Initial commit

3 files changed, 194 insertions, 0 deletions

diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 0000000..943ee07
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,41 @@
+# Maintainer: artoo <artoo@artixlinux.org>
+
+_url="https://raw.githubusercontent.com/gentoo/gentoo/master"
+
+pkgname=openvpn-openrc
+pkgver=20180712
+pkgrel=3
+pkgdesc="OpenRC openvpn init script"
+arch=('any')
+url="https://github.com/artix-linux/packages"
+license=('GPL2')
+groups=('openrc-system')
+depends=('openrc' 'openvpn')
+backup=('etc/init.d/openvpn'
+        'etc/conf.d/openvpn')
+source=("openvpn.initd"
+        "openvpn.confd")
+sha256sums=('2187ce996f4d7b7409fdb097746a1ea678da6476adcaa3e6d019fe81ed09b4d9'
+            'b5693448584560e09caf0b5631b8c2137f13a028365083a20fcf0db6afc33c03')
+
+pkgver() {
+    date +%Y%m%d
+}
+
+_inst_initd(){
+    install -Dm755 ${srcdir}/$1.initd ${pkgdir}/etc/init.d/$1
+
+    sed -e 's|/var/run|/run|g' \
+        -e 's|#!/sbin/openrc-run|#!/usr/bin/openrc-run|g' \
+        -e 's|/usr/sbin|/usr/bin|g' \
+        -i ${pkgdir}/etc/init.d/$1
+}
+
+_inst_confd(){
+    install -Dm755 ${srcdir}/$1.confd ${pkgdir}/etc/conf.d/$1
+}
+
+package() {
+    _inst_initd 'openvpn'
+    _inst_confd 'openvpn'
+}
diff --git a/openvpn.confd b/openvpn.confd
new file mode 100644
index 0000000..f4cefeb
--- /dev/null
+++ b/openvpn.confd
@@ -0,0 +1,20 @@
+# OpenVPN automatically creates an /etc/resolv.conf (or sends it to
+# resolvconf) if given DNS information by the OpenVPN server.
+# Set PEER_DNS="no" to stop this.
+PEER_DNS="no"
+
+# OpenVPN can run in many modes. Most people will want the init script
+# to automatically detect the mode and try and apply a good default
+# configuration and setup scripts. However, there are cases where the
+# OpenVPN configuration looks like a client, but it's really a peer or
+# something else. DETECT_CLIENT controls this behaviour.
+DETECT_CLIENT="no"
+
+# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn
+# init script (ie, it first becomes "inactive" and the script then starts the
+# script again to make it "started") then you can state this below.
+# In other words, unless you understand service dependencies and are a
+# competent shell scripter, don't set this.
+RE_ENTER="no"
+
+VPN=""
diff --git a/openvpn.initd b/openvpn.initd
new file mode 100755
index 0000000..3568a9f
--- /dev/null
+++ b/openvpn.initd
@@ -0,0 +1,133 @@
+#!/usr/bin/openrc-run
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPNDIR=${VPNDIR:-/etc/openvpn}
+#VPN=${SVCNAME#*.}
+if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
+	VPNPID="/run/openvpn.${VPN}.pid"
+else
+	VPNPID="/run/openvpn.pid"
+fi
+VPNCONF="${VPNDIR}/${VPN}.conf"
+
+depend() {
+	need localmount net
+	use dns
+	after bootmisc
+}
+
+checkconfig() {
+	# Linux has good dynamic tun/tap creation
+	if [ $(uname -s) = "Linux" ] ; then
+		if [ ! -e /dev/net/tun ]; then
+			if ! modprobe tun ; then
+				eerror "TUN/TAP support is not available" \
+					"in this kernel"
+				return 1
+			fi
+		fi
+		if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
+			ebegin "Detected broken /dev/net/tun symlink, fixing..."
+			rm -f /dev/net/tun
+			ln -s /dev/misc/net/tun /dev/net/tun
+			eend $?
+		fi
+		return 0
+	fi
+
+	# Other OS's don't, so we rely on a pre-configured interface
+	# per vpn instance
+	local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}")
+	if [ -z ${ifname} ] ; then
+		eerror "You need to specify the interface that this openvpn" \
+			"instance should use" \
+			"by using the dev option in ${VPNCONF}"
+		return 1
+	fi
+
+	if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
+		# Try and create it
+		echo > /dev/"${ifname}" >/dev/null
+	fi
+	if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
+		eerror "${VPNCONF} requires interface ${ifname}" \
+			"but that does not exist"
+		return 1
+	fi
+}
+
+start() {
+	# If we are re-called by the openvpn gentoo-up.sh script
+	# then we don't actually want to start openvpn
+	[ "${IN_BACKGROUND}" = "true" ] && return 0
+	
+	ebegin "Starting ${SVCNAME}"
+
+	checkconfig || return 1
+
+	local args="" reenter=${RE_ENTER:-no}
+	# If the config file does not specify the cd option, we do
+	# But if we specify it, we override the config option which we do not want
+	if ! grep -q "^[ 	]*cd[ 	].*" "${VPNCONF}" ; then
+		args="${args} --cd ${VPNDIR}"
+	fi
+	
+	# We mark the service as inactive and then start it.
+	# When we get an authenticated packet from the peer then we run our script
+	# which configures our DNS if any and marks us as up.
+	if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
+	grep -q "^[ 	]*remote[ 	].*" "${VPNCONF}" ; then
+		reenter="yes"
+		args="${args} --up-delay --up-restart"
+		args="${args} --script-security 2"
+		args="${args} --up /etc/openvpn/up.sh"
+		args="${args} --down-pre --down /etc/openvpn/down.sh"
+
+		# Warn about setting scripts as we override them
+		if grep -Eq "^[ 	]*(up|down)[ 	].*" "${VPNCONF}" ; then
+			ewarn "WARNING: You have defined your own up/down scripts"
+			ewarn "As you're running as a client, we now force Gentoo specific"
+			ewarn "scripts to be run for up and down events."
+			ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
+			ewarn "where you can put your own code."
+		fi
+
+		# Warn about the inability to change ip/route/dns information when
+		# dropping privs
+		if grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" ; then
+			ewarn "WARNING: You are dropping root privileges!"
+			ewarn "As such openvpn may not be able to change ip, routing"
+			ewarn "or DNS configuration."
+		fi
+	else
+		# So we're a server. Run as openvpn unless otherwise specified
+		grep -q "^[ 	]*user[ 	].*" "${VPNCONF}" || args="${args} --user openvpn"
+		grep -q "^[ 	]*group[ 	].*" "${VPNCONF}" || args="${args} --group openvpn"
+	fi
+
+	# Ensure that our scripts get the PEER_DNS variable
+	[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"
+
+	[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
+	start-stop-daemon --start --exec /usr/bin/openvpn --pidfile "${VPNPID}" \
+		-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
+		--setenv SVCNAME "${SVCNAME}" ${args}
+	eend $? "Check your logs to see why startup failed"
+}
+
+stop() {
+	# If we are re-called by the openvpn gentoo-down.sh script
+	# then we don't actually want to stop openvpn
+	if [ "${IN_BACKGROUND}" = "true" ] ; then
+		mark_service_inactive "${SVCNAME}"
+		return 0
+	fi
+
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --quiet \
+		--exec /usr/bin/openvpn --pidfile "${VPNPID}"
+	eend $?
+}
+
+# vim: set ts=4 :