg/thirdparty/openvpn/openvpn.sh
+++ /dev/null
@@ -1,123 +0,0 @@
-#!/bin/bash
-
-set -e
-set -x
-
-mkdir -p ~/openvpn && cd ~/openvpn
-
-BASE=`pwd`
-SRC=$BASE/src
-WGET="wget --prefer-family=IPv4"
-DEST=$BASE/stuff
-LDFLAGS="-L$DEST/lib -Wl"
-CPPFLAGS="-I$DEST/include"
-CFLAGS="-O3"
-CXXFLAGS=$CFLAGS
-CONFIGURE="./configure --prefix=/stuff"
-MAKE="make -j2"
-mkdir -p $SRC
-
-######## ####################################################################
-# ZLIB # ####################################################################
-######## ####################################################################
-
-mkdir $SRC/zlib && cd $SRC/zlib
-
-if [ ! -f zlib-1.2.8.tar.gz ]; then
-    $WGET http://zlib.net/zlib-1.2.8.tar.gz
-fi
-tar zxvf zlib-1.2.8.tar.gz
-cd zlib-1.2.8
-
-LDFLAGS=$LDFLAGS \
-CPPFLAGS=$CPPFLAGS \
-CFLAGS=$CFLAGS \
-CXXFLAGS=$CXXFLAGS \
-./configure \
---prefix=/stuff
-
-$MAKE
-make install DESTDIR=$BASE
-
-########### #################################################################
-# OPENSSL # #################################################################
-########### #################################################################
-
-#mkdir -p $SRC/openssl && cd $SRC/openssl
-#if [ ! -f openssl-1.0.2f.tar.gz ]; then
-#    $WGET https://www.openssl.org/source/openssl-1.0.2f.tar.gz
-#fi
-#tar zxvf openssl-1.0.2f.tar.gz
-#cd openssl-1.0.2f
-
-#./Configure darwin64-x86_64-cc \
-#-Wl \
-#--prefix=/opts zlib \
-#--with-zlib-lib=$DEST/lib \
-#--with-zlib-include=$DEST/include
-
-#$MAKE
-#make install INSTALLTOP=$DEST OPENSSLDIR=$DEST/ssl
-
-############ #################################################################
-# POLARSSL # #################################################################
-############ #################################################################
-
-mkdir -p $SRC/polarssl && cd $SRC/polarssl
-if [ ! -f polarssl-1.3.9-gpl.tgz ]; then
-    $WGET https://tls.mbed.org/download/polarssl-1.3.9-gpl.tgz 
-fi
-tar zxvf polarssl-1.3.9-gpl.tgz
-cd polarssl-1.3.9
-mkdir build
-cd build
-cmake ..
-$MAKE
-make install DESTDIR=$BASE
-
-######## ####################################################################
-# LZO2 # ####################################################################
-######## ####################################################################
-
-mkdir $SRC/lzo2 && cd $SRC/lzo2
-if [ ! -f lzo-2.09.tar.gz ]; then
-    $WGET http://www.oberhumer.com/opensource/lzo/download/lzo-2.09.tar.gz
-fi
-tar zxvf lzo-2.09.tar.gz
-cd lzo-2.09
-
-LDFLAGS=$LDFLAGS \
-CPPFLAGS=$CPPFLAGS \
-CFLAGS=$CFLAGS \
-CXXFLAGS=$CXXFLAGS \
-$CONFIGURE
-
-$MAKE
-make install DESTDIR=$BASE
-
-########### #################################################################
-# OPENVPN # #################################################################
-########### #################################################################
-
-mkdir $SRC/openvpn && cd $SRC/openvpn
-if [ ! -f openvpn-2.3.10.tar.gz ]; then
-    $WGET http://swupdate.openvpn.org/community/releases/openvpn-2.3.10.tar.gz
-fi
-tar zxvf openvpn-2.3.10.tar.gz
-cd openvpn-2.3.10
-
-# OPENSSL_SSL_LIBS=$DEST/lib/
-
-POLARSSL_CFLAGS=-I$DEST/usr/local/include \
-POLARSSL_LIBS=$DEST/lib/libpolarssl.a \
-LDFLAGS=$LDFLAGS \
-CPPFLAGS=$CPPFLAGS \
-CFLAGS=$CFLAGS \
-CXXFLAGS=$CXXFLAGS \
-$CONFIGURE \
---disable-plugin-auth-pam \
---enable-password-save \
---with-crypto-library=polarssl
-
-$MAKE LIBS="-all-static -lssl -lcrypto -lz -llzo2"
-make install DESTDIR=$BASE/openvpn