Date: Wednesday, December 28, 2016 @ 13:56:21 Author: eworm Revision: 284937
upgpkg: openvpn 2.4.0-2 fix timeout in non-TLS mode with systemd Added: openvpn/trunk/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch Modified: openvpn/trunk/PKGBUILD -----------------------------------------------------+ 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch | 59 ++++++++++++++++++ PKGBUILD | 11 ++- 2 files changed, 67 insertions(+), 3 deletions(-) Added: 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch =================================================================== --- 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch (rev 0) +++ 0003-fix-timeout-in-non-TLS-mode-with-systemd.patch 2016-12-28 13:56:21 UTC (rev 284937) @@ -0,0 +1,59 @@ +From 8fe76deb35364aa0d71b3e771b4a12491a037764 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <[email protected]> +Date: Wed, 28 Dec 2016 13:57:11 +0100 +Subject: [PATCH 1/1] fix timeout in non-TLS mode with systemd + +In non-TLS configuration we wait for the remote peer to connect +before issuing "Initialization Sequence Completed". So prevent to +time out by telling systemd service manager we are ready for now. +Status will be "Non-TLS mode, ready for now. Waiting for peer..." +and changes once the remote peer connects. + +This fixes #801 (static key tunnels impossible to start via systemd) + +Tested-by: Mantas Mikulėnas <[email protected]> +Signed-off-by: Christian Hesse <[email protected]> +--- + src/openvpn/openvpn.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c +index 888acda..ae948f9 100644 +--- a/src/openvpn/openvpn.c ++++ b/src/openvpn/openvpn.c +@@ -30,6 +30,10 @@ + + #include "syshead.h" + ++#ifdef ENABLE_SYSTEMD ++#include <systemd/sd-daemon.h> ++#endif ++ + #include "init.h" + #include "forward.h" + #include "multi.h" +@@ -73,6 +77,21 @@ tunnel_point_to_point(struct context *c) + return; + } + ++#ifdef ENABLE_SYSTEMD ++ /* In non-TLS configuration we wait for the remote peer to connect ++ * before issuing "Initialization Sequence Completed". So prevent to ++ * time out by telling systemd service manager we are ready for now. ++ * Status will be "Non-TLS mode, ready for now. Waiting for peer..." ++ * and changes once the remote peer connects. */ ++ if (c->options.tls_client == false ++ && c->options.tls_server == false) ++ { ++ sd_notifyf(0, "READY=1\n" ++ "STATUS=Non-TLS mode, ready for now. Waiting for peer...\n" ++ "MAINPID=%lu", (unsigned long) getpid()); ++ } ++#endif ++ + /* main event loop */ + while (true) + { +-- +2.11.0 + Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-12-28 12:59:40 UTC (rev 284936) +++ PKGBUILD 2016-12-28 13:56:21 UTC (rev 284937) @@ -3,7 +3,7 @@ pkgname=openvpn pkgver=2.4.0 -pkgrel=1 +pkgrel=2 pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network)' arch=('i686' 'x86_64') url='http://openvpn.net/index.php/open-source.html' @@ -16,11 +16,13 @@ '7ACD56B74144925C6214329757DB9DAB613B8DA1') # David Sommerseth (OpenVPN Technologies, Inc) <[email protected]> source=("https://swupdate.openvpn.net/community/releases/openvpn-${pkgver}.tar.xz"{,.asc} '0001-plugin.patch' - '0002-do-not-race-on-RuntimeDirectory.patch') + '0002-do-not-race-on-RuntimeDirectory.patch' + '0003-fix-timeout-in-non-TLS-mode-with-systemd.patch') sha256sums=('6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e' 'SKIP' 'b8254067b4ef5d157d87267a76938d86f101972303c7ff20131cc9f28659a30c' - 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c') + 'a87b081f998db99190e8b9e185cd7aade5bd6dfb5c03777c82b75d28cd3b375c' + '1b0ff78390dd5e79ce6966fd7fee54d42f6f3622cf8078d8b0f9998046e6b73b') prepare() { cd "${srcdir}"/${pkgname}-${pkgver} @@ -31,6 +33,9 @@ # do not race on RuntimeDirectory patch -Np1 < "${srcdir}"/0002-do-not-race-on-RuntimeDirectory.patch + # fix timeout in non-TLS mode with systemd + patch -Np1 < "${srcdir}"/0003-fix-timeout-in-non-TLS-mode-with-systemd.patch + # regenerate configure script autoreconf -fi }
