From 0b141f27c617fdff27dc4a3c06e558ad8ca204d564f4c543461b78e76dd243c6 Mon Sep 17 00:00:00 2001 From: Andreas Jaeger Date: Mon, 25 Mar 2013 15:08:09 +0000 Subject: [PATCH] Accepting request 159617 from home:posophe:branches:network:vpn Update and systemd support For a weird reason, adding entry in changes file is followed with a conflict in changes file... Can you add this for me ? Thanks you http://paste.opensuse.org/30892895 OBS-URL: https://build.opensuse.org/request/show/159617 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=52 --- ...SL_MODE_RELEASE_BUFFERS-if-available.patch | 31 --- openvpn-2.1-plugin-build.dif | 34 ---- openvpn-2.1-systemd-passwd.patch | 61 ------ openvpn-2.2.1-man-dot.diff | 18 -- openvpn-2.2.2.tar.gz | 3 - openvpn-2.2.2.tar.gz.asc | 7 - ...ugin-man.dif => openvpn-2.3-plugin-man.dif | 6 +- openvpn-2.3.0-man-dot.diff | 11 ++ openvpn-2.3.0.tar.gz | 3 + openvpn-2.3.0.tar.gz.asc | 7 + openvpn-tmpfile.conf | 1 + openvpn.keyring | 59 +++--- openvpn.service | 14 ++ openvpn.spec | 185 ++++++++---------- 14 files changed, 152 insertions(+), 288 deletions(-) delete mode 100644 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch delete mode 100644 openvpn-2.1-plugin-build.dif delete mode 100644 openvpn-2.1-systemd-passwd.patch delete mode 100644 openvpn-2.2.1-man-dot.diff delete mode 100644 openvpn-2.2.2.tar.gz delete mode 100644 openvpn-2.2.2.tar.gz.asc rename openvpn-2.1-plugin-man.dif => openvpn-2.3-plugin-man.dif (84%) create mode 100644 openvpn-2.3.0-man-dot.diff create mode 100644 openvpn-2.3.0.tar.gz create mode 100644 openvpn-2.3.0.tar.gz.asc create mode 100644 openvpn-tmpfile.conf create mode 100644 openvpn.service diff --git a/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch b/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch deleted file mode 100644 index 874f842..0000000 --- a/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch +++ /dev/null @@ -1,31 +0,0 @@ -From db33132094f4748ccc63aadbfa4b7446bb95b350 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= -Date: Sat, 20 Aug 2011 18:12:28 -0400 -Subject: [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - - -Signed-off-by: Cristian Rodríguez ---- - ssl.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/ssl.c b/ssl.c -index ea7b204..459e66c 100644 ---- a/ssl.c -+++ b/ssl.c -@@ -2073,6 +2073,9 @@ init_ssl (const struct options *options) - } - - /* Set SSL options */ -+#ifdef SSL_MODE_RELEASE_BUFFERS -+ SSL_CTX_set_mode (ctx, SSL_MODE_RELEASE_BUFFERS); -+#endif - SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF); - SSL_CTX_set_options (ctx, SSL_OP_SINGLE_DH_USE); - --- -1.7.4.1 - diff --git a/openvpn-2.1-plugin-build.dif b/openvpn-2.1-plugin-build.dif deleted file mode 100644 index 979d850..0000000 --- a/openvpn-2.1-plugin-build.dif +++ /dev/null @@ -1,34 +0,0 @@ -Index: plugin/auth-pam/Makefile -=================================================================== ---- plugin/auth-pam/Makefile.orig -+++ plugin/auth-pam/Makefile -@@ -15,10 +15,10 @@ endif - # This directory is where we will look for openvpn-plugin.h - INCLUDE=-I../.. - --CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM) -+CC_FLAGS=$(CFLAGS) -DDLOPEN_PAM=$(DLOPEN_PAM) - - openvpn-auth-pam.so : auth-pam.o pamdl.o -- gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM) -+ gcc ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM) - - auth-pam.o : auth-pam.c pamdl.h - gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} auth-pam.c -Index: plugin/down-root/Makefile -=================================================================== ---- plugin/down-root/Makefile.orig -+++ plugin/down-root/Makefile -@@ -5,10 +5,10 @@ - # This directory is where we will look for openvpn-plugin.h - INCLUDE=-I../.. - --CC_FLAGS=-O2 -Wall -+CC_FLAGS=${CFLAGS} - - down-root.so : down-root.o -- gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc -+ gcc ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc - - down-root.o : down-root.c - gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} down-root.c diff --git a/openvpn-2.1-systemd-passwd.patch b/openvpn-2.1-systemd-passwd.patch deleted file mode 100644 index cca599a..0000000 --- a/openvpn-2.1-systemd-passwd.patch +++ /dev/null @@ -1,61 +0,0 @@ -Index: openvpn-2.2.1/misc.c -=================================================================== ---- openvpn-2.2.1.orig/misc.c -+++ openvpn-2.2.1/misc.c -@@ -1333,26 +1333,49 @@ get_console_input (const char *prompt, c - ASSERT (input); - ASSERT (capacity > 0); - input[0] = '\0'; -+ bool is_systemd_running; -+ struct stat a, b; -+ -+ /* We simply test whether the systemd cgroup hierarchy is -+ * mounted */ -+ -+ is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0) -+ && (lstat("/sys/fs/cgroup/systemd", &b) == 0) -+ && (a.st_dev != b.st_dev); - - #if defined(WIN32) - return get_console_input_win32 (prompt, echo, input, capacity); - #elif defined(HAVE_GETPASS) -- if (echo) -+ if (echo || is_systemd_running) - { - FILE *fp; - -- fp = open_tty (true); -- fprintf (fp, "%s", prompt); -- fflush (fp); -- close_tty (fp); -+ if (is_systemd_running) -+ { -+ char *cmd; -+ -+ asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt); -+ fp = popen (cmd, "re"); -+ free (cmd); -+ } -+ else -+ { -+ fp = open_tty (true); -+ fprintf (fp, "%s", prompt); -+ fflush (fp); -+ close_tty (fp); - -- fp = open_tty (false); -+ fp = open_tty (false); -+ } - if (fgets (input, capacity, fp) != NULL) - { - chomp (input); - ret = true; - } -- close_tty (fp); -+ if (is_systemd_running) -+ fclose (fp); -+ else -+ close_tty (fp); - } - else - { diff --git a/openvpn-2.2.1-man-dot.diff b/openvpn-2.2.1-man-dot.diff deleted file mode 100644 index 9901c6c..0000000 --- a/openvpn-2.2.1-man-dot.diff +++ /dev/null @@ -1,18 +0,0 @@ ---- openvpn.8 -+++ openvpn.8 2011/08/29 18:26:40 -@@ -21,13 +21,13 @@ - .\" 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - .\" - .\" Manual page for openvpn --.\ -+.\" - .\" SH section heading - .\" SS subsection heading - .\" LP paragraph - .\" IP indented paragraph - .\" TP hanging label --.\ -+.\" - .\" .nf -- no formatting - .\" .fi -- resume formatting - .\" .ft 3 -- boldface diff --git a/openvpn-2.2.2.tar.gz b/openvpn-2.2.2.tar.gz deleted file mode 100644 index 671d329..0000000 --- a/openvpn-2.2.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:54ca8b260e2ea3b26e84c2282ccb5f8cb149edcfd424b686d5fb22b8dbbeac00 -size 911158 diff --git a/openvpn-2.2.2.tar.gz.asc b/openvpn-2.2.2.tar.gz.asc deleted file mode 100644 index a3c4cd6..0000000 --- a/openvpn-2.2.2.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAk7x3a0ACgkQHQtJlh+/UfNoTwCgqozpPBOdBQhT+P0/ITdFcR0h -qLQAn3vtza2SRKG2Li2hl7I7vAkHFw1q -=OsX4 ------END PGP SIGNATURE----- diff --git a/openvpn-2.1-plugin-man.dif b/openvpn-2.3-plugin-man.dif similarity index 84% rename from openvpn-2.1-plugin-man.dif rename to openvpn-2.3-plugin-man.dif index 677cdab..56f9fdc 100644 --- a/openvpn-2.1-plugin-man.dif +++ b/openvpn-2.3-plugin-man.dif @@ -1,8 +1,8 @@ Index: openvpn.8 =================================================================== ---- openvpn.8.orig -+++ openvpn.8 -@@ -2389,11 +2389,10 @@ plug-in modules, see the README file in +--- doc/openvpn.8.orig ++++ doc/openvpn.8 +@@ -2563,11 +2563,10 @@ folder of the OpenVPN source distribution. If you are using an RPM install of OpenVPN, see diff --git a/openvpn-2.3.0-man-dot.diff b/openvpn-2.3.0-man-dot.diff new file mode 100644 index 0000000..234b988 --- /dev/null +++ b/openvpn-2.3.0-man-dot.diff @@ -0,0 +1,11 @@ +--- doc/openvpn.8 ++++ doc/openvpn.8 +@@ -21,7 +21,7 @@ + .\" 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + .\" + .\" Manual page for openvpn +-.\ ++.\" + .\" SH section heading + .\" SS subsection heading + .\" LP paragraph diff --git a/openvpn-2.3.0.tar.gz b/openvpn-2.3.0.tar.gz new file mode 100644 index 0000000..078db3c --- /dev/null +++ b/openvpn-2.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4602a8d0f66dfa6ac10b7abfeba35260d7d4c570948f6eba5f8216ffa3a2c490 +size 1130659 diff --git a/openvpn-2.3.0.tar.gz.asc b/openvpn-2.3.0.tar.gz.asc new file mode 100644 index 0000000..5292ef4 --- /dev/null +++ b/openvpn-2.3.0.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEABECAAYFAlDsEP0ACgkQwp2X7RmNIqOWzgCgjV8zuTIeQyf9akjPC9zmD0Lb +x0wAoJJvA2HdPqrbUELnP9I8ulh4R+o9 +=F+0q +-----END PGP SIGNATURE----- diff --git a/openvpn-tmpfile.conf b/openvpn-tmpfile.conf new file mode 100644 index 0000000..9b9cb2d --- /dev/null +++ b/openvpn-tmpfile.conf @@ -0,0 +1 @@ +D /var/run/openvpn 0710 root openvpn - diff --git a/openvpn.keyring b/openvpn.keyring index 0edab56..95bd279 100644 --- a/openvpn.keyring +++ b/openvpn.keyring @@ -1,33 +1,30 @@ -pub 1024D/1FBF51F3 2003-11-20 -uid James Yonan -sub 2048g/4B9741E3 2003-11-20 - -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.19 (GNU/Linux) +Version: GnuPG v1.4.9 (GNU/Linux) -mQGiBD+9OaARBAC41lHwut4og8RL+QvChit93Yg8JloaZzqvKQHMKvcb14OY27QB -00oEtwxotBRkvJHy/cR4feK9Itje556FbzC7ODesYtjZh1V81B2ep4tfwRQSPqZT -xy2jwzW5SwReBuIPxBOFts+OeeLQuKFU/VSItU9abA51cvKEvaV0CZx6ZwCg/h70 -OgABmkCl8u+nHK2EHMSjZAUD/RP1jLNub1wlg2vJvfty+Nu7PoDJxSG7LzsSFC6W -a5KiryIMvokp3cZQ7EnTG1Jc5y5tsZrRfTa7QLcooQrYivWSCSldkAowEh/tUGwb -CurQZtDAmmuqLJAG+zDh6qFINHPnkVZBMuN+Lhkg0gqo+Mgsjn0ZzuGgQYb2b3wn -pXckBACZE6EJSnICN/Cn5657of5znOwixZUdl4Pvsv7X5LuUJ0SeUtfSjNfUFu0b -j/s0BXpQ/Y933rS+m0axbiElRNHzwtBb4W+TzwLvkwHw5WrIw5tcZXcZpos1NkhW -lUDKLQ63WMqg5SBpilo3/wFU4+ngvPMcfbL1vgMYuuWfSPRt5LQbSmFtZXMgWW9u -YW4gPGppbUB5b25hbi5uZXQ+iF4EExECAB4FAj+9OaACGwMGCwkIBwMCAxUCAwMW -AgECHgECF4AACgkQHQtJlh+/UfMaFgCeOIDuybiePnFpYbm7faiqT34NvzYAoLjO -ob+WiwJECbjpV62fmItBsYI9uQINBD+9OcAQCAC4wi4knBzA3bGbb2XSnZcIt+Tf -9JGXoG7+cpLT6wGZqzaAHNdgiZZf5Gdod9ud3CcLwrc1WXJljZXBhnpNNypen6O9 -uGCb9OXKO7PuYV014D0pKv96rYtgPNE7MUO101lDt7bE8Zmw+HmOpyf6TnIg8GWw -3Vj8n0HfGvsx/WW2PZ1tXxUFAbsVIU/W5EJlCAhJbaZZCBj+P0QJFGuP41E7V0iO -2UMGRbzoQrwmGQopjVrzXcWAr5NvKKd8HL4ESkp8xdZrhCukNIBE9EEt6H+EvPut -KdvpH2fIUTyEeZY4zDtm0ZS0zGZBET9SdcX/+sAuseiojPKd/D67oMG5FcF7AAMG -CACfOcVjPcqYAhkGo6HNrpU7HMuaxy3Tuy5HI+4kU/POlLlm2AsfmHr4BtRCFMBt -uNxybJwMMew1o1E4H4RvTEfPpVS0WW2lkOcpet429xf4oX1HL2nvlLmOAaMKgLhL -ZxPPTCzmjyIVIeRF8BC+VQYh346v/LocO2obbD0chO0mApVgxVhO4E0vlu0Rdmsp -d7+mCuani1wS9n0lgYVnHYdxRPL/AWj11KDgKm2LjoJt0WHHyEHGMjJTUB0JhM2a -EfWkimDELeAb3pjdVEtmW6aF+q8sd6tn+mM0Z2I+6kwiMsdoWzjosuvXPzFsvkWq -0QY2wWyYYsNaXscfjKnjBUcpiEkEGBECAAkFAj+9OcACGwwACgkQHQtJlh+/UfOR -TACgpg5MZJMgULtP31swTRmPGZ3driAAniP+Xg3U2KxAiS9Mxf0BOen8FgW5 -=eZlZ ------END PGP PUBLIC KEY BLOCK----- +mQGiBEsHuu4RBACnPwEKcLYmlwe8v2e8xizlO1fCeqOA7zj6tU/T/1+YTJhrVbgW +PiRYSNKAmAq0uLFLQ14KpIDsrtdi5ySeUTf64kJtDrBa2si6h0HUyNHf9EX6rUVC +g/CTpsfYEkqlfMoBH7w7L5O2yidwWA+F4RGWhruzP7i1z+bBsIguSxiBzwCg5qPh +pgkFGeWArp/OUBHkaqmPZ00D/08dmkrez9d7C/PoR/cFq0nQBqL3zmsRxv66I6fM +TUqwaRpweWHh9P6XR+pTJjBglVSvk9kLv+PYCvk7yxbT3M6OA/GrSEp/53itlzOU +MPkv/OF6BmbRbYJK5HAsZgHGbuZxUHUqm4qJ+t4+WZaz9i8WtYbOM6T9aNWQrVUW +dUMqA/4tZlHJzCrd1NbfEetQVeso9rzzWWWmDAusbvkowfrFHXJGUjfL0hBmxj/9 +JmZtwU+i8G+MKQS0w9rCVLEMLoHLLxPH+Jiknz3Y2xE6CbiSvL+8cvOolgADz/06 +MniHKOZb4tPFPw7ObESeAGp4T9FgT53fJ14AMjGLyHv6EXbfvbQsU2FtdWxpIFNl +cHDDpG5lbiA8c2FtdWxpLnNlcHBhbmVuQGdtYWlsLmNvbT6IYAQTEQIAIAUCSwe6 +7gIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEMKdl+0ZjSKjsfsAoK6khXtq +w2xDtNBv/UhRhuVH0NQOAKCDWiB2zYNvHWLYnuIpAlE1sAnGPrkCDQRLB7ruEAgA +jwSEfTWLJsIW5qlKNEhySIjmRmcVgqB/NTaZ+Nd/r++stYSan1qb7qlQ3B3w48p1 +gB0SPfwKRmMkiYsHNcbRr5KIHWTnYrMI/5OAjPIiz/2j294wRnObzrbJK3T+qJSL +A2mEXXPPK7i0hUwH12ZJej/h98lPQA+NiDgDOaq4asyq4pcHrR2T2NyiiR2+Xi/L +2Lz1zKj4iQ3f5g0ktmAEdGcDtV7tI0xZeXWEtesRXeXmqPmjLskJozUoZP1GXXAz +80PySK2HsEQ/846q1Ybl5KYwbSH+l8jLIyqMDTQnCYG+Ft1moCk3HLyc4c1ALVov +1Rvom8u3dM5tUtpuZMwcJwADBQf+MCohqLqGJmEdiTEnmggsiKSoZTIBJhcujRaL +pxPpBlXz6P2bvlprUedBs+zxEEI+Q/CqIlyYaN+Kca1FK4YG9iQoHmb9IIVHf4C/ +lyWSx1xK+BnIk7SEfMjpGAjofNzNc34NmebnosHfP/g3ruLo6EgtjQ68iUty9PgX +Q1bZQ/SeXk16b8Nn0xQa9S+hg5LAxA+DuSvXbMqU5q2p8JlPgGEFVKzaVcxPhppB +Kcv/2CxjsqXj/6sW3nFSw+8Jd4SWL1+cPZ1v1WHG3SUMFoLAjSmVj3X8roG5EiLi +QxSGOUz8uVtvumfKyd25MYmgHMELL7fxhrZcw2OVdo977lt2fIhJBBgRAgAJBQJL +B7ruAhsMAAoJEMKdl+0ZjSKjgrAAoLeln17YxSQA7RUHwTbquOA92odMAKDiq7c8 +p2hUs3rZaXY1aMmExyB0gQ== +=l5lk +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/openvpn.service b/openvpn.service new file mode 100644 index 0000000..4bda941 --- /dev/null +++ b/openvpn.service @@ -0,0 +1,14 @@ +[Unit] +Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I +After=syslog.target network.target + +[Service] +PrivateTmp=true +Type=forking +PIDFile=/var/run/openvpn/%i.pid +ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf + +[Install] +WantedBy=multi-user.target + + diff --git a/openvpn.spec b/openvpn.spec index a584ac9..f1e6fc5 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -15,47 +15,57 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +%if 0%{?suse_version} < 1230 +%define _unitdir /lib/systemd/system +%else +%define _unitdir /usr/lib/systemd/system +%endif + +%if 0%{?suse_version} > 1210 +%define with_systemd 1 +%else +%define with_systemd 0 +%endif Name: openvpn Url: http://openvpn.net/ -%if 0%{?suse_version} +%if %{with_systemd} +%{?systemd_requires} +%else PreReq: %insserv_prereq %fillup_prereq %endif -Version: 2.2.2 +Version: 2.3.0 Release: 0 -%define upstream_version %version Summary: Full-featured SSL VPN solution using a TUN/TAP Interface License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 Group: Productivity/Networking/Security -Source: http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz -Source1: http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz.asc -Source2: openvpn.init -Source3: openvpn.README.SUSE +Source: http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz +Source1: http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz.asc +Source2: %{name}.init +Source6: %{name}.sysconfig +Source3: %{name}.README.SUSE Source4: client-netconfig.up Source5: client-netconfig.down -Source6: openvpn.sysconfig Source7: %{name}.keyring -Patch1: %{name}-2.1-plugin-man.dif -Patch2: %{name}-2.1-plugin-build.dif -Patch3: openvpn-2.1-systemd-passwd.patch -Patch4: 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch -Patch5: openvpn-2.2.1-man-dot.diff +Source8: %{name}.service +Source9: %{name}-tmpfile.conf +Patch1: %{name}-2.3-plugin-man.dif +Patch5: %{name}-2.3.0-man-dot.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: automake BuildRequires: gpg-offline BuildRequires: iproute2 BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel -%if 0%{?suse_version} > 1010 -BuildRequires: libselinux-devel +%if %{with_systemd} +BuildRequires: systemd %endif -%if 0%{?suse_version} > 1030 +BuildRequires: libselinux-devel BuildRequires: pkcs11-helper-devel Requires: pkcs11-helper +%if %{with_systemd} +BuildRequires: systemd %endif -%define plugin_dir %{_libdir}/%{name}/plugin -%define plugin_libdir %{plugin_dir}/lib %description OpenVPN is a full-featured SSL VPN solution which can accommodate a wide @@ -76,12 +86,6 @@ NetBSD, Mac OS X, and Solaris. OpenVPN is not a web application proxy and does not operate through a web browser. - - -Authors: --------- - James Yonan - %package down-root-plugin Summary: OpenVPN down-root plugin Group: Productivity/Networking/Security @@ -99,12 +103,6 @@ until it receives a message from OpenVPN via pipe to execute the down script. Thus, the down script will be run in the same execution environment as the up script. - - -Authors: --------- - James Yonan - %package auth-pam-plugin Summary: OpenVPN auth-pam plugin Group: Productivity/Networking/Security @@ -124,126 +122,113 @@ This plugin uses a split privilege execution model which will function even if you drop openvpn daemon privileges using the user, group, or chroot directives. - - -Authors: --------- - James Yonan - %prep %gpg_verify %{S:1} -%setup -q -n %{name}-%{upstream_version} +%setup -q -n %{name}-%{version} %patch1 -p0 -%patch2 -p0 -%patch3 -p1 -%patch4 -p1 %patch5 -p0 -sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \ - -e "s|@PLUGIN_LIBDIR@|%{plugin_libdir}|g" \ - -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \ - -i openvpn.8 -# the build __DATE__ causes obs rebuild/republish of binaries; -# use the date of version.m4 file in the tar archive instead -sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" -i options.c +sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" -i src/openvpn/options.c + +# %%doc items shouldn't be executable. +find contrib sample -type f -perm +100 \ + -exec chmod a-x {} \; %build -autoreconf -fi export CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing" export LDFLAGS %configure \ --enable-iproute2 \ --enable-x509-alt-username \ --enable-password-save \ + --enable-plugins \ + --enable-plugin-down-root \ + --enable-plugin-auth-pam \ --with-lzo-headers=%_includedir/lzo \ - CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \ + CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \ LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugin/lib" make -# -# Build down-root plugin -# -pushd plugin/down-root -make -popd -# -# Build auth-pam plugin -# -pushd plugin/auth-pam -make -popd %install make DESTDIR=$RPM_BUILD_ROOT install +find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/openvpn mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn +%if %{with_systemd} +install -D -m 755 $RPM_SOURCE_DIR/%{name}.service %{buildroot}/%{_unitdir}/%{name}.service +# tmpfiles.d +mkdir -p %{buildroot}%{_libexecdir}/tmpfiles.d +install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf +%else install -D -m 755 $RPM_SOURCE_DIR/openvpn.init $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/openvpn ln -sv %{_sysconfdir}/init.d/openvpn $RPM_BUILD_ROOT/%{_sbindir}/rcopenvpn -cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE -install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample-scripts/client-netconfig.up -install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample-scripts/client-netconfig.down -find sample-* suse contrib -type f -exec chmod -x \{\} \; -chmod -x easy-rsa/2.0/{vars,openssl*.cnf} -chmod +x easy-rsa/1.0/{revoke-crt,make-crl,list-crl} -cp -rd easy-rsa $RPM_BUILD_ROOT%{_datadir}/openvpn/ -rm -rf $RPM_BUILD_ROOT%{_datadir}/openvpn/easy-rsa/Windows -# -# Install the plugins -# -install -d -m 755 $RPM_BUILD_ROOT%{plugin_libdir}/ -mv -f plugin/README README.plugins -for pi in auth-pam down-root; do - mv -f plugin/$pi/README README.$pi - install -m 755 plugin/$pi/openvpn-$pi.so \ - $RPM_BUILD_ROOT%{plugin_libdir}/ -done -# we install docs via spec into _defaultdocdir/name/management-notes.txt -rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name} -# the /etc/sysconfig/openvpn template +# the /etc/sysconfig/openvpn template only with sysvinit, no needed with systemd install -d -m0755 %{buildroot}/var/adm/fillup-templates install -m0600 $RPM_SOURCE_DIR/openvpn.sysconfig \ %{buildroot}/var/adm/fillup-templates/sysconfig.openvpn +%endif +cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE +install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample/sample-scripts/client-netconfig.up +install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample/sample-scripts/client-netconfig.down -%clean -if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi +# we install docs via spec into _defaultdocdir/name/management-notes.txt +rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name} %post +%if %{with_systemd} +%service_add_post %{name}.service +%else %{?fillup_and_insserv:%fillup_and_insserv} +%endif %preun +%if %{with_systemd} +%service_del_preun %{name}.service +%else %{?stop_on_removal:%stop_on_removal openvpn} +%endif %postun +%if %{with_systemd} +%service_del_postun %{name}.service +%else %{?insserv_cleanup:%insserv_cleanup} +%endif %files %defattr(-,root,root) %doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README +%doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root} %doc README.* %doc contrib -%doc sample-config-files -%doc sample-keys -%doc sample-scripts -%doc suse -%doc management/management-notes.txt +%doc sample/sample-config-files +%doc sample/sample-keys +%doc sample/sample-scripts +%doc doc/management-notes.txt %doc %{_mandir}/man8/openvpn.8.gz %config(noreplace) %{_sysconfdir}/openvpn/ +%if %{with_systemd} +%{_unitdir}/%{name}.service +%{_libexecdir}/tmpfiles.d/%{name}.conf +%else %config %{_sysconfdir}/init.d/openvpn -%{_sbindir}/openvpn -%{_sbindir}/rcopenvpn -%attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn -%dir %{_datadir}/openvpn -%{_datadir}/openvpn/easy-rsa -%dir %{_libdir}/%{name} -%dir %{plugin_dir} -%dir %{plugin_libdir} /var/adm/fillup-templates/sysconfig.openvpn +%{_sbindir}/rcopenvpn +%endif +%{_sbindir}/openvpn +%attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn +%{_includedir}/%{name}-plugin.h %files down-root-plugin %defattr(-,root,root) -%{plugin_libdir}/openvpn-down-root.so +%dir %{_libdir}/%{name} +%dir %{_libdir}/%{name}/plugins +%{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so %files auth-pam-plugin %defattr(-,root,root) -%{plugin_libdir}/openvpn-auth-pam.so +%dir %{_libdir}/%{name} +%dir %{_libdir}/%{name}/plugins +%{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so %changelog