sslh (and some general AddOn questions)

sslh (and some general AddOn questions)

[Tapani Tarvainen]

[-- Attachment #1: Type: text/plain, Size: 1456 bytes --]

Dear all,

The version of sslh in IPFire now, 1.7a, is very old, some 10 years,
and its parameters are hardcoded in /etc/init.d/sslh for one specific
use case (IPFire admin access).

I have a different use case for it: sharing port 443 with OpenVPN and
a web server in Orange. That would be easy with a more recent version
of sslh (OpenVPn first appeared in 1.8 in July 2011).

So I'd like to update the sslh AddOn with

(1) A more recent version of sslh. Latest upstream version is 1.21,
released on 11 July 2020, and I see no obvious reason not to use it,
although for the present purpose some older version might do as well.

Are there some specific procedures for updating AddOn binaries?

(2) Parameters in a configuration file. I'd be happy to edit it by
hand, writing a GUI for it would probably not be worth the trouble.

Is there some convention or guidelines where in IPFire such
configuration files should be put? Debian uses /etc/defaults/sslh,
sslh changelog presently suggests /etc/sslh.cfg.

Should a default configuration file be packaged as a separate
file, or should the init script create one if it's missing
or should it just use the hardcoded defaults in that case?

Are there guidelines or instructions for doing or proposing such
changes to AddOns?

I can't even find a category for them in the Bugzilla. Is there one?

My apologies if I'm missing something obvious, pointers to
documentation would be welcome.

-- 
Tapani Tarvainen

Re: sslh (and some general AddOn questions)

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2793 bytes --]

Hi Tapani,

On 15/01/2021 12:35, Tapani Tarvainen wrote:
> Dear all,
>
> The version of sslh in IPFire now, 1.7a, is very old, some 10 years,
> and its parameters are hardcoded in /etc/init.d/sslh for one specific
> use case (IPFire admin access).
>
> I have a different use case for it: sharing port 443 with OpenVPN and
> a web server in Orange. That would be easy with a more recent version
> of sslh (OpenVPn first appeared in 1.8 in July 2011).
>
> So I'd like to update the sslh AddOn with
>
> (1) A more recent version of sslh. Latest upstream version is 1.21,
> released on 11 July 2020, and I see no obvious reason not to use it,
> although for the present purpose some older version might do as well.
>
> Are there some specific procedures for updating AddOn binaries?
It is not a binary in the sense I would understand. The source file has c code in it that the required binaries are created from using the Makefile with autotools. Are you meaning something different from your comment?
> (2) Parameters in a configuration file. I'd be happy to edit it by
> hand, writing a GUI for it would probably not be worth the trouble.
>
> Is there some convention or guidelines where in IPFire such
> configuration files should be put? Debian uses /etc/defaults/sslh,
> sslh changelog presently suggests /etc/sslh.cfg.
The addons generally have any config files either directly under /etc or in a directory under /etc named after the addon program.
> Should a default configuration file be packaged as a separate
> file, or should the init script create one if it's missing
> or should it just use the hardcoded defaults in that case?

I would say that is up to the person updating the addon. sslh has its own addon page in the wiki but it isn't listed in the main addons page that lists all addons. You can only find it with the search bar in the wiki or if you know the url. https://wiki.ipfire.org/addons/sslh

My feeling would be not to have a specific use case hard coded in the init script but rather have a default config file. The source file includes a basic.cfg which could be used to fill that role. Then the addon page could be extended to mention about the cfg file and the need to review it before starting sslh.

> Are there guidelines or instructions for doing or proposing such
> changes to AddOns?
The wiki page on building addons can also be applied to updating or upgrading them. It helped me when I was first starting with updating the bacula addon. https://wiki.ipfire.org/devel/ipfire-2-x/addon-howto
> I can't even find a category for them in the Bugzilla. Is there one?
>
> My apologies if I'm missing something obvious, pointers to
> documentation would be welcome.
>
Hope the above inputs help.

Regards,

Adolf.

Re: sslh

[Tapani Tarvainen]

[-- Attachment #1: Type: text/plain, Size: 1202 bytes --]

On Fri, Jan 15, 2021 at 01:43:40PM +0100, Adolf Belka (adolf.belka(a)ipfire.org) wrote:

> sslh has its own addon page in the wiki but it isn't listed in the
> main addons page that lists all addons. You can only find it with
> the search bar in the wiki or if you know the url.
> https://wiki.ipfire.org/addons/sslh

Thank you, I'd missed that!

Moreover, the forum message linked in that page

https://forum.ipfire.org/viewtopic.php?f=52&t=9843#p123474

has someone wanting to do exactly what I had in mind!

And they've actually got it working (with version 1.20).

Guess I should pay more attention to the forum (I just hate
web forums in general...)

There's even a patch on the list:

https://lists.ipfire.org/pipermail/development/2019-April/005812.html

but apparently that was never followed through.

Looking at it, the only thing I'd really want to change is to drop the
DAEMON_OPTS variable and just put -F/etc/sshl.cfg there instead, and
default settings in that file. (Upgrading to 1.21 wouldn't hurt but
the differences between 1.20 and 1.21 are rather small.)

Is ummeegge (Erik Kapfer) still around and willing to work on this?

-- 
Tapani Tarvainen