[arch-commits] Commit in openvpn/trunk (6 files)

Christian Hesse eworm at archlinux.org
Sat Feb 25 14:12:41 UTC 2017


    Date: Saturday, February 25, 2017 @ 14:12:40
  Author: eworm
Revision: 289530

replace own with upstream patches

Added:
  openvpn/trunk/0001-Clean-up-plugin-path-handling.patch
  openvpn/trunk/0003-systemd-Move-the-READY-1-signalling-to-an-earlier-po.patch
Modified:
  openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch
  openvpn/trunk/PKGBUILD
Deleted:
  openvpn/trunk/0001-plugin.patch
  openvpn/trunk/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch

-----------------------------------------------------------------+
 0001-Clean-up-plugin-path-handling.patch                        |  217 ++++++++
 0001-plugin.patch                                               |   46 -
 0002-do-not-race-on-RuntimeDirectory.patch                      |  249 +++++++++-
 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch             |   59 --
 0003-systemd-Move-the-READY-1-signalling-to-an-earlier-po.patch |  124 ++++
 PKGBUILD                                                        |   24 
 6 files changed, 576 insertions(+), 143 deletions(-)

Added: 0001-Clean-up-plugin-path-handling.patch
===================================================================
--- 0001-Clean-up-plugin-path-handling.patch	                        (rev 0)
+++ 0001-Clean-up-plugin-path-handling.patch	2017-02-25 14:12:40 UTC (rev 289530)
@@ -0,0 +1,217 @@
+From 4590c3831d0400096fab08aa1ed7f909da870ced Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Wed, 25 Jan 2017 21:19:47 +0100
+Subject: [PATCH 1/2] Clean up plugin path handling
+
+Drop --with-plugindir, instead use an environment variable PLUGINDIR
+to specify the plugin directory.
+
+This puts a define into include/openvpn-plugin.h.in which has the plugin
+directory.
+
+The configure script does not know about the final plugin path. Thus we
+have to make Make generate the final header file for us.
+
+As the path is always available remove the compile time condition (and
+dead code) from src/openvpn/plugin.c.
+
+v2: The configure script can not evaluate the final $libdir path. So
+    use make to create a header file on the containing the final path.
+
+v3: Fix whitespace errors and gitignore location.
+
+v4: No extra header file, generate src/openvpn/plugin.h on the fly.
+    Remove condition and dead code.
+
+v5: Move the define to include/openvpn-plugin.h.in and let make generate
+    the final header file.
+
+Signed-off-by: Christian Hesse <mail at eworm.de>
+Acked-by: David Sommerseth <davids at openvpn.net>
+Message-Id: <20170125201947.17197-1-list at eworm.de>
+URL: http://www.mail-archive.com/search?l=mid&q=20170125201947.17197-1-list@eworm.de
+Signed-off-by: David Sommerseth <davids at openvpn.net>
+---
+ configure.ac                | 16 +++++++---------
+ include/Makefile.am         |  7 +++++++
+ include/openvpn-plugin.h.in |  2 ++
+ src/openvpn/plugin.c        | 10 +---------
+ 4 files changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 79fb1ba..f305c54 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -38,7 +38,7 @@ AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor versi
+ AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a string or integer])
+ 
+ AC_CONFIG_AUX_DIR([.])
+-AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
++AC_CONFIG_HEADERS([config.h])
+ AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
+ AC_CONFIG_MACRO_DIR([m4])
+ 
+@@ -301,13 +301,12 @@ AC_ARG_WITH(
+ 	[with_crypto_library="openssl"]
+ )
+ 
+-AC_ARG_WITH(
+-	[plugindir],
+-	[AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])],
+-	,
+-	[with_plugindir="\$(libdir)/openvpn/plugins"]
+-)
+-
++AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
++if test -n "${PLUGINDIR}"; then
++	plugindir="${PLUGINDIR}"
++else
++	plugindir="\${libdir}/openvpn/plugins"
++fi
+ 
+ AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
+ case "$host" in
+@@ -1284,7 +1283,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "
+ AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
+ AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
+ 
+-plugindir="${with_plugindir}"
+ sampledir="\$(docdir)/sample"
+ AC_SUBST([plugindir])
+ AC_SUBST([sampledir])
+diff --git a/include/Makefile.am b/include/Makefile.am
+index a52c427..37962a6 100644
+--- a/include/Makefile.am
++++ b/include/Makefile.am
+@@ -16,3 +16,10 @@ MAINTAINERCLEANFILES = \
+ include_HEADERS = \
+ 	openvpn-plugin.h \
+ 	openvpn-msg.h
++
++openvpn-plugin.h: openvpn-plugin.h.in Makefile
++	$(AM_V_GEN)sed -e 's|\@PLUGINDIR\@|$(plugindir)|' \
++		-e 's|\@OPENVPN_VERSION_MAJOR\@|$(OPENVPN_VERSION_MAJOR)|' \
++		-e 's|\@OPENVPN_VERSION_MINOR\@|$(OPENVPN_VERSION_MINOR)|' \
++		-e 's|\@OPENVPN_VERSION_PATCH\@|$(OPENVPN_VERSION_PATCH)|' \
++               $< > $@.tmp && mv $@.tmp $@
+diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in
+index 0b30352..a084fc1 100644
+--- a/include/openvpn-plugin.h.in
++++ b/include/openvpn-plugin.h.in
+@@ -27,6 +27,8 @@
+ 
+ #define OPENVPN_PLUGIN_VERSION 3
+ 
++#define PLUGIN_LIBDIR "@PLUGINDIR@"
++
+ #ifdef ENABLE_CRYPTO
+ #ifdef ENABLE_CRYPTO_MBEDTLS
+ #include <mbedtls/x509_crt.h>
+diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c
+index e530c0c..f777027 100644
+--- a/src/openvpn/plugin.c
++++ b/src/openvpn/plugin.c
+@@ -234,23 +234,15 @@ plugin_init_item(struct plugin *p, const struct plugin_option *o)
+ #ifndef _WIN32
+ 
+     p->handle = NULL;
+-#if defined(PLUGIN_LIBDIR)
++
+     if (!absolute_pathname(p->so_pathname))
+     {
+         char full[PATH_MAX];
+ 
+         openvpn_snprintf(full, sizeof(full), "%s/%s", PLUGIN_LIBDIR, p->so_pathname);
+         p->handle = dlopen(full, RTLD_NOW);
+-#if defined(ENABLE_PLUGIN_SEARCH)
+-        if (!p->handle)
+-        {
+-            rel = true;
+-            p->handle = dlopen(p->so_pathname, RTLD_NOW);
+-        }
+-#endif
+     }
+     else
+-#endif
+     {
+         rel = !absolute_pathname(p->so_pathname);
+         p->handle = dlopen(p->so_pathname, RTLD_NOW);
+From 631812fe29c69d0034628ab8321cb4016cb4fc2d Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Fri, 27 Jan 2017 09:49:27 +0100
+Subject: [PATCH 2/2] plugin: Remove GNUism in openvpn-plugin.h generation
+
+The plugin path handling cleanup (4590c383) introduced GNUism and broke
+builds on system not using GNU Make (like *BSD).
+
+Revert back to let configure generate the header file. Instead let make
+add an extra CFLAG that defines PLUGIN_LIBDIR.
+
+Signed-off-by: Christian Hesse <mail at eworm.de>
+Acked-by: Gert Doering <gert at greenie.muc.de>
+Message-Id: <20170127084927.21040-1-list at eworm.de>
+URL: http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13966.html
+Signed-off-by: David Sommerseth <davids at openvpn.net>
+---
+ configure.ac                | 2 +-
+ include/Makefile.am         | 7 -------
+ include/openvpn-plugin.h.in | 2 --
+ src/openvpn/Makefile.am     | 4 +++-
+ 4 files changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index f305c54..b29f8b4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -38,7 +38,7 @@ AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor versi
+ AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a string or integer])
+ 
+ AC_CONFIG_AUX_DIR([.])
+-AC_CONFIG_HEADERS([config.h])
++AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
+ AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
+ AC_CONFIG_MACRO_DIR([m4])
+ 
+diff --git a/include/Makefile.am b/include/Makefile.am
+index 37962a6..a52c427 100644
+--- a/include/Makefile.am
++++ b/include/Makefile.am
+@@ -16,10 +16,3 @@ MAINTAINERCLEANFILES = \
+ include_HEADERS = \
+ 	openvpn-plugin.h \
+ 	openvpn-msg.h
+-
+-openvpn-plugin.h: openvpn-plugin.h.in Makefile
+-	$(AM_V_GEN)sed -e 's|\@PLUGINDIR\@|$(plugindir)|' \
+-		-e 's|\@OPENVPN_VERSION_MAJOR\@|$(OPENVPN_VERSION_MAJOR)|' \
+-		-e 's|\@OPENVPN_VERSION_MINOR\@|$(OPENVPN_VERSION_MINOR)|' \
+-		-e 's|\@OPENVPN_VERSION_PATCH\@|$(OPENVPN_VERSION_PATCH)|' \
+-               $< > $@.tmp && mv $@.tmp $@
+diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in
+index a084fc1..0b30352 100644
+--- a/include/openvpn-plugin.h.in
++++ b/include/openvpn-plugin.h.in
+@@ -27,8 +27,6 @@
+ 
+ #define OPENVPN_PLUGIN_VERSION 3
+ 
+-#define PLUGIN_LIBDIR "@PLUGINDIR@"
+-
+ #ifdef ENABLE_CRYPTO
+ #ifdef ENABLE_CRYPTO_MBEDTLS
+ #include <mbedtls/x509_crt.h>
+diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
+index bea294b..3f97855 100644
+--- a/src/openvpn/Makefile.am
++++ b/src/openvpn/Makefile.am
+@@ -27,7 +27,9 @@ AM_CFLAGS = \
+ 	$(OPTIONAL_CRYPTO_CFLAGS) \
+ 	$(OPTIONAL_LZO_CFLAGS) \
+ 	$(OPTIONAL_LZ4_CFLAGS) \
+-	$(OPTIONAL_PKCS11_HELPER_CFLAGS)
++	$(OPTIONAL_PKCS11_HELPER_CFLAGS) \
++	-DPLUGIN_LIBDIR=\"${plugindir}\"
++
+ if WIN32
+ # we want unicode entry point but not the macro
+ AM_CFLAGS += -municode -UUNICODE

Deleted: 0001-plugin.patch
===================================================================
--- 0001-plugin.patch	2017-02-25 13:19:55 UTC (rev 289529)
+++ 0001-plugin.patch	2017-02-25 14:12:40 UTC (rev 289530)
@@ -1,46 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index f4073d0..5fe652e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -301,13 +301,12 @@ AC_ARG_WITH(
- 	[with_crypto_library="openssl"]
- )
- 
--AC_ARG_WITH(
--	[plugindir],
--	[AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])],
--	,
--	[with_plugindir="\$(libdir)/openvpn/plugins"]
--)
--
-+AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
-+if test -n "${PLUGINDIR}"; then
-+	plugindir="${PLUGINDIR}"
-+else
-+	plugindir="\${libdir}/openvpn/plugins"
-+fi
- 
- AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
- case "$host" in
-@@ -1245,7 +1244,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "ye
- AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
- AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
- 
--plugindir="${with_plugindir}"
- sampledir="\$(docdir)/sample"
- AC_SUBST([plugindir])
- AC_SUBST([sampledir])
-diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
-index 4c18449..188834a 100644
---- a/src/openvpn/Makefile.am
-+++ b/src/openvpn/Makefile.am
-@@ -27,7 +27,8 @@ AM_CFLAGS = \
- 	$(OPTIONAL_CRYPTO_CFLAGS) \
- 	$(OPTIONAL_LZO_CFLAGS) \
- 	$(OPTIONAL_LZ4_CFLAGS) \
--	$(OPTIONAL_PKCS11_HELPER_CFLAGS)
-+	$(OPTIONAL_PKCS11_HELPER_CFLAGS) \
-+	-DPLUGIN_LIBDIR=\"${plugindir}\"
- if WIN32
- # we want unicode entry point but not the macro
- AM_CFLAGS += -municode -UUNICODE

Modified: 0002-do-not-race-on-RuntimeDirectory.patch
===================================================================
--- 0002-do-not-race-on-RuntimeDirectory.patch	2017-02-25 13:19:55 UTC (rev 289529)
+++ 0002-do-not-race-on-RuntimeDirectory.patch	2017-02-25 14:12:40 UTC (rev 289530)
@@ -1,8 +1,151 @@
-From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001
+From ca5b4c2aad2370be7862660d274b7485f2d0af71 Mon Sep 17 00:00:00 2001
 From: Christian Hesse <mail at eworm.de>
-Date: Fri, 16 Dec 2016 22:56:15 +0100
-Subject: [PATCH 1/1] do not race on RuntimeDirectory
+Date: Tue, 24 Jan 2017 15:39:46 +0100
+Subject: [PATCH 1/2] systemd: Use automake tools to install unit files
 
+If systemd is enabled we install unit files to $libdir/systemd/system
+(or the path specified by SYSTEMD_UNIT_DIR).
+The unit files are generated on the fly with matching $sbindir.
+
+Signed-off-by: Christian Hesse <mail at eworm.de>
+Acked-by: David Sommerseth <davids at openvpn.net>
+Message-Id: <20170124143947.27385-1-list at eworm.de>
+URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13940.html
+Signed-off-by: David Sommerseth <davids at openvpn.net>
+---
+ configure.ac                                       | 10 +++++++++
+ distro/Makefile.am                                 |  4 +---
+ distro/systemd/Makefile.am                         | 26 ++++++++++++++++++++++
+ ...-client at .service => openvpn-client at .service.in} |  2 +-
+ ...-server at .service => openvpn-server at .service.in} |  2 +-
+ 6 files changed, 40 insertions(+), 5 deletions(-)
+ create mode 100644 distro/systemd/Makefile.am
+ rename distro/systemd/{openvpn-client at .service => openvpn-client at .service.in} (90%)
+ rename distro/systemd/{openvpn-server at .service => openvpn-server at .service.in} (91%)
+
+diff --git a/configure.ac b/configure.ac
+index 8783109..48d8f0c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -378,6 +378,7 @@ AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
+ AC_ARG_VAR([MAN2HTML], [path to man2html utility])
+ AC_ARG_VAR([GIT], [path to git utility])
+ AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
++AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
+ AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+ AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+ AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+@@ -1099,6 +1100,12 @@ if test "$enable_systemd" = "yes" ; then
+     OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
+     AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
+     LIBS="${saved_LIBS}"
++
++    if test -n "${SYSTEMD_UNIT_DIR}"; then
++        systemdunitdir="${SYSTEMD_UNIT_DIR}"
++    else
++        systemdunitdir="\${libdir}/systemd/system"
++    fi
+ fi
+ 
+ 
+@@ -1275,6 +1282,8 @@ sampledir="\$(docdir)/sample"
+ AC_SUBST([plugindir])
+ AC_SUBST([sampledir])
+ 
++AC_SUBST([systemdunitdir])
++
+ VENDOR_SRC_ROOT="\$(abs_top_srcdir)/vendor/"
+ VENDOR_DIST_ROOT="\$(abs_top_builddir)/vendor/dist"
+ VENDOR_BUILD_ROOT="\$(abs_top_builddir)/vendor/.build"
+@@ -1313,6 +1322,7 @@ AC_CONFIG_FILES([
+ 	distro/Makefile
+ 	distro/rpm/Makefile
+ 	distro/rpm/openvpn.spec
++	distro/systemd/Makefile
+ 	include/Makefile
+ 	src/Makefile
+ 	src/compat/Makefile
+diff --git a/distro/Makefile.am b/distro/Makefile.am
+index 7a9ffd0..eb0e554 100644
+--- a/distro/Makefile.am
++++ b/distro/Makefile.am
+@@ -12,6 +12,4 @@
+ MAINTAINERCLEANFILES = \
+ 	$(srcdir)/Makefile.in
+ 
+-SUBDIRS = rpm
+-
+-EXTRA_DIST = systemd/openvpn-client at .service systemd/openvpn-server at .service
++SUBDIRS = rpm systemd
+diff --git a/distro/systemd/Makefile.am b/distro/systemd/Makefile.am
+new file mode 100644
+index 0000000..b10c6ed
+--- /dev/null
++++ b/distro/systemd/Makefile.am
+@@ -0,0 +1,26 @@
++#
++#  OpenVPN -- An application to securely tunnel IP networks
++#             over a single UDP port, with support for SSL/TLS-based
++#             session authentication and key exchange,
++#             packet encryption, packet authentication, and
++#             packet compression.
++#
++#  Copyright (C) 2017 OpenVPN Technologies, Inc. <sales at openvpn.net>
++#
++
++%.service: %.service.in Makefile
++	$(AM_V_GEN)sed -e 's|\@sbindir\@|$(sbindir)|' \
++		$< > $@.tmp && mv $@.tmp $@
++
++EXTRA_DIST = \
++	openvpn-client at .service.in \
++	openvpn-server at .service.in
++
++if ENABLE_SYSTEMD
++systemdunit_DATA = \
++	openvpn-client at .service \
++	openvpn-server at .service
++endif
++
++MAINTAINERCLEANFILES = \
++	$(srcdir)/Makefile.in
+diff --git a/distro/systemd/openvpn-client at .service b/distro/systemd/openvpn-client at .service.in
+similarity index 90%
+rename from distro/systemd/openvpn-client at .service
+rename to distro/systemd/openvpn-client at .service.in
+index 5618af3..d933772 100644
+--- a/distro/systemd/openvpn-client at .service
++++ b/distro/systemd/openvpn-client at .service.in
+@@ -12,7 +12,7 @@ PrivateTmp=true
+ RuntimeDirectory=openvpn-client
+ RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/client
+-ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
++ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw
+diff --git a/distro/systemd/openvpn-server at .service b/distro/systemd/openvpn-server at .service.in
+similarity index 91%
+rename from distro/systemd/openvpn-server at .service
+rename to distro/systemd/openvpn-server at .service.in
+index b9b4dba..da5c78e 100644
+--- a/distro/systemd/openvpn-server at .service
++++ b/distro/systemd/openvpn-server at .service.in
+@@ -12,7 +12,7 @@ PrivateTmp=true
+ RuntimeDirectory=openvpn-server
+ RuntimeDirectoryMode=0710
+ WorkingDirectory=/etc/openvpn/server
+-ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
++ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw
+From 3de7be7b17de879a78eea4afe4c918c6104c635d Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Tue, 24 Jan 2017 15:39:47 +0100
+Subject: [PATCH 2/2] systemd: Do not race on RuntimeDirectory
+
 Different unit instances create and destroy the same RuntimeDirectory.
 This leads to running instances where the status file (and possibly
 more runtime data) is no longer accessible.
@@ -13,17 +156,80 @@
 As /run is volatile we do not have to care about cleanup.
 
