1 |
commit: 54ce210f763c641c0bda088dc38e0025fb45d814 |
2 |
Author: Jeremy Olexa <darkside <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jan 29 04:32:25 2012 +0000 |
4 |
Commit: Jeremy Olexa <darkside <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jan 29 04:32:25 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/darkside.git;a=commit;h=54ce210f |
7 |
|
8 |
[net-misc/openvpn] version bump to 2.2.2, bug 383537 |
9 |
|
10 |
--- |
11 |
net-misc/openvpn/Manifest | 2 + |
12 |
net-misc/openvpn/files/65openvpn | 1 + |
13 |
net-misc/openvpn/files/down.sh | 33 ++++ |
14 |
net-misc/openvpn/files/openvpn-2.1.conf | 18 ++ |
15 |
net-misc/openvpn/files/openvpn-2.1.init | 133 +++++++++++++++ |
16 |
.../openvpn/files/openvpn-2.1_rc13-peercred.patch | 10 ++ |
17 |
net-misc/openvpn/files/openvpn-2.2.2-pkcs11.patch | 36 ++++ |
18 |
net-misc/openvpn/files/openvpn.init | 63 +++++++ |
19 |
net-misc/openvpn/files/up.sh | 82 ++++++++++ |
20 |
net-misc/openvpn/openvpn-2.2.2.ebuild | 171 ++++++++++++++++++++ |
21 |
10 files changed, 549 insertions(+), 0 deletions(-) |
22 |
|
23 |
diff --git a/net-misc/openvpn/Manifest b/net-misc/openvpn/Manifest |
24 |
new file mode 100644 |
25 |
index 0000000..1833126 |
26 |
--- /dev/null |
27 |
+++ b/net-misc/openvpn/Manifest |
28 |
@@ -0,0 +1,2 @@ |
29 |
+DIST openvpn-2.2.0-ipv6-20110522-1.patch.gz 36029 RMD160 a476ba5581f0920dd5f42b2b22beeccb7ef2cbe8 SHA1 04dbcd44d825949e895d714a97e4e57617037536 SHA256 e3b415b1dd61f7fb823231c32b40516a93efc99c2b6b52e3b9fce03d4ae45053 |
30 |
+DIST openvpn-2.2.2.tar.gz 911158 RMD160 60990f183bdd46933724b3bf39ba5861ed0258a6 SHA1 992373cdf12e1b50655b13765a6d36a87cfd3ca3 SHA256 54ca8b260e2ea3b26e84c2282ccb5f8cb149edcfd424b686d5fb22b8dbbeac00 |
31 |
|
32 |
diff --git a/net-misc/openvpn/files/65openvpn b/net-misc/openvpn/files/65openvpn |
33 |
new file mode 100644 |
34 |
index 0000000..4ddb034 |
35 |
--- /dev/null |
36 |
+++ b/net-misc/openvpn/files/65openvpn |
37 |
@@ -0,0 +1 @@ |
38 |
+CONFIG_PROTECT="/usr/share/openvpn/easy-rsa" |
39 |
|
40 |
diff --git a/net-misc/openvpn/files/down.sh b/net-misc/openvpn/files/down.sh |
41 |
new file mode 100755 |
42 |
index 0000000..1c70db0 |
43 |
--- /dev/null |
44 |
+++ b/net-misc/openvpn/files/down.sh |
45 |
@@ -0,0 +1,33 @@ |
46 |
+#!/bin/sh |
47 |
+# Copyright (c) 2006-2007 Gentoo Foundation |
48 |
+# Distributed under the terms of the GNU General Public License v2 |
49 |
+# Contributed by Roy Marples (uberlord@g.o) |
50 |
+ |
51 |
+# If we have a service specific script, run this now |
52 |
+if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then |
53 |
+ /etc/openvpn/"${SVCNAME}"-down.sh "$@" |
54 |
+fi |
55 |
+ |
56 |
+# Restore resolv.conf to how it was |
57 |
+if [ "${PEER_DNS}" != "no" ]; then |
58 |
+ if [ -x /sbin/resolvconf ] ; then |
59 |
+ /sbin/resolvconf -d "${dev}" |
60 |
+ elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then |
61 |
+ # Important that we copy instead of move incase resolv.conf is |
62 |
+ # a symlink and not an actual file |
63 |
+ cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf |
64 |
+ rm -f /etc/resolv.conf-"${dev}".sv |
65 |
+ fi |
66 |
+fi |
67 |
+ |
68 |
+if [ -n "${SVCNAME}" ]; then |
69 |
