[arch-commits] Commit in openvpn/repos (22 files)
Christian Hesse
eworm at archlinux.org
Wed Dec 28 13:56:28 UTC 2016
Date: Wednesday, December 28, 2016 @ 13:56:27
Author: eworm
Revision: 284938
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
openvpn/repos/testing-i686/0001-plugin.patch
(from rev 284937, openvpn/trunk/0001-plugin.patch)
openvpn/repos/testing-i686/0002-do-not-race-on-RuntimeDirectory.patch
(from rev 284937, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch)
openvpn/repos/testing-i686/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch
(from rev 284937, openvpn/trunk/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch)
openvpn/repos/testing-i686/PKGBUILD
(from rev 284937, openvpn/trunk/PKGBUILD)
openvpn/repos/testing-i686/news.md
(from rev 284937, openvpn/trunk/news.md)
openvpn/repos/testing-i686/openvpn.install
(from rev 284937, openvpn/trunk/openvpn.install)
openvpn/repos/testing-x86_64/0001-plugin.patch
(from rev 284937, openvpn/trunk/0001-plugin.patch)
openvpn/repos/testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch
(from rev 284937, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch)
openvpn/repos/testing-x86_64/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch
(from rev 284937, openvpn/trunk/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch)
openvpn/repos/testing-x86_64/PKGBUILD
(from rev 284937, openvpn/trunk/PKGBUILD)
openvpn/repos/testing-x86_64/news.md
(from rev 284937, openvpn/trunk/news.md)
openvpn/repos/testing-x86_64/openvpn.install
(from rev 284937, openvpn/trunk/openvpn.install)
Deleted:
openvpn/repos/testing-i686/0001-plugin.patch
openvpn/repos/testing-i686/0002-do-not-race-on-RuntimeDirectory.patch
openvpn/repos/testing-i686/PKGBUILD
openvpn/repos/testing-i686/news.md
openvpn/repos/testing-i686/openvpn.install
openvpn/repos/testing-x86_64/0001-plugin.patch
openvpn/repos/testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch
openvpn/repos/testing-x86_64/PKGBUILD
openvpn/repos/testing-x86_64/news.md
openvpn/repos/testing-x86_64/openvpn.install
--------------------------------------------------------------------+
/0001-plugin.patch | 92 ++++
/0002-do-not-race-on-RuntimeDirectory.patch | 118 ++++++
/PKGBUILD | 188 ++++++++++
/news.md | 34 +
/openvpn.install | 48 ++
testing-i686/0001-plugin.patch | 46 --
testing-i686/0002-do-not-race-on-RuntimeDirectory.patch | 59 ---
testing-i686/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch | 59 +++
testing-i686/PKGBUILD | 89 ----
testing-i686/news.md | 17
testing-i686/openvpn.install | 24 -
testing-x86_64/0001-plugin.patch | 46 --
testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch | 59 ---
testing-x86_64/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch | 59 +++
testing-x86_64/PKGBUILD | 89 ----
testing-x86_64/news.md | 17
testing-x86_64/openvpn.install | 24 -
17 files changed, 598 insertions(+), 470 deletions(-)
Deleted: testing-i686/0001-plugin.patch
===================================================================
--- testing-i686/0001-plugin.patch 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-i686/0001-plugin.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,46 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index f4073d0..5fe652e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -301,13 +301,12 @@ AC_ARG_WITH(
- [with_crypto_library="openssl"]
- )
-
--AC_ARG_WITH(
-- [plugindir],
-- [AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])],
-- ,
-- [with_plugindir="\$(libdir)/openvpn/plugins"]
--)
--
-+AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
-+if test -n "${PLUGINDIR}"; then
-+ plugindir="${PLUGINDIR}"
-+else
-+ plugindir="\${libdir}/openvpn/plugins"
-+fi
-
- AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
- case "$host" in
-@@ -1245,7 +1244,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "ye
- AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
- AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
-
--plugindir="${with_plugindir}"
- sampledir="\$(docdir)/sample"
- AC_SUBST([plugindir])
- AC_SUBST([sampledir])
-diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
-index 4c18449..188834a 100644
---- a/src/openvpn/Makefile.am
-+++ b/src/openvpn/Makefile.am
-@@ -27,7 +27,8 @@ AM_CFLAGS = \
- $(OPTIONAL_CRYPTO_CFLAGS) \
- $(OPTIONAL_LZO_CFLAGS) \
- $(OPTIONAL_LZ4_CFLAGS) \
-- $(OPTIONAL_PKCS11_HELPER_CFLAGS)
-+ $(OPTIONAL_PKCS11_HELPER_CFLAGS) \
-+ -DPLUGIN_LIBDIR=\"${plugindir}\"
- if WIN32
- # we want unicode entry point but not the macro
- AM_CFLAGS += -municode -UUNICODE
Copied: openvpn/repos/testing-i686/0001-plugin.patch (from rev 284937, openvpn/trunk/0001-plugin.patch)
===================================================================
--- testing-i686/0001-plugin.patch (rev 0)
+++ testing-i686/0001-plugin.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,46 @@
+diff --git a/configure.ac b/configure.ac
+index f4073d0..5fe652e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -301,13 +301,12 @@ AC_ARG_WITH(
+ [with_crypto_library="openssl"]
+ )
+
+-AC_ARG_WITH(
+- [plugindir],
+- [AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])],
+- ,
+- [with_plugindir="\$(libdir)/openvpn/plugins"]
+-)
+-
++AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
++if test -n "${PLUGINDIR}"; then
++ plugindir="${PLUGINDIR}"
++else
++ plugindir="\${libdir}/openvpn/plugins"
++fi
+
+ AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
+ case "$host" in
+@@ -1245,7 +1244,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "ye
+ AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
+ AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
+
+-plugindir="${with_plugindir}"
+ sampledir="\$(docdir)/sample"
+ AC_SUBST([plugindir])
+ AC_SUBST([sampledir])
+diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
+index 4c18449..188834a 100644
+--- a/src/openvpn/Makefile.am
++++ b/src/openvpn/Makefile.am
+@@ -27,7 +27,8 @@ AM_CFLAGS = \
+ $(OPTIONAL_CRYPTO_CFLAGS) \
+ $(OPTIONAL_LZO_CFLAGS) \
+ $(OPTIONAL_LZ4_CFLAGS) \
+- $(OPTIONAL_PKCS11_HELPER_CFLAGS)
++ $(OPTIONAL_PKCS11_HELPER_CFLAGS) \
++ -DPLUGIN_LIBDIR=\"${plugindir}\"
+ if WIN32
+ # we want unicode entry point but not the macro
+ AM_CFLAGS += -municode -UUNICODE
Deleted: testing-i686/0002-do-not-race-on-RuntimeDirectory.patch
===================================================================
--- testing-i686/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-i686/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,59 +0,0 @@
-From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail at eworm.de>
-Date: Fri, 16 Dec 2016 22:56:15 +0100
-Subject: [PATCH 1/1] do not race on RuntimeDirectory
-
-Different unit instances create and destroy the same RuntimeDirectory.
-This leads to running instances where the status file (and possibly
-more runtime data) is no longer accessible.
-
-So do not handle this in unit files but provide a tmpfiles.d
-configuration and let systemd-tmpfiles do the work.
-Nobody will (unintentionally) delete the directories and its content.
-As /run is volatile we do not have to care about cleanup.
-
-Signed-off-by: Christian Hesse <mail at eworm.de>
----
- distro/systemd/openvpn-client at .service | 2 --
- distro/systemd/openvpn-server at .service | 2 --
- distro/systemd/openvpn.conf | 2 ++
- 3 files changed, 2 insertions(+), 4 deletions(-)
- create mode 100644 distro/systemd/openvpn.conf
-
-diff --git a/distro/systemd/openvpn-client at .service b/distro/systemd/openvpn-client at .service
-index 5618af3..1187ee8 100644
---- a/distro/systemd/openvpn-client at .service
-+++ b/distro/systemd/openvpn-client at .service
-@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
- [Service]
- Type=notify
- PrivateTmp=true
--RuntimeDirectory=openvpn-client
--RuntimeDirectoryMode=0710
- WorkingDirectory=/etc/openvpn/client
- ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
- CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-diff --git a/distro/systemd/openvpn-server at .service b/distro/systemd/openvpn-server at .service
-index b9b4dba..25a6bb7 100644
---- a/distro/systemd/openvpn-server at .service
-+++ b/distro/systemd/openvpn-server at .service
-@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
- [Service]
- Type=notify
- PrivateTmp=true
--RuntimeDirectory=openvpn-server
--RuntimeDirectoryMode=0710
- WorkingDirectory=/etc/openvpn/server
- ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
- CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
-new file mode 100644
-index 0000000..bb79671
---- /dev/null
-+++ b/distro/systemd/openvpn.conf
-@@ -0,0 +1,2 @@
-+d /run/openvpn-client 0710 root root -
-+d /run/openvpn-server 0710 root root -
---
-2.11.0
-
Copied: openvpn/repos/testing-i686/0002-do-not-race-on-RuntimeDirectory.patch (from rev 284937, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch)
===================================================================
--- testing-i686/0002-do-not-race-on-RuntimeDirectory.patch (rev 0)
+++ testing-i686/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,59 @@
+From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Fri, 16 Dec 2016 22:56:15 +0100
+Subject: [PATCH 1/1] do not race on RuntimeDirectory
+
+Different unit instances create and destroy the same RuntimeDirectory.
+This leads to running instances where the status file (and possibly
+more runtime data) is no longer accessible.
+
+So do not handle this in unit files but provide a tmpfiles.d
+configuration and let systemd-tmpfiles do the work.
+Nobody will (unintentionally) delete the directories and its content.
+As /run is volatile we do not have to care about cleanup.
+
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ distro/systemd/openvpn-client at .service | 2 --
+ distro/systemd/openvpn-server at .service | 2 --
+ distro/systemd/openvpn.conf | 2 ++
+ 3 files changed, 2 insertions(+), 4 deletions(-)
+ create mode 100644 distro/systemd/openvpn.conf
+
+diff --git a/distro/systemd/openvpn-client at .service b/distro/systemd/openvpn-client at .service
+index 5618af3..1187ee8 100644
+--- a/distro/systemd/openvpn-client at .service
++++ b/distro/systemd/openvpn-client at .service
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-client
+-RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/client
+ ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+diff --git a/distro/systemd/openvpn-server at .service b/distro/systemd/openvpn-server at .service
+index b9b4dba..25a6bb7 100644
+--- a/distro/systemd/openvpn-server at .service
++++ b/distro/systemd/openvpn-server at .service
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-server
+-RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/server
+ ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
+new file mode 100644
+index 0000000..bb79671
+--- /dev/null
++++ b/distro/systemd/openvpn.conf
+@@ -0,0 +1,2 @@
++d /run/openvpn-client 0710 root root -
++d /run/openvpn-server 0710 root root -
+--
+2.11.0
+
Copied: openvpn/repos/testing-i686/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch (from rev 284937, openvpn/trunk/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch)
===================================================================
--- testing-i686/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch (rev 0)
+++ testing-i686/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,59 @@
+From 8fe76deb35364aa0d71b3e771b4a12491a037764 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Wed, 28 Dec 2016 13:57:11 +0100
+Subject: [PATCH 1/1] fix timeout in non-TLS mode with systemd
+
+In non-TLS configuration we wait for the remote peer to connect
+before issuing "Initialization Sequence Completed". So prevent to
+time out by telling systemd service manager we are ready for now.
+Status will be "Non-TLS mode, ready for now. Waiting for peer..."
+and changes once the remote peer connects.
+
+This fixes #801 (static key tunnels impossible to start via systemd)
+
+Tested-by: Mantas Mikulėnas <grawity at gmail.com>
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ src/openvpn/openvpn.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
+index 888acda..ae948f9 100644
+--- a/src/openvpn/openvpn.c
++++ b/src/openvpn/openvpn.c
+@@ -30,6 +30,10 @@
+
+ #include "syshead.h"
+
++#ifdef ENABLE_SYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ #include "init.h"
+ #include "forward.h"
+ #include "multi.h"
+@@ -73,6 +77,21 @@ tunnel_point_to_point(struct context *c)
+ return;
+ }
+
++#ifdef ENABLE_SYSTEMD
++ /* In non-TLS configuration we wait for the remote peer to connect
++ * before issuing "Initialization Sequence Completed". So prevent to
++ * time out by telling systemd service manager we are ready for now.
++ * Status will be "Non-TLS mode, ready for now. Waiting for peer..."
++ * and changes once the remote peer connects. */
++ if (c->options.tls_client == false
++ && c->options.tls_server == false)
++ {
++ sd_notifyf(0, "READY=1\n"
++ "STATUS=Non-TLS mode, ready for now. Waiting for peer...\n"
++ "MAINPID=%lu", (unsigned long) getpid());
++ }
++#endif
++
+ /* main event loop */
+ while (true)
+ {
+--
+2.11.0
+
Deleted: testing-i686/PKGBUILD
===================================================================
--- testing-i686/PKGBUILD 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-i686/PKGBUILD 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,89 +0,0 @@
-# $Id$
-# Maintainer: Christian Hesse <mail at eworm.de>
-
-pkgname=openvpn
-pkgver=2.4.0
-pkgrel=1
-pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
-arch=('i686' 'x86_64')
-url='http://openvpn.net/index.php/open-source.html'
-depends=('openssl' 'lzo' 'iproute2' 'libsystemd' 'pkcs11-helper')
-optdepends=('easy-rsa: easy CA and certificate handling')
-makedepends=('systemd')
-license=('custom')
-install=openvpn.install
-validpgpkeys=('03300E11FED16F59715F9996C29D97ED198D22A3' # Samuli Seppänen <samuli.seppanen at gmail.com>
- '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <davids at openvpn.net>
-source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc}
- '0001-plugin.patch'
- '0002-do-not-race-on-RuntimeDirectory.patch')
-sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e'
- 'SKIP'
- 'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c'
- 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c')
-
-prepare() {
- cd "${srcdir}"/${pkgname}-${pkgver}
-
- # plugin path
- patch -Np1 < "${srcdir}"/0001-plugin.patch
-
- # do not race on RuntimeDirectory
- patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch
-
- # regenerate configure script
- autoreconf -fi
-}
-
-build() {
- cd "${srcdir}"/${pkgname}-${pkgver}
-
- ./configure \
- --prefix=/usr \
- --sbindir=/usr/bin \
- --enable-iproute2 \
- --enable-pkcs11 \
- --enable-plugins \
- --enable-systemd \
- --enable-x509-alt-username
- make
-}
-
-check() {
- cd "${srcdir}"/${pkgname}-${pkgver}
-
- make check
-}
-
-package() {
- cd "${srcdir}"/${pkgname}-${pkgver}
-
- # Install openvpn
- make DESTDIR="${pkgdir}" install
-
- # Create empty configuration directories
- install -d -m0750 -g 90 "${pkgdir}"/etc/openvpn/{client,server}
-
- # Install examples
- install -d -m0755 "${pkgdir}"/usr/share/openvpn
- cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
-
- # Install license
- install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
- ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
-
- # Install contrib
- for FILE in $(find contrib -type f); do
- case "$(file --brief --mime-type "${FILE}")" in
- "text/x-shellscript") install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
- *) install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
- esac
- done
-
- # Install systemd files
- install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/
- install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/
- install -D -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
- install -d -m0710 "${pkgdir}"/run/openvpn-{client,server}
-}
-
Copied: openvpn/repos/testing-i686/PKGBUILD (from rev 284937, openvpn/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,94 @@
+# $Id$
+# Maintainer: Christian Hesse <mail at eworm.de>
+
+pkgname=openvpn
+pkgver=2.4.0
+pkgrel=2
+pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
+arch=('i686' 'x86_64')
+url='http://openvpn.net/index.php/open-source.html'
+depends=('openssl' 'lzo' 'iproute2' 'libsystemd' 'pkcs11-helper')
+optdepends=('easy-rsa: easy CA and certificate handling')
+makedepends=('systemd')
+license=('custom')
+install=openvpn.install
+validpgpkeys=('03300E11FED16F59715F9996C29D97ED198D22A3' # Samuli Seppänen <samuli.seppanen at gmail.com>
+ '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <davids at openvpn.net>
+source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc}
+ '0001-plugin.patch'
+ '0002-do-not-race-on-RuntimeDirectory.patch'
+ '0003-fix-timeout-in-non-TLS-mode-with-systemd.patch')
+sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e'
+ 'SKIP'
+ 'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c'
+ 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c'
+ '1b0ff78390dd5e79ce6966fd7fee54d42f6f3622cf8078d8b0f9998046e6b73b')
+
+prepare() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ # plugin path
+ patch -Np1 < "${srcdir}"/0001-plugin.patch
+
+ # do not race on RuntimeDirectory
+ patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch
+
+ # fix timeout in non-TLS mode with systemd
+ patch -Np1 < "${srcdir}"/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch
+
+ # regenerate configure script
+ autoreconf -fi
+}
+
+build() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --enable-iproute2 \
+ --enable-pkcs11 \
+ --enable-plugins \
+ --enable-systemd \
+ --enable-x509-alt-username
+ make
+}
+
+check() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ make check
+}
+
+package() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ # Install openvpn
+ make DESTDIR="${pkgdir}" install
+
+ # Create empty configuration directories
+ install -d -m0750 -g 90 "${pkgdir}"/etc/openvpn/{client,server}
+
+ # Install examples
+ install -d -m0755 "${pkgdir}"/usr/share/openvpn
+ cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
+
+ # Install license
+ install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
+ ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
+
+ # Install contrib
+ for FILE in $(find contrib -type f); do
+ case "$(file --brief --mime-type "${FILE}")" in
+ "text/x-shellscript") install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ *) install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ esac
+ done
+
+ # Install systemd files
+ install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/
+ install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/
+ install -D -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
+ install -d -m0710 "${pkgdir}"/run/openvpn-{client,server}
+}
+
Deleted: testing-i686/news.md
===================================================================
--- testing-i686/news.md 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-i686/news.md 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,17 +0,0 @@
-OpenVPN 2.4.0 update requires administrative interaction
-========================================================
-
-The upgrade to openvpn 2.4.0 makes changes that are incompatible with
-previous configurations. Take **special care** if you depend on VPN
-connectivity for **remote access**! Administrative interaction is required:
-
-* Configuration is expected in sub directories now. Move your files
- from `/etc/openvpn/` to `/etc/openvpn/server/` or `/etc/openvpn/client/`.
-* The plugin lookup path changed, remove extra `plugins/` from relative
- paths.
-* The systemd unit `openvpn at .service` was replaced with
- `openvpn-client at .service` and `openvpn-server at .service`. Restart and
- reenable accordingly.
-
-This does not affect the functionality of `networkmanager`, `connman`
-or `qopenvpn`.
Copied: openvpn/repos/testing-i686/news.md (from rev 284937, openvpn/trunk/news.md)
===================================================================
--- testing-i686/news.md (rev 0)
+++ testing-i686/news.md 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,17 @@
+OpenVPN 2.4.0 update requires administrative interaction
+========================================================
+
+The upgrade to openvpn 2.4.0 makes changes that are incompatible with
+previous configurations. Take **special care** if you depend on VPN
+connectivity for **remote access**! Administrative interaction is required:
+
+* Configuration is expected in sub directories now. Move your files
+ from `/etc/openvpn/` to `/etc/openvpn/server/` or `/etc/openvpn/client/`.
+* The plugin lookup path changed, remove extra `plugins/` from relative
+ paths.
+* The systemd unit `openvpn at .service` was replaced with
+ `openvpn-client at .service` and `openvpn-server at .service`. Restart and
+ reenable accordingly.
+
+This does not affect the functionality of `networkmanager`, `connman`
+or `qopenvpn`.
Deleted: testing-i686/openvpn.install
===================================================================
--- testing-i686/openvpn.install 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-i686/openvpn.install 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-post_upgrade() {
- # return if old package version greater 2.4...
- (( $(vercmp $2 '2.4') > 0 )) && return
-
- # upgrade from pre-2.4 version...
- echo "This upgrade from openvpn $2 to openvpn $1 made changes that require"
- echo "administrative interaction:"
- echo " -> Configuration is expected in sub directories now. Move your files"
- echo " from /etc/openvpn/ to /etc/openvpn/server/ or /etc/openvpn/client/."
- echo " -> The plugin lookup path changed, remove extra 'plugins/' from relative paths."
- echo " -> The systemd unit openvpn at .service was replaced with openvpn-client at .service"
- echo " and openvpn-server at .service. Restart and reenable accordingly."
-
- local UNITS="$(systemctl list-units --quiet --no-pager --no-legend --plain | grep '^openvpn@' | cut -d' ' -f1)"
- if (( ${#UNITS} )); then
- echo "This is a (possibly incomplete) list of units that need to be acted on:"
- for UNIT in ${UNITS}; do
- echo " -> ${UNIT}"
- done
- fi
-}
-
Copied: openvpn/repos/testing-i686/openvpn.install (from rev 284937, openvpn/trunk/openvpn.install)
===================================================================
--- testing-i686/openvpn.install (rev 0)
+++ testing-i686/openvpn.install 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+post_upgrade() {
+ # return if old package version greater 2.4...
+ (( $(vercmp $2 '2.4') > 0 )) && return
+
+ # upgrade from pre-2.4 version...
+ echo "This upgrade from openvpn $2 to openvpn $1 made changes that require"
+ echo "administrative interaction:"
+ echo " -> Configuration is expected in sub directories now. Move your files"
+ echo " from /etc/openvpn/ to /etc/openvpn/server/ or /etc/openvpn/client/."
+ echo " -> The plugin lookup path changed, remove extra 'plugins/' from relative paths."
+ echo " -> The systemd unit openvpn at .service was replaced with openvpn-client at .service"
+ echo " and openvpn-server at .service. Restart and reenable accordingly."
+
+ local UNITS="$(systemctl list-units --quiet --no-pager --no-legend --plain | grep '^openvpn@' | cut -d' ' -f1)"
+ if (( ${#UNITS} )); then
+ echo "This is a (possibly incomplete) list of units that need to be acted on:"
+ for UNIT in ${UNITS}; do
+ echo " -> ${UNIT}"
+ done
+ fi
+}
+
Deleted: testing-x86_64/0001-plugin.patch
===================================================================
--- testing-x86_64/0001-plugin.patch 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-x86_64/0001-plugin.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,46 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index f4073d0..5fe652e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -301,13 +301,12 @@ AC_ARG_WITH(
- [with_crypto_library="openssl"]
- )
-
--AC_ARG_WITH(
-- [plugindir],
-- [AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])],
-- ,
-- [with_plugindir="\$(libdir)/openvpn/plugins"]
--)
--
-+AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
-+if test -n "${PLUGINDIR}"; then
-+ plugindir="${PLUGINDIR}"
-+else
-+ plugindir="\${libdir}/openvpn/plugins"
-+fi
-
- AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
- case "$host" in
-@@ -1245,7 +1244,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "ye
- AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
- AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
-
--plugindir="${with_plugindir}"
- sampledir="\$(docdir)/sample"
- AC_SUBST([plugindir])
- AC_SUBST([sampledir])
-diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
-index 4c18449..188834a 100644
---- a/src/openvpn/Makefile.am
-+++ b/src/openvpn/Makefile.am
-@@ -27,7 +27,8 @@ AM_CFLAGS = \
- $(OPTIONAL_CRYPTO_CFLAGS) \
- $(OPTIONAL_LZO_CFLAGS) \
- $(OPTIONAL_LZ4_CFLAGS) \
-- $(OPTIONAL_PKCS11_HELPER_CFLAGS)
-+ $(OPTIONAL_PKCS11_HELPER_CFLAGS) \
-+ -DPLUGIN_LIBDIR=\"${plugindir}\"
- if WIN32
- # we want unicode entry point but not the macro
- AM_CFLAGS += -municode -UUNICODE
Copied: openvpn/repos/testing-x86_64/0001-plugin.patch (from rev 284937, openvpn/trunk/0001-plugin.patch)
===================================================================
--- testing-x86_64/0001-plugin.patch (rev 0)
+++ testing-x86_64/0001-plugin.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,46 @@
+diff --git a/configure.ac b/configure.ac
+index f4073d0..5fe652e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -301,13 +301,12 @@ AC_ARG_WITH(
+ [with_crypto_library="openssl"]
+ )
+
+-AC_ARG_WITH(
+- [plugindir],
+- [AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])],
+- ,
+- [with_plugindir="\$(libdir)/openvpn/plugins"]
+-)
+-
++AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
++if test -n "${PLUGINDIR}"; then
++ plugindir="${PLUGINDIR}"
++else
++ plugindir="\${libdir}/openvpn/plugins"
++fi
+
+ AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
+ case "$host" in
+@@ -1245,7 +1244,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "ye
+ AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
+ AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
+
+-plugindir="${with_plugindir}"
+ sampledir="\$(docdir)/sample"
+ AC_SUBST([plugindir])
+ AC_SUBST([sampledir])
+diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
+index 4c18449..188834a 100644
+--- a/src/openvpn/Makefile.am
++++ b/src/openvpn/Makefile.am
+@@ -27,7 +27,8 @@ AM_CFLAGS = \
+ $(OPTIONAL_CRYPTO_CFLAGS) \
+ $(OPTIONAL_LZO_CFLAGS) \
+ $(OPTIONAL_LZ4_CFLAGS) \
+- $(OPTIONAL_PKCS11_HELPER_CFLAGS)
++ $(OPTIONAL_PKCS11_HELPER_CFLAGS) \
++ -DPLUGIN_LIBDIR=\"${plugindir}\"
+ if WIN32
+ # we want unicode entry point but not the macro
+ AM_CFLAGS += -municode -UUNICODE
Deleted: testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch
===================================================================
--- testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,59 +0,0 @@
-From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail at eworm.de>
-Date: Fri, 16 Dec 2016 22:56:15 +0100
-Subject: [PATCH 1/1] do not race on RuntimeDirectory
-
-Different unit instances create and destroy the same RuntimeDirectory.
-This leads to running instances where the status file (and possibly
-more runtime data) is no longer accessible.
-
-So do not handle this in unit files but provide a tmpfiles.d
-configuration and let systemd-tmpfiles do the work.
-Nobody will (unintentionally) delete the directories and its content.
-As /run is volatile we do not have to care about cleanup.
-
-Signed-off-by: Christian Hesse <mail at eworm.de>
----
- distro/systemd/openvpn-client at .service | 2 --
- distro/systemd/openvpn-server at .service | 2 --
- distro/systemd/openvpn.conf | 2 ++
- 3 files changed, 2 insertions(+), 4 deletions(-)
- create mode 100644 distro/systemd/openvpn.conf
-
-diff --git a/distro/systemd/openvpn-client at .service b/distro/systemd/openvpn-client at .service
-index 5618af3..1187ee8 100644
---- a/distro/systemd/openvpn-client at .service
-+++ b/distro/systemd/openvpn-client at .service
-@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
- [Service]
- Type=notify
- PrivateTmp=true
--RuntimeDirectory=openvpn-client
--RuntimeDirectoryMode=0710
- WorkingDirectory=/etc/openvpn/client
- ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
- CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-diff --git a/distro/systemd/openvpn-server at .service b/distro/systemd/openvpn-server at .service
-index b9b4dba..25a6bb7 100644
---- a/distro/systemd/openvpn-server at .service
-+++ b/distro/systemd/openvpn-server at .service
-@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
- [Service]
- Type=notify
- PrivateTmp=true
--RuntimeDirectory=openvpn-server
--RuntimeDirectoryMode=0710
- WorkingDirectory=/etc/openvpn/server
- ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
- CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
-new file mode 100644
-index 0000000..bb79671
---- /dev/null
-+++ b/distro/systemd/openvpn.conf
-@@ -0,0 +1,2 @@
-+d /run/openvpn-client 0710 root root -
-+d /run/openvpn-server 0710 root root -
---
-2.11.0
-
Copied: openvpn/repos/testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch (from rev 284937, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch)
===================================================================
--- testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch (rev 0)
+++ testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,59 @@
+From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Fri, 16 Dec 2016 22:56:15 +0100
+Subject: [PATCH 1/1] do not race on RuntimeDirectory
+
+Different unit instances create and destroy the same RuntimeDirectory.
+This leads to running instances where the status file (and possibly
+more runtime data) is no longer accessible.
+
+So do not handle this in unit files but provide a tmpfiles.d
+configuration and let systemd-tmpfiles do the work.
+Nobody will (unintentionally) delete the directories and its content.
+As /run is volatile we do not have to care about cleanup.
+
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ distro/systemd/openvpn-client at .service | 2 --
+ distro/systemd/openvpn-server at .service | 2 --
+ distro/systemd/openvpn.conf | 2 ++
+ 3 files changed, 2 insertions(+), 4 deletions(-)
+ create mode 100644 distro/systemd/openvpn.conf
+
+diff --git a/distro/systemd/openvpn-client at .service b/distro/systemd/openvpn-client at .service
+index 5618af3..1187ee8 100644
+--- a/distro/systemd/openvpn-client at .service
++++ b/distro/systemd/openvpn-client at .service
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-client
+-RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/client
+ ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+diff --git a/distro/systemd/openvpn-server at .service b/distro/systemd/openvpn-server at .service
+index b9b4dba..25a6bb7 100644
+--- a/distro/systemd/openvpn-server at .service
++++ b/distro/systemd/openvpn-server at .service
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ [Service]
+ Type=notify
+ PrivateTmp=true
+-RuntimeDirectory=openvpn-server
+-RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/server
+ ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
+new file mode 100644
+index 0000000..bb79671
+--- /dev/null
++++ b/distro/systemd/openvpn.conf
+@@ -0,0 +1,2 @@
++d /run/openvpn-client 0710 root root -
++d /run/openvpn-server 0710 root root -
+--
+2.11.0
+
Copied: openvpn/repos/testing-x86_64/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch (from rev 284937, openvpn/trunk/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch)
===================================================================
--- testing-x86_64/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch (rev 0)
+++ testing-x86_64/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,59 @@
+From 8fe76deb35364aa0d71b3e771b4a12491a037764 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Wed, 28 Dec 2016 13:57:11 +0100
+Subject: [PATCH 1/1] fix timeout in non-TLS mode with systemd
+
+In non-TLS configuration we wait for the remote peer to connect
+before issuing "Initialization Sequence Completed". So prevent to
+time out by telling systemd service manager we are ready for now.
+Status will be "Non-TLS mode, ready for now. Waiting for peer..."
+and changes once the remote peer connects.
+
+This fixes #801 (static key tunnels impossible to start via systemd)
+
+Tested-by: Mantas Mikulėnas <grawity at gmail.com>
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ src/openvpn/openvpn.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
+index 888acda..ae948f9 100644
+--- a/src/openvpn/openvpn.c
++++ b/src/openvpn/openvpn.c
+@@ -30,6 +30,10 @@
+
+ #include "syshead.h"
+
++#ifdef ENABLE_SYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ #include "init.h"
+ #include "forward.h"
+ #include "multi.h"
+@@ -73,6 +77,21 @@ tunnel_point_to_point(struct context *c)
+ return;
+ }
+
++#ifdef ENABLE_SYSTEMD
++ /* In non-TLS configuration we wait for the remote peer to connect
++ * before issuing "Initialization Sequence Completed". So prevent to
++ * time out by telling systemd service manager we are ready for now.
++ * Status will be "Non-TLS mode, ready for now. Waiting for peer..."
++ * and changes once the remote peer connects. */
++ if (c->options.tls_client == false
++ && c->options.tls_server == false)
++ {
++ sd_notifyf(0, "READY=1\n"
++ "STATUS=Non-TLS mode, ready for now. Waiting for peer...\n"
++ "MAINPID=%lu", (unsigned long) getpid());
++ }
++#endif
++
+ /* main event loop */
+ while (true)
+ {
+--
+2.11.0
+
Deleted: testing-x86_64/PKGBUILD
===================================================================
--- testing-x86_64/PKGBUILD 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-x86_64/PKGBUILD 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,89 +0,0 @@
-# $Id$
-# Maintainer: Christian Hesse <mail at eworm.de>
-
-pkgname=openvpn
-pkgver=2.4.0
-pkgrel=1
-pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
-arch=('i686' 'x86_64')
-url='http://openvpn.net/index.php/open-source.html'
-depends=('openssl' 'lzo' 'iproute2' 'libsystemd' 'pkcs11-helper')
-optdepends=('easy-rsa: easy CA and certificate handling')
-makedepends=('systemd')
-license=('custom')
-install=openvpn.install
-validpgpkeys=('03300E11FED16F59715F9996C29D97ED198D22A3' # Samuli Seppänen <samuli.seppanen at gmail.com>
- '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <davids at openvpn.net>
-source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc}
- '0001-plugin.patch'
- '0002-do-not-race-on-RuntimeDirectory.patch')
-sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e'
- 'SKIP'
- 'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c'
- 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c')
-
-prepare() {
- cd "${srcdir}"/${pkgname}-${pkgver}
-
- # plugin path
- patch -Np1 < "${srcdir}"/0001-plugin.patch
-
- # do not race on RuntimeDirectory
- patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch
-
- # regenerate configure script
- autoreconf -fi
-}
-
-build() {
- cd "${srcdir}"/${pkgname}-${pkgver}
-
- ./configure \
- --prefix=/usr \
- --sbindir=/usr/bin \
- --enable-iproute2 \
- --enable-pkcs11 \
- --enable-plugins \
- --enable-systemd \
- --enable-x509-alt-username
- make
-}
-
-check() {
- cd "${srcdir}"/${pkgname}-${pkgver}
-
- make check
-}
-
-package() {
- cd "${srcdir}"/${pkgname}-${pkgver}
-
- # Install openvpn
- make DESTDIR="${pkgdir}" install
-
- # Create empty configuration directories
- install -d -m0750 -g 90 "${pkgdir}"/etc/openvpn/{client,server}
-
- # Install examples
- install -d -m0755 "${pkgdir}"/usr/share/openvpn
- cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
-
- # Install license
- install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
- ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
-
- # Install contrib
- for FILE in $(find contrib -type f); do
- case "$(file --brief --mime-type "${FILE}")" in
- "text/x-shellscript") install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
- *) install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
- esac
- done
-
- # Install systemd files
- install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/
- install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/
- install -D -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
- install -d -m0710 "${pkgdir}"/run/openvpn-{client,server}
-}
-
Copied: openvpn/repos/testing-x86_64/PKGBUILD (from rev 284937, openvpn/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,94 @@
+# $Id$
+# Maintainer: Christian Hesse <mail at eworm.de>
+
+pkgname=openvpn
+pkgver=2.4.0
+pkgrel=2
+pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
+arch=('i686' 'x86_64')
+url='http://openvpn.net/index.php/open-source.html'
+depends=('openssl' 'lzo' 'iproute2' 'libsystemd' 'pkcs11-helper')
+optdepends=('easy-rsa: easy CA and certificate handling')
+makedepends=('systemd')
+license=('custom')
+install=openvpn.install
+validpgpkeys=('03300E11FED16F59715F9996C29D97ED198D22A3' # Samuli Seppänen <samuli.seppanen at gmail.com>
+ '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <davids at openvpn.net>
+source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc}
+ '0001-plugin.patch'
+ '0002-do-not-race-on-RuntimeDirectory.patch'
+ '0003-fix-timeout-in-non-TLS-mode-with-systemd.patch')
+sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e'
+ 'SKIP'
+ 'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c'
+ 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c'
+ '1b0ff78390dd5e79ce6966fd7fee54d42f6f3622cf8078d8b0f9998046e6b73b')
+
+prepare() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ # plugin path
+ patch -Np1 < "${srcdir}"/0001-plugin.patch
+
+ # do not race on RuntimeDirectory
+ patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch
+
+ # fix timeout in non-TLS mode with systemd
+ patch -Np1 < "${srcdir}"/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch
+
+ # regenerate configure script
+ autoreconf -fi
+}
+
+build() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --enable-iproute2 \
+ --enable-pkcs11 \
+ --enable-plugins \
+ --enable-systemd \
+ --enable-x509-alt-username
+ make
+}
+
+check() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ make check
+}
+
+package() {
+ cd "${srcdir}"/${pkgname}-${pkgver}
+
+ # Install openvpn
+ make DESTDIR="${pkgdir}" install
+
+ # Create empty configuration directories
+ install -d -m0750 -g 90 "${pkgdir}"/etc/openvpn/{client,server}
+
+ # Install examples
+ install -d -m0755 "${pkgdir}"/usr/share/openvpn
+ cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
+
+ # Install license
+ install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
+ ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
+
+ # Install contrib
+ for FILE in $(find contrib -type f); do
+ case "$(file --brief --mime-type "${FILE}")" in
+ "text/x-shellscript") install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ *) install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ esac
+ done
+
+ # Install systemd files
+ install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/
+ install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/
+ install -D -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
+ install -d -m0710 "${pkgdir}"/run/openvpn-{client,server}
+}
+
Deleted: testing-x86_64/news.md
===================================================================
--- testing-x86_64/news.md 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-x86_64/news.md 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,17 +0,0 @@
-OpenVPN 2.4.0 update requires administrative interaction
-========================================================
-
-The upgrade to openvpn 2.4.0 makes changes that are incompatible with
-previous configurations. Take **special care** if you depend on VPN
-connectivity for **remote access**! Administrative interaction is required:
-
-* Configuration is expected in sub directories now. Move your files
- from `/etc/openvpn/` to `/etc/openvpn/server/` or `/etc/openvpn/client/`.
-* The plugin lookup path changed, remove extra `plugins/` from relative
- paths.
-* The systemd unit `openvpn at .service` was replaced with
- `openvpn-client at .service` and `openvpn-server at .service`. Restart and
- reenable accordingly.
-
-This does not affect the functionality of `networkmanager`, `connman`
-or `qopenvpn`.
Copied: openvpn/repos/testing-x86_64/news.md (from rev 284937, openvpn/trunk/news.md)
===================================================================
--- testing-x86_64/news.md (rev 0)
+++ testing-x86_64/news.md 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,17 @@
+OpenVPN 2.4.0 update requires administrative interaction
+========================================================
+
+The upgrade to openvpn 2.4.0 makes changes that are incompatible with
+previous configurations. Take **special care** if you depend on VPN
+connectivity for **remote access**! Administrative interaction is required:
+
+* Configuration is expected in sub directories now. Move your files
+ from `/etc/openvpn/` to `/etc/openvpn/server/` or `/etc/openvpn/client/`.
+* The plugin lookup path changed, remove extra `plugins/` from relative
+ paths.
+* The systemd unit `openvpn at .service` was replaced with
+ `openvpn-client at .service` and `openvpn-server at .service`. Restart and
+ reenable accordingly.
+
+This does not affect the functionality of `networkmanager`, `connman`
+or `qopenvpn`.
Deleted: testing-x86_64/openvpn.install
===================================================================
--- testing-x86_64/openvpn.install 2016-12-28 13:56:21 UTC (rev 284937)
+++ testing-x86_64/openvpn.install 2016-12-28 13:56:27 UTC (rev 284938)
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-post_upgrade() {
- # return if old package version greater 2.4...
- (( $(vercmp $2 '2.4') > 0 )) && return
-
- # upgrade from pre-2.4 version...
- echo "This upgrade from openvpn $2 to openvpn $1 made changes that require"
- echo "administrative interaction:"
- echo " -> Configuration is expected in sub directories now. Move your files"
- echo " from /etc/openvpn/ to /etc/openvpn/server/ or /etc/openvpn/client/."
- echo " -> The plugin lookup path changed, remove extra 'plugins/' from relative paths."
- echo " -> The systemd unit openvpn at .service was replaced with openvpn-client at .service"
- echo " and openvpn-server at .service. Restart and reenable accordingly."
-
- local UNITS="$(systemctl list-units --quiet --no-pager --no-legend --plain | grep '^openvpn@' | cut -d' ' -f1)"
- if (( ${#UNITS} )); then
- echo "This is a (possibly incomplete) list of units that need to be acted on:"
- for UNIT in ${UNITS}; do
- echo " -> ${UNIT}"
- done
- fi
-}
-
Copied: openvpn/repos/testing-x86_64/openvpn.install (from rev 284937, openvpn/trunk/openvpn.install)
===================================================================
--- testing-x86_64/openvpn.install (rev 0)
+++ testing-x86_64/openvpn.install 2016-12-28 13:56:27 UTC (rev 284938)
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+post_upgrade() {
+ # return if old package version greater 2.4...
+ (( $(vercmp $2 '2.4') > 0 )) && return
+
+ # upgrade from pre-2.4 version...
+ echo "This upgrade from openvpn $2 to openvpn $1 made changes that require"
+ echo "administrative interaction:"
+ echo " -> Configuration is expected in sub directories now. Move your files"
+ echo " from /etc/openvpn/ to /etc/openvpn/server/ or /etc/openvpn/client/."
+ echo " -> The plugin lookup path changed, remove extra 'plugins/' from relative paths."
+ echo " -> The systemd unit openvpn at .service was replaced with openvpn-client at .service"
+ echo " and openvpn-server at .service. Restart and reenable accordingly."
+
+ local UNITS="$(systemctl list-units --quiet --no-pager --no-legend --plain | grep '^openvpn@' | cut -d' ' -f1)"
+ if (( ${#UNITS} )); then
+ echo "This is a (possibly incomplete) list of units that need to be acted on:"
+ for UNIT in ${UNITS}; do
+ echo " -> ${UNIT}"
+ done
+ fi
+}
+
More information about the arch-commits
mailing list