Patchwork [1/3] knock: new package

login
register
mail settings
Submitter Michael Rommel
Date Sept. 1, 2013, 9:33 p.m.
Message ID <1378071216-19697-1-git-send-email-rommel@layer-7.net>
Download mbox | patch
Permalink /patch/271654/
State Superseded
Headers show

Comments

Michael Rommel - Sept. 1, 2013, 9:33 p.m.
A port knocking implementation with daemon and user application.

Signed-off-by: Michael Rommel <rommel@layer-7.net>
---
 package/Config.in       |    1 +
 package/knock/Config.in |   13 +++++++++++++
 package/knock/knock.mk  |   13 +++++++++++++
 3 files changed, 27 insertions(+)
 create mode 100644 package/knock/Config.in
 create mode 100644 package/knock/knock.mk
Thomas De Schampheleire - Sept. 8, 2013, 12:07 p.m.
Hi Michael,

On Sun, Sep 1, 2013 at 11:33 PM, Michael Rommel <rommel@layer-7.net> wrote:
> A port knocking implementation with daemon and user application.
>
> Signed-off-by: Michael Rommel <rommel@layer-7.net>
> ---
>  package/Config.in       |    1 +
>  package/knock/Config.in |   13 +++++++++++++
>  package/knock/knock.mk  |   13 +++++++++++++
>  3 files changed, 27 insertions(+)
>  create mode 100644 package/knock/Config.in
>  create mode 100644 package/knock/knock.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index 6306947..fd98da0 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -763,6 +763,7 @@ source "package/ipset/Config.in"
>  source "package/iptables/Config.in"
>  source "package/iw/Config.in"
>  source "package/kismet/Config.in"
> +source "package/knock/Config.in"
>  source "package/lighttpd/Config.in"
>  source "package/linknx/Config.in"
>  source "package/links/Config.in"
> diff --git a/package/knock/Config.in b/package/knock/Config.in
> new file mode 100644
> index 0000000..8d80274
> --- /dev/null
> +++ b/package/knock/Config.in
> @@ -0,0 +1,13 @@
> +config BR2_PACKAGE_KNOCK
> +       bool "knock"
> +       select BR2_PACKAGE_LIBPCAP
> +       help
> +         A port knocking implementation.
> +         Provides a daemon and a user application. Port knocking can be
> +         used to run an arbitrary application, once the daemon detects
> +         a predefined sequence of incoming TCP/UDP packets on a network
> +         interface. This can be used, e.g. to open up ports in a
> +         firewall.
> +
> +         http://www.zeroflux.org/projects/knock
> +
> diff --git a/package/knock/knock.mk b/package/knock/knock.mk
> new file mode 100644
> index 0000000..85dfe62
> --- /dev/null
> +++ b/package/knock/knock.mk
> @@ -0,0 +1,13 @@
> +################################################################################
> +#
> +# knock
> +#
> +################################################################################
> +
> +KNOCK_VERSION = 7666f2e86e
> +KNOCK_SITE = https://github.com/jvinet/knock/tarball/master
> +KNOCK_LICENSE = GPLv2+
> +KNOCK_LICENSE_FILES = COPYING
> +KNOCK_AUTORECONF = YES
> +
> +$(eval $(autotools-package))

The Config.in file mentions a dependency on libpcap, but this is not
properly expressed in the .mk file.
You need:
KNOCK_DEPENDENCIES = libpcap
Without this, the compilation on a clean system fails.

Best regards,
Thomas
Thomas De Schampheleire - Sept. 8, 2013, 12:08 p.m.
Hi Michael,

On Sun, Sep 1, 2013 at 11:33 PM, Michael Rommel <rommel@layer-7.net> wrote:
> A port knocking implementation with daemon and user application.
>
> Signed-off-by: Michael Rommel <rommel@layer-7.net>
> ---
>  package/Config.in       |    1 +
>  package/knock/Config.in |   13 +++++++++++++
>  package/knock/knock.mk  |   13 +++++++++++++
>  3 files changed, 27 insertions(+)
>  create mode 100644 package/knock/Config.in
>  create mode 100644 package/knock/knock.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index 6306947..fd98da0 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -763,6 +763,7 @@ source "package/ipset/Config.in"
>  source "package/iptables/Config.in"
>  source "package/iw/Config.in"
>  source "package/kismet/Config.in"
> +source "package/knock/Config.in"
>  source "package/lighttpd/Config.in"
>  source "package/linknx/Config.in"
>  source "package/links/Config.in"
> diff --git a/package/knock/Config.in b/package/knock/Config.in
> new file mode 100644
> index 0000000..8d80274
> --- /dev/null
> +++ b/package/knock/Config.in
> @@ -0,0 +1,13 @@
> +config BR2_PACKAGE_KNOCK
> +       bool "knock"
> +       select BR2_PACKAGE_LIBPCAP
> +       help
> +         A port knocking implementation.
> +         Provides a daemon and a user application. Port knocking can be
> +         used to run an arbitrary application, once the daemon detects
> +         a predefined sequence of incoming TCP/UDP packets on a network
> +         interface. This can be used, e.g. to open up ports in a
> +         firewall.
> +
> +         http://www.zeroflux.org/projects/knock
> +
> diff --git a/package/knock/knock.mk b/package/knock/knock.mk
> new file mode 100644
> index 0000000..85dfe62
> --- /dev/null
> +++ b/package/knock/knock.mk
> @@ -0,0 +1,13 @@
> +################################################################################
> +#
> +# knock
> +#
> +################################################################################
> +
> +KNOCK_VERSION = 7666f2e86e
> +KNOCK_SITE = https://github.com/jvinet/knock/tarball/master
> +KNOCK_LICENSE = GPLv2+
> +KNOCK_LICENSE_FILES = COPYING
> +KNOCK_AUTORECONF = YES
> +
> +$(eval $(autotools-package))
> --

The Config.in file mentions a dependency on libpcap, but this is not
properly expressed in the .mk file.
You need:
KNOCK_DEPENDENCIES = libpcap
Without this, the compilation on a clean system fails.

Best regards,
Thomas
Michael Rommel - Sept. 8, 2013, 2:09 p.m.
Hi Thomas,

I got it. I could reproduce the issue with the missing dependency in the .mk file and have set up
a standard tree just for testing the build process. And with the new dependency in the .mk file, 
the build succeeds.

After the test build my tree looks like this:

rommel@pelican:/var/nfs/software/initrds/uclibc/buildroot-patchtest$ ls -la build/
total 108
drwxr-xr-x 24 rommel users  4096 Sep  8 16:04 .
drwxr-xr-x  7 rommel users  4096 Sep  8 16:02 ..
drwxr-xr-x  4 rommel users  4096 Sep  8 15:42 buildroot-config
drwxr-xr-x 34 rommel users  4096 Sep  8 16:00 busybox-1.21.1
drwxr-xr-x  9 rommel users  4096 Sep  8 15:47 host-autoconf-2.69
drwxr-xr-x  7 rommel users  4096 Sep  8 15:47 host-automake-1.11.6
drwxr-xr-x 18 rommel users  4096 Sep  8 15:45 host-binutils-2.21.1
drwxr-xr-x 14 rommel users  4096 Sep  8 16:03 host-bison-2.7.1
drwxr-xr-x  9 rommel users  4096 Sep  8 16:04 host-fakeroot-1.18.2
drwxr-xr-x 10 rommel users  4096 Sep  8 16:03 host-flex-2.5.37
drwxr-xr-x 31 rommel users  4096 Sep  8 16:00 host-gcc-final-4.7.3
drwxr-xr-x 31 rommel users  4096 Sep  8 15:49 host-gcc-initial-4.7.3
drwxr-xr-x 31 rommel users  4096 Sep  8 15:57 host-gcc-intermediate-4.7.3
drwxr-xr-x 16 rommel users  4096 Sep  8 15:46 host-gmp-5.1.2
drwxr-xr-x  5 rommel users  4096 Sep  8 15:47 host-libtool-2.4.2
drwxr-xr-x 10 rommel users  4096 Sep  8 15:46 host-m4-1.4.16
drwxr-xr-x  2 rommel users  4096 Sep  8 16:04 host-makedevs-undefined
drwxr-xr-x  7 rommel users  4096 Sep  8 15:47 host-mpc-1.0.1
drwxr-xr-x  9 rommel users  4096 Sep  8 15:46 host-mpfr-3.1.2
drwxr-xr-x  6 rommel users  4096 Sep  8 16:03 knock-7666f2e86e
drwxr-xr-x 13 rommel users 12288 Sep  8 16:03 libpcap-1.4.0
drwxr-xr-x 23 rommel users  4096 Sep  8 15:55 linux-headers-3.11
-rw-r--r--  1 rommel users     0 Sep  8 15:39 .root
drwxr-xr-x 19 rommel users  4096 Sep  8 15:58 uclibc-0.9.33.2
-rw-r--r--  1 rommel users     7 Sep  8 16:04 _users_table.txt
drwxr-xr-x 14 rommel users  4096 Sep  8 16:02 zlib-1.2.8

I will submit the patch later again.

Thanks,

  Michael.


On Sep 8, 2013, at 15:00 , Michael Rommel <rommel@layer-7.net> wrote:

> Hi Thomas,
> 
> thanks - will fix this in the next iteration. Is there a description, how one can go ahead with discovering things like
> this, i.e. an explanation of a "clean system"? I only have i586 infrastructure ready, so the error on the aiccu package
> I could not have found (but I will try to follow your suggestions and see, what I can come up with), but I certainly
> can set up a separate buildroot just for testing packages. I assume that a clean system is one, where I just get
> a clone of the git, apply the patch and just select this package - am I right or do I have to consider something else?
> 
> Thanks!
> 
>   Michael.
> 
> 
> On Sep 8, 2013, at 14:08 , Thomas De Schampheleire <patrickdepinguin@gmail.com> wrote:
> 
>> Hi Michael,
>> 
>>> +KNOCK_SITE = https://github.com/jvinet/knock/tarball/master
>>> +KNOCK_LICENSE = GPLv2+
>>> +KNOCK_LICENSE_FILES = COPYING
>>> +KNOCK_AUTORECONF = YES
>>> +
>>> +$(eval $(autotools-package))
>>> --
>> 
>> The Config.in file mentions a dependency on libpcap, but this is not
>> properly expressed in the .mk file.
>> You need:
>> KNOCK_DEPENDENCIES = libpcap
>> Without this, the compilation on a clean system fails.
Thomas De Schampheleire - Sept. 8, 2013, 2:32 p.m.
Hi Michael,

On Sun, Sep 8, 2013 at 4:09 PM, Michael Rommel <rommel@layer-7.net> wrote:
>
> Hi Thomas,
>
> I got it. I could reproduce the issue with the missing dependency in the .mk file and have set up
> a standard tree just for testing the build process. And with the new dependency in the .mk file,
> the build succeeds.

Great.
To discover such mandatory dependencies, you can use the following idiom:
make clean toolchain knock

This will first clean the buildroot tree, build/install the toolchain,
and then build only the knock package and its dependencies. We should
probably add this to the documentation...

Another tip: for these type of dependency problems, you could also use
an external toolchain, like the Sourcery ones, to get much quicker
results. With such external toolchains, it also becomes very easy to
test some other architectures like powerpc, arm, ...

Best regards,
Thomas
Arnout Vandecappelle - Sept. 10, 2013, 8:58 p.m.
On 08/09/13 16:32, Thomas De Schampheleire wrote:
> Another tip: for these type of dependency problems, you could also use
> an external toolchain, like the Sourcery ones, to get much quicker
> results. With such external toolchains, it also becomes very easy to
> test some other architectures like powerpc, arm, ...

  And you can also use the toolchains used by the autobuilders, to test 
with uClibc-based toolchains.

  Regards,
  Arnout
Thomas Petazzoni - Sept. 15, 2013, 6:18 p.m.
Hello,

On Tue, 10 Sep 2013 22:58:53 +0200, Arnout Vandecappelle wrote:

>   And you can also use the toolchains used by the autobuilders, to test 
> with uClibc-based toolchains.

Correct. As a reminder, I put all the toolchain defconfigs tested by
the autobuilders in
http://autobuild.buildroot.org/toolchains/configs/free-electrons/. Some
of them point to well-known external toolchains (Linaro, Sourcery
CodeBench, Blackfin, etc.), and some other point to external toolchains
that I have built specifically for the autobuilders, but the defconfig
contains an URL that is available for everyone.

Whenever I need to test some package, I often start with:

wget -O .config http://autobuild.buildroot.org/toolchains/configs/free-electrons/br-arm-basic.config

which will create me a minimal .config file that points to a very
simple uClibc toolchain.

Best regards,

Thomas

Patch

diff --git a/package/Config.in b/package/Config.in
index 6306947..fd98da0 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -763,6 +763,7 @@  source "package/ipset/Config.in"
 source "package/iptables/Config.in"
 source "package/iw/Config.in"
 source "package/kismet/Config.in"
+source "package/knock/Config.in"
 source "package/lighttpd/Config.in"
 source "package/linknx/Config.in"
 source "package/links/Config.in"
diff --git a/package/knock/Config.in b/package/knock/Config.in
new file mode 100644
index 0000000..8d80274
--- /dev/null
+++ b/package/knock/Config.in
@@ -0,0 +1,13 @@ 
+config BR2_PACKAGE_KNOCK
+	bool "knock"
+	select BR2_PACKAGE_LIBPCAP
+	help
+	  A port knocking implementation.
+	  Provides a daemon and a user application. Port knocking can be
+	  used to run an arbitrary application, once the daemon detects
+	  a predefined sequence of incoming TCP/UDP packets on a network
+	  interface. This can be used, e.g. to open up ports in a
+	  firewall.
+
+	  http://www.zeroflux.org/projects/knock
+
diff --git a/package/knock/knock.mk b/package/knock/knock.mk
new file mode 100644
index 0000000..85dfe62
--- /dev/null
+++ b/package/knock/knock.mk
@@ -0,0 +1,13 @@ 
+################################################################################
+#
+# knock
+#
+################################################################################
+
+KNOCK_VERSION = 7666f2e86e
+KNOCK_SITE = https://github.com/jvinet/knock/tarball/master
+KNOCK_LICENSE = GPLv2+
+KNOCK_LICENSE_FILES = COPYING
+KNOCK_AUTORECONF = YES
+
+$(eval $(autotools-package))