[arch-commits] Commit in openvpn/trunk (2 files)

Christian Hesse eworm at archlinux.org
Wed Dec 28 13:56:22 UTC 2016 

    Date: Wednesday, December 28, 2016 @ 13:56:21
  Author: eworm
Revision: 284937

upgpkg: openvpn 2.4.0-2

fix timeout in non-TLS mode with systemd

Added:
  openvpn/trunk/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch
Modified:
  openvpn/trunk/PKGBUILD

-----------------------------------------------------+
 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch |   59 ++++++++++++++++++
 PKGBUILD                                            |   11 ++-
 2 files changed, 67 insertions(+), 3 deletions(-)

Added: 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch
===================================================================
--- 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch	                        (rev 0)
+++ 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch	2016-12-28 13:56:21 UTC (rev 284937)
@@ -0,0 +1,59 @@
+From 8fe76deb35364aa0d71b3e771b4a12491a037764 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Wed, 28 Dec 2016 13:57:11 +0100
+Subject: [PATCH 1/1] fix timeout in non-TLS mode with systemd
+
+In non-TLS configuration we wait for the remote peer to connect
+before issuing "Initialization Sequence Completed". So prevent to
+time out by telling systemd service manager we are ready for now.
+Status will be "Non-TLS mode, ready for now. Waiting for peer..."
+and changes once the remote peer connects.
+
+This fixes #801 (static key tunnels impossible to start via systemd)
+
+Tested-by: Mantas Mikulėnas <grawity at gmail.com>
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ src/openvpn/openvpn.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
+index 888acda..ae948f9 100644
+--- a/src/openvpn/openvpn.c
++++ b/src/openvpn/openvpn.c
+@@ -30,6 +30,10 @@
+ 
+ #include "syshead.h"
+ 
++#ifdef ENABLE_SYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ #include "init.h"
+ #include "forward.h"
+ #include "multi.h"
+@@ -73,6 +77,21 @@ tunnel_point_to_point(struct context *c)
+         return;
+     }
+ 
++#ifdef ENABLE_SYSTEMD
++    /* In non-TLS configuration we wait for the remote peer to connect
++     * before issuing "Initialization Sequence Completed". So prevent to
++     * time out by telling systemd service manager we are ready for now.
++     * Status will be "Non-TLS mode, ready for now. Waiting for peer..."
++     * and changes once the remote peer connects. */
++    if (c->options.tls_client == false
++        && c->options.tls_server == false)
++    {
++        sd_notifyf(0, "READY=1\n"
++                   "STATUS=Non-TLS mode, ready for now. Waiting for peer...\n"
++                   "MAINPID=%lu", (unsigned long) getpid());
++    }
++#endif
++
+     /* main event loop */
+     while (true)
+     {
+-- 
+2.11.0
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2016-12-28 12:59:40 UTC (rev 284936)
+++ PKGBUILD	2016-12-28 13:56:21 UTC (rev 284937)
@@ -3,7 +3,7 @@
 
 pkgname=openvpn
 pkgver=2.4.0
-pkgrel=1
+pkgrel=2
 pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
 arch=('i686' 'x86_64')
 url='http://openvpn.net/index.php/open-source.html'
@@ -16,11 +16,13 @@
               '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <davids at openvpn.net>
 source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc}
         '0001-plugin.patch'
-        '0002-do-not-race-on-RuntimeDirectory.patch')
+        '0002-do-not-race-on-RuntimeDirectory.patch'
+        '0003-fix-timeout-in-non-TLS-mode-with-systemd.patch')
 sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e'
             'SKIP'
             'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c'
-            'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c')
+            'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c'
+            '1b0ff78390dd5e79ce6966fd7fee54d42f6f3622cf8078d8b0f9998046e6b73b')
 
 prepare() {
   cd "${srcdir}"/${pkgname}-${pkgver}
@@ -31,6 +33,9 @@
   # do not race on RuntimeDirectory
   patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch
 
+  # fix timeout in non-TLS mode with systemd
+  patch -Np1 < "${srcdir}"/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch
+
   # regenerate configure script
   autoreconf -fi
 }

More information about the arch-commits mailing list