February 6th, 2023

Agenda

  • openvpn-2.6.0 - Setup for openssl-3.x and with some older deprecated options now removed. Breakage point for IPFire?
  • strongSwan 6.x drops the "stroke" interface, how do we deal with that?
  • IPFire Event - Narrow down any dates
  • Infrastructure Update
    • Better packed Git repositories
    • New Server: Parts are ordered, waiting for assembly
  • Feedback on Core Update 173 Testing
  • How to deal with multiple sources for IPFire package tarballs

Attendees

  • Adolf
  • Arne
  • Daniel
  • Michael
  • Peter

Log

  • Core Update 173 testing feedback
    • Peter has to double-check that all CGI files are properly shipped
    • Also, OpenVPN needs to be shipped en block to apply the authenticator changes
    • libtirpc is still a dependency to another add-on, which must be updated as well
    • Note to Peter: Take care of rootfile changes on some architectures
    • Also, there are some quirks in the testing announcement :-)
    • Michael updates the documentation for QMI changes
    • OpenSSL security release scheduled for tomorrow, Peter takes care
  • OpenVPN 2.6.0 introducing breaking changes
    • Support for 64-bit ciphers has been removed
    • Some other things we currently rely on (subnet config, etc.) are no longer in there as well
    • We can smooth this transition somewhat, but there is no way of getting around touch the clients' configuration
    • How do we plan to (no, sorry, "potentially") move forward:
      1. We have to stay on OpenVPN 2.5.x and OpenSSL 1.1.1x for the time being
      2. Erik submitted a patchset in 2021 which is a good starting point
      3. Adolf will have a look at it and compile an applicable patchset from it, if possible
      4. The cipher changes will have to go out first, the subnet changes are still a bit away
  • strongSwan 6.x
    • This needs quite some work, but at least we can do all that without breaking existing connections
  • How to deal with multiple sources for IPFire package tarballs
    • Given occasion: colm and ragel
    • "If I'm looking for something, how am I supposed to know where I should get it from?"
    • What is the first preference if there are multiple? GitHub? Website? ???
    • Answer: Try to go for the maintainers' tarball, if possible. If GitHub is required, try to avoid the auto generated tarballs.
    • Michael has taken care of the orphaned colm and ragel tarballs, so Adolf can upload the proper tarballs now
  • Adolf gets in touch with Stefan regarding some Suricata bugs (we wish Stefan all the best)
  • Infrastructure update
Edit Page ‐ Yes, you can edit!
Last changed by Peter Müller, February 6, 2023 View Older Revisions