From eb08c86e472970fd347a731b3071876a821c2212 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: May 06 2013 18:29:41 +0000 Subject: 2.3.1.2.3.1.2.3.1. --- diff --git a/openvpn.init b/openvpn.init new file mode 100644 index 0000000..a21bf57 --- /dev/null +++ b/openvpn.init @@ -0,0 +1,263 @@ +#!/bin/sh +# +# openvpn This shell script takes care of starting and stopping +# openvpn on RedHat or other chkconfig-based system. +# +# chkconfig: - 24 76 +# +# processname: openvpn +# description: OpenVPN is a robust and highly flexible tunneling \ +# application that uses all of the encryption, \ +# authentication, and certification features of the OpenSSL \ +# library to securely tunnel IP networks over a single UDP \ +# port. + +# Contributed to the OpenVPN project by +### BEGIN INIT INFO +# Provides: openvpn +# Required-Start: $network +# Required-Stop: $network +# Short-Description: start and stop openvpn +# Description: OpenVPN is a robust and highly flexible tunneling \ +# application that uses all of the encryption, \ +# authentication, and certification features of the OpenSSL \ +# library to securely tunnel IP networks over a single UDP \ +# port. +### END INIT INFO + + +# Douglas Keller +# 2002.05.15 + +# To install: +# copy this file to /etc/rc.d/init.d/openvpn +# shell> chkconfig --add openvpn +# shell> mkdir /etc/openvpn +# make .conf or .sh files in /etc/openvpn (see below) + +# To uninstall: +# run: chkconfig --del openvpn + +# Author's Notes: +# +# I have created an /etc/init.d init script and enhanced openvpn.spec to +# automatically register the init script. Once the RPM is installed you +# can start and stop OpenVPN with "service openvpn start" and "service +# openvpn stop". +# +# The init script does the following: +# +# - Starts an openvpn process for each .conf file it finds in +# /etc/openvpn. +# +# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes +# it before starting openvpn (useful for doing openvpn --mktun...). +# +# - In addition to start/stop you can do: +# +# service openvpn reload - SIGHUP +# service openvpn reopen - SIGUSR1 +# service openvpn status - SIGUSR2 +# +# Modifications: +# +# 2003.05.02 +# * Changed == to = for sh compliance (Bishop Clark). +# * If condrestart|reload|reopen|status, check that we were +# actually started (James Yonan). +# * Added lock, piddir, and work variables (James Yonan). +# * If start is attempted twice, without an intervening stop, or +# if start is attempted when previous start was not properly +# shut down, then kill any previously started processes, before +# commencing new start operation (James Yonan). +# * Do a better job of flagging errors on start, and properly +# returning success or failure status to caller (James Yonan). +# +# 2005.04.04 +# * Added openvpn-startup and openvpn-shutdown script calls +# (James Yonan). +# + +# Location of openvpn binary +openvpn="" +openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn" +for location in $openvpn_locations +do + if [ -f "$location" ] + then + openvpn=$location + fi +done + +# Lockfile +lock="/var/lock/subsys/openvpn" + +# PID directory +piddir="/var/run/openvpn" + +# Our working directory +work=/etc/openvpn + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +if [ ${NETWORKING} = "no" ] +then + echo "Networking is down" + exit 0 +fi + +# Check that binary exists +if ! [ -f $openvpn ] +then + echo "openvpn binary not found" + exit 0 +fi + +# See how we were called. +case "$1" in + start) + echo -n $"Starting openvpn: " + + /sbin/modprobe tun >/dev/null 2>&1 + + # From a security perspective, I think it makes + # sense to remove this, and have users who need + # it explictly enable in their --up scripts or + # firewall setups. + + #echo 1 > /proc/sys/net/ipv4/ip_forward + + # Run startup script, if defined + if [ -f $work/openvpn-startup ]; then + $work/openvpn-startup + fi + + if [ ! -d $piddir ]; then + mkdir $piddir + fi + + if [ -f $lock ]; then + # we were not shut down correctly + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill `cat $pidf` >/dev/null 2>&1 + fi + rm -f $pidf + done + rm -f $lock + sleep 2 + fi + + rm -f $piddir/*.pid + cd $work + + # Start every .conf in $work and run .sh if exists + errors=0 + successes=0 + for c in `/bin/ls *.conf 2>/dev/null`; do + bn=${c%%.conf} + if [ -f "$bn.sh" ]; then + . ./$bn.sh + fi + rm -f $piddir/$bn.pid + # Handle backward compatibility, see Red Hat Bugzilla ID #458594 + script_security='' + if [ -z "$( grep '^[[:space:]]*script-security[[:space:]]' $c )" ]; then + script_security="--script-security 2" + fi + $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work $script_security + if [ $? = 0 ]; then + successes=1 + else + errors=1 + fi + done + + if [ $errors = 1 ]; then + failure; echo + else + success; echo + fi + + if [ $successes = 1 ]; then + touch $lock + fi + ;; + stop) + echo -n $"Shutting down openvpn: " + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill `cat $pidf` >/dev/null 2>&1 + fi + rm -f $pidf + done + + # Run shutdown script, if defined + if [ -f $work/openvpn-shutdown ]; then + $work/openvpn-shutdown + fi + + success; echo + rm -f $lock + ;; + restart) + $0 stop + sleep 2 + $0 start + ;; + reload) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -HUP `cat $pidf` >/dev/null 2>&1 + fi + done + else + echo "openvpn: service not started" + exit 1 + fi + ;; + reopen) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -USR1 `cat $pidf` >/dev/null 2>&1 + fi + done + else + echo "openvpn: service not started" + exit 1 + fi + ;; + condrestart) + if [ -f $lock ]; then + $0 stop + # avoid race + sleep 2 + $0 start + fi + ;; + status) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -USR2 `cat $pidf` >/dev/null 2>&1 + fi + done + echo "Status written to /var/log/messages" + else + echo "openvpn: service not started" + exit 1 + fi + ;; + *) + echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}" + exit 1 + ;; +esac +exit 0 diff --git a/openvpn.spec b/openvpn.spec index e797917..d007402 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -3,7 +3,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.2.2 +Version: 2.3.1 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -15,11 +15,12 @@ Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease # Sample 2.0 config files Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf +Source4: openvpn.init # Don't start openvpn by default. -Patch0: openvpn-init.patch -Patch1: openvpn-script-security.patch -Patch2: openvpn-2.1.1-init.patch -Patch3: openvpn-2.1.1-initinfo.patch +#Patch0: openvpn-init.patch +#Patch1: openvpn-script-security.patch +#Patch2: openvpn-2.1.1-init.patch +#Patch3: openvpn-2.1.1-initinfo.patch License: GPLv2 Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) @@ -54,16 +55,16 @@ for compression. %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} -%patch0 -p0 -%patch1 -p1 -%patch2 -p0 -%patch3 -p0 +#%patch0 -p0 +#%patch1 -p1 +#%patch2 -p0 +#%patch3 -p0 -sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 +#sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 # %%doc items shouldn't be executable. -find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \ - -exec chmod a-x {} \; +#find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \ +# -exec chmod a-x {} \; %build # --enable-pthread Enable pthread support (Experimental for OpenVPN 2.0) @@ -84,30 +85,31 @@ find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \ # Build plugins for plugin in %{plugins} ; do - %{__make} -C plugin/$plugin + %{__make} -C src/plugins/$plugin done %check # Test Crypto: -./openvpn --genkey --secret key -./openvpn --test-crypto --secret key +./src/openvpn/openvpn --genkey --secret key +./src/openvpn/openvpn --test-crypto --secret key # Randomize ports for tests to avoid conflicts on the build servers. cport=$[ 50000 + ($RANDOM % 15534) ] sport=$[ $cport + 1 ] sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ -e 's/^\(lport\) .*$/\1 '$cport'/' \ - < sample-config-files/loopback-client \ + < sample/sample-config-files/loopback-client \ > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ -e 's/^\(lport\) .*$/\1 '$sport'/' \ - < sample-config-files/loopback-server \ + < sample/sample-config-files/loopback-server \ > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +pushd sample # Test SSL/TLS negotiations (runs for 2 minutes): -./openvpn --config \ +../src/openvpn/openvpn --config \ %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & -./openvpn --config \ +../src/openvpn/openvpn --config \ %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server wait @@ -117,23 +119,23 @@ rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ %install rm -rf $RPM_BUILD_ROOT -install -D -m 0644 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 -install -D -m 0755 %{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} -install -D -m 0755 sample-scripts/%{name}.init \ +#install -D -m 0644 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 +install -D -m 0755 src/openvpn/%{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} +install -D -m 0755 %{SOURCE4} \ $RPM_BUILD_ROOT%{_initrddir}/%{name} install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} -cp -pR easy-rsa $RPM_BUILD_ROOT%{_datadir}/%{name}/ -rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows -cp %{SOURCE2} %{SOURCE3} sample-config-files/ +#cp -pR easy-rsa $RPM_BUILD_ROOT%{_datadir}/%{name}/ +#rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows +cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ -mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib -for plugin in %{plugins} ; do - install -m 0755 plugin/$plugin/openvpn-$plugin.so \ - $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib/openvpn-$plugin.so - cp plugin/$plugin/README plugin/$plugin.txt -done +#mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib +#for plugin in %{plugins} ; do +# install -m 0755 plugin/$plugin/openvpn-$plugin.so \ +# $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib/openvpn-$plugin.so +# cp plugin/$plugin/README plugin/$plugin.txt +#done mkdir -m 755 -p $RPM_BUILD_ROOT%{_var}/run/%{name} @@ -164,17 +166,20 @@ fi %defattr(-,root,root,0755) %doc AUTHORS COPYING COPYRIGHT.GPL INSTALL PORTS README # Add NEWS when it isn't zero-length. -%doc plugin/*.txt -%doc contrib sample-config-files sample-keys sample-scripts -%{_mandir}/man8/%{name}.8* +%doc src/plugins/*/README.* +%doc contrib sample +#%{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} %{_datadir}/%{name}/ -%{_libdir}/%{name}/ +#%{_libdir}/%{name}/ %{_initrddir}/%{name} %{_var}/run/%{name}/ %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon May 06 2013 Jon Ciesla 2.3.1-1 +- Update to 2.3.1 + * Fri Aug 10 2012 Robert Scheck 2.2.2-1 - Update to 2.2.2