diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index 9a5bd68abcf..672cbdd657e 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -1,10 +1,11 @@ -# $OpenBSD: Makefile,v 1.12 2006/04/05 11:49:36 bernd Exp $ +# $OpenBSD: Makefile,v 1.13 2006/12/15 09:56:14 robert Exp $ # Original from: Jorge A. Cortes Montiel COMMENT= "easy-to-use, robust, and highly configurable VPN" VERSION= 2.0.6 DISTNAME= openvpn-${VERSION} +PKGNAME= ${DISTNAME}p0 CATEGORIES= net security HOMEPAGE= http://openvpn.net/ @@ -23,7 +24,6 @@ MASTER_SITES= ${HOMEPAGE}/release/ LIB_DEPENDS= lzo::archivers/lzo SEPARATE_BUILD= concurrent -USE_GMAKE= Yes FAKE= lib CONFIGURE_STYLE=gnu @@ -41,7 +41,8 @@ post-install: ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/sample-scripts ${INSTALL_DATA_DIR} ${SAMPLES_DIR}/easy-rsa @rm -rf ${WRKSRC}/easy-rsa/Windows - ${INSTALL_DATA} ${WRKSRC}/sample-config-files/* ${SAMPLES_DIR}/sample-config-files/ + @find ${WRKSRC}/sample-config-files/ -type f \! -name "*.orig" -exec \ + ${INSTALL_DATA} {} ${SAMPLES_DIR}/sample-config-files/ \; ${INSTALL_DATA} ${WRKSRC}/sample-keys/* ${SAMPLES_DIR}/sample-keys/ ${INSTALL_DATA} ${WRKSRC}/sample-scripts/* ${SAMPLES_DIR}/sample-scripts/ @find ${WRKSRC}/easy-rsa -type f -exec perl -pi -e 's,#!/bin/bash,#!/bin/sh,g' {} \; diff --git a/net/openvpn/patches/patch-sample-config-files_client_conf b/net/openvpn/patches/patch-sample-config-files_client_conf new file mode 100644 index 00000000000..5f7b7e81d45 --- /dev/null +++ b/net/openvpn/patches/patch-sample-config-files_client_conf @@ -0,0 +1,14 @@ +$OpenBSD: patch-sample-config-files_client_conf,v 1.1 2006/12/15 09:56:14 robert Exp $ +--- sample-config-files/client.conf.orig Tue Nov 1 12:06:10 2005 ++++ sample-config-files/client.conf Fri Dec 15 09:22:42 2006 +@@ -58,8 +58,8 @@ resolv-retry infinite + nobind + + # Downgrade privileges after initialization (non-Windows only) +-;user nobody +-;group nobody ++;user _openvpn ++;group _openvpn + + # Try to preserve some state across restarts. + persist-key diff --git a/net/openvpn/patches/patch-sample-config-files_server_conf b/net/openvpn/patches/patch-sample-config-files_server_conf new file mode 100644 index 00000000000..e7a33464376 --- /dev/null +++ b/net/openvpn/patches/patch-sample-config-files_server_conf @@ -0,0 +1,14 @@ +$OpenBSD: patch-sample-config-files_server_conf,v 1.1 2006/12/15 09:56:14 robert Exp $ +--- sample-config-files/server.conf.orig Fri Jan 6 22:49:27 2006 ++++ sample-config-files/server.conf Fri Dec 15 09:22:42 2006 +@@ -251,8 +251,8 @@ comp-lzo + # + # You can uncomment this out on + # non-Windows systems. +-;user nobody +-;group nobody ++;user _openvpn ++;group _openvpn + + # The persist options will try to avoid + # accessing certain resources on restart diff --git a/net/openvpn/patches/patch-sample-config-files_static-home_conf b/net/openvpn/patches/patch-sample-config-files_static-home_conf new file mode 100644 index 00000000000..303ea277905 --- /dev/null +++ b/net/openvpn/patches/patch-sample-config-files_static-home_conf @@ -0,0 +1,17 @@ +$OpenBSD: patch-sample-config-files_static-home_conf,v 1.1 2006/12/15 09:56:14 robert Exp $ +--- sample-config-files/static-home.conf.orig Tue Nov 1 12:06:10 2005 ++++ sample-config-files/static-home.conf Fri Dec 15 09:22:42 2006 +@@ -37,10 +37,10 @@ secret static.key + ; port 1194 + + # Downgrade UID and GID to +-# "nobody" after initialization ++# "_openvpn" after initialization + # for extra security. +-; user nobody +-; group nobody ++; user _openvpn ++; group _openvpn + + # If you built OpenVPN with + # LZO compression, uncomment diff --git a/net/openvpn/patches/patch-sample-config-files_static-office_conf b/net/openvpn/patches/patch-sample-config-files_static-office_conf new file mode 100644 index 00000000000..7774e8167fc --- /dev/null +++ b/net/openvpn/patches/patch-sample-config-files_static-office_conf @@ -0,0 +1,17 @@ +$OpenBSD: patch-sample-config-files_static-office_conf,v 1.1 2006/12/15 09:56:14 robert Exp $ +--- sample-config-files/static-office.conf.orig Tue Nov 1 12:06:10 2005 ++++ sample-config-files/static-office.conf Fri Dec 15 09:22:42 2006 +@@ -34,10 +34,10 @@ secret static.key + ; port 1194 + + # Downgrade UID and GID to +-# "nobody" after initialization ++# "_openvpn" after initialization + # for extra security. +-; user nobody +-; group nobody ++; user _openvpn ++; group _openvpn + + # If you built OpenVPN with + # LZO compression, uncomment diff --git a/net/openvpn/patches/patch-sample-config-files_tls-home_conf b/net/openvpn/patches/patch-sample-config-files_tls-home_conf new file mode 100644 index 00000000000..14b285ed917 --- /dev/null +++ b/net/openvpn/patches/patch-sample-config-files_tls-home_conf @@ -0,0 +1,17 @@ +$OpenBSD: patch-sample-config-files_tls-home_conf,v 1.1 2006/12/15 09:56:14 robert Exp $ +--- sample-config-files/tls-home.conf.orig Tue Nov 1 12:06:10 2005 ++++ sample-config-files/tls-home.conf Fri Dec 15 09:22:42 2006 +@@ -48,10 +48,10 @@ key home.key + ; port 1194 + + # Downgrade UID and GID to +-# "nobody" after initialization ++# "_openvpn" after initialization + # for extra security. +-; user nobody +-; group nobody ++; user _openvpn ++; group _openvpn + + # If you built OpenVPN with + # LZO compression, uncomment diff --git a/net/openvpn/patches/patch-sample-config-files_tls-office_conf b/net/openvpn/patches/patch-sample-config-files_tls-office_conf new file mode 100644 index 00000000000..4adb3581cf2 --- /dev/null +++ b/net/openvpn/patches/patch-sample-config-files_tls-office_conf @@ -0,0 +1,17 @@ +$OpenBSD: patch-sample-config-files_tls-office_conf,v 1.1 2006/12/15 09:56:14 robert Exp $ +--- sample-config-files/tls-office.conf.orig Tue Nov 1 12:06:10 2005 ++++ sample-config-files/tls-office.conf Fri Dec 15 09:22:42 2006 +@@ -48,10 +48,10 @@ key office.key + ; port 1194 + + # Downgrade UID and GID to +-# "nobody" after initialization ++# "_openvpn" after initialization + # for extra security. +-; user nobody +-; group nobody ++; user _openvpn ++; group _openvpn + + # If you built OpenVPN with + # LZO compression, uncomment diff --git a/net/openvpn/patches/patch-sample-config-files_xinetd-client-config b/net/openvpn/patches/patch-sample-config-files_xinetd-client-config new file mode 100644 index 00000000000..53cd54e0ccf --- /dev/null +++ b/net/openvpn/patches/patch-sample-config-files_xinetd-client-config @@ -0,0 +1,11 @@ +$OpenBSD: patch-sample-config-files_xinetd-client-config,v 1.1 2006/12/15 09:56:14 robert Exp $ +--- sample-config-files/xinetd-client-config.orig Tue Nov 1 12:06:10 2005 ++++ sample-config-files/xinetd-client-config Fri Dec 15 09:22:42 2006 +@@ -6,6 +6,6 @@ dev tun + ifconfig 10.4.0.1 10.4.0.2 + remote my-server + port 1194 +-user nobody ++user _openvpn + secret /root/openvpn/key + inactive 600 diff --git a/net/openvpn/patches/patch-sample-config-files_xinetd-server-config b/net/openvpn/patches/patch-sample-config-files_xinetd-server-config new file mode 100644 index 00000000000..8e6f1764793 --- /dev/null +++ b/net/openvpn/patches/patch-sample-config-files_xinetd-server-config @@ -0,0 +1,10 @@ +$OpenBSD: patch-sample-config-files_xinetd-server-config,v 1.1 2006/12/15 09:56:14 robert Exp $ +--- sample-config-files/xinetd-server-config.orig Tue Nov 1 12:06:10 2005 ++++ sample-config-files/xinetd-server-config Fri Dec 15 09:22:42 2006 +@@ -21,5 +21,5 @@ service openvpn_1 + wait = yes + user = root + server = /root/openvpn/openvpn +- server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody ++ server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user _openvpn + } diff --git a/net/openvpn/pkg/PLIST b/net/openvpn/pkg/PLIST index 80af352b599..2a826f92ea7 100644 --- a/net/openvpn/pkg/PLIST +++ b/net/openvpn/pkg/PLIST @@ -1,4 +1,6 @@ -@comment $OpenBSD: PLIST,v 1.6 2005/12/04 17:19:51 sturm Exp $ +@comment $OpenBSD: PLIST,v 1.7 2006/12/15 09:56:14 robert Exp $ +@newgroup _openvpn:577 +@newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin @man man/man8/openvpn.8 sbin/openvpn share/examples/openvpn/