[ocserv/f20] new upstream release
Nikos Mavrogiannopoulos
nmav at fedoraproject.org
Mon Jun 2 07:16:22 UTC 2014
commit d704a085e168151b8dd6d9d34b154d9d387c1456
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Mon May 26 13:06:37 2014 +0200
new upstream release
.gitignore | 2 ++
ocserv.conf | 44 +++++++++++++++++++++++++++++++++++++++-----
ocserv.spec | 10 ++++++++--
sources | 3 ++-
4 files changed, 51 insertions(+), 8 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index ba9312a..26820b3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@
/ocserv-0.3.3.tar.xz
/ocserv-0.3.4.tar.xz
/ocserv-0.3.5.tar.xz
+/ocserv-0.8.0pre0.tar.xz
+/ocserv-0.8.0pre0.tar.xz.sig
diff --git a/ocserv.conf b/ocserv.conf
index 0e638e5..b87ba46 100644
--- a/ocserv.conf
+++ b/ocserv.conf
@@ -5,6 +5,10 @@
#auth = "plain[./sample.passwd]"
auth = "pam"
+# The gid-min option is used by auto-select-group option, in order to
+# select the minimum group ID.
+#auth = "pam[gid-min=1000]"
+
# The plain option requires specifying a password file which contains
# entries of the following format.
# "username:groupname:encoded-password"
@@ -128,7 +132,7 @@ auth-timeout = 40
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. This option sets the maximum lifetime
# of that cookie.
-cookie-validity = 86400
+cookie-validity = 10800
# ReKey time (in seconds)
# ocserv will ask the client to refresh keys periodically once
@@ -156,10 +160,13 @@ rekey-method = ssl
# UTMP
use-utmp = true
-# D-BUS usage. If disabled occtl tool cannot be used. If enabled
-# then ocserv must have access to register org.infradead.ocserv
-# D-BUS service. See doc/dbus/org.infradead.ocserv.conf
-use-dbus = true
+# Whether to enable support for the occtl tool (i.e., either through D-BUS,
+# or via a unix socket).
+use-occtl = true
+
+# socket file used for IPC with occtl. You only need to set that,
+# if you use more than a single servers.
+#occtl-socket-file = /var/run/occtl.socket
# PID file. It can be overriden in the command line.
#pid-file = /var/run/ocserv.pid
@@ -194,6 +201,10 @@ run-as-group = ocserv
# The name of the tun device
device = vpns
+# Whether the generated IPs will be predictable, i.e., IP stays the
+# same for the same user when possible.
+predictable-ips = true
+
# The default domain to be advertised
default-domain = example.com
@@ -258,6 +269,29 @@ route = 192.168.1.0/255.255.255.0
#config-per-user = /etc/ocserv/config-per-user/
#config-per-group = /etc/ocserv/config-per-group/
+# When config-per-xxx is specified and there is no group or user that
+# matches, then utilize the following configuration.
+
+#default-user-config = /etc/ocserv/defaults/user.conf
+#default-group-config = /etc/ocserv/defaults/group.conf
+
+# Groups that a client is allowed to select from.
+# A client may belong in multiple groups, and in certain use-cases
+# it is needed to switch between them. For these cases the client can
+# select prior to authentication. Add multiple entries for multiple groups.
+#select-group = group1
+#select-group = group2[My group 2]
+#select-group = tost[The tost group]
+
+# The name of the group that if selected it would allow to use
+# the assigned by default group.
+default-select-group = DEFAULT
+
+# Instead of specifying manually all the allowed groups, you may instruct
+# ocserv to scan all available groups and include the full list. That
+# option is only functional on plain authentication.
+auto-select-group = true
+
# The system command to use to setup a route. %R will be replaced with the
# route/mask and %D with the (tun) device.
#
diff --git a/ocserv.spec b/ocserv.spec
index 79094fe..87a96ca 100644
--- a/ocserv.spec
+++ b/ocserv.spec
@@ -1,5 +1,5 @@
Name: ocserv
-Version: 0.3.5
+Version: 0.8.0pre0
Release: 1%{?dist}
Summary: OpenConnect SSL VPN server
@@ -13,6 +13,7 @@ Source2: ocserv.service
Source3: ocserv-pamd.conf
Source4: PACKAGE-LICENSING
Source5: org.infradead.ocserv.conf
+Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig
# Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
@@ -26,13 +27,15 @@ BuildRequires: autogen-libopts-devel
BuildRequires: protobuf-c-devel
BuildRequires: libnl3-devel
BuildRequires: readline-devel
-BuildRequires: dbus-devel
BuildRequires: autogen
BuildRequires: pcllib-devel
BuildRequires: http-parser-devel
BuildRequires: tcp_wrappers-devel
BuildRequires: automake, autoconf
+# we don't build with dbus support
+#BuildRequires: dbus-devel
+
Requires: gnutls-utils
Requires: iproute
Requires: pam
@@ -158,6 +161,9 @@ rm -rf %{buildroot}
%{_localstatedir}/lib/ocserv/profile.xml
%changelog
+* Mon May 26 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.8.0pre0-1
+- New upstream release
+
* Fri May 09 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.3.5-1
- New upstream release
diff --git a/sources b/sources
index f768ad7..d20aea7 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
-7ba8ebe4eba08b6e1c9dabbc78da16e5 ocserv-0.3.5.tar.xz
+de476b85be78be000f33c912a076657a ocserv-0.8.0pre0.tar.xz
+0f2c49c121883cd189f28126d8ff718f ocserv-0.8.0pre0.tar.xz.sig
More information about the scm-commits
mailing list