commit: d08fe11b2b09f874ea8a2fbd296f69a4ce073702
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 2 17:07:50 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Oct 2 17:19:57 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d08fe11b
net-vpn/openconnect: rewrite initscript
Support for the server_${VPN}, password_${VPN}, and vpnopts_${VPN}
variables is dropped.
Per-VPN variables are now defined in /etc/conf.d/openconnect.${vpn}.
Instead of defining server and vpnopts, the user should set command_args
which will be passed to openconnect via the default_start function.
Support for 'password' and 'password_file' variables is added. If neither
is specified, the password will be prompted for interactively.
Support for up/down hooks is dropped. The functionality can be replaced
with vpnc-script hooks.
Bug: https://bugs.gentoo.org/733614
Bug: https://bugs.gentoo.org/763579
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
net-vpn/openconnect/files/README.OpenRC | 25 +----
net-vpn/openconnect/files/openconnect.confd | 6 ++
net-vpn/openconnect/files/openconnect.initd | 107 +++------------------
...t-8.10-r3.ebuild => openconnect-8.10-r4.ebuild} | 2 +-
net-vpn/openconnect/openconnect-9999.ebuild | 2 +-
5 files changed, 25 insertions(+), 117 deletions(-)
diff --git a/net-vpn/openconnect/files/README.OpenRC
b/net-vpn/openconnect/files/README.OpenRC
index baa617d94ea..488533e87e3 100644
--- a/net-vpn/openconnect/files/README.OpenRC
+++ b/net-vpn/openconnect/files/README.OpenRC
@@ -1,30 +1,13 @@
-The service script for openconnect supports multiple vpn tunnels.
+The service script for openconnect supports multiple VPN tunnels.
-You need to create a symbolic link to /etc/init.d/openconnect in
+To enable this, create a symbolic link to /etc/init.d/openconnect in
/etc/init.d for each tunnel instead of calling it directly:
ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
-Also, create a configuration file for the tunnel in /etc/openconnect. To
-follow this example, the configuration file would be called
-/etc/openconnect/vpn0.conf. See man openconnect for the options that can
-go in this file.
+To define per-VPN settings, copy /etc/conf.d/openconnect to
+openconnect.vpn0.
You can then start the vpn tunnel like this:
rc-service openconnect.vpn0 start
-
-If you would like to run preup, postup, predown, and/or postdown scripts,
-You need to create a directory in /etc/openconnect with the name of the vpn:
-
-mkdir /etc/openconnect/vpn0
-
-Then add executable shell files:
-
-mkdir /etc/openconnect/vpn0
-cd /etc/openconnect/vpn0
-echo '#!/bin/sh' > preup.sh
-cp preup.sh predown.sh
-cp preup.sh postup.sh
-cp preup.sh postdown.sh
-chmod 755 /etc/openconnect/vpn0/*
diff --git a/net-vpn/openconnect/files/openconnect.confd
b/net-vpn/openconnect/files/openconnect.confd
new file mode 100644
index 00000000000..5c00518a693
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.confd
@@ -0,0 +1,6 @@
+# Arguments to pass to openconnect
+#command_args="--authgroup AUTHGROUP --user USER SERVERNAME"
+
+# For non-interactive use, set either password or password_file
+#password="PASSWORD"
+#password_file="/etc/openconnect/vpn0.password"
diff --git a/net-vpn/openconnect/files/openconnect.initd
b/net-vpn/openconnect/files/openconnect.initd
index 7b33920f498..69f9999f6ad 100644
--- a/net-vpn/openconnect/files/openconnect.initd
+++ b/net-vpn/openconnect/files/openconnect.initd
@@ -1,109 +1,28 @@
#!/sbin/openrc-run
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-VPN="${RC_SVCNAME#*.}"
-VPNCONF=/etc/openconnect/${VPN}.conf
-VPNDIR="/etc/openconnect/${VPN}"
-VPNLOG="/var/log/openconnect/${VPN}"
-VPNLOGFILE="${VPNLOG}/openconnect.log"
-VPNERRFILE="${VPNLOG}/openconnect.err"
-
+vpn=${RC_SVCNAME#*.}
command="/usr/sbin/openconnect"
-name="OpenConnect: ${VPN}"
-pidfile="/run/openconnect/${VPN}.pid"
+pidfile="/run/openconnect/${vpn}.pid"
+command_args="--syslog ${command_args}"
+command_args_background="--background --pid-file \"${pidfile}\""
stopsig="SIGINT"
-depend() {
- before netmount
-}
-
-checkconfig() {
- if [ $VPN = "openconnect" ]; then
- eerror "You cannot call openconnect directly. You must create a
symbolic link to it with the vpn name:"
- eerror
- eerror "ln -s /etc/init.d/openconnect
/etc/init.d/openconnect.vpn0"
- eerror
- eerror "And then call it instead:"
- eerror
- eerror "/etc/init.d/openconnect.vpn0 start"
- return 1
- fi
- return 0
-}
-
-checktuntap() {
- if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
- if ! modprobe tun ; then
- eerror "TUN/TAP support is not available in this kernel"
- return 1
- fi
- fi
-}
-
-run_hook() {
- if [ -x "$1" ]; then
- "$@"
- fi
-}
-
start_pre() {
- checkconfig || return
- checktuntap || return
- checkpath -d "${VPNLOG}" || return
- checkpath -d /run/openconnect || return
- run_hook "${VPNDIR}/preup.sh"
+ checkpath -d /run/openconnect
}
-ssd_helper() {
+start() {
if [ -n "${password}" ]; then
- start-stop-daemon "$@" <<EOF
+ command_args="${command_args} --passwd-on-stdin"
+ default_start <<EOF
${password}
EOF
+ elif [ -n "${password_file}" ]; then
+ command_args="${command_args} --passwd-on-stdin"
+ default_start <"${password_file}"
else
- start-stop-daemon "$@"
+ default_start
fi
}
-
-start() {
- local server vpnopts password
- eval server=\$server_${VPN}
- eval vpnopts=\$vpnopts_${VPN}
- eval password=\$password_${VPN}
-
- local config=
- if [ -e "${VPNCONF}" ]; then
- config="--config=${VPNCONF}"
- fi
-
- # Allow quoted whitespace in vpnopts.
- eval set -- ${vpnopts}
-
- ebegin "Starting ${name}"
- ssd_helper --start \
- --exec "${command}" \
- --pidfile "${pidfile}" \
- -- \
- --background \
- ${config} \
- --interface="${VPN}" \
- --pid-file="${pidfile}" \
- "$@" \
- "${server}" \
- >> "${VPNLOGFILE}" \
- 2>> "${VPNERRFILE}"
- eend $?
-}
-
-start_post() {
- run_hook "${VPNDIR}/postup.sh"
-}
-
-stop_pre() {
- checkconfig || return
- run_hook "${VPNDIR}/predown.sh"
-}
-
-stop_post() {
- run_hook "${VPNDIR}/postdown.sh"
-}
diff --git a/net-vpn/openconnect/openconnect-8.10-r3.ebuild
b/net-vpn/openconnect/openconnect-8.10-r4.ebuild
similarity index 97%
rename from net-vpn/openconnect/openconnect-8.10-r3.ebuild
rename to net-vpn/openconnect/openconnect-8.10-r4.ebuild
index 8e690399601..13c3da231ba 100644
--- a/net-vpn/openconnect/openconnect-8.10-r3.ebuild
+++ b/net-vpn/openconnect/openconnect-8.10-r4.ebuild
@@ -131,7 +131,7 @@ src_install() {
dodoc "${FILESDIR}"/README.OpenRC
- newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+ newconfd "${FILESDIR}"/openconnect.confd openconnect
newinitd "${FILESDIR}"/openconnect.initd openconnect
insinto /etc/logrotate.d
diff --git a/net-vpn/openconnect/openconnect-9999.ebuild
b/net-vpn/openconnect/openconnect-9999.ebuild
index 8e690399601..13c3da231ba 100644
--- a/net-vpn/openconnect/openconnect-9999.ebuild
+++ b/net-vpn/openconnect/openconnect-9999.ebuild
@@ -131,7 +131,7 @@ src_install() {
dodoc "${FILESDIR}"/README.OpenRC
- newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+ newconfd "${FILESDIR}"/openconnect.confd openconnect
newinitd "${FILESDIR}"/openconnect.initd openconnect
insinto /etc/logrotate.d
