Date: Sun, 07 Aug 2005 03:47:11 +0200 From: Matthias Andree <matthias.andree@gmx.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/84633: [MAINTAINER] security/openvpn: rcNG-ify, make LZO optional Message-ID: <E1E1aFr-000JWS-U6@libertas.emma.line.org> Resent-Message-ID: <200508070200.j7720WQ6044255@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 84633 >Category: ports >Synopsis: [MAINTAINER] security/openvpn: rcNG-ify, make LZO optional >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Aug 07 02:00:31 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 4.11-RELEASE-p11 i386 >Organization: >Environment: System: FreeBSD libertas.emma.line.org 4.11-RELEASE-p11 FreeBSD 4.11-RELEASE-p11 #1: Sat Jul 2 12:53:26 CEST >Description: Due to public demand, there is now a rcNG start script that can load the tun, tap driver modules (or both) and launch OpenVPN. I've got several suggestions, scripts, by various people, but ended up writing my own, implementing ideas Matthias Grimm and Dirk Gouders communicated. LZO payload compression can be deselected, to remove the liblzo.so.1 dependency. Note that LZO can also be en-/disabled at runtime if support was compiled in. Added file(s): - files/openvpn.sh.in Removed file(s): - files/openvpn.sh.sample Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: >Fix: --- openvpn-2.0_4.patch begins here --- diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile --- /usr/ports/security/openvpn/Makefile Wed Jul 20 19:26:33 2005 +++ /usr/home/emma/ports/security/openvpn/Makefile Sun Aug 7 03:38:17 2005 @@ -1,21 +1,19 @@ # New ports collection makefile for: openvpn # Date created: 2002-06-23 -# Whom: Matthias Andree <matthias.andree@web.de> +# Whom: Matthias Andree <matthias.andree@gmx.de> # # $FreeBSD: ports/security/openvpn/Makefile,v 1.14 2005/07/14 13:15:47 garga Exp $ # PORTNAME= openvpn DISTVERSION= 2.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= http://openvpn.net/release/ MAINTAINER= matthias.andree@gmx.de COMMENT= Secure IP/Ethernet tunnel daemon -LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo - GNU_CONFIGURE= yes USE_OPENSSL= yes CONFIGURE_TARGET= --build=${ARCH}-portbld-freebsd${OSREL} @@ -24,7 +22,10 @@ MAN8= openvpn.8 -OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off +OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off \ + LZO1 "Use LZO 1.X payload compression" on + +USE_RC_SUBR= openvpn.sh .include <bsd.port.pre.mk> @@ -32,6 +33,12 @@ CONFIGURE_ARGS+= --enable-password-save .endif +.if defined(WITHOUT_LZO1) +CONFIGURE_ARGS+= --disable-lzo +.else +LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo +.endif + # self-tests here post-build: ( set -e ; cd ${WRKSRC} && \ @@ -43,8 +50,6 @@ wait ; }) post-install: - ${INSTALL_SCRIPT} ${FILESDIR}/openvpn.sh.sample \ - ${PREFIX}/etc/rc.d/openvpn.sh.sample .if !defined(NOPORTDOCS) ${MKDIR} ${DOCSDIR} .for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \ diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/openvpn.sh.in /usr/home/emma/ports/security/openvpn/files/openvpn.sh.in --- /usr/ports/security/openvpn/files/openvpn.sh.in Thu Jan 1 01:00:00 1970 +++ /usr/home/emma/ports/security/openvpn/files/openvpn.sh.in Sun Aug 7 03:33:40 2005 @@ -0,0 +1,98 @@ +#!/bin/sh +# +# openvpn.sh - load tun/tap driver and start OpenVPN daemon +# +# (C) Copyright 2005 by Matthias Andree +# based on suggestions by Matthias Grimm and Dirk Gouders +# +# Made in Northrhine-Westphalia, Germany +# +# $FreeBSD$ +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +# Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# PROVIDE: openvpn +# REQUIRE: DAEMON +# BEFORE: +# KEYWORD: FreeBSD shutdown + +# +# Add the following line to /etc/rc.conf to enable openvpn: +# +# openvpn_enable="YES" # YES or NO +# openvpn_if="tun" # driver(s) to load, set to "tun", "tap" or "tun tap" +# +# # optional: +# openvpn_flags="" # openvpn command line flags +# openvpn_config="%%PREFIX%%/etc/openvpn/openvpn.conf" # --config file +# openvpn_dir="%%PREFIX%%/etc/openvpn" # --cd directory +# +# You also need to set openvpn_configfile and openvpn_dir, if the configuration +# file and directory where keys and certificates reside differ from the above +# settings. +# +# Note that we deliberately refrain from unloading drivers. +# +# For further documentation, please see openvpn(8). +# + +. %%RC_SUBR%% + +name=openvpn +rcvar=`set_rcvar` + +prefix="%%PREFIX%%" + +openvpn_precmd() +{ + for i in $openvpn_if ; do + if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 ; then + if ! kldload if_${i} ; then + warn "Could not load $i module." + return 1 + fi + fi + done + return 0 +} + +stop_postcmd() +{ + rm -f "$pidfile" || warn "Could not remove $pidfile." +} + +# support SIGHUP to reparse configuration file +extra_commands="reload" + +# pidfile +pidfile="/var/run/${name}.pid" + +# command and arguments +command="%%PREFIX%%/sbin/${name}" + +# run this first +start_precmd="openvpn_precmd" +# and this last +stop_postcmd="stop_postcmd" + +load_rc_config ${name} +: ${openvpn_enable="NO"} +: ${openvpn_flags=""} +: ${openvpn_if=""} +: ${openvpn_configfile="${prefix}/etc/openvpn/openvpn.conf"} +: ${openvpn_dir="${prefix}/etc/openvpn"} +required_files="${openvpn_configfile}" +command_args="--cd ${openvpn_dir} --daemon --config ${openvpn_configfile} --writepid ${pidfile}" +run_rc_command "$1" diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/openvpn.sh.sample /usr/home/emma/ports/security/openvpn/files/openvpn.sh.sample --- /usr/ports/security/openvpn/files/openvpn.sh.sample Fri Oct 25 22:55:29 2002 +++ /usr/home/emma/ports/security/openvpn/files/openvpn.sh.sample Thu Jan 1 01:00:00 1970 @@ -1,19 +0,0 @@ -#! /bin/sh -# (C) 2002 by Matthias Andree - -# This file may be redistributed according to the terms of the GNU General -# Public License, version 2 (two). - -# To use this script, rename it to openvpn.sh and make sure it is -# executable for the owner. - -# This file rouses a security warning at port install time. However, this -# file itself does not start network services, but it loads a kernel driver. -# The security of this file therefore depends on the security of kldload and -# the if_tap driver. - -case x$1 in - xstart) echo -n ' if_tap' ; exec kldload if_tap ;; - xstop) echo -n ' if_tap' ; exec kldunload if_tap ;; - *) echo >&2 "Usage: $0 {start|stop}" -esac diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-plist /usr/home/emma/ports/security/openvpn/pkg-plist --- /usr/ports/security/openvpn/pkg-plist Mon May 30 13:27:16 2005 +++ /usr/home/emma/ports/security/openvpn/pkg-plist Sun Aug 7 03:10:49 2005 @@ -1,5 +1,4 @@ sbin/openvpn -etc/rc.d/openvpn.sh.sample %%PORTDOCS%%%%DOCSDIR%%/AUTHORS %%PORTDOCS%%%%DOCSDIR%%/COPYING %%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL --- openvpn-2.0_4.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1E1aFr-000JWS-U6>