Bug#905392: openvpn: systemd generator ignores overrides in /etc/systemd/system

2018-08-06 Thread Jörg Frings-Fürst 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hallo Bernhard,
hello Gerben,


Am Montag, den 06.08.2018, 14:16 +0200 schrieb Bernhard Schmidt:
> On 04.08.2018 15:28, Jörg Frings-Fürst wrote:
> 
> Hi Jörg, hi Gerben,
> 
> > tags 905392 + pending
> > thanks
> > 
> > 
> > Hello Gerben,
> > 
> > thank you for spending your time helping to make Debian better with
> > this bug report. 
> > 
> > I have changed the script to test if a service file exist at
> > /etc/systemd/system.
> 
> Are you both sure this is necessary?
> 

Yes, I think so. 

On[1] is /etc/systemd/... the directory for customized files.

So it is good to use this directory too.


> To my knowledge the symlink tells systemd to start openvpn@.service
> with
> the service definition in memory. It does not tell it to start
> openvpn@.service with the service definition in the file returned by
> readlink(). AFAIK, unless it's /dev/null, the target of the symlink
> is
> irrelevant.
> 
> Bernhard
> 

CU
Jörg

[1] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-Managing_Services_with_systemd-Unit_Files#sect-Managing_Services_with_systemd-Unit_File_Modify
- -- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:  https://jff.email/cgit/

Threema:  SYR8SJXB
Wire: @joergfringsfuerst
Skype:joergpenguin
Ring: jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAltodIsACgkQCfifPIyh
0l0ScA//ZNKOCSLeRK01qM/yAUsF3PxF8KLSAB5xyfP0zeMrRYETSc3NmJLnsJq5
e+9L7Mcs7RRDdLUCIad1vvaWvgF3RcBUY3TGfGSTA6gR2DUMPDeRXWRY3MBP0gbk
rwTDhpPlM3gkIUGgIiuRCYKAIHD9/R0dhmrsaWqECLQlY9tUyyvB8k6qGNbYnpa2
SpSLhVjlia7rdYc+8//t9olJQmd3wNTlHAGqTI2qY/LYskPqDT7weBWXVnGJy1tK
ftXhoiBdCzL4DKmNTPDJ4AGcKmsTHz9rFR/us5WAq4raREM0NdkSwhd5oJYRdzP4
IEXlX7fMrJcrj0Dxwr7RLxlJlPOHsCe2ijEJgyCMD4FtMiZv/NxDTI5SAnM8IJ9i
pDgM3t4if7o5HSAY7s6lY+IxgJMiD1RXYF/vtpj5Js1VWIjBP3wr+qJOWLTFElWY
4V4n4LIW930gt8qUCNXRxfQgzH9DWbAndXcolSQHh9lpXD9rnDahuuOKceiCX8nn
Ew2FzesK9TUexCMX8r+6+H9+4vUjLM/v7GRT3cNCVcdbrjInA/gFm7p1XhdN5jtl
hocPjdKVqSmxJ7YXILAG7Bc2YSA/4K3RqUNpfKa1jAAFLrf1im1zX4aojbgL597p
nK2Y/6k+TTzCl/YeZwv8ueIhC0A/8FI+IgU4IoLyxVSCn//5E4s=
=bFVz
-END PGP SIGNATURE-

Bug#905392: openvpn: systemd generator ignores overrides in /etc/systemd/system

2018-08-06 Thread Gerben Meijer 

On 06/08/18 14:16, Bernhard Schmidt wrote:

I have changed the script to test if a service file exist at
/etc/systemd/system.


Are you both sure this is necessary?

To my knowledge the symlink tells systemd to start openvpn@.service with
the service definition in memory. It does not tell it to start
openvpn@.service with the service definition in the file returned by
readlink(). AFAIK, unless it's /dev/null, the target of the symlink is
irrelevant.


Unfortunately it is necessary. I debugged this issue on 2 separate 
devices and unless the symlink created under /run/systemd/generator 
links to the custom file in /etc/systemd/system, it would start 
openvpn@foo tunnels with the service file from /lib. This was apparent 
in systemctl status openvpn@foo. No amount of deleting and recreating 
the /etc/systemd/system/openvpn@.service file nor (re)enabling the 
openvpn@foo service would fix this.


It may be the case that it does not happen all the time - I've used this 
config before and did not run into this then - but I could not figure 
out why exactly. Perhaps only in some cases systemd looks at 
/run/systemd/generator/*.target.wants/* over 
/etc/systemd/system/*.target.wants/*


Note though that this only happens if the generator is being activated, 
which depends on /etc/default/openvpn existing && AUTOSTART being unset 
or being set to "all" or some subset of VPN configs.


--
Met vriendelijke groet,

Gerben Meijer
Day by Day

Bug#905392: openvpn: systemd generator ignores overrides in /etc/systemd/system

2018-08-06 Thread Bernhard Schmidt 
On 04.08.2018 15:28, Jörg Frings-Fürst wrote:

Hi Jörg, hi Gerben,

> tags 905392 + pending
> thanks
> 
> 
> Hello Gerben,
> 
> thank you for spending your time helping to make Debian better with
> this bug report. 
> 
> I have changed the script to test if a service file exist at
> /etc/systemd/system.

Are you both sure this is necessary?

To my knowledge the symlink tells systemd to start openvpn@.service with
the service definition in memory. It does not tell it to start
openvpn@.service with the service definition in the file returned by
readlink(). AFAIK, unless it's /dev/null, the target of the symlink is
irrelevant.

Bernhard

Bug#905392: openvpn: systemd generator ignores overrides in /etc/systemd/system

2018-08-04 Thread Jörg Frings-Fürst 
tags 905392 + pending
thanks


Hello Gerben,

thank you for spending your time helping to make Debian better with
this bug report. 

I have changed the script to test if a service file exist at
/etc/systemd/system.

CU
Jörg


-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:  https://jff.email/cgit/

Threema:  SYR8SJXB
Wire: @joergfringsfuerst
Skype:joergpenguin
Ring: jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.
diff --git a/debian/changelog b/debian/changelog
index 7f4b2a4..989a4b4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openvpn (2.4.6-2) UNRELEASED; urgency=medium
+
+  * debian/openvpn-generator:
+- Use service file from /etc/systemd/system if exists (Closes: #905392).
+
+ -- Jörg Frings-Fürst   Sat, 04 Aug 2018 15:14:58 +0200
+
 openvpn (2.4.6-1) unstable; urgency=medium
 
   [ Jörg Frings-Fürst ]
diff --git a/debian/openvpn-generator b/debian/openvpn-generator
index d6ac1aa..b51344f 100755
--- a/debian/openvpn-generator
+++ b/debian/openvpn-generator
@@ -4,16 +4,27 @@
 # tunnels listed in /etc/default/openvpn's AUTOSTART be started/stopped/reloaded
 # when openvpn.service is started/stopped/reloaded.
 
+#
+# Changelog:
+#
+# 2018-08-04 jff use service file from /etc/systemd/system if exists.
+#
+
 set -eu
 
 GENDIR="$1"
 WANTDIR="$1/openvpn.service.wants"
 SERVICEFILE="/lib/systemd/system/openvpn@.service"
+SERVICEFILEMAN="/etc/systemd/system/openvpn@.service"
 AUTOSTART="all"
 CONFIG_DIR=/etc/openvpn
 
 mkdir -p "$WANTDIR"
 
+if test -e ${SERVICEFILEMAN} ; then
+SERVICEFILE=${SERVICEFILEMAN}
+fi
+
 if test -e /etc/default/openvpn ; then
 	. /etc/default/openvpn
 fi


signature.asc
Description: This is a digitally signed message part

Bug#905392: openvpn: systemd generator ignores overrides in /etc/systemd/system

2018-08-03 Thread Gerben Meijer 
Package: openvpn
Version: 2.4.5-1
Severity: normal

If AUTOSTART=all or if it is set to specific config files, the systemd 
openvpn-generator
will symlink those config files to /lib/systemd/system/openvpn@.service.

This ignores any customisation done by users in
/etc/sytstemd/system/openvpn@.service.

The generator should test if /etc/systemd/system/openvpn@.service
exists, and if so, use that to symlink instead of
/lib/systemd/system/openvpn@.service.