[openvpn/el6] 2.3.1.2.3.1.2.3.1.
Jon Ciesla
limb at fedoraproject.org
Mon May 6 18:33:55 UTC 2013
commit eb08c86e472970fd347a731b3071876a821c2212
Author: Jon Ciesla <limburgher at gmail.com>
Date: Mon May 6 13:29:41 2013 -0500
2.3.1.2.3.1.2.3.1.
openvpn.init | 263 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openvpn.spec | 75 +++++++++--------
2 files changed, 303 insertions(+), 35 deletions(-)
---
diff --git a/openvpn.init b/openvpn.init
new file mode 100644
index 0000000..a21bf57
--- /dev/null
+++ b/openvpn.init
@@ -0,0 +1,263 @@
+#!/bin/sh
+#
+# openvpn This shell script takes care of starting and stopping
+# openvpn on RedHat or other chkconfig-based system.
+#
+# chkconfig: - 24 76
+#
+# processname: openvpn
+# description: OpenVPN is a robust and highly flexible tunneling \
+# application that uses all of the encryption, \
+# authentication, and certification features of the OpenSSL \
+# library to securely tunnel IP networks over a single UDP \
+# port.
+
+# Contributed to the OpenVPN project by
+### BEGIN INIT INFO
+# Provides: openvpn
+# Required-Start: $network
+# Required-Stop: $network
+# Short-Description: start and stop openvpn
+# Description: OpenVPN is a robust and highly flexible tunneling \
+# application that uses all of the encryption, \
+# authentication, and certification features of the OpenSSL \
+# library to securely tunnel IP networks over a single UDP \
+# port.
+### END INIT INFO
+
+
+# Douglas Keller <doug at voidstar.dyndns.org>
+# 2002.05.15
+
+# To install:
+# copy this file to /etc/rc.d/init.d/openvpn
+# shell> chkconfig --add openvpn
+# shell> mkdir /etc/openvpn
+# make .conf or .sh files in /etc/openvpn (see below)
+
+# To uninstall:
+# run: chkconfig --del openvpn
+
+# Author's Notes:
+#
+# I have created an /etc/init.d init script and enhanced openvpn.spec to
+# automatically register the init script. Once the RPM is installed you
+# can start and stop OpenVPN with "service openvpn start" and "service
+# openvpn stop".
+#
+# The init script does the following:
+#
+# - Starts an openvpn process for each .conf file it finds in
+# /etc/openvpn.
+#
+# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
+# it before starting openvpn (useful for doing openvpn --mktun...).
+#
+# - In addition to start/stop you can do:
+#
+# service openvpn reload - SIGHUP
+# service openvpn reopen - SIGUSR1
+# service openvpn status - SIGUSR2
+#
+# Modifications:
+#
+# 2003.05.02
+# * Changed == to = for sh compliance (Bishop Clark).
+# * If condrestart|reload|reopen|status, check that we were
+# actually started (James Yonan).
+# * Added lock, piddir, and work variables (James Yonan).
+# * If start is attempted twice, without an intervening stop, or
+# if start is attempted when previous start was not properly
+# shut down, then kill any previously started processes, before
+# commencing new start operation (James Yonan).
+# * Do a better job of flagging errors on start, and properly
+# returning success or failure status to caller (James Yonan).
+#
+# 2005.04.04
+# * Added openvpn-startup and openvpn-shutdown script calls
+# (James Yonan).
+#
+
+# Location of openvpn binary
+openvpn=""
+openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn"
+for location in $openvpn_locations
+do
+ if [ -f "$location" ]
+ then
+ openvpn=$location
+ fi
+done
+
+# Lockfile
+lock="/var/lock/subsys/openvpn"
+
+# PID directory
+piddir="/var/run/openvpn"
+
+# Our working directory
+work=/etc/openvpn
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+if [ ${NETWORKING} = "no" ]
+then
+ echo "Networking is down"
+ exit 0
+fi
+
+# Check that binary exists
+if ! [ -f $openvpn ]
+then
+ echo "openvpn binary not found"
+ exit 0
+fi
+
+# See how we were called.
+case "$1" in
+ start)
+ echo -n $"Starting openvpn: "
+
+ /sbin/modprobe tun >/dev/null 2>&1
+
+ # From a security perspective, I think it makes
+ # sense to remove this, and have users who need
+ # it explictly enable in their --up scripts or
+ # firewall setups.
+
+ #echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # Run startup script, if defined
+ if [ -f $work/openvpn-startup ]; then
+ $work/openvpn-startup
+ fi
+
+ if [ ! -d $piddir ]; then
+ mkdir $piddir
+ fi
+
+ if [ -f $lock ]; then
+ # we were not shut down correctly
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill `cat $pidf` >/dev/null 2>&1
+ fi
+ rm -f $pidf
+ done
+ rm -f $lock
+ sleep 2
+ fi
+
+ rm -f $piddir/*.pid
+ cd $work
+
+ # Start every .conf in $work and run .sh if exists
+ errors=0
+ successes=0
+ for c in `/bin/ls *.conf 2>/dev/null`; do
+ bn=${c%%.conf}
+ if [ -f "$bn.sh" ]; then
+ . ./$bn.sh
+ fi
+ rm -f $piddir/$bn.pid
+ # Handle backward compatibility, see Red Hat Bugzilla ID #458594
+ script_security=''
+ if [ -z "$( grep '^[[:space:]]*script-security[[:space:]]' $c )" ]; then
+ script_security="--script-security 2"
+ fi
+ $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work $script_security
+ if [ $? = 0 ]; then
+ successes=1
+ else
+ errors=1
+ fi
+ done
+
+ if [ $errors = 1 ]; then
+ failure; echo
+ else
+ success; echo
+ fi
+
+ if [ $successes = 1 ]; then
+ touch $lock
+ fi
+ ;;
+ stop)
+ echo -n $"Shutting down openvpn: "
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill `cat $pidf` >/dev/null 2>&1
+ fi
+ rm -f $pidf
+ done
+
+ # Run shutdown script, if defined
+ if [ -f $work/openvpn-shutdown ]; then
+ $work/openvpn-shutdown
+ fi
+
+ success; echo
+ rm -f $lock
+ ;;
+ restart)
+ $0 stop
+ sleep 2
+ $0 start
+ ;;
+ reload)
+ if [ -f $lock ]; then
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill -HUP `cat $pidf` >/dev/null 2>&1
+ fi
+ done
+ else
+ echo "openvpn: service not started"
+ exit 1
+ fi
+ ;;
+ reopen)
+ if [ -f $lock ]; then
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill -USR1 `cat $pidf` >/dev/null 2>&1
+ fi
+ done
+ else
+ echo "openvpn: service not started"
+ exit 1
+ fi
+ ;;
+ condrestart)
+ if [ -f $lock ]; then
+ $0 stop
+ # avoid race
+ sleep 2
+ $0 start
+ fi
+ ;;
+ status)
+ if [ -f $lock ]; then
+ for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
+ if [ -s $pidf ]; then
+ kill -USR2 `cat $pidf` >/dev/null 2>&1
+ fi
+ done
+ echo "Status written to /var/log/messages"
+ else
+ echo "openvpn: service not started"
+ exit 1
+ fi
+ ;;
+ *)
+ echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"
+ exit 1
+ ;;
+esac
+exit 0
diff --git a/openvpn.spec b/openvpn.spec
index e797917..d007402 100644
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -3,7 +3,7 @@
%define plugins down-root auth-pam
Name: openvpn
-Version: 2.2.2
+Version: 2.3.1
Release: 1%{?prerelease:.%{prerelease}}%{?dist}
Summary: A full-featured SSL VPN solution
URL: http://openvpn.net/
@@ -15,11 +15,12 @@ Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease
# Sample 2.0 config files
Source2: roadwarrior-server.conf
Source3: roadwarrior-client.conf
+Source4: openvpn.init
# Don't start openvpn by default.
-Patch0: openvpn-init.patch
-Patch1: openvpn-script-security.patch
-Patch2: openvpn-2.1.1-init.patch
-Patch3: openvpn-2.1.1-initinfo.patch
+#Patch0: openvpn-init.patch
+#Patch1: openvpn-script-security.patch
+#Patch2: openvpn-2.1.1-init.patch
+#Patch3: openvpn-2.1.1-initinfo.patch
License: GPLv2
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un)
@@ -54,16 +55,16 @@ for compression.
%prep
%setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}}
-%patch0 -p0
-%patch1 -p1
-%patch2 -p0
-%patch3 -p0
+#%patch0 -p0
+#%patch1 -p1
+#%patch2 -p0
+#%patch3 -p0
-sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8
+#sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8
# %%doc items shouldn't be executable.
-find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \
- -exec chmod a-x {} \;
+#find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \
+# -exec chmod a-x {} \;
%build
# --enable-pthread Enable pthread support (Experimental for OpenVPN 2.0)
@@ -84,30 +85,31 @@ find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \
# Build plugins
for plugin in %{plugins} ; do
- %{__make} -C plugin/$plugin
+ %{__make} -C src/plugins/$plugin
done
%check
# Test Crypto:
-./openvpn --genkey --secret key
-./openvpn --test-crypto --secret key
+./src/openvpn/openvpn --genkey --secret key
+./src/openvpn/openvpn --test-crypto --secret key
# Randomize ports for tests to avoid conflicts on the build servers.
cport=$[ 50000 + ($RANDOM % 15534) ]
sport=$[ $cport + 1 ]
sed -e 's/^\(rport\) .*$/\1 '$sport'/' \
-e 's/^\(lport\) .*$/\1 '$cport'/' \
- < sample-config-files/loopback-client \
+ < sample/sample-config-files/loopback-client \
> %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client
sed -e 's/^\(rport\) .*$/\1 '$cport'/' \
-e 's/^\(lport\) .*$/\1 '$sport'/' \
- < sample-config-files/loopback-server \
+ < sample/sample-config-files/loopback-server \
> %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
+pushd sample
# Test SSL/TLS negotiations (runs for 2 minutes):
-./openvpn --config \
+../src/openvpn/openvpn --config \
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client &
-./openvpn --config \
+../src/openvpn/openvpn --config \
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
wait
@@ -117,23 +119,23 @@ rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \
%install
rm -rf $RPM_BUILD_ROOT
-install -D -m 0644 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8
-install -D -m 0755 %{name} $RPM_BUILD_ROOT%{_sbindir}/%{name}
-install -D -m 0755 sample-scripts/%{name}.init \
+#install -D -m 0644 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8
+install -D -m 0755 src/openvpn/%{name} $RPM_BUILD_ROOT%{_sbindir}/%{name}
+install -D -m 0755 %{SOURCE4} \
$RPM_BUILD_ROOT%{_initrddir}/%{name}
install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}
-cp -pR easy-rsa $RPM_BUILD_ROOT%{_datadir}/%{name}/
-rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows
-cp %{SOURCE2} %{SOURCE3} sample-config-files/
+#cp -pR easy-rsa $RPM_BUILD_ROOT%{_datadir}/%{name}/
+#rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows
+cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/
-mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib
-for plugin in %{plugins} ; do
- install -m 0755 plugin/$plugin/openvpn-$plugin.so \
- $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib/openvpn-$plugin.so
- cp plugin/$plugin/README plugin/$plugin.txt
-done
+#mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib
+#for plugin in %{plugins} ; do
+# install -m 0755 plugin/$plugin/openvpn-$plugin.so \
+# $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib/openvpn-$plugin.so
+# cp plugin/$plugin/README plugin/$plugin.txt
+#done
mkdir -m 755 -p $RPM_BUILD_ROOT%{_var}/run/%{name}
@@ -164,17 +166,20 @@ fi
%defattr(-,root,root,0755)
%doc AUTHORS COPYING COPYRIGHT.GPL INSTALL PORTS README
# Add NEWS when it isn't zero-length.
-%doc plugin/*.txt
-%doc contrib sample-config-files sample-keys sample-scripts
-%{_mandir}/man8/%{name}.8*
+%doc src/plugins/*/README.*
+%doc contrib sample
+#%{_mandir}/man8/%{name}.8*
%{_sbindir}/%{name}
%{_datadir}/%{name}/
-%{_libdir}/%{name}/
+#%{_libdir}/%{name}/
%{_initrddir}/%{name}
%{_var}/run/%{name}/
%config %dir %{_sysconfdir}/%{name}/
%changelog
+* Mon May 06 2013 Jon Ciesla <limburgher at gmail.com> 2.3.1-1
+- Update to 2.3.1
+
* Fri Aug 10 2012 Robert Scheck <robert at fedoraproject.org> 2.2.2-1
- Update to 2.2.2
More information about the scm-commits
mailing list