openvpn: upgrade to 2.3.6.

The purpose of this patch as below. 1. upgrade openvpn to 2.3.6 in order to fix CVE-2014-8104 2. enable systemd 3. provide new packages named ${PN}-sample to help user create config file easily and check whether is openvpn work. Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Bian Naimeng <biannm@cn.fujitsu.com> 2014-12-15 14:29:00 +0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2014-12-19 20:10:56 +0100
commit: 3add4db0fc379ef2bb10d27f212f380411f302a5 (patch)
tree: d136706bc5f0d7830f0656352932f4b6f29d7ab7 /meta-networking/recipes-support/openvpn
parent: 3856a63fc99b688f8fb314581f8a6c35f98ec2d4 (diff)
download: meta-openembedded-3add4db0fc379ef2bb10d27f212f380411f302a5.tar.gz
3 files changed, 75 insertions, 33 deletions
diff --git a/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service b/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
new file mode 100644
index 000000000..358dcb791
--- /dev/null
+++ b/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
+After=syslog.target network.target
+[Service]
+PrivateTmp=true
+Type=forking
+PIDFile=/var/run/openvpn/%i.pid
+ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb b/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb
deleted file mode 100644
index 1fb722a44..000000000
--- a/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb
+++ /dev/null
@@ -1,33 +0,0 @@
-SUMMARY = "A full-featured SSL VPN solution via tun device."
-HOMEPAGE = "http://openvpn.sourceforge.net"
-SECTION = "console/network"
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5aac200199fde47501876cba7263cb0c"
-DEPENDS = "lzo openssl iproute2 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-inherit autotools
-SRC_URI = "http://swupdate.openvpn.org/community/releases/openvpn-${PV}.tar.gz \
-           file://openvpn"
-SRC_URI[md5sum] = "04d47237907faabe9d046970ffe44b2e"
-SRC_URI[sha256sum] = "af506d5f48568fa8d2f2435cb3fad35f9a9a8f263999ea6df3ba296960cec85a"
-CFLAGS += "-fno-inline"
-# I want openvpn to be able to read password from file (hrw)
-EXTRA_OECONF += "--enable-password-save --enable-iproute2"
-EXTRA_OECONF += "${@base_contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}"
-# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
-EXTRA_OECONF += "IPROUTE=/sbin/ip"
-do_install_append() {
-    install -d ${D}/${sysconfdir}/init.d
-    install -d ${D}/${sysconfdir}/openvpn
-    install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
-}
-RRECOMMENDS_${PN} = "kernel-module-tun"
-FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb b/meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb
new file mode 100644
index 000000000..58ddcc813
--- /dev/null
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb
@@ -0,0 +1,63 @@
+SUMMARY = "A full-featured SSL VPN solution via tun device."
+HOMEPAGE = "http://openvpn.sourceforge.net"
+SECTION = "console/network"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=5aac200199fde47501876cba7263cb0c"
+DEPENDS = "lzo openssl iproute2 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+inherit autotools systemd
+SRC_URI = "http://swupdate.openvpn.org/community/releases/openvpn-${PV}.tar.gz \
+           file://openvpn \
+           file://openvpn@.service "
+SRC_URI[md5sum] = "6ca03fe0fd093e0d01601abee808835c"
+SRC_URI[sha256sum] = "7baed2ff39c12e1a1a289ec0b46fcc49ff094ca58b8d8d5f29b36ac649ee5b26"
+SYSTEMD_SERVICE_${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+CFLAGS += "-fno-inline"
+# I want openvpn to be able to read password from file (hrw)
+EXTRA_OECONF += "--enable-password-save --enable-iproute2"
+EXTRA_OECONF += "${@base_contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}"
+# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
+EXTRA_OECONF += "IPROUTE=/sbin/ip"
+do_install_append() {
+    install -d ${D}/${sysconfdir}/init.d
+    install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
+    install -d ${D}/${sysconfdir}/openvpn
+    install -d ${D}/${sysconfdir}/openvpn/sample
+    install -m 755 ${S}/sample/sample-config-files/loopback-server  ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
+    install -m 755 ${S}/sample/sample-config-files/loopback-client  ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+    install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys
+    install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys
+    if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}/${systemd_unitdir}/system
+        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system
+        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service
+        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service
+        install -d ${D}/${localstatedir}
+        install -d ${D}/${localstatedir}/lib
+        install -d -m 710 ${D}/${localstatedir}/lib/openvpn
+        install -d -m 755 ${D}/${localstatedir}/run/
+        install -d -m 755 ${D}/${localstatedir}/run/openvpn
+    fi
+}
+PACKAGES =+ " ${PN}-sample "
+RRECOMMENDS_${PN} = "kernel-module-tun"
+FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
+FILES_${PN} += "${systemd_unitdir}/system/openvpn@.service \
+                /run"
+FILES_${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \
+                       ${systemd_unitdir}/system/openvpn@loopback-client.service \
+                       ${sysconfdir}/openvpn/sample/"
author	Bian Naimeng <biannm@cn.fujitsu.com>	2014-12-15 14:29:00 +0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2014-12-19 20:10:56 +0100
commit	3add4db0fc379ef2bb10d27f212f380411f302a5 (patch)
tree	d136706bc5f0d7830f0656352932f4b6f29d7ab7 /meta-networking/recipes-support/openvpn
parent	3856a63fc99b688f8fb314581f8a6c35f98ec2d4 (diff)
download	meta-openembedded-3add4db0fc379ef2bb10d27f212f380411f302a5.tar.gz

diff --git a/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service b/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service new file mode 100644 index 000000000..358dcb791 --- /dev/null +++ b/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
@@ -0,0 +1,12 @@
		1	[Unit]
		2	Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
		3	After=syslog.target network.target
		4
		5	[Service]
		6	PrivateTmp=true
		7	Type=forking
		8	PIDFile=/var/run/openvpn/%i.pid
		9	ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
		10
		11	[Install]
		12	WantedBy=multi-user.target


diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb b/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb deleted file mode 100644 index 1fb722a44..000000000 --- a/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb +++ /dev/null
@@ -1,33 +0,0 @@
1	SUMMARY = "A full-featured SSL VPN solution via tun device."
2	HOMEPAGE = "http://openvpn.sourceforge.net"
3	SECTION = "console/network"
4	LICENSE = "GPLv2"
5	LIC_FILES_CHKSUM = "file://COPYING;md5=5aac200199fde47501876cba7263cb0c"
6	DEPENDS = "lzo openssl iproute2 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
7
8	inherit autotools
9
10	SRC_URI = "http://swupdate.openvpn.org/community/releases/openvpn-${PV}.tar.gz \
11	file://openvpn"
12
13	SRC_URI[md5sum] = "04d47237907faabe9d046970ffe44b2e"
14	SRC_URI[sha256sum] = "af506d5f48568fa8d2f2435cb3fad35f9a9a8f263999ea6df3ba296960cec85a"
15
16	CFLAGS += "-fno-inline"
17
18	# I want openvpn to be able to read password from file (hrw)
19	EXTRA_OECONF += "--enable-password-save --enable-iproute2"
20	EXTRA_OECONF += "${@base_contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}"
21
22	# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
23	EXTRA_OECONF += "IPROUTE=/sbin/ip"
24
25	do_install_append() {
26	install -d ${D}/${sysconfdir}/init.d
27	install -d ${D}/${sysconfdir}/openvpn
28	install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
29	}
30
31	RRECOMMENDS_${PN} = "kernel-module-tun"
32
33	FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug"


diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb b/meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb new file mode 100644 index 000000000..58ddcc813 --- /dev/null +++ b/meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb
@@ -0,0 +1,63 @@
		1	SUMMARY = "A full-featured SSL VPN solution via tun device."
		2	HOMEPAGE = "http://openvpn.sourceforge.net"
		3	SECTION = "console/network"
		4	LICENSE = "GPLv2"
		5	LIC_FILES_CHKSUM = "file://COPYING;md5=5aac200199fde47501876cba7263cb0c"
		6	DEPENDS = "lzo openssl iproute2 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
		7
		8	inherit autotools systemd
		9
		10	SRC_URI = "http://swupdate.openvpn.org/community/releases/openvpn-${PV}.tar.gz \
		11	file://openvpn \
		12	file://openvpn@.service "
		13
		14	SRC_URI[md5sum] = "6ca03fe0fd093e0d01601abee808835c"
		15	SRC_URI[sha256sum] = "7baed2ff39c12e1a1a289ec0b46fcc49ff094ca58b8d8d5f29b36ac649ee5b26"
		16
		17	SYSTEMD_SERVICE_${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
		18	SYSTEMD_AUTO_ENABLE = "disable"
		19
		20	CFLAGS += "-fno-inline"
		21
		22	# I want openvpn to be able to read password from file (hrw)
		23	EXTRA_OECONF += "--enable-password-save --enable-iproute2"
		24	EXTRA_OECONF += "${@base_contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}"
		25
		26	# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
		27	EXTRA_OECONF += "IPROUTE=/sbin/ip"
		28
		29	do_install_append() {
		30	install -d ${D}/${sysconfdir}/init.d
		31	install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
		32
		33	install -d ${D}/${sysconfdir}/openvpn
		34	install -d ${D}/${sysconfdir}/openvpn/sample
		35	install -m 755 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
		36	install -m 755 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
		37	install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys
		38	install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys
		39
		40	if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then
		41	install -d ${D}/${systemd_unitdir}/system
		42	install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system
		43	install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service
		44	install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service
		45
		46	install -d ${D}/${localstatedir}
		47	install -d ${D}/${localstatedir}/lib
		48	install -d -m 710 ${D}/${localstatedir}/lib/openvpn
		49	install -d -m 755 ${D}/${localstatedir}/run/
		50	install -d -m 755 ${D}/${localstatedir}/run/openvpn
		51	fi
		52	}
		53
		54	PACKAGES =+ " ${PN}-sample "
		55
		56	RRECOMMENDS_${PN} = "kernel-module-tun"
		57
		58	FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
		59	FILES_${PN} += "${systemd_unitdir}/system/openvpn@.service \
		60	/run"
		61	FILES_${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \
		62	${systemd_unitdir}/system/openvpn@loopback-client.service \
		63	${sysconfdir}/openvpn/sample/"