Accepting request 159617 from home:posophe:branches:network:vpn

Update and systemd support For a weird reason, adding entry in changes file is followed with a conflict in changes file... Can you add this for me ? Thanks you http://paste.opensuse.org/30892895 OBS-URL: https://build.opensuse.org/request/show/159617 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=52
2013-03-25 15:08:09 +00:00 · 2013-03-25 15:08:09 +00:00 · 0b141f27c6
commit 0b141f27c6
parent bb7cfe65b6
14 changed files with 152 additions and 288 deletions
--- a/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
+++ b/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
@ -1,31 +0,0 @@
-From db33132094f4748ccc63aadbfa4b7446bb95b350 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
-Date: Sat, 20 Aug 2011 18:12:28 -0400
-Subject: [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-
-Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
---
- ssl.c |    3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/ssl.c b/ssl.c
-index ea7b204..459e66c 100644
--- a/ssl.c
-+++ b/ssl.c
-@@ -2073,6 +2073,9 @@ init_ssl (const struct options *options)
-     }
- 
-   /* Set SSL options */
-+#ifdef SSL_MODE_RELEASE_BUFFERS
-+  SSL_CTX_set_mode (ctx, SSL_MODE_RELEASE_BUFFERS);
-+#endif
-   SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF);
-   SSL_CTX_set_options (ctx, SSL_OP_SINGLE_DH_USE);
- 
-- 
-1.7.4.1
-
--- a/openvpn-2.1-plugin-build.dif
+++ b/openvpn-2.1-plugin-build.dif
@ -1,34 +0,0 @@
-Index: plugin/auth-pam/Makefile
-===================================================================
--- plugin/auth-pam/Makefile.orig
-+++ plugin/auth-pam/Makefile
-@@ -15,10 +15,10 @@ endif
- # This directory is where we will look for openvpn-plugin.h
- INCLUDE=-I../..
- 
-CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM)
-+CC_FLAGS=$(CFLAGS) -DDLOPEN_PAM=$(DLOPEN_PAM)
- 
- openvpn-auth-pam.so : auth-pam.o pamdl.o
-	gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
-+	gcc ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
- 
- auth-pam.o : auth-pam.c pamdl.h
- 	gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} auth-pam.c
-Index: plugin/down-root/Makefile
-===================================================================
--- plugin/down-root/Makefile.orig
-+++ plugin/down-root/Makefile
-@@ -5,10 +5,10 @@
- # This directory is where we will look for openvpn-plugin.h
- INCLUDE=-I../..
- 
-CC_FLAGS=-O2 -Wall
-+CC_FLAGS=${CFLAGS}
- 
- down-root.so : down-root.o
-	gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
-+	gcc ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
- 
- down-root.o : down-root.c
- 	gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} down-root.c
--- a/openvpn-2.1-systemd-passwd.patch
+++ b/openvpn-2.1-systemd-passwd.patch
@ -1,61 +0,0 @@
-Index: openvpn-2.2.1/misc.c
-===================================================================
--- openvpn-2.2.1.orig/misc.c
-+++ openvpn-2.2.1/misc.c
-@@ -1333,26 +1333,49 @@ get_console_input (const char *prompt, c
-   ASSERT (input);
-   ASSERT (capacity > 0);
-   input[0] = '\0';
-+  bool is_systemd_running;
-+  struct stat a, b;
-+
-+  /* We simply test whether the systemd cgroup hierarchy is
-+   * mounted */
-+
-+  is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0)
-+	  && (lstat("/sys/fs/cgroup/systemd", &b) == 0)
-+	  && (a.st_dev != b.st_dev);
- 
- #if defined(WIN32)
-   return get_console_input_win32 (prompt, echo, input, capacity);
- #elif defined(HAVE_GETPASS)
-  if (echo)
-+  if (echo || is_systemd_running)
-     {
-       FILE *fp;
- 
-      fp = open_tty (true);
-      fprintf (fp, "%s", prompt);
-      fflush (fp);
-      close_tty (fp);
-+      if (is_systemd_running)
-+        {
-+	 char *cmd;
-+
-+	 asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt);
-+         fp = popen (cmd, "re");
-+	 free (cmd);
-+        }
-+      else
-+        {
-+          fp = open_tty (true);
-+          fprintf (fp, "%s", prompt);
-+          fflush (fp);
-+          close_tty (fp);
- 
-      fp = open_tty (false);
-+          fp = open_tty (false);
-+        }
-       if (fgets (input, capacity, fp) != NULL)
- 	{
- 	  chomp (input);
- 	  ret = true;
- 	}
-      close_tty (fp);
-+      if (is_systemd_running)
-+	fclose (fp);
-+      else
-+	close_tty (fp);
-     }
-   else
-     {
--- a/openvpn-2.2.1-man-dot.diff
+++ b/openvpn-2.2.1-man-dot.diff
@ -1,18 +0,0 @@
--- openvpn.8
-+++ openvpn.8	2011/08/29 18:26:40
-@@ -21,13 +21,13 @@
- .\"  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- .\"
- .\" Manual page for openvpn
-.\
-+.\"
- .\" SH section heading
- .\" SS subsection heading
- .\" LP paragraph
- .\" IP indented paragraph
- .\" TP hanging label
-.\
-+.\"
- .\" .nf -- no formatting
- .\" .fi -- resume formatting
- .\" .ft 3 -- boldface
--- a/openvpn-2.2.2.tar.gz
+++ b/openvpn-2.2.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:54ca8b260e2ea3b26e84c2282ccb5f8cb149edcfd424b686d5fb22b8dbbeac00
-size 911158
--- a/openvpn-2.2.2.tar.gz.asc
+++ b/openvpn-2.2.2.tar.gz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iEYEABECAAYFAk7x3a0ACgkQHQtJlh+/UfNoTwCgqozpPBOdBQhT+P0/ITdFcR0h
-qLQAn3vtza2SRKG2Li2hl7I7vAkHFw1q
-=OsX4
-----END PGP SIGNATURE-----
--- a/openvpn-2.3-plugin-man.dif
+++ b/openvpn-2.3-plugin-man.dif
@ -1,8 +1,8 @@
 Index: openvpn.8
 ===================================================================
--- openvpn.8.orig
-+++ openvpn.8
-@@ -2389,11 +2389,10 @@ plug-in modules, see the README file in
+--- doc/openvpn.8.orig
+++ doc/openvpn.8
+@@ -2563,11 +2563,10 @@
 folder of the OpenVPN source distribution.
 
 If you are using an RPM install of OpenVPN, see
--- a/openvpn-2.3.0-man-dot.diff
+++ b/openvpn-2.3.0-man-dot.diff
@ -0,0 +1,11 @@
+--- doc/openvpn.8
+++ doc/openvpn.8
+@@ -21,7 +21,7 @@
+ .\"  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ .\"
+ .\" Manual page for openvpn
+-.\
+.\"
+ .\" SH section heading
+ .\" SS subsection heading
+ .\" LP paragraph
--- a/openvpn-2.3.0.tar.gz
+++ b/openvpn-2.3.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4602a8d0f66dfa6ac10b7abfeba35260d7d4c570948f6eba5f8216ffa3a2c490
+size 1130659
--- a/openvpn-2.3.0.tar.gz.asc
+++ b/openvpn-2.3.0.tar.gz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEABECAAYFAlDsEP0ACgkQwp2X7RmNIqOWzgCgjV8zuTIeQyf9akjPC9zmD0Lb
+x0wAoJJvA2HdPqrbUELnP9I8ulh4R+o9
+=F+0q
+-----END PGP SIGNATURE-----
--- a/openvpn-tmpfile.conf
+++ b/openvpn-tmpfile.conf
@ -0,0 +1 @@
+D /var/run/openvpn 0710 root openvpn -
--- a/openvpn.keyring
+++ b/openvpn.keyring
@ -1,33 +1,30 @@
-pub   1024D/1FBF51F3 2003-11-20
-uid                  James Yonan <jim@yonan.net>
-sub   2048g/4B9741E3 2003-11-20
-
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v1.4.9 (GNU/Linux)

-mQGiBD+9OaARBAC41lHwut4og8RL+QvChit93Yg8JloaZzqvKQHMKvcb14OY27QB
-00oEtwxotBRkvJHy/cR4feK9Itje556FbzC7ODesYtjZh1V81B2ep4tfwRQSPqZT
-xy2jwzW5SwReBuIPxBOFts+OeeLQuKFU/VSItU9abA51cvKEvaV0CZx6ZwCg/h70
-OgABmkCl8u+nHK2EHMSjZAUD/RP1jLNub1wlg2vJvfty+Nu7PoDJxSG7LzsSFC6W
-a5KiryIMvokp3cZQ7EnTG1Jc5y5tsZrRfTa7QLcooQrYivWSCSldkAowEh/tUGwb
-CurQZtDAmmuqLJAG+zDh6qFINHPnkVZBMuN+Lhkg0gqo+Mgsjn0ZzuGgQYb2b3wn
-pXckBACZE6EJSnICN/Cn5657of5znOwixZUdl4Pvsv7X5LuUJ0SeUtfSjNfUFu0b
-j/s0BXpQ/Y933rS+m0axbiElRNHzwtBb4W+TzwLvkwHw5WrIw5tcZXcZpos1NkhW
-lUDKLQ63WMqg5SBpilo3/wFU4+ngvPMcfbL1vgMYuuWfSPRt5LQbSmFtZXMgWW9u
-YW4gPGppbUB5b25hbi5uZXQ+iF4EExECAB4FAj+9OaACGwMGCwkIBwMCAxUCAwMW
-AgECHgECF4AACgkQHQtJlh+/UfMaFgCeOIDuybiePnFpYbm7faiqT34NvzYAoLjO
-ob+WiwJECbjpV62fmItBsYI9uQINBD+9OcAQCAC4wi4knBzA3bGbb2XSnZcIt+Tf
-9JGXoG7+cpLT6wGZqzaAHNdgiZZf5Gdod9ud3CcLwrc1WXJljZXBhnpNNypen6O9
-uGCb9OXKO7PuYV014D0pKv96rYtgPNE7MUO101lDt7bE8Zmw+HmOpyf6TnIg8GWw
-3Vj8n0HfGvsx/WW2PZ1tXxUFAbsVIU/W5EJlCAhJbaZZCBj+P0QJFGuP41E7V0iO
-2UMGRbzoQrwmGQopjVrzXcWAr5NvKKd8HL4ESkp8xdZrhCukNIBE9EEt6H+EvPut
-KdvpH2fIUTyEeZY4zDtm0ZS0zGZBET9SdcX/+sAuseiojPKd/D67oMG5FcF7AAMG
-CACfOcVjPcqYAhkGo6HNrpU7HMuaxy3Tuy5HI+4kU/POlLlm2AsfmHr4BtRCFMBt
-uNxybJwMMew1o1E4H4RvTEfPpVS0WW2lkOcpet429xf4oX1HL2nvlLmOAaMKgLhL
-ZxPPTCzmjyIVIeRF8BC+VQYh346v/LocO2obbD0chO0mApVgxVhO4E0vlu0Rdmsp
-d7+mCuani1wS9n0lgYVnHYdxRPL/AWj11KDgKm2LjoJt0WHHyEHGMjJTUB0JhM2a
-EfWkimDELeAb3pjdVEtmW6aF+q8sd6tn+mM0Z2I+6kwiMsdoWzjosuvXPzFsvkWq
-0QY2wWyYYsNaXscfjKnjBUcpiEkEGBECAAkFAj+9OcACGwwACgkQHQtJlh+/UfOR
-TACgpg5MZJMgULtP31swTRmPGZ3driAAniP+Xg3U2KxAiS9Mxf0BOen8FgW5
-=eZlZ
+mQGiBEsHuu4RBACnPwEKcLYmlwe8v2e8xizlO1fCeqOA7zj6tU/T/1+YTJhrVbgW
+PiRYSNKAmAq0uLFLQ14KpIDsrtdi5ySeUTf64kJtDrBa2si6h0HUyNHf9EX6rUVC
+g/CTpsfYEkqlfMoBH7w7L5O2yidwWA+F4RGWhruzP7i1z+bBsIguSxiBzwCg5qPh
+pgkFGeWArp/OUBHkaqmPZ00D/08dmkrez9d7C/PoR/cFq0nQBqL3zmsRxv66I6fM
+TUqwaRpweWHh9P6XR+pTJjBglVSvk9kLv+PYCvk7yxbT3M6OA/GrSEp/53itlzOU
+MPkv/OF6BmbRbYJK5HAsZgHGbuZxUHUqm4qJ+t4+WZaz9i8WtYbOM6T9aNWQrVUW
+dUMqA/4tZlHJzCrd1NbfEetQVeso9rzzWWWmDAusbvkowfrFHXJGUjfL0hBmxj/9
+JmZtwU+i8G+MKQS0w9rCVLEMLoHLLxPH+Jiknz3Y2xE6CbiSvL+8cvOolgADz/06
+MniHKOZb4tPFPw7ObESeAGp4T9FgT53fJ14AMjGLyHv6EXbfvbQsU2FtdWxpIFNl
+cHDDpG5lbiA8c2FtdWxpLnNlcHBhbmVuQGdtYWlsLmNvbT6IYAQTEQIAIAUCSwe6
+7gIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEMKdl+0ZjSKjsfsAoK6khXtq
+w2xDtNBv/UhRhuVH0NQOAKCDWiB2zYNvHWLYnuIpAlE1sAnGPrkCDQRLB7ruEAgA
+jwSEfTWLJsIW5qlKNEhySIjmRmcVgqB/NTaZ+Nd/r++stYSan1qb7qlQ3B3w48p1
+gB0SPfwKRmMkiYsHNcbRr5KIHWTnYrMI/5OAjPIiz/2j294wRnObzrbJK3T+qJSL
+A2mEXXPPK7i0hUwH12ZJej/h98lPQA+NiDgDOaq4asyq4pcHrR2T2NyiiR2+Xi/L
+2Lz1zKj4iQ3f5g0ktmAEdGcDtV7tI0xZeXWEtesRXeXmqPmjLskJozUoZP1GXXAz
+80PySK2HsEQ/846q1Ybl5KYwbSH+l8jLIyqMDTQnCYG+Ft1moCk3HLyc4c1ALVov
+1Rvom8u3dM5tUtpuZMwcJwADBQf+MCohqLqGJmEdiTEnmggsiKSoZTIBJhcujRaL
+pxPpBlXz6P2bvlprUedBs+zxEEI+Q/CqIlyYaN+Kca1FK4YG9iQoHmb9IIVHf4C/
+lyWSx1xK+BnIk7SEfMjpGAjofNzNc34NmebnosHfP/g3ruLo6EgtjQ68iUty9PgX
+Q1bZQ/SeXk16b8Nn0xQa9S+hg5LAxA+DuSvXbMqU5q2p8JlPgGEFVKzaVcxPhppB
+Kcv/2CxjsqXj/6sW3nFSw+8Jd4SWL1+cPZ1v1WHG3SUMFoLAjSmVj3X8roG5EiLi
+QxSGOUz8uVtvumfKyd25MYmgHMELL7fxhrZcw2OVdo977lt2fIhJBBgRAgAJBQJL
+B7ruAhsMAAoJEMKdl+0ZjSKjgrAAoLeln17YxSQA7RUHwTbquOA92odMAKDiq7c8
+p2hUs3rZaXY1aMmExyB0gQ==
+=l5lk
 -----END PGP PUBLIC KEY BLOCK-----
--- a/openvpn.service
+++ b/openvpn.service
@ -0,0 +1,14 @@
+[Unit]
+Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
+After=syslog.target network.target
+
+[Service]
+PrivateTmp=true
+Type=forking
+PIDFile=/var/run/openvpn/%i.pid
+ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
+
+[Install]
+WantedBy=multi-user.target
+
+
--- a/openvpn.spec
+++ b/openvpn.spec
@ -15,47 +15,57 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #

+%if 0%{?suse_version} < 1230
+%define _unitdir /lib/systemd/system
+%else
+%define _unitdir /usr/lib/systemd/system
+%endif
+
+%if 0%{?suse_version} > 1210
+%define with_systemd 1
+%else
+%define with_systemd 0
+%endif

 Name:           openvpn
 Url:            http://openvpn.net/
-%if 0%{?suse_version}
+%if %{with_systemd}
+%{?systemd_requires}
+%else
 PreReq:         %insserv_prereq %fillup_prereq
 %endif
-Version:        2.2.2
+Version:        2.3.0
 Release:        0
-%define         upstream_version %version
 Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
 License:        SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
 Group:          Productivity/Networking/Security
-Source:         http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz
-Source1:        http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz.asc
-Source2:        openvpn.init
-Source3:        openvpn.README.SUSE
+Source:         http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz
+Source1:        http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz.asc
+Source2:        %{name}.init
+Source6:        %{name}.sysconfig
+Source3:        %{name}.README.SUSE
 Source4:        client-netconfig.up
 Source5:        client-netconfig.down
-Source6:        openvpn.sysconfig
 Source7:        %{name}.keyring
-Patch1:         %{name}-2.1-plugin-man.dif
-Patch2:         %{name}-2.1-plugin-build.dif
-Patch3:         openvpn-2.1-systemd-passwd.patch
-Patch4:         0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
-Patch5:         openvpn-2.2.1-man-dot.diff
+Source8:		%{name}.service
+Source9:        %{name}-tmpfile.conf
+Patch1:         %{name}-2.3-plugin-man.dif
+Patch5:         %{name}-2.3.0-man-dot.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  automake
 BuildRequires:  gpg-offline
 BuildRequires:  iproute2
 BuildRequires:  lzo-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
-%if 0%{?suse_version} > 1010
-BuildRequires:  libselinux-devel
+%if %{with_systemd}
+BuildRequires:	systemd
 %endif
-%if 0%{?suse_version} > 1030
+BuildRequires:  libselinux-devel
 BuildRequires:  pkcs11-helper-devel
 Requires:       pkcs11-helper
+%if %{with_systemd}
+BuildRequires:	systemd
 %endif
-%define         plugin_dir        %{_libdir}/%{name}/plugin
-%define         plugin_libdir     %{plugin_dir}/lib

 %description
 OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
@ -76,12 +86,6 @@ NetBSD, Mac OS X, and Solaris.
 OpenVPN is not a web application proxy and does not operate through a
 web browser.

-
-
-Authors:
--------
-    James Yonan <jim@yonan.net>
-
 %package down-root-plugin
 Summary:        OpenVPN down-root plugin
 Group:          Productivity/Networking/Security
@ -99,12 +103,6 @@ until it receives a message from OpenVPN via pipe to execute the down
 script.  Thus, the down script will be run in the same execution
 environment as the up script.

-
-
-Authors:
--------
-    James Yonan <jim@yonan.net>
-
 %package auth-pam-plugin
 Summary:        OpenVPN auth-pam plugin
 Group:          Productivity/Networking/Security
@ -124,126 +122,113 @@ This plugin uses a split privilege execution model which will function
 even if you drop openvpn daemon privileges using the user, group, or
 chroot directives.

-
-
-Authors:
--------
-    James Yonan <jim@yonan.net>
-
 %prep
 %gpg_verify %{S:1}
-%setup -q -n %{name}-%{upstream_version}
+%setup -q -n %{name}-%{version}
 %patch1 -p0
-%patch2 -p0
-%patch3 -p1
-%patch4 -p1
 %patch5 -p0
-sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \
-    -e "s|@PLUGIN_LIBDIR@|%{plugin_libdir}|g" \
-    -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \
-    -i openvpn.8
-# the build __DATE__ causes obs rebuild/republish of binaries;
-# use the date of version.m4 file in the tar archive instead
-sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" -i options.c
+sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" -i src/openvpn/options.c
+
+# %%doc items shouldn't be executable.
+find contrib sample -type f -perm +100 \
+    -exec chmod a-x {} \;

 %build
-autoreconf -fi
 export CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing"
 export LDFLAGS
 %configure \
 	--enable-iproute2                   \
 	--enable-x509-alt-username          \
 	--enable-password-save              \
+    --enable-plugins                    \
+    --enable-plugin-down-root           \
+    --enable-plugin-auth-pam            \
 	--with-lzo-headers=%_includedir/lzo \
-	CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \
+    CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \
 	LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugin/lib"
 make
-#
-# Build down-root plugin
-#
-pushd plugin/down-root
-make
-popd
-#
-# Build auth-pam plugin
-#
-pushd plugin/auth-pam
-make
-popd

 %install
 make DESTDIR=$RPM_BUILD_ROOT install
+find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn
 mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/openvpn
 mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn
+%if %{with_systemd}
+install -D -m 755 $RPM_SOURCE_DIR/%{name}.service %{buildroot}/%{_unitdir}/%{name}.service
+# tmpfiles.d
+mkdir -p %{buildroot}%{_libexecdir}/tmpfiles.d
+install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
+%else
 install -D -m 755 $RPM_SOURCE_DIR/openvpn.init $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/openvpn
 ln -sv %{_sysconfdir}/init.d/openvpn $RPM_BUILD_ROOT/%{_sbindir}/rcopenvpn
-cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE
-install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample-scripts/client-netconfig.up
-install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample-scripts/client-netconfig.down
-find sample-* suse contrib -type f -exec chmod -x \{\} \;
-chmod -x easy-rsa/2.0/{vars,openssl*.cnf}
-chmod +x easy-rsa/1.0/{revoke-crt,make-crl,list-crl}
-cp -rd easy-rsa $RPM_BUILD_ROOT%{_datadir}/openvpn/
-rm -rf $RPM_BUILD_ROOT%{_datadir}/openvpn/easy-rsa/Windows
-#
-# Install the plugins
-#
-install -d -m 755 $RPM_BUILD_ROOT%{plugin_libdir}/
-mv -f plugin/README README.plugins
-for pi in auth-pam down-root; do
-	mv -f plugin/$pi/README README.$pi
-	install -m 755 plugin/$pi/openvpn-$pi.so \
-		$RPM_BUILD_ROOT%{plugin_libdir}/
-done
-# we install docs via spec into _defaultdocdir/name/management-notes.txt
-rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
-# the /etc/sysconfig/openvpn template
+# the /etc/sysconfig/openvpn template only with sysvinit, no needed with systemd
 install -d -m0755 %{buildroot}/var/adm/fillup-templates
 install    -m0600 $RPM_SOURCE_DIR/openvpn.sysconfig \
                  %{buildroot}/var/adm/fillup-templates/sysconfig.openvpn
+%endif
+cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE
+install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample/sample-scripts/client-netconfig.up
+install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample/sample-scripts/client-netconfig.down

-%clean
-if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
+# we install docs via spec into _defaultdocdir/name/management-notes.txt
+rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}

 %post
+%if %{with_systemd}
+%service_add_post %{name}.service
+%else
 %{?fillup_and_insserv:%fillup_and_insserv}
+%endif

 %preun
+%if %{with_systemd}
+%service_del_preun %{name}.service
+%else
 %{?stop_on_removal:%stop_on_removal openvpn}
+%endif

 %postun
+%if %{with_systemd}
+%service_del_postun %{name}.service
+%else
 %{?insserv_cleanup:%insserv_cleanup}
+%endif

 %files
 %defattr(-,root,root)
 %doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README
+%doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root}
 %doc README.*
 %doc contrib
-%doc sample-config-files
-%doc sample-keys
-%doc sample-scripts
-%doc suse
-%doc management/management-notes.txt
+%doc sample/sample-config-files
+%doc sample/sample-keys
+%doc sample/sample-scripts
+%doc doc/management-notes.txt
 %doc %{_mandir}/man8/openvpn.8.gz
 %config(noreplace) %{_sysconfdir}/openvpn/
+%if %{with_systemd}
+%{_unitdir}/%{name}.service
+%{_libexecdir}/tmpfiles.d/%{name}.conf
+%else
 %config %{_sysconfdir}/init.d/openvpn
-%{_sbindir}/openvpn
-%{_sbindir}/rcopenvpn
-%attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn
-%dir %{_datadir}/openvpn
-%{_datadir}/openvpn/easy-rsa
-%dir %{_libdir}/%{name}
-%dir %{plugin_dir}
-%dir %{plugin_libdir}
 /var/adm/fillup-templates/sysconfig.openvpn
+%{_sbindir}/rcopenvpn
+%endif
+%{_sbindir}/openvpn
+%attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn
+%{_includedir}/%{name}-plugin.h

 %files down-root-plugin
 %defattr(-,root,root)
-%{plugin_libdir}/openvpn-down-root.so
+%dir %{_libdir}/%{name}
+%dir %{_libdir}/%{name}/plugins
+%{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so

 %files auth-pam-plugin
 %defattr(-,root,root)
-%{plugin_libdir}/openvpn-auth-pam.so
+%dir %{_libdir}/%{name}
+%dir %{_libdir}/%{name}/plugins
+%{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so

 %changelog