Stuart Cardall: 1 main/tinc: fixed init scripts + conf.d / chroot 6 files changed, 100 insertions(+), 89 deletions(-)
Copy & paste the following snippet into your terminal to import this patchset into git:
curl -s https://lists.alpinelinux.org/~alpine/devel/patches/460/mbox | git am -3Learn more about email & git
This patch fixes the restart bug & creates a tincvpn user for running in a chroot. Extra options can now be set in /etc/conf.d/tinc I modified stop() to detect chroot settings as it prevents most functionality in tinc-down (& stop() is a good place to include them). I also added restart() as 'rc-service tincd restart' doesn't run stop(). --- main/tinc/APKBUILD | 36 ++++++++++++------------ main/tinc/tinc.confd | 20 +++++++++++++ main/tinc/tinc.networks | 4 +-- main/tinc/tinc.post-install | 15 ++++++++++ main/tinc/tincd.initd | 68 +++++++++++++++++++++++++++++---------------- main/tinc/tincd.lo.initd | 46 ------------------------------ 6 files changed, 100 insertions(+), 89 deletions(-) create mode 100644 main/tinc/tinc.confd create mode 100644 main/tinc/tinc.post-install delete mode 100644 main/tinc/tincd.lo.initd diff --git a/main/tinc/APKBUILD b/main/tinc/APKBUILD index ff98ecc..606ef8a 100644 --- a/main/tinc/APKBUILD +++ b/main/tinc/APKBUILD @@ -1,19 +1,21 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=tinc pkgver=1.0.24 -pkgrel=0 +pkgrel=1 pkgdesc="tinc is a Virtual Private Network (VPN) daemon" url="http://www.tinc-vpn.org/" arch="all" license="GPL2+" depends="" makedepends="zlib-dev lzo-dev openssl-dev" -install="" +install="$pkgname.post-install" +pkgusers=tincvpn +pkggroups=tincvpn subpackages="$pkgname-doc" source="http://www.tinc-vpn.org/packages/tinc-$pkgver.tar.gz musl.patch tincd.initd - tincd.lo.initd + tinc.confd tinc.networks" _builddir="$srcdir"/$pkgname-$pkgver @@ -35,6 +37,7 @@ build() { --sysconfdir=/etc \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ + --localstatedir=/var \ --enable-jumbograms \ --enable-lzo \ --enable-zlib \ @@ -45,27 +48,26 @@ build() { package() { cd "$_builddir" make DESTDIR="$pkgdir" install || return 1 - - mkdir "$pkgdir"/etc/tinc - install -m755 -D "$srcdir"/tincd.initd "$pkgdir"/etc/init.d/tincd - install -m755 -D "$srcdir"/tincd.lo.initd \ - "$pkgdir"/etc/init.d/tincd.lo + install -m755 -D "$srcdir"/tincd.initd \ + "$pkgdir"/etc/init.d/tincd install -m644 -D "$srcdir"/tinc.networks \ "$pkgdir"/etc/conf.d/tinc.networks + install -m644 -D "$srcdir"/tinc.confd \ + "$pkgdir"/etc/conf.d/tinc } md5sums="14a91eb2e85bdc0451a815612521b708 tinc-1.0.24.tar.gz f2c913659191a0c81ed13dde305ca8bc musl.patch -411a260ed9bb1fc441444c3efbeafd7b tincd.initd -b95471eab010c0ed002cf3d16a009ced tincd.lo.initd -475d64d9aa410ec7e91f5b079800abc9 tinc.networks" +53cdd8b48866497c145183b312b5e5ef tincd.initd +2c630363be37dea68df5a22ce29fe27c tinc.confd +851cbc3e8ad83b001c80393132915807 tinc.networks" sha256sums="498e58f9f39e3922030a63cf62baf4b46a40fbda8d90b23ec0f084f4a9f9b687 tinc-1.0.24.tar.gz a394327605fa38e1b7bbbb49eda6461c96553d31370107e337482934ea8b042c musl.patch -0e8a18f9af03d967b30eac2c1de5d233449fae8a97342cdb88bf60e6b3867e73 tincd.initd -bd0909202c2f5b6fb0d97cac4f7f02a392393acd4b300a04db3a5416f4345035 tincd.lo.initd -7165721abd3706c95973118fbb503e18f9a008da6bdbf21a4ce35ecf7818d5ad tinc.networks" +4c9d191997876c0b6b3e1e343b93dca3fc2c17e1f5d141e9c7117f35d068e812 tincd.initd +eb71af67b1054c277dbd9c0bfc6ef149cb0c1f8c98fb6eea803ffbfe19db224f tinc.confd +0b42e29a42d39bb203213eae18521e5ca5539dcf4398c73780d66ef8e2fbcc6e tinc.networks" sha512sums="a59d4f996892b9aa4ce6adaf3f40c06dfb37c2546edb6b3858af15df7f4e6f7738dc186969df1676ad1dab7fcc081bec262bd9df4efc7620e00ca9be9121bc7d tinc-1.0.24.tar.gz 2a631b82e2d24139e8bf07057578d3f8e7f566829492cbbb82d030505ba00fe63943c57778156bca6985ab216e7b0d5ad8aeb25f7d7affa3189b7b3a005d0312 musl.patch -4a5da677d030dd24d347a86e7e892ea9aab57c2b4de8c9fa6ef576e239e4169f3ee6934162edc004a00678405f199606f05c173dd1ff94ee2f711536b1dfc072 tincd.initd -63df032f815b4a1e84c972e4cbfe115eda9fb80419b21d72811a947a8c9742f51442b5a06b0dbd220eb9a673b115fe62972019bdd4bac5855a36908c68bf5638 tincd.lo.initd -f7cb459c170898e51176bd92c642335386db90b7bca2abb3f6eb2514546efbd74e5fd2c8845060111dd48a0dd2cc1890717a03315c9b86185047c259cdc27135 tinc.networks" +4902bdac0964f2637d833dd14efe2ee51e849e838db00813d6ca2ce1bd8b4b32e8e417db82e7e84b85b88f186ff922cb15aaabd060b9a70d2b11c2ffc69bd295 tincd.initd +e3f57f0f3fab651d89dfaa1b2cee7f22ebbde5530d30188a2828076eacf15639dbc1eb3aa60a560d3c34df50a8f1477f572b2846e62815f4a2aed54ec32eb9dc tinc.confd +7434b304fb8daee06dc0b55a0747a57e615aaec87d145957347fea18c1ec5df0f930b421888f335c744eb21361f309ee05cefc387df45449dcbf48d82321bf23 tinc.networks" diff --git a/main/tinc/tinc.confd b/main/tinc/tinc.confd new file mode 100644 index 0000000..42da186 --- /dev/null +++ b/main/tinc/tinc.confd @@ -0,0 +1,20 @@ +# Tinc VPN conf.d for Alpine Linux + +# Set extra tincd command line options here + +# Add vpns to /etc/conf.d/tinc.networks & tinc will use any 'EXTRA' settings +# defined here below. +# +# Do NOT set '-L' to lock memory --> Alpine's Grsecurity Kernel will kill tincd. +# If running tinc in a chroot iptables commands will not work in tinc-down. +# See stop() in /etc/init.d/tincd for an example to add tinc-down functionality. + +## for debugging +#EXTRA="--debug=5" + +## run as tincvpn user in a chroot: +#EXTRA="--debug=1 -R -U tincvpn" + +## disable individual log files +#SYSLOG=yes + diff --git a/main/tinc/tinc.networks b/main/tinc/tinc.networks index e1844ce..b88b5dc 100644 --- a/main/tinc/tinc.networks +++ b/main/tinc/tinc.networks @@ -1,5 +1,5 @@ # file: /etc/conf.d/tinc.networks for /etc/init.d/tincd - + # In this file you define the tinc networks you want to connect to # USAGE: @@ -9,5 +9,5 @@ # if you want to connect to multiple VPN's just set them behind each other. e.g. # NETWORK: foo # NETWORK: bar -# +# # this would join the network foo and the network bar. diff --git a/main/tinc/tinc.post-install b/main/tinc/tinc.post-install new file mode 100644 index 0000000..cabf018 --- /dev/null +++ b/main/tinc/tinc.post-install @@ -0,0 +1,15 @@ +#!/bin/sh + +NORMAL="\033[1;0m" +STRONG="\033[1;1m" +GREEN="\033[1;32m" + +print_strong() { + local prompt="${STRONG}$1 ${GREEN}$2${NORMAL} ${STRONG}$3${NORMAL}" + printf "${prompt} %s\n" +} + +addgroup -S tincvpn 2>/dev/null +adduser -H -h /etc/tinc -S -g tincvpn -D -s /sbin/nologin tincvpn 2>/dev/null +print_strong "tincvpn user:group created " ">>> enable chroot in:" "/etc/conf.d/tinc" +exit 0 diff --git a/main/tinc/tincd.initd b/main/tinc/tincd.initd index 6ed1bef..0b806b9 100644 --- a/main/tinc/tincd.initd +++ b/main/tinc/tincd.initd @@ -1,19 +1,22 @@ #!/sbin/runscript -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/tinc/files/tincd,v 1.5 2008/04/01 14:08:45 dragonheart Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/tinc/files/tincd,v 1.9 2013/09/01 12:22:46 blueness Exp $ extra_started_commands="reload" +NETS="/etc/conf.d/tinc.networks" +DAEMON="/usr/sbin/tincd" +. /etc/conf.d/tinc + depend() { use logger dns need net } checkconfig() { - if ! grep -q '^ *NETWORK:' /etc/conf.d/tinc.networks - then - eerror "No VPN networks configured in /etc/conf.d/tinc.networks" + if ! grep -q '^ *NETWORK:' "${NETS}" ; then + eerror "No VPN networks configured in ${NETS}" return 1 fi } @@ -21,15 +24,21 @@ checkconfig() { start() { checkconfig || return 1 ebegin "Starting tinc VPN networks" - eend 0 - awk '/^ *NETWORK:/ { print $2 }' /etc/conf.d/tinc.networks | while read TINCNET + awk '/^ *NETWORK:/ { print $2 }' "${NETS}" | while read NETNAME do - if [ ! -f /etc/tinc/"$TINCNET"/tinc.conf ] - then - eerror "Cannot start network $TINCNET, /etc/tinc/$TINCNET/tinc.conf does not exist !" + CONFIG="/etc/tinc/${NETNAME}/tinc.conf" + PIDFILE="/var/run/tinc.${NETNAME}.pid" + if [ ! -f "${CONFIG}" ]; then + eerror "Cannot start network ${NETNAME}." + eerror "Please set up ${CONFIG} !" else - ebegin "Starting tinc network $TINCNET" - /usr/sbin/tincd --net="$TINCNET" --logfile=/var/log/tinc.$TINCNET.log --pidfile=/var/run/tinc.$TINCNET.pid + ebegin "Starting tinc network ${NETNAME}" + if [ "${SYSLOG}" == "yes" ]; then + LOG="" + else + LOG="--logfile=/var/log/tinc.${NETNAME}.log" + fi + start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}" -- --net="${NETNAME}" ${LOG} --pidfile "${PIDFILE}" ${EXTRA} eend $? fi done @@ -37,28 +46,39 @@ start() { stop() { ebegin "Stopping tinc VPN networks" - eend 0 - awk '/^ *NETWORK:/ { print $2 }' /etc/conf.d/tinc.networks | while read TINCNET + awk '/^ *NETWORK:/ { print $2 }' "${NETS}" | while read NETNAME do - if [ -f /var/run/tinc."$TINCNET".pid ] - then - ebegin "Stopping tinc network $TINCNET" - /usr/sbin/tincd --kill --pidfile=/var/run/tinc."$TINCNET".pid + PIDFILE="/var/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Stopping tinc network ${NETNAME}" + start-stop-daemon --stop --pidfile "${PIDFILE}" eend $? fi done + + # tinc chroot means iptables commands will not work in tinc-down + if echo "${EXTRA}" | grep "R -U tincvpn" 1>/dev/null; then + ewarn "modify stop() in /etc/init.d/tincd to include tinc-down functionality" + # einfo "Flushing & Restoring iptables with default deny policy" + # iptables-restore < /etc/iptables/up.rules + fi } reload() { ebegin "Reloading configuration for tinc VPN networks" - eend 0 - awk '/^ *NETWORK:/ { print $2 }' /etc/conf.d/tinc.networks | while read TINCNET + awk '/^ *NETWORK:/ { print $2 }' "${NETS}" | while read NETNAME do - if [ -f /var/run/tinc."$TINCNET".pid ] - then - ebegin "Reloading tinc network $TINCNET" - /usr/sbin/tincd --kill HUP --pidfile=/var/run/tinc."$TINCNET".pid + PIDFILE="/var/run/tinc.${NETNAME}.pid" + if [ -f "${PIDFILE}" ]; then + ebegin "Reloading tinc network ${NETNAME}" + start-stop-daemon --signal HUP --pidfile ${PIDFILE} eend $? fi done } + +restart() { + # 'rc-service tincd restart' does not run stop() + stop; start +} + diff --git a/main/tinc/tincd.lo.initd b/main/tinc/tincd.lo.initd deleted file mode 100644 index afa0156..0000000 --- a/main/tinc/tincd.lo.initd @@ -1,46 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/tinc/files/tincd.lo,v 1.1 2010/07/18 10:04:56 dragonheart Exp $ - -extra_started_commands="reload" - -depend() -{ - use logger dns - need net -} - -start() -{ - TINCNET=${RC_SVCNAME#*.} - if [ -f /etc/tinc/"$TINCNET"/tinc.conf ] ; then - ebegin "Starting tinc network $TINCNET" - /usr/sbin/tincd --debug=1 --net="$TINCNET" --logfile=/var/log/tinc.$TINCNET.log --pidfile=/var/run/tinc.$TINCNET.pid - eend $? - else - eerror "Cannot start network $TINCNET, /etc/tinc/$TINCNET/tinc.conf does not exist !" - fi -} - -stop() -{ - TINCNET=${RC_SVCNAME#*.} - if [ -f /var/run/tinc."$TINCNET".pid ] ; then - ebegin "Stopping tinc network $TINCNET" - /usr/sbin/tincd --kill --pidfile=/var/run/tinc."$TINCNET".pid - eend $? - else - eerror "Cannot start network $TINCNET, /etc/tinc/$TINCNET/tinc.conf does not exist !" - fi -} - -reload() -{ - TINCNET=${RC_SVCNAME#*.} - if [ -f /var/run/tinc."$TINCNET".pid ] ; then - ebegin "Reloading configuration for tinc network $TINCNET" - /usr/sbin/tincd --kill HUP --pidfile=/var/run/tinc."$TINCNET".pid - eend $? - fi -} -- 1.9.1 --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---