summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Gilbert <floppym@gentoo.org>2021-10-02 13:07:50 -0400
committerMike Gilbert <floppym@gentoo.org>2021-10-02 13:19:57 -0400
commitd08fe11b2b09f874ea8a2fbd296f69a4ce073702 (patch)
tree0099eca37e75e153bf9e891bdb9fbc6b5d789c41 /net-vpn
parentapp-misc/tracker-miners: bump to 3.1.3 (diff)
downloadgentoo-d08fe11b2b09f874ea8a2fbd296f69a4ce073702.tar.gz
gentoo-d08fe11b2b09f874ea8a2fbd296f69a4ce073702.tar.bz2
gentoo-d08fe11b2b09f874ea8a2fbd296f69a4ce073702.zip
net-vpn/openconnect: rewrite initscript
Support for the server_${VPN}, password_${VPN}, and vpnopts_${VPN} variables is dropped. Per-VPN variables are now defined in /etc/conf.d/openconnect.${vpn}. Instead of defining server and vpnopts, the user should set command_args which will be passed to openconnect via the default_start function. Support for 'password' and 'password_file' variables is added. If neither is specified, the password will be prompted for interactively. Support for up/down hooks is dropped. The functionality can be replaced with vpnc-script hooks. Bug: https://bugs.gentoo.org/733614 Bug: https://bugs.gentoo.org/763579 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'net-vpn')
-rw-r--r--net-vpn/openconnect/files/README.OpenRC25
-rw-r--r--net-vpn/openconnect/files/openconnect.confd6
-rw-r--r--net-vpn/openconnect/files/openconnect.initd107
-rw-r--r--net-vpn/openconnect/openconnect-8.10-r4.ebuild (renamed from net-vpn/openconnect/openconnect-8.10-r3.ebuild)2
-rw-r--r--net-vpn/openconnect/openconnect-9999.ebuild2
5 files changed, 25 insertions, 117 deletions
diff --git a/net-vpn/openconnect/files/README.OpenRC b/net-vpn/openconnect/files/README.OpenRC
index baa617d94eaa..488533e87e31 100644
--- a/net-vpn/openconnect/files/README.OpenRC
+++ b/net-vpn/openconnect/files/README.OpenRC
@@ -1,30 +1,13 @@
-The service script for openconnect supports multiple vpn tunnels.
+The service script for openconnect supports multiple VPN tunnels.
-You need to create a symbolic link to /etc/init.d/openconnect in
+To enable this, create a symbolic link to /etc/init.d/openconnect in
/etc/init.d for each tunnel instead of calling it directly:
ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
-Also, create a configuration file for the tunnel in /etc/openconnect. To
-follow this example, the configuration file would be called
-/etc/openconnect/vpn0.conf. See man openconnect for the options that can
-go in this file.
+To define per-VPN settings, copy /etc/conf.d/openconnect to
+openconnect.vpn0.
You can then start the vpn tunnel like this:
rc-service openconnect.vpn0 start
-
-If you would like to run preup, postup, predown, and/or postdown scripts,
-You need to create a directory in /etc/openconnect with the name of the vpn:
-
-mkdir /etc/openconnect/vpn0
-
-Then add executable shell files:
-
-mkdir /etc/openconnect/vpn0
-cd /etc/openconnect/vpn0
-echo '#!/bin/sh' > preup.sh
-cp preup.sh predown.sh
-cp preup.sh postup.sh
-cp preup.sh postdown.sh
-chmod 755 /etc/openconnect/vpn0/*
diff --git a/net-vpn/openconnect/files/openconnect.confd b/net-vpn/openconnect/files/openconnect.confd
new file mode 100644
index 000000000000..5c00518a6937
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.confd
@@ -0,0 +1,6 @@
+# Arguments to pass to openconnect
+#command_args="--authgroup AUTHGROUP --user USER SERVERNAME"
+
+# For non-interactive use, set either password or password_file
+#password="PASSWORD"
+#password_file="/etc/openconnect/vpn0.password"
diff --git a/net-vpn/openconnect/files/openconnect.initd b/net-vpn/openconnect/files/openconnect.initd
index 7b33920f498c..69f9999f6ad9 100644
--- a/net-vpn/openconnect/files/openconnect.initd
+++ b/net-vpn/openconnect/files/openconnect.initd
@@ -1,109 +1,28 @@
#!/sbin/openrc-run
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-VPN="${RC_SVCNAME#*.}"
-VPNCONF=/etc/openconnect/${VPN}.conf
-VPNDIR="/etc/openconnect/${VPN}"
-VPNLOG="/var/log/openconnect/${VPN}"
-VPNLOGFILE="${VPNLOG}/openconnect.log"
-VPNERRFILE="${VPNLOG}/openconnect.err"
-
+vpn=${RC_SVCNAME#*.}
command="/usr/sbin/openconnect"
-name="OpenConnect: ${VPN}"
-pidfile="/run/openconnect/${VPN}.pid"
+pidfile="/run/openconnect/${vpn}.pid"
+command_args="--syslog ${command_args}"
+command_args_background="--background --pid-file \"${pidfile}\""
stopsig="SIGINT"
-depend() {
- before netmount
-}
-
-checkconfig() {
- if [ $VPN = "openconnect" ]; then
- eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
- eerror
- eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
- eerror
- eerror "And then call it instead:"
- eerror
- eerror "/etc/init.d/openconnect.vpn0 start"
- return 1
- fi
- return 0
-}
-
-checktuntap() {
- if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
- if ! modprobe tun ; then
- eerror "TUN/TAP support is not available in this kernel"
- return 1
- fi
- fi
-}
-
-run_hook() {
- if [ -x "$1" ]; then
- "$@"
- fi
-}
-
start_pre() {
- checkconfig || return
- checktuntap || return
- checkpath -d "${VPNLOG}" || return
- checkpath -d /run/openconnect || return
- run_hook "${VPNDIR}/preup.sh"
+ checkpath -d /run/openconnect
}
-ssd_helper() {
+start() {
if [ -n "${password}" ]; then
- start-stop-daemon "$@" <<EOF
+ command_args="${command_args} --passwd-on-stdin"
+ default_start <<EOF
${password}
EOF
+ elif [ -n "${password_file}" ]; then
+ command_args="${command_args} --passwd-on-stdin"
+ default_start <"${password_file}"
else
- start-stop-daemon "$@"
+ default_start
fi
}
-
-start() {
- local server vpnopts password
- eval server=\$server_${VPN}
- eval vpnopts=\$vpnopts_${VPN}
- eval password=\$password_${VPN}
-
- local config=
- if [ -e "${VPNCONF}" ]; then
- config="--config=${VPNCONF}"
- fi
-
- # Allow quoted whitespace in vpnopts.
- eval set -- ${vpnopts}
-
- ebegin "Starting ${name}"
- ssd_helper --start \
- --exec "${command}" \
- --pidfile "${pidfile}" \
- -- \
- --background \
- ${config} \
- --interface="${VPN}" \
- --pid-file="${pidfile}" \
- "$@" \
- "${server}" \
- >> "${VPNLOGFILE}" \
- 2>> "${VPNERRFILE}"
- eend $?
-}
-
-start_post() {
- run_hook "${VPNDIR}/postup.sh"
-}
-
-stop_pre() {
- checkconfig || return
- run_hook "${VPNDIR}/predown.sh"
-}
-
-stop_post() {
- run_hook "${VPNDIR}/postdown.sh"
-}
diff --git a/net-vpn/openconnect/openconnect-8.10-r3.ebuild b/net-vpn/openconnect/openconnect-8.10-r4.ebuild
index 8e6903996014..13c3da231bad 100644
--- a/net-vpn/openconnect/openconnect-8.10-r3.ebuild
+++ b/net-vpn/openconnect/openconnect-8.10-r4.ebuild
@@ -131,7 +131,7 @@ src_install() {
dodoc "${FILESDIR}"/README.OpenRC
- newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+ newconfd "${FILESDIR}"/openconnect.confd openconnect
newinitd "${FILESDIR}"/openconnect.initd openconnect
insinto /etc/logrotate.d
diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild
index 8e6903996014..13c3da231bad 100644
--- a/net-vpn/openconnect/openconnect-9999.ebuild
+++ b/net-vpn/openconnect/openconnect-9999.ebuild
@@ -131,7 +131,7 @@ src_install() {
dodoc "${FILESDIR}"/README.OpenRC
- newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+ newconfd "${FILESDIR}"/openconnect.confd openconnect
newinitd "${FILESDIR}"/openconnect.initd openconnect
insinto /etc/logrotate.d