[arch-commits] Commit in openvpn/repos/testing-x86_64 (10 files)
Christian Hesse
eworm at archlinux.org
Fri Nov 6 12:03:29 UTC 2020
Date: Friday, November 6, 2020 @ 12:03:28
Author: eworm
Revision: 399569
archrelease: copy trunk to testing-x86_64
Added:
openvpn/repos/testing-x86_64/0001-unprivileged.patch
(from rev 399568, openvpn/trunk/0001-unprivileged.patch)
openvpn/repos/testing-x86_64/PKGBUILD
(from rev 399568, openvpn/trunk/PKGBUILD)
openvpn/repos/testing-x86_64/openvpn.install
(from rev 399568, openvpn/trunk/openvpn.install)
openvpn/repos/testing-x86_64/sysusers.conf
(from rev 399568, openvpn/trunk/sysusers.conf)
openvpn/repos/testing-x86_64/tmpfiles.conf
(from rev 399568, openvpn/trunk/tmpfiles.conf)
Deleted:
openvpn/repos/testing-x86_64/0001-unprivileged.patch
openvpn/repos/testing-x86_64/PKGBUILD
openvpn/repos/testing-x86_64/openvpn.install
openvpn/repos/testing-x86_64/sysusers.conf
openvpn/repos/testing-x86_64/tmpfiles.conf
-------------------------+
0001-unprivileged.patch | 56 +++++++-------
PKGBUILD | 176 +++++++++++++++++++++++-----------------------
openvpn.install | 24 +++---
sysusers.conf | 2
tmpfiles.conf | 8 +-
5 files changed, 133 insertions(+), 133 deletions(-)
Deleted: 0001-unprivileged.patch
===================================================================
--- 0001-unprivileged.patch 2020-11-06 12:03:25 UTC (rev 399568)
+++ 0001-unprivileged.patch 2020-11-06 12:03:28 UTC (rev 399569)
@@ -1,28 +0,0 @@
-diff --git a/distro/systemd/openvpn-client at .service.in b/distro/systemd/openvpn-client at .service.in
-index cbcef653..71aa1335 100644
---- a/distro/systemd/openvpn-client at .service.in
-+++ b/distro/systemd/openvpn-client at .service.in
-@@ -11,6 +11,9 @@ Type=notify
- PrivateTmp=true
- WorkingDirectory=/etc/openvpn/client
- ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
-+User=openvpn
-+Group=network
-+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
- CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
- LimitNPROC=10
- DeviceAllow=/dev/null rw
-diff --git a/distro/systemd/openvpn-server at .service.in b/distro/systemd/openvpn-server at .service.in
-index d1cc72cb..691f369e 100644
---- a/distro/systemd/openvpn-server at .service.in
-+++ b/distro/systemd/openvpn-server at .service.in
-@@ -11,6 +11,9 @@ Type=notify
- PrivateTmp=true
- WorkingDirectory=/etc/openvpn/server
- ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
-+User=openvpn
-+Group=network
-+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
- CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
- LimitNPROC=10
- DeviceAllow=/dev/null rw
Copied: openvpn/repos/testing-x86_64/0001-unprivileged.patch (from rev 399568, openvpn/trunk/0001-unprivileged.patch)
===================================================================
--- 0001-unprivileged.patch (rev 0)
+++ 0001-unprivileged.patch 2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1,28 @@
+diff --git a/distro/systemd/openvpn-client at .service.in b/distro/systemd/openvpn-client at .service.in
+index cbcef653..71aa1335 100644
+--- a/distro/systemd/openvpn-client at .service.in
++++ b/distro/systemd/openvpn-client at .service.in
+@@ -11,6 +11,9 @@ Type=notify
+ PrivateTmp=true
+ WorkingDirectory=/etc/openvpn/client
+ ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
++User=openvpn
++Group=network
++AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw
+diff --git a/distro/systemd/openvpn-server at .service.in b/distro/systemd/openvpn-server at .service.in
+index d1cc72cb..691f369e 100644
+--- a/distro/systemd/openvpn-server at .service.in
++++ b/distro/systemd/openvpn-server at .service.in
+@@ -11,6 +11,9 @@ Type=notify
+ PrivateTmp=true
+ WorkingDirectory=/etc/openvpn/server
+ ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
++User=openvpn
++Group=network
++AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2020-11-06 12:03:25 UTC (rev 399568)
+++ PKGBUILD 2020-11-06 12:03:28 UTC (rev 399569)
@@ -1,88 +0,0 @@
-# Maintainer: Christian Hesse <mail at eworm.de>
-
-pkgname=openvpn
-_tag='8c3dc0551390e92bfd5b2dc83d7502e7095b7325' # git rev-parse v${pkgver}
-pkgver=2.5.0
-pkgrel=2
-pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
-arch=('x86_64')
-url='https://openvpn.net/index.php/open-source.html'
-license=('custom')
-depends=('openssl' 'lzo' 'lz4' 'systemd-libs' 'libsystemd.so' 'pkcs11-helper' 'libpkcs11-helper.so')
-optdepends=('easy-rsa: easy CA and certificate handling'
- 'pam: authenticate via PAM')
-makedepends=('git' 'systemd' 'python-docutils')
-install=openvpn.install
-validpgpkeys=('F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7' # OpenVPN - Security Mailing List <security at openvpn.net>
- 'B62E6A2B4E56570B7BDC6BE01D829EFECA562812') # Gert Doering <gert at v6.de>
-source=("git+https://github.com/OpenVPN/openvpn.git#tag=${_tag}?signed"
- '0001-unprivileged.patch'
- 'sysusers.conf'
- 'tmpfiles.conf')
-sha256sums=('SKIP'
- '8e7d292514f30729bc37d6681789b1bfdf87a992a3aa77e2a28b8da9cd8d4bfe'
- '3646b865ac67783fafc6652589cfe2a3105ecef06f3907f33de5135815f6a621'
- 'b1436f953a4f1be7083711d11928a9924993f940ff56ff92d288d6100df673fc')
-
-prepare() {
- cd "${srcdir}"/${pkgname}
-
- # https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19302.html
- sed -i '/^CONFIGURE_DEFINES=/s/set/env/g' configure.ac
-
- # start with unprivileged user and keep granted privileges
- patch -Np1 < ../0001-unprivileged.patch
-
- autoreconf --force --install
-}
-
-build() {
- mkdir "${srcdir}"/build
- cd "${srcdir}"/build
-
- "${srcdir}"/openvpn/configure \
- --prefix=/usr \
- --sbindir=/usr/bin \
- --enable-pkcs11 \
- --enable-plugins \
- --enable-systemd \
- --enable-x509-alt-username
- make
-}
-
-check() {
- cd "${srcdir}"/build
-
- make check
-}
-
-package() {
- cd "${srcdir}"/build
-
- # Install openvpn
- make DESTDIR="${pkgdir}" install
-
- # Install sysusers and tmpfiles files
- install -D -m0644 ../sysusers.conf "${pkgdir}"/usr/lib/sysusers.d/openvpn.conf
- install -D -m0644 ../tmpfiles.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
-
- # Install license
- install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
- ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
-
- cd "${srcdir}"/${pkgname}
-
- # Install examples
- install -d -m0755 "${pkgdir}"/usr/share/openvpn
- cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
-
- # Install contrib
- for FILE in $(find contrib -type f); do
- case "$(file --brief --mime-type --no-sandbox "${FILE}")" in
- "text/x-shellscript")
- install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
- *)
- install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
- esac
- done
-}
Copied: openvpn/repos/testing-x86_64/PKGBUILD (from rev 399568, openvpn/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1,88 @@
+# Maintainer: Christian Hesse <mail at eworm.de>
+
+pkgname=openvpn
+_tag='8c3dc0551390e92bfd5b2dc83d7502e7095b7325' # git rev-parse v${pkgver}
+pkgver=2.5.0
+pkgrel=3
+pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
+arch=('x86_64')
+url='https://openvpn.net/index.php/open-source.html'
+license=('custom')
+depends=('openssl' 'lzo' 'lz4' 'systemd-libs' 'libsystemd.so' 'pkcs11-helper' 'libpkcs11-helper.so')
+optdepends=('easy-rsa: easy CA and certificate handling'
+ 'pam: authenticate via PAM')
+makedepends=('git' 'systemd' 'python-docutils')
+install=openvpn.install
+validpgpkeys=('F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7' # OpenVPN - Security Mailing List <security at openvpn.net>
+ 'B62E6A2B4E56570B7BDC6BE01D829EFECA562812') # Gert Doering <gert at v6.de>
+source=("git+https://github.com/OpenVPN/openvpn.git#tag=${_tag}?signed"
+ '0001-unprivileged.patch'
+ 'sysusers.conf'
+ 'tmpfiles.conf')
+sha256sums=('SKIP'
+ '8e7d292514f30729bc37d6681789b1bfdf87a992a3aa77e2a28b8da9cd8d4bfe'
+ '3646b865ac67783fafc6652589cfe2a3105ecef06f3907f33de5135815f6a621'
+ 'b1436f953a4f1be7083711d11928a9924993f940ff56ff92d288d6100df673fc')
+
+prepare() {
+ cd "${srcdir}"/${pkgname}
+
+ # https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19302.html
+ sed -i '/^CONFIGURE_DEFINES=/s/set/env/g' configure.ac
+
+ # start with unprivileged user and keep granted privileges
+ patch -Np1 < ../0001-unprivileged.patch
+
+ autoreconf --force --install
+}
+
+build() {
+ mkdir "${srcdir}"/build
+ cd "${srcdir}"/build
+
+ "${srcdir}"/openvpn/configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --enable-pkcs11 \
+ --enable-plugins \
+ --enable-systemd \
+ --enable-x509-alt-username
+ make
+}
+
+check() {
+ cd "${srcdir}"/build
+
+ make check
+}
+
+package() {
+ cd "${srcdir}"/build
+
+ # Install openvpn
+ make DESTDIR="${pkgdir}" install
+
+ # Install sysusers and tmpfiles files
+ install -D -m0644 ../sysusers.conf "${pkgdir}"/usr/lib/sysusers.d/openvpn.conf
+ install -D -m0644 ../tmpfiles.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
+
+ # Install license
+ install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
+ ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
+
+ cd "${srcdir}"/${pkgname}
+
+ # Install examples
+ install -d -m0755 "${pkgdir}"/usr/share/openvpn
+ cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
+
+ # Install contrib
+ for FILE in $(find contrib -type f); do
+ case "$(file --brief --mime-type --no-sandbox "${FILE}")" in
+ "text/x-shellscript")
+ install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ *)
+ install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+ esac
+ done
+}
Deleted: openvpn.install
===================================================================
--- openvpn.install 2020-11-06 12:03:25 UTC (rev 399568)
+++ openvpn.install 2020-11-06 12:03:28 UTC (rev 399569)
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-post_upgrade() {
- # return if old package version greater 2.5.0-1...
- (( $(vercmp $2 '2.5.0-1') > 0 )) && return
-
- echo ':: OpenVPN now uses a netlink interface for network configuration. The systemd'
- echo " units start the process with a dedicated unprivileged user 'openvpn', with"
- echo ' extra capabilitiesi(7). The configuration should no longer drop privileges,'
- echo " so remove 'user' and 'group' directives."
- echo ' Scripts that require elevated privileges may need a workaround.'
-}
Copied: openvpn/repos/testing-x86_64/openvpn.install (from rev 399568, openvpn/trunk/openvpn.install)
===================================================================
--- openvpn.install (rev 0)
+++ openvpn.install 2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+post_upgrade() {
+ # return if old package version greater 2.5.0-1...
+ (( $(vercmp $2 '2.5.0-1') > 0 )) && return
+
+ echo ':: OpenVPN now uses a netlink interface for network configuration. The systemd'
+ echo " units start the process with a dedicated unprivileged user 'openvpn', with"
+ echo ' extra capabilities(7). The configuration should no longer drop privileges,'
+ echo " so remove 'user' and 'group' directives."
+ echo ' Scripts that require elevated privileges may need a workaround.'
+}
Deleted: sysusers.conf
===================================================================
--- sysusers.conf 2020-11-06 12:03:25 UTC (rev 399568)
+++ sysusers.conf 2020-11-06 12:03:28 UTC (rev 399569)
@@ -1 +0,0 @@
-u openvpn - "OpenVPN"
Copied: openvpn/repos/testing-x86_64/sysusers.conf (from rev 399568, openvpn/trunk/sysusers.conf)
===================================================================
--- sysusers.conf (rev 0)
+++ sysusers.conf 2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1 @@
+u openvpn - "OpenVPN"
Deleted: tmpfiles.conf
===================================================================
--- tmpfiles.conf 2020-11-06 12:03:25 UTC (rev 399568)
+++ tmpfiles.conf 2020-11-06 12:03:28 UTC (rev 399569)
@@ -1,4 +0,0 @@
-d /etc/openvpn/client 0750 openvpn network -
-d /etc/openvpn/server 0750 openvpn network -
-d /run/openvpn-client 0750 openvpn network -
-d /run/openvpn-server 0750 openvpn network -
Copied: openvpn/repos/testing-x86_64/tmpfiles.conf (from rev 399568, openvpn/trunk/tmpfiles.conf)
===================================================================
--- tmpfiles.conf (rev 0)
+++ tmpfiles.conf 2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1,4 @@
+d /etc/openvpn/client 0750 openvpn network -
+d /etc/openvpn/server 0750 openvpn network -
+d /run/openvpn-client 0750 openvpn network -
+d /run/openvpn-server 0750 openvpn network -
More information about the arch-commits
mailing list