Your message dated Wed, 27 Nov 2013 15:34:06 +0000 with message-id <[email protected]> and subject line Bug#614036: fixed in openvpn 2.3.2-6 has caused the Debian Bug report #614036, regarding init.d support for easy --chroot and --user to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 614036: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614036 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openvpn Version: 2.1.3-2 Tags: patch I have found the following changes to /etc/init.d/openvpn make it easy to run openvpn with the --chroot option. This patch moves all the openvpn /var/run files into a subdirectory, so that directory can be then moved into the chroot tree and still linked from the real /var/run. The link makes programs inside the chroot (openvpn itself) and outside (this script) see a consistent view. This patch also automatically handles creating the user specified by a --user option. < Stephen --- debian/openvpn.init.d-2.1.3-2 2011-02-16 09:44:05 +++ debian/openvpn.init.d 2011-02-18 10:42:02 @@ -35,6 +35,26 @@ . /etc/default/openvpn fi +# Outputs the value of a config variable. +# $1 -- the name of the config variable to output +config_line() { + sed -n "s/^[ \t]*$1[ \t]\+\(.*\)/\1/p" \ + "$CONFIG_DIR/$NAME.conf" +} + +# Everybody needs /etc/localtime for logging. +# Clients resolving the server name need /etc/resolv.conf and/or /etc/hosts. +# Hook scripts need /bin/sh, its shared libraries, and /dev/null. +files_to_copy_into_chroot="\ + /etc/localtime \ + /etc/resolv.conf \ + /etc/hosts \ + /bin/sh \ + /lib/ld-linux.so.* \ + /lib/libc.so.* \ + /dev/null \ + " + start_vpn () { if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then # daemon already given in config file @@ -52,22 +72,66 @@ STATUSARG="" else # prepare default status file - STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH" + STATUSARG="--status /var/run/openvpn/$NAME.status $STATUSREFRESH" + fi + + USER_HOME=/var/lib/openvpn + + CHROOT=$(config_line chroot) + if test -n "$CHROOT" ; then + # Sanity check for chroot directory name: + # must include "openvpn" and not include ".." + if echo "$CHROOT" | grep -q -i openvpn && + echo "$CHROOT" | grep -q -v '\.\.' + then + USER_HOME=$CHROOT + # Copy config files into the chroot. + mkdir -p "$CHROOT"/etc + cp -a "$CONFIG_DIR" "$CHROOT"/etc + # Copy other system files we may need into the chroot. + for file in $files_to_copy_into_chroot ; do + mkdir -p "$CHROOT/$(dirname "$file")" + if [ "$file" = /dev/null ]; then + test -c "$CHROOT"/dev/null || mknod "$CHROOT"/dev/null c 1 3 + else + test -f "$file" && cp -p "$file" "$CHROOT/$file" + fi + done + mkdir -p "$CHROOT"/var/run/openvpn + # Arrange that this, like the real /var/run/openvpn, gets + # cleared at boot. + grep -q "$CHROOT"/var/run/openvpn /etc/mtab || + mount -t tmpfs -o noexec,nodev none "$CHROOT"/var/run/openvpn + rm -rf /var/run/openvpn + ln -s "$CHROOT"/var/run/openvpn /var/run/openvpn + else + log_failure_msg "$NAME (illegal chroot directory name)" + fi + else + mkdir -p /var/run/openvpn + fi + + USERARG=$(config_line user) + if test -n "$USERARG" ; then + # user requested in config file, may need to create it + if test -z "$(getent passwd "$USERARG")" ; then + adduser --system --group --home "$USER_HOME" "$USERARG" + fi fi log_progress_msg "$NAME" STATUS=0 start-stop-daemon --start --quiet --oknodo \ - --pidfile /var/run/openvpn.$NAME.pid \ - --exec $DAEMON -- $OPTARGS --writepid /var/run/openvpn.$NAME.pid \ + --pidfile /var/run/openvpn/$NAME.pid \ + --exec $DAEMON -- $OPTARGS --writepid /var/run/openvpn/$NAME.pid \ $DAEMONARG $STATUSARG --cd $CONFIG_DIR \ --config $CONFIG_DIR/$NAME.conf || STATUS=1 } stop_vpn () { kill `cat $PIDFILE` || true rm -f $PIDFILE - rm -f /var/run/openvpn.$NAME.status 2> /dev/null + rm -f /var/run/openvpn/$NAME.status 2> /dev/null } case "$1" in @@ -118,7 +182,7 @@ log_daemon_msg "Stopping $DESC" if test -z "$2" ; then - for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + for PIDFILE in `ls /var/run/openvpn/*.pid 2> /dev/null`; do NAME=`echo $PIDFILE | cut -c18-` NAME=${NAME%%.pid} stop_vpn @@ -127,8 +191,8 @@ else while shift ; do [ -z "$1" ] && break - if test -e /var/run/openvpn.$1.pid ; then - PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null` + if test -e /var/run/openvpn/$1.pid ; then + PIDFILE=`ls /var/run/openvpn/$1.pid 2> /dev/null` NAME=`echo $PIDFILE | cut -c18-` NAME=${NAME%%.pid} stop_vpn @@ -143,7 +207,7 @@ # Only 'reload' running VPNs. New ones will only start with 'start' or 'restart'. reload|force-reload) log_daemon_msg "Reloading $DESC" - for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + for PIDFILE in `ls /var/run/openvpn/*.pid 2> /dev/null`; do NAME=`echo $PIDFILE | cut -c18-` NAME=${NAME%%.pid} # If openvpn if running under a different user than root we'll need to restart @@ -163,7 +227,7 @@ # Only 'soft-restart' running VPNs. New ones will only start with 'start' or 'restart'. soft-restart) log_daemon_msg "$DESC sending SIGUSR1" - for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + for PIDFILE in `ls /var/run/openvpn/*.pid 2> /dev/null`; do NAME=`echo $PIDFILE | cut -c18-` NAME=${NAME%%.pid} kill -USR1 `cat $PIDFILE` || true @@ -180,7 +244,7 @@ ;; cond-restart) log_daemon_msg "Restarting $DESC." - for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + for PIDFILE in `ls /var/run/openvpn/*.pid 2> /dev/null`; do NAME=`echo $PIDFILE | cut -c18-` NAME=${NAME%%.pid} stop_vpn @@ -228,9 +292,9 @@ fi if test "x$AUTOVPN" = "x1" ; then # If it is autostarted, then it contributes to global status - status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1 + status_of_proc -p /var/run/openvpn/${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1 else - status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}' (non autostarted)" || true + status_of_proc -p /var/run/openvpn/${NAME}.pid openvpn "VPN '${NAME}' (non autostarted)" || true fi done else @@ -241,7 +305,7 @@ NAME=$1 if test -e $CONFIG_DIR/$NAME.conf ; then # Config exists - status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1 + status_of_proc -p /var/run/openvpn/${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1 else # Config does not exist log_warning_msg "VPN '$NAME': missing $CONFIG_DIR/$NAME.conf file !"
--- End Message ---
--- Begin Message ---Source: openvpn Source-Version: 2.3.2-6 We believe that the bug you reported is fixed in the latest version of openvpn, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Gonzalez Iniesta <[email protected]> (supplier of updated openvpn package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 27 Nov 2013 13:58:33 +0100 Source: openvpn Binary: openvpn Architecture: source amd64 Version: 2.3.2-6 Distribution: unstable Urgency: low Maintainer: Alberto Gonzalez Iniesta <[email protected]> Changed-By: Alberto Gonzalez Iniesta <[email protected]> Description: openvpn - virtual private network daemon Closes: 614036 Changes: openvpn (2.3.2-6) unstable; urgency=low . * Move PID and status files to openvpn subdir in /run. (Closes: #614036). Thanks Stephen Gildea for the patch and Simon Deziel for the upgrade path. * Add --enable-x509-alt-username option to ./configure Checksums-Sha1: f3e592ef283b8d41bbb5fde09f5c4074ee011766 1863 openvpn_2.3.2-6.dsc 46d1de035d2d3d4787f07f856586f1f2491ffadc 124315 openvpn_2.3.2-6.debian.tar.gz 5e12d6d5dfd8e14e7f2198363a96d301e8ca83a0 450828 openvpn_2.3.2-6_amd64.deb Checksums-Sha256: b19955d9685846e176b5a8ee71367db985a8df05b2ea1aea7766529b478b0592 1863 openvpn_2.3.2-6.dsc bd15ccf69f75c1274b8879a8f500698ff9c3cfc7377479dc67017bf33c371f81 124315 openvpn_2.3.2-6.debian.tar.gz 43980d02c22902cd868dbad1ab5cf901f982c389d91ee30905f583971e0db20a 450828 openvpn_2.3.2-6_amd64.deb Files: 6e38dd7e989f4e8cc06ce51bb13c3318 1863 net optional openvpn_2.3.2-6.dsc 2ff23c3f31dae23861ae434bd9ed7341 124315 net optional openvpn_2.3.2-6.debian.tar.gz 13307b384904478cdcdd8c548040d526 450828 net optional openvpn_2.3.2-6_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCAAGBQJSlg7cAAoJEACbM3VrmqpVicIP/0GhVU10AMqADz+vrcpq6KfX dUyEUGfrDMauD25mY3ZNorMQbRmjRXAlsl57fsXrhBGGUjw2WoVaqgJNGi5qwTey OtZwFh0ImBLrcbQYzD+KQs/aml6u5OxjheGeV/ytRNNskHiU4ckFj/h66p4E2nph hlowjBDfOgpR8xY/RIusljl3zovwH8zTndVWBwaOCJFIw5gTzfamjPe8PNoaKRhU DEVx+ysc1A+6eooLweGHtwW1Bbtut8jbnVIIY6aafISuma1hJfBQ7EJrqz5mvJK4 ncMLDb6McnnXswGSctce0DkCFm/shGxErFVUwJYF4uxdbJbKTGP8pFafnQURqq3H HgFI2bX7i+KDNQBB1j9BOsHRkjyuPQAKDZC309cSuNkf3gJzDLU4l3BQltKayqFv OhWiSHp15afzTqdjLlwb1ArYJiDoidWH/zJgpGny4pwkmmrjvW9K8gV9GuE5CSJS OzJrVvvVW5SXC43UYa1Vwy7VLG7mFCKMzqFH6p0LsTbCmDhqnHOMt26BOGv2KPL8 gKr43uOh3tp5AlUwVLqrJ3vtBe6QikiSB1q+FWail4cnzLXTmo+Jjx/IBrA9yv+6 lFIXld4VDnu5ofNv6ehOXAvQaWDUyK0lCUcsv5PJBsHyUE/3I1VQ5Nprndff8yiC /k/OBJunHei0lsCT87E2 =FTD7 -----END PGP SIGNATURE-----
--- End Message ---
