From 4a66978dd949d571fdd984d800b3121c3a1a297f Mon Sep 17 00:00:00 2001 From: Jakub Jirutka Date: Sun, 6 May 2018 13:30:31 +0200 Subject: main/openvpn: rewrite init script --- main/openvpn/openvpn.initd | 147 ++++++++++++++++++++++++--------------------- 1 file changed, 79 insertions(+), 68 deletions(-) (limited to 'main/openvpn/openvpn.initd') diff --git a/main/openvpn/openvpn.initd b/main/openvpn/openvpn.initd index 2b6ddacbfa..33cb01ddae 100644 --- a/main/openvpn/openvpn.initd +++ b/main/openvpn/openvpn.initd @@ -1,17 +1,60 @@ #!/sbin/openrc-run -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -description="VPN service" +extra_commands="checkconfig" -VPNDIR=${VPNDIR:-/etc/openvpn} -VPN=${RC_SVCNAME#*.} -if [ -n "${VPN}" ] && [ ${RC_SVCNAME} != "openvpn" ]; then - VPNPID="/var/run/openvpn.${VPN}.pid" -else - VPNPID="/var/run/openvpn.pid" +instance_name=${RC_SVCNAME#*.} +[ "$instance_name" != "openvpn" ] \ + && name="OpenVPN ($instance_name)" \ + || name="OpenVPN" + +# Upper case variables are for backward compatibility with Alpine < v3.8. +: ${cfgdir:=${VPNDIR:-"/etc/openvpn"}} +: ${cfgfile:="$cfgdir/$instance_name.conf"} +: ${up_script:="$cfgdir/up.sh"} +: ${down_script:="$cfgdir/down.sh"} +: ${peer_dns:=${PEER_DNS:-"yes"}} + +pidfile="/run/$RC_SVCNAME.pid" +command="/usr/sbin/openvpn" +command_args=" + --daemon + --config $cfgfile + --writepid $pidfile + --setenv RC_SVCNAME $RC_SVCNAME + --setenv PEER_DNS $peer_dns" + +required_dirs="$cfgdir" +required_files="$cfgfile" + +# If client_mode is not specified (user has old config), infer it from the +# cfgfile as in old version of this runscript. Eventually we try to fix the +# config when checkconfig() is run. +# This is for backward compatibility with Alpine < v3.8. +if [ -z "$client_mode" ]; then + yesno "${DETECT_CLIENT:-yes}" && grep -q '^\s*remote\s' "$cfgfile" \ + && client_mode=yes \ + || client_mode=no + client_mode_not_set=yes +fi + +if yesno "$client_mode"; then + command_args="$command_args + --up-delay + --up-restart + --down-pre + --script-security 2 + --up $up_script + --down $down_script" + + required_files="$required_files $up_script $down_script" + + # If env. variable IN_BACKGROUND is set, fake start and stop commands + # (i.e. don't run them). We do this so we can "start" ourselves from + # inactive (from OpenVPN's up.sh script) which then triggers other + # services to start which depend on us. See openrc-run(8). + in_background_fake="start stop" + start_inactive="yes" fi -VPNCONF="${VPNDIR}/${VPN}.conf" depend() { need localmount net @@ -22,8 +65,7 @@ depend() { checkconfig() { if [ ! -e /dev/net/tun ]; then if ! modprobe tun; then - eerror "TUN/TAP support is not available" \ - "in this kernel" + eerror "TUN/TAP support is not available in this kernel" return 1 fi fi @@ -33,80 +75,49 @@ checkconfig() { ln -s /dev/misc/net/tun /dev/net/tun eend $? fi - return 0 -} - -start() { - # If we are re-called by the openvpn gentoo-up.sh script - # then we don't actually want to start openvpn - [ "${IN_BACKGROUND}" = "true" ] && return 0 - - ebegin "Starting ${RC_SVCNAME}" - - checkconfig || return 1 - - local args="" reenter=${RE_ENTER:-no} - # If the config file does not specify the cd option, we do - # But if we specify it, we override the config option which we do not want - if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then - args="${args} --cd ${VPNDIR}" - fi - - # We mark the service as inactive and then start it. - # When we get an authenticated packet from the peer then we run our script - # which configures our DNS if any and marks us as up. - if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ - grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then - reenter="yes" - args="${args} --up-delay --up-restart" - args="${args} --script-security 2" - args="${args} --up /etc/openvpn/up.sh" - args="${args} --down-pre --down /etc/openvpn/down.sh" + if yesno "$client_mode"; then # Warn about setting scripts as we override them - if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then + if cfgfile_has_option "(up|down)"; then ewarn "WARNING: You have defined your own up/down scripts" ewarn "As you're running as a client, we now force Alpine specific" ewarn "scripts to be run for up and down events." - ewarn "These scripts will call /etc/openvpn/${RC_SVCNAME}-{up,down}.sh" + ewarn "These scripts will call /etc/openvpn/$RC_SVCNAME-{up,down}.sh" ewarn "where you can put your own code." fi - # Warn about the inability to change ip/route/dns information when # dropping privs - if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then + if cfgfile_has_option "user"; then ewarn "WARNING: You are dropping root privileges!" ewarn "As such openvpn may not be able to change ip, routing" ewarn "or DNS configuration." fi - else - # So we're a server. Run as openvpn unless otherwise specified - grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" - grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" fi - # Ensure that our scripts get the PEER_DNS variable - [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" - - [ "${reenter}" = "yes" ] && mark_service_inactive "${RC_SVCNAME}" - start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ - -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ - --setenv RC_SVCNAME "${RC_SVCNAME}" ${args} - eend $? "Check your logs to see why startup failed" + # This is for backward compatibility with Alpine < v3.8. + if yesno "$client_mode_not_set"; then + ewarn "client_mode is not specified in /etc/conf.d/$RC_SVCNAME, fixing..." + echo "client_mode=$client_mode" >> /etc/conf.d/$RC_SVCNAME 2>/dev/null + eend $? + fi } -stop() { - # If we are re-called by the openvpn gentoo-down.sh script - # then we don't actually want to stop openvpn - if [ "${IN_BACKGROUND}" = "true" ] ; then - mark_service_inactive "${RC_SVCNAME}" - return 0 +start_pre() { + checkconfig || return 1 + + # If the config file does not specify the cd option, we do. + # But if we specify it, we override the config option which we do not want. + if cfgfile_has_option "cd"; then + command_args="$command_args --cd $cfgdir" fi - ebegin "Stopping ${RC_SVCNAME}" - start-stop-daemon --stop --quiet \ - --exec /usr/sbin/openvpn --pidfile "${VPNPID}" - eend $? + if ! yesno "$client_mode"; then + # Run as openvpn unless otherwise specified. + cfgfile_has_option "user" || command_args="$command_args --user openvpn" + cfgfile_has_option "group" || command_args="$command_args --group openvpn" + fi } -# vim: set ts=4 : +cfgfile_has_option() { + grep -Eq '^\s*$1\s' "$cfgfile" +} -- cgit v1.2.3