Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org --- config/rootfiles/core/144/exclude | 1 + config/rootfiles/core/144/update.sh | 12 ++++++++++++ 2 files changed, 13 insertions(+)
diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude index b22159878..ba1b646e6 100644 --- a/config/rootfiles/core/144/exclude +++ b/config/rootfiles/core/144/exclude @@ -24,5 +24,6 @@ var/lib/alternatives var/log/cache var/log/dhcpcd.log var/log/messages +var/ipfire/ovpn var/state/dhcp/dhcpd.leases var/updatecache diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh index 6a9c51931..81a6c626e 100644 --- a/config/rootfiles/core/144/update.sh +++ b/config/rootfiles/core/144/update.sh @@ -47,6 +47,15 @@ done # Remove files
# Stop services +# Stop OpenVPN server if it runs +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then + /usr/local/bin/openvpnctrl -k +fi + +# Stop OpenVPN N2N if it runs +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then + /usr/local/bin/openvpnctrl -kn2n +fi
# Extract files extract_files @@ -55,6 +64,9 @@ extract_files ldconfig
# Start services +# Start OpenVPN again +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n
# Update Language cache /usr/local/bin/update-lang-cache
Hi,
This patch is for Core Update 144, but I am not sure if we can ship it with this.
The update will contain the OpenSSL update that is announced for Tuesday and I would like to be able to release it as soon as possible.
I am not sure what the risk is with this patch delaying that release, so I will let Arne decide.
See below for more...
On 17 Apr 2020, at 17:34, Erik Kapfer ummeegge@ipfire.org wrote:
Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again.
Normally this should to be a problem. Tar is normally able to replace any binary, even if it is just running.
We definitely need to restart OpenVPN to take advantage of the new version.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org
config/rootfiles/core/144/exclude | 1 + config/rootfiles/core/144/update.sh | 12 ++++++++++++ 2 files changed, 13 insertions(+)
diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude index b22159878..ba1b646e6 100644 --- a/config/rootfiles/core/144/exclude +++ b/config/rootfiles/core/144/exclude @@ -24,5 +24,6 @@ var/lib/alternatives var/log/cache var/log/dhcpcd.log var/log/messages +var/ipfire/ovpn var/state/dhcp/dhcpd.leases var/updatecache diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh index 6a9c51931..81a6c626e 100644 --- a/config/rootfiles/core/144/update.sh +++ b/config/rootfiles/core/144/update.sh @@ -47,6 +47,15 @@ done # Remove files
# Stop services +# Stop OpenVPN server if it runs +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then
- /usr/local/bin/openvpnctrl -k
+fi
+# Stop OpenVPN N2N if it runs +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then
- /usr/local/bin/openvpnctrl -kn2n
+fi
Interesting way to stop it. Can we not call openvpnctrl regardless, because it won’t matter if the daemon wasn’t running at all.
# Extract files extract_files @@ -55,6 +64,9 @@ extract_files ldconfig
# Start services +# Start OpenVPN again +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n
# Update Language cache /usr/local/bin/update-lang-cache — 2.20.1
Best, -Michael
Hi Michael,
Am Freitag, den 17.04.2020, 18:41 +0100 schrieb Michael Tremer:
Hi,
This patch is for Core Update 144, but I am not sure if we can ship it with this.
The update will contain the OpenSSL update that is announced for Tuesday and I would like to be able to release it as soon as possible.
OK, may also a good date for this ?
I am not sure what the risk is with this patch delaying that release, so I will let Arne decide.
Alright.
See below for more...
On 17 Apr 2020, at 17:34, Erik Kapfer ummeegge@ipfire.org wrote:
Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again.
Normally this should to be a problem. Tar is normally able to replace any binary, even if it is just running.
We definitely need to restart OpenVPN to take advantage of the new version.
Thought we should give it a try in that way.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org
config/rootfiles/core/144/exclude | 1 + config/rootfiles/core/144/update.sh | 12 ++++++++++++ 2 files changed, 13 insertions(+)
diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude index b22159878..ba1b646e6 100644 --- a/config/rootfiles/core/144/exclude +++ b/config/rootfiles/core/144/exclude @@ -24,5 +24,6 @@ var/lib/alternatives var/log/cache var/log/dhcpcd.log var/log/messages +var/ipfire/ovpn var/state/dhcp/dhcpd.leases var/updatecache diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh index 6a9c51931..81a6c626e 100644 --- a/config/rootfiles/core/144/update.sh +++ b/config/rootfiles/core/144/update.sh @@ -47,6 +47,15 @@ done # Remove files
# Stop services +# Stop OpenVPN server if it runs +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then
- /usr/local/bin/openvpnctrl -k
+fi
+# Stop OpenVPN N2N if it runs +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then
- /usr/local/bin/openvpnctrl -kn2n
+fi
Interesting way to stop it. Can we not call openvpnctrl regardless, because it won’t matter if the daemon wasn’t running at all.
May you are right haven´t checked it deeper. Should we do it now or in the next update ? It should nothing break in my opinion.
# Extract files extract_files @@ -55,6 +64,9 @@ extract_files ldconfig
# Start services +# Start OpenVPN again +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n
# Update Language cache /usr/local/bin/update-lang-cache — 2.20.1
Best, -Michael
Beneath several smaller fixes, this version fixes also some OpenSSL problems but also CVE-2020-11810. The full changelog can be found in here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org --- lfs/openvpn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/openvpn b/lfs/openvpn index 0ee437e78..779bf5520 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.4.8 +VER = 2.4.9
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9 +$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
install : $(TARGET)
Signed-off-by: Erik Kapfer ummeegge@ipfire.org --- config/rootfiles/core/145/update.sh | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/config/rootfiles/core/145/update.sh b/config/rootfiles/core/145/update.sh index 2571fa3b3..4b9468a49 100644 --- a/config/rootfiles/core/145/update.sh +++ b/config/rootfiles/core/145/update.sh @@ -48,6 +48,10 @@ done # Stop services /etc/init.d/vnstat stop
+# Prepare OpenVPN for update +/usr/local/bin/openvpnctrl -k +/usr/local/bin/openvpnctrl -kn2n + # Extract files extract_files
@@ -57,6 +61,10 @@ ldconfig # Start services /etc/init.d/vnstat start
+# Start OpenVPN again +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n + # Update Language cache /usr/local/bin/update-lang-cache
Hi all, just as a reminder, should we release this update too ? This might be great cause there are a not so nice crypto bug in the current actual version --> https://community.openvpn.net/openvpn/ticket/1228#comment:31 which has been fixed in the actual one.
Best,
Erik
Am Donnerstag, den 07.05.2020, 12:46 +0200 schrieb Erik Kapfer:
Beneath several smaller fixes, this version fixes also some OpenSSL problems but also CVE-2020-11810. The full changelog can be found in here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org
lfs/openvpn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/openvpn b/lfs/openvpn index 0ee437e78..779bf5520 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ #################################################################### ########### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.4.8 +VER = 2.4.9
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9 +$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
install : $(TARGET)
How many people have tested this release?
OpenVPN updates usually come with plenty of regressions, so I would like to make sure that we are not finding those too late and have to halt the release again.
On 14 May 2020, at 13:40, ummeegge ummeegge@ipfire.org wrote:
Hi all, just as a reminder, should we release this update too ? This might be great cause there are a not so nice crypto bug in the current actual version --> https://community.openvpn.net/openvpn/ticket/1228#comment:31 which has been fixed in the actual one.
*current or latest is the word you are looking for
-Michael
Best,
Erik
Am Donnerstag, den 07.05.2020, 12:46 +0200 schrieb Erik Kapfer:
Beneath several smaller fixes, this version fixes also some OpenSSL problems but also CVE-2020-11810. The full changelog can be found in here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org
lfs/openvpn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/openvpn b/lfs/openvpn index 0ee437e78..779bf5520 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ #################################################################### ########### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.4.8 +VER = 2.4.9
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 03a4a077945c157703681a06935bc3f9 +$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
install : $(TARGET)
-
Erik Kapfer -
Michael Tremer -
ummeegge