summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilliam Hubbs <williamh@gentoo.org>2020-11-22 17:41:54 -0600
committerWilliam Hubbs <williamh@gentoo.org>2020-11-22 18:03:27 -0600
commit41acdc92e655eb64a0d667b3b612fd5312921656 (patch)
tree25b78b48b3eebdc5e03421e8d22160405e6d99aa
parentsys-apps/systemd-tmpfiles: Stabilize 246 sparc, #755983 (diff)
downloadgentoo-41acdc92e655eb64a0d667b3b612fd5312921656.tar.gz
gentoo-41acdc92e655eb64a0d667b3b612fd5312921656.tar.bz2
gentoo-41acdc92e655eb64a0d667b3b612fd5312921656.zip
net-vpn/openconnect: 8.10-r1 revbump to fix openrc service
This changes the openrc service to support the use of separate openconnect config files for each tunnel instead of setting the tunnel options in the conf.d files. The config files will be stored in /etc/openconnect/<tunnel>.conf. The contents of these config files is defined in the openconnect man page. Closes: https://bugs.gentoo.org/733614 Signed-off-by: William Hubbs <williamh@gentoo.org>
-rw-r--r--net-vpn/openconnect/files/README.OpenRC30
-rw-r--r--net-vpn/openconnect/files/openconnect.initd.8.10105
-rw-r--r--net-vpn/openconnect/openconnect-8.10-r1.ebuild153
3 files changed, 288 insertions, 0 deletions
diff --git a/net-vpn/openconnect/files/README.OpenRC b/net-vpn/openconnect/files/README.OpenRC
new file mode 100644
index 000000000000..baa617d94eaa
--- /dev/null
+++ b/net-vpn/openconnect/files/README.OpenRC
@@ -0,0 +1,30 @@
+The service script for openconnect supports multiple vpn tunnels.
+
+You need to create a symbolic link to /etc/init.d/openconnect in
+/etc/init.d for each tunnel instead of calling it directly:
+
+ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
+
+Also, create a configuration file for the tunnel in /etc/openconnect. To
+follow this example, the configuration file would be called
+/etc/openconnect/vpn0.conf. See man openconnect for the options that can
+go in this file.
+
+You can then start the vpn tunnel like this:
+
+rc-service openconnect.vpn0 start
+
+If you would like to run preup, postup, predown, and/or postdown scripts,
+You need to create a directory in /etc/openconnect with the name of the vpn:
+
+mkdir /etc/openconnect/vpn0
+
+Then add executable shell files:
+
+mkdir /etc/openconnect/vpn0
+cd /etc/openconnect/vpn0
+echo '#!/bin/sh' > preup.sh
+cp preup.sh predown.sh
+cp preup.sh postup.sh
+cp preup.sh postdown.sh
+chmod 755 /etc/openconnect/vpn0/*
diff --git a/net-vpn/openconnect/files/openconnect.initd.8.10 b/net-vpn/openconnect/files/openconnect.initd.8.10
new file mode 100644
index 000000000000..cec5350e17ce
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.initd.8.10
@@ -0,0 +1,105 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPN="${RC_SVCNAME#*.}"
+VPNCONF=/etc/openconnect/${VPN}.conf
+VPNDIR="/etc/openconnect/${VPN}"
+VPNLOG="/var/log/openconnect/${VPN}"
+VPNLOGFILE="${VPNLOG}/openconnect.log"
+VPNERRFILE="${VPNLOG}/openconnect.err"
+
+command="/usr/sbin/openconnect"
+name="OpenConnect: ${VPN}"
+pidfile="/run/openconnect/${VPN}.pid"
+stopsig="SIGINT"
+
+depend() {
+ before netmount
+}
+
+checkconfig() {
+ if [ $VPN = "openconnect" ]; then
+ eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
+ eerror
+ eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
+ eerror
+ eerror "And then call it instead:"
+ eerror
+ eerror "/etc/init.d/openconnect.vpn0 start"
+ return 1
+ fi
+ if [ ! -f "${VPNCONF}" ]; then
+ ewarn "The configuration file for ${VPN} does not exist."
+ ewarn "Please create ${VPNCONF}"
+ ewarn "This will become a fatal error in a future release."
+ fi
+ local server vpnopts password
+ eval server=\$server_${VPN}
+ eval vpnopts=\$vpnopts_${VPN}
+ eval password=\$password_${VPN}
+ if [ -n "$server" ] || [ -n "$vpnopts" ] || [ -n "password" ]; then
+ ewarn "server_${VPN}, vpnopts${VPN} and password_${VPN} are deprecated"
+ ewarn"Please move them to the appropriate settings in ${VPNCONF}"
+ ewarn "They will be ignored in the future."
+ fi
+ return 0
+}
+
+checktuntap() {
+ if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
+ if ! modprobe tun ; then
+ eerror "TUN/TAP support is not available in this kernel"
+ return 1
+ fi
+ fi
+}
+
+run_hook() {
+ if [ -x "$1" ]; then
+ "$@"
+ fi
+}
+
+start_pre() {
+ checkconfig || return
+ checktuntap || return
+ checkpath -d "${VPNLOG}" || return
+ checkpath -d /run/openconnect || return
+ run_hook "${VPNDIR}/preup.sh"
+}
+
+start() {
+ local server vpnopts password
+ eval server=\$server_${VPN}
+ eval vpnopts=\$vpnopts_${VPN}
+ eval password=\$password_${VPN}
+
+ ebegin "Starting ${name}"
+ start-stop-daemon --start --exec "${command}" -- \
+ --background \
+ --config="${VPNCONF:-/dev/null}" \
+ --interface="${VPN}" \
+ --pid-file="${pidfile}" \
+ ${vpnopts} \
+ "${server}" \
+ >> "${VPNLOGFILE}" \
+ 2>> "${VPNERRFILE}" \
+ <<EOF
+${password}
+EOF
+ eend $?
+}
+
+start_post() {
+ run_hook "${VPNDIR}/postup.sh"
+}
+
+stop_pre() {
+ checkconfig || return
+ run_hook "${VPNDIR}/predown.sh"
+}
+
+stop_post() {
+ run_hook "${VPNDIR}/postdown.sh"
+}
diff --git a/net-vpn/openconnect/openconnect-8.10-r1.ebuild b/net-vpn/openconnect/openconnect-8.10-r1.ebuild
new file mode 100644
index 000000000000..e4c566efb121
--- /dev/null
+++ b/net-vpn/openconnect/openconnect-8.10-r1.ebuild
@@ -0,0 +1,153 @@
+# Copyright 2011-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{3_6,3_7,3_8,3_9} )
+PYTHON_REQ_USE="xml"
+
+inherit linux-info python-any-r1
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
+ inherit git-r3 autotools
+else
+ ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
+ KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+fi
+VPNC_VER=20200930
+SRC_URI="${ARCHIVE_URI}
+ ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
+
+DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
+HOMEPAGE="http://www.infradead.org/openconnect.html"
+
+LICENSE="LGPL-2.1 GPL-2"
+SLOT="0/5"
+IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ dev-libs/libxml2
+ sys-libs/zlib
+ !gnutls? (
+ >=dev-libs/openssl-1.0.1h:0=
+ )
+ gnutls? (
+ app-crypt/trousers
+ app-misc/ca-certificates
+ dev-libs/nettle
+ >=net-libs/gnutls-3.6.13:0=
+ dev-libs/libtasn1:0=
+ app-crypt/tpm2-tss
+ )
+ gssapi? ( virtual/krb5 )
+ libproxy? ( net-libs/libproxy )
+ lz4? ( app-arch/lz4:= )
+ nls? ( virtual/libintl )
+ smartcard? ( sys-apps/pcsc-lite:0= )
+ stoken? ( app-crypt/stoken )
+"
+RDEPEND="${DEPEND}
+ sys-apps/iproute2
+"
+BDEPEND="
+ virtual/pkgconfig
+ doc? ( ${PYTHON_DEPS} sys-apps/groff )
+ nls? ( sys-devel/gettext )
+ test? (
+ net-libs/socket_wrapper
+ net-vpn/ocserv
+ sys-libs/uid_wrapper
+ )
+"
+
+CONFIG_CHECK="~TUN"
+
+pkg_pretend() {
+ check_extra_config
+}
+
+pkg_setup() {
+ :
+}
+
+src_unpack() {
+ if [[ ${PV} == 9999 ]]; then
+ git-r3_src_unpack
+ fi
+ default
+}
+
+src_prepare() {
+ default
+ if [[ ${PV} == 9999 ]]; then
+ eautoreconf
+ fi
+}
+
+src_configure() {
+ if use doc; then
+ python_setup
+ else
+ export ac_cv_path_PYTHON=
+ fi
+
+ # Used by tests if userpriv is disabled
+ addwrite /run/netns
+
+ local myconf=(
+ --disable-dsa-tests
+ $(use_enable nls)
+ --disable-static
+ $(use_with !gnutls openssl)
+ $(use_with gnutls)
+ $(use_with libproxy)
+ $(use_with lz4)
+ $(use_with gssapi)
+ $(use_with smartcard libpcsclite)
+ $(use_with stoken)
+ --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh"
+ --without-java
+ )
+
+ econf "${myconf[@]}"
+}
+
+src_test() {
+ local charset
+ for charset in UTF-8 ISO8859-2; do
+ if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
+ # If we don't have valid cs_CZ locale data, auth-nonascii will fail.
+ # Force a test skip by exiting with status 77.
+ sed -i -e '2i exit 77' tests/auth-nonascii || die
+ break
+ fi
+ done
+ default
+}
+
+src_install() {
+ default
+ find "${ED}" -name '*.la' -delete || die
+
+ exeinto /etc/openconnect
+ newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
+
+ newinitd "${FILESDIR}"/openconnect.initd.${PV} openconnect
+ dodoc "${FILESDIR}"/README.OpenRC
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/openconnect.logrotate openconnect
+
+ keepdir /var/log/openconnect
+}
+
+pkg_postinst() {
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ ver_test $v -ge 8.10-r1 && continue
+ ewarn "openconnect tunnel-specific configurations stored in ${EROOT}/etc/conf.d"
+ ewarn "should be migrated to ${EROOT}/etc/openconnect/<tunnel>.conf"
+ ewarn "For more information see ${EROOT}/usr/share/doc/${PF}/README.OpenRC"
+ done
+}