自建网站 服务器,为什么要做手机网站,discuz绿色带门户手机网站模板,通付盾 建设网站make-testing脚本文件负责构建strongswan的虚拟化测试系统。位于目录strongswan-5.9.14/testing/#xff0c;需要以管理员身份运行make-testing。生成测试用到的虚拟客户机镜像#xff0c;KVM虚拟机和虚拟网络的配置文件位于目录:config/kvm。
~/strongswan-5.9.14/testing$…make-testing脚本文件负责构建strongswan的虚拟化测试系统。位于目录strongswan-5.9.14/testing/需要以管理员身份运行make-testing。生成测试用到的虚拟客户机镜像KVM虚拟机和虚拟网络的配置文件位于目录:config/kvm。
~/strongswan-5.9.14/testing$ ls config/kvm
alice.xml bob.xml carol.xml dave.xml moon.xml sun.xml venus.xml vnet1.xml vnet2.xml vnet3.xml winnetou.xml执行testing/start-testing脚本启动测试环境查看运行起来的虚拟机。
$ sudo virsh listId Name State
--------------------------1 alice running2 bob running3 carol running4 dave running5 moon running6 sun running7 venus running8 winnetou running虚拟测试环境拓扑如下
操作环境信息
$ cat /etc/issue
Debian GNU/Linux 12 \n \l
$
$ uname -a
Linux reported 6.1.0-28-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.119-1 (2024-11-22) x86_64 GNU/Linuxmake-testing
首先包含测试环境的配置文件testing.conf。
之后依次调用脚本build-baseimage、build-rootimage、build-guestkernel、build-certs和build-guestimages来生成基础镜像、root文件系统镜像、客户机内核strongswan测试用例使用到的证书和最终的客户机镜像。
. $DIR/testing.confrm -f $LOGFILE
mkdir -p $BUILDDIRif [ $ENABLE_BUILD_BASEIMAGE yes ]
then$DIR/scripts/build-baseimage || exit 1
fi
if [ $ENABLE_BUILD_ROOTIMAGE yes ]
then$DIR/scripts/build-rootimage || exit 1
fi
if [ $ENABLE_BUILD_GUESTKERNEL yes ]
then$DIR/scripts/build-guestkernel || exit 1
fi
if [ $ENABLE_BUILD_CERTIFICATES yes ]
then# this always builds the guest images too$DIR/scripts/build-certs || exit 1
elif [ $ENABLE_BUILD_GUESTIMAGES yes ]
then$DIR/scripts/build-guestimages || exit 1
fitesting.conf全局配置
位于目录strongswan-5.9.14/testing下内容如下。基础镜像BASEIMG的文件名称为debian-bookworm-amd64.qcow2其中默认debian发行版为bookworm处理器架构为amd64镜像格式为qcow2大小为BASEIMGSIZE2500M。
生成的镜像保存于目录IMGDIR/srv/strongswan-testing/build/images。
# Common image settings
: ${IMGEXTqcow2}
: ${IMGDIR$BUILDDIR/images}# Base image settings
# The base image is a pristine OS installation created using debootstrap.
: ${BASEIMGSIZE2500}
: ${BASEIMGSUITEbookworm}
: ${BASEIMGARCHamd64}
: ${BASEIMG$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT}
: ${BASEIMGMIRRORhttp://http.debian.net/debian}
: ${BASEIMGEXTREPOHOSTdownload.strongswan.org}
: ${BASEIMGEXTKEYhttps://$BASEIMGEXTREPOHOST/testing/repos/strongswan-testing.gpg.key}
: ${BASEIMGEXTREPOhttps://$BASEIMGEXTREPOHOST/testing/repos/apt/debian}如下为编译完成之后的所有虚拟镜像。
$ ls /srv/strongswan-testing/build/images
alice.qcow2 carol.qcow2 debian-bookworm-amd64.qcow2 root.qcow2 venus.qcow2
bob.qcow2 dave.qcow2 moon.qcow2 sun.qcow2 winnetou.qcow2build-baseimage
构建基础镜像脚本位于目录strongswan-5.9.14/testing/scripts。load_qemu_nbd加载宿主机内核nbd驱动接下来创建qcow2格式qemu硬盘挂载为网络硬盘/dev/nbd0。
echo date, building $BASEIMG $LOGFILEload_qemu_nbdlog_action Creating base image $BASEIMG
execute qemu-img create -f $IMGEXT $BASEIMG ${BASEIMGSIZE}Mlog_action Connecting image to NBD device $NBDEV
execute qemu-nbd -c $NBDEV $BASEIMG
do_on_exit qemu-nbd -d $NBDEV对应下列的命令
modprobe nbd max_part16
qemu-img create -f qcow2 /srv/strongswan-testing/build/images/debian-bookworm-amd64.qcow2 2500Mqemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/debian-bookworm-amd64.qcow2如下nbd驱动模块的信息。
# sudo modinfo nbd
filename: /lib/modules/6.1.0-28-amd64/kernel/drivers/block/nbd.ko
description: Network Block Device
name: nbd
vermagic: 6.1.0-28-amd64 SMP preempt mod_unload modversions
parm: nbds_max:number of network block devices to initialize (default: 16) (int)
parm: max_part:number of partitions per device (default: 16) (int)接下来使用sfdisk对nbd0设备分区partprobe通知系统重新读取nbd0分区表信息mkfs.ext3在新分区/dev/nbd0p1上创建ext3文件系统将分区挂载到目录/srv/strongswan-testing/build/loop之后的操作都在此loop目录执行。
sfdisk /dev/nbd0 $LOGFILE 21 EOF
;
EOFpartprobe $NBDEVlog_action Creating ext3 filesystem
execute mkfs.ext3 $NBDPARTITIONlog_action Mounting $NBDPARTITION to $LOOPDIR
execute mount $NBDPARTITION $LOOPDIR
do_on_exit graceful_umount $LOOPDIR创建新分区nbd0p1过程信息以及partprobe执行信息如下。
Checking that no-one is using this disk right now ... OKDisk /dev/nbd0: 2.44 GiB, 2621440000 bytes, 5120000 sectors
Units: sectors of 1 * 512 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes Created a new DOS (MBR) disklabel with disk identifier 0xfe4e6d3a.
/dev/nbd0p1: Created a new partition 1 of type Linux and of size 2.4 GiB.
/dev/nbd0p2: Done.New situation:
Disklabel type: dos
Disk identifier: 0xfe4e6d3aDevice Boot Start End Sectors Size Id Type
/dev/nbd0p1 2048 5119999 5117952 2.4G 83 LinuxThe partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.创建ext3文件系统。
mkfs.ext3 /dev/nbd0p1
mke2fs 1.47.0 (5-Feb-2023)
Discarding device blocks: done
Creating filesystem with 639744 4k blocks and 160000 inodes
Filesystem UUID: 55f96272-8359-4fd9-a665-767a0a39815c
Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done 在新挂载的目录loop下创建目录var/cache/apt/archives并且将主机目录/srv/strongswan-testing/build/cache绑定到此目录。使用debootstrap目录在loop目录创建debian根文件系统。
log_action Using $CACHEDIR as archive for apt
mkdir -p $APTCACHE
execute mount -o bind $CACHEDIR $APTCACHE
do_on_exit graceful_umount $APTCACHElog_action Running debootstrap ($BASEIMGSUITE, $BASEIMGARCH)
execute debootstrap --arch$BASEIMGARCH --include$INC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR对应的日志信息以及debootstrap的命令参数和执行日志…表示省略内容如下
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
mount -o bind /srv/strongswan-testing/build/cache /srv/strongswan-testing/build/loop/var/cache/apt/archives
debootstrap --archamd64 --includeautomake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext,less,locales,build-essential,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,wget,gnupg,man-db,libboost-thread-dev,libboost-system-dev,git,iperf,htop,valgrind,strace,gnat,gprbuild,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,libsoup2.4-dev,ca-certificates,unzip,libsystemd-dev,python3,python3-setuptools,python3-dev,python3-daemon,python3-venv,,apt-transport-https,libjson-c-dev,libxslt1-dev,libapache2-mod-wsgi-py3,libxerces-c-dev,rsyslog,libiptc-dev,libahven11-dev,libxmlada-schema12-dev,libgmpada12-dev,libalog8-dev,dbus-user-session,libboost-regex1.74.0,apache2,dbus,isc-dhcp-server,slapd,bind9,freeradius bookworm /srv/strongswan-testing/build/loop http://http.debian.net/debianI: Checking component main on http://http.debian.net/debian...
I: Retrieving acpi-support-base 0.143-5.1
I: Validating acpi-support-base 0.143-5.1
...
I: Retrieving zlib1g-dev 1:1.2.13.dfsg-1
I: Validating zlib1g-dev 1:1.2.13.dfsg-1
I: Chosen extractor for .deb packages: dpkg-deb
I: Extracting adduser...
...
I: Extracting zlib1g...
I: Installing core packages...
I: Unpacking required packages...
I: Unpacking adduser...
...
I: Unpacking zlib1g:amd64...
I: Configuring required packages...
I: Configuring debian-archive-keyring...
...
I: Configuring libc-bin...
I: Unpacking the base system...
I: Unpacking acpi-support-base...
...
I: Unpacking zlib1g-dev:amd64...
I: Configuring the base system...
I: Configuring libksba8:amd64...
...
I: Configuring ca-certificates...
I: Base system installed successfully.将宿主机proc文件系统挂载到loop目录下的proc目录上。编辑文件etc/locale.gen设置语言环境。
execute mount -t proc none $LOOPDIR/proc 0
do_on_exit graceful_umount $LOOPDIR/proclog_action Generating locales
cat $LOOPDIR/etc/locale.gen EOF
de_CH.UTF-8 UTF-8
en_US.UTF-8 UTF-8
EOF
execute_chroot locale-gen如下执行日志。
mount -t proc none /srv/strongswan-testing/build/loop/proc
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin locale-gen
Generating locales (this might take a while)...de_CH.UTF-8... doneen_US.UTF-8... done
Generation complete.测试环境构建完成之后登录moon主机可以看到/etc/locale.gen文件的内容。
$ ssh root192.168.0.1
moon:~#
moon:~# cat /etc/locale.gen
de_CH.UTF-8 UTF-8
en_US.UTF-8 UTF-8
moon:~# 下载基础镜像的扩展签名秘钥apt-key将秘钥添加到系统的中使用此秘钥认证的安装包被认为是可信的。生成strongswan下载apt库strongswan.list文件其中内容为deb https://download.strongswan.org/testing/repos/apt/debian bookworm main。设置其优先级。
127 log_action Downloading signing key for custom apt repo
128 execute_chroot wget -q $BASEIMGEXTKEY -O /tmp/key
129 log_action Installing signing key for custom apt repo
130 execute_chroot apt-key add /tmp/key132 log_action Enabling custom apt repo
133 cat $LOOPDIR/etc/apt/sources.list.d/strongswan.list EOF
134 deb $BASEIMGEXTREPO $BASEIMGSUITE main
135 EOF
137
138 log_action Prioritize custom apt repo
139 cat $LOOPDIR/etc/apt/preferences.d/strongswan.pref EOF
140 Package: *
141 Pin: origin $BASEIMGEXTREPOHOST
142 Pin-Priority: 1001
143 EOF如下为对应的日志
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget -q https://download.strongswan.org/testing/repos/strongswan-testing.gpg.key -O /tmp/key
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin apt-key add /tmp/key
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK测试环境构建完成之后登录到moon主机查看strongswan.pref文件内容如下。
moon:~# cat /etc/apt/preferences.d/strongswan.pref
Package: *
Pin: origin download.strongswan.org
Pin-Priority: 1001以上设置完apt库之后接下来执行apt-get update跟新并且安装包libgcrypt20-dev traceroute iptables。
146 log_action Update package sources
147 execute_chroot apt-get update
148 log_action Install packages via APT
149 execute_chroot apt-get -y install $APT1如下执行日志。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin apt-get update
Get:3 https://download.strongswan.org/testing/repos/apt/debian bookworm InRelease [1,819 B]
Reading package lists...
W: https://download.strongswan.org/testing/repos/apt/debian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin apt-get -y install libgcrypt20-dev traceroute iptables
The following NEW packages will be installed:iptables libgcrypt20-dev libgpg-error-dev traceroute
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,297 kB of archives.
After this operation, 5,623 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 traceroute amd64 1:2.1.2-1 [51.5 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 iptables amd64 1.8.9-2 [360 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 libgpg-error-dev amd64 1.46-1 [133 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 libgcrypt20-dev amd64 1.10.1-3 [752 kB]安装tmux。
log_action Move history.log to history.log.1
execute_chroot mv /var/log/apt/history.log /var/log/apt/history.log.1
log_action Compress history.log.1 to history.log.1.gz
execute_chroot gzip /var/log/apt/history.log.1
log_action Install more packages via APT
execute_chroot apt-get -y install $APT
log_action Install packages from custom repo
execute_chroot apt-get -y upgrade如下安装日志。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin mv /var/log/apt/history.log /var/log/apt/history.log.1
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin gzip /var/log/apt/history.log.1
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin apt-get -y install tmux
Reading package lists...
The following NEW packages will be installed:libevent-core-2.1-7 libutempter0 tmux
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
After this operation, 1,493 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 libevent-core-2.1-7 amd64 2.1.12-stable-8 [131 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 libutempter0 amd64 1.2.1-3 [8,960 B]
Get:3 http://deb.debian.org/debian bookworm/main amd64 tmux amd64 3.3a-3 [455 kB]
...
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin apt-get -y upgrade
Reading package lists...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.基础镜像中禁止运行的服务“apache2 dbus isc-dhcp-server slapd bind9 freeradius”
for service in $SERVICES
dolog_action Disabling service $serviceexecute_chroot systemctl disable $service
done如下为执行日志。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin systemctl disable apache2
Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable apache2
Removed /etc/systemd/system/multi-user.target.wants/apache2.service.
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin systemctl disable dbus
Synchronizing state of dbus.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable dbus
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin systemctl disable isc-dhcp-server
isc-dhcp-server.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable isc-dhcp-server
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin systemctl disable slapd
slapd.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable slapd
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin systemctl disable bind9
Removed /etc/systemd/system/multi-user.target.wants/named.service.
Removed /etc/systemd/system/bind9.service.
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin systemctl disable freeradius
Synchronizing state of freeradius.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable freeradius
Removed /etc/systemd/system/multi-user.target.wants/freeradius.service.iptables和ip6tables命令使用legacy传统的版本iptables-legacy和ip6tables-legacy不使用iptables-nft。
165 log_action Switching from iptables-nft to iptables-legacy
166 execute_chroot update-alternatives --set iptables /usr/sbin/iptables-legacy 0
167 execute_chroot update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 0
168 log_status 0如下执行日志。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in manual mode最后清空根文件系统root用户的密码。之后使用root登录虚拟客户系统不需要密码。
log_action Disabling root password
execute_chroot passwd -d root脚本执行完毕执行On_Exit卸载之前挂载的procvar/cache/apt/archives和loop目录以及断开网络硬盘nbd0。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin passwd -d root
passwd: password changed.
On_Exit: graceful_umount /srv/strongswan-testing/build/loop/proc
On_Exit: graceful_umount /srv/strongswan-testing/build/loop/var/cache/apt/archives
On_Exit: graceful_umount /srv/strongswan-testing/build/loop
On_Exit: qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnectedbuild-rootimage
此脚本用于创建root.qcow2镜像调用build-strongswan脚本完成。 3 echo Building root image4 5 DIR$(dirname readlink -f $0)6 . $DIR/../testing.conf7 8 $DIR/build-strongswan --all --replace --no-guests --tarball $SWANVERSION创建完成之后镜像列表如下
$ ls -l /srv/strongswan-testing/build/images/
total 3042304
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 88735744 Dec 15 03:52 alice.qcow2 // guest镜像
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 88604672 Dec 15 03:48 bob.qcow2 // guest镜像
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 88342528 Dec 15 03:51 carol.qcow2
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 88670208 Dec 15 03:52 dave.qcow2
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 2129068032 Dec 9 17:47 debian-bookworm-amd64.qcow2 // 基础镜像
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 89849856 Dec 15 03:52 moon.qcow2
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 271974400 Dec 9 18:39 root.qcow2 // root镜像
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 88473600 Dec 15 03:49 sun.qcow2
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 88735744 Dec 15 03:52 venus.qcow2
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 93192192 Dec 15 03:52 winnetou.qcow2 // guest镜像build-strongswan
传入此脚本的参数参见以上build-rootimage文件。–all表示编译和安装所有的软件不仅是strongswan。–replace表示替换root镜像。–no-guests表示不构建客户机guest镜像。–tarball表示从tar包编译strongswan。
在root镜像不存在或者指定replace参数的情况下使用qemu-img创建root.qcow2镜像-b指定后端硬盘/srv/strongswan-testing/build/images/debian-bookworm-amd64.qcow2root镜像ROOTIMG/srv/strongswan-testing/build/images/root.qcow2。
以上执行成功之后将ROOTIMG映射到网络硬盘NBDEV/dev/nbd0。
case $GUEST in
)if [ ! -f $ROOTIMG -o $REPLACE ]; thenlog_action Creating root image $ROOTIMGexecute qemu-img create -b $BASEIMG -f $IMGEXT -F $IMGEXT $ROOTIMGALL_RECIPES1filog_action Connecting root image to NBD device $NBDEV[ -f $ROOTIMG ] || die Root image $ROOTIMG not foundexecute qemu-nbd -c $NBDEV $ROOTIMG;;
*);;
esac执行日志如下。
qemu-img create -b /srv/strongswan-testing/build/images/debian-bookworm-amd64.qcow2 -f qcow2 -F qcow2 /srv/strongswan-testing/build/images/root.qcow2
Formatting /srv/strongswan-testing/build/images/root.qcow2, fmtqcow2 cluster_size65536 extended_l2off compression_typezlib size2621440000 backing_file/srv/strongswan-testing/build/images/debian-bookworm-amd64.qcow2 backing_fmtqcow2 lazy_refcountsoff refcount_bits16
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/root.qcow2partprobe通知系统重新读取nbd0分区表信息。将nbd0p1分区挂载到LOOPDIR/srv/strongswan-testing/build/loop。将宿主机proc文件系统挂载到LOOPDIR/proc。
do_on_exit qemu-nbd -d $NBDEV
partprobe $NBDEVlog_action Mounting $NBDPARTITION to $LOOPDIR
execute mount $NBDPARTITION $LOOPDIR
do_on_exit umount $LOOPDIRlog_action Mounting proc filesystem to $LOOPDIR/proc
execute mount -t proc none $LOOPDIR/proc
do_on_exit umount $LOOPDIR/proc如下命令日志。
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
mount -t proc none /srv/strongswan-testing/build/loop/proc将宿主机目录SHAREDDIR/srv/strongswan-testing/build/shared/bookworm绑定到LOOPDIR(映射的网络硬盘)的root/shared目录。比如登录moon主机可看到/root/shared目录。
将DNS配置拷贝到LOOPDIR相同位置chroot到LOOPDIR目录删除其中之前版本strongSwan遗留的SWID标签。
mkdir -p $SHAREDDIR
mkdir -p $LOOPDIR/root/shared
log_action Mounting $SHAREDDIR as /root/shared
execute mount -o bind $SHAREDDIR $LOOPDIR/root/shared
do_on_exit umount $LOOPDIR/root/sharedlog_action Copy /etc/resolv.conf
execute cp /etc/resolv.conf $LOOPDIR/etc/resolv.conf
do_on_exit rm $LOOPDIR/etc/resolv.conflog_action Remove SWID tags of previous strongSwan versions
execute_chroot find /usr/local/share -path *strongswan* -name *.swidtag -delete如下为命令日志。
mount -o bind /srv/strongswan-testing/build/shared/bookworm /srv/strongswan-testing/build/loop/root/shared
cp /etc/resolv.conf /srv/strongswan-testing/build/loop/etc/resolv.conf
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin find /usr/local/share -path *strongswan* -name *.swidtag -delete遍历目录testing/scripts/recipes目录下的makefile文件保存到RECIPES变量中。
RECPDIR$DIR/recipes
if [ $ALL_RECIPES ]; thenecho Building and installing strongSwan and all other softwareif [ -d $RECPDIR/patches ]thenexecute cp -r $RECPDIR/patches $LOOPDIR/root/shared/compile 0fiRECIPESls $RECPDIR/*.mk | xargs -n1 basenamelog_action Whitelist all Git repositoriesecho [safe] $LOOPDIR/root/.gitconfigecho directory * $LOOPDIR/root/.gitconfiglog_status 0
elseecho Building and installing strongSwanRECIPESls $RECPDIR/*strongswan.mk | xargs -n1 basename
fi如下为strongswan源码目录testing/scripts/recipes目录下的makefile文件。
strongswan-5.9.14/testing$ ls scripts/recipes/
004_spark-crypto.mk 006_tkm-rpc.mk 008_xfrm-ada.mk 010_tkm.mk 012_wolfssl.mk 014_swid_generator.mk
005_anet.mk 007_x509-ada.mk 009_xfrm-proxy.mk 011_botan.mk 013_strongswan.mk 015_strongTNC.mk遍历目录中每个文件makefile文件chroot到LOOPDIR执行。对于除去013_strongswan.mk之外的makefile先将其拷贝到/root/shared/compile目录此目录绑定的为/srv/strongswan-testing/build/shared/bookworm/compile/之后运行此makefile。
对于strongswan的makefile在SHAREDDIR/build-strongswan目录执行编译。
mkdir -p $SHAREDDIR/build-strongswan
mkdir -p $SHAREDDIR/compilefor r in $RECIPES
dolog_action Installing from recipe $rif [[ $r *strongswan.mk -z $TARBALL ]]; thencp $RECPDIR/$r $SHAREDDIR/build-strongswanexecute_chroot make SRCDIR/root/strongswan BUILDDIR/root/shared/build-strongswan -f /root/shared/build-strongswan/$relsecp $RECPDIR/$r ${LOOPDIR}/root/shared/compileexecute_chroot make SWANVERSION$TARBALL -C /root/shared/compile -f $rfi
done如下第一个spark加密库的makefile004_spark-crypto.mk的编译日志。代码下载地址为https://git.codelabs.ch/spark-crypto.git 版本为153590e2fc784d3173b73642fafa4efb597bb2f3。编译命令为 make NO_SPARK1 NO_TESTS1 NO_APIDOC1。安装目录为DESTDIR/usr/local/ada/lib/gnat。
编译日志如下
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 004_spark-crypto.mk
make: Entering directory /root/shared/compile
[ -d spark-crypto ] || git clone https://git.codelabs.ch/spark-crypto.git spark-crypto
Cloning into spark-crypto...
cd spark-crypto git fetch git checkout 153590e2fc784d3173b73642fafa4efb597bb2f3cd spark-crypto make NO_SPARK1 NO_TESTS1 NO_APIDOC1
make[1]: Entering directory /root/shared/compile/spark-crypto
gnatmake -Xarchx86_64 -Xendianesslittle_endian -XAESaes_sw -XRTSnative -p -P build/build_libsparkcrypto
Compile...[Ada] lsc-io.adb
Build Libraries[index] libsparkcrypto.a
install -d -m 755 /root/shared/compile/spark-crypto/out/libsparkcrypto/adalib/native;
...
cd spark-crypto make NO_SPARK1 NO_TESTS1 NO_APIDOC1 DESTDIR/usr/local/ada/lib/gnat install
make[1]: Entering directory /root/shared/compile/spark-crypto
install -d -m 755 /usr/local/ada/lib/gnat/adalib/native;如下为005_anet.mk的编译日志anet为Ada语言的网络库支持IPv4IPv6Packet等类型套接口。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 005_anet.mk
make: Entering directory /root/shared/compile
[ -d anet ] || git clone https://git.codelabs.ch/git/anet.git anet
Cloning into anet...
cd anet git fetch git checkout 15b469b1e47fde41822543da5be717df195c87dc
cd anet make LIBRARY_KINDstatic
make[1]: Entering directory /root/shared/compile/anet
gprbuild -p -R -j1 -XADAFLAGS -XLDFLAGS -XOSlinux -XVERSION0.4.2 anet_lib.gpr -XLIBRARY_KINDstatic
Compile[Ada] anet-sockets-packet.adb
...kzhang[Ada] anet-os.adb
Build Libraries[gprlib] anet.lexch[archive] libanet.a[index] libanet.a
cd anet make PREFIX/usr/local/ada LIBRARY_KINDstatic install
make[1]: Entering directory /root/shared/compile/anet
gprbuild -p -R -j1 -XADAFLAGS -XLDFLAGS -XOSlinux -XVERSION0.4.2 anet_lib.gpr -XLIBRARY_KINDstatic
install -d /usr/local/ada/lib/gnat
...
make: Leaving directory /root/shared/compile如下为006_tkm-rpc.mk的编译日志。TKM(trusted key manager)服务使用tkm-rpc库于strongswan的charon进程通信tkm-rpc使用Ada语言编写。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 006_tkm-rpc.mk
make: Entering directory /root/shared/compile
[ -d tkm-rpc ] || git clone https://git.codelabs.ch/git/tkm-rpc.git tkm-rpc
Cloning into tkm-rpc...
cd tkm-rpc git fetch git checkout 85f725c0c938cc7f8a48ed86892d6b112b858b8bcd tkm-rpc make tests make
make[1]: Entering directory /root/shared/compile/tkm-rpc
Compile
...[Ada] tkmrpc-transport-client.adb
Link[link] test_runner.adb
Running Tkmrpc tests ... please wait
Passed : 6
...cd tkm-rpc make PREFIX/usr/local/ada install
make[1]: Entering directory /root/shared/compile/tkm-rpc
install -d /usr/local/ada/lib/gnat
...
make: Leaving directory /root/shared/compile如下为007_x509-ada.mk的编译日志。x509-ada为Ada语言实现的X509证书处理库。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 007_x509-ada.mk
make: Entering directory /root/shared/compile
[ -d x509-ada ] || git clone https://git.codelabs.ch/git/x509-ada.git x509-ada
Cloning into x509-ada...
cd x509-ada git fetch git checkout v0.1.3cd x509-ada make tests make
make[1]: Entering directory /root/shared/compile/x509-ada
Compile[Ada] test_runner.adb[C] TeletexDomainDefinedAttributes.c
...[Ada] test_utils.adb
Build Libraries[archive] libx509ada.a[index] libx509ada.a
Running X.509 tests ... please wait
Passed : 11
...cd x509-ada make PREFIX/usr/local/ada install
...
make[1]: Leaving directory /root/shared/compile/x509-ada
make: Leaving directory /root/shared/compile如下为008_xfrm-ada.mk的编译日志。xfrm-ada为Ada语言实现的与内核xfrm模块通信的库。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 008_xfrm-ada.mk
make: Entering directory /root/shared/compile
[ -d xfrm-ada ] || git clone https://git.codelabs.ch/git/xfrm-ada.git xfrm-ada
Cloning into xfrm-ada...
cd xfrm-ada git fetch git checkout v0.1
...
cd xfrm-ada make
make[1]: Entering directory /root/shared/compile/xfrm-ada
cp include/xfrm.h thin
(cd thin g -fdump-ada-spec xfrm.h)
Compile...[Ada] xfrm.ads
Build Libraries[index] libxfrmada.a
make[1]: Leaving directory /root/shared/compile/xfrm-adacd xfrm-ada make PREFIX/usr/local/ada install
...
make[1]: Leaving directory /root/shared/compile/xfrm-ada
make: Leaving directory /root/shared/compile如下为009_xfrm-proxy.mk的编译日志。xfrm-proxy用于处理内核XFRM模块的Acquire和Expire事件。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 009_xfrm-proxy.mk
make: Entering directory /root/shared/compile
[ -d xfrm-proxy ] || git clone https://git.codelabs.ch/git/xfrm-proxy.git xfrm-proxy
Cloning into xfrm-proxy...
cd xfrm-proxy git fetch git checkout v0.1cd xfrm-proxy make
make[1]: Entering directory /root/shared/compile/xfrm-proxy
Compile[Ada] xfrm_proxy.adb...
cd xfrm-proxy make install
mkdir -p /usr/local/bin
install -m 755 obj/xfrm_proxy /usr/local/bin
make[1]: Leaving directory /root/shared/compile/xfrm-proxy
make: Leaving directory /root/shared/compile如下为010_tkm.mk的编译日志。Trusted Key Manager是一个可信计算平台Trusted Computing Base其中实现了IKEv2协议的安全关键功能。TKM与IKEv2守护进程charon-tkm一同为IPSec提供秘钥管理服务。两者之间使用tkm-rpc库通信。x509/Ada用于证书处理XFRM/Ada用于和内核XFRM交互。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 010_tkm.mk
make: Entering directory /root/shared/compile
[ -d tkm ] || git clone https://git.codelabs.ch/git/tkm.git tkm
Cloning into tkm...
cd tkm git fetch git checkout e46eef9f0991ba2777dcde845c2e00b8df9c72f7cd tkm make tests make
make[1]: Entering directory /root/shared/compile/tkm
Compile[Ada] test_runner.adb
...
Passed : 61
...
make[1]: Entering directory /root/shared/compile/tkm
Compile[Ada] tkm_keymanager.adb
...cd tkm make install
make[1]: Entering directory /root/shared/compile/tkm
install -m 755 obj/tkm_cfgtool /usr/local/bin
cp schema/* /usr/local/share/tkm
make[1]: Leaving directory /root/shared/compile/tkm
make: Leaving directory /root/shared/compile如下为011_botan.mk的编译日志。botan为C语言编写的加密库。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 011_botan.mk
make: Entering directory /root/shared/compile
[ -d botan ] || git clone https://github.com/randombit/botan.git botan
Cloning into botan...
cd botan git fetch git checkout 3.3.0cd botan python3 ./configure.py --without-os-featuresthreads --disable-moduleslocking_allocator --disable-modulespkcs11,tls,x509,xmss make -j 4INFO: ./configure.py invoked with options --without-os-featuresthreads --disable-moduleslocking_allocator --disable-modulespkcs11,tls,x509,xmssINFO: Configuring to build Botan 3.3.0 (revision git:9074b04c1303a24e2084f8325fa570a5ad4f2478)...
make[1]: Entering directory /root/shared/compile/botan
...
build/obj/test/unit_x509.o -L. -lbotan-3 -lrt -o botan-test
make[1]: Leaving directory /root/shared/compile/botan
cd botan make install ldconfig
make[1]: Entering directory /root/shared/compile/botan
/usr/bin/python3 src/scripts/install.py --build-dirbuildINFO: Botan 3.3.0 installation to /usr/local complete
make[1]: Leaving directory /root/shared/compile/botan
make: Leaving directory /root/shared/compile如下为012_wolfssl.mk的编译日志。wolfssl为轻量级的SSL/TLS库。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 012_wolfssl.mk
make: Entering directory /root/shared/compile
[ -d wolfssl ] || git clone https://github.com/wolfSSL/wolfssl.git wolfssl
Cloning into wolfssl...
cd wolfssl git fetch --tags git checkout v5.6.4-stablecd wolfssl ./autogen.sh ./configure C_FLAGS-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB -DHAVE_AES_ECB -DHAVE_ECC_BRAINPOOL -DWOLFSSL_MIN_AUTH_TAG_SZ8 --disable-crypttests --disable-examples --enable-silent-rules --enable-aesccm --enable-aesctr --enable-aescfb --enable-camellia --enable-curve25519 --enable-curve448 --enable-des3 --enable-ecccustcurves --enable-ed25519 --enable-ed448 --enable-keygen --enable-max-rsa-bits8192 --enable-md4 --enable-rsapss --enable-sha3 --enable-shake256 make -j 4
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, build-aux.
...
Configuration summary for wolfssl version 5.6.4* Installation prefix: /usr/local* System type: pc-linux-gnu...CC wolfcrypt/src/src_libwolfssl_la-hmac.lo
...CC src/libwolfssl_la-tls13.loCCLD src/libwolfssl.la
make[1]: Leaving directory /root/shared/compile/wolfssl
cd wolfssl make install ldconfig
make[1]: Entering directory /root/shared/compile/wolfssl
make -j5 install-recursive
...
libtool: install: /usr/bin/install -c src/.libs/libwolfssl.lai /usr/local/lib/libwolfssl.la
libtool: finish: PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin ldconfig -n /usr/local/lib
...
make[1]: Leaving directory /root/shared/compile/wolfssl
make: Leaving directory /root/shared/compile如下为013_strongswan.mk的编译日志。strongswan版本为5.9.14在configure时enable使能所有的特性。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 013_strongswan.mk
make: Entering directory /root/shared/compile
wget https://download.strongswan.org/strongswan-5.9.14.tar.bz2
--2024-12-09 13:39:06-- https://download.strongswan.org/strongswan-5.9.14.tar.bz2
...2024-12-09 13:39:08 (4.31 MB/s) - ‘strongswan-5.9.14.tar.bz2’ saved [4869709/4869709]tar xfj strongswan-5.9.14.tar.bz2
echo 5.9.14 /root/shared/.strongswan-version
cd strongswan-5.9.14 ./configure --enable-silent-rules --sysconfdir/etc --with-strongswan-conf/etc/strongswan.conf.testing --with-random-device/dev/urandom --disable-load-warning --enable-curl --enable-soup --enable-ldap --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-sql --enable-eap-md5 --enable-md4 --enable-eap-mschapv2 --enable-eap-identity --enable-eap-radius --enable-eap-dynamic --enable-eap-tls --enable-eap-ttls --enable-eap-peap --enable-eap-tnc --enable-tnc-ifmap --enable-tnc-pdp --enable-tnc-imc --enable-tnc-imv --enable-tnccs-11 --enable-tnccs-20 --enable-tnccs-dynamic --enable-imc-test --enable-imv-test --enable-imc-scanner --enable-imv-scanner --enable-imc-os --enable-imv-os --enable-imc-attestation --enable-imv-attestation --enable-imc-swima --enable-imv-swima --enable-imc-hcd --enable-imv-hcd --enable-sql --enable-sqlite --enable-attr-sql --enable-mediation --enable-botan --enable-openssl --enable-blowfish --enable-kernel-pfkey --enable-integrity-test --enable-leak-detective --enable-load-tester --enable-test-vectors --enable-gcrypt --enable-socket-default --enable-socket-dynamic --enable-dhcp --enable-farp --enable-connmark --enable-forecast --enable-addrblock --enable-ctr --enable-ccm --enable-gcm --enable-cmac --enable-chapoly --enable-ha --enable-af-alg --enable-whitelist --enable-xauth-generic --enable-xauth-eap --enable-pkcs8 --enable-unity --enable-unbound --enable-ipseckey --enable-dnscert --enable-acert --enable-cmd --enable-libipsec --enable-kernel-libipsec --enable-tkm --enable-ntru --enable-lookip --enable-bliss --enable-sha3 --enable-newhope --enable-systemd --enable-counters --enable-save-keys --enable-python-eggs --enable-wolfssl
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -pstrongswan编译使能了以下的插件 strongSwan will be built with the following plugins
-----------------------------------------------------
libstrongswan: test-vectors unbound ldap aes des blowfish rc2 sha2 sha3 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl wolfssl gcrypt botan pkcs8 af-alg fips-prf gmp curve25519 chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg newhope bliss curl soup sqlite
libcharon: dnscert ipseckey attr attr-sql load-tester kernel-libipsec kernel-pfkey kernel-netlink resolve save-keys socket-default socket-dynamic connmark forecast farp stroke vici sql updown eap-identity eap-sim eap-sim-file eap-aka eap-aka-3gpp2 eap-simaka-sql eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap tnc-ifmap tnc-pdp dhcp ha whitelist lookip addrblock unity counters
libtnccs: tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic
libtpmtss: 以下开始strongswan的编译。
cd strongswan-5.9.14 make -j 4
make[1]: Entering directory /root/shared/compile/strongswan-5.9.14
make -s all-recursive
make[2]: Entering directory /root/shared/compile/strongswan-5.9.14
Making all in src
make[3]: Entering directory /root/shared/compile/strongswan-5.9.14/src
Making all in .
Making all in include
Making all in libstrongswan
make[4]: Entering directory /root/shared/compile/strongswan-5.9.14/src/libstrongswan
make[5]: Entering directory /root/shared/compile/strongswan-5.9.14/src/libstrongswan
Making all in .
make[6]: Entering directory /root/shared/compile/strongswan-5.9.14/src/libstrongswanCC library.loCC crypto/crypto_factory.lo...
make[1]: Leaving directory /root/shared/compile/strongswan-5.9.14cd strongswan-5.9.14 make -j install \cd ./src/libcharon/plugins/vici/python python3 setup.py install
make[1]: Entering directory /root/shared/compile/strongswan-5.9.14
...
Processing dependencies for vici5.9.14
Finished processing dependencies for vici5.9.14
make: Leaving directory /root/shared/compile如下为014_swid_generator.mk的编译日志。软件身份标签生成器[SoftWare IDentification (SWID) Tags Generator]。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 014_swid_generator.mk
make: Entering directory /root/shared/compile
wget --ca-directory/usr/share/ca-certificates/mozilla https://github.com/strongswan/swidGenerator/archive/v1.1.0.tar.gz -O swidGenerator-v1.1.0.tar.gzLocation: https://codeload.github.com/strongswan/swidGenerator/tar.gz/refs/tags/v1.1.0 [following]
...
2024-12-09 13:47:19 (14.3 MB/s) - ‘swidGenerator-v1.1.0.tar.gz’ saved [36370169][ -d swidGenerator-v1.1.0 ] || (mkdir -p swidGenerator-v1.1.0; tar -xf swidGenerator-v1.1.0.tar.gz --strip-components1 -C swidGenerator-v1.1.0)
cd swidGenerator-v1.1.0 SETUPTOOLS_USE_DISTUTILSstdlib python3 setup.py install
...
Processing dependencies for swid-generator1.1.0
Searching for distro
Reading https://pypi.org/simple/distro/
Downloading https://files.pythonhosted.org/packages/12/b3/231ffd4ab1fc9d679809f356cebee130ac7daa00d6d6f3206dd4fd137e9e/distro-1.9.0-py3-none-any.whl#sha2567bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2
Best match: distro 1.9.0
Processing distro-1.9.0-py3-none-any.whl
Installing distro-1.9.0-py3-none-any.whl to /usr/local/lib/python3.11/dist-packages
Adding distro 1.9.0 to easy-install.pth file
Installing distro script to /usr/local/binInstalled /usr/local/lib/python3.11/dist-packages/distro-1.9.0-py3.11.egg
Finished processing dependencies for swid-generator1.1.0
make: Leaving directory /root/shared/compile如下为015_strongTNC.mk的编译日志。strongTNC为strongswan的安全网络连接Trusted Network Connect扩展。它定义了所有VPN客户端需要满足的TNC策略和加强策略。strongTNC依赖于Django。参见依赖文件strongTNC-1.0.2/requirements.txt。
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make SWANVERSION5.9.14 -C /root/shared/compile -f 015_strongTNC.mk
make: Entering directory /root/shared/compile
wget --ca-directory/usr/share/ca-certificates/mozilla/ https://github.com/strongswan/strongTNC/archive/1.0.2.zip -O strongTNC-1.0.2.zip
Location: https://codeload.github.com/strongswan/strongTNC/zip/refs/tags/1.0.2 [following]
--2024-12-09 13:47:24-- https://codeload.github.com/strongswan/strongTNC/zip/refs/tags/1.0.2
...
2024-12-09 13:47:26 (1.52 MB/s) - ‘strongTNC-1.0.2.zip’ saved [913483][ -d strongTNC-1.0.2 ] || unzip strongTNC-1.0.2.zip
Archive: strongTNC-1.0.2.zip
9c9170bc131ef156097878f07efb62a894d171da...inflating: strongTNC-1.0.2/vagrant/provisioning/roles/strongtnc/vars/main.yml
python3 -m venv /usr/local/venvs/tnc
/usr/local/venvs/tnc/bin/pip download -d strongTNC-deps -r strongTNC-1.0.2/requirements.txt
...
Successfully installed Django-3.2.15 Markdown-3.3.4 aiodns-3.2.0 asgiref-3.8.1 cffi-1.17.1 dj-database-url-0.4.1 django-filter-2.4.0 djangorestframework-3.12.4 djangorestframework-camel-case-1.2.0 dnspython-2.1.0 lxml-4.9.1 pyasn1-0.6.1 pyasn1_modules-0.4.1 pycares-4.5.0 pycparser-2.22 pytz-2020.1 slixmpp-1.8.2 sqlparse-0.5.2
cp -r strongTNC-1.0.2 /var/www/tnc chgrp -R www-data /var/www/tnc chmod gsw /var/www/tnc
make: Leaving directory /root/shared/compile脚本执行完成On_Exit执行退出操作。
On_Exit: rm /srv/strongswan-testing/build/loop/etc/resolv.conf
On_Exit: umount /srv/strongswan-testing/build/loop/root/shared
On_Exit: umount /srv/strongswan-testing/build/loop/proc
On_Exit: umount /srv/strongswan-testing/build/loop
On_Exit: qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnectedbuild-guestkernel
testing.conf文件中默认内核补丁ha-6.5-abicompat-raw-sockets.patch.bz2发生下载失败修改成使用ha-6.4-abicompat.patch.bz2。
cd $BUILDDIRif [ ! -f $KERNELTARBALL ]
thenurlhttps://cdn.kernel.org/pub/linux/kernel/v${KERNELVERSION:0:1}.x/$KERNELTARBALLlog_action Downloading $urlexecute wget -q $url
fiif [[ $KERNELPATCH ! -f $KERNELPATCH ]]
thenurlhttps://download.strongswan.org/testing/$KERNELPATCHlog_action Downloading $urlexecute wget -q $url
fi相应日志如下。
wget -q https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.8.1.tar.xz
wget -q https://download.strongswan.org/testing/ha-6.4-abicompat.patch.bz2
tar xJf linux-6.8.1.tar.xz
patching file include/linux/netfilter_defs.h
patching file include/net/netns/netfilter.h
patching file include/net/xfrm.h
Hunk #2 succeeded at 1832 (offset 2 lines).
patching file include/uapi/linux/netfilter.h
patching file net/ipv4/netfilter/Kconfig
patching file net/ipv4/netfilter/Makefile
patching file net/ipv4/netfilter/ipt_CLUSTERIP.c
patching file net/xfrm/xfrm_input.c
Hunk #3 succeeded at 447 (offset -4 lines).
Hunk #4 succeeded at 636 (offset -6 lines).
patching file net/xfrm/xfrm_output.c
Hunk #1 succeeded at 487 (offset 1 line).
Hunk #2 succeeded at 558 (offset 1 line).
patching file net/xfrm/xfrm_replay.c配置内核开始编译。
cd $KERNELDIRif [ ! -f .config ]
thenexecute cp $KERNELCONFIG .config 0
fiecho Creating kernel configuration, you might get prompted for new parameters
make oldconfig 21 | tee -a $LOGFILElog_action Compiling the kernel
execute make -j5内核编译日志。
cp /home/kai/work/strongswan-5.9.14/testing/scripts/../config/kernel/config-6.8 .configHOSTCC scripts/basic/fixdepHOSTCC scripts/kconfig/util.oHOSTLD scripts/kconfig/conf
*
* Restart config...
*
*
* Mitigations for speculative execution vulnerabilities
*
Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS) [Y/n/?] yRemove the kernel mapping in user mode (PAGE_TABLE_ISOLATION) [Y/n/?] yAvoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] yEnable return-thunks (RETHUNK) [Y/n/?] yEnable UNRET on kernel entry (CPU_UNRET_ENTRY) [Y/n/?] yMitigate RSB underflow with call depth tracking (CALL_DEPTH_TRACKING) [Y/n/?] yEnable call thunks and call depth tracking debugging (CALL_THUNKS_DEBUG) [N/y/?] nEnable IBPB on kernel entry (CPU_IBPB_ENTRY) [Y/n/?] yEnable IBRS on kernel entry (CPU_IBRS_ENTRY) [Y/n/?] yMitigate speculative RAS overflow on AMD (CPU_SRSO) [Y/n/?] yMitigate Straight-Line-Speculation (SLS) [N/y/?] nForce GDS Mitigation (GDS_FORCE_MITIGATION) [N/y/?] nRFDS Mitigation (MITIGATION_RFDS) [Y/n/?] (NEW) n
*
* Memory initialization
*
Initialize kernel stack variables at function entry1. no automatic stack variable initialization (weakest) (INIT_STACK_NONE)2. pattern-init everything (strongest) (INIT_STACK_ALL_PATTERN) (NEW)3. zero-init everything (strongest and safest) (INIT_STACK_ALL_ZERO) (NEW)
choice[1-3?]:
Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [N/y/?] n
Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n
Enable register zeroing on function exit (ZERO_CALL_USED_REGS) [N/y/?] n
#
# configuration written to .config
#
make -j5GEN arch/x86/include/generated/asm/orc_hash.h
...kzhangOBJCOPY arch/x86/boot/setup.binBUILD arch/x86/boot/bzImage
Kernel: arch/x86/boot/bzImage is ready (#1)build-certs
build-certs脚本生成strongswan测试用例使用到的证书文件。
mkdir -p $LOOPDIR
mkdir -p $IMGDIRlog_action Connecting root image to NBD device $NBDEV
execute qemu-nbd -c $NBDEV $ROOTIMG
do_on_exit qemu-nbd -d $NBDEV
partprobe $NBDEVlog_action Mounting $NBDPARTITION to $LOOPDIR
execute mount $NBDPARTITION $LOOPDIR
do_on_exit umount $LOOPDIRlog_action Mounting proc filesystem to $LOOPDIR/proc
execute mount -t proc none $LOOPDIR/proc
do_on_exit umount $LOOPDIR/procmkdir -p $LOOPDIR/root/testing
log_action Mounting ${DIR} as /root/testing
execute bindfs -u $SRCUID -g $SRCGID --create-for-user$SRCUID --create-for-group$SRCGID ${DIR} $LOOPDIR/root/testing
do_on_exit umount $LOOPDIR/root/testinglog_action Building certificates
execute_chroot /root/testing/scripts/build-certs-chroot具体有build-certs-chroot脚本完成。
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/root.qcow2
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
mount -t proc none /srv/strongswan-testing/build/loop/proc
bindfs -u 1000 -g 1000 --create-for-user1000 --create-for-group1000 /home/kai/work/strongswan-5.9.14/testing/scripts/.. /srv/strongswan-testing/build/loop/root/testing
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin /root/testing/scripts/build-certs-chrootbuild-guestimages
测试配置文件testing.conf中定义了STRONGSWANHOSTS变量${STRONGSWANHOSTS“alice bob carol dave moon sun venus winnetou”}。以下为每个客户机生成镜像。
for host in $STRONGSWANHOSTS
dolog_action Creating guest image for $hostexecute qemu-img create -b $ROOTIMG -f $IMGEXT -F $IMGEXT $IMGDIR/$host.$IMGEXT 0execute qemu-nbd -c $NBDEV $IMGDIR/$host.$IMGEXT 0partprobe $NBDEVexecute mount $NBDPARTITION $LOOPDIR 0execute cp -rf $HOSTSDIR/default/* $LOOPDIR 0execute cp -rf $HOSTSDIR/${host}/etc $LOOPDIR 0execute_chroot ldconfig 0execute mkdir $LOOPDIR/etc/pts 0if [ $host alice ]thenexecute mkdir $LOOPDIR/var/log/apache2/tnc 0execute_chroot chgrp www-data /etc/pts 0execute_chroot chmod gw /etc/pts 0fiwinnetou作为测试服务器需要安装apache2openldapdns等服务。 if [ $host winnetou ]thenexecute mkdir $LOOPDIR/var/log/apache2/ocsp 0execute cp -rf $DIR/../images $LOOPDIR/var/www/ 0execute cp -rf $DIR/../css $LOOPDIR/var/www/ 0execute mkdir $LOOPDIR/var/www/testresults 0execute_chroot a2enmod -q cgid 0execute_chroot a2enmod -q rewrite 0execute_chroot mkdir /var/www/certs 0execute_chroot mkdir /var/www/certs/research /var/www/certs/sales 0execute_chroot /etc/ca/generate-crl 0execute_chroot rm -rf /var/lib/ldap/* 0execute_chroot slapadd -l /etc/ldap/ldif.txt -f /etc/ldap/slapd.conf 0execute_chroot chown -R openldap:openldap /var/lib/ldap 0execute_chroot dnssec-signzone -K /etc/bind -o strongswan.org. /etc/bind/db.strongswan.org 0execute_chroot dnssec-signzone -K /etc/bind -o org. /etc/bind/db.org 0execute_chroot dnssec-signzone -K /etc/bind -o . /etc/bind/db.root 0# on bullseye and newer, enabling via bind9 doesnt work, while# disabling does, so use named here. on the other hand, older releases# like buster dont have named service filesSERVICESapache2 slapdcase $BASEIMGSUITE inbuster)SERVICES$SERVICES bind9;;*)SERVICES$SERVICES named;;esacfor service in $SERVICESdoexecute_chroot systemctl enable $service 0donefisyncexecute umount -l $LOOPDIR 0execute qemu-nbd -d $NBDEV 0log_status 0
donealice虚机镜像构建日志。
qemu-img create -b /srv/strongswan-testing/build/images/root.qcow2 -f qcow2 -F qcow2 /srv/strongswan-testing/build/images/alice.qcow2
Formatting /srv/strongswan-testing/build/images/alice.qcow2, fmtqcow2 cluster_size65536 extended_l2off compression_typezlib size2621440000 backing_file/srv/strongswan-testing/build/images/root.qcow2 backing_fmtqcow2 lazy_refcountsoff refcount_bits16
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/alice.qcow2
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/etc /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/root /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/usr /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/alice/etc /srv/strongswan-testing/build/loop
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ldconfig
mkdir /srv/strongswan-testing/build/loop/etc/pts
mkdir /srv/strongswan-testing/build/loop/var/log/apache2/tnc
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin chgrp www-data /etc/pts
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin chmod gw /etc/pts
umount -l /srv/strongswan-testing/build/loop
qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnectedbob虚机镜像构建日志。
qemu-img create -b /srv/strongswan-testing/build/images/root.qcow2 -f qcow2 -F qcow2 /srv/strongswan-testing/build/images/bob.qcow2
Formatting /srv/strongswan-testing/build/images/bob.qcow2, fmtqcow2 cluster_size65536 extended_l2off compression_typezlib size2621440000 backing_file/srv/strongswan-testing/build/images/root.qcow2 backing_fmtqcow2 lazy_refcountsoff refcount_bits16
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/bob.qcow2
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/etc /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/root /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/usr /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/bob/etc /srv/strongswan-testing/build/loop
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ldconfig
mkdir /srv/strongswan-testing/build/loop/etc/pts
umount -l /srv/strongswan-testing/build/loop
qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnectedcarol虚机镜像构建日志。
qemu-img create -b /srv/strongswan-testing/build/images/root.qcow2 -f qcow2 -F qcow2 /srv/strongswan-testing/build/images/carol.qcow2
Formatting /srv/strongswan-testing/build/images/carol.qcow2, fmtqcow2 cluster_size65536 extended_l2off compression_typezlib size2621440000 backing_file/srv/strongswan-testing/build/images/root.qcow2 backing_fmtqcow2 lazy_refcountsoff refcount_bits16
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/carol.qcow2
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/etc /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/root /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/usr /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/carol/etc /srv/strongswan-testing/build/loop
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ldconfig
mkdir /srv/strongswan-testing/build/loop/etc/pts
umount -l /srv/strongswan-testing/build/loop
qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnecteddave虚机镜像构建日志。
qemu-img create -b /srv/strongswan-testing/build/images/root.qcow2 -f qcow2 -F qcow2 /srv/strongswan-testing/build/images/dave.qcow2
Formatting /srv/strongswan-testing/build/images/dave.qcow2, fmtqcow2 cluster_size65536 extended_l2off compression_typezlib size2621440000 backing_file/srv/strongswan-testing/build/images/root.qcow2 backing_fmtqcow2 lazy_refcountsoff refcount_bits16
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/dave.qcow2
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/etc /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/root /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/usr /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/dave/etc /srv/strongswan-testing/build/loop
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ldconfig
mkdir /srv/strongswan-testing/build/loop/etc/pts
umount -l /srv/strongswan-testing/build/loop
qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnectedmoon虚机镜像构建日志。
qemu-img create -b /srv/strongswan-testing/build/images/root.qcow2 -f qcow2 -F qcow2 /srv/strongswan-testing/build/images/moon.qcow2
Formatting /srv/strongswan-testing/build/images/moon.qcow2, fmtqcow2 cluster_size65536 extended_l2off compression_typezlib size2621440000 backing_file/srv/strongswan-testing/build/images/root.qcow2 backing_fmtqcow2 lazy_refcountsoff refcount_bits16
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/moon.qcow2
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/etc /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/root /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/usr /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/moon/etc /srv/strongswan-testing/build/loop
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ldconfig
mkdir /srv/strongswan-testing/build/loop/etc/pts
umount -l /srv/strongswan-testing/build/loop
qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnectedsun虚机镜像构建日志。
qemu-img create -b /srv/strongswan-testing/build/images/root.qcow2 -f qcow2 -F qcow2 /srv/strongswan-testing/build/images/sun.qcow2
Formatting /srv/strongswan-testing/build/images/sun.qcow2, fmtqcow2 cluster_size65536 extended_l2off compression_typezlib size2621440000 backing_file/srv/strongswan-testing/build/images/root.qcow2 backing_fmtqcow2 lazy_refcountsoff refcount_bits16
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/sun.qcow2
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/etc /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/root /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/usr /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/sun/etc /srv/strongswan-testing/build/loop
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ldconfig
mkdir /srv/strongswan-testing/build/loop/etc/pts
umount -l /srv/strongswan-testing/build/loop
qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnectedvenus虚机镜像构建日志。
qemu-img create -b /srv/strongswan-testing/build/images/root.qcow2 -f qcow2 -F qcow2 /srv/strongswan-testing/build/images/venus.qcow2
Formatting /srv/strongswan-testing/build/images/venus.qcow2, fmtqcow2 cluster_size65536 extended_l2off compression_typezlib size2621440000 backing_file/srv/strongswan-testing/build/images/root.qcow2 backing_fmtqcow2 lazy_refcountsoff refcount_bits16
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/venus.qcow2
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/etc /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/root /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/usr /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/venus/etc /srv/strongswan-testing/build/loop
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ldconfig
mkdir /srv/strongswan-testing/build/loop/etc/pts
umount -l /srv/strongswan-testing/build/loop
qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnectedwinnetou虚机镜像构建日志。
qemu-img create -b /srv/strongswan-testing/build/images/root.qcow2 -f qcow2 -F qcow2 /srv/strongswan-testing/build/images/winnetou.qcow2
Formatting /srv/strongswan-testing/build/images/winnetou.qcow2, fmtqcow2 cluster_size65536 extended_l2off compression_typezlib size2621440000 backing_file/srv/strongswan-testing/build/images/root.qcow2 backing_fmtqcow2 lazy_refcountsoff refcount_bits16
qemu-nbd -c /dev/nbd0 /srv/strongswan-testing/build/images/winnetou.qcow2
mount /dev/nbd0p1 /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/etc /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/root /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/default/usr /srv/strongswan-testing/build/loop
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../hosts/winnetou/etc /srv/strongswan-testing/build/loop
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ldconfig
mkdir /srv/strongswan-testing/build/loop/etc/pts
mkdir /srv/strongswan-testing/build/loop/var/log/apache2/ocsp
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../images /srv/strongswan-testing/build/loop/var/www/
cp -rf /home/kai/work/strongswan-5.9.14/testing/scripts/../css /srv/strongswan-testing/build/loop/var/www/
mkdir /srv/strongswan-testing/build/loop/var/www/testresults
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin a2enmod -q cgid
Enabling module cgid.
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin a2enmod -q rewrite
Enabling module rewrite.
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin mkdir /var/www/certs
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin mkdir /var/www/certs/research /var/www/certs/sales
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin /etc/ca/generate-crl
read EC key
writing EC key
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin rm -rf /var/lib/ldap/*
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin slapadd -l /etc/ldap/ldif.txt -f /etc/ldap/slapd.conf
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin chown -R openldap:openldap /var/lib/ldap
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin dnssec-signzone -K /etc/bind -o strongswan.org. /etc/bind/db.strongswan.org
Verifying the zone using the following algorithms:
- RSASHA256
Zone fully signed:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revokedZSKs: 1 active, 0 stand-by, 0 revoked
/etc/bind/db.strongswan.org.signed
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin dnssec-signzone -K /etc/bind -o org. /etc/bind/db.org
Verifying the zone using the following algorithms:
- RSASHA256
Zone fully signed:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revokedZSKs: 1 active, 0 stand-by, 0 revoked
/etc/bind/db.org.signed
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin dnssec-signzone -K /etc/bind -o . /etc/bind/db.root
Verifying the zone using the following algorithms:
- RSASHA256
Zone fully signed:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revokedZSKs: 1 active, 0 stand-by, 0 revoked
/etc/bind/db.root.signed
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin systemctl enable apache2
Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apache2
Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service.
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin systemctl enable slapd
slapd.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable slapd
chroot /srv/strongswan-testing/build/loop env PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin systemctl enable named
Synchronizing state of named.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable named
Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service.
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service.
umount -l /srv/strongswan-testing/build/loop
qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnected脚本结束执行退出操作。
On_Exit: umount /srv/strongswan-testing/build/loop
umount: /srv/strongswan-testing/build/loop: not mounted.
On_Exit: qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnected
