new package: openvpn21 2.1rc4 (Virtual Private Network Facility)

openvpn21/fsl.openvpn

@@ -0,0 +1,16 @@
+##
+##  fsl.openvpn -- OSSP fsl configuration
+##
+
+ident (openvpn)/.+ q{
+    prefix(
+        prefix="%b %d %H:%M:%S %N <%L> $1[%P]: "
+    )
+    -> {
+        debug: file(
+            path="@l_prefix@/var/openvpn/openvpn.log",
+            perm=0644, jitter=1, monitor=3600
+        )
+    }
+};
+

openvpn21/openvpn.conf

@@ -0,0 +1,17 @@
+##
+##  openvpn.conf -- OpenVPN Server Configuration
+##
+
+#   use a dynamic tun(4) device
+dev tun
+
+#   the remote peer
+remote 192.168.0.1
+
+#   10.0.0.1 is the local  VPN endpoint
+#   10.0.0.2 is the remote VPN endpoint
+ifconfig 10.0.0.1 10.0.0.2
+
+#   the pre-shared static key
+secret openvpn.key
+

openvpn21/openvpn21.patch

@@ -0,0 +1,26 @@
+Index: sample-scripts/verify-cn
+--- sample-scripts/verify-cn.orig	2005-02-07 03:08:16 +0100
++++ sample-scripts/verify-cn	2005-08-25 19:37:04 +0200
+@@ -36,7 +36,8 @@
+     if ($x509 =~ /\/CN=([^\/]+)/) {
+ 	# Accept the connection if the X509 common name
+ 	# string matches the passed cn argument.
+-	if ($cn eq $1) {
++	my $x509_cn = $1;
++	if ($x509_cn =~ m/^${cn}$/s) {
+ 	    exit 0;
+ 	}
+     }
+Index: tun.c
+--- tun.c.orig	2005-08-04 06:46:17.000000000 +0200
++++ tun.c	2005-09-28 20:31:17.062344594 +0200
+@@ -1168,7 +1168,8 @@
+ #elif defined(TARGET_SOLARIS)
+ 
+ #ifndef TUNNEWPPA
+-#error I need the symbol TUNNEWPPA from net/if_tun.h
++#warning I usually need the symbol TUNNEWPPA from net/if_tun.h -- using a shameless local copy taken from TUN 1.1
++#define TUNNEWPPA   (('T'<<16) | 0x0001)
+ #endif
+ 
+ void

openvpn21/openvpn21.spec

@@ -0,0 +1,180 @@
+##
+##  openvpn21.spec -- OpenPKG RPM Package Specification
+##  Copyright (c) 2000-2007 OpenPKG Foundation e.V. <http://openpkg.net/>
+##  Copyright (c) 2000-2007 Ralf S. Engelschall <http://engelschall.com/>
+##
+##  Permission to use, copy, modify, and distribute this software for
+##  any purpose with or without fee is hereby granted, provided that
+##  the above copyright notice and this permission notice appear in all
+##  copies.
+##
+##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
+##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+##  SUCH DAMAGE.
+##
+
+#   package version
+%define       V_dist 2.1_rc4
+%define       V_opkg 2.1rc4
+
+#   package information
+Name:         openvpn21
+Summary:      Virtual Private Network Facility
+URL:          http://openvpn.sourceforge.net/
+Vendor:       James Yonan
+Packager:     OpenPKG Foundation e.V.
+Distribution: OpenPKG Community
+Class:        EVAL
+Group:        Network
+License:      GPL
+Version:      %{V_opkg}
+Release:      20071017
+
+#   package options
+%option       with_fsl  yes
+
+#   list of sources
+Source0:      http://openvpn.net/release/openvpn-%{V_dist}.tar.gz
+Source1:      rc.openvpn
+Source2:      fsl.openvpn
+Source3:      openvpn.conf
+Patch0:       openvpn21.patch
+
+#   build information
+Prefix:       %{l_prefix}
+BuildRoot:    %{l_buildroot}
+BuildPreReq:  OpenPKG, openpkg >= 20060823
+PreReq:       OpenPKG, openpkg >= 20060823, perl
+BuildPreReq:  openssl, lzo >= 1.08
+PreReq:       openssl, lzo >= 1.08
+%if "%{with_fsl}" == "yes"
+BuildPreReq:  fsl >= 1.3.0
+PreReq:       fsl >= 1.3.0
+%endif
+AutoReq:      no
+AutoReqProv:  no
+Provides:     openvpn = %{version}-%{release}
+Conflicts:    openvpn
+
+%description
+    OpenVPN is a robust and highly configurable VPN (Virtual Private
+    Network) daemon which can be used to securely link two or more
+    private networks using an encrypted tunnel over the internet.
+
+%track
+    prog openvpn21 = {
+        version   = %{V_dist}
+        url       = http://openvpn.net/release/
+        regex     = openvpn-(\d+\.\d+(\.\d+)*)\.tar\.gz
+    }
+
+%prep
+    %setup -q -n openvpn-%{V_dist}
+    %patch -p0
+
+%build
+    #   configure program
+    CC="%{l_cc}" \
+    CFLAGS="%{l_cflags -O}" \
+    CPPFLAGS="%{l_cppflags lzo openssl}" \
+    LDFLAGS="%{l_ldflags} %{l_fsl_ldflags}" \
+    LIBS="%{l_fsl_libs}" \
+    ./configure \
+        --prefix=%{l_prefix} \
+        --mandir=%{l_prefix}/man \
+        --with-ssl-headers=%{l_prefix}/include/openssl \
+        --with-ssl-lib=%{l_prefix}/lib \
+        --with-lzo-headers=%{l_prefix}/include/lzo \
+        --with-lzo-lib=%{l_prefix}/lib
+
+    #   build program
+    %{l_make} %{l_mflags -O}
+
+%install
+    #   install program
+    rm -rf $RPM_BUILD_ROOT
+    %{l_make} %{l_mflags} install AM_MAKEFLAGS="DESTDIR=$RPM_BUILD_ROOT"
+
+    #   strip down installation files
+    strip $RPM_BUILD_ROOT%{l_prefix}/sbin/* >/dev/null 2>&1 || true
+
+    #   install additional files
+    %{l_shtool} install -c -m 755 %{l_value -s -a} \
+        -e 's;/usr/bin/perl;%{l_prefix}/bin/perl;' \
+        sample-scripts/verify-cn $RPM_BUILD_ROOT%{l_prefix}/sbin/openvpn-verify-cn
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/man/cat8
+    %{l_shtool} install -c -m 644 \
+        management/management-notes.txt $RPM_BUILD_ROOT%{l_prefix}/man/cat8/openvpn-management.8
+
+    #   install run-command script
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
+    %{l_shtool} install -c -m 755 %{l_value -s -a} \
+        %{SOURCE rc.openvpn} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
+
+    #   install default config file
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/openvpn
+    %{l_shtool} install -c -m 644 %{l_value -s -a} \
+        %{SOURCE openvpn.conf} \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/openvpn/
+
+    #   install OSSP fsl configuration
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/fsl
+    %{l_shtool} install -c -m 644 %{l_value -s -a} \
+        %{SOURCE fsl.openvpn} \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
+
+    #   create run-time directory
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/var/openvpn
+
+    #   determine installation files
+    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
+        %{l_files_std} \
+        '%config %{l_prefix}/etc/fsl/fsl.openvpn' \
+        '%config %{l_prefix}/etc/openvpn/openvpn.conf'
+
+%files -f files
+
+%clean
+    rm -rf $RPM_BUILD_ROOT
+
+%post
+    #   on initial install, create a sample shared key
+    if [ $1 -eq 1 ]; then
+        if [ ! -f $RPM_INSTALL_PREFIX/etc/openvpn/openvpn.dh ]; then
+            $RPM_INSTALL_PREFIX/bin/openssl dhparam \
+                -out $RPM_INSTALL_PREFIX/etc/openvpn/openvpn.dh 1024
+        fi
+        if [ ! -f $RPM_INSTALL_PREFIX/etc/openvpn/openvpn.key ]; then
+            $RPM_INSTALL_PREFIX/sbin/openvpn \
+                --genkey --secret $RPM_INSTALL_PREFIX/etc/openvpn/openvpn.key
+        fi
+    fi
+
+    #   after upgrade, restart service
+    [ $1 -eq 2 ] || exit 0
+    eval `%{l_rc} openvpn status 2>/dev/null`
+    [ ".$openvpn_active" = .yes ] && %{l_rc} openvpn restart
+    exit 0
+
+%preun
+    #   before erase, stop service and remove log files
+    [ $1 -eq 0 ] || exit 0
+    %{l_rc} openvpn stop 2>/dev/null
+    rm -f $RPM_INSTALL_PREFIX/var/openvpn/*.log*   >/dev/null 2>&1 || true
+    rm -f $RPM_INSTALL_PREFIX/var/openvpn/*.status >/dev/null 2>&1 || true
+    exit 0
+

openvpn21/openvpnctl

@@ -0,0 +1,66 @@
+#!/bin/sh
+##
+##  openvpnctl -- OpenVPN Daemon Control
+##
+
+openvpn_bindir="@l_prefix@/sbin"
+openvpn_etcdir="@l_prefix@/etc/openvpn"
+openvpn_vardir="@l_prefix@/var/openvpn"
+
+name_full2short () {
+    echo "$1" |\
+    sed -e 's;^.*/\([^/]*\)$;\1;' \
+        -e 's;\.conf$;;' \
+        -e 's;^openvpn-;;' \
+        -e 's;^$;default;'
+}
+
+name_short2full () {
+    echo "$1" |\
+    sed -e 's;^default$;;' \
+        -e 's;^;openvpn-;'
+}
+
+cmd="$1"; shift
+case "$cmd" in
+    list )
+        for cfgfile in $openvpn_etcdir/*.conf; do
+            [ ".`grep '^disable' $cfgfile`" != . ] && continue
+            name_full2short "$cfgfile"
+        done
+        ;;
+    start )
+        name=`name_short2full "$1"`; shift
+        if [ -f $openvpn_etcdir/$name.sh -a ".$name" != .openvpn ]; then
+            sh $openvpn_etcdir/$name.sh start || exit $?
+        fi
+        $openvpn_bindir/openvpn \
+            --daemon "$name" \
+            --log-append $openvpn_vardir/$name.log \
+            --writepid $openvpn_vardir/$name.pid \
+            --status $openvpn_vardir/$name.status 60 \
+            --config $openvpn_etcdir/$name.conf \
+            --cd $openvpn_etcdir || exit $?
+        ;;
+    signal )
+        name=`name_short2full "$1"`; shift
+        [ -f $openvpn_vardir/$name.pid ] && kill -$2 `cat $openvpn_vardir/$name.pid`
+        ;;
+    reload )
+        name=`name_short2full "$1"`; shift
+        [ -f $openvpn_vardir/$name.pid ] && kill -USR1 `cat $openvpn_vardir/$name.pid`
+        if [ -f $openvpn_etcdir/$name.sh ]; then
+            sh $openvpn_etcdir/$name.sh reload || true
+        fi
+        ;;
+    stop )
+        name=`name_short2full "$1"`; shift
+        [ -f $openvpn_vardir/$name.pid ] && kill -TERM `cat $openvpn_vardir/$name.pid`
+        sleep 1
+        if [ -f $openvpn_etcdir/$name.sh -a ".$name" != .openvpn ]; then
+            sh $openvpn_etcdir/$name.sh stop || true
+        fi
+        rm -f $openvpn_vardir/$name.pid 2>/dev/null || true
+        ;;
+esac
+

openvpn21/rc.openvpn

@@ -0,0 +1,110 @@
+#!@l_prefix@/bin/openpkg rc
+##
+##  rc.openvpn -- Run-Commands
+##
+
+%config
+    openvpn_enable="$openpkg_rc_def"
+    openvpn_log_prolog="true"
+    openvpn_log_epilog="true"
+    openvpn_log_numfiles="10"
+    openvpn_log_minsize="1M"
+    openvpn_log_complevel="9"
+
+%common
+    openvpn_etcdir="@l_prefix@/etc/openvpn"
+    openvpn_vardir="@l_prefix@/var/openvpn"
+    openvpn_signal () {
+        [ -f $openvpn_vardir/$1.pid ] && kill -$2 `cat $openvpn_vardir/$1.pid`
+    }
+
+%status -u @l_susr@ -o
+    openvpn_usable="unknown"
+    openvpn_active="yes"
+    if rcService openvpn enable yes; then
+        for cfgfile in $openvpn_etcdir/*.conf; do
+            [ ".`grep '^disable' $cfgfile`" != . ] && continue
+            name=`echo "$cfgfile" | sed -e 's;^.*/\([^/]*\)\.conf;\1;'`
+            openvpn_signal $name 0
+            if [ $? -ne 0 ]; then
+                openvpn_active="no"
+                break
+            fi
+        done
+    fi
+    echo "openvpn_enable=\"$openvpn_enable\""
+    echo "openvpn_usable=\"$openvpn_usable\""
+    echo "openvpn_active=\"$openvpn_active\""
+
+%start -p 200 -u @l_susr@
+    rcService openvpn enable yes || exit 0
+    rcService openvpn active yes && exit 0
+    if [ -f $openvpn_etcdir/openvpn.sh ]; then
+        sh $openvpn_etcdir/openvpn.sh start || exit $?
+    fi
+    for cfgfile in $openvpn_etcdir/*.conf; do
+        [ ".`grep '^disable' $cfgfile`" != . ] && continue
+        name=`echo "$cfgfile" | sed -e 's;^.*/\([^/]*\)\.conf;\1;'`
+        if [ -f $openvpn_etcdir/$name.sh -a ".$name" != .openvpn ]; then
+            sh $openvpn_etcdir/$name.sh start || exit $?
+        fi
+        @l_prefix@/sbin/openvpn \
+            --daemon "$name" \
+            --log-append $openvpn_vardir/$name.log \
+            --writepid $openvpn_vardir/$name.pid \
+            --status $openvpn_vardir/$name.status 60 \
+            --config $cfgfile \
+            --cd $openvpn_etcdir || exit $?
+    done
+
+%stop -p 800 -u @l_susr@
+    rcService openvpn enable yes || exit 0
+    rcService openvpn active no && exit 0
+    for cfgfile in $openvpn_etcdir/*.conf; do
+        [ ".`grep '^disable' $cfgfile`" != . ] && continue
+        name=`echo "$cfgfile" | sed -e 's;^.*/\([^/]*\)\.conf;\1;'`
+        openvpn_signal $name TERM
+    done
+    sleep 1
+    for cfgfile in $openvpn_etcdir/*.conf; do
+        [ ".`grep '^disable' $cfgfile`" != . ] && continue
+        name=`echo "$cfgfile" | sed -e 's;^.*/\([^/]*\)\.conf;\1;'`
+        if [ -f $openvpn_etcdir/$name.sh -a ".$name" != .openvpn ]; then
+            sh $openvpn_etcdir/$name.sh stop || true
+        fi
+    done
+    if [ -f $openvpn_etcdir/openvpn.sh ]; then
+        sh $openvpn_etcdir/openvpn.sh stop || true
+    fi
+    rm -f $openvpn_vardir/*.pid 2>/dev/null || true
+
+%restart -u @l_susr@
+    rcService openvpn enable yes || exit 0
+    rcService openvpn active no && exit 0
+    rc openvpn stop start
+
+%reload -u @l_susr@
+    rcService openvpn enable yes || exit 0
+    rcService openvpn active no && exit 0
+    for cfgfile in $openvpn_etcdir/*.conf; do
+        [ ".`grep '^disable' $cfgfile`" != . ] && continue
+        name=`echo "$cfgfile" | sed -e 's;^.*/\([^/]*\)\.conf;\1;'`
+        openvpn_signal $name USR1
+        if [ -f $openvpn_etcdir/$name.sh ]; then
+            sh $openvpn_etcdir/$name.sh reload || true
+        fi
+    done
+
+%daily -u @l_susr@
+    rcService openvpn enable yes || exit 0
+    for cfgfile in $openvpn_etcdir/*.conf; do
+        [ ".`grep '^disable' $cfgfile`" != . ] && continue
+        name=`echo "$cfgfile" | sed -e 's;^.*/\([^/]*\)\.conf;\1;'`
+        shtool rotate -f \
+            -n ${openvpn_log_numfiles} -s ${openvpn_log_minsize} -d \
+            -z ${openvpn_log_complevel} -o @l_rusr@ -g @l_rgrp@ -m 644 \
+            -P "${openvpn_log_prolog}" \
+            -E "${openvpn_log_epilog}; rc openvpn reload" \
+            $openvpn_vardir/$name.log
+    done
+