Date: Tuesday, December 27, 2016 @ 13:58:37 Author: eworm Revision: 284861
archrelease: copy trunk to testing-i686, testing-x86_64 Added: openvpn/repos/testing-i686/ openvpn/repos/testing-i686/0001-plugin.patch (from rev 284860, openvpn/trunk/0001-plugin.patch) openvpn/repos/testing-i686/0002-do-not-race-on-RuntimeDirectory.patch (from rev 284860, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch) openvpn/repos/testing-i686/PKGBUILD (from rev 284860, openvpn/trunk/PKGBUILD) openvpn/repos/testing-i686/news.md (from rev 284860, openvpn/trunk/news.md) openvpn/repos/testing-i686/openvpn.install (from rev 284860, openvpn/trunk/openvpn.install) openvpn/repos/testing-x86_64/ openvpn/repos/testing-x86_64/0001-plugin.patch (from rev 284860, openvpn/trunk/0001-plugin.patch) openvpn/repos/testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch (from rev 284860, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch) openvpn/repos/testing-x86_64/PKGBUILD (from rev 284860, openvpn/trunk/PKGBUILD) openvpn/repos/testing-x86_64/news.md (from rev 284860, openvpn/trunk/news.md) openvpn/repos/testing-x86_64/openvpn.install (from rev 284860, openvpn/trunk/openvpn.install) -----------------------------------------------------------+ testing-i686/0001-plugin.patch | 46 ++++++ testing-i686/0002-do-not-race-on-RuntimeDirectory.patch | 59 +++++++ testing-i686/PKGBUILD | 89 ++++++++++++ testing-i686/news.md | 17 ++ testing-i686/openvpn.install | 24 +++ testing-x86_64/0001-plugin.patch | 46 ++++++ testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch | 59 +++++++ testing-x86_64/PKGBUILD | 89 ++++++++++++ testing-x86_64/news.md | 17 ++ testing-x86_64/openvpn.install | 24 +++ 10 files changed, 470 insertions(+) Copied: openvpn/repos/testing-i686/0001-plugin.patch (from rev 284860, openvpn/trunk/0001-plugin.patch) =================================================================== --- testing-i686/0001-plugin.patch (rev 0) +++ testing-i686/0001-plugin.patch 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,46 @@ +diff --git a/configure.ac b/configure.ac +index f4073d0..5fe652e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -301,13 +301,12 @@ AC_ARG_WITH( + [with_crypto_library="openssl"] + ) + +-AC_ARG_WITH( +- [plugindir], +- [AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])], +- , +- [with_plugindir="\$(libdir)/openvpn/plugins"] +-) +- ++AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@]) ++if test -n "${PLUGINDIR}"; then ++ plugindir="${PLUGINDIR}" ++else ++ plugindir="\${libdir}/openvpn/plugins" ++fi + + AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host]) + case "$host" in +@@ -1245,7 +1244,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "ye + AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"]) + AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"]) + +-plugindir="${with_plugindir}" + sampledir="\$(docdir)/sample" + AC_SUBST([plugindir]) + AC_SUBST([sampledir]) +diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am +index 4c18449..188834a 100644 +--- a/src/openvpn/Makefile.am ++++ b/src/openvpn/Makefile.am +@@ -27,7 +27,8 @@ AM_CFLAGS = \ + $(OPTIONAL_CRYPTO_CFLAGS) \ + $(OPTIONAL_LZO_CFLAGS) \ + $(OPTIONAL_LZ4_CFLAGS) \ +- $(OPTIONAL_PKCS11_HELPER_CFLAGS) ++ $(OPTIONAL_PKCS11_HELPER_CFLAGS) \ ++ -DPLUGIN_LIBDIR=\"${plugindir}\" + if WIN32 + # we want unicode entry point but not the macro + AM_CFLAGS += -municode -UUNICODE Copied: openvpn/repos/testing-i686/0002-do-not-race-on-RuntimeDirectory.patch (from rev 284860, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch) =================================================================== --- testing-i686/0002-do-not-race-on-RuntimeDirectory.patch (rev 0) +++ testing-i686/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,59 @@ +From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Fri, 16 Dec 2016 22:56:15 +0100 +Subject: [PATCH 1/1] do not race on RuntimeDirectory + +Different unit instances create and destroy the same RuntimeDirectory. +This leads to running instances where the status file (and possibly +more runtime data) is no longer accessible. + +So do not handle this in unit files but provide a tmpfiles.d +configuration and let systemd-tmpfiles do the work. +Nobody will (unintentionally) delete the directories and its content. +As /run is volatile we do not have to care about cleanup. + +Signed-off-by: Christian Hesse <m...@eworm.de> +--- + distro/systemd/openvpn-client@.service | 2 -- + distro/systemd/openvpn-server@.service | 2 -- + distro/systemd/openvpn.conf | 2 ++ + 3 files changed, 2 insertions(+), 4 deletions(-) + create mode 100644 distro/systemd/openvpn.conf + +diff --git a/distro/systemd/openvpn-client@.service b/distro/systemd/openvpn-client@.service +index 5618af3..1187ee8 100644 +--- a/distro/systemd/openvpn-client@.service ++++ b/distro/systemd/openvpn-client@.service +@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + [Service] + Type=notify + PrivateTmp=true +-RuntimeDirectory=openvpn-client +-RuntimeDirectoryMode=0710 + WorkingDirectory=/etc/openvpn/client + ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf + CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE +diff --git a/distro/systemd/openvpn-server@.service b/distro/systemd/openvpn-server@.service +index b9b4dba..25a6bb7 100644 +--- a/distro/systemd/openvpn-server@.service ++++ b/distro/systemd/openvpn-server@.service +@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + [Service] + Type=notify + PrivateTmp=true +-RuntimeDirectory=openvpn-server +-RuntimeDirectoryMode=0710 + WorkingDirectory=/etc/openvpn/server + ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf + CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE +diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf +new file mode 100644 +index 0000000..bb79671 +--- /dev/null ++++ b/distro/systemd/openvpn.conf +@@ -0,0 +1,2 @@ ++d /run/openvpn-client 0710 root root - ++d /run/openvpn-server 0710 root root - +-- +2.11.0 + Copied: openvpn/repos/testing-i686/PKGBUILD (from rev 284860, openvpn/trunk/PKGBUILD) =================================================================== --- testing-i686/PKGBUILD (rev 0) +++ testing-i686/PKGBUILD 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,89 @@ +# $Id$ +# Maintainer: Christian Hesse <m...@eworm.de> + +pkgname=openvpn +pkgver=2.4.0 +pkgrel=1 +pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)' +arch=('i686' 'x86_64') +url='http://openvpn.net/index.php/open-source.html' +depends=('openssl' 'lzo' 'iproute2' 'libsystemd' 'pkcs11-helper') +optdepends=('easy-rsa: easy CA and certificate handling') +makedepends=('systemd') +license=('custom') +install=openvpn.install +validpgpkeys=('03300E11FED16F59715F9996C29D97ED198D22A3' # Samuli Seppänen <samuli.seppa...@gmail.com> + '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <dav...@openvpn.net> +source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc} + '0001-plugin.patch' + '0002-do-not-race-on-RuntimeDirectory.patch') +sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e' + 'SKIP' + 'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c' + 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c') + +prepare() { + cd "${srcdir}"/${pkgname}-${pkgver} + + # plugin path + patch -Np1 < "${srcdir}"/0001-plugin.patch + + # do not race on RuntimeDirectory + patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch + + # regenerate configure script + autoreconf -fi +} + +build() { + cd "${srcdir}"/${pkgname}-${pkgver} + + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --enable-iproute2 \ + --enable-pkcs11 \ + --enable-plugins \ + --enable-systemd \ + --enable-x509-alt-username + make +} + +check() { + cd "${srcdir}"/${pkgname}-${pkgver} + + make check +} + +package() { + cd "${srcdir}"/${pkgname}-${pkgver} + + # Install openvpn + make DESTDIR="${pkgdir}" install + + # Create empty configuration directories + install -d -m0750 -g 90 "${pkgdir}"/etc/openvpn/{client,server} + + # Install examples + install -d -m0755 "${pkgdir}"/usr/share/openvpn + cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples + + # Install license + install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/ + ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/ + + # Install contrib + for FILE in $(find contrib -type f); do + case "$(file --brief --mime-type "${FILE}")" in + "text/x-shellscript") install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;; + *) install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;; + esac + done + + # Install systemd files + install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/ + install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/ + install -D -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf + install -d -m0710 "${pkgdir}"/run/openvpn-{client,server} +} + Copied: openvpn/repos/testing-i686/news.md (from rev 284860, openvpn/trunk/news.md) =================================================================== --- testing-i686/news.md (rev 0) +++ testing-i686/news.md 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,17 @@ +OpenVPN 2.4.0 update requires administrative interaction +======================================================== + +The upgrade to openvpn 2.4.0 makes changes that are incompatible with +previous configurations. Take **special care** if you depend on VPN +connectivity for **remote access**! Administrative interaction is required: + +* Configuration is expected in sub directories now. Move your files + from `/etc/openvpn/` to `/etc/openvpn/server/` or `/etc/openvpn/client/`. +* The plugin lookup path changed, remove extra `plugins/` from relative + paths. +* The systemd unit `openvpn@.service` was replaced with + `openvpn-client@.service` and `openvpn-server@.service`. Restart and + reenable accordingly. + +This does not affect the functionality of `networkmanager`, `connman` +or `qopenvpn`. Copied: openvpn/repos/testing-i686/openvpn.install (from rev 284860, openvpn/trunk/openvpn.install) =================================================================== --- testing-i686/openvpn.install (rev 0) +++ testing-i686/openvpn.install 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,24 @@ +#!/bin/sh + +post_upgrade() { + # return if old package version greater 2.4... + (( $(vercmp $2 '2.4') > 0 )) && return + + # upgrade from pre-2.4 version... + echo "This upgrade from openvpn $2 to openvpn $1 made changes that require" + echo "administrative interaction:" + echo " -> Configuration is expected in sub directories now. Move your files" + echo " from /etc/openvpn/ to /etc/openvpn/server/ or /etc/openvpn/client/." + echo " -> The plugin lookup path changed, remove extra 'plugins/' from relative paths." + echo " -> The systemd unit openvpn@.service was replaced with openvpn-client@.service" + echo " and openvpn-server@.service. Restart and reenable accordingly." + + local UNITS="$(systemctl list-units --quiet --no-pager --no-legend --plain | grep '^openvpn@' | cut -d' ' -f1)" + if (( ${#UNITS} )); then + echo "This is a (possibly incomplete) list of units that need to be acted on:" + for UNIT in ${UNITS}; do + echo " -> ${UNIT}" + done + fi +} + Copied: openvpn/repos/testing-x86_64/0001-plugin.patch (from rev 284860, openvpn/trunk/0001-plugin.patch) =================================================================== --- testing-x86_64/0001-plugin.patch (rev 0) +++ testing-x86_64/0001-plugin.patch 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,46 @@ +diff --git a/configure.ac b/configure.ac +index f4073d0..5fe652e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -301,13 +301,12 @@ AC_ARG_WITH( + [with_crypto_library="openssl"] + ) + +-AC_ARG_WITH( +- [plugindir], +- [AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])], +- , +- [with_plugindir="\$(libdir)/openvpn/plugins"] +-) +- ++AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@]) ++if test -n "${PLUGINDIR}"; then ++ plugindir="${PLUGINDIR}" ++else ++ plugindir="\${libdir}/openvpn/plugins" ++fi + + AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host]) + case "$host" in +@@ -1245,7 +1244,6 @@ AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "ye + AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"]) + AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"]) + +-plugindir="${with_plugindir}" + sampledir="\$(docdir)/sample" + AC_SUBST([plugindir]) + AC_SUBST([sampledir]) +diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am +index 4c18449..188834a 100644 +--- a/src/openvpn/Makefile.am ++++ b/src/openvpn/Makefile.am +@@ -27,7 +27,8 @@ AM_CFLAGS = \ + $(OPTIONAL_CRYPTO_CFLAGS) \ + $(OPTIONAL_LZO_CFLAGS) \ + $(OPTIONAL_LZ4_CFLAGS) \ +- $(OPTIONAL_PKCS11_HELPER_CFLAGS) ++ $(OPTIONAL_PKCS11_HELPER_CFLAGS) \ ++ -DPLUGIN_LIBDIR=\"${plugindir}\" + if WIN32 + # we want unicode entry point but not the macro + AM_CFLAGS += -municode -UUNICODE Copied: openvpn/repos/testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch (from rev 284860, openvpn/trunk/0002-do-not-race-on-RuntimeDirectory.patch) =================================================================== --- testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch (rev 0) +++ testing-x86_64/0002-do-not-race-on-RuntimeDirectory.patch 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,59 @@ +From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Fri, 16 Dec 2016 22:56:15 +0100 +Subject: [PATCH 1/1] do not race on RuntimeDirectory + +Different unit instances create and destroy the same RuntimeDirectory. +This leads to running instances where the status file (and possibly +more runtime data) is no longer accessible. + +So do not handle this in unit files but provide a tmpfiles.d +configuration and let systemd-tmpfiles do the work. +Nobody will (unintentionally) delete the directories and its content. +As /run is volatile we do not have to care about cleanup. + +Signed-off-by: Christian Hesse <m...@eworm.de> +--- + distro/systemd/openvpn-client@.service | 2 -- + distro/systemd/openvpn-server@.service | 2 -- + distro/systemd/openvpn.conf | 2 ++ + 3 files changed, 2 insertions(+), 4 deletions(-) + create mode 100644 distro/systemd/openvpn.conf + +diff --git a/distro/systemd/openvpn-client@.service b/distro/systemd/openvpn-client@.service +index 5618af3..1187ee8 100644 +--- a/distro/systemd/openvpn-client@.service ++++ b/distro/systemd/openvpn-client@.service +@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + [Service] + Type=notify + PrivateTmp=true +-RuntimeDirectory=openvpn-client +-RuntimeDirectoryMode=0710 + WorkingDirectory=/etc/openvpn/client + ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf + CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE +diff --git a/distro/systemd/openvpn-server@.service b/distro/systemd/openvpn-server@.service +index b9b4dba..25a6bb7 100644 +--- a/distro/systemd/openvpn-server@.service ++++ b/distro/systemd/openvpn-server@.service +@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + [Service] + Type=notify + PrivateTmp=true +-RuntimeDirectory=openvpn-server +-RuntimeDirectoryMode=0710 + WorkingDirectory=/etc/openvpn/server + ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf + CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE +diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf +new file mode 100644 +index 0000000..bb79671 +--- /dev/null ++++ b/distro/systemd/openvpn.conf +@@ -0,0 +1,2 @@ ++d /run/openvpn-client 0710 root root - ++d /run/openvpn-server 0710 root root - +-- +2.11.0 + Copied: openvpn/repos/testing-x86_64/PKGBUILD (from rev 284860, openvpn/trunk/PKGBUILD) =================================================================== --- testing-x86_64/PKGBUILD (rev 0) +++ testing-x86_64/PKGBUILD 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,89 @@ +# $Id$ +# Maintainer: Christian Hesse <m...@eworm.de> + +pkgname=openvpn +pkgver=2.4.0 +pkgrel=1 +pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)' +arch=('i686' 'x86_64') +url='http://openvpn.net/index.php/open-source.html' +depends=('openssl' 'lzo' 'iproute2' 'libsystemd' 'pkcs11-helper') +optdepends=('easy-rsa: easy CA and certificate handling') +makedepends=('systemd') +license=('custom') +install=openvpn.install +validpgpkeys=('03300E11FED16F59715F9996C29D97ED198D22A3' # Samuli Seppänen <samuli.seppa...@gmail.com> + '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <dav...@openvpn.net> +source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc} + '0001-plugin.patch' + '0002-do-not-race-on-RuntimeDirectory.patch') +sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e' + 'SKIP' + 'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c' + 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c') + +prepare() { + cd "${srcdir}"/${pkgname}-${pkgver} + + # plugin path + patch -Np1 < "${srcdir}"/0001-plugin.patch + + # do not race on RuntimeDirectory + patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch + + # regenerate configure script + autoreconf -fi +} + +build() { + cd "${srcdir}"/${pkgname}-${pkgver} + + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --enable-iproute2 \ + --enable-pkcs11 \ + --enable-plugins \ + --enable-systemd \ + --enable-x509-alt-username + make +} + +check() { + cd "${srcdir}"/${pkgname}-${pkgver} + + make check +} + +package() { + cd "${srcdir}"/${pkgname}-${pkgver} + + # Install openvpn + make DESTDIR="${pkgdir}" install + + # Create empty configuration directories + install -d -m0750 -g 90 "${pkgdir}"/etc/openvpn/{client,server} + + # Install examples + install -d -m0755 "${pkgdir}"/usr/share/openvpn + cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples + + # Install license + install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/ + ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/ + + # Install contrib + for FILE in $(find contrib -type f); do + case "$(file --brief --mime-type "${FILE}")" in + "text/x-shellscript") install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;; + *) install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;; + esac + done + + # Install systemd files + install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/ + install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/ + install -D -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf + install -d -m0710 "${pkgdir}"/run/openvpn-{client,server} +} + Copied: openvpn/repos/testing-x86_64/news.md (from rev 284860, openvpn/trunk/news.md) =================================================================== --- testing-x86_64/news.md (rev 0) +++ testing-x86_64/news.md 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,17 @@ +OpenVPN 2.4.0 update requires administrative interaction +======================================================== + +The upgrade to openvpn 2.4.0 makes changes that are incompatible with +previous configurations. Take **special care** if you depend on VPN +connectivity for **remote access**! Administrative interaction is required: + +* Configuration is expected in sub directories now. Move your files + from `/etc/openvpn/` to `/etc/openvpn/server/` or `/etc/openvpn/client/`. +* The plugin lookup path changed, remove extra `plugins/` from relative + paths. +* The systemd unit `openvpn@.service` was replaced with + `openvpn-client@.service` and `openvpn-server@.service`. Restart and + reenable accordingly. + +This does not affect the functionality of `networkmanager`, `connman` +or `qopenvpn`. Copied: openvpn/repos/testing-x86_64/openvpn.install (from rev 284860, openvpn/trunk/openvpn.install) =================================================================== --- testing-x86_64/openvpn.install (rev 0) +++ testing-x86_64/openvpn.install 2016-12-27 13:58:37 UTC (rev 284861) @@ -0,0 +1,24 @@ +#!/bin/sh + +post_upgrade() { + # return if old package version greater 2.4... + (( $(vercmp $2 '2.4') > 0 )) && return + + # upgrade from pre-2.4 version... + echo "This upgrade from openvpn $2 to openvpn $1 made changes that require" + echo "administrative interaction:" + echo " -> Configuration is expected in sub directories now. Move your files" + echo " from /etc/openvpn/ to /etc/openvpn/server/ or /etc/openvpn/client/." + echo " -> The plugin lookup path changed, remove extra 'plugins/' from relative paths." + echo " -> The systemd unit openvpn@.service was replaced with openvpn-client@.service" + echo " and openvpn-server@.service. Restart and reenable accordingly." + + local UNITS="$(systemctl list-units --quiet --no-pager --no-legend --plain | grep '^openvpn@' | cut -d' ' -f1)" + if (( ${#UNITS} )); then + echo "This is a (possibly incomplete) list of units that need to be acted on:" + for UNIT in ${UNITS}; do + echo " -> ${UNIT}" + done + fi +} +