net-snmp: introduce new ssl variant for net-snmp and enable SNMP V3 #26216
Conversation
There was a problem hiding this comment.
The logging support in the init script and example config are not related to the snmpv3 changes, so they should go in a separate commit.
You're also adding a meta package that selects all snmp packages, but it's not described in the commit message. While you add that, explain why it's needed.
Finally, the changes cause a recursive dependency that must be fixed:
tmp/.config-package.in:56442:error: recursive dependency detected!
tmp/.config-package.in:56442: symbol PACKAGE_libnetsnmp-ssl depends on PACKAGE_libnetsnmp
tmp/.config-package.in:56425: symbol PACKAGE_libnetsnmp is selected by PACKAGE_libnetsnmp-ssl
|
I separated these changes to make a clear separation. You're right! I think you mean net-snmp-ssl with the meta package? I added some context to the commit message. I fixed the recursive dependency. It was a forgotten Thank you for your review and I look forward to the re-review. |
|
The example config for logging should go in the commit that adds logging support in the init script. Similarly, the example config for SNMPv3 should go in the commit that adds SNMPv3 support in the init script. |
|
I see! Now it is updated. I placed them in the mentioned commits. |
There was a problem hiding this comment.
Somehow I was able to end up with this in my .config:
CONFIG_PACKAGE_libnetsnmp=y
CONFIG_PACKAGE_libnetsnmp-ssl=y
This results in the following error during build:
* check_conflicts_for: The following packages conflict with libnetsnmp-ssl:
* check_conflicts_for: libnetsnmp *
* opkg_install_cmd: Cannot install package libnetsnmp-ssl.
* check_conflicts_for: The following packages conflict with libnetsnmp-ssl:
* check_conflicts_for: libnetsnmp *
* opkg_install_cmd: Cannot install package snmpd-ssl.
* check_conflicts_for: The following packages conflict with libnetsnmp-ssl:
* check_conflicts_for: libnetsnmp *
* opkg_install_cmd: Cannot install package libnetsnmp-ssl.
It should not be possible to select both variants.
Following commits will introduce a new variant ssl that provides ssl encryption possibility needed by SNMP V3. So this commit tags the basic variant nossl and encapsulates needed packages in the same logic. Signed-off-by: Christian Korber <[email protected]>
This commit introduces the new ssl variant of net-snmp (net-snmp-ssl). This meta package is needed to clearly distinquish between support for SNMPv3 (with encryption) and the default variant (net-snmp) without encryption. It also integrates a differentiation between the now two variants and compiles them conditionally. Signed-off-by: Christian Korber <[email protected]>
This commit adds function `snmpd_snmpv3_add` to the init script to support SNMPv3. Signed-off-by: Christian Korber <[email protected]>
To support logging in net-snmp this commit introduces this feature. Signed-off-by: Christian Korber <[email protected]>
|
I resolved the conflicts now. It shouldn't be possible to create such conflicts. |
Maintainer: @stintel
Compile tested: x86_64, Openwrt 24.10
Run tested: x86_64, Openwrt 24.10
Description:
Openssl is needed to implement encryption and authentification for SNMPv3.
As discussed in PR #25178 and also PR #25444 I added a variant for net-snmp that compiles libnetsnmp
with libopenssl (for SNMPv3). The default compilation is with the former variant.
The features for SNMPv3 are added to snmpd.init file and the possibility
to log messages to syslog or a log file..