From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Aug 7 02:00:34 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1418316A41F for ; Sun, 7 Aug 2005 02:00:34 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B688043D5A for ; Sun, 7 Aug 2005 02:00:32 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j7720Wpb044256 for ; Sun, 7 Aug 2005 02:00:32 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j7720WQ6044255; Sun, 7 Aug 2005 02:00:32 GMT (envelope-from gnats) Resent-Date: Sun, 7 Aug 2005 02:00:32 GMT Resent-Message-Id: <200508070200.j7720WQ6044255@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthias Andree Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 806FC16A41F for ; Sun, 7 Aug 2005 01:50:39 +0000 (GMT) (envelope-from matthias.andree@gmx.de) Received: from mail.dt.e-technik.uni-dortmund.de (krusty.dt.E-Technik.Uni-Dortmund.DE [129.217.163.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62B9543D6B for ; Sun, 7 Aug 2005 01:47:23 +0000 (GMT) (envelope-from matthias.andree@gmx.de) Received: from localhost (localhost [127.0.0.1]) by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id EAF2744081 for ; Sun, 7 Aug 2005 03:47:20 +0200 (CEST) Received: from mail.dt.e-technik.uni-dortmund.de ([127.0.0.1]) by localhost (krusty [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10786-07 for ; Sun, 7 Aug 2005 03:47:19 +0200 (CEST) Received: from m2a2.dyndns.org (p50914770.dip.t-dialin.net [80.145.71.112]) by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id B7B9E44046 for ; Sun, 7 Aug 2005 03:47:14 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by merlin.emma.line.org (Postfix) with ESMTP id 8007177F27; Sun, 7 Aug 2005 03:47:13 +0200 (CEST) Received: from m2a2.dyndns.org ([127.0.0.1]) by localhost (m2a2.dyndns.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21779-01; Sun, 7 Aug 2005 03:47:12 +0200 (CEST) Received: from libertas.emma.line.org (libertas.emma.line.org [192.168.0.2]) by merlin.emma.line.org (Postfix) with ESMTP id 98647779C4; Sun, 7 Aug 2005 03:47:12 +0200 (CEST) Received: from emma by libertas.emma.line.org with local (Exim 4.52 (FreeBSD)) id 1E1aFr-000JWS-U6; Sun, 07 Aug 2005 03:47:12 +0200 Message-Id: Date: Sun, 07 Aug 2005 03:47:11 +0200 From: Matthias Andree Sender: Matthias Andree To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/84633: [MAINTAINER] security/openvpn: rcNG-ify, make LZO optional X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Aug 2005 02:00:34 -0000 >Number: 84633 >Category: ports >Synopsis: [MAINTAINER] security/openvpn: rcNG-ify, make LZO optional >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Aug 07 02:00:31 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 4.11-RELEASE-p11 i386 >Organization: >Environment: System: FreeBSD libertas.emma.line.org 4.11-RELEASE-p11 FreeBSD 4.11-RELEASE-p11 #1: Sat Jul 2 12:53:26 CEST >Description: Due to public demand, there is now a rcNG start script that can load the tun, tap driver modules (or both) and launch OpenVPN. I've got several suggestions, scripts, by various people, but ended up writing my own, implementing ideas Matthias Grimm and Dirk Gouders communicated. LZO payload compression can be deselected, to remove the liblzo.so.1 dependency. Note that LZO can also be en-/disabled at runtime if support was compiled in. Added file(s): - files/openvpn.sh.in Removed file(s): - files/openvpn.sh.sample Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: >Fix: --- openvpn-2.0_4.patch begins here --- diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile --- /usr/ports/security/openvpn/Makefile Wed Jul 20 19:26:33 2005 +++ /usr/home/emma/ports/security/openvpn/Makefile Sun Aug 7 03:38:17 2005 @@ -1,21 +1,19 @@ # New ports collection makefile for: openvpn # Date created: 2002-06-23 -# Whom: Matthias Andree +# Whom: Matthias Andree # # $FreeBSD: ports/security/openvpn/Makefile,v 1.14 2005/07/14 13:15:47 garga Exp $ # PORTNAME= openvpn DISTVERSION= 2.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= http://openvpn.net/release/ MAINTAINER= matthias.andree@gmx.de COMMENT= Secure IP/Ethernet tunnel daemon -LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo - GNU_CONFIGURE= yes USE_OPENSSL= yes CONFIGURE_TARGET= --build=${ARCH}-portbld-freebsd${OSREL} @@ -24,7 +22,10 @@ MAN8= openvpn.8 -OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off +OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off \ + LZO1 "Use LZO 1.X payload compression" on + +USE_RC_SUBR= openvpn.sh .include @@ -32,6 +33,12 @@ CONFIGURE_ARGS+= --enable-password-save .endif +.if defined(WITHOUT_LZO1) +CONFIGURE_ARGS+= --disable-lzo +.else +LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo +.endif + # self-tests here post-build: ( set -e ; cd ${WRKSRC} && \ @@ -43,8 +50,6 @@ wait ; }) post-install: - ${INSTALL_SCRIPT} ${FILESDIR}/openvpn.sh.sample \ - ${PREFIX}/etc/rc.d/openvpn.sh.sample .if !defined(NOPORTDOCS) ${MKDIR} ${DOCSDIR} .for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \ diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/openvpn.sh.in /usr/home/emma/ports/security/openvpn/files/openvpn.sh.in --- /usr/ports/security/openvpn/files/openvpn.sh.in Thu Jan 1 01:00:00 1970 +++ /usr/home/emma/ports/security/openvpn/files/openvpn.sh.in Sun Aug 7 03:33:40 2005 @@ -0,0 +1,98 @@ +#!/bin/sh +# +# openvpn.sh - load tun/tap driver and start OpenVPN daemon +# +# (C) Copyright 2005 by Matthias Andree +# based on suggestions by Matthias Grimm and Dirk Gouders +# +# Made in Northrhine-Westphalia, Germany +# +# $FreeBSD$ +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +# Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# PROVIDE: openvpn +# REQUIRE: DAEMON +# BEFORE: +# KEYWORD: FreeBSD shutdown + +# +# Add the following line to /etc/rc.conf to enable openvpn: +# +# openvpn_enable="YES" # YES or NO +# openvpn_if="tun" # driver(s) to load, set to "tun", "tap" or "tun tap" +# +# # optional: +# openvpn_flags="" # openvpn command line flags +# openvpn_config="%%PREFIX%%/etc/openvpn/openvpn.conf" # --config file +# openvpn_dir="%%PREFIX%%/etc/openvpn" # --cd directory +# +# You also need to set openvpn_configfile and openvpn_dir, if the configuration +# file and directory where keys and certificates reside differ from the above +# settings. +# +# Note that we deliberately refrain from unloading drivers. +# +# For further documentation, please see openvpn(8). +# + +. %%RC_SUBR%% + +name=openvpn +rcvar=`set_rcvar` + +prefix="%%PREFIX%%" + +openvpn_precmd() +{ + for i in $openvpn_if ; do + if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 ; then + if ! kldload if_${i} ; then + warn "Could not load $i module." + return 1 + fi + fi + done + return 0 +} + +stop_postcmd() +{ + rm -f "$pidfile" || warn "Could not remove $pidfile." +} + +# support SIGHUP to reparse configuration file +extra_commands="reload" + +# pidfile +pidfile="/var/run/${name}.pid" + +# command and arguments +command="%%PREFIX%%/sbin/${name}" + +# run this first +start_precmd="openvpn_precmd" +# and this last +stop_postcmd="stop_postcmd" + +load_rc_config ${name} +: ${openvpn_enable="NO"} +: ${openvpn_flags=""} +: ${openvpn_if=""} +: ${openvpn_configfile="${prefix}/etc/openvpn/openvpn.conf"} +: ${openvpn_dir="${prefix}/etc/openvpn"} +required_files="${openvpn_configfile}" +command_args="--cd ${openvpn_dir} --daemon --config ${openvpn_configfile} --writepid ${pidfile}" +run_rc_command "$1" diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/openvpn.sh.sample /usr/home/emma/ports/security/openvpn/files/openvpn.sh.sample --- /usr/ports/security/openvpn/files/openvpn.sh.sample Fri Oct 25 22:55:29 2002 +++ /usr/home/emma/ports/security/openvpn/files/openvpn.sh.sample Thu Jan 1 01:00:00 1970 @@ -1,19 +0,0 @@ -#! /bin/sh -# (C) 2002 by Matthias Andree - -# This file may be redistributed according to the terms of the GNU General -# Public License, version 2 (two). - -# To use this script, rename it to openvpn.sh and make sure it is -# executable for the owner. - -# This file rouses a security warning at port install time. However, this -# file itself does not start network services, but it loads a kernel driver. -# The security of this file therefore depends on the security of kldload and -# the if_tap driver. - -case x$1 in - xstart) echo -n ' if_tap' ; exec kldload if_tap ;; - xstop) echo -n ' if_tap' ; exec kldunload if_tap ;; - *) echo >&2 "Usage: $0 {start|stop}" -esac diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-plist /usr/home/emma/ports/security/openvpn/pkg-plist --- /usr/ports/security/openvpn/pkg-plist Mon May 30 13:27:16 2005 +++ /usr/home/emma/ports/security/openvpn/pkg-plist Sun Aug 7 03:10:49 2005 @@ -1,5 +1,4 @@ sbin/openvpn -etc/rc.d/openvpn.sh.sample %%PORTDOCS%%%%DOCSDIR%%/AUTHORS %%PORTDOCS%%%%DOCSDIR%%/COPYING %%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL --- openvpn-2.0_4.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: