diff --git a/net-misc/openvpn-as/ChangeLog b/net-misc/openvpn-as/ChangeLog new file mode 100644 index 00000000..dd6ce685 --- /dev/null +++ b/net-misc/openvpn-as/ChangeLog @@ -0,0 +1,10 @@ +# ChangeLog for net-misc/openvpn-as +# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 +# $Header: $ + +*openvpn-as-2.0.11 (12 Dec 2014) + + 12 Dec 2014; Mario Fetka +files/gentoo-specific.patch, + +files/openvpnas.initd, +files/openvpnas.pamd, +metadata.xml, + +openvpn-as-2.0.11.ebuild: + Intial commit diff --git a/net-misc/openvpn-as/Manifest b/net-misc/openvpn-as/Manifest new file mode 100644 index 00000000..65a5f625 --- /dev/null +++ b/net-misc/openvpn-as/Manifest @@ -0,0 +1,8 @@ +AUX gentoo-specific.patch 2073 SHA256 63596d3275bdb460358fd762d1c1a85c1084322bd9fc192a22111c4a3c1e3249 SHA512 dc3bc88eca117095c04f2a2c68d2a7c202a0e54eb9a946c1ac64a3528614c320493edf5f777a2b3f571a32aecb39525940e6615c647cf51df735c89eec325d54 WHIRLPOOL 8e9dfbf1ccc0d0ca105b90a98e5f6748979ce027131b3814bae20876029c89138928fbd775cd54751e3495b933b920370c50d78d87111f81b31e44eb846cb0cb +AUX openvpnas.initd 1066 SHA256 7537bff5460a0cf5c269935b0a05ef80e94fc99267d041ffcf60404220f97998 SHA512 41203ac9a45ee0070b095288b1e99f55d64abe625eae2b4b6ccb680b7b4971240e8d3e01687d09c3dbf468f54a6dcc32ccbe540648d5f2783ef64ba6f3adc101 WHIRLPOOL f1435202a1c38cbc1b6fba6453de37d48633743908d609787d160f5dfb15a15966f2c733fa9f1ac9b8d195f71ca1689f974c2bd3addb8140f38fe78648b8cb3d +AUX openvpnas.pamd 4868 SHA256 20b1342ae5453f8aa8aa8736818b2b4c67329b1d73d0e357cc6ee8c9da34dcff SHA512 6b773c41a4de3677f9201e91984210875c3a8680828fd89cbfa745618ae20c252e6732cdc6d00b4d90f463bacee5161c31d3272a5d0ffc10379bca3472e0fa32 WHIRLPOOL 4373409cc1dd918c01db35e9e715b7dccd0d8a2e26e0a9a3d212ee0f2c4c222913390ba912a2828486c4d1f3e75d76cb789008f072d78a9431ca307750288f88 +DIST openvpn-as-2.0.11-Ubuntu12.amd_64.deb 26386068 SHA256 1c0630ddb014f8bc6af6b3c482bfa4406839eac1962e042ecfe156951efe971b SHA512 fc1d5d9c07ecee523e7ae432c56511ffa1fd17622bf821d0185f743ee1f61271a1b4c67abc030416b482c10a1b5877839f9d5a652504e16668aaddb5790e5ecb WHIRLPOOL 086c527797a161035bc9db956c64d091196a4076c299f3c86d84b4d07d54b47bc0eb283d9a58fc5cfe9ac80d0770fcc746e83b9c725c1ff0e02c0b652baa5706 +DIST openvpn-as-2.0.11-Ubuntu12.i386.deb 26275520 SHA256 3c0bbe2a998524468b04cf1d315c545b56eae2ad4a4dda89b9f59531fa4e7138 SHA512 b2cdab9a8fc9b19bd5236926f4d5ed70fb7817d4b9ce5bcbff9315c30871085b0b7f976cc757ab2d768404631817d2069d83f701defef37a958ef53785aa46c9 WHIRLPOOL 96233fe7a00c0a2cba1ec18e8a0897ad2ccef8bde48113a173910d79fbed094e7b3d54446875e76448f5feb9aac26c2465a008b3aee4e1e566a3a9e0b1b3be05 +EBUILD openvpn-as-2.0.11.ebuild 1425 SHA256 21c18dae1f7667c91288412803ef849dd6c26d5f4557162030c5da9fa34288ea SHA512 461adfee55e8bdc5622a9d2cc4b2fb56a3a4d8e57b0b1f0136b48e6f98bc76f33546dcc9d7155c5d28f92c7060d6a5de6bebbb7427b9f645f6f27c0049e1b888 WHIRLPOOL 358d68d88094faf1f3ef7171760bdf204dfea93dac801534b65b2956a6dd92183ba8551b746a6ed0f0ab4d490f27e1a32b617421ff9f7579bb35ff5f54a45a3f +MISC ChangeLog 344 SHA256 c2c3a6349d99fe0479a797ad9a162f1c3b797225a3aafd244b2c15b53f3d3473 SHA512 a7bef9930803553509c4b0b00d91961d5cfd142f83ce9920293799d6d46e3cd61f3e5be3aa0f81c050321976cc293bc4c92a26dda3dd43eced41f1cbc05af993 WHIRLPOOL 850faea92a995064b62c3d5ed18923b3bea2a302b5ff4dc7092c79622d8414e9871adb634ae5e1a25f4f4ad8695ff00c446d3e13d03484dd75b2a9000ca983bf +MISC metadata.xml 385 SHA256 7e8810b39419dd52164ecd03c1fd6eba589515b37f44bd5f188d43e54c169233 SHA512 3884ad738b358a749f2ec3c0909ae157a1c4d73454530588dcfd44930fd49a82b497df1c09ccad72497ba47ed2999756720c841a4b4065ddafaf5aeb48dc5783 WHIRLPOOL 376f0af8f295fae7f264d0f4218388d1e36d7aa2fdd0892a69f03f1ad71fe2a405af70dccfe1370e7392f325b9527b624fbefe23135622f33433e14fbcf488a6 diff --git a/net-misc/openvpn-as/files/gentoo-specific.patch b/net-misc/openvpn-as/files/gentoo-specific.patch new file mode 100644 index 00000000..2b94f18c --- /dev/null +++ b/net-misc/openvpn-as/files/gentoo-specific.patch @@ -0,0 +1,58 @@ +diff -uNr usr.orig/local/openvpn_as/bin/_ovpn-init usr/local/openvpn_as/bin/_ovpn-init +--- usr.orig/local/openvpn_as/bin/_ovpn-init 2014-12-12 13:43:39.080479338 +0100 ++++ usr/local/openvpn_as/bin/_ovpn-init 2014-12-12 13:44:43.930476590 +0100 +@@ -866,41 +866,6 @@ + print "Error: Could not initialize confdb." + sys.exit(1) + +-# Execute gen script... +-print "Generating init scripts..." +-GEN = "/usr/local/openvpn_as/scripts/openvpnas_gen_init" +-retv = commands.getstatusoutput( GEN ) +-if DEBUG: print "gen init cmd=", GEN, retv +-if retv[0] != 0: +- print "Error: Could not generate server script." +- sys.exit(1) +- +-# Generate PAM config +-print "Generating PAM config..." +-GENPAM = "/usr/local/openvpn_as/scripts/openvpnas_gen_pam" +-retv = commands.getstatusoutput( GENPAM ) +-if DEBUG: print "gen pam cmd=", GENPAM, retv +-if retv[0] != 0: +- print "Error: Could not generate PAM config." +- sys.exit(1) +- +-# Execute gen script auto... +-print "Generating init scripts auto command..." +-GEN2 = "/usr/local/openvpn_as/scripts/openvpnas_gen_init --auto" +-retv = commands.getstatusoutput( GEN2 ) +-if DEBUG: print "gen init cmd 2=", GEN2, retv +-if retv[0] != 0: +- print "Error: Could not generate server script auto." +- sys.exit(1) +-GENAUTO = retv[1] +- +-# Execute the auto gen script... +-retv = commands.getstatusoutput( GENAUTO ) +-if retv[0] != 0: +- print "Error: Could not execute command to generate startup/shutdown scripts" +- sys.exit(1) +-if DEBUG: print "gen auto cmd=", GENAUTO, retv +- + # Perform iptables command to force initialization... + IPTABLES_NULL = "iptables --list" + retv = commands.getstatusoutput( IPTABLES_NULL ) +@@ -917,7 +882,6 @@ + if DEBUG: print "server init=", retv + if retv[0] != 0: + print "Error: Could not execute server start." +- sys.exit(1) + + # Print exit messages... + print +@@ -973,3 +937,4 @@ + print "See the Release Notes for this release at:" + print " http://www.openvpn.net/access-server/rn/openvpn_as_%s.html" % VERSION.replace('.', '_') + print ++ diff --git a/net-misc/openvpn-as/files/openvpnas.initd b/net-misc/openvpn-as/files/openvpnas.initd new file mode 100755 index 00000000..0cdfa815 --- /dev/null +++ b/net-misc/openvpn-as/files/openvpnas.initd @@ -0,0 +1,43 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later +# $Header: /var/cvsroot/gentoo-x86/dev-vcs/subversion/files/svnserve.initd2,v 1.2 2012/01/14 19:46:34 tommy Exp $ + +depend() { + need net +} + +target="/usr/local/openvpn_as/scripts/openvpnas" +pidfile="/var/run/openvpnas.pid" +sockfile="/usr/local/openvpn_as/etc/sock/sagent /usr/local/openvpn_as/etc/sock/sagent.localroot /usr/local/openvpn_as/etc/sock/sagent.api" +logfile="/var/log/openvpnas.log" + +# remove daemon control socket +rm_sock() +{ + for sf in $sockfile ; do + if [ -e "$sf" ]; then + rm -f "$sf" &>/dev/null + fi + done +} + +# remove pidfile +rm_pidfile() +{ + rm -f "$pidfile" &>/dev/null +} + +start() { + rm_sock + rm_pidfile + ebegin "Starting OpenVPN Access Server" + start-stop-daemon --start --quiet --pidfile ${pidfile} --exec ${target} -- --logfile="$logfile" --pidfile="$pidfile" + eend $? +} + +stop() { + ebegin "Stoping OpenVPN Access Server" + start-stop-daemon --stop --quiet --pidfile ${pidfile} + eend $? +} diff --git a/net-misc/openvpn-as/files/openvpnas.pamd b/net-misc/openvpn-as/files/openvpnas.pamd new file mode 100644 index 00000000..dfb2388a --- /dev/null +++ b/net-misc/openvpn-as/files/openvpnas.pamd @@ -0,0 +1,111 @@ +# OpenVPN AS PAM config +# +# The PAM configuration file for the Shadow `login' service +# + +# Enforce a minimal delay in case of failure (in microseconds). +# (Replaces the `FAIL_DELAY' setting from login.defs) +# Note that other modules may require another minimal delay. (for example, +# to disable any delay, you should add the nodelay option to pam_unix) +auth optional pam_faildelay.so delay=3000000 + +# Outputs an issue file prior to each login prompt (Replaces the +# ISSUE_FILE option from login.defs). Uncomment for use +# auth required pam_issue.so issue=/etc/issue + +# Disallows root logins except on tty's listed in /etc/securetty +# (Replaces the `CONSOLE' setting from login.defs) +# +# With the default control of this module: +# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] +# root will not be prompted for a password on insecure lines. +# if an invalid username is entered, a password is prompted (but login +# will eventually be rejected) +# +# You can change it to a "requisite" module if you think root may mis-type +# her login and should not be prompted for a password in that case. But +# this will leave the system as vulnerable to user enumeration attacks. +# +# You can change it to a "required" module if you think it permits to +# guess valid user names of your system (invalid user names are considered +# as possibly being root on insecure lines), but root passwords may be +# communicated over insecure lines. +#auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so + +# Disallows other than root logins when /etc/nologin exists +# (Replaces the `NOLOGINS_FILE' option from login.defs) +auth requisite pam_nologin.so + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without out this it is possible +# that a module could execute code in the wrong domain. +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include system-local-login + +# This allows certain extra groups to be granted to a user +# based on things like time of day, tty, service, and user. +# Please edit /etc/security/group.conf to fit your needs +# (Replaces the `CONSOLE_GROUPS' option in login.defs) +auth optional pam_group.so + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on logins. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# Uncomment and edit /etc/security/access.conf if you need to +# set access limits. +# (Replaces /etc/login.access file) +# account required pam_access.so + +# Sets up user limits according to /etc/security/limits.conf +# (Replaces the use of /etc/limits in old login) +session required pam_limits.so + +# Prints the last login info upon succesful login +# (Replaces the `LASTLOG_ENAB' option from login.defs) +session optional pam_lastlog.so + +# Prints the message of the day upon succesful login. +# (Replaces the `MOTD_FILE' option in login.defs) +# This includes a dynamically generated part from /run/motd.dynamic +# and a static (admin-editable) part from /etc/motd. +session optional pam_motd.so motd=/run/motd.dynamic noupdate +session optional pam_motd.so + +# Prints the status of the user's mailbox upon succesful login +# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). +# +# This also defines the MAIL environment variable +# However, userdel also needs MAIL_DIR and MAIL_FILE variables +# in /etc/login.defs to make sure that removing a user +# also removes the user's mail spool file. +# See comments in /etc/login.defs +session optional pam_mail.so standard + +# Standard Un*x account and session +account include system-local-login +session include system-local-login +password include system-local-login + +# SELinux needs to intervene at login time to ensure that the process +# starts in the proper default security context. Only sessions which are +# intended to run in the user's context should be run after this. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) diff --git a/net-misc/openvpn-as/metadata.xml b/net-misc/openvpn-as/metadata.xml new file mode 100644 index 00000000..670327f0 --- /dev/null +++ b/net-misc/openvpn-as/metadata.xml @@ -0,0 +1,9 @@ + + + + linamh + + mario.fetka@gmail.com + +OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates the OpenVPN server. + diff --git a/net-misc/openvpn-as/openvpn-as-2.0.11.ebuild b/net-misc/openvpn-as/openvpn-as-2.0.11.ebuild new file mode 100644 index 00000000..a7789878 --- /dev/null +++ b/net-misc/openvpn-as/openvpn-as-2.0.11.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI=5 + +inherit eutils unpacker user pam + +DESCRIPTION="OpenVPN Access Server" +HOMEPAGE="https://openvpn.net/index.php/access-server/overview.html" + +SRC_URI="amd64? ( http://swupdate.openvpn.org/as/openvpn-as-${PV}-Ubuntu12.amd_64.deb ) + x86? ( http://swupdate.openvpn.org/as/openvpn-as-${PV}-Ubuntu12.i386.deb )" + +LICENSE="" + +SLOT="0" + +KEYWORDS="~x86 ~amd64" + +IUSE="" + +RESTRICT="strip mirror test" + +DEPEND="" +RDEPEND="${DEPEND}" + +#QA_TEXTRELS="opt/${PN}/$(get_libdir)/${PN}/* +# opt/${PN}/$(get_libdir)/libNeroAPI.so" +#QA_EXECSTACK="opt/${PN}/$(get_libdir)/nero/*" +#QA_PREBUILT="opt/${PN}/${PN}.* +# opt/${PN}/${PN} +# opt/${PN}/$(get_libdir)/.*so +# opt/${PN}/$(get_libdir)/${PN}/* +# opt/${PN}/$(get_libdir)/${PN}/plug-ins/* +# usr/share/${PN}/helpers/splash/nerosplash" + +S=${WORKDIR} + +pkg_setup() { + enewgroup openvpn_as + enewuser openvpn_as -1 -1 -1 openvpn_as +} + + +src_unpack() { + unpack_deb ${A} +} + +src_prepare() { + epatch "${FILESDIR}/gentoo-specific.patch" +} + +src_install() { + dodir /usr/local/openvpn_as + cp -aR usr/local/openvpn_as/* "${D}/usr/local/openvpn_as" + dodir /usr/bin + dosym /usr/local/openvpn_as/bin/ovpn-init /usr/bin/ovpn-init + newinitd "${FILESDIR}/openvpnas.initd" "openvpnas" + newpamd "${FILESDIR}/openvpnas.pamd" "openvpnas" +} +