Thread: [Fwknop-discuss] OS X fwknop server build
Brought to you by:
mbr
From: rhaas <rh...@rh...> - 2012-07-12 19:17:29
|
Greetings. Is there a pointer to Mac OS X specific build/install instructions for fwknop? Sorry for the noob-ish question, but a search of the list archives didn't turn anything up. The client and server build fine but the perl test suite aborts at the libfko binary check: ./test-fwknop.pl [+] Starting the fwknop test suite... args: Saved results from previous run to: output.last/ [build] [client] binary exists......................................pass (1) [build security] [client] Position Independent Executable (PIE).....pass (2) [build security] [client] stack protected binary....................pass (3) [build security] [client] fortify source functions..................pass (4) [build security] [client] read-only relocations.....................pass (5) [build security] [client] immediate binding.........................pass (6) [build] [server] binary exists......................................pass (7) [build security] [server] Position Independent Executable (PIE).....pass (8) [build security] [server] stack protected binary....................pass (9) [build security] [server] fortify source functions..................pass (10) [build security] [server] read-only relocations.....................pass (11) [build security] [server] immediate binding.........................pass (12) [build] [libfko] binary exists......................................fail (13) [*] required test failed, exiting. at ./test-fwknop.pl line 1314. ... presumably there are still some pieces to build. Thanks. -- Richard Haas <rh...@rh...> GnuPG public key ID: 1CB7F0E2 blog: http://richardhaas.wordpress.com Twitter: @rahaas -- |
From: Michael R. <mic...@gm...> - 2012-07-13 01:09:26
|
On Thu, Jul 12, 2012 at 11:43 AM, rhaas <rh...@rh...> wrote: > Greetings. > > Hello, > Is there a pointer to Mac OS X specific build/install instructions for > fwknop? > Nothing specific for Mac OS X currently. > > Sorry for the noob-ish question, but a search of the list archives > didn't turn anything up. > > The client and server build fine but the perl test suite aborts at the > libfko binary check: > > ./test-fwknop.pl > > [+] Starting the fwknop test suite... > > args: > > Saved results from previous run to: output.last/ > > [build] [client] binary > exists......................................pass (1) > [build security] [client] Position Independent Executable > (PIE).....pass (2) > [build security] [client] stack protected > binary....................pass (3) > [build security] [client] fortify source > functions..................pass (4) > [build security] [client] read-only > relocations.....................pass (5) > [build security] [client] immediate > binding.........................pass (6) > [build] [server] binary > exists......................................pass (7) > [build security] [server] Position Independent Executable > (PIE).....pass (8) > [build security] [server] stack protected > binary....................pass (9) > [build security] [server] fortify source > functions..................pass (10) > [build security] [server] read-only > relocations.....................pass (11) > [build security] [server] immediate > binding.........................pass (12) > [build] [libfko] binary > exists......................................fail (13) > [*] required test failed, exiting. at ./test-fwknop.pl line 1314. > > The test suite is looking for the file (usually a symbolic link) "../lib/.libs/libfko.so" from the test/ directory. Can you post the output of 'ls -l ../lib/.libs/libfko*'? It should look something like: $ ls -l ../lib/.libs/libfko* -rw-r--r-- 1 mbr mbr 589656 Jul 10 22:07 lib/.libs/libfko.a lrwxrwxrwx 1 mbr mbr 12 Jul 10 22:07 lib/.libs/libfko.la -> ../libfko.la -rw-r--r-- 1 mbr mbr 987 Jul 10 22:07 lib/.libs/libfko.lai lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so -> libfko.so.0.0.3 lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so.0 -> libfko.so.0.0.3 -rwxr-xr-x 1 mbr mbr 282950 Jul 10 22:07 lib/.libs/libfko.so.0.0.3 This is on an Ubuntu system, so there may be some differences on Mac OS X that the test suite will need to account for. Thanks, --Mike > > ... presumably there are still some pieces to build. > > Thanks. > > -- > Richard Haas <rh...@rh...> > GnuPG public key ID: 1CB7F0E2 > blog: http://richardhaas.wordpress.com > Twitter: @rahaas > -- > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > -- Michael Rash | Founder http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F |
From: Damien S. <ds...@ds...> - 2012-07-13 02:18:55
|
Hi, The shared libraries on Mac OS X system use a different extension (.dylib vs. .so). If you edit the test-fwknop.pl script at line xx and make change "libfko.so" to "libfko.dylib", the test will run. However, on my Mac, when it gets to the 'ipfw'-related tests, I get "ipfw: invalid set command X" (where X is '1' or '2'). I had played with getting fwknopd to work on a Mac several months ago. I did get it to work after modifying the syntax of the ipfw commands. I will see if I can find that code and post the specifics here… Regards, -Damien Stuart On Jul 12, 2012, at 9:09 PM, Michael Rash wrote: > > On Thu, Jul 12, 2012 at 11:43 AM, rhaas <rh...@rh...> wrote: > Greetings. > > Hello, > > Is there a pointer to Mac OS X specific build/install instructions for > fwknop? > > Nothing specific for Mac OS X currently. > > > Sorry for the noob-ish question, but a search of the list archives > didn't turn anything up. > > The client and server build fine but the perl test suite aborts at the > libfko binary check: > > ./test-fwknop.pl > > [+] Starting the fwknop test suite... > > args: > > Saved results from previous run to: output.last/ > > [build] [client] binary > exists......................................pass (1) > [build security] [client] Position Independent Executable > (PIE).....pass (2) > [build security] [client] stack protected > binary....................pass (3) > [build security] [client] fortify source > functions..................pass (4) > [build security] [client] read-only > relocations.....................pass (5) > [build security] [client] immediate > binding.........................pass (6) > [build] [server] binary > exists......................................pass (7) > [build security] [server] Position Independent Executable > (PIE).....pass (8) > [build security] [server] stack protected > binary....................pass (9) > [build security] [server] fortify source > functions..................pass (10) > [build security] [server] read-only > relocations.....................pass (11) > [build security] [server] immediate > binding.........................pass (12) > [build] [libfko] binary > exists......................................fail (13) > [*] required test failed, exiting. at ./test-fwknop.pl line 1314. > > > The test suite is looking for the file (usually a symbolic link) "../lib/.libs/libfko.so" from the test/ directory. Can you post the output of 'ls -l ../lib/.libs/libfko*'? It should look something like: > > $ ls -l ../lib/.libs/libfko* > -rw-r--r-- 1 mbr mbr 589656 Jul 10 22:07 lib/.libs/libfko.a > lrwxrwxrwx 1 mbr mbr 12 Jul 10 22:07 lib/.libs/libfko.la -> ../libfko.la > -rw-r--r-- 1 mbr mbr 987 Jul 10 22:07 lib/.libs/libfko.lai > lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so -> libfko.so.0.0.3 > lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so.0 -> libfko.so.0.0.3 > -rwxr-xr-x 1 mbr mbr 282950 Jul 10 22:07 lib/.libs/libfko.so.0.0.3 > > This is on an Ubuntu system, so there may be some differences on Mac OS X that the test suite will need to account for. > > Thanks, > > --Mike > > > > > ... presumably there are still some pieces to build. > > Thanks. > > -- > Richard Haas <rh...@rh...> > GnuPG public key ID: 1CB7F0E2 > blog: http://richardhaas.wordpress.com > Twitter: @rahaas > -- > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > > > > -- > Michael Rash | Founder > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |
From: Michael R. <mic...@gm...> - 2012-07-13 02:32:58
|
