From 34cb9132ef2dae08f91a66015ea5437539a4b557 Mon Sep 17 00:00:00 2001 From: Alon Bar-Lev Date: Wed, 29 Feb 2012 22:11:59 +0200 Subject: build: standard directory layout Suitable for mature project. root - administrative stuff doc - documents src - sources tests - tests distro - distro specific files sample - samples SIDE EFFECT: many changes to rpm spec. Signed-off-by: Alon Bar-Lev Acked-by: Adriaan de Jong Signed-off-by: David Sommerseth --- distro/Makefile.am | 15 +++ distro/rpm/Makefile.am | 18 +++ distro/rpm/openvpn.init.d.rhel | 244 +++++++++++++++++++++++++++++++++++ distro/rpm/openvpn.init.d.suse | 264 +++++++++++++++++++++++++++++++++++++ distro/rpm/openvpn.spec.in | 287 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 828 insertions(+) create mode 100644 distro/Makefile.am create mode 100644 distro/rpm/Makefile.am create mode 100755 distro/rpm/openvpn.init.d.rhel create mode 100644 distro/rpm/openvpn.init.d.suse create mode 100644 distro/rpm/openvpn.spec.in (limited to 'distro') diff --git a/distro/Makefile.am b/distro/Makefile.am new file mode 100644 index 0000000..2dd6a6e --- /dev/null +++ b/distro/Makefile.am @@ -0,0 +1,15 @@ +# +# OpenVPN -- An application to securely tunnel IP networks +# over a single UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. +# Copyright (C) 2006-2012 Alon Bar-Lev +# + +MAINTAINERCLEANFILES = \ + $(srcdir)/Makefile.in + +SUBDIRS = rpm diff --git a/distro/rpm/Makefile.am b/distro/rpm/Makefile.am new file mode 100644 index 0000000..536061d --- /dev/null +++ b/distro/rpm/Makefile.am @@ -0,0 +1,18 @@ +# +# OpenVPN -- An application to securely tunnel IP networks +# over a single UDP port, with support for SSL/TLS-based +# session authentication and key exchange, +# packet encryption, packet authentication, and +# packet compression. +# +# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. +# Copyright (C) 2006-2012 Alon Bar-Lev +# + +MAINTAINERCLEANFILES = \ + $(srcdir)/Makefile.in + +dist_noinst_DATA = \ + openvpn.spec \ + openvpn.init.d.rhel \ + openvpn.init.d.suse diff --git a/distro/rpm/openvpn.init.d.rhel b/distro/rpm/openvpn.init.d.rhel new file mode 100755 index 0000000..821abd5 --- /dev/null +++ b/distro/rpm/openvpn.init.d.rhel @@ -0,0 +1,244 @@ +#!/bin/sh +# +# openvpn This shell script takes care of starting and stopping +# openvpn on RedHat or other chkconfig-based system. +# +# chkconfig: 345 24 76 +# +# description: OpenVPN is a robust and highly flexible tunneling application \ +# that uses all of the encryption, authentication, and \ +# certification features of the OpenSSL library to securely \ +# tunnel IP networks over a single UDP port. +# + +# Contributed to the OpenVPN project by +# Douglas Keller +# 2002.05.15 + +# To install: +# copy this file to /etc/rc.d/init.d/openvpn +# shell> chkconfig --add openvpn +# shell> mkdir /etc/openvpn +# make .conf or .sh files in /etc/openvpn (see below) + +# To uninstall: +# run: chkconfig --del openvpn + +# Author's Notes: +# +# I have created an /etc/init.d init script and enhanced openvpn.spec to +# automatically register the init script. Once the RPM is installed you +# can start and stop OpenVPN with "service openvpn start" and "service +# openvpn stop". +# +# The init script does the following: +# +# - Starts an openvpn process for each .conf file it finds in +# /etc/openvpn. +# +# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes +# it before starting openvpn (useful for doing openvpn --mktun...). +# +# - In addition to start/stop you can do: +# +# service openvpn reload - SIGHUP +# service openvpn reopen - SIGUSR1 +# service openvpn status - SIGUSR2 +# +# Modifications: +# +# 2003.05.02 +# * Changed == to = for sh compliance (Bishop Clark). +# * If condrestart|reload|reopen|status, check that we were +# actually started (James Yonan). +# * Added lock, piddir, and work variables (James Yonan). +# * If start is attempted twice, without an intervening stop, or +# if start is attempted when previous start was not properly +# shut down, then kill any previously started processes, before +# commencing new start operation (James Yonan). +# * Do a better job of flagging errors on start, and properly +# returning success or failure status to caller (James Yonan). +# +# 2005.04.04 +# * Added openvpn-startup and openvpn-shutdown script calls +# (James Yonan). +# + +# Location of openvpn binary +openvpn="" +openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn" +for location in $openvpn_locations +do + if [ -f "$location" ] + then + openvpn=$location + fi +done + +# Lockfile +lock="/var/lock/subsys/openvpn" + +# PID directory +piddir="/var/run/openvpn" + +# Our working directory +work=/etc/openvpn + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +if [ ${NETWORKING} = "no" ] +then + echo "Networking is down" + exit 0 +fi + +# Check that binary exists +if ! [ -f $openvpn ] +then + echo "openvpn binary not found" + exit 0 +fi + +# See how we were called. +case "$1" in + start) + echo -n $"Starting openvpn: " + + /sbin/modprobe tun >/dev/null 2>&1 + + # From a security perspective, I think it makes + # sense to remove this, and have users who need + # it explictly enable in their --up scripts or + # firewall setups. + + #echo 1 > /proc/sys/net/ipv4/ip_forward + + # Run startup script, if defined + if [ -f $work/openvpn-startup ]; then + $work/openvpn-startup + fi + + if [ ! -d $piddir ]; then + mkdir $piddir + fi + + if [ -f $lock ]; then + # we were not shut down correctly + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill `cat $pidf` >/dev/null 2>&1 + fi + rm -f $pidf + done + rm -f $lock + sleep 2 + fi + + rm -f $piddir/*.pid + cd $work + + # Start every .conf in $work and run .sh if exists + errors=0 + successes=0 + for c in `/bin/ls *.conf 2>/dev/null`; do + bn=${c%%.conf} + if [ -f "$bn.sh" ]; then + . $bn.sh + fi + rm -f $piddir/$bn.pid + $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work + if [ $? = 0 ]; then + successes=1 + else + errors=1 + fi + done + + if [ $errors = 1 ]; then + failure; echo + else + success; echo + fi + + if [ $successes = 1 ]; then + touch $lock + fi + ;; + stop) + echo -n $"Shutting down openvpn: " + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill `cat $pidf` >/dev/null 2>&1 + fi + rm -f $pidf + done + + # Run shutdown script, if defined + if [ -f $work/openvpn-shutdown ]; then + $work/openvpn-shutdown + fi + + success; echo + rm -f $lock + ;; + restart) + $0 stop + sleep 2 + $0 start + ;; + reload) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -HUP `cat $pidf` >/dev/null 2>&1 + fi + done + else + echo "openvpn: service not started" + exit 1 + fi + ;; + reopen) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -USR1 `cat $pidf` >/dev/null 2>&1 + fi + done + else + echo "openvpn: service not started" + exit 1 + fi + ;; + condrestart) + if [ -f $lock ]; then + $0 stop + # avoid race + sleep 2 + $0 start + fi + ;; + status) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -USR2 `cat $pidf` >/dev/null 2>&1 + fi + done + echo "Status written to /var/log/messages" + else + echo "openvpn: service not started" + exit 1 + fi + ;; + *) + echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}" + exit 1 + ;; +esac +exit 0 diff --git a/distro/rpm/openvpn.init.d.suse b/distro/rpm/openvpn.init.d.suse new file mode 100644 index 0000000..2bac7f3 --- /dev/null +++ b/distro/rpm/openvpn.init.d.suse @@ -0,0 +1,264 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: openvpn +# Required-Start: $network +# Required-Stop: $network +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: This shell script takes care of starting and stopping OpenVPN. +# Description: OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port. +### END INIT INFO + +# Contributed to the OpenVPN project by +# Douglas Keller +# 2002.05.15 + +# Modified for SuSE by +# Frank Plohmann +# 2003.08.24 +# Please feel free to contact me if you have problems or suggestions +# using this script. + +# To install: +# copy this file to /etc/rc.d/init.d/openvpn +# use the runlevel editor in Yast to add it to runlevel 3 and/or 5 +# shell> mkdir /etc/openvpn +# make .conf or .sh files in /etc/openvpn (see below) + +# To uninstall: +# use also Yast and the runlevel editor to uninstall + +# Author's Notes: +# +# I have created an /etc/init.d init script and enhanced openvpn.spec to +# automatically register the init script. Once the RPM is installed you +# can start and stop OpenVPN with "service openvpn start" and "service +# openvpn stop". +# +# The init script does the following: +# +# - Starts an openvpn process for each .conf file it finds in +# /etc/openvpn. +# +# - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes +# it before starting openvpn (useful for doing openvpn --mktun...). +# +# - In addition to start/stop you can do: +# +# /etc/init.d/openvpn reload - SIGHUP +# /etc/init.d/openvpn reopen - SIGUSR1 +# /etc/init.d/openvpn status - SIGUSR2 + +# Modifications 2003.05.02 +# * Changed == to = for sh compliance (Bishop Clark). +# * If condrestart|reload|reopen|status, check that we were +# actually started (James Yonan). +# * Added lock, piddir, and work variables (James Yonan). +# * If start is attempted twice, without an intervening stop, or +# if start is attempted when previous start was not properly +# shut down, then kill any previously started processes, before +# commencing new start operation (James Yonan). +# * Do a better job of flagging errors on start, and properly +# returning success or failure status to caller (James Yonan). +# +# Modifications 2003.08.24 +# * Converted the script for SuSE Linux distribution. +# Tested with version 8.2 (Frank Plohmann). +# - removed "chkconfig" header +# - added Yast header +# - changed installation notes +# - corrected path to openvpn binary +# - removes sourcing "functions" +# - removed sourcing "network" +# - removed network checking. it seemed not to work with SuSE. +# - added sourcing "rc.status", comments and "rc_reset" command +# - removed "succes; echo" and "failure; echo" lines +# - added "rc_status" lines at the end of each section +# - changed "service" to "/etc/init.d/" in "In addition to start/stop" +# section above. +# +# Modifications 2005.04.04 +# * Added openvpn-startup and openvpn-shutdown script calls (James Yonan). +# + +# Location of openvpn binary +openvpn="/usr/sbin/openvpn" + +# Lockfile +lock="/var/lock/subsys/openvpn" + +# PID directory +piddir="/var/run/openvpn" + +# Our working directory +work=/etc/openvpn + +# Source rc functions +. /etc/rc.status + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status + +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status + +# First reset status of this service +rc_reset + +[ -f $openvpn ] || exit 0 + +# See how we were called. +case "$1" in + start) + echo -n $"Starting openvpn: " + + /sbin/modprobe tun >/dev/null 2>&1 + + # From a security perspective, I think it makes + # sense to remove this, and have users who need + # it explictly enable in their --up scripts or + # firewall setups. + + #echo 1 > /proc/sys/net/ipv4/ip_forward + + # Run startup script, if defined + if [ -f $work/openvpn-startup ]; then + $work/openvpn-startup + fi + + if [ ! -d $piddir ]; then + mkdir $piddir + fi + + if [ -f $lock ]; then + # we were not shut down correctly + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill `cat $pidf` >/dev/null 2>&1 + fi + rm -f $pidf + done + rm -f $lock + sleep 2 + fi + + rm -f $piddir/*.pid + cd $work + + # Start every .conf in $work and run .sh if exists + errors=0 + successes=0 + for c in `/bin/ls *.conf 2>/dev/null`; do + bn=${c%%.conf} + if [ -f "$bn.sh" ]; then + . $bn.sh + fi + rm -f $piddir/$bn.pid + $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work + if [ $? = 0 ]; then + successes=1 + else + errors=1 + fi + done + + if [ $successes = 1 ]; then + touch $lock + fi + + rc_status -v + ;; + stop) + echo -n $"Shutting down openvpn: " + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill `cat $pidf` >/dev/null 2>&1 + fi + rm -f $pidf + done + + # Run shutdown script, if defined + if [ -f $work/openvpn-shutdown ]; then + $work/openvpn-shutdown + fi + + rm -f $lock + + rc_status -v + ;; + restart) + $0 stop + sleep 2 + $0 start + + rc_status + ;; + reload) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -HUP `cat $pidf` >/dev/null 2>&1 + fi + done + else + echo "openvpn: service not started" + exit 1 + fi + + rc_status -v + ;; + reopen) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -USR1 `cat $pidf` >/dev/null 2>&1 + fi + done + else + echo "openvpn: service not started" + exit 1 + fi + + rc_status -v + ;; + condrestart) + if [ -f $lock ]; then + $0 stop + # avoid race + sleep 2 + $0 start + fi + + rc_status + ;; + status) + if [ -f $lock ]; then + for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do + if [ -s $pidf ]; then + kill -USR2 `cat $pidf` >/dev/null 2>&1 + fi + done + echo "Status written to /var/log/messages" + else + echo "openvpn: service not started" + exit 1 + fi + + rc_status -v + ;; + *) + echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}" + exit 1 +esac + +exit 0 diff --git a/distro/rpm/openvpn.spec.in b/distro/rpm/openvpn.spec.in new file mode 100644 index 0000000..455f739 --- /dev/null +++ b/distro/rpm/openvpn.spec.in @@ -0,0 +1,287 @@ +# OpenVPN spec file, used to drive rpmbuild + +# OPTIONS +# +# Disable LZO +# rpmbuild -tb [openvpn.x.tar.gz] --define 'without_lzo 1' +# +# Disable PAM plugin +# rpmbuild -tb [openvpn.x.tar.gz] --define 'without_pam 1' +# +# Allow passwords to be read from files +# rpmbuild -tb [openvpn.x.tar.gz] --define 'with_password_save 1' +# +# Use this on RH9 and RHEL3 +# rpmbuild -tb [openvpn.x.tar.gz] --define 'with_kerberos 1' + +Summary: OpenVPN is a robust and highly flexible VPN daemon by James Yonan. +Name: @PACKAGE@ +Version: @VERSION@ +Release: 1 +URL: http://openvpn.net/ +Source0: http://prdownloads.sourceforge.net/openvpn/%{name}-%{version}.tar.gz + +License: GPL +Group: Applications/Internet +Vendor: James Yonan +Packager: James Yonan +BuildRoot: %{_tmppath}/%{name}-%(id -un) + +# +# Include dependencies manually +# + +AutoReq: 0 + +BuildRequires: openssl-devel >= 0.9.6 +Requires: openssl >= 0.9.6 + +%if "%{_vendor}" == "Mandrakesoft" +%{!?without_lzo:BuildRequires: liblzo1-devel >= 1.07} +%{!?without_lzo:Requires: liblzo1 >= 1.07} +%else +%if "%{_vendor}" == "MandrakeSoft" +%{!?without_lzo:BuildRequires: liblzo1-devel >= 1.07} +%{!?without_lzo:Requires: liblzo1 >= 1.07} +%else +%{!?without_lzo:BuildRequires: lzo-devel >= 1.07} +%{!?without_lzo:Requires: lzo >= 1.07} +%endif +%endif + +%{!?without_pam:BuildRequires: pam-devel} +%{!?without_pam:Requires: pam} + +%{!?with_pkcs11:BuildRequires: pkcs11-helper-devel} +%{!?with_pkcs11:Requires: pkcs11-helper} + +# +# Description +# + +%description +OpenVPN is a robust and highly flexible VPN daemon by James Yonan. +OpenVPN supports SSL/TLS security, +ethernet bridging, +TCP or UDP tunnel transport through proxies or NAT, +support for dynamic IP addresses and DHCP, +scalability to hundreds or thousands of users, +and portability to most major OS platforms. + +%package devel +Summary: OpenVPN is a robust and highly flexible VPN daemon by James Yonan. +Group: Applications/Internet +Requires: %{name} +%description devel +Development support for OpenVPN. + +# +# Define vendor type +# + +%if "%{_vendor}" == "suse" || "%{_vendor}" == "pc" +%define VENDOR SuSE +%else +%define VENDOR %_vendor +%endif + +# +# Should we build the auth-pam module? +# + +%define build_auth_pam 1 +%{?without_pam:%define build_auth_pam 0} + +# +# Other definitions +# + +%define debug_package %{nil} + +# +# Build OpenVPN binary +# + +%prep +%setup -q + +%build +%configure \ + --disable-dependency-tracking \ + --docdir="%{_docdir}/%{name}-%{version}" \ + %{?with_password_save:--enable-password-save} \ + %{?without_lzo:--disable-lzo} \ + %{?with_kerberos:--with-ssl-headers=/usr/kerberos/include} +%__make + +# Build down-root plugin +pushd src/plugins/down-root +%__make +popd + +# Build auth-pam plugin +%if %{build_auth_pam} +pushd src/plugins/auth-pam +%__make +popd +%endif + +# +# Installation section +# + +%install +[ %{buildroot} != "/" ] && rm -rf %{buildroot} +%__make install DESTDIR="%{buildroot}" + +# Install init script +%if "%{VENDOR}" == "SuSE" +%__install -c -d -m 755 "%{buildroot}/etc/init.d" +%__install -c -m 755 "distro/rpm/%{name}.init.d.suse" "%{buildroot}/etc/init.d/%{name}" +%else +%__install -c -d -m 755 "%{buildroot}/etc/rc.d/init.d" +%__install -c -m 755 distro/rpm/%{name}.init.d.rhel "%{buildroot}/etc/rc.d/init.d/%{name}" +%endif + +# Install /etc/openvpn +%__install -c -d -m 755 "%{buildroot}/etc/%{name}" + +# +# Build /usr/share/openvpn +# + +%__mkdir_p %{buildroot}%{_datadir}/%{name} + +# +# Install the plugins +# + +%__mkdir_p "%{buildroot}%{_datadir}/%{name}/plugins/lib" + +for pi in auth-pam down-root; do + %__mv -f src/plugins/$pi/README src/plugins/README.$pi + if [ -e src/plugins/$pi/openvpn-$pi.so ]; then + %__install -c -m 755 src/plugins/$pi/openvpn-$pi.so "%{buildroot}%{_datadir}/openvpn/plugins/lib/openvpn-$pi.so" + fi +done + +%__mv -f src/plugins/README src/plugins/README.plugins + +# +# Clean section +# + +%clean +[ %{buildroot} != "/" ] && rm -rf "%{buildroot}" + +# +# On Linux 2.4, make the device node +# + +%post +case "`uname -r`" in +2.4*) + /bin/mkdir /dev/net >/dev/null 2>&1 + /bin/mknod /dev/net/tun c 10 200 >/dev/null 2>&1 + ;; +esac + +# +# Handle the init script +# + +/sbin/chkconfig --add %{name} +%if "%{VENDOR}" == "SuSE" +/etc/init.d/openvpn restart +%else +/sbin/service %{name} condrestart +%endif +%preun +if [ "$1" = 0 ] +then + %if "%{VENDOR}" == "SuSE" + /etc/init.d/openvpn stop + %else + /sbin/service %{name} stop + %endif + /sbin/chkconfig --del %{name} +fi + +# +# Files section +# + +%files +%defattr(-,root,root) +%doc AUTHORS ChangeLog COPYING COPYRIGHT.GPL INSTALL NEWS PORTS README +%{_mandir} +%{_sbindir}/%{name} +%{_datadir}/%{name} +%dir /etc/%{name} +%if "%{VENDOR}" == "SuSE" +/etc/init.d/%{name} +%else +/etc/rc.d/init.d/%{name} +%endif + +# Install extra %doc stuff +%doc contrib/ sample/ src/plugins/README.* + +%files devel +%defattr(-,root,root) +%{_includedir}/* + +%changelog +* Thu Jul 30 2009 David Sommerseth +- Removed management/ directory from %doc + +* Thu Dec 14 2006 Alon Bar-Lev +- Added with_pkcs11 + +* Mon Aug 2 2005 James Yonan +- Fixed build problem with --define 'without_pam 1' + +* Mon Apr 4 2005 James Yonan +- Moved some files from /usr/share/openvpn to %doc for compatibility + with Dag Wieers' RPM repository + +* Sat Mar 12 2005 Tom Walsh +- Added MandrakeSoft liblzo1 require + +* Fri Dec 10 2004 James Yonan +- Added AutoReq: 0 for manual dependencies + +* Fri Dec 10 2004 James Yonan +- Packaged the plugins + +* Sun Nov 7 2004 Umberto Nicoletti +- SuSE support + +* Wed Aug 18 2004 Bishop Clark (LC957) +- restrict what we claim in /etc/ to avoid ownership conflicts + +* Sun Feb 23 2003 Matthias Andree 1.3.2.14-1. +- Have the version number filled in by autoconf. + +* Wed Jul 10 2002 James Yonan 1.3.1-1 +- Fixed %preun to only remove service on final uninstall + +* Mon Jun 17 2002 bishop clark (LC957) 1.2.2-1 +- Added condrestart to openvpn.spec & openvpn.init. + +* Wed May 22 2002 James Yonan 1.2.0-1 +- Added mknod for Linux 2.4. + +* Wed May 15 2002 Doug Keller 1.1.1.16-2 +- Added init scripts +- Added conf file support + +* Mon May 13 2002 bishop clark (LC957) 1.1.1.14-1 +- Added new directories for config examples and such + +* Sun May 12 2002 bishop clark (LC957) 1.1.1.13-1 +- Updated buildroot directive and cleanup command +- added easy-rsa utilities + +* Mon Mar 25 2002 bishop clark (LC957) 1.0-1 +- Initial build. -- cgit