Re: [systemd-devel] systemd efi boot and default entry

2016-03-31 Thread Vasiliy Tolstov 
2016-03-30 18:49 GMT+03:00 Michal Sekletar :
>
> I don't believe this is currently possible. I've tried to implement
> similar scheme in the past. I should probably resurrect that effort,
>
> https://github.com/systemd/systemd/pull/1894
>
> In the meantime, you can change default boot entry manually by
> selecting it in the menu and pressing 'd' key.


If you have time for this - i'll be very happy.

-- 
Vasiliy Tolstov,
e-mail: v.tols...@selfip.ru
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Different behavior when OpenVPN is started as a service through systemd

2016-03-31 Thread Reindl Harald 



Am 31.03.2016 um 23:07 schrieb Piotr Dobrogost:

When I start OpenVPN as a deamon from command line like this:
`sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config
/etc/openvpn/xxx.conf`
the tunnel comes up with no problem.
However, when I start it as a systemd service I get this error:

Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL,
L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA
Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1,
error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx
VPN CA

I've been getting the same error when starting OpenVPN as a deamon
from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's
why I thought the reason for error is that when starting OpenVPN as a
systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I
verified it gets set by adding "ExecStartPre=/usr/bin/env" to the
service template file.

Please help


get rid of MD5 and SHA1 certs in 2016
openvpn works pretty fine with systemd

we connect 6 different networks in all directions with openvpn and systemd



signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd efi boot and default entry

2016-03-31 Thread Michal Sekletar 
On Thu, Mar 31, 2016 at 11:10 AM, Jóhann B. Guðmundsson
 wrote:
>
>
> On 03/30/2016 03:49 PM, Michal Sekletar wrote:
>>
>> On Mon, Mar 21, 2016 at 1:42 PM, Vasiliy Tolstov 
>> wrote:
>>
>>> Now i want to have two entries and assign priority to it via systemd,
>>> in my use-case i want to know last succeseful boot entry and use it.
>>> After upgrade i want to boot from new antry and if it fails - change
>>> priority to lower level...
>>
>> I don't believe this is currently possible. I've tried to implement
>> similar scheme in the past. I should probably resurrect that effort,
>>
>
> Had you finished writing the kernel driver that implements some kind of (
> sysfs? ) boot counting scheme?
> ( There is no  point in implementing something in systemd until that is in
> place )

We don't need to extend the kernel in order to implement this
particular mechanism. After new kernel is installed, you make it
default and mark as "tentative". Then, after first successful boot of
newly added bootloader entry you just remove the flag, because it is
known to work.

I withdrew my PR because we discussed this with Kay and we were not
sure we liked proposed scheme which uses file on disk as "tentative"
marker.

Michal
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] Different behavior when OpenVPN is started as a service through systemd

2016-03-31 Thread Piotr Dobrogost 
Hi!

When I start OpenVPN as a deamon from command line like this:
`sudo OPENSSL_ENABLE_MD5_VERIFY=1 openvpn --daemon --config
/etc/openvpn/xxx.conf`
the tunnel comes up with no problem.
However, when I start it as a systemd service I get this error:

Mar 23 21:59:40 demon openvpn[10065]: VERIFY OK: depth=2, C=PL,
L=Warszawa, O=xxx, OU=xxx CA, CN=xxx Root CA
Mar 23 21:59:40 demon openvpn[10065]: VERIFY ERROR: depth=1,
error=certificate signature failure: C=PL, O=xxx, OU=xxx CA, CN=xxx
VPN CA

I've been getting the same error when starting OpenVPN as a deamon
from command line before I added "OPENSSL_ENABLE_MD5_VERIFY=1". That's
why I thought the reason for error is that when starting OpenVPN as a
systemd service OPENSSL_ENABLE_MD5_VERIFY does not get set. However I
verified it gets set by adding "ExecStartPre=/usr/bin/env" to the
service template file.

Please help.

Regards,
Piotr Dobrogost

Below is content of relevant files:

== /usr/lib/systemd/system/openvpn@.service
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target

[Service]
PrivateTmp=true
Type=forking
PIDFile=/var/run/openvpn/%i.pid
ExecStartPre=/usr/bin/env
ExecStart=/usr/sbin/openvpn --daemon --writepid
/var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf

[Install]
WantedBy=multi-user.target

== /etc/systemd/system/openvpn  xxx.service.d/env.conf
[Service]
Environment=OPENSSL_ENABLE_MD5_VERIFY=1


Thanky you in advance.

Regards,
Piotr Dobrogost
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel