[arch-commits] Commit in openvpn/repos (12 files)
Christian Hesse
eworm at archlinux.org
Tue Dec 27 13:58:37 UTC 2016
Date: Tuesday, December 27, 2016 @ 13:58:37
Author: eworm
Revision: 284861
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
openvpn/repos/testing-i686/
openvpn/repos/testing-i686/0001-plugin.patch
(from rev 284860, openvpn/trunk/0001-plugin.patch)
openvpn/repos/testing-i686/0002-do-not-race-on-RuntimeDirectory.patch
(from rev 284860, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch)
openvpn/repos/testing-i686/PKGBUILD
(from rev 284860, openvpn/trunk/PKGBUILD)
openvpn/repos/testing-i686/news.md
(from rev 284860, openvpn/trunk/news.md)
openvpn/repos/testing-i686/openvpn.install
(from rev 284860, openvpn/trunk/openvpn.install)
openvpn/repos/testing-x86_64/
openvpn/repos/testing-x86_64/0001-plugin.patch
(from rev 284860, openvpn/trunk/0001-plugin.patch)
openvpn/repos/testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch
(from rev 284860, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch)
openvpn/repos/testing-x86_64/PKGBUILD
(from rev 284860, openvpn/trunk/PKGBUILD)
openvpn/repos/testing-x86_64/news.md
(from rev 284860, openvpn/trunk/news.md)
openvpn/repos/testing-x86_64/openvpn.install
(from rev 284860, openvpn/trunk/openvpn.install)
-----------------------------------------------------------+
testing-i686/0001-plugin.patch | 46 ++++++
testing-i686/0002-do-not-race-on-RuntimeDirectory.patch | 59 +++++++
testing-i686/PKGBUILD | 89 ++++++++++++
testing-i686/news.md | 17 ++
testing-i686/openvpn.install | 24 +++
testing-x86_64/0001-plugin.patch | 46 ++++++
testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch | 59 +++++++
testing-x86_64/PKGBUILD | 89 ++++++++++++
testing-x86_64/news.md | 17 ++
testing-x86_64/openvpn.install | 24 +++
10 files changed, 470 insertions(+)
Copied: openvpn/repos/testing-i686/0001-plugin.patch (from rev 284860, openvpn/trunk/0001-plugin.patch)
===================================================================
--- testing-i686/0001-plugin.patch (rev 0)
+++ testing-i686/0001-plugin.patch 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,46 @@
+diff --git a/configure.ac b/configure.ac
+index f4073d0..5fe652e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -301,13 +301,12 @@ AC_ARG_WITH(
+ [with_crypto_library="openssl"]
+ )
+
+-AC_ARG_WITH(
+- [plugindir],
+- [AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])],
+- ,
+- [with_plugindir="\$(libdir)/openvpn/plugins"]
+-)
+-
++AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
++if test -n "${PLUGINDIR}"; then
++ plugindir="${PLUGINDIR}"
++else
++ plugindir="\${libdir}/openvpn/plugins"
++fi
+
+ AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
+ case "$host" in
+@@ -1245,7 +1244,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "ye
+ AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
+ AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
+
+-plugindir="${with_plugindir}"
+ sampledir="\$(docdir)/sample"
+ AC_SUBST([plugindir])
+ AC_SUBST([sampledir])
+diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
+index 4c18449..188834a 100644
+--- a/src/openvpn/Makefile.am
++++ b/src/openvpn/Makefile.am
+@@ -27,7 +27,8 @@ AM_CFLAGS = \
+ $(OPTIONAL_CRYPTO_CFLAGS) \
+ $(OPTIONAL_LZO_CFLAGS) \
+ $(OPTIONAL_LZ4_CFLAGS) \
+- $(OPTIONAL_PKCS11_HELPER_CFLAGS)
++ $(OPTIONAL_PKCS11_HELPER_CFLAGS) \
++ -DPLUGIN_LIBDIR=\"${plugindir}\"
+ if WIN32
+ # we want unicode entry point but not the macro
+ AM_CFLAGS += -municode -UUNICODE
Copied: openvpn/repos/testing-i686/0002-do-not-race-on-RuntimeDirectory.patch (from rev 284860, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch)
===================================================================
--- testing-i686/0002-do-not-race-on-RuntimeDirectory.patch (rev 0)
+++ testing-i686/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,59 @@
+From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Fri, 16 Dec 2016 22:56:15 +0100
+Subject: [PATCH 1/1] do not race on RuntimeDirectory
+
+Different unit instances create and destroy the same RuntimeDirectory.
+This leads to running instances where the status file (and possibly
+more runtime data) is no longer accessible.
+
+So do not handle this in unit files but provide a tmpfiles.d
+configuration and let systemd-tmpfiles do the work.
+Nobody will (unintentionally) delete the directories and its content.
+As /run is volatile we do not have to care about cleanup.
+
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ distro/systemd/openvpn-client at .service | 2 --
+ distro/systemd/openvpn-server at .service | 2 --
+ distro/systemd/openvpn.conf | 2 ++
+ 3 files changed, 2 insertions(+), 4 deletions(-)
+ create mode 100644 distro/systemd/openvpn.conf
+
+diff --git a/distro/systemd/openvpn-client at .service b/distro/systemd/openvpn-client at .service
+index 5618af3..1187ee8 100644
+--- a/distro/systemd/openvpn-client at .service
++++ b/distro/systemd/openvpn-client at .service
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-client
+-RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/client
+ ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+diff --git a/distro/systemd/openvpn-server at .service b/distro/systemd/openvpn-server at .service
+index b9b4dba..25a6bb7 100644
+--- a/distro/systemd/openvpn-server at .service
++++ b/distro/systemd/openvpn-server at .service
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-server
+-RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/server
+ ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
+new file mode 100644
+index 0000000..bb79671
+--- /dev/null
++++ b/distro/systemd/openvpn.conf
+@@ -0,0 +1,2 @@
++d /run/openvpn-client 0710 root root -
++d /run/openvpn-server 0710 root root -
+--
+2.11.0
+
Copied: openvpn/repos/testing-i686/PKGBUILD (from rev 284860, openvpn/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,89 @@
+# $Id$
+# Maintainer: Christian Hesse <mail at eworm.de>
+
+pkgname=openvpn
+pkgver=2.4.0
+pkgrel=1
+pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
+arch=('i686' 'x86_64')
+url='http://openvpn.net/index.php/open-source.html'
+depends=('openssl' 'lzo' 'iproute2' 'libsystemd' 'pkcs11-helper')
+optdepends=('easy-rsa: easy CA and certificate handling')
+makedepends=('systemd')
+license=('custom')
+install=openvpn.install
+validpgpkeys=('03300E11FED16F59715F9996C29D97ED198D22A3' # Samuli Seppänen <samuli.seppanen at gmail.com>
+ '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <davids at openvpn.net>
+source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc}
+ '0001-plugin.patch'
+ '0002-do-not-race-on-RuntimeDirectory.patch')
+sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e'
+ 'SKIP'
+ 'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c'
+ 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c')
+
+prepare() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ # plugin path
+ patch -Np1 < "${srcdir}"/0001-plugin.patch
+
+ # do not race on RuntimeDirectory
+ patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch
+
+ # regenerate configure script
+ autoreconf -fi
+}
+
+build() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --enable-iproute2 \
+ --enable-pkcs11 \
+ --enable-plugins \
+ --enable-systemd \
+ --enable-x509-alt-username
+ make
+}
+
+check() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ make check
+}
+
+package() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ # Install openvpn
+ make DESTDIR="${pkgdir}" install
+
+ # Create empty configuration directories
+ install -d -m0750 -g 90 "${pkgdir}"/etc/openvpn/{client,server}
+
+ # Install examples
+ install -d -m0755 "${pkgdir}"/usr/share/openvpn
+ cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
+
+ # Install license
+ install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
+ ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
+
+ # Install contrib
+ for FILE in $(find contrib -type f); do
+ case "$(file --brief --mime-type "${FILE}")" in
+ "text/x-shellscript") install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ *) install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ esac
+ done
+
+ # Install systemd files
+ install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/
+ install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/
+ install -D -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
+ install -d -m0710 "${pkgdir}"/run/openvpn-{client,server}
+}
+
Copied: openvpn/repos/testing-i686/news.md (from rev 284860, openvpn/trunk/news.md)
===================================================================
--- testing-i686/news.md (rev 0)
+++ testing-i686/news.md 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,17 @@
+OpenVPN 2.4.0 update requires administrative interaction
+========================================================
+
+The upgrade to openvpn 2.4.0 makes changes that are incompatible with
+previous configurations. Take **special care** if you depend on VPN
+connectivity for **remote access**! Administrative interaction is required:
+
+* Configuration is expected in sub directories now. Move your files
+ from `/etc/openvpn/` to `/etc/openvpn/server/` or `/etc/openvpn/client/`.
+* The plugin lookup path changed, remove extra `plugins/` from relative
+ paths.
+* The systemd unit `openvpn at .service` was replaced with
+ `openvpn-client at .service` and `openvpn-server at .service`. Restart and
+ reenable accordingly.
+
+This does not affect the functionality of `networkmanager`, `connman`
+or `qopenvpn`.
Copied: openvpn/repos/testing-i686/openvpn.install (from rev 284860, openvpn/trunk/openvpn.install)
===================================================================
--- testing-i686/openvpn.install (rev 0)
+++ testing-i686/openvpn.install 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+post_upgrade() {
+ # return if old package version greater 2.4...
+ (( $(vercmp $2 '2.4') > 0 )) && return
+
+ # upgrade from pre-2.4 version...
+ echo "This upgrade from openvpn $2 to openvpn $1 made changes that require"
+ echo "administrative interaction:"
+ echo " -> Configuration is expected in sub directories now. Move your files"
+ echo " from /etc/openvpn/ to /etc/openvpn/server/ or /etc/openvpn/client/."
+ echo " -> The plugin lookup path changed, remove extra 'plugins/' from relative paths."
+ echo " -> The systemd unit openvpn at .service was replaced with openvpn-client at .service"
+ echo " and openvpn-server at .service. Restart and reenable accordingly."
+
+ local UNITS="$(systemctl list-units --quiet --no-pager --no-legend --plain | grep '^openvpn@' | cut -d' ' -f1)"
+ if (( ${#UNITS} )); then
+ echo "This is a (possibly incomplete) list of units that need to be acted on:"
+ for UNIT in ${UNITS}; do
+ echo " -> ${UNIT}"
+ done
+ fi
+}
+
Copied: openvpn/repos/testing-x86_64/0001-plugin.patch (from rev 284860, openvpn/trunk/0001-plugin.patch)
===================================================================
--- testing-x86_64/0001-plugin.patch (rev 0)
+++ testing-x86_64/0001-plugin.patch 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,46 @@
+diff --git a/configure.ac b/configure.ac
+index f4073d0..5fe652e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -301,13 +301,12 @@ AC_ARG_WITH(
+ [with_crypto_library="openssl"]
+ )
+
+-AC_ARG_WITH(
+- [plugindir],
+- [AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])],
+- ,
+- [with_plugindir="\$(libdir)/openvpn/plugins"]
+-)
+-
++AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
++if test -n "${PLUGINDIR}"; then
++ plugindir="${PLUGINDIR}"
++else
++ plugindir="\${libdir}/openvpn/plugins"
++fi
+
+ AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
+ case "$host" in
+@@ -1245,7 +1244,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "ye
+ AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
+ AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
+
+-plugindir="${with_plugindir}"
+ sampledir="\$(docdir)/sample"
+ AC_SUBST([plugindir])
+ AC_SUBST([sampledir])
+diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
+index 4c18449..188834a 100644
+--- a/src/openvpn/Makefile.am
++++ b/src/openvpn/Makefile.am
+@@ -27,7 +27,8 @@ AM_CFLAGS = \
+ $(OPTIONAL_CRYPTO_CFLAGS) \
+ $(OPTIONAL_LZO_CFLAGS) \
+ $(OPTIONAL_LZ4_CFLAGS) \
+- $(OPTIONAL_PKCS11_HELPER_CFLAGS)
++ $(OPTIONAL_PKCS11_HELPER_CFLAGS) \
++ -DPLUGIN_LIBDIR=\"${plugindir}\"
+ if WIN32
+ # we want unicode entry point but not the macro
+ AM_CFLAGS += -municode -UUNICODE
Copied: openvpn/repos/testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch (from rev 284860, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch)
===================================================================
--- testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch (rev 0)
+++ testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,59 @@
+From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Fri, 16 Dec 2016 22:56:15 +0100
+Subject: [PATCH 1/1] do not race on RuntimeDirectory
+
+Different unit instances create and destroy the same RuntimeDirectory.
+This leads to running instances where the status file (and possibly
+more runtime data) is no longer accessible.
+
+So do not handle this in unit files but provide a tmpfiles.d
+configuration and let systemd-tmpfiles do the work.
+Nobody will (unintentionally) delete the directories and its content.
+As /run is volatile we do not have to care about cleanup.
+
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ distro/systemd/openvpn-client at .service | 2 --
+ distro/systemd/openvpn-server at .service | 2 --
+ distro/systemd/openvpn.conf | 2 ++
+ 3 files changed, 2 insertions(+), 4 deletions(-)
+ create mode 100644 distro/systemd/openvpn.conf
+
+diff --git a/distro/systemd/openvpn-client at .service b/distro/systemd/openvpn-client at .service
+index 5618af3..1187ee8 100644
+--- a/distro/systemd/openvpn-client at .service
++++ b/distro/systemd/openvpn-client at .service
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-client
+-RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/client
+ ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+diff --git a/distro/systemd/openvpn-server at .service b/distro/systemd/openvpn-server at .service
+index b9b4dba..25a6bb7 100644
+--- a/distro/systemd/openvpn-server at .service
++++ b/distro/systemd/openvpn-server at .service
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-server
+-RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/server
+ ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
+new file mode 100644
+index 0000000..bb79671
+--- /dev/null
++++ b/distro/systemd/openvpn.conf
+@@ -0,0 +1,2 @@
++d /run/openvpn-client 0710 root root -
++d /run/openvpn-server 0710 root root -
+--
+2.11.0
+
Copied: openvpn/repos/testing-x86_64/PKGBUILD (from rev 284860, openvpn/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,89 @@
+# $Id$
+# Maintainer: Christian Hesse <mail at eworm.de>
+
+pkgname=openvpn
+pkgver=2.4.0
+pkgrel=1
+pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
+arch=('i686' 'x86_64')
+url='http://openvpn.net/index.php/open-source.html'
+depends=('openssl' 'lzo' 'iproute2' 'libsystemd' 'pkcs11-helper')
+optdepends=('easy-rsa: easy CA and certificate handling')
+makedepends=('systemd')
+license=('custom')
+install=openvpn.install
+validpgpkeys=('03300E11FED16F59715F9996C29D97ED198D22A3' # Samuli Seppänen <samuli.seppanen at gmail.com>
+ '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <davids at openvpn.net>
+source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc}
+ '0001-plugin.patch'
+ '0002-do-not-race-on-RuntimeDirectory.patch')
+sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e'
+ 'SKIP'
+ 'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c'
+ 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c')
+
+prepare() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ # plugin path
+ patch -Np1 < "${srcdir}"/0001-plugin.patch
+
+ # do not race on RuntimeDirectory
+ patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch
+
+ # regenerate configure script
+ autoreconf -fi
+}
+
+build() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --enable-iproute2 \
+ --enable-pkcs11 \
+ --enable-plugins \
+ --enable-systemd \
+ --enable-x509-alt-username
+ make
+}
+
+check() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ make check
+}
+
+package() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ # Install openvpn
+ make DESTDIR="${pkgdir}" install
+
+ # Create empty configuration directories
+ install -d -m0750 -g 90 "${pkgdir}"/etc/openvpn/{client,server}
+
+ # Install examples
+ install -d -m0755 "${pkgdir}"/usr/share/openvpn
+ cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
+
+ # Install license
+ install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
+ ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
+
+ # Install contrib
+ for FILE in $(find contrib -type f); do
+ case "$(file --brief --mime-type "${FILE}")" in
+ "text/x-shellscript") install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ *) install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ esac
+ done
+
+ # Install systemd files
+ install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/
+ install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/
+ install -D -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
+ install -d -m0710 "${pkgdir}"/run/openvpn-{client,server}
+}
+
Copied: openvpn/repos/testing-x86_64/news.md (from rev 284860, openvpn/trunk/news.md)
===================================================================
--- testing-x86_64/news.md (rev 0)
+++ testing-x86_64/news.md 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,17 @@
+OpenVPN 2.4.0 update requires administrative interaction
+========================================================
+
+The upgrade to openvpn 2.4.0 makes changes that are incompatible with
+previous configurations. Take **special care** if you depend on VPN
+connectivity for **remote access**! Administrative interaction is required:
+
+* Configuration is expected in sub directories now. Move your files
+ from `/etc/openvpn/` to `/etc/openvpn/server/` or `/etc/openvpn/client/`.
+* The plugin lookup path changed, remove extra `plugins/` from relative
+ paths.
+* The systemd unit `openvpn at .service` was replaced with
+ `openvpn-client at .service` and `openvpn-server at .service`. Restart and
+ reenable accordingly.
+
+This does not affect the functionality of `networkmanager`, `connman`
+or `qopenvpn`.
Copied: openvpn/repos/testing-x86_64/openvpn.install (from rev 284860, openvpn/trunk/openvpn.install)
===================================================================
--- testing-x86_64/openvpn.install (rev 0)
+++ testing-x86_64/openvpn.install 2016-12-27 13:58:37 UTC (rev 284861)
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+post_upgrade() {
+ # return if old package version greater 2.4...
+ (( $(vercmp $2 '2.4') > 0 )) && return
+
+ # upgrade from pre-2.4 version...
+ echo "This upgrade from openvpn $2 to openvpn $1 made changes that require"
+ echo "administrative interaction:"
+ echo " -> Configuration is expected in sub directories now. Move your files"
+ echo " from /etc/openvpn/ to /etc/openvpn/server/ or /etc/openvpn/client/."
+ echo " -> The plugin lookup path changed, remove extra 'plugins/' from relative paths."
+ echo " -> The systemd unit openvpn at .service was replaced with openvpn-client at .service"
+ echo " and openvpn-server at .service. Restart and reenable accordingly."
+
+ local UNITS="$(systemctl list-units --quiet --no-pager --no-legend --plain | grep '^openvpn@' | cut -d' ' -f1)"
+ if (( ${#UNITS} )); then
+ echo "This is a (possibly incomplete) list of units that need to be acted on:"
+ for UNIT in ${UNITS}; do
+ echo " -> ${UNIT}"
+ done
+ fi
+}
+
More information about the arch-commits
mailing list