+ # Re-enter the init script to start any dependant services |
70 |
+ if /etc/init.d/"${SVCNAME}" --quiet status ; then |
71 |
+ export IN_BACKGROUND=true |
72 |
+ /etc/init.d/"${SVCNAME}" --quiet stop |
73 |
+ fi |
74 |
+fi |
75 |
+ |
76 |
+exit 0 |
77 |
+ |
78 |
+# vim: ts=4 : |
79 |
|
80 |
diff --git a/net-misc/openvpn/files/openvpn-2.1.conf b/net-misc/openvpn/files/openvpn-2.1.conf |
81 |
new file mode 100644 |
82 |
index 0000000..72510c3 |
83 |
--- /dev/null |
84 |
+++ b/net-misc/openvpn/files/openvpn-2.1.conf |
85 |
@@ -0,0 +1,18 @@ |
86 |
+# OpenVPN automatically creates an /etc/resolv.conf (or sends it to |
87 |
+# resolvconf) if given DNS information by the OpenVPN server. |
88 |
+# Set PEER_DNS="no" to stop this. |
89 |
+PEER_DNS="yes" |
90 |
+ |
91 |
+# OpenVPN can run in many modes. Most people will want the init script |
92 |
+# to automatically detect the mode and try and apply a good default |
93 |
+# configuration and setup scripts. However, there are cases where the |
94 |
+# OpenVPN configuration looks like a client, but it's really a peer or |
95 |
+# something else. DETECT_CLIENT controls this behaviour. |
96 |
+DETECT_CLIENT="yes" |
97 |
+ |
98 |
+# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn |
99 |
+# init script (ie, it first becomes "inactive" and the script then starts the |
100 |
+# script again to make it "started") then you can state this below. |
101 |
+# In other words, unless you understand service dependencies and are a |
102 |
+# competent shell scripter, don't set this. |
103 |
+RE_ENTER="no" |
104 |
|
105 |
diff --git a/net-misc/openvpn/files/openvpn-2.1.init b/net-misc/openvpn/files/openvpn-2.1.init |
106 |
new file mode 100755 |
107 |
index 0000000..d65e6f8 |
108 |
--- /dev/null |
109 |
+++ b/net-misc/openvpn/files/openvpn-2.1.init |
110 |
@@ -0,0 +1,133 @@ |
111 |
+#!/sbin/runscript |
112 |
+# Copyright 1999-2007 Gentoo Foundation |
113 |
+# Distributed under the terms of the GNU General Public License v2 |
114 |
+ |
115 |
+VPNDIR=${VPNDIR:-/etc/openvpn} |
116 |
+VPN=${SVCNAME#*.} |
117 |
+if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then |
118 |
+ VPNPID="/var/run/openvpn.${VPN}.pid" |
119 |
+else |
120 |
+ VPNPID="/var/run/openvpn.pid" |
121 |
+fi |
122 |
+VPNCONF="${VPNDIR}/${VPN}.conf" |
123 |
+ |
124 |
+depend() { |
125 |
+ need localmount net |
126 |
+ use dns |
127 |
+ after bootmisc |
128 |
+} |
129 |
+ |
130 |
+checkconfig() { |
131 |
+ # Linux has good dynamic tun/tap creation |
132 |
+ if [ $(uname -s) = "Linux" ] ; then |
133 |
+ if [ ! -e /dev/net/tun ]; then |
134 |
+ if ! modprobe tun ; then |
135 |
+ eerror "TUN/TAP support is not available" \ |
136 |
+ "in this kernel" |
137 |
+ return 1 |
138 |
+ fi |
139 |
+ fi |
140 |
+ if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then |
141 |
+ ebegin "Detected broken /dev/net/tun symlink, fixing..." |
142 |
+ rm -f /dev/net/tun |
143 |
+ ln -s /dev/misc/net/tun /dev/net/tun |
144 |
+ eend $? |
145 |
+ fi |
146 |
+ return 0 |
147 |
+ fi |
148 |
+ |
149 |
+ # Other OS's don't, so we rely on a pre-configured interface |
150 |
+ # per vpn instance |
151 |
+ local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}") |
152 |
+ if [ -z ${ifname} ] ; then |
153 |
+ eerror "You need to specify the interface that this openvpn" \ |
154 |
+ "instance should use" \ |
155 |
+ "by using the dev option in ${VPNCONF}" |
156 |
+ return 1 |
157 |
+ fi |
158 |
+ |
159 |
+ if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then |
160 |
+ # Try and create it |
161 |
+ echo > /dev/"${ifname}" >/dev/null |
162 |
+ fi |
163 |
+ if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then |
164 |
+ eerror "${VPNCONF} requires interface ${ifname}" \ |
165 |
+ "but that does not exist" |
166 |
+ return 1 |
167 |
+ fi |
168 |
+} |
169 |
+ |
170 |
+start() { |
171 |
+ # If we are re-called by the openvpn gentoo-up.sh script |
172 |
+ # then we don't actually want to start openvpn |
173 |
+ [ "${IN_BACKGROUND}" = "true" ] && return 0 |
174 |
+ |
175 |
+ ebegin "Starting ${SVCNAME}" |
176 |
+ |
177 |
+ checkconfig || return 1 |
178 |
+ |
179 |
+ local args="" reenter=${RE_ENTER:-no} |
180 |
+ # If the config file does not specify the cd option, we do |
181 |
+ # But if we specify it, we override the config option which we do not want |
182 |
+ if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then |
183 |
+ args="${args} --cd ${VPNDIR}" |
184 |
+ fi |
185 |
+ |
186 |
+ # We mark the service as inactive and then start it. |
187 |
+ # When we get an authenticated packet from the peer then we run our script |
188 |
+ # which configures our DNS if any and marks us as up. |
189 |
+ if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ |
190 |
+ grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then |
191 |
+ reenter="yes" |
192 |
+ args="${args} --up-delay --up-restart" |
193 |
+ args="${args} --script-security 2" |
194 |
+ args="${args} --up /etc/openvpn/up.sh" |
195 |
+ args="${args} --down-pre --down /etc/openvpn/down.sh" |
196 |
+ |
197 |
+ # Warn about setting scripts as we override them |
198 |
+ if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then |
199 |
+ ewarn "WARNING: You have defined your own up/down scripts" |
200 |
+ ewarn "As you're running as a client, we now force Gentoo specific" |
201 |
+ ewarn "scripts to be run for up and down events." |
202 |
+ ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" |
203 |
+ ewarn "where you can put your own code." |
204 |
+ fi |
205 |
+ |
206 |
+ # Warn about the inability to change ip/route/dns information when |
207 |
+ # dropping privs |
208 |
+ if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then |
209 |
+ ewarn "WARNING: You are dropping root privileges!" |
210 |
+ ewarn "As such openvpn may not be able to change ip, routing" |
211 |
+ ewarn "or DNS configuration." |
212 |
+ fi |
213 |
+ else |
214 |
+ # So we're a server. Run as openvpn unless otherwise specified |
215 |
+ grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" |
216 |
+ grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" |
217 |
+ fi |
218 |
+ |
219 |
+ # Ensure that our scripts get the PEER_DNS variable |
220 |
+ [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" |
221 |
+ |
222 |
+ [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" |
223 |
+ start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ |
224 |
