summaryrefslogtreecommitdiff
path: root/branding/thirdparty/openvpn
diff options
context:
space:
mode:
Diffstat (limited to 'branding/thirdparty/openvpn')
-rw-r--r--branding/thirdparty/openvpn/build.mk11
-rwxr-xr-xbranding/thirdparty/openvpn/build_openvpn.sh190
2 files changed, 201 insertions, 0 deletions
diff --git a/branding/thirdparty/openvpn/build.mk b/branding/thirdparty/openvpn/build.mk
new file mode 100644
index 0000000..df87eb2
--- /dev/null
+++ b/branding/thirdparty/openvpn/build.mk
@@ -0,0 +1,11 @@
+build_static_openvpn:
+ pkg/thirdparty/openvpn/build_openvpn.sh
+
+upload_openvpn:
+ rsync --rsh='ssh' -avztlpog --progress --partial ~/openvpn_build/sbin/openvpn* downloads.leap.se:./public/thirdparty/linux/openvpn/
+
+download_openvpn:
+ wget https://downloads.leap.se/thirdparty/linux/openvpn/openvpn
+
+clean_openvpn_build:
+ rm -rf ~/openvpn_build
diff --git a/branding/thirdparty/openvpn/build_openvpn.sh b/branding/thirdparty/openvpn/build_openvpn.sh
new file mode 100755
index 0000000..20f764a
--- /dev/null
+++ b/branding/thirdparty/openvpn/build_openvpn.sh
@@ -0,0 +1,190 @@
+#!/bin/bash
+
+#############################################################################
+# Builds OpenVPN statically against mbedtls (aka polarssl).
+# Requirements: cmake
+# Output: ~/openvpn_build/sbin/openvpn-x.y.z
+#############################################################################
+
+set -e
+#set -x
+
+# [!] This needs to be updated for every release --------------------------
+OPENVPN="openvpn-2.4.9"
+MBEDTLS="mbedtls-2.23.0"
+LZO="lzo-2.10"
+ZLIB="zlib-1.2.11"
+MBEDTLS_SHA512="c2a04f659bf63522f10f6660c2d196d7f39a057ff5a382734ba3b839f463ead4e5c9bc0d21fb909d56fcd2ee4c711248be14861f388cd383385484d364247634"
+LZO_SHA1="4924676a9bae5db58ef129dc1cebce3baa3c4b5d"
+# -------------------------------------------------------------------------
+
+platform='unknown'
+unamestr=`uname`
+if [[ "$unamestr" == 'Linux' ]]; then
+ platform='linux'
+elif [[ "$unamestr" == 'Darwin' ]]; then
+ platform='osx'
+fi
+
+BUILDDIR="openvpn_build"
+mkdir -p ~/$BUILDDIR && cd ~/$BUILDDIR
+
+BASE=`pwd`
+SRC=$BASE/src
+mkdir -p $SRC
+
+SHASUM="/usr/bin/shasum"
+
+ZLIB_KEYS="https://keys.gnupg.net/pks/lookup?op=get&search=0x783FCD8E58BCAFBA"
+OPENVPN_KEYS="https://swupdate.openvpn.net/community/keys/security.key.asc"
+
+WGET="wget --prefer-family=IPv4"
+DEST=$BASE/install
+LDFLAGS="-L$DEST/lib -L$DEST/usr/local/lib -W"
+CPPFLAGS="-I$DEST/include"
+CFLAGS="-D_FORTIFY_SOURCE=2 -O1 -Wformat -Wformat-security -fstack-protector -fPIE"
+CXXFLAGS=$CFLAGS
+CONFIGURE="./configure --prefix=/install"
+MAKE="make -j4"
+
+
+######## ####################################################################
+# ZLIB # ####################################################################
+######## ####################################################################
+
+function build_zlib()
+{
+ gpg --fetch-keys $ZLIB_KEYS
+ mkdir $SRC/zlib && cd $SRC/zlib
+
+ if [ ! -f $ZLIB.tar.gz ]; then
+ $WGET https://zlib.net/$ZLIB.tar.gz
+ $WGET https://zlib.net/$ZLIB.tar.gz.asc
+ fi
+ tar zxvf $ZLIB.tar.gz
+ cd $ZLIB
+
+ LDFLAGS=$LDFLAGS \
+ CPPFLAGS=$CPPFLAGS \
+ CFLAGS=$CFLAGS \
+ CXXFLAGS=$CXXFLAGS \
+ ./configure \
+ --prefix=/install
+
+ $MAKE
+ make install DESTDIR=$BASE
+}
+
+########### ##################################################################
+# MBEDTLS # ##################################################################
+########### ##################################################################
+
+function build_mbedtls()
+{
+ mkdir -p $SRC/polarssl && cd $SRC/polarssl
+ if [ ! -f $MBEDTLS.tar.gz ]; then
+ $WGET https://github.com/ARMmbed/mbedtls/archive/$MBEDTLS.tar.gz
+ fi
+ sha512=`${SHASUM} -a 512 -p ${MBEDTLS}.tar.gz | cut -d' ' -f 1`
+
+ if [ "${MBEDTLS_SHA512}" = "${sha512}" ]; then
+ echo "[+] sha1 verified ok"
+ else
+ echo "[!] problem with sha1 verification"
+ exit 1
+ fi
+ tar zxvf $MBEDTLS.tar.gz
+ cd mbedtls-$MBEDTLS
+ mkdir -p build
+ cd build
+ cmake ..
+ $MAKE
+ make install DESTDIR=$BASE/install
+}
+
+
+######## ####################################################################
+# LZO2 # ####################################################################
+######## ####################################################################
+
+function build_lzo2()
+{
+ mkdir $SRC/lzo2 && cd $SRC/lzo2
+ if [ ! -f $LZO.tar.gz ]; then
+ $WGET http://www.oberhumer.com/opensource/lzo/download/$LZO.tar.gz
+ fi
+ sha1=`$SHASUM $LZO.tar.gz | cut -d' ' -f 1`
+ if [ "${LZO_SHA1}" = "${sha1}" ]; then
+ echo "[+] sha1 verified ok"
+ else
+ echo "[!] problem with sha1 verification"
+ exit 1
+ fi
+ tar zxvf $LZO.tar.gz
+ cd $LZO
+
+ LDFLAGS=$LDFLAGS \
+ CPPFLAGS=$CPPFLAGS \
+ CFLAGS=$CFLAGS \
+ CXXFLAGS=$CXXFLAGS \
+ $CONFIGURE --enable-static --disable-debug
+
+ $MAKE
+ make install DESTDIR=$BASE
+}
+
+########### #################################################################
+# OPENVPN # #################################################################
+########### #################################################################
+
+function build_openvpn()
+{
+ mkdir $SRC/openvpn && cd $SRC/openvpn
+ gpg --fetch-keys $OPENVPN_KEYS
+ if [ ! -f $OPENVPN.tar.gz ]; then
+ $WGET https://build.openvpn.net/downloads/releases/$OPENVPN.tar.gz
+ $WGET https://build.openvpn.net/downloads/releases/$OPENVPN.tar.gz.asc
+ fi
+ gpg --verify $OPENVPN.tar.gz.asc && echo "[+] gpg verification ok"
+ tar zxvf $OPENVPN.tar.gz
+ cd $OPENVPN
+
+ MBEDTLS_CFLAGS=-I$BASE/install/usr/local/include/ \
+ MBEDTLS_LIBS="$DEST/usr/local/lib/libmbedtls.a $DEST/usr/local/lib/libmbedcrypto.a $DEST/usr/local/lib/libmbedx509.a" \
+ LDFLAGS=$LDFLAGS \
+ CPPFLAGS=$CPPFLAGS \
+ CFLAGS="$CFLAGS -I$BASE/install/usr/local/include" \
+ CXXFLAGS=$CXXFLAGS \
+ $CONFIGURE \
+ --disable-plugin-auth-pam \
+ --with-crypto-library=mbedtls \
+ --enable-small \
+ --disable-debug
+
+ $MAKE LIBS="-all-static -lz -llzo2"
+ make install DESTDIR=$BASE/openvpn
+ mkdir -p $BASE/sbin/
+ cp $BASE/openvpn/install/sbin/openvpn $BASE/sbin/$OPENVPN
+ strip $BASE/sbin/$OPENVPN
+}
+
+function build_all()
+{
+ echo "[+] Building" $OPENVPN
+ build_zlib
+ build_lzo2
+ build_mbedtls
+ build_openvpn
+}
+
+function main()
+{
+ if [[ $platform == 'linux' ]]; then
+ build_all
+ fi
+ if [[ $platform == 'osx' ]]; then
+ build_all
+ fi
+}
+
+main "$@"