- use the _openvpn uid/gid istead of nobody/nogroup; from Tamas Tevesz

- remove USE_GMAKE because it is not needed - use a different method for installing the sample config files to prevent installing .orig files left behind after patching - bump PKGNAME
2006-12-15 09:56:14 +00:00 · 2006-12-15 09:56:14 +00:00 · 595afec84a
commit 595afec84a
parent a5afbbb1f1
10 changed files with 124 additions and 4 deletions
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.12 2006/04/05 11:49:36 bernd Exp $
+# $OpenBSD: Makefile,v 1.13 2006/12/15 09:56:14 robert Exp $
 # Original from: Jorge A. Cortes Montiel <jcortes@bsdcoders.org>

 COMMENT=	"easy-to-use, robust, and highly configurable VPN"

 VERSION=	2.0.6
 DISTNAME=	openvpn-${VERSION}
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	net security

 HOMEPAGE=	http://openvpn.net/
@ -23,7 +24,6 @@ MASTER_SITES=	${HOMEPAGE}/release/
 LIB_DEPENDS=	lzo::archivers/lzo

 SEPARATE_BUILD=	concurrent
-USE_GMAKE=	Yes

 FAKE=		lib
 CONFIGURE_STYLE=gnu
@ -41,7 +41,8 @@ post-install:
 	${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-scripts
 	${INSTALL_DATA_DIR} ${SAMPLES_DIR}/easy-rsa
 	@rm -rf ${WRKSRC}/easy-rsa/Windows
-	${INSTALL_DATA} ${WRKSRC}/sample-config-files/* ${SAMPLES_DIR}/sample-config-files/
+	@find ${WRKSRC}/sample-config-files/ -type f \! -name "*.orig" -exec \
+		${INSTALL_DATA} {} ${SAMPLES_DIR}/sample-config-files/ \;
 	${INSTALL_DATA} ${WRKSRC}/sample-keys/* ${SAMPLES_DIR}/sample-keys/
 	${INSTALL_DATA} ${WRKSRC}/sample-scripts/* ${SAMPLES_DIR}/sample-scripts/
 	@find ${WRKSRC}/easy-rsa -type f -exec perl -pi -e 's,#!/bin/bash,#!/bin/sh,g' {} \;
--- a/net/openvpn/patches/patch-sample-config-files_client_conf
+++ b/net/openvpn/patches/patch-sample-config-files_client_conf
@ -0,0 +1,14 @@
+$OpenBSD: patch-sample-config-files_client_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
+--- sample-config-files/client.conf.orig	Tue Nov  1 12:06:10 2005
+++ sample-config-files/client.conf	Fri Dec 15 09:22:42 2006
+@@ -58,8 +58,8 @@ resolv-retry infinite
+ nobind
+ 
+ # Downgrade privileges after initialization (non-Windows only)
+-;user nobody
+-;group nobody
+;user _openvpn
+;group _openvpn
+ 
+ # Try to preserve some state across restarts.
+ persist-key
--- a/net/openvpn/patches/patch-sample-config-files_server_conf
+++ b/net/openvpn/patches/patch-sample-config-files_server_conf
@ -0,0 +1,14 @@
+$OpenBSD: patch-sample-config-files_server_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
+--- sample-config-files/server.conf.orig	Fri Jan  6 22:49:27 2006
+++ sample-config-files/server.conf	Fri Dec 15 09:22:42 2006
+@@ -251,8 +251,8 @@ comp-lzo
+ #
+ # You can uncomment this out on
+ # non-Windows systems.
+-;user nobody
+-;group nobody
+;user _openvpn
+;group _openvpn
+ 
+ # The persist options will try to avoid
+ # accessing certain resources on restart
--- a/net/openvpn/patches/patch-sample-config-files_static-home_conf
+++ b/net/openvpn/patches/patch-sample-config-files_static-home_conf
@ -0,0 +1,17 @@
+$OpenBSD: patch-sample-config-files_static-home_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
+--- sample-config-files/static-home.conf.orig	Tue Nov  1 12:06:10 2005
+++ sample-config-files/static-home.conf	Fri Dec 15 09:22:42 2006
+@@ -37,10 +37,10 @@ secret static.key
+ ; port 1194
+ 
+ # Downgrade UID and GID to
+-# "nobody" after initialization
+# "_openvpn" after initialization
+ # for extra security.
+-; user nobody
+-; group nobody
+; user _openvpn
+; group _openvpn
+ 
+ # If you built OpenVPN with
+ # LZO compression, uncomment
--- a/net/openvpn/patches/patch-sample-config-files_static-office_conf
+++ b/net/openvpn/patches/patch-sample-config-files_static-office_conf
@ -0,0 +1,17 @@
+$OpenBSD: patch-sample-config-files_static-office_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
+--- sample-config-files/static-office.conf.orig	Tue Nov  1 12:06:10 2005
+++ sample-config-files/static-office.conf	Fri Dec 15 09:22:42 2006
+@@ -34,10 +34,10 @@ secret static.key
+ ; port 1194
+ 
+ # Downgrade UID and GID to
+-# "nobody" after initialization
+# "_openvpn" after initialization
+ # for extra security.
+-; user nobody
+-; group nobody
+; user _openvpn
+; group _openvpn
+ 
+ # If you built OpenVPN with
+ # LZO compression, uncomment
--- a/net/openvpn/patches/patch-sample-config-files_tls-home_conf
+++ b/net/openvpn/patches/patch-sample-config-files_tls-home_conf
@ -0,0 +1,17 @@
+$OpenBSD: patch-sample-config-files_tls-home_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
+--- sample-config-files/tls-home.conf.orig	Tue Nov  1 12:06:10 2005
+++ sample-config-files/tls-home.conf	Fri Dec 15 09:22:42 2006
+@@ -48,10 +48,10 @@ key home.key
+ ; port 1194
+ 
+ # Downgrade UID and GID to
+-# "nobody" after initialization
+# "_openvpn" after initialization
+ # for extra security.
+-; user nobody
+-; group nobody
+; user _openvpn
+; group _openvpn
+ 
+ # If you built OpenVPN with
+ # LZO compression, uncomment
--- a/net/openvpn/patches/patch-sample-config-files_tls-office_conf
+++ b/net/openvpn/patches/patch-sample-config-files_tls-office_conf
@ -0,0 +1,17 @@
+$OpenBSD: patch-sample-config-files_tls-office_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
+--- sample-config-files/tls-office.conf.orig	Tue Nov  1 12:06:10 2005
+++ sample-config-files/tls-office.conf	Fri Dec 15 09:22:42 2006
+@@ -48,10 +48,10 @@ key office.key
+ ; port 1194
+ 
+ # Downgrade UID and GID to
+-# "nobody" after initialization
+# "_openvpn" after initialization
+ # for extra security.
+-; user nobody
+-; group nobody
+; user _openvpn
+; group _openvpn
+ 
+ # If you built OpenVPN with
+ # LZO compression, uncomment
--- a/net/openvpn/patches/patch-sample-config-files_xinetd-client-config
+++ b/net/openvpn/patches/patch-sample-config-files_xinetd-client-config
@ -0,0 +1,11 @@
+$OpenBSD: patch-sample-config-files_xinetd-client-config,v 1.1 2006/12/15 09:56:14 robert Exp $
+--- sample-config-files/xinetd-client-config.orig	Tue Nov  1 12:06:10 2005
+++ sample-config-files/xinetd-client-config	Fri Dec 15 09:22:42 2006
+@@ -6,6 +6,6 @@ dev tun
+ ifconfig 10.4.0.1 10.4.0.2
+ remote my-server
+ port 1194
+-user nobody
+user _openvpn
+ secret /root/openvpn/key
+ inactive 600
--- a/net/openvpn/patches/patch-sample-config-files_xinetd-server-config
+++ b/net/openvpn/patches/patch-sample-config-files_xinetd-server-config
@ -0,0 +1,10 @@
+$OpenBSD: patch-sample-config-files_xinetd-server-config,v 1.1 2006/12/15 09:56:14 robert Exp $
+--- sample-config-files/xinetd-server-config.orig	Tue Nov  1 12:06:10 2005
+++ sample-config-files/xinetd-server-config	Fri Dec 15 09:22:42 2006
+@@ -21,5 +21,5 @@ service openvpn_1
+         wait            = yes
+         user            = root
+         server          = /root/openvpn/openvpn
+-        server_args     = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody
+        server_args     = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user _openvpn
+ }
--- a/net/openvpn/pkg/PLIST
+++ b/net/openvpn/pkg/PLIST
@ -1,4 +1,6 @@
-@comment $OpenBSD: PLIST,v 1.6 2005/12/04 17:19:51 sturm Exp $
+@comment $OpenBSD: PLIST,v 1.7 2006/12/15 09:56:14 robert Exp $
+@newgroup _openvpn:577
+@newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin
@man man/man8/openvpn.8
 sbin/openvpn
 share/examples/openvpn/