summarylogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO8
-rw-r--r--0002-do-not-race-on-RuntimeDirectory.patch45
-rw-r--r--PKGBUILD14
3 files changed, 39 insertions, 28 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 6e3f8068b18..bae44be83f3 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,9 @@
# Generated by mksrcinfo v8
-# Fri Dec 16 21:42:58 UTC 2016
+# Mon Dec 26 17:00:45 UTC 2016
pkgbase = openvpn-git
pkgdesc = An easy-to-use, robust and highly configurable VPN (Virtual Private Network) - git checkout
- pkgver = 2.4.rc2.r0.ga5ae0138
- pkgrel = 2
+ pkgver = 2.4.rc2.r8.g4ba943b0
+ pkgrel = 1
url = http://openvpn.net/index.php/open-source.html
arch = i686
arch = x86_64
@@ -25,7 +25,7 @@ pkgbase = openvpn-git
source = 0002-do-not-race-on-RuntimeDirectory.patch
sha256sums = SKIP
sha256sums = b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c
- sha256sums = 6cc4863a9e7d43f2ff79141dce53aa92fd5e9c395434b6838c81b57ea45d4fc4
+ sha256sums = a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c
pkgname = openvpn-git
diff --git a/0002-do-not-race-on-RuntimeDirectory.patch b/0002-do-not-race-on-RuntimeDirectory.patch
index 7e4783e62dc..3e40606ee26 100644
--- a/0002-do-not-race-on-RuntimeDirectory.patch
+++ b/0002-do-not-race-on-RuntimeDirectory.patch
@@ -1,50 +1,59 @@
-From 0f91d8cb9aa7102fedfb1ff524b945fde83817f8 Mon Sep 17 00:00:00 2001
+From 3e8b360cca4d97bef113a25f982601d4742af896 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
-Date: Fri, 16 Dec 2016 16:53:47 +0100
+Date: Fri, 16 Dec 2016 22:56:15 +0100
Subject: [PATCH 1/1] do not race on RuntimeDirectory
Different unit instances create and destroy the same RuntimeDirectory.
This leads to running instances where the status file (and possibly
more runtime data) is no longer accessible.
-So create a RuntimeDirectory per instance.
+So do not handle this in unit files but provide a tmpfiles.d
+configuration and let systemd-tmpfiles do the work.
+Nobody will (unintentionally) delete the directories and its content.
+As /run is volatile we do not have to care about cleanup.
Signed-off-by: Christian Hesse <mail@eworm.de>
---
- distro/systemd/openvpn-client@.service | 2 +-
- distro/systemd/openvpn-server@.service | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
+ distro/systemd/openvpn-client@.service | 2 --
+ distro/systemd/openvpn-server@.service | 2 --
+ distro/systemd/openvpn.conf | 2 ++
+ 3 files changed, 2 insertions(+), 4 deletions(-)
+ create mode 100644 distro/systemd/openvpn.conf
diff --git a/distro/systemd/openvpn-client@.service b/distro/systemd/openvpn-client@.service
-index 5618af3..fcb5302 100644
+index 5618af3..1187ee8 100644
--- a/distro/systemd/openvpn-client@.service
+++ b/distro/systemd/openvpn-client@.service
-@@ -9,7 +9,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
[Service]
Type=notify
PrivateTmp=true
-RuntimeDirectory=openvpn-client
-+RuntimeDirectory=openvpn-client@%i
- RuntimeDirectoryMode=0710
+-RuntimeDirectoryMode=0710
WorkingDirectory=/etc/openvpn/client
ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
diff --git a/distro/systemd/openvpn-server@.service b/distro/systemd/openvpn-server@.service
-index b9b4dba..8b240cf 100644
+index b9b4dba..25a6bb7 100644
--- a/distro/systemd/openvpn-server@.service
+++ b/distro/systemd/openvpn-server@.service
-@@ -9,10 +9,10 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+@@ -9,8 +9,6 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
[Service]
Type=notify
PrivateTmp=true
-RuntimeDirectory=openvpn-server
-+RuntimeDirectory=openvpn-server@%i
- RuntimeDirectoryMode=0710
+-RuntimeDirectoryMode=0710
WorkingDirectory=/etc/openvpn/server
--ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
-+ExecStart=/usr/sbin/openvpn --status %t/openvpn-server@%i/status.log --status-version 2 --suppress-timestamps --config %i.conf
+ ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
- LimitNPROC=10
- DeviceAllow=/dev/null rw
+diff --git a/distro/systemd/openvpn.conf b/distro/systemd/openvpn.conf
+new file mode 100644
+index 0000000..bb79671
+--- /dev/null
++++ b/distro/systemd/openvpn.conf
+@@ -0,0 +1,2 @@
++d /run/openvpn-client 0710 root root -
++d /run/openvpn-server 0710 root root -
--
2.11.0
diff --git a/PKGBUILD b/PKGBUILD
index c2a80e5635c..4c7944ab509 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,8 +1,8 @@
# Maintainer: Christian Hesse <mail@eworm.de>
pkgname=openvpn-git
-pkgver=2.4.rc2.r0.ga5ae0138
-pkgrel=2
+pkgver=2.4.rc2.r8.g4ba943b0
+pkgrel=1
pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network) - git checkout'
arch=('i686' 'x86_64')
url='http://openvpn.net/index.php/open-source.html'
@@ -18,7 +18,7 @@ source=('git://github.com/OpenVPN/openvpn.git'
'0002-do-not-race-on-RuntimeDirectory.patch')
sha256sums=('SKIP'
'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c'
- '6cc4863a9e7d43f2ff79141dce53aa92fd5e9c395434b6838c81b57ea45d4fc4')
+ 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c')
pkgver() {
cd openvpn/
@@ -82,8 +82,8 @@ package() {
cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples
# Install license
- install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn
- ln -sf /usr/share/doc/"${pkgname}"/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn
+ install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
+ ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/
# Install contrib
for FILE in $(find contrib -type f); do
@@ -93,8 +93,10 @@ package() {
esac
done
- # Install systemd services
+ # Install systemd files
install -d -m0755 "${pkgdir}"/usr/lib/systemd/system/
install -m0644 distro/systemd/openvpn-{client,server}@.service "${pkgdir}"/usr/lib/systemd/system/
+ install -d -m0755 "${pkgdir}"/usr/lib/tmpfiles.d/ "${pkgdir}"/run/openvpn-{client,server}
+ install -m0644 distro/systemd/openvpn.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf
}