diff options
author | Mike Gilbert <floppym@gentoo.org> | 2021-10-02 13:07:50 -0400 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2021-10-02 13:19:57 -0400 |
commit | d08fe11b2b09f874ea8a2fbd296f69a4ce073702 (patch) | |
tree | 0099eca37e75e153bf9e891bdb9fbc6b5d789c41 /net-vpn | |
parent | app-misc/tracker-miners: bump to 3.1.3 (diff) | |
download | gentoo-d08fe11b2b09f874ea8a2fbd296f69a4ce073702.tar.gz gentoo-d08fe11b2b09f874ea8a2fbd296f69a4ce073702.tar.bz2 gentoo-d08fe11b2b09f874ea8a2fbd296f69a4ce073702.zip |
net-vpn/openconnect: rewrite initscript
Support for the server_${VPN}, password_${VPN}, and vpnopts_${VPN}
variables is dropped.
Per-VPN variables are now defined in /etc/conf.d/openconnect.${vpn}.
Instead of defining server and vpnopts, the user should set command_args
which will be passed to openconnect via the default_start function.
Support for 'password' and 'password_file' variables is added. If neither
is specified, the password will be prompted for interactively.
Support for up/down hooks is dropped. The functionality can be replaced
with vpnc-script hooks.
Bug: https://bugs.gentoo.org/733614
Bug: https://bugs.gentoo.org/763579
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'net-vpn')
-rw-r--r-- | net-vpn/openconnect/files/README.OpenRC | 25 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect.confd | 6 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect.initd | 107 | ||||
-rw-r--r-- | net-vpn/openconnect/openconnect-8.10-r4.ebuild (renamed from net-vpn/openconnect/openconnect-8.10-r3.ebuild) | 2 | ||||
-rw-r--r-- | net-vpn/openconnect/openconnect-9999.ebuild | 2 |
5 files changed, 25 insertions, 117 deletions
diff --git a/net-vpn/openconnect/files/README.OpenRC b/net-vpn/openconnect/files/README.OpenRC index baa617d94eaa..488533e87e31 100644 --- a/net-vpn/openconnect/files/README.OpenRC +++ b/net-vpn/openconnect/files/README.OpenRC @@ -1,30 +1,13 @@ -The service script for openconnect supports multiple vpn tunnels. +The service script for openconnect supports multiple VPN tunnels. -You need to create a symbolic link to /etc/init.d/openconnect in +To enable this, create a symbolic link to /etc/init.d/openconnect in /etc/init.d for each tunnel instead of calling it directly: ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 -Also, create a configuration file for the tunnel in /etc/openconnect. To -follow this example, the configuration file would be called -/etc/openconnect/vpn0.conf. See man openconnect for the options that can -go in this file. +To define per-VPN settings, copy /etc/conf.d/openconnect to +openconnect.vpn0. You can then start the vpn tunnel like this: rc-service openconnect.vpn0 start - -If you would like to run preup, postup, predown, and/or postdown scripts, -You need to create a directory in /etc/openconnect with the name of the vpn: - -mkdir /etc/openconnect/vpn0 - -Then add executable shell files: - -mkdir /etc/openconnect/vpn0 -cd /etc/openconnect/vpn0 -echo '#!/bin/sh' > preup.sh -cp preup.sh predown.sh -cp preup.sh postup.sh -cp preup.sh postdown.sh -chmod 755 /etc/openconnect/vpn0/* diff --git a/net-vpn/openconnect/files/openconnect.confd b/net-vpn/openconnect/files/openconnect.confd new file mode 100644 index 000000000000..5c00518a6937 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.confd @@ -0,0 +1,6 @@ +# Arguments to pass to openconnect +#command_args="--authgroup AUTHGROUP --user USER SERVERNAME" + +# For non-interactive use, set either password or password_file +#password="PASSWORD" +#password_file="/etc/openconnect/vpn0.password" diff --git a/net-vpn/openconnect/files/openconnect.initd b/net-vpn/openconnect/files/openconnect.initd index 7b33920f498c..69f9999f6ad9 100644 --- a/net-vpn/openconnect/files/openconnect.initd +++ b/net-vpn/openconnect/files/openconnect.initd @@ -1,109 +1,28 @@ #!/sbin/openrc-run -# Copyright 1999-2021 Gentoo Authors +# Copyright 2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -VPN="${RC_SVCNAME#*.}" -VPNCONF=/etc/openconnect/${VPN}.conf -VPNDIR="/etc/openconnect/${VPN}" -VPNLOG="/var/log/openconnect/${VPN}" -VPNLOGFILE="${VPNLOG}/openconnect.log" -VPNERRFILE="${VPNLOG}/openconnect.err" - +vpn=${RC_SVCNAME#*.} command="/usr/sbin/openconnect" -name="OpenConnect: ${VPN}" -pidfile="/run/openconnect/${VPN}.pid" +pidfile="/run/openconnect/${vpn}.pid" +command_args="--syslog ${command_args}" +command_args_background="--background --pid-file \"${pidfile}\"" stopsig="SIGINT" -depend() { - before netmount -} - -checkconfig() { - if [ $VPN = "openconnect" ]; then - eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:" - eerror - eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0" - eerror - eerror "And then call it instead:" - eerror - eerror "/etc/init.d/openconnect.vpn0 start" - return 1 - fi - return 0 -} - -checktuntap() { - if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then - if ! modprobe tun ; then - eerror "TUN/TAP support is not available in this kernel" - return 1 - fi - fi -} - -run_hook() { - if [ -x "$1" ]; then - "$@" - fi -} - start_pre() { - checkconfig || return - checktuntap || return - checkpath -d "${VPNLOG}" || return - checkpath -d /run/openconnect || return - run_hook "${VPNDIR}/preup.sh" + checkpath -d /run/openconnect } -ssd_helper() { +start() { if [ -n "${password}" ]; then - start-stop-daemon "$@" <<EOF + command_args="${command_args} --passwd-on-stdin" + default_start <<EOF ${password} EOF + elif [ -n "${password_file}" ]; then + command_args="${command_args} --passwd-on-stdin" + default_start <"${password_file}" else - start-stop-daemon "$@" + default_start fi } - -start() { - local server vpnopts password - eval server=\$server_${VPN} - eval vpnopts=\$vpnopts_${VPN} - eval password=\$password_${VPN} - - local config= - if [ -e "${VPNCONF}" ]; then - config="--config=${VPNCONF}" - fi - - # Allow quoted whitespace in vpnopts. - eval set -- ${vpnopts} - - ebegin "Starting ${name}" - ssd_helper --start \ - --exec "${command}" \ - --pidfile "${pidfile}" \ - -- \ - --background \ - ${config} \ - --interface="${VPN}" \ - --pid-file="${pidfile}" \ - "$@" \ - "${server}" \ - >> "${VPNLOGFILE}" \ - 2>> "${VPNERRFILE}" - eend $? -} - -start_post() { - run_hook "${VPNDIR}/postup.sh" -} - -stop_pre() { - checkconfig || return - run_hook "${VPNDIR}/predown.sh" -} - -stop_post() { - run_hook "${VPNDIR}/postdown.sh" -} diff --git a/net-vpn/openconnect/openconnect-8.10-r3.ebuild b/net-vpn/openconnect/openconnect-8.10-r4.ebuild index 8e6903996014..13c3da231bad 100644 --- a/net-vpn/openconnect/openconnect-8.10-r3.ebuild +++ b/net-vpn/openconnect/openconnect-8.10-r4.ebuild @@ -131,7 +131,7 @@ src_install() { dodoc "${FILESDIR}"/README.OpenRC - newconfd "${FILESDIR}"/openconnect.conf.in openconnect + newconfd "${FILESDIR}"/openconnect.confd openconnect newinitd "${FILESDIR}"/openconnect.initd openconnect insinto /etc/logrotate.d diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild index 8e6903996014..13c3da231bad 100644 --- a/net-vpn/openconnect/openconnect-9999.ebuild +++ b/net-vpn/openconnect/openconnect-9999.ebuild @@ -131,7 +131,7 @@ src_install() { dodoc "${FILESDIR}"/README.OpenRC - newconfd "${FILESDIR}"/openconnect.conf.in openconnect + newconfd "${FILESDIR}"/openconnect.confd openconnect newinitd "${FILESDIR}"/openconnect.initd openconnect insinto /etc/logrotate.d |