On Thu, Jul 12, 2012 at 9:51 PM, Damien Stuart <ds...@ds...> wrote: > Hi, > > Hi Damien, > The shared libraries on Mac OS X system use a different extension (.dylib > vs. .so). If you edit the test-fwknop.pl script at line xx and make > change "libfko.so" to "libfko.dylib", the test will run. However, on my > Mac, when it gets to the 'ipfw'-related tests, I get "ipfw: invalid set > command X" (where X is '1' or '2'). > Ah, cool. I've updated the test suite to account for the different .dylib extension: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=e250776107d09352765b04cc74113c0bfe3a17de Here is a new -pre release that contains the fix: http://www.cipherdyne.org/fwknop/download/fwknop-2.0.1-pre3.tar.gz $ sha1sum fwknop-2.0.1-pre3.tar.gz 62770f4f1c48b2d99e3f42d8c77d350968973578 fwknop-2.0.1-pre3.tar.gz > I had played with getting fwknopd to work on a Mac several months ago. I > did get it to work after modifying the syntax of the ipfw commands. I will > see if I can find that code and post the specifics here… > > Very cool - wish I had a Mac to help develop on. :) --Mike > Regards, > > -Damien Stuart > > > > > On Jul 12, 2012, at 9:09 PM, Michael Rash wrote: > > > On Thu, Jul 12, 2012 at 11:43 AM, rhaas <rh...@rh...> wrote: > >> Greetings. >> >> Hello, > > >> Is there a pointer to Mac OS X specific build/install instructions for >> fwknop? >> > > Nothing specific for Mac OS X currently. > > >> >> Sorry for the noob-ish question, but a search of the list archives >> didn't turn anything up. >> >> The client and server build fine but the perl test suite aborts at the >> libfko binary check: >> >> ./test-fwknop.pl >> >> [+] Starting the fwknop test suite... >> >> args: >> >> Saved results from previous run to: output.last/ >> >> [build] [client] binary >> exists......................................pass (1) >> [build security] [client] Position Independent Executable >> (PIE).....pass (2) >> [build security] [client] stack protected >> binary....................pass (3) >> [build security] [client] fortify source >> functions..................pass (4) >> [build security] [client] read-only >> relocations.....................pass (5) >> [build security] [client] immediate >> binding.........................pass (6) >> [build] [server] binary >> exists......................................pass (7) >> [build security] [server] Position Independent Executable >> (PIE).....pass (8) >> [build security] [server] stack protected >> binary....................pass (9) >> [build security] [server] fortify source >> functions..................pass (10) >> [build security] [server] read-only >> relocations.....................pass (11) >> [build security] [server] immediate >> binding.........................pass (12) >> [build] [libfko] binary >> exists......................................fail (13) >> [*] required test failed, exiting. at ./test-fwknop.pl line 1314. >> >> > The test suite is looking for the file (usually a symbolic link) > "../lib/.libs/libfko.so" from the test/ directory. Can you post the output > of 'ls -l ../lib/.libs/libfko*'? It should look something like: > > $ ls -l ../lib/.libs/libfko* > -rw-r--r-- 1 mbr mbr 589656 Jul 10 22:07 lib/.libs/libfko.a > lrwxrwxrwx 1 mbr mbr 12 Jul 10 22:07 lib/.libs/libfko.la -> ../ > libfko.la > -rw-r--r-- 1 mbr mbr 987 Jul 10 22:07 lib/.libs/libfko.lai > lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so -> > libfko.so.0.0.3 > lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so.0 -> > libfko.so.0.0.3 > -rwxr-xr-x 1 mbr mbr 282950 Jul 10 22:07 lib/.libs/libfko.so.0.0.3 > > This is on an Ubuntu system, so there may be some differences on Mac OS X > that the test suite will need to account for. > > Thanks, > > --Mike > > > > >> >> ... presumably there are still some pieces to build. >> >> Thanks. >> >> -- >> Richard Haas <rh...@rh...> >> GnuPG public key ID: 1CB7F0E2 >> blog: http://richardhaas.wordpress.com >> Twitter: @rahaas >> -- >> >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Fwknop-discuss mailing list >> Fwk...@li... >> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >> > > > > -- > Michael Rash | Founder > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > > > -- Michael Rash | Founder http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F |
From: rhaas <rh...@rh...> - 2012-07-14 12:21:07
|
The pre-release fix is great, gets all the way through to the ipfw tests (which Damien Stuart mentioned was a known issue): $ sudo ./test-fwknop.pl Password: [+] Starting the fwknop test suite... args: [build] [client] binary exists......................................pass (1) [build security] [client] Position Independent Executable (PIE).....pass (2) [build security] [client] stack protected binary....................pass (3) [build security] [client] fortify source functions..................pass (4) [build security] [client] read-only relocations.....................pass (5) [build security] [client] immediate binding.........................pass (6) [build] [server] binary exists......................................pass (7) [build security] [server] Position Independent Executable (PIE).....pass (8) [build security] [server] stack protected binary....................pass (9) [build security] [server] fortify source functions..................pass (10) [build security] [server] read-only relocations.....................pass (11) [build security] [server] immediate binding.........................pass (12) [build] [libfko] binary exists......................................pass (13) [build security] [libfko] stack protected binary....................pass (14) [build security] [libfko] fortify source functions..................pass (15) [build security] [libfko] read-only relocations.....................pass (16) [build security] [libfko] immediate binding.........................pass (17) [preliminaries] [client] usage info.................................pass (18) [preliminaries] [client] getopt() no such argument..................pass (19) [preliminaries] [client] --test mode, packet not sent...............pass (20) [preliminaries] [client] expected code version......................pass (21) [preliminaries] [server] usage info.................................pass (22) [preliminaries] [server] getopt() no such argument..................pass (23) [preliminaries] [server] expected code version......................pass (24) [preliminaries] collecting system specifics.........................pass (25) [basic operations] dump config......................................pass (26) [basic operations] override config..................................pass (27) [basic operations] [client] --get-key path validation...............pass (28) [basic operations] [client] require [-s|-R|-a]......................pass (29) [basic operations] [client] --allow-ip <IP> valid IP................pass (30) [basic operations] [client] -A <proto>/<port> specification.........pass (31) [basic operations] [client] generate SPA packet.....................pass (32) [basic operations] [server] list current fwknopd fw rules...........pass (33) [basic operations] [server] list all current fw rules...............pass (34) [basic operations] [server] flush current firewall rules............pass (35) [basic operations] [server] start...................................ipfw: invalid set command 1 ... I'll poke around the ipfw syntax as I have time ... if Damien doesn't unearth his previous correction before I get there. Thanks, everyone. -- Richard Haas <rh...@rh...> GnuPG public key ID: 1CB7F0E2 blog: http://richardhaas.wordpress.com Twitter: @rahaas -- On Jul 12, 2012, at 10:32 PM, Michael Rash wrote: > > > On Thu, Jul 12, 2012 at 9:51 PM, Damien Stuart <ds...@ds...> wrote: > Hi, > > > Hi Damien, > > The shared libraries on Mac OS X system use a different extension (.dylib vs. .so). If you edit the test-fwknop.pl script at line xx and make change "libfko.so" to "libfko.dylib", the test will run. However, on my Mac, when it gets to the 'ipfw'-related tests, I get "ipfw: invalid set command X" (where X is '1' or '2'). > > Ah, cool. I've updated the test suite to account for the different .dylib extension: > > http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=e250776107d09352765b04cc74113c0bfe3a17de > > Here is a new -pre release that contains the fix: > > http://www.cipherdyne.org/fwknop/download/fwknop-2.0.1-pre3.tar.gz > > $ sha1sum fwknop-2.0.1-pre3.tar.gz > 62770f4f1c48b2d99e3f42d8c77d350968973578 fwknop-2.0.1-pre3.tar.gz > > > I had played with getting fwknopd to work on a Mac several months ago. I did get it to work after modifying the syntax of the ipfw commands. I will see if I can find that code and post the specifics here… > > > Very cool - wish I had a Mac to help develop on. :) > > --Mike > > > Regards, > > -Damien Stuart > > > > > On Jul 12, 2012, at 9:09 PM, Michael Rash wrote: > >> >> On Thu, Jul 12, 2012 at 11:43 AM, rhaas <rh...@rh...> wrote: >> Greetings. >> >> Hello, >> >> Is there a pointer to Mac OS X specific build/install instructions for >> fwknop? >> >> Nothing specific for Mac OS X currently. >> >> >> Sorry for the noob-ish question, but a search of the list archives >> didn't turn anything up. >> >> The client and server build fine but the perl test suite aborts at the >> libfko binary check: >> >> ./test-fwknop.pl >> >> [+] Starting the fwknop test suite... >> >> args: >> >> Saved results from previous run to: output.last/ >> >> [build] [client] binary >> exists......................................pass (1) >> [build security] [client] Position Independent Executable >> (PIE).....pass (2) >> [build security] [client] stack protected >> binary....................pass (3) >> [build security] [client] fortify source >> functions..................pass (4) >> [build security] [client] read-only >> relocations.....................pass (5) >> [build security] [client] immediate >> binding.........................pass (6) >> [build] [server] binary >> exists......................................pass (7) >> [build security] [server] Position Independent Executable >> (PIE).....pass (8) >> [build security] [server] stack protected >> binary....................pass (9) >> [build security] [server] fortify source >> functions..................pass (10) >> [build security] [server] read-only >> relocations.....................pass (11) >> [build security] [server] immediate >> binding.........................pass (12) >> [build] [libfko] binary >> exists......................................fail (13) >> [*] required test failed, exiting. at ./test-fwknop.pl line 1314. >> >> >> The test suite is looking for the file (usually a symbolic link) "../lib/.libs/libfko.so" from the test/ directory. Can you post the output of 'ls -l ../lib/.libs/libfko*'? It should look something like: >> >> $ ls -l ../lib/.libs/libfko* >> -rw-r--r-- 1 mbr mbr 589656 Jul 10 22:07 lib/.libs/libfko.a >> lrwxrwxrwx 1 mbr mbr 12 Jul 10 22:07 lib/.libs/libfko.la -> ../libfko.la >> -rw-r--r-- 1 mbr mbr 987 Jul 10 22:07 lib/.libs/libfko.lai >> lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so -> libfko.so.0.0.3 >> lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so.0 -> libfko.so.0.0.3 >> -rwxr-xr-x 1 mbr mbr 282950 Jul 10 22:07 lib/.libs/libfko.so.0.0.3 >> >> This is on an Ubuntu system, so there may be some differences on Mac OS X that the test suite will need to account for. >> >> Thanks, >> >> --Mike >> >> >> >> >> ... presumably there are still some pieces to build. >> >> Thanks. >> >> -- >> Richard Haas <rh...@rh...> >> GnuPG public key ID: 1CB7F0E2 >> blog: http://richardhaas.wordpress.com >> Twitter: @rahaas >> -- >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Fwknop-discuss mailing list >> Fwk...@li... >> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >> >> >> >> -- >> Michael Rash | Founder >> http://www.cipherdyne.org/ >> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ >> Fwknop-discuss mailing list >> Fwk...@li... >> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > > > > > -- > Michael Rash | Founder > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |
From: Damien S. <ds...@ds...> - 2012-07-15 17:54:33
|
Hello Richard, I was able to find the changes I made to make it work on my Mac. I have incorporated them into 2.0.1-pre4. You can download it from http://www.cipherdyne.org/fwknop/download/fwknop-2.0.1-pre4.tar.gz. You will find that many of the tests still fail. However, basic access request do work (as long as the existing firewall rules allow established TCP traffic in a set or rule before the fwknop rules (default set 1 rule 10000 - though they can be changed in the fwknopd.conf file). Regards, -Damien On Jul 14, 2012, at 8:20 AM, rhaas wrote: > The pre-release fix is great, gets all the way through to the ipfw tests (which Damien Stuart mentioned was a known issue): > > $ sudo ./test-fwknop.pl > Password: > > [+] Starting the fwknop test suite... > > args: > > [build] [client] binary exists......................................pass (1) > [build security] [client] Position Independent Executable (PIE).....pass (2) > [build security] [client] stack protected binary....................pass (3) > [build security] [client] fortify source functions..................pass (4) > [build security] [client] read-only relocations.....................pass (5) > [build security] [client] immediate binding.........................pass (6) > [build] [server] binary exists......................................pass (7) > [build security] [server] Position Independent Executable (PIE).....pass (8) > [build security] [server] stack protected binary....................pass (9) > [build security] [server] fortify source functions..................pass (10) > [build security] [server] read-only relocations.....................pass (11) > [build security] [server] immediate binding.........................pass (12) > [build] [libfko] binary exists......................................pass (13) > [build security] [libfko] stack protected binary....................pass (14) > [build security] [libfko] fortify source functions..................pass (15) > [build security] [libfko] read-only relocations.....................pass (16) > [build security] [libfko] immediate binding.........................pass (17) > [preliminaries] [client] usage info.................................pass (18) > [preliminaries] [client] getopt() no such argument..................pass (19) > [preliminaries] [client] --test mode, packet not sent...............pass (20) > [preliminaries] [client] expected code version......................pass (21) > [preliminaries] [server] usage info.................................pass (22) > [preliminaries] [server] getopt() no such argument..................pass (23) > [preliminaries] [server] expected code version......................pass (24) > [preliminaries] collecting system specifics.........................pass (25) > [basic operations] dump config......................................pass (26) > [basic operations] override config..................................pass (27) > [basic operations] [client] --get-key path validation...............pass (28) > [basic operations] [client] require [-s|-R|-a]......................pass (29) > [basic operations] [client] --allow-ip <IP> valid IP................pass (30) > [basic operations] [client] -A <proto>/<port> specification.........pass (31) > [basic operations] [client] generate SPA packet.....................pass (32) > [basic operations] [server] list current fwknopd fw rules...........pass (33) > [basic operations] [server] list all current fw rules...............pass (34) > [basic operations] [server] flush current firewall rules............pass (35) > [basic operations] [server] start...................................ipfw: invalid set command 1 > > ... I'll poke around the ipfw syntax as I have time ... if Damien doesn't unearth his previous correction before I get there. > > Thanks, everyone. > > -- > Richard Haas <rh...@rh...> > GnuPG public key ID: 1CB7F0E2 > blog: http://richardhaas.wordpress.com > Twitter: @rahaas > -- > > > > On Jul 12, 2012, at 10:32 PM, Michael Rash wrote: > >> >> >> On Thu, Jul 12, 2012 at 9:51 PM, Damien Stuart <ds...@ds...> wrote: >> Hi, >> >> >> Hi Damien, >> >> The shared libraries on Mac OS X system use a different extension (.dylib vs. .so). If you edit the test-fwknop.pl script at line xx and make change "libfko.so" to "libfko.dylib", the test will run. However, on my Mac, when it gets to the 'ipfw'-related tests, I get "ipfw: invalid set command X" (where X is '1' or '2'). >> >> Ah, cool. I've updated the test suite to account for the different .dylib extension: >> >> http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=e250776107d09352765b04cc74113c0bfe3a17de >> >> Here is a new -pre release that contains the fix: >> >> http://www.cipherdyne.org/fwknop/download/fwknop-2.0.1-pre3.tar.gz >> >> $ sha1sum fwknop-2.0.1-pre3.tar.gz >> 62770f4f1c48b2d99e3f42d8c77d350968973578 fwknop-2.0.1-pre3.tar.gz >> >> >> I had played with getting fwknopd to work on a Mac several months ago. I did get it to work after modifying the syntax of the ipfw commands. I will see if I can find that code and post the specifics here… >> >> >> Very cool - wish I had a Mac to help develop on. :) >> >> --Mike >> >> >> Regards, >> >> -Damien Stuart >> >> >> >> >> On Jul 12, 2012, at 9:09 PM, Michael Rash wrote: >> >>> >>> On Thu, Jul 12, 2012 at 11:43 AM, rhaas <rh...@rh...> wrote: >>> Greetings. >>> >>> Hello, >>> >>> Is there a pointer to Mac OS X specific build/install instructions for >>> fwknop? >>> >>> Nothing specific for Mac OS X currently. >>> >>> >>> Sorry for the noob-ish question, but a search of the list archives >>> didn't turn anything up. >>> >>> The client and server build fine but the perl test suite aborts at the >>> libfko binary check: >>> >>> ./test-fwknop.pl >>> >>> [+] Starting the fwknop test suite... >>> >>> args: >>> >>> Saved results from previous run to: output.last/ >>> >>> [build] [client] binary >>> exists......................................pass (1) >>> [build security] [client] Position Independent Executable >>> (PIE).....pass (2) >>> [build security] [client] stack protected >>> binary....................pass (3) >>> [build security] [client] fortify source >>> functions..................pass (4) >>> [build security] [client] read-only >>> relocations.....................pass (5) >>> [build security] [client] immediate >>> binding.........................pass (6) >>> [build] [server] binary >>> exists......................................pass (7) >>> [build security] [server] Position Independent Executable >>> (PIE).....pass (8) >>> [build security] [server] stack protected >>> binary....................pass (9) >>> [build security] [server] fortify source >>> functions..................pass (10) >>> [build security] [server] read-only >>> relocations.....................pass (11) >>> [build security] [server] immediate >>> binding.........................pass (12) >>> [build] [libfko] binary >>> exists......................................fail (13) >>> [*] required test failed, exiting. at ./test-fwknop.pl line 1314. >>> >>> >>> The test suite is looking for the file (usually a symbolic link) "../lib/.libs/libfko.so" from the test/ directory. Can you post the output of 'ls -l ../lib/.libs/libfko*'? It should look something like: >>> >>> $ ls -l ../lib/.libs/libfko* >>> -rw-r--r-- 1 mbr mbr 589656 Jul 10 22:07 lib/.libs/libfko.a >>> lrwxrwxrwx 1 mbr mbr 12 Jul 10 22:07 lib/.libs/libfko.la -> ../libfko.la >>> -rw-r--r-- 1 mbr mbr 987 Jul 10 22:07 lib/.libs/libfko.lai >>> lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so -> libfko.so.0.0.3 >>> lrwxrwxrwx 1 mbr mbr 15 Jul 10 22:07 lib/.libs/libfko.so.0 -> libfko.so.0.0.3 >>> -rwxr-xr-x 1 mbr mbr 282950 Jul 10 22:07 lib/.libs/libfko.so.0.0.3 >>> >>> This is on an Ubuntu system, so there may be some differences on Mac OS X that the test suite will need to account for. >>> >>> Thanks, >>> >>> --Mike >>> >>> >>> >>> >>> ... presumably there are still some pieces to build. >>> >>> Thanks. >>> >>> -- >>> Richard Haas <rh...@rh...> >>> GnuPG public key ID: 1CB7F0E2 >>> blog: http://richardhaas.wordpress.com >>> Twitter: @rahaas >>> -- >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Fwknop-discuss mailing list >>> Fwk...@li... >>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >>> >>> >>> >>> -- >>> Michael Rash | Founder >>> http://www.cipherdyne.org/ >>> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ >>> Fwknop-discuss mailing list >>> Fwk...@li... >>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >> >> >> >> >> -- >> Michael Rash | Founder >> http://www.cipherdyne.org/ >> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ >> Fwknop-discuss mailing list >> Fwk...@li... >> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |