-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EasyRSA on Windows 11 with mksh
hangs
#1075
Comments
First test: On Windows 11, open To test command This MUST be fixed -- There is NO work-around. |
Instructions for testing
|
Is this MKSH hangup still an issue or are you fine with busybox? R39-w32-beta14 of the MKSH port was released in an early state where the developer was not happy with. Similar problems where observed in some situations when Win 10 was introduced. There is a R39-w32-beta28 as of 2017 available. It contains some stability fixes which bay be worth a try. If anybody is interested, i can provide it. Unfortunaltely, i actually dont have access to a Win 11 instance but will try it out asap. |
@OutOfEspresso Hi, Busy-box for Windows would be my preferred solution because we can build it ourselves. However, OpenVPN developers feel that this is another unnecessary dependency. If we have a new version of MKSH then I can provide a .zip file for Windows testing. All I need is a link to the MKSH project. |
To be honest, there is no MKSH W32 project. The port was done since we had to replace the commercial "MKS Toolkit" with a free solution. We did not find anything suitable and thus, decided to do a port of MKSH our own and give the result back to the community as a one shot. This shot was beta14, which had to be released before 2013-06-30 due to legal reasons. For the product we needed it for, it did its job. After the product requiring it was depreciated, the only remaining usecase was my personal use. As mentioned, i made some fixes until 2017 and thats it for now. I attached the latest version just here Fun fact: As you may have seen, this port lacks filename completion and the ksh-like history using vi syntax. I never found the time to implement this. Today i came across this missing feature one more time and did a Google search to see if somebody else made a more complete port during the last years. What i found was this issue which forced me to create a GitHub Account and leave the above comment... |
@OutOfEspresso Sorry but your random binary is not suitable for EasyRSA. Perhaps, if you publish the source code and build instructions on your new github homepage .. |
...i was afraid and i understand. But that is all I can offer for now. If anybody tests, states that it is working and is interested in continue using it, i can provide the sources for this release too. ...just saw your edit... Ok, we are thinking towards the same direction. But before i take this effort, please try out if beta 28 fixes the problem. If yes, i will get in touch with the mirbsd team to check, how to provide the sources. |
I am not in the habit of running random binaries from strangers on the internet and this is no exception. If you are serious then do what you need to do. |
Who is "we", and what's the context? Is the current EDIT: As far as I can tell (by the license) it was by Scalaris AG easy-rsa/distro/windows/Licensing/mksh-Win32.txt Lines 4 to 6 in 7a372a4
And Scalaris AG switched ownership on 2013-07-01 - https://www.post.ch/en/about-us/news/2013/swiss-post-acquires-scalaris-ag-software-company . How did that binary get from Scalaris AG into EasyRSA for windows? Was it taken into the project back then as a binary without source code [patches] or build instructions? |
Exactly. "we" was Scalaris AG and I was the one who did the Port. In 2013, where Scalaris AG was due to be sold to Swiss Post Solutions AG, the port was ongoing but main functionallity working. On the other hand, nobody knew if Swiss Post Solutions is willing to contribute things as open source and I myself had no idea, who would be a person do decide this and how long it would take. Thus, a Scalaris collegue with power of procuration decided to do this as long as Scalaris is on its own and we released the latest beta available end of June 2013:
To complete the history: End of 2021, Swiss Post Solutions was sold again (https://www.post.ch/en/about-us/media/press-releases/2021/swiss-post-transfers-swiss-post-solutions-to-new-owner) and is now SPS AG. How did it get into EasyRSA? Most likely by downloading it from http://www.mirbsd.org/permalinks/wlog-10_e20130718-tg.htm#e20130718-tg_wlog-10. I sent the Zip to Thorsten Glaser, who released this way. This Zip contains binary, sources and build info. And yes, the binary EasyRSA provides is identical to the one contained in this Zip and the one I compiled 2013. My personal Email, Thorsten knows it, did never change but i did not hear anything and thus was nearly sure that nobody but me ever used it. When moving away my mail domain from the german provider GMX in 2023, the mksh-w32(at)gmx.net address, mentioned in the ReadMe was removed too. Since there was no incoming mail for lots of years, I did not expect this to become a problem. Btw: Did anybody try to contact me this way? |
Thanks for the info. So basically this port was developed internally in Salaris AG for internal reasons (replace MSK toolkit), and together you decided to contribute the source patches and binaries back to the mksh project, which was then published at http://www.mirbsd.org/permalinks/wlog-10_e20130718-tg.htm#e20130718-tg_wlog-10 and later the EasyRSA people probably found that binary on that page and decided to use it?
Yes, I can confirm that. Both have CRC32 of So that's a pretty good start. At least now we have the sources (which need VS2008, and don't include
This sounds to me like you worked on the public mksh-w32 sources for your personal needs, so I don't see how anyone could have an ownership claim on that development, other than yourself, right? In that case, could you please publish the sources you have which were used to compile that last version from 2017? For instance at a github repo you'll create for it? (you could tag the 2013 sources as beta14, then overwrite the files with the beta 28 sources, and tag it as such). If you're not familiar enough with git and/or otherwise don't have the time for it, would you publish the sources in a zip and attach it here or elsewhere and link to it? I don't see a reason why
I guess it just worked till this hang issue with windows 11... |
You say that, but that's exactly what It's the same binary from http://www.mirbsd.org/permalinks/wlog-10_e20130718-tg.htm#e20130718-tg_wlog-10 , and which the mksh project published as is without building it from the source themselves, and the EasyRSA project did exactly the same and used this binary without building it themselves, or else I'm quite sure the md5sum would have changed. So basically the EasyRSA project trusted the mksh people, who apparently trusted "Michael Langguth and Scalaris AG" and publish their binary unmodified. That's not at all to say that this beta28 binary should be taken without sources - it shouldn't IMO. Even if the sources do exist, then it would still be unwise to take an unknown binary. But assuming @OutOfEspresso is indeed Michael Langguth, then it was still kind of him to publish it, and hopefully he'll be able to provide the sources as well. And at least now we presumably have the sources to And if the beta28 sources would become available as well, then those might help too. |
Which is not the same version distributed by Easy-RSA. @OutOfEspresso Thanks for the details you have provided, perhaps you could have done that initially. @avih Thanks for pushing this. Once again, I do not think the new binary is suitable under the current circumstances. |
I did not say that. I said the current I would have definitely expected EasyRSA to compile it themselves and not trust a random binary which even the mksh people say they didn't compile themselves. But that's water under the bridge now.
Agreed. Which is why I think that as a starting point, EasyRSA should make an effort to build And if the beta-28 sources become available, check whether those can help too. |
No, it is not. |
It has the same md5sum as the binary available at http://www.mirbsd.org/permalinks/wlog-10_e20130718-tg.htm#e20130718-tg_wlog-10 and which the mksh people claim they didn't compile themselves and instead publish it because someone sent it to them. How would you call that anything other than "random binary which we didn't compile ourselves and we don't know who compiled it or from which sources" ? |
The binary offered by @OutOfEspresso came with zero verifiable details. The binaries shipped by Easy-RSA have all been verified, validated, tested and approved. @avih Your line of argument is not productive. If you believe there is a security concern then please send details to:
Easy-RSA does not allow distribution of random binaries. That is final. |
No, unfortunately. Further dedelopment followed the same agreement as the initial release. Thus, I am not the sole owner of it. I actually try to receive an Ok to publish the sources of beta 28 and get back if there are news.
Meanwhile I agree'd with the MirOS Project, that we most likely will release it at the same location as beta 14. |
Sounds good. Meanwhile, I've compiled beta 14 (after finding and extracting Here's my patch to make it compile. Care to comment if I'm missing something? patch to comment-out mtime() in liblan/systools.ccommit baabf4e2aee04ce39c3ec23d2189d487bd557731
Author: Avi Halachmi (:avih) <avihpit@yahoo.com>
Date: Tue Aug 6 20:02:07 2024 +0300
liblan: comment broken and unused mtime()
The file liblan/systools.c is required for the build (for "sleep",
and more), however, it doesn't compile with WIN32 defined, because
"timezone" in mtime() is unresolved (it looks like a WIP bug), and
it doesn't compile without WIN32 defined because neither msvc nor
mingw have <sys/statvfs.h>.
However, this function is unused by the code, so just comment it out.
However also, this might be an indication that the binary mksh.exe in
mksh-w32-beta14.zip might be built not from this exact source.
The project can now be built using VS 2015 cl.exe (32 bit):
- delete mksh/setmode.c (it's unused).
- cl /Femksh.exe /D WIN32 /D LIBLAN /I liblan /I nedmalloc
liblan/*.c mksh/*.c user32.lib winmm.lib advapi32.lib
diff --git a/liblan/systools.c b/liblan/systools.c
index a3b09bb..ca2d610 100644
--- a/liblan/systools.c
+++ b/liblan/systools.c
@@ -104,6 +104,11 @@ void msleep(long ms)
/*
* get the system time in ms since utc 1970
*/
+/*
+ * mtime() doesn't compile with WIN32 because "timezone" is unresolved.
+ * however, it's unused by mksh, so disable it for now
+ */
+/*
uint64 mtime(void)
{
uint64 ret;
@@ -134,6 +139,7 @@ uint64 mtime(void)
return(ret);
}
+*/
/*
* unique interface to statfs like information And here's the uint64 mtime(void)
{
uint64 ret;
#ifdef WIN32
SYSTEMTIME st;
struct tm tm;
GetSystemTime(&st);
tm.tm_year = st.wYear - 1900;
tm.tm_mon = st.wMonth - 1;
tm.tm_mday = st.wDay;
tm.tm_hour = st.wHour;
tm.tm_min = st.wMinute;
tm.tm_sec = st.wSecond;
tm.tm_isdst = 0;
ret = (uint64)mktime(&tm)*1000;
ret += (timezone * -1000) + st.wMilliseconds;
#else
struct timeb tb;
ftime(&tb);
ret= (uint64)tb.time*1000 + tb.millitm;
#endif
return(ret);
} |
What VC Release do you use? If i remember correctly, the newest one I tried in the past was VC 2013. Just tried my original upstream to the MirOS team using the old VC 2008 Express Installation and it compiles fine. The Zip downloaded from the official link also compiles liblan incl. systools.c but not mksh due to the missing nedmalloc, MirOS denied to include. Thus, i assume that there may be a compatibility issue with newer VC releases. From my "C:\Program Files (x86)\Visual Studio 9.0\VC\include\time.h":
And, believe it or not:
As mentioned, i have a library (liblan) containing some personal "Swiss Knife" Tools I wrote over the time. Useful things and things, I smile about nowadays... Anyway, I just used this lib for the MKSH port and removed any unused source files. But i did not remove unused functions from the remaining C files. Edit Forgot to mention: Cool! As i see it, you are the second one, succsessfully compiling mksh.exe on the planet. :-) |
Interesting. I used msvc 2015 (but sort of portable thing, extracted from a full install, so I don't have the IDE etc, just the build tools and the SDK). In However, in MSVC 6 there is indeed So either 2013 is the last which has
I guess. It doesn't look like the EasyRSA people compiled it.. |
@avih Your repeated attacks impugn not only Easy-RSA but also OpenVPN and MirBSD. |
The
busybox
installation detailed below is for historical reference ONLY.This discussion has moved onto a debate concerning future development of MKSH. Skip-to: #1075 (comment)
Follow-up set: #1078
This is specifically:
Other versions of Windows may also be affected. If you are able to test another version of Windows which experiences similar hangs then please leave your feedback here.
mksh
built-in commandread
easyrsa
use ofread
to ask for user input.Required testing:
sh.exe
and test the behavior ofread
.Volunteers welcome.
If you have access to any version of Windows then you can help by testing.
The text was updated successfully, but these errors were encountered: