[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 198025111e37a80944dbab9ddd57967945e27949

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 198025111e37a80944dbab9ddd57967945e27949
Date: Tue, 26 Aug 2025 14:08:29 +0000 (UTC)	[thread overview]
Message-ID: <4cB8dn2MSKz2y1V@people01.haj.ipfire.org> (raw)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  198025111e37a80944dbab9ddd57967945e27949 (commit)
       via  7245ddf773b78be5fd0675d2e260b3da7855ac2c (commit)
      from  97469fbdd20c7c47b9d1f2df6b57f60ccda16560 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 198025111e37a80944dbab9ddd57967945e27949
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Mon Aug 25 11:19:14 2025 +0200

    update.sh: Ensure ncp-disable is removed from config and DATACIPHERS added
    
    - This is doing the same thing as the other patch of this series dealing with backup.pl
    
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 7245ddf773b78be5fd0675d2e260b3da7855ac2c
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Mon Aug 25 11:19:13 2025 +0200

    backup.pl: Ensure ncp-disable is removed from old backups and DATACIPHERS added
    
    - With commit https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=e04f5376ba18767a6a9eccf104c472295a75340b
       then the settings file which is hashed into %vpnsettings already exists and so none
       of the defaults are set. Running the ovpnmain.cgi code resolves this for most of the
       settings but not for ncp-disable being present in server.conf and no DATACIPHERS entry
       in the settings file. ncp-disable then causes the openvpn server to fail to start as
       it is no longer recognised in OpenVPN-2.6
    - This patch checks if ncp-disable is in the server.conf file from the restored backup
       and if it is it is then removed and the default values for DATACIPHERS is added into
       the settings file.
    - Tested out in my vm testbed and successfully worked. The previously found issue after
       the above patch was added in has been resolved.
    - Associated patch in this set is to do a similar thing for the update.sh file for CU197
    
    Tested-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/backup/backup.pl             | 5 +++++
 config/rootfiles/core/197/update.sh | 4 ++++
 2 files changed, 9 insertions(+)

Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index e79f510c6..42d24aa3c 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -350,6 +350,11 @@ restore_backup() {
 	fi
 
 	# Update the OpenVPN configuration and restart the openvpn daemons
+	if grep -q "ncp-disable" /var/ipfire/ovpn/server.conf; then
+		sed -r -e "/ncp-disable/d" -i /var/ipfire/ovpn/server.conf
+		echo "DATACIPHERS=AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305" >> \
+			/var/ipfire/ovpn/settings
+	fi
 	sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
 	/etc/init.d/openvpn-n2n restart
 	/etc/init.d/openvpn-rw restart
diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh
index 0fd5cc6f0..f1800b2c0 100644
--- a/config/rootfiles/core/197/update.sh
+++ b/config/rootfiles/core/197/update.sh
@@ -123,6 +123,10 @@ ldconfig
 /usr/local/bin/filesystem-cleanup
 
 # Update the OpenVPN configuration
+if grep -q "ncp-disable" /var/ipfire/ovpn/server.conf; then
+	sed -r -e "/ncp-disable/d" -i /var/ipfire/ovpn/server.conf
+	echo "DATACIPHERS=AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305" >> /var/ipfire/ovpn/settings
+fi
 sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
 
 # Apply SSH configuration


hooks/post-receive
--
IPFire 2.x development tree

                 reply	other threads:[~2025-08-26 14:08 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4cB8dn2MSKz2y1V@people01.haj.ipfire.org \
    --to=git@ipfire.org \
    --cc=ipfire-scm@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox