[arch-commits] Commit in openvpn/repos/testing-x86_64 (10 files)

Christian Hesse eworm at archlinux.org
Fri Nov 6 12:03:29 UTC 2020


    Date: Friday, November 6, 2020 @ 12:03:28
  Author: eworm
Revision: 399569

archrelease: copy trunk to testing-x86_64

Added:
  openvpn/repos/testing-x86_64/0001-unprivileged.patch
    (from rev 399568, openvpn/trunk/0001-unprivileged.patch)
  openvpn/repos/testing-x86_64/PKGBUILD
    (from rev 399568, openvpn/trunk/PKGBUILD)
  openvpn/repos/testing-x86_64/openvpn.install
    (from rev 399568, openvpn/trunk/openvpn.install)
  openvpn/repos/testing-x86_64/sysusers.conf
    (from rev 399568, openvpn/trunk/sysusers.conf)
  openvpn/repos/testing-x86_64/tmpfiles.conf
    (from rev 399568, openvpn/trunk/tmpfiles.conf)
Deleted:
  openvpn/repos/testing-x86_64/0001-unprivileged.patch
  openvpn/repos/testing-x86_64/PKGBUILD
  openvpn/repos/testing-x86_64/openvpn.install
  openvpn/repos/testing-x86_64/sysusers.conf
  openvpn/repos/testing-x86_64/tmpfiles.conf

-------------------------+
 0001-unprivileged.patch |   56 +++++++-------
 PKGBUILD                |  176 +++++++++++++++++++++++-----------------------
 openvpn.install         |   24 +++---
 sysusers.conf           |    2 
 tmpfiles.conf           |    8 +-
 5 files changed, 133 insertions(+), 133 deletions(-)

Deleted: 0001-unprivileged.patch
===================================================================
--- 0001-unprivileged.patch	2020-11-06 12:03:25 UTC (rev 399568)
+++ 0001-unprivileged.patch	2020-11-06 12:03:28 UTC (rev 399569)
@@ -1,28 +0,0 @@
-diff --git a/distro/systemd/openvpn-client at .service.in b/distro/systemd/openvpn-client at .service.in
-index cbcef653..71aa1335 100644
---- a/distro/systemd/openvpn-client at .service.in
-+++ b/distro/systemd/openvpn-client at .service.in
-@@ -11,6 +11,9 @@ Type=notify
- PrivateTmp=true
- WorkingDirectory=/etc/openvpn/client
- ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
-+User=openvpn
-+Group=network
-+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
- CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
- LimitNPROC=10
- DeviceAllow=/dev/null rw
-diff --git a/distro/systemd/openvpn-server at .service.in b/distro/systemd/openvpn-server at .service.in
-index d1cc72cb..691f369e 100644
---- a/distro/systemd/openvpn-server at .service.in
-+++ b/distro/systemd/openvpn-server at .service.in
-@@ -11,6 +11,9 @@ Type=notify
- PrivateTmp=true
- WorkingDirectory=/etc/openvpn/server
- ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
-+User=openvpn
-+Group=network
-+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
- CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
- LimitNPROC=10
- DeviceAllow=/dev/null rw

Copied: openvpn/repos/testing-x86_64/0001-unprivileged.patch (from rev 399568, openvpn/trunk/0001-unprivileged.patch)
===================================================================
--- 0001-unprivileged.patch	                        (rev 0)
+++ 0001-unprivileged.patch	2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1,28 @@
+diff --git a/distro/systemd/openvpn-client at .service.in b/distro/systemd/openvpn-client at .service.in
+index cbcef653..71aa1335 100644
+--- a/distro/systemd/openvpn-client at .service.in
++++ b/distro/systemd/openvpn-client at .service.in
+@@ -11,6 +11,9 @@ Type=notify
+ PrivateTmp=true
+ WorkingDirectory=/etc/openvpn/client
+ ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
++User=openvpn
++Group=network
++AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw
+diff --git a/distro/systemd/openvpn-server at .service.in b/distro/systemd/openvpn-server at .service.in
+index d1cc72cb..691f369e 100644
+--- a/distro/systemd/openvpn-server at .service.in
++++ b/distro/systemd/openvpn-server at .service.in
+@@ -11,6 +11,9 @@ Type=notify
+ PrivateTmp=true
+ WorkingDirectory=/etc/openvpn/server
+ ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
++User=openvpn
++Group=network
++AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2020-11-06 12:03:25 UTC (rev 399568)
+++ PKGBUILD	2020-11-06 12:03:28 UTC (rev 399569)
@@ -1,88 +0,0 @@
-# Maintainer: Christian Hesse <mail at eworm.de>
-
-pkgname=openvpn
-_tag='8c3dc0551390e92bfd5b2dc83d7502e7095b7325' # git rev-parse v${pkgver}
-pkgver=2.5.0
-pkgrel=2
-pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
-arch=('x86_64')
-url='https://openvpn.net/index.php/open-source.html'
-license=('custom')
-depends=('openssl' 'lzo' 'lz4' 'systemd-libs' 'libsystemd.so' 'pkcs11-helper' 'libpkcs11-helper.so')
-optdepends=('easy-rsa: easy CA and certificate handling'
-            'pam: authenticate via PAM')
-makedepends=('git' 'systemd' 'python-docutils')
-install=openvpn.install
-validpgpkeys=('F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7'  # OpenVPN - Security Mailing List <security at openvpn.net>
-              'B62E6A2B4E56570B7BDC6BE01D829EFECA562812') # Gert Doering <gert at v6.de>
-source=("git+https://github.com/OpenVPN/openvpn.git#tag=${_tag}?signed"
-        '0001-unprivileged.patch'
-        'sysusers.conf'
-        'tmpfiles.conf')
-sha256sums=('SKIP'
-            '8e7d292514f30729bc37d6681789b1bfdf87a992a3aa77e2a28b8da9cd8d4bfe'
-            '3646b865ac67783fafc6652589cfe2a3105ecef06f3907f33de5135815f6a621'
-            'b1436f953a4f1be7083711d11928a9924993f940ff56ff92d288d6100df673fc')
-
-prepare() {
-  cd "${srcdir}"/${pkgname}
-
-  # https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19302.html
-  sed -i '/^CONFIGURE_DEFINES=/s/set/env/g' configure.ac
-
-  # start with unprivileged user and keep granted privileges
-  patch -Np1 < ../0001-unprivileged.patch
-
-  autoreconf --force --install
-}
-
-build() {
-  mkdir "${srcdir}"/build
-  cd "${srcdir}"/build
-
-  "${srcdir}"/openvpn/configure \
-    --prefix=/usr \
-    --sbindir=/usr/bin \
-    --enable-pkcs11 \
-    --enable-plugins \
-    --enable-systemd \
-    --enable-x509-alt-username
-  make
-}
-
-check() {
-  cd "${srcdir}"/build
-
-  make check
-}
-
-package() {
-  cd "${srcdir}"/build
-
-  # Install openvpn
-  make DESTDIR="${pkgdir}" install
-
-  # Install sysusers and tmpfiles files
-  install -D -m0644 ../sysusers.conf "${pkgdir}"/usr/lib/sysusers.d/openvpn.conf
-  install -D -m0644 ../tmpfiles.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
-
-  # Install license
-  install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
-  ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
-
-  cd "${srcdir}"/${pkgname}
-
-  # Install examples
-  install -d -m0755 "${pkgdir}"/usr/share/openvpn
-  cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
-
-  # Install contrib
-  for FILE in $(find contrib -type f); do
-    case "$(file --brief --mime-type --no-sandbox "${FILE}")" in
-      "text/x-shellscript")
-        install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
-      *)
-        install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
-    esac
-  done
-}

Copied: openvpn/repos/testing-x86_64/PKGBUILD (from rev 399568, openvpn/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1,88 @@
+# Maintainer: Christian Hesse <mail at eworm.de>
+
+pkgname=openvpn
+_tag='8c3dc0551390e92bfd5b2dc83d7502e7095b7325' # git rev-parse v${pkgver}
+pkgver=2.5.0
+pkgrel=3
+pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)'
+arch=('x86_64')
+url='https://openvpn.net/index.php/open-source.html'
+license=('custom')
+depends=('openssl' 'lzo' 'lz4' 'systemd-libs' 'libsystemd.so' 'pkcs11-helper' 'libpkcs11-helper.so')
+optdepends=('easy-rsa: easy CA and certificate handling'
+            'pam: authenticate via PAM')
+makedepends=('git' 'systemd' 'python-docutils')
+install=openvpn.install
+validpgpkeys=('F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7'  # OpenVPN - Security Mailing List <security at openvpn.net>
+              'B62E6A2B4E56570B7BDC6BE01D829EFECA562812') # Gert Doering <gert at v6.de>
+source=("git+https://github.com/OpenVPN/openvpn.git#tag=${_tag}?signed"
+        '0001-unprivileged.patch'
+        'sysusers.conf'
+        'tmpfiles.conf')
+sha256sums=('SKIP'
+            '8e7d292514f30729bc37d6681789b1bfdf87a992a3aa77e2a28b8da9cd8d4bfe'
+            '3646b865ac67783fafc6652589cfe2a3105ecef06f3907f33de5135815f6a621'
+            'b1436f953a4f1be7083711d11928a9924993f940ff56ff92d288d6100df673fc')
+
+prepare() {
+  cd "${srcdir}"/${pkgname}
+
+  # https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19302.html
+  sed -i '/^CONFIGURE_DEFINES=/s/set/env/g' configure.ac
+
+  # start with unprivileged user and keep granted privileges
+  patch -Np1 < ../0001-unprivileged.patch
+
+  autoreconf --force --install
+}
+
+build() {
+  mkdir "${srcdir}"/build
+  cd "${srcdir}"/build
+
+  "${srcdir}"/openvpn/configure \
+    --prefix=/usr \
+    --sbindir=/usr/bin \
+    --enable-pkcs11 \
+    --enable-plugins \
+    --enable-systemd \
+    --enable-x509-alt-username
+  make
+}
+
+check() {
+  cd "${srcdir}"/build
+
+  make check
+}
+
+package() {
+  cd "${srcdir}"/build
+
+  # Install openvpn
+  make DESTDIR="${pkgdir}" install
+
+  # Install sysusers and tmpfiles files
+  install -D -m0644 ../sysusers.conf "${pkgdir}"/usr/lib/sysusers.d/openvpn.conf
+  install -D -m0644 ../tmpfiles.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
+
+  # Install license
+  install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
+  ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
+
+  cd "${srcdir}"/${pkgname}
+
+  # Install examples
+  install -d -m0755 "${pkgdir}"/usr/share/openvpn
+  cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
+
+  # Install contrib
+  for FILE in $(find contrib -type f); do
+    case "$(file --brief --mime-type --no-sandbox "${FILE}")" in
+      "text/x-shellscript")
+        install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+      *)
+        install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
+    esac
+  done
+}

Deleted: openvpn.install
===================================================================
--- openvpn.install	2020-11-06 12:03:25 UTC (rev 399568)
+++ openvpn.install	2020-11-06 12:03:28 UTC (rev 399569)
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-post_upgrade() {
-  # return if old package version greater 2.5.0-1...
-  (( $(vercmp $2 '2.5.0-1') > 0 )) && return
-
-  echo ':: OpenVPN now uses a netlink interface for network configuration. The systemd'
-  echo "   units start the process with a dedicated unprivileged user 'openvpn', with"
-  echo '   extra capabilitiesi(7). The configuration should no longer drop privileges,'
-  echo "   so remove 'user' and 'group' directives."
-  echo '   Scripts that require elevated privileges may need a workaround.'
-}

Copied: openvpn/repos/testing-x86_64/openvpn.install (from rev 399568, openvpn/trunk/openvpn.install)
===================================================================
--- openvpn.install	                        (rev 0)
+++ openvpn.install	2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+post_upgrade() {
+  # return if old package version greater 2.5.0-1...
+  (( $(vercmp $2 '2.5.0-1') > 0 )) && return
+
+  echo ':: OpenVPN now uses a netlink interface for network configuration. The systemd'
+  echo "   units start the process with a dedicated unprivileged user 'openvpn', with"
+  echo '   extra capabilities(7). The configuration should no longer drop privileges,'
+  echo "   so remove 'user' and 'group' directives."
+  echo '   Scripts that require elevated privileges may need a workaround.'
+}

Deleted: sysusers.conf
===================================================================
--- sysusers.conf	2020-11-06 12:03:25 UTC (rev 399568)
+++ sysusers.conf	2020-11-06 12:03:28 UTC (rev 399569)
@@ -1 +0,0 @@
-u openvpn - "OpenVPN"

Copied: openvpn/repos/testing-x86_64/sysusers.conf (from rev 399568, openvpn/trunk/sysusers.conf)
===================================================================
--- sysusers.conf	                        (rev 0)
+++ sysusers.conf	2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1 @@
+u openvpn - "OpenVPN"

Deleted: tmpfiles.conf
===================================================================
--- tmpfiles.conf	2020-11-06 12:03:25 UTC (rev 399568)
+++ tmpfiles.conf	2020-11-06 12:03:28 UTC (rev 399569)
@@ -1,4 +0,0 @@
-d /etc/openvpn/client 0750 openvpn network -
-d /etc/openvpn/server 0750 openvpn network -
-d /run/openvpn-client 0750 openvpn network -
-d /run/openvpn-server 0750 openvpn network -

Copied: openvpn/repos/testing-x86_64/tmpfiles.conf (from rev 399568, openvpn/trunk/tmpfiles.conf)
===================================================================
--- tmpfiles.conf	                        (rev 0)
+++ tmpfiles.conf	2020-11-06 12:03:28 UTC (rev 399569)
@@ -0,0 +1,4 @@
+d /etc/openvpn/client 0750 openvpn network -
+d /etc/openvpn/server 0750 openvpn network -
+d /run/openvpn-client 0750 openvpn network -
+d /run/openvpn-server 0750 openvpn network -



More information about the arch-commits mailing list