On Fri, Sep 7, 2018 at 12:24 PM David Sommerseth < open...@sf.lists.topphemmelig.net> wrote:
> On 06/09/18 14:25, Samuli Seppänen wrote: > > Hi, > > > > I maintain the Debian/Ubuntu packages for OpenVPN. > > > > Il 03/09/2018 12:24, Christian Ehrhardt ha scritto: > >> Hi, > >> the upstream provided .deb [1] e.g. for Ubuntu Xenial gets its service > >> file from [2] which is outdated. > >> This makes the upstream Repos [3] not being in sync > >> I'd ask you to follow the main repo [4] on that to eliminate some Delta. > >> > >> In general I think that some of the packaging is outdated and > >> sbuild_wrapper could fetch some more from Debian [5] and Ubuntu [6] > >> (which match among each other on this) > > > > I've generally reused packaging files in OpenVPN packages provided by > > the Ubuntu and Debian projects. In some cases, though, the packaging > > files may be from a package meant for a (slightly) older operating > > system version. > > > > Do you happen to have a diff at hand? I would not mind updating the > > service files if the changes are fairly minor or fix a bug. But I don't > > want to break setups that depend on the behavior of the outdated service > > files. > > This is the location of the unit files which we really should use. > > <https://github.com/OpenVPN/openvpn/tree/master/distro/systemd> > Ack to that, this is also the place where we committed the fix to the problem that made me aware of all this. It should break anything if you have the openvpn-{client,server}@.service > files packaged. It would actually fix a few bugs instead. > > I haven't checked the current state of what's in our .deb packages, but we > should really ship the very latest at any time. That is exactly what my report here is about, it currently ships very old service files. Not from the repo, nor the last ones from Debian/Ubuntu - older than both actually > And DO NOT ship the > brokenness of openvpn.service and openvpn@.service ... those are not > maintained by us and will make things work even worse; Yep, I must admit I just "came by" and have no history on this. But I'd assume we only have them around still for compatibility to old things. For anything new we also have /lib/systemd/system/openvpn-client@.service /lib/systemd/system/openvpn-server@.service which are generated right out of the upstream source on build. especially since > openvpn 2.4.x and newer is systemd aware and integrates much better. > > > Also, we don't have packages for Ubuntu 18.04 yet. So using the > > packaging files from Ubuntu's repositories makes perfect sense there and > > can't break anything. > > Yes! Latest and greatest from our own sources. Always. ;-) And do not > ship > openvpn.service and openvpn@.service. > I'd totally agree that an upstream .deb does not need to consider the Distributions past and could go without any of the old services. To get much more recent packaging (with many fixes on that side) you could start with what you find at https://salsa.debian.org/debian/openvpn And then drop the old debian/openvpn.install and debian/openvpn-generator That should give you an otherwise up-to-date packaging with systemd services purely from upstream sources. IMHO You can use that for current/next Debian and Ubuntu alike. The only Ubuntu difference is a (also historical) compat to set --script-security 2 by default. But just as above, this history doesn't matter to your .deb packages. > -- > kind regards, > > David Sommerseth > OpenVPN Inc > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > -- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