 Signed-off-by: Christian Hesse <mail at eworm.de>
+Acked-by: David Sommerseth <davids at openvpn.net>
+Message-Id: <20170124143947.27385-2-list at eworm.de>
+URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13939.html
+Signed-off-by: David Sommerseth <davids at openvpn.net>
 ---
- distro/systemd/openvpn-client at .service | 2 --
- distro/systemd/openvpn-server at .service | 2 --
- distro/systemd/openvpn.conf            | 2 ++
- 3 files changed, 2 insertions(+), 4 deletions(-)
- create mode 100644 distro/systemd/openvpn.conf
+ configure.ac                              | 8 ++++++++
+ distro/systemd/Makefile.am                | 6 ++++++
+ distro/systemd/openvpn-client at .service.in | 2 --
+ distro/systemd/openvpn-server at .service.in | 2 --
+ distro/systemd/tmpfiles-openvpn.conf      | 2 ++
+ 5 files changed, 16 insertions(+), 4 deletions(-)
+ create mode 100644 distro/systemd/tmpfiles-openvpn.conf
 
-diff --git a/distro/systemd/openvpn-client at .service b/distro/systemd/openvpn-client at .service
-index 5618af3..1187ee8 100644
---- a/distro/systemd/openvpn-client at .service
-+++ b/distro/systemd/openvpn-client at .service
+diff --git a/configure.ac b/configure.ac
+index 48d8f0c..79fb1ba 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -379,6 +379,7 @@ AC_ARG_VAR([MAN2HTML], [path to man2html utility])
+ AC_ARG_VAR([GIT], [path to git utility])
+ AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
+ AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
++AC_ARG_VAR([TMPFILES_DIR], [Path of tmpfiles directory @<:@default=LIBDIR/tmpfiles.d@:>@])
+ AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+ AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+ AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+@@ -1106,6 +1107,12 @@ if test "$enable_systemd" = "yes" ; then
+     else
+         systemdunitdir="\${libdir}/systemd/system"
+     fi
++
++    if test -n "${TMPFILES_DIR}"; then
++        tmpfilesdir="${TMPFILES_DIR}"
++    else
++        tmpfilesdir="\${libdir}/tmpfiles.d"
++    fi
+ fi
+ 
+ 
+@@ -1283,6 +1290,7 @@ AC_SUBST([plugindir])
+ AC_SUBST([sampledir])
+ 
+ AC_SUBST([systemdunitdir])
++AC_SUBST([tmpfilesdir])
+ 
+ VENDOR_SRC_ROOT="\$(abs_top_srcdir)/vendor/"
+ VENDOR_DIST_ROOT="\$(abs_top_builddir)/vendor/dist"
+diff --git a/distro/systemd/Makefile.am b/distro/systemd/Makefile.am
+index b10c6ed..1e3f3ea 100644
+--- a/distro/systemd/Makefile.am
++++ b/distro/systemd/Makefile.am
+@@ -13,6 +13,7 @@
+ 		$< > $@.tmp && mv $@.tmp $@
+ 
+ EXTRA_DIST = \
++	tmpfiles-openvpn.conf \
+ 	openvpn-client at .service.in \
+ 	openvpn-server at .service.in
+ 
+@@ -20,6 +21,11 @@ if ENABLE_SYSTEMD
+ systemdunit_DATA = \
+ 	openvpn-client at .service \
+ 	openvpn-server at .service
++tmpfiles_DATA = \
++	tmpfiles-openvpn.conf
++
++install-data-hook:
++	mv $(DESTDIR)$(tmpfilesdir)/tmpfiles-openvpn.conf $(DESTDIR)$(tmpfilesdir)/openvpn.conf
+ endif
+ 
+ MAINTAINERCLEANFILES = \
+diff --git a/distro/systemd/openvpn-client at .service.in b/distro/systemd/openvpn-client at .service.in
+index d933772..1be1e33 100644
+--- a/distro/systemd/openvpn-client at .service.in
++++ b/distro/systemd/openvpn-client at .service.in
 @@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
  [Service]
  Type=notify
@@ -31,12 +237,12 @@
 -RuntimeDirectory=openvpn-client
 -RuntimeDirectoryMode=0710
  WorkingDirectory=/etc/openvpn/client
- ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
+ ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-diff --git a/distro/systemd/openvpn-server at .service b/distro/systemd/openvpn-server at .service
-index b9b4dba..25a6bb7 100644
---- a/distro/systemd/openvpn-server at .service
-+++ b/distro/systemd/openvpn-server at .service
+diff --git a/distro/systemd/openvpn-server at .service.in b/distro/systemd/openvpn-server at .service.in
+index da5c78e..3dccaf2 100644
+--- a/distro/systemd/openvpn-server at .service.in
++++ b/distro/systemd/openvpn-server at .service.in
 @@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
  [Service]
  Type=notify
@@ -44,16 +250,13 @@
 -RuntimeDirectory=openvpn-server
 -RuntimeDirectoryMode=0710
  WorkingDirectory=/etc/openvpn/server
- ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
+diff --git a/distro/systemd/tmpfiles-openvpn.conf b/distro/systemd/tmpfiles-openvpn.conf
 new file mode 100644
 index 0000000..bb79671
 --- /dev/null
-+++ b/distro/systemd/openvpn.conf
++++ b/distro/systemd/tmpfiles-openvpn.conf
 @@ -0,0 +1,2 @@
 +d /run/openvpn-client 0710 root root -
 +d /run/openvpn-server 0710 root root -
--- 
-2.11.0
-

Deleted: 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch
===================================================================
--- 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch	2017-02-25 13:19:55 UTC (rev 289529)
+++ 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch	2017-02-25 14:12:40 UTC (rev 289530)
@@ -1,59 +0,0 @@
-From 8fe76deb35364aa0d71b3e771b4a12491a037764 Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail at eworm.de>
-Date: Wed, 28 Dec 2016 13:57:11 +0100
-Subject: [PATCH 1/1] fix timeout in non-TLS mode with systemd
-
-In non-TLS configuration we wait for the remote peer to connect
-before issuing "Initialization Sequence Completed". So prevent to
-time out by telling systemd service manager we are ready for now.
-Status will be "Non-TLS mode, ready for now. Waiting for peer..."
-and changes once the remote peer connects.
-
-This fixes #801 (static key tunnels impossible to start via systemd)
-
-Tested-by: Mantas Mikulėnas <grawity at gmail.com>
-Signed-off-by: Christian Hesse <mail at eworm.de>
----
- src/openvpn/openvpn.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
-index 888acda..ae948f9 100644
---- a/src/openvpn/openvpn.c
-+++ b/src/openvpn/openvpn.c
-@@ -30,6 +30,10 @@
- 
- #include "syshead.h"
- 
-+#ifdef ENABLE_SYSTEMD
-+#include <systemd/sd-daemon.h>
-+#endif
-+
- #include "init.h"
- #include "forward.h"
- #include "multi.h"
-@@ -73,6 +77,21 @@ tunnel_point_to_point(struct context *c)
-         return;
-     }
- 
-+#ifdef ENABLE_SYSTEMD
-+    /* In non-TLS configuration we wait for the remote peer to connect
-+     * before issuing "Initialization Sequence Completed". So prevent to
-+     * time out by telling systemd service manager we are ready for now.
-+     * Status will be "Non-TLS mode, ready for now. Waiting for peer..."
-+     * and changes once the remote peer connects. */
-+    if (c->options.tls_client == false
-+        && c->options.tls_server == false)
-+    {
-+        sd_notifyf(0, "READY=1\n"
-+                   "STATUS=Non-TLS mode, ready for now. Waiting for peer...\n"
-+                   "MAINPID=%lu", (unsigned long) getpid());
-+    }
-+#endif
-+
-     /* main event loop */
-     while (true)
-     {
--- 
-2.11.0
-

Added: 0003-systemd-Move-the-READY-1-signalling-to-an-earlier-po.patch
===================================================================
--- 0003-systemd-Move-the-READY-1-signalling-to-an-earlier-po.patch	                        (rev 0)
+++ 0003-systemd-Move-the-READY-1-signalling-to-an-earlier-po.patch	2017-02-25 14:12:40 UTC (rev 289530)
@@ -0,0 +1,124 @@
+From e83a8684f0a0d944e9d53cdad2b543cfd1b6fbae Mon Sep 17 00:00:00 2001
+From: David Sommerseth <davids at openvpn.net>
+Date: Wed, 25 Jan 2017 00:23:44 +0100
+Subject: [PATCH 1/2] systemd: Move the READY=1 signalling to an earlier
+ point
+
+Currently, OpenVPN will first tell systemd it is ready once the
+log will be appended with "Initialization Sequence Completed".
+This turns out to cause some issues several places.
+
+First, it adds challenges if --chroot is used in the configuration;
+this is already fixed.  Secondly, it will cause havoc on static key
+p2p mode configurations where the log line above will not happen
+before either sides have completed establishing a connection.  And
+thirdly, if a client configuration fails to establish a connection
+within 90 seconds, it will also fail.  For the third case this may
+not be a critical issue itself, as the host just needs to get
+an Internet access established first - which in some scenarios may
+take much longer than those 90 seconds systemd grants after the
+OpenVPN client configuration is started.
+
+The approach this patch takes is to consider OpenVPN ready when
+all the initial preparations and configurations have completed - but
+before a connection to a remote side have been attempted.  This
+also removes the need for specially handling the --chroot scenario.
+
+The final "Initialization Sequence Completed" message update is
+kept (though slightly simplified) to indicate we're in a good
+state - even though this update will not be visible if --chroot
+is used (which was the situation also before this patch).
+
+Trac: #827, #801
+Signed-off-by: David Sommerseth <davids at openvpn.net>
+Acked-by: Gert Doering <gert at greenie.muc.de>
+Acked-by: Christian Hesse <mail at eworm.de>
+Message-Id: <20170124232344.7825-1-davids at openvpn.net>
+URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13945.html
+Signed-off-by: David Sommerseth <davids at openvpn.net>
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ src/openvpn/init.c | 29 ++++++++++-------------------
+ 1 file changed, 10 insertions(+), 19 deletions(-)
+
+diff --git a/src/openvpn/init.c b/src/openvpn/init.c
+index 756bf36..ff1551e 100644
+--- a/src/openvpn/init.c
++++ b/src/openvpn/init.c
+@@ -562,6 +562,15 @@ context_init_1(struct context *c)
+     }
+ #endif
+ 
++#ifdef ENABLE_SYSTEMD
++    /* We can report the PID via getpid() to systemd here as OpenVPN will not
++     * do any fork due to daemon() a future call.
++     * See possibly_become_daemon() [init.c] for more details.
++     */
++    sd_notifyf(0, "READY=1\nSTATUS=Pre-connection initialization succesfull\nMAINPID=%lu",
++               (unsigned long) getpid());
++#endif
++
+ }
+ 
+ void
+@@ -1042,24 +1051,6 @@ do_uid_gid_chroot(struct context *c, bool no_delay)
+         {
+             if (no_delay)
+             {
+-#ifdef ENABLE_SYSTEMD
+-                /* If OpenVPN is started by systemd, the OpenVPN process needs
+-                 * to provide a preliminary status report to systemd.  This is
+-                 * needed as $NOTIFY_SOCKET will not be available inside the
+-                 * chroot, which sd_notify()/sd_notifyf() depends on.
+-                 *
+-                 * This approach is the simplest and the most non-intrusive
+-                 * solution right before the 2.4_rc2 release.
+-                 *
+-                 * TODO: Consider altnernative solutions - bind mount?
+-                 * systemd does not grok OpenVPN configuration files, thus cannot
+-                 * have a sane way to know if OpenVPN will chroot or not and to
+-                 * which subdirectory it will chroot into.
+-                 */
+-                sd_notifyf(0, "READY=1\n"
+-                           "STATUS=Entering chroot, most of the init completed successfully\n"
+-                           "MAINPID=%lu", (unsigned long) getpid());
+-#endif
+                 platform_chroot(c->options.chroot_dir);
+             }
+             else if (c->first_time)
+@@ -1409,7 +1400,7 @@ initialization_sequence_completed(struct context *c, const unsigned int flags)
+     else
+     {
+ #ifdef ENABLE_SYSTEMD
+-        sd_notifyf(0, "READY=1\nSTATUS=%s\nMAINPID=%lu", message, (unsigned long) getpid());
++        sd_notifyf(0, "STATUS=%s", message);
+ #endif
+         msg(M_INFO, "%s", message);
+     }
+From b13bc6c9570e00d12e26bb3b8e5bf9bdb0b16eff Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Fri, 24 Feb 2017 13:22:52 +0100
+Subject: [PATCH 2/2] fix typo in notification message
+
+Signed-off-by: Christian Hesse <mail at eworm.de>
+Acked-by: Gert Doering <gert at greenie.muc.de>
+Message-Id: <20170224122252.15199-1-list at eworm.de>
+URL: http://www.mail-archive.com/search?l=mid&q=20170224122252.15199-1-list@eworm.de
+Signed-off-by: Gert Doering <gert at greenie.muc.de>
+---
+ src/openvpn/init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/openvpn/init.c b/src/openvpn/init.c
+index ff1551e..7da0061 100644
+--- a/src/openvpn/init.c
++++ b/src/openvpn/init.c
+@@ -567,7 +567,7 @@ context_init_1(struct context *c)
+      * do any fork due to daemon() a future call.
+      * See possibly_become_daemon() [init.c] for more details.
+      */
+-    sd_notifyf(0, "READY=1\nSTATUS=Pre-connection initialization succesfull\nMAINPID=%lu",
++    sd_notifyf(0, "READY=1\nSTATUS=Pre-connection initialization successful\nMAINPID=%lu",
+                (unsigned long) getpid());
+ #endif
+ 

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-02-25 13:19:55 UTC (rev 289529)
+++ PKGBUILD	2017-02-25 14:12:40 UTC (rev 289530)
@@ -15,26 +15,26 @@
 validpgpkeys=('03300E11FED16F59715F9996C29D97ED198D22A3'  # Samuli Seppänen <samuli.seppanen at gmail.com>
               '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <davids at openvpn.net>
 source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc}
-        '0001-plugin.patch'
+        '0001-Clean-up-plugin-path-handling.patch'
         '0002-do-not-race-on-RuntimeDirectory.patch'
-        '0003-fix-timeout-in-non-TLS-mode-with-systemd.patch')
+        '0003-systemd-Move-the-READY-1-signalling-to-an-earlier-po.patch')
 sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e'
             'SKIP'
-            'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c'
-            'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c'
-            '1b0ff78390dd5e79ce6966fd7fee54d42f6f3622cf8078d8b0f9998046e6b73b')
+            '162a21f78fc83071643341fb4198092d7d81b8196573d53ce43548424d757be2'
+            '58ee9d2f4d8a74c3dec037265b84963171f76f9fb6689a529728cdc76fac30dd'
+            'ae8fd591c05c04ad4b500494c55df242f3a2309f2af579b45820ce9959f1df06')
 
 prepare() {
   cd "${srcdir}"/${pkgname}-${pkgver}
 
-  # plugin path
-  patch -Np1 < "${srcdir}"/0001-plugin.patch
+  # Clean up plugin path handling
+  patch -Np1 < "${srcdir}"/0001-Clean-up-plugin-path-handling.patch
 
   # do not race on RuntimeDirectory
   patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch
 
-  # fix timeout in non-TLS mode with systemd
-  patch -Np1 < "${srcdir}"/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch
+  # systemd: Move the READY=1 signalling to an earlier point
+  patch -Np1 < "${srcdir}"/0003-systemd-Move-the-READY-1-signalling-to-an-earlier-po.patch
 
   # regenerate configure script
   autoreconf -fi
@@ -84,11 +84,5 @@
       *) install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
     esac
   done
-
-  # Install systemd files
-  install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/
-  install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/
-  install -D -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
-  install -d -m0710 "${pkgdir}"/run/openvpn-{client,server}
 }
 



More information about the arch-commits mailing list