This patch fixes the restart bug & creates a tincvpn user for
running in a chroot.
Extra options can now be set in /etc/conf.d/tinc
I modified stop() to detect chroot settings as it prevents most
functionality in tinc-down (& stop() is a good place to include
them).
I also added restart() as 'rc-service tincd restart' doesn't run
stop().
---
main/tinc/APKBUILD | 36 ++++++++++++------------
main/tinc/tinc.confd | 20 +++++++++++++
main/tinc/tinc.networks | 4 +--
main/tinc/tinc.post-install | 15 ++++++++++
main/tinc/tincd.initd | 68 +++++++++++++++++++++++++++++----------------
main/tinc/tincd.lo.initd | 46 ------------------------------
6 files changed, 100 insertions(+), 89 deletions(-)
create mode 100644 main/tinc/tinc.confd
create mode 100644 main/tinc/tinc.post-install
delete mode 100644 main/tinc/tincd.lo.initd
diff --git a/main/tinc/APKBUILD b/main/tinc/APKBUILD
index ff98ecc..606ef8a 100644
--- a/main/tinc/APKBUILD
+++ b/main/tinc/APKBUILD
@@ -1,19 +1,21 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=tinc
pkgver=1.0.24
-pkgrel=0
+pkgrel=1
pkgdesc="tinc is a Virtual Private Network (VPN) daemon"
url="http://www.tinc-vpn.org/"
arch="all"
license="GPL2+"
depends=""
makedepends="zlib-dev lzo-dev openssl-dev"
-install=""
+install="$pkgname.post-install"
+pkgusers=tincvpn
+pkggroups=tincvpn
subpackages="$pkgname-doc"
source="http://www.tinc-vpn.org/packages/tinc-$pkgver.tar.gz
musl.patch
tincd.initd
- tincd.lo.initd
+ tinc.confd
tinc.networks"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -35,6 +37,7 @@ build() {
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
+ --localstatedir=/var \
--enable-jumbograms \
--enable-lzo \
--enable-zlib \
@@ -45,27 +48,26 @@ build() {
package() {
cd "$_builddir"
make DESTDIR="$pkgdir" install || return 1
-
- mkdir "$pkgdir"/etc/tinc
- install -m755 -D "$srcdir"/tincd.initd "$pkgdir"/etc/init.d/tincd
- install -m755 -D "$srcdir"/tincd.lo.initd \
- "$pkgdir"/etc/init.d/tincd.lo
+ install -m755 -D "$srcdir"/tincd.initd \
+ "$pkgdir"/etc/init.d/tincd
install -m644 -D "$srcdir"/tinc.networks \
"$pkgdir"/etc/conf.d/tinc.networks
+ install -m644 -D "$srcdir"/tinc.confd \
+ "$pkgdir"/etc/conf.d/tinc
}
md5sums="14a91eb2e85bdc0451a815612521b708 tinc-1.0.24.tar.gz
f2c913659191a0c81ed13dde305ca8bc musl.patch
-411a260ed9bb1fc441444c3efbeafd7b tincd.initd
-b95471eab010c0ed002cf3d16a009ced tincd.lo.initd
-475d64d9aa410ec7e91f5b079800abc9 tinc.networks"
+53cdd8b48866497c145183b312b5e5ef tincd.initd
+2c630363be37dea68df5a22ce29fe27c tinc.confd
+851cbc3e8ad83b001c80393132915807 tinc.networks"
sha256sums="498e58f9f39e3922030a63cf62baf4b46a40fbda8d90b23ec0f084f4a9f9b687 tinc-1.0.24.tar.gz
a394327605fa38e1b7bbbb49eda6461c96553d31370107e337482934ea8b042c musl.patch
-0e8a18f9af03d967b30eac2c1de5d233449fae8a97342cdb88bf60e6b3867e73 tincd.initd
-bd0909202c2f5b6fb0d97cac4f7f02a392393acd4b300a04db3a5416f4345035 tincd.lo.initd
-7165721abd3706c95973118fbb503e18f9a008da6bdbf21a4ce35ecf7818d5ad tinc.networks"
+4c9d191997876c0b6b3e1e343b93dca3fc2c17e1f5d141e9c7117f35d068e812 tincd.initd
+eb71af67b1054c277dbd9c0bfc6ef149cb0c1f8c98fb6eea803ffbfe19db224f tinc.confd
+0b42e29a42d39bb203213eae18521e5ca5539dcf4398c73780d66ef8e2fbcc6e tinc.networks"
sha512sums="a59d4f996892b9aa4ce6adaf3f40c06dfb37c2546edb6b3858af15df7f4e6f7738dc186969df1676ad1dab7fcc081bec262bd9df4efc7620e00ca9be9121bc7d tinc-1.0.24.tar.gz
2a631b82e2d24139e8bf07057578d3f8e7f566829492cbbb82d030505ba00fe63943c57778156bca6985ab216e7b0d5ad8aeb25f7d7affa3189b7b3a005d0312 musl.patch
-4a5da677d030dd24d347a86e7e892ea9aab57c2b4de8c9fa6ef576e239e4169f3ee6934162edc004a00678405f199606f05c173dd1ff94ee2f711536b1dfc072 tincd.initd
-63df032f815b4a1e84c972e4cbfe115eda9fb80419b21d72811a947a8c9742f51442b5a06b0dbd220eb9a673b115fe62972019bdd4bac5855a36908c68bf5638 tincd.lo.initd
-f7cb459c170898e51176bd92c642335386db90b7bca2abb3f6eb2514546efbd74e5fd2c8845060111dd48a0dd2cc1890717a03315c9b86185047c259cdc27135 tinc.networks"
+4902bdac0964f2637d833dd14efe2ee51e849e838db00813d6ca2ce1bd8b4b32e8e417db82e7e84b85b88f186ff922cb15aaabd060b9a70d2b11c2ffc69bd295 tincd.initd
+e3f57f0f3fab651d89dfaa1b2cee7f22ebbde5530d30188a2828076eacf15639dbc1eb3aa60a560d3c34df50a8f1477f572b2846e62815f4a2aed54ec32eb9dc tinc.confd
+7434b304fb8daee06dc0b55a0747a57e615aaec87d145957347fea18c1ec5df0f930b421888f335c744eb21361f309ee05cefc387df45449dcbf48d82321bf23 tinc.networks"
diff --git a/main/tinc/tinc.confd b/main/tinc/tinc.confd
new file mode 100644
index 0000000..42da186
--- /dev/null
+++ b/main/tinc/tinc.confd
@@ -0,0 +1,20 @@
+# Tinc VPN conf.d for Alpine Linux
+
+# Set extra tincd command line options here
+
+# Add vpns to /etc/conf.d/tinc.networks & tinc will use any 'EXTRA' settings
+# defined here below.
+#
+# Do NOT set '-L' to lock memory --> Alpine's Grsecurity Kernel will kill tincd.
+# If running tinc in a chroot iptables commands will not work in tinc-down.
+# See stop() in /etc/init.d/tincd for an example to add tinc-down functionality.
+
+## for debugging
+#EXTRA="--debug=5"
+
+## run as tincvpn user in a chroot:
+#EXTRA="--debug=1 -R -U tincvpn"
+
+## disable individual log files
+#SYSLOG=yes
+
diff --git a/main/tinc/tinc.networks b/main/tinc/tinc.networks
index e1844ce..b88b5dc 100644
--- a/main/tinc/tinc.networks
+++ b/main/tinc/tinc.networks
@@ -1,5 +1,5 @@
# file: /etc/conf.d/tinc.networks for /etc/init.d/tincd
-
+
# In this file you define the tinc networks you want to connect to
# USAGE:
@@ -9,5 +9,5 @@
# if you want to connect to multiple VPN's just set them behind each other. e.g.
# NETWORK: foo
# NETWORK: bar
-#
+#
# this would join the network foo and the network bar.
diff --git a/main/tinc/tinc.post-install b/main/tinc/tinc.post-install
new file mode 100644
index 0000000..cabf018
--- /dev/null
+++ b/main/tinc/tinc.post-install
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+NORMAL="\033[1;0m"
+STRONG="\033[1;1m"
+GREEN="\033[1;32m"
+
+print_strong() {
+ local prompt="${STRONG}$1 ${GREEN}$2${NORMAL} ${STRONG}$3${NORMAL}"
+ printf "${prompt} %s\n"
+}
+
+addgroup -S tincvpn 2>/dev/null
+adduser -H -h /etc/tinc -S -g tincvpn -D -s /sbin/nologin tincvpn 2>/dev/null
+print_strong "tincvpn user:group created " ">>> enable chroot in:" "/etc/conf.d/tinc"
+exit 0
diff --git a/main/tinc/tincd.initd b/main/tinc/tincd.initd
index 6ed1bef..0b806b9 100644
--- a/main/tinc/tincd.initd
+++ b/main/tinc/tincd.initd
@@ -1,19 +1,22 @@
#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tinc/files/tincd,v 1.5 2008/04/01 14:08:45 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tinc/files/tincd,v 1.9 2013/09/01 12:22:46 blueness Exp $
extra_started_commands="reload"
+NETS="/etc/conf.d/tinc.networks"
+DAEMON="/usr/sbin/tincd"
+. /etc/conf.d/tinc
+
depend() {
use logger dns
need net
}
checkconfig() {
- if ! grep -q '^ *NETWORK:' /etc/conf.d/tinc.networks
- then
- eerror "No VPN networks configured in /etc/conf.d/tinc.networks"
+ if ! grep -q '^ *NETWORK:' "${NETS}" ; then
+ eerror "No VPN networks configured in ${NETS}"
return 1
fi
}
@@ -21,15 +24,21 @@ checkconfig() {
start() {
checkconfig || return 1
ebegin "Starting tinc VPN networks"
- eend 0
- awk '/^ *NETWORK:/ { print $2 }' /etc/conf.d/tinc.networks | while read TINCNET
+ awk '/^ *NETWORK:/ { print $2 }' "${NETS}" | while read NETNAME
do
- if [ ! -f /etc/tinc/"$TINCNET"/tinc.conf ]
- then
- eerror "Cannot start network $TINCNET, /etc/tinc/$TINCNET/tinc.conf does not exist !"
+ CONFIG="/etc/tinc/${NETNAME}/tinc.conf"
+ PIDFILE="/var/run/tinc.${NETNAME}.pid"
+ if [ ! -f "${CONFIG}" ]; then
+ eerror "Cannot start network ${NETNAME}."
+ eerror "Please set up ${CONFIG} !"
else
- ebegin "Starting tinc network $TINCNET"
- /usr/sbin/tincd --net="$TINCNET" --logfile=/var/log/tinc.$TINCNET.log --pidfile=/var/run/tinc.$TINCNET.pid
+ ebegin "Starting tinc network ${NETNAME}"
+ if [ "${SYSLOG}" == "yes" ]; then
+ LOG=""
+ else
+ LOG="--logfile=/var/log/tinc.${NETNAME}.log"
+ fi
+ start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}" -- --net="${NETNAME}" ${LOG} --pidfile "${PIDFILE}" ${EXTRA}
eend $?
fi
done
@@ -37,28 +46,39 @@ start() {
stop() {
ebegin "Stopping tinc VPN networks"
- eend 0
- awk '/^ *NETWORK:/ { print $2 }' /etc/conf.d/tinc.networks | while read TINCNET
+ awk '/^ *NETWORK:/ { print $2 }' "${NETS}" | while read NETNAME
do
- if [ -f /var/run/tinc."$TINCNET".pid ]
- then
- ebegin "Stopping tinc network $TINCNET"
- /usr/sbin/tincd --kill --pidfile=/var/run/tinc."$TINCNET".pid
+ PIDFILE="/var/run/tinc.${NETNAME}.pid"
+ if [ -f "${PIDFILE}" ]; then
+ ebegin "Stopping tinc network ${NETNAME}"
+ start-stop-daemon --stop --pidfile "${PIDFILE}"
eend $?
fi
done
+
+ # tinc chroot means iptables commands will not work in tinc-down
+ if echo "${EXTRA}" | grep "R -U tincvpn" 1>/dev/null; then
+ ewarn "modify stop() in /etc/init.d/tincd to include tinc-down functionality"
+ # einfo "Flushing & Restoring iptables with default deny policy"
+ # iptables-restore < /etc/iptables/up.rules
+ fi
}
reload() {
ebegin "Reloading configuration for tinc VPN networks"
- eend 0
- awk '/^ *NETWORK:/ { print $2 }' /etc/conf.d/tinc.networks | while read TINCNET
+ awk '/^ *NETWORK:/ { print $2 }' "${NETS}" | while read NETNAME
do
- if [ -f /var/run/tinc."$TINCNET".pid ]
- then
- ebegin "Reloading tinc network $TINCNET"
- /usr/sbin/tincd --kill HUP --pidfile=/var/run/tinc."$TINCNET".pid
+ PIDFILE="/var/run/tinc.${NETNAME}.pid"
+ if [ -f "${PIDFILE}" ]; then
+ ebegin "Reloading tinc network ${NETNAME}"
+ start-stop-daemon --signal HUP --pidfile ${PIDFILE}
eend $?
fi
done
}
+
+restart() {
+ # 'rc-service tincd restart' does not run stop()
+ stop; start
+}
+
diff --git a/main/tinc/tincd.lo.initd b/main/tinc/tincd.lo.initd
deleted file mode 100644
index afa0156..0000000
--- a/main/tinc/tincd.lo.initd
@@ -1,46 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tinc/files/tincd.lo,v 1.1 2010/07/18 10:04:56 dragonheart Exp $
-
-extra_started_commands="reload"
-
-depend()
-{
- use logger dns
- need net
-}
-
-start()
-{
- TINCNET=${RC_SVCNAME#*.}
- if [ -f /etc/tinc/"$TINCNET"/tinc.conf ] ; then
- ebegin "Starting tinc network $TINCNET"
- /usr/sbin/tincd --debug=1 --net="$TINCNET" --logfile=/var/log/tinc.$TINCNET.log --pidfile=/var/run/tinc.$TINCNET.pid
- eend $?
- else
- eerror "Cannot start network $TINCNET, /etc/tinc/$TINCNET/tinc.conf does not exist !"
- fi
-}
-
-stop()
-{
- TINCNET=${RC_SVCNAME#*.}
- if [ -f /var/run/tinc."$TINCNET".pid ] ; then
- ebegin "Stopping tinc network $TINCNET"
- /usr/sbin/tincd --kill --pidfile=/var/run/tinc."$TINCNET".pid
- eend $?
- else
- eerror "Cannot start network $TINCNET, /etc/tinc/$TINCNET/tinc.conf does not exist !"
- fi
-}
-
-reload()
-{
- TINCNET=${RC_SVCNAME#*.}
- if [ -f /var/run/tinc."$TINCNET".pid ] ; then
- ebegin "Reloading configuration for tinc network $TINCNET"
- /usr/sbin/tincd --kill HUP --pidfile=/var/run/tinc."$TINCNET".pid
- eend $?
- fi
-}
--
1.9.1
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---