+ -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ |
225 |
+ --setenv SVCNAME "${SVCNAME}" ${args} |
226 |
+ eend $? "Check your logs to see why startup failed" |
227 |
+} |
228 |
+ |
229 |
+stop() { |
230 |
+ # If we are re-called by the openvpn gentoo-down.sh script |
231 |
+ # then we don't actually want to stop openvpn |
232 |
+ if [ "${IN_BACKGROUND}" = "true" ] ; then |
233 |
+ mark_service_inactive "${SVCNAME}" |
234 |
+ return 0 |
235 |
+ fi |
236 |
+ |
237 |
+ ebegin "Stopping ${SVCNAME}" |
238 |
+ start-stop-daemon --stop --quiet \ |
239 |
+ --exec /usr/sbin/openvpn --pidfile "${VPNPID}" |
240 |
+ eend $? |
241 |
+} |
242 |
+ |
243 |
+# vim: set ts=4 : |
244 |
|
245 |
diff --git a/net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch b/net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch |
246 |
new file mode 100644 |
247 |
index 0000000..6592cf1 |
248 |
--- /dev/null |
249 |
+++ b/net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch |
250 |
@@ -0,0 +1,10 @@ |
251 |
+--- socket.c~ 2008-11-02 01:39:00.406009999 +0100 |
252 |
++++ socket.c 2008-11-02 01:39:00.406009999 +0100 |
253 |
+@@ -22,6 +22,7 @@ |
254 |
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
255 |
+ */ |
256 |
+ |
257 |
++#define _GNU_SOURCE |
258 |
+ #include "syshead.h" |
259 |
+ |
260 |
+ #include "socket.h" |
261 |
|
262 |
diff --git a/net-misc/openvpn/files/openvpn-2.2.2-pkcs11.patch b/net-misc/openvpn/files/openvpn-2.2.2-pkcs11.patch |
263 |
new file mode 100644 |
264 |
index 0000000..c7115cc |
265 |
--- /dev/null |
266 |
+++ b/net-misc/openvpn/files/openvpn-2.2.2-pkcs11.patch |
267 |
@@ -0,0 +1,36 @@ |
268 |
+diff --git a/easy-rsa/2.0/openssl-0.9.8.cnf b/easy-rsa/2.0/openssl-0.9.8.cnf |
269 |
+index 340b8af..89602a2 100755 |
270 |
+--- a/easy-rsa/2.0/openssl-0.9.8.cnf |
271 |
++++ b/easy-rsa/2.0/openssl-0.9.8.cnf |
272 |
+@@ -283,8 +283,8 @@ authorityKeyIdentifier=keyid:always,issuer:always |
273 |
+ #pkcs11 = pkcs11_section |
274 |
+ |
275 |
+ [ pkcs11_section ] |
276 |
+-engine_id = pkcs11 |
277 |
+-dynamic_path = /usr/lib/engines/engine_pkcs11.so |
278 |
+-MODULE_PATH = $ENV::PKCS11_MODULE_PATH |
279 |
+-PIN = $ENV::PKCS11_PIN |
280 |
+-init = 0 |
281 |
++#engine_id = pkcs11 |
282 |
++#dynamic_path = /usr/lib/engines/engine_pkcs11.so |
283 |
++#MODULE_PATH = $ENV::PKCS11_MODULE_PATH |
284 |
++#PIN = $ENV::PKCS11_PIN |
285 |
++#init = 0 |
286 |
+diff --git a/easy-rsa/2.0/openssl-1.0.0.cnf b/easy-rsa/2.0/openssl-1.0.0.cnf |
287 |
+index fa258a5..527919d 100755 |
288 |
+--- a/easy-rsa/2.0/openssl-1.0.0.cnf |
289 |
++++ b/easy-rsa/2.0/openssl-1.0.0.cnf |
290 |
+@@ -278,8 +278,8 @@ authorityKeyIdentifier=keyid:always,issuer:always |
291 |
+ #pkcs11 = pkcs11_section |
292 |
+ |
293 |
+ [ pkcs11_section ] |
294 |
+-engine_id = pkcs11 |
295 |
+-dynamic_path = /usr/lib/engines/engine_pkcs11.so |
296 |
+-MODULE_PATH = $ENV::PKCS11_MODULE_PATH |
297 |
+-PIN = $ENV::PKCS11_PIN |
298 |
+-init = 0 |
299 |
++#engine_id = pkcs11 |
300 |
++#dynamic_path = /usr/lib/engines/engine_pkcs11.so |
301 |
++#MODULE_PATH = $ENV::PKCS11_MODULE_PATH |
302 |
++#PIN = $ENV::PKCS11_PIN |
303 |
++#init = 0 |
304 |
|
305 |
diff --git a/net-misc/openvpn/files/openvpn.init b/net-misc/openvpn/files/openvpn.init |
306 |
new file mode 100644 |
307 |
index 0000000..489ab49 |
308 |
--- /dev/null |
309 |
+++ b/net-misc/openvpn/files/openvpn.init |
310 |
@@ -0,0 +1,63 @@ |
311 |
+#!/sbin/runscript |
312 |
+# Copyright 1999-2007 Gentoo Foundation |
313 |
+# Distributed under the terms of the GNU General Public License v2 |
314 |
+ |
315 |
+VPNDIR="/etc/openvpn" |
316 |
+VPN="${SVCNAME#*.}" |
317 |
+if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then |
318 |
+ VPNPID="/var/run/openvpn.${VPN}.pid" |
319 |
+else |
320 |
+ VPNPID="/var/run/openvpn.pid" |
321 |
+fi |
322 |
+VPNCONF="${VPNDIR}/${VPN}.conf" |
323 |
+ |
324 |
+depend() { |
325 |
+ need localmount net |
326 |
+ before netmount |
327 |
+ after bootmisc |
328 |
+} |
329 |
+ |
330 |
+checktundevice() { |
331 |
+ if [ ! -e /dev/net/tun ]; then |
332 |
+ if ! modprobe tun ; then |
333 |
+ eerror "TUN/TAP support is not available in this kernel" |
334 |
+ return 1 |
335 |
+ fi |
336 |
+ fi |
337 |
+ if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then |
338 |
+ ebegin "Detected broken /dev/net/tun symlink, fixing..." |
339 |
+ rm -f /dev/net/tun |
340 |
+ ln -s /dev/misc/net/tun /dev/net/tun |
341 |
+ eend $? |
342 |
+ fi |
343 |
+} |
344 |
+ |
345 |
+start() { |
346 |
+ ebegin "Starting ${SVCNAME}" |
347 |
+ |
348 |
+ checktundevice || return 1 |
349 |
+ |
350 |
+ if [ ! -e "${VPNCONF}" ]; then |
351 |
+ eend 1 "${VPNCONF} does not exist" |
352 |
+ return 1 |
353 |
+ fi |
354 |
+ |
355 |
+ local args="" |
356 |
+ # If the config file does not specify the cd option, we do |
357 |
+ # But if we specify it, we override the config option which we do not want |
358 |
+ if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then |
359 |
+ args="${args} --cd ${VPNDIR}" |
360 |
+ fi |
361 |
+ |
362 |
+ start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ |
363 |
+ -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon ${args} |
364 |
+ eend $? "Check your logs to see why startup failed" |
365 |
+} |
366 |
+ |
367 |
+stop() { |
368 |
+ ebegin "Stopping ${SVCNAME}" |
369 |
+ start-stop-daemon --stop --exec /usr/sbin/openvpn --pidfile "${VPNPID}" |
370 |
+ eend $? |
371 |
+} |
372 |
+ |
373 |
+# vim: ts=4 |
374 |
|
375 |
diff --git a/net-misc/openvpn/files/up.sh b/net-misc/openvpn/files/up.sh |
376 |
new file mode 100755 |
377 |
index 0000000..4a88687 |
378 |
--- /dev/null |
379 |
+++ b/net-misc/openvpn/files/up.sh |
380 |
@@ -0,0 +1,82 @@ |
381 |
+#!/bin/sh |
382 |
+# Copyright (c) 2006-2007 Gentoo Foundation |
383 |
+# Distributed under the terms of the GNU General Public License v2 |
384 |
+# Contributed by Roy Marples (uberlord@g.o) |
385 |
+ |
386 |
+# Setup our resolv.conf |
387 |
+# Vitally important that we use the domain entry in resolv.conf so we |
388 |
+# can setup the nameservers are for the domain ONLY in resolvconf if |
389 |
+# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc. |
390 |
+# nscd/libc users will get the VPN nameservers before their other ones |
391 |
+# and will use the first one that responds - maybe the LAN ones? |
392 |
+# non resolvconf users just the the VPN resolv.conf |
393 |
+ |
394 |
+# FIXME:- if we have >1 domain, then we have to use search :/ |
395 |
+# We need to add a flag to resolvconf to say |
396 |
+# "these nameservers should only be used for the listed search domains |
397 |
+# if other global nameservers are present on other interfaces" |
398 |
+# This however, will break compatibility with Debians resolvconf |
399 |
+# A possible workaround would be to just list multiple domain lines |
400 |
+# and try and let resolvconf handle it |
401 |
+ |
402 |
+if [ "${PEER_DNS}" != "no" ]; then |
403 |
+ NS= |
404 |
+ DOMAIN= |
405 |
+ SEARCH= |
406 |
+ i=1 |
407 |
+ while true ; do |
408 |
+ eval opt=\$foreign_option_${i} |
409 |
+ [ -z "${opt}" ] && break |
410 |
+ if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then |
411 |
+ if [ -z "${DOMAIN}" ] ; then |
412 |
+ DOMAIN="${opt#dhcp-option DOMAIN *}" |
413 |
+ else |
414 |
+ SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}" |
415 |
+ fi |
416 |
+ elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then |
417 |
+ NS="${NS}nameserver ${opt#dhcp-option DNS *}\n" |
418 |
+ fi |
419 |
+ i=$((${i} + 1)) |
420 |
+ done |
421 |
+ |
422 |
+ if [ -n "${NS}" ] ; then |
423 |
+ DNS="# Generated by openvpn for interface ${dev}\n" |
424 |
+ if [ -n "${SEARCH}" ] ; then |
425 |
+ DNS="${DNS}search ${DOMAIN} ${SEARCH}\n" |
426 |
+ elif [ -n "${DOMAIN}" ]; then |
427 |
+ DNS="${DNS}domain ${DOMAIN}\n" |
428 |
+ fi |
429 |
+ DNS="${DNS}${NS}" |
430 |
+ if [ -x /sbin/resolvconf ] ; then |
431 |
+ printf "${DNS}" | /sbin/resolvconf -a "${dev}" |
432 |
+ else |
433 |
+ # Preserve the existing resolv.conf |
434 |
+ if [ -e /etc/resolv.conf ] ; then |
435 |
+ cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv |
436 |
+ fi |
437 |
+ printf "${DNS}" > /etc/resolv.conf |
438 |
+ chmod 644 /etc/resolv.conf |
439 |
+ fi |
440 |
+ fi |
441 |
+fi |
442 |
+ |
443 |
+# Below section is Gentoo specific |
444 |
+# Quick summary - our init scripts are re-entrant and set the SVCNAME env var |
445 |
+# as we could have >1 openvpn service |
446 |
+ |
447 |
+if [ -n "${SVCNAME}" ]; then |
448 |
+ # If we have a service specific script, run this now |
449 |
+ if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then |
450 |
+ /etc/openvpn/"${SVCNAME}"-up.sh "$@" |
451 |
+ fi |
452 |
+ |
453 |
+ # Re-enter the init script to start any dependant services |
454 |
+ if ! /etc/init.d/"${SVCNAME}" --quiet status ; then |
455 |
+ export IN_BACKGROUND=true |
456 |
+ /etc/init.d/${SVCNAME} --quiet start |
457 |
+ fi |
458 |
+fi |
459 |
+ |
460 |
+exit 0 |
461 |
+ |
462 |
+# vim: ts=4 : |
463 |
|
464 |
diff --git a/net-misc/openvpn/openvpn-2.2.2.ebuild b/net-misc/openvpn/openvpn-2.2.2.ebuild |
465 |
new file mode 100644 |
466 |
index 0000000..af4c8b9 |
467 |
--- /dev/null |
468 |
+++ b/net-misc/openvpn/openvpn-2.2.2.ebuild |
469 |
@@ -0,0 +1,171 @@ |
470 |
+# Copyright 1999-2011 Gentoo Foundation |
471 |
+# Distributed under the terms of the GNU General Public License v2 |
472 |
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/openvpn-2.2.0-r1.ebuild,v 1.3 2011/07/29 08:45:05 zmedico Exp $ |
473 |
+ |
474 |
+EAPI=4 |
475 |
+ |
476 |
+inherit eutils multilib toolchain-funcs autotools flag-o-matic |
477 |
+ |
478 |
+IPV6_VERSION="2.2.0-ipv6-20110522-1" |
479 |
+DESCRIPTION="OpenVPN is a robust and highly flexible tunneling application compatible with many OSes." |
480 |
+SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz |
481 |
+ ipv6? ( |
482 |
+ http://www.greenie.net/ipv6/openvpn-${IPV6_VERSION}.patch.gz |
483 |
+ )" |
484 |
+HOMEPAGE="http://openvpn.net/" |
485 |
+ |
486 |
+LICENSE="GPL-2" |
487 |
+SLOT="0" |
488 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x86-linux" |
489 |
+# ipv6 patch seems broken, ipv6 is planned for the 2.3 release |
490 |
+#IUSE="examples iproute2 ipv6 minimal pam passwordsave selinux ssl static pkcs11 userland_BSD" |
491 |
+IUSE="examples iproute2 minimal pam passwordsave selinux ssl static pkcs11 userland_BSD" |
492 |
+ |
493 |
+DEPEND=">=dev-libs/lzo-1.07 |
494 |
+ kernel_linux? ( |
495 |
+ iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools ) |
496 |
+ ) |
497 |
+ !minimal? ( pam? ( virtual/pam ) ) |
498 |
+ selinux? ( sec-policy/selinux-openvpn ) |
499 |
+ ssl? ( >=dev-libs/openssl-0.9.6 ) |
500 |
+ pkcs11? ( >=dev-libs/pkcs11-helper-1.05 )" |
501 |
+RDEPEND="${DEPEND}" |
502 |
+ |
503 |
+src_prepare() { |
504 |
+ epatch "${FILESDIR}/${PN}-2.2.2-pkcs11.patch" |
505 |
+ use ipv6 && epatch "${WORKDIR}/${PN}-${IPV6_VERSION}.patch" |
506 |
+ sed -i \ |
507 |
+ -e "s/gcc \${CC_FLAGS}/\${CC} \${CFLAGS} -Wall/" \ |
508 |
+ -e "s/-shared/-shared \${LDFLAGS}/" \ |
509 |
+ plugin/*/Makefile || die "sed failed" |
510 |
+ if use ipv6; then |
511 |
+ eautoreconf |
512 |
+ fi |
513 |
+} |
514 |
+ |
515 |
+src_configure() { |
516 |
+ # basic.h defines a type 'bool' that conflicts with the altivec |
517 |
+ # keyword bool which has to be fixed upstream, see bugs #293840 |
518 |
+ # and #297854. |
519 |
+ # For now, filter out -maltivec on ppc and append -mno-altivec, as |
520 |
+ # -maltivec is enabled implicitly by -mcpu and similar flags. |
521 |
+ (use ppc || use ppc64) && filter-flags -maltivec && append-flags -mno-altivec |
522 |
+ |
523 |
+ local myconf="" |
524 |
+ |
525 |
+ if use minimal ; then |
526 |
+ myconf="${myconf} --disable-plugins" |
527 |
+ myconf="${myconf} --disable-pkcs11" |
528 |
+ else |
529 |
+ myconf="$(use_enable pkcs11)" |
530 |
+ fi |
531 |
+ |
532 |
+ econf ${myconf} \ |
533 |
+ $(use_enable passwordsave password-save) \ |
534 |
+ $(use_enable ssl) \ |
535 |
+ $(use_enable ssl crypto) \ |
536 |
+ $(use_enable iproute2) \ |
537 |
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" |
538 |
+} |
539 |
+ |
540 |
+src_compile() { |
541 |
+ |
542 |
+ if use static ; then |
543 |
+ sed -i -e '/^LIBS/s/LIBS = /LIBS = -static /' Makefile || die "sed failed" |
544 |
+ fi |
545 |
+ |
546 |
+ emake || die "make failed" |
547 |
+ |
548 |
+ if ! use minimal ; then |
549 |
+ cd plugin |
550 |
+ for i in *; do |
551 |
+ [[ ${i} == "README" || ${i} == "examples" || ${i} == "defer" ]] && continue |
552 |
+ [[ ${i} == "auth-pam" ]] && ! use pam && continue |
553 |
+ einfo "Building ${i} plugin" |
554 |
+ emake -C "${i}" CC=$(tc-getCC) || die "make failed" |
555 |
+ done |
556 |
+ cd .. |
557 |
+ fi |
558 |
+} |
559 |
+ |
560 |
+src_install() { |
561 |
+ emake DESTDIR="${D}" install || die "make install failed" |
562 |
+ |
563 |
+ # install documentation |
564 |
+ dodoc AUTHORS ChangeLog PORTS README |
565 |
+ |
566 |
+ # Install some helper scripts |
567 |
+ keepdir /etc/openvpn |
568 |
+ exeinto /etc/openvpn |
569 |
+ doexe "${FILESDIR}/up.sh" || die "doexe failed" |
570 |
+ doexe "${FILESDIR}/down.sh" || die "doexe failed" |
571 |
+ |
572 |
+ # Install the init script and config file |
573 |
+ newinitd "${FILESDIR}/${PN}-2.1.init" openvpn || die "newinitd failed" |
574 |
+ newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn || die "newconfd failed" |
575 |
+ |
576 |
+ # install examples, controlled by the respective useflag |
577 |
+ if use examples ; then |
578 |
+ # dodoc does not supportly support directory traversal, #15193 |
579 |
+ insinto /usr/share/doc/${PF}/examples |
580 |
+ doins -r sample-{config-files,keys,scripts} contrib |
581 |
+ fi |
582 |
+ |
583 |
+ # Install plugins and easy-rsa |
584 |
+ doenvd "${FILESDIR}/65openvpn" # config-protect easy-rsa |
585 |
+ if ! use minimal ; then |
586 |
+ cd easy-rsa/2.0 |
587 |
+ make install "DESTDIR=${D}" "PREFIX=${EPREFIX}/usr/share/${PN}/easy-rsa" |
588 |
+ cd ../.. |
589 |
+ |
590 |
+ exeinto "/usr/$(get_libdir)/${PN}" |
591 |
+ doexe plugin/*/*.so |
592 |
+ fi |
593 |
+} |
594 |
+ |
595 |
+pkg_postinst() { |
596 |
+ # Add openvpn user so openvpn servers can drop privs |
597 |
+ # Clients should run as root so they can change ip addresses, |
598 |
+ # dns information and other such things. |
599 |
+ enewgroup openvpn |
600 |
+ enewuser openvpn "" "" "" openvpn |
601 |
+ |
602 |
+ if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then |
603 |
+ ewarn "WARNING: The openvpn init script has changed" |
604 |
+ ewarn "" |
605 |
+ fi |
606 |
+ |
607 |
+ elog "The openvpn init script expects to find the configuration file" |
608 |
+ elog "openvpn.conf in /etc/openvpn along with any extra files it may need." |
609 |
+ elog "" |
610 |
+ elog "To create more VPNs, simply create a new .conf file for it and" |
611 |
+ elog "then create a symlink to the openvpn init script from a link called" |
612 |
+ elog "openvpn.newconfname - like so" |
613 |
+ elog " cd /etc/openvpn" |
614 |
+ elog " ${EDITOR##*/} foo.conf" |
615 |
+ elog " cd /etc/init.d" |
616 |
+ elog " ln -s openvpn openvpn.foo" |
617 |
+ elog "" |
618 |
+ elog "You can then treat openvpn.foo as any other service, so you can" |
619 |
+ elog "stop one vpn and start another if you need to." |
620 |
+ |
621 |
+ if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then |
622 |
+ ewarn "" |
623 |
+ ewarn "WARNING: If you use the remote keyword then you are deemed to be" |
624 |
+ ewarn "a client by our init script and as such we force up,down scripts." |
625 |
+ ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" |
626 |
+ ewarn "can move your scripts to." |
627 |
+ fi |
628 |
+ |
629 |
+ if ! use minimal ; then |
630 |
+ einfo "" |
631 |
+ einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" |
632 |
+ fi |
633 |
+ |
634 |
+# if use ipv6 ; then |
635 |
+# einfo "" |
636 |
+# einfo "This build contains a community-maintained IPv6 patch." |
637 |
+# einfo "For more information please visit:" |
638 |
+# einfo "http://www.greenie.net/ipv6/openvpn.html" |
639 |
+# fi |
640 |
+} |