Attention is currently required from: d12fk, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/838?usp=email )
Change subject: dns: apply settings via script on unixoid systems ...................................................................... Patch Set 7: Code-Review-2 (5 comments) Patchset: PS7: We need to talk about the user experience. File distro/dns-scripts/systemd-dns-updown.sh: http://gerrit.openvpn.net/c/openvpn/+/838/comment/2ff31b19_51522721 : PS7, Line 91: [[ "$(readlink /etc/resolv.conf)" =~ systemd ]] || return 1 This fallback is nice, but I really would like to see some kind of message about it in the log. File src/openvpn/options.c: http://gerrit.openvpn.net/c/openvpn/+/838/comment/dbe1ec14_c2270313 : PS7, Line 911: o->dns_options.script = DNS_UPDOWN_PATH; This does not work well as an unconditional default I think. The problem here is that if you call openvpn without `--script-security 2` it will error out. I think that should not happen as a default behavior. A warning seems appropriate, but a complete failure seems overkill? http://gerrit.openvpn.net/c/openvpn/+/838/comment/8fe2a8a7_b36878ef : PS7, Line 8045: else if (streq(p[0], "dns-script") && p[1]) New script should be documented in `doc/man-sections/script-options.rst` http://gerrit.openvpn.net/c/openvpn/+/838/comment/6ad4fbec_6e2fe02e : PS7, Line 8052: set_user_script(options, &options->dns_options.script, p[1], p[0], false); Again, this does not behave nice at all. This warns that the script is overridden even though it is only set once. And worse, there seems to be no way to unset the script! ``` Options error: --dns-script script fails with '': No such file or directory (errno=2) ``` I would change this so that the script is unset by default. IFF script-security 2 is set AND the user did not set their own dns-script, then fall back to the default. However, we also need a way for users to disable the dns-script, obviously. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/838?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ifbe4ffb44d3bfcaa50adb38cacb3436fcdc71b10 Gerrit-Change-Number: 838 Gerrit-PatchSet: 7 Gerrit-Owner: d12fk <he...@openvpn.net> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: d12fk <he...@openvpn.net> Gerrit-Comment-Date: Fri, 17 Jan 2025 15:11:17 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
