* [PATCH] OpenVPN: Add to update and exclude
@ 2020-04-17 16:34 Erik Kapfer
2020-04-17 17:41 ` Michael Tremer
2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer
0 siblings, 2 replies; 7+ messages in thread
From: Erik Kapfer @ 2020-04-17 16:34 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1520 bytes --]
Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again.
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
---
config/rootfiles/core/144/exclude | 1 +
config/rootfiles/core/144/update.sh | 12 ++++++++++++
2 files changed, 13 insertions(+)
diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude
index b22159878..ba1b646e6 100644
--- a/config/rootfiles/core/144/exclude
+++ b/config/rootfiles/core/144/exclude
@@ -24,5 +24,6 @@ var/lib/alternatives
var/log/cache
var/log/dhcpcd.log
var/log/messages
+var/ipfire/ovpn
var/state/dhcp/dhcpd.leases
var/updatecache
diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh
index 6a9c51931..81a6c626e 100644
--- a/config/rootfiles/core/144/update.sh
+++ b/config/rootfiles/core/144/update.sh
@@ -47,6 +47,15 @@ done
# Remove files
# Stop services
+# Stop OpenVPN server if it runs
+if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then
+ /usr/local/bin/openvpnctrl -k
+fi
+
+# Stop OpenVPN N2N if it runs
+if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then
+ /usr/local/bin/openvpnctrl -kn2n
+fi
# Extract files
extract_files
@@ -55,6 +64,9 @@ extract_files
ldconfig
# Start services
+# Start OpenVPN again
+/usr/local/bin/openvpnctrl -s
+/usr/local/bin/openvpnctrl -sn2n
# Update Language cache
/usr/local/bin/update-lang-cache
--
2.20.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenVPN: Add to update and exclude
2020-04-17 16:34 [PATCH] OpenVPN: Add to update and exclude Erik Kapfer
@ 2020-04-17 17:41 ` Michael Tremer
2020-04-17 18:59 ` ummeegge
2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer
1 sibling, 1 reply; 7+ messages in thread
From: Michael Tremer @ 2020-04-17 17:41 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2388 bytes --]
Hi,
This patch is for Core Update 144, but I am not sure if we can ship it with this.
The update will contain the OpenSSL update that is announced for Tuesday and I would like to be able to release it as soon as possible.
I am not sure what the risk is with this patch delaying that release, so I will let Arne decide.
See below for more...
> On 17 Apr 2020, at 17:34, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
>
> Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again.
Normally this should to be a problem. Tar is normally able to replace any binary, even if it is just running.
We definitely need to restart OpenVPN to take advantage of the new version.
>
> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> ---
> config/rootfiles/core/144/exclude | 1 +
> config/rootfiles/core/144/update.sh | 12 ++++++++++++
> 2 files changed, 13 insertions(+)
>
> diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude
> index b22159878..ba1b646e6 100644
> --- a/config/rootfiles/core/144/exclude
> +++ b/config/rootfiles/core/144/exclude
> @@ -24,5 +24,6 @@ var/lib/alternatives
> var/log/cache
> var/log/dhcpcd.log
> var/log/messages
> +var/ipfire/ovpn
> var/state/dhcp/dhcpd.leases
> var/updatecache
> diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh
> index 6a9c51931..81a6c626e 100644
> --- a/config/rootfiles/core/144/update.sh
> +++ b/config/rootfiles/core/144/update.sh
> @@ -47,6 +47,15 @@ done
> # Remove files
>
> # Stop services
> +# Stop OpenVPN server if it runs
> +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then
> + /usr/local/bin/openvpnctrl -k
> +fi
> +
> +# Stop OpenVPN N2N if it runs
> +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then
> + /usr/local/bin/openvpnctrl -kn2n
> +fi
Interesting way to stop it. Can we not call openvpnctrl regardless, because it won’t matter if the daemon wasn’t running at all.
> # Extract files
> extract_files
> @@ -55,6 +64,9 @@ extract_files
> ldconfig
>
> # Start services
> +# Start OpenVPN again
> +/usr/local/bin/openvpnctrl -s
> +/usr/local/bin/openvpnctrl -sn2n
>
> # Update Language cache
> /usr/local/bin/update-lang-cache
> —
> 2.20.1
>
Best,
-Michael
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenVPN: Add to update and exclude
2020-04-17 17:41 ` Michael Tremer
@ 2020-04-17 18:59 ` ummeegge
0 siblings, 0 replies; 7+ messages in thread
From: ummeegge @ 2020-04-17 18:59 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2795 bytes --]
Hi Michael,
Am Freitag, den 17.04.2020, 18:41 +0100 schrieb Michael Tremer:
> Hi,
>
> This patch is for Core Update 144, but I am not sure if we can ship
> it with this.
>
> The update will contain the OpenSSL update that is announced for
> Tuesday and I would like to be able to release it as soon as
> possible.
OK, may also a good date for this ?
>
> I am not sure what the risk is with this patch delaying that release,
> so I will let Arne decide.
Alright.
>
> See below for more...
>
> > On 17 Apr 2020, at 17:34, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
> >
> > Since some OpenVPN updates did not apply, the service will be
> > stopped before the update to prevent 'Text file busy' and start up
> > again.
>
> Normally this should to be a problem. Tar is normally able to replace
> any binary, even if it is just running.
>
> We definitely need to restart OpenVPN to take advantage of the new
> version.
Thought we should give it a try in that way.
>
> >
> > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> > ---
> > config/rootfiles/core/144/exclude | 1 +
> > config/rootfiles/core/144/update.sh | 12 ++++++++++++
> > 2 files changed, 13 insertions(+)
> >
> > diff --git a/config/rootfiles/core/144/exclude
> > b/config/rootfiles/core/144/exclude
> > index b22159878..ba1b646e6 100644
> > --- a/config/rootfiles/core/144/exclude
> > +++ b/config/rootfiles/core/144/exclude
> > @@ -24,5 +24,6 @@ var/lib/alternatives
> > var/log/cache
> > var/log/dhcpcd.log
> > var/log/messages
> > +var/ipfire/ovpn
> > var/state/dhcp/dhcpd.leases
> > var/updatecache
> > diff --git a/config/rootfiles/core/144/update.sh
> > b/config/rootfiles/core/144/update.sh
> > index 6a9c51931..81a6c626e 100644
> > --- a/config/rootfiles/core/144/update.sh
> > +++ b/config/rootfiles/core/144/update.sh
> > @@ -47,6 +47,15 @@ done
> > # Remove files
> >
> > # Stop services
> > +# Stop OpenVPN server if it runs
> > +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then
> > + /usr/local/bin/openvpnctrl -k
> > +fi
> > +
> > +# Stop OpenVPN N2N if it runs
> > +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then
> > + /usr/local/bin/openvpnctrl -kn2n
> > +fi
>
> Interesting way to stop it. Can we not call openvpnctrl regardless,
> because it won’t matter if the daemon wasn’t running at all.
May you are right haven´t checked it deeper. Should we do it now or in
the next update ? It should nothing break in my opinion.
>
> > # Extract files
> > extract_files
> > @@ -55,6 +64,9 @@ extract_files
> > ldconfig
> >
> > # Start services
> > +# Start OpenVPN again
> > +/usr/local/bin/openvpnctrl -s
> > +/usr/local/bin/openvpnctrl -sn2n
> >
> > # Update Language cache
> > /usr/local/bin/update-lang-cache
> > —
> > 2.20.1
> >
>
> Best,
> -Michael
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 1/2] OpenVPN: Update to version 2.4.9
2020-04-17 16:34 [PATCH] OpenVPN: Add to update and exclude Erik Kapfer
2020-04-17 17:41 ` Michael Tremer
@ 2020-05-07 10:46 ` Erik Kapfer
2020-05-07 10:46 ` [PATCH v2 2/2] update.sh: Stop|Start OpenVPN for update Erik Kapfer
2020-05-14 12:40 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 ummeegge
1 sibling, 2 replies; 7+ messages in thread
From: Erik Kapfer @ 2020-05-07 10:46 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1514 bytes --]
Beneath several smaller fixes, this version fixes also some OpenSSL problems but also CVE-2020-11810.
The full changelog can be found in here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
---
lfs/openvpn | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/openvpn b/lfs/openvpn
index 0ee437e78..779bf5520 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.4.8
+VER = 2.4.9
THISAPP = openvpn-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9
+$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
install : $(TARGET)
--
2.12.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 2/2] update.sh: Stop|Start OpenVPN for update
2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer
@ 2020-05-07 10:46 ` Erik Kapfer
2020-05-14 12:40 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 ummeegge
1 sibling, 0 replies; 7+ messages in thread
From: Erik Kapfer @ 2020-05-07 10:46 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 814 bytes --]
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
---
config/rootfiles/core/145/update.sh | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/config/rootfiles/core/145/update.sh b/config/rootfiles/core/145/update.sh
index 2571fa3b3..4b9468a49 100644
--- a/config/rootfiles/core/145/update.sh
+++ b/config/rootfiles/core/145/update.sh
@@ -48,6 +48,10 @@ done
# Stop services
/etc/init.d/vnstat stop
+# Prepare OpenVPN for update
+/usr/local/bin/openvpnctrl -k
+/usr/local/bin/openvpnctrl -kn2n
+
# Extract files
extract_files
@@ -57,6 +61,10 @@ ldconfig
# Start services
/etc/init.d/vnstat start
+# Start OpenVPN again
+/usr/local/bin/openvpnctrl -s
+/usr/local/bin/openvpnctrl -sn2n
+
# Update Language cache
/usr/local/bin/update-lang-cache
--
2.12.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/2] OpenVPN: Update to version 2.4.9
2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer
2020-05-07 10:46 ` [PATCH v2 2/2] update.sh: Stop|Start OpenVPN for update Erik Kapfer
@ 2020-05-14 12:40 ` ummeegge
2020-05-14 14:38 ` Michael Tremer
1 sibling, 1 reply; 7+ messages in thread
From: ummeegge @ 2020-05-14 12:40 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1904 bytes --]
Hi all,
just as a reminder, should we release this update too ? This might be
great cause there are a not so nice crypto bug in the current actual
version -->
https://community.openvpn.net/openvpn/ticket/1228#comment:31 which has
been fixed in the actual one.
Best,
Erik
Am Donnerstag, den 07.05.2020, 12:46 +0200 schrieb Erik Kapfer:
> Beneath several smaller fixes, this version fixes also some OpenSSL
> problems but also CVE-2020-11810.
> The full changelog can be found in here
> https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
>
> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> ---
> lfs/openvpn | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/lfs/openvpn b/lfs/openvpn
> index 0ee437e78..779bf5520 100644
> --- a/lfs/openvpn
> +++ b/lfs/openvpn
> @@ -1,7 +1,7 @@
> ####################################################################
> ###########
> #
> #
> # IPFire.org - A linux based
> firewall #
> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org>
> #
> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org>
> #
> #
> #
> # This program is free software: you can redistribute it and/or
> modify #
> # it under the terms of the GNU General Public License as published
> by #
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 2.4.8
> +VER = 2.4.9
>
> THISAPP = openvpn-$(VER)
> DL_FILE = $(THISAPP).tar.xz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9
> +$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
>
> install : $(TARGET)
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/2] OpenVPN: Update to version 2.4.9
2020-05-14 12:40 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 ummeegge
@ 2020-05-14 14:38 ` Michael Tremer
0 siblings, 0 replies; 7+ messages in thread
From: Michael Tremer @ 2020-05-14 14:38 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2369 bytes --]
How many people have tested this release?
OpenVPN updates usually come with plenty of regressions, so I would like to make sure that we are not finding those too late and have to halt the release again.
> On 14 May 2020, at 13:40, ummeegge <ummeegge(a)ipfire.org> wrote:
>
> Hi all,
> just as a reminder, should we release this update too ? This might be
> great cause there are a not so nice crypto bug in the current actual
> version -->
> https://community.openvpn.net/openvpn/ticket/1228#comment:31 which has
> been fixed in the actual one.
*current or latest is the word you are looking for
-Michael
>
> Best,
>
> Erik
>
> Am Donnerstag, den 07.05.2020, 12:46 +0200 schrieb Erik Kapfer:
>> Beneath several smaller fixes, this version fixes also some OpenSSL
>> problems but also CVE-2020-11810.
>> The full changelog can be found in here
>> https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
>>
>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
>> ---
>> lfs/openvpn | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/lfs/openvpn b/lfs/openvpn
>> index 0ee437e78..779bf5520 100644
>> --- a/lfs/openvpn
>> +++ b/lfs/openvpn
>> @@ -1,7 +1,7 @@
>> ####################################################################
>> ###########
>> #
>> #
>> # IPFire.org - A linux based
>> firewall #
>> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org>
>> #
>> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org>
>> #
>> #
>> #
>> # This program is free software: you can redistribute it and/or
>> modify #
>> # it under the terms of the GNU General Public License as published
>> by #
>> @@ -24,7 +24,7 @@
>>
>> include Config
>>
>> -VER = 2.4.8
>> +VER = 2.4.9
>>
>> THISAPP = openvpn-$(VER)
>> DL_FILE = $(THISAPP).tar.xz
>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9
>> +$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
>>
>> install : $(TARGET)
>>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-05-14 14:38 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-17 16:34 [PATCH] OpenVPN: Add to update and exclude Erik Kapfer
2020-04-17 17:41 ` Michael Tremer
2020-04-17 18:59 ` ummeegge
2020-05-07 10:46 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 Erik Kapfer
2020-05-07 10:46 ` [PATCH v2 2/2] update.sh: Stop|Start OpenVPN for update Erik Kapfer
2020-05-14 12:40 ` [PATCH v2 1/2] OpenVPN: Update to version 2.4.9 ummeegge
2020-05-14 14:38 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox