openvpn3: v20 -> v23 (#326623)

2024-11-25 16:33:15 +00:00 · 2024-11-01 21:27:18 +01:00 · 2024-11-01 21:27:18 +01:00 · 10b6280a20
commit 10b6280a20
parent e71cb2510f 279d00a8f5
7 changed files with 428 additions and 146 deletions
--- a/nixos/modules/programs/openvpn3.nix
+++ b/nixos/modules/programs/openvpn3.nix
@ -1,29 +1,87 @@
 { config, lib, pkgs, ... }:
 let
  json = pkgs.formats.json { };
  cfg = config.programs.openvpn3;
-in
+
-{
+  inherit (lib) mkEnableOption mkPackageOption mkOption literalExpression max options lists;
  inherit (lib.types) bool submodule ints;
 in {
  options.programs.openvpn3 = {
-    enable = lib.mkEnableOption "the openvpn3 client";
+    enable = mkEnableOption "the openvpn3 client";
-    package = lib.mkOption {
+    package = mkPackageOption pkgs "openvpn3" { };
-      type = lib.types.package;
+    netcfg = mkOption {
-      default = pkgs.openvpn3.override {
+      description = "Network configuration";
-        enableSystemdResolved = config.services.resolved.enable;
+      default = { };
      type = submodule {
        options = {
          settings = mkOption {
            description = "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file";
            default = { };
            type = submodule {
              freeformType = json.type;
              options = {
                systemd_resolved = mkOption {
                  type = bool;
                  description = "Whether to use systemd-resolved integration";
                  default = config.services.resolved.enable;
                  defaultText = literalExpression "config.services.resolved.enable";
                  example = false;
                };
              };
            };
          };
        };
      };
    };
    log-service = mkOption {
      description = "Log service configuration";
      default = { };
      type = submodule {
        options = {
          settings = mkOption {
            description = "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file";
            default = { };
            type = submodule {
              freeformType = json.type;
              options = {
                journald = mkOption {
                  description = "Use systemd-journald";
                  type = bool;
                  default = true;
                  example = false;
                };
                log_dbus_details = mkOption {
                  description = "Add D-Bus details in log file/syslog";
                  type = bool;
                  default = true;
                  example = false;
                };
                log_level = mkOption {
                  description = "How verbose should the logging be";
                  type = (ints.between 0 7) // {
                    merge = _loc: defs:
                      lists.foldl max 0 (options.getValues defs);
                  };
                  default = 3;
                  example = 6;
                };
                timestamp = mkOption {
                  description = "Add timestamp log file";
                  type = bool;
                  default = false;
                  example = true;
                };
              };
            };
          };
        };
      };
      defaultText = lib.literalExpression ''pkgs.openvpn3.override {
        enableSystemdResolved = config.services.resolved.enable;
      }'';
      description = ''
        Which package to use for `openvpn3`.
      '';
    };
  };
  config = lib.mkIf cfg.enable {
-    services.dbus.packages = [
+    services.dbus.packages = [ cfg.package ];
      cfg.package
    ];
    users.users.openvpn = {
      isSystemUser = true;
@ -31,13 +89,20 @@ in
      group = "openvpn";
    };
-    users.groups.openvpn = {
+    users.groups.openvpn = { gid = config.ids.gids.openvpn; };
-      gid = config.ids.gids.openvpn;
+
    environment = {
      systemPackages = [ cfg.package ];
      etc = {
        "openvpn3/netcfg.json".source =
          json.generate "netcfg.json" cfg.netcfg.settings;
        "openvpn3/log-service.json".source =
          json.generate "log-service.json" cfg.log-service.settings;
      };
    };
-    environment.systemPackages = [
+    systemd.packages = [ cfg.package ];
      cfg.package
    ];
  };
  meta.maintainers = with lib.maintainers; [ shamilton progrm_jarvis ];
 }
--- a/pkgs/by-name/gd/gdbuspp/package.nix
+++ b/pkgs/by-name/gd/gdbuspp/package.nix
@ -0,0 +1,46 @@
 {
  lib,
  stdenv,
  fetchFromGitHub,
  meson,
  ninja,
  glib,
  pkg-config,
 }:
 stdenv.mkDerivation rec {
  pname = "gdbuspp";
  version = "2";
  src = fetchFromGitHub {
    owner = "OpenVPN";
    repo = "gdbuspp";
    rev = "refs/tags/v${version}";
    hash = "sha256-A0sl4zZa17zMec/jJASE8lDVNohzJzEGZbWjjsorB2Y=";
  };
  postPatch = ''
    patchShebangs --build ./scripts/get-git-ref
  '';
  nativeBuildInputs = [
    meson
    ninja
    pkg-config
  ];
  buildInputs = [ glib ];
  meta = {
    description = "GDBus++ - a glib2 D-Bus wrapper for C++";
    longDescription = ''
      This library provides a simpler C++ based interface to implement D-Bus
      into applications in a more C++ approach, based on the C++17 standard.
    '';
    homepage = "https://codeberg.org/OpenVPN/gdbuspp";
    changelog = "https://codeberg.org/OpenVPN/gdbuspp/releases/tag/v${version}";
    license = lib.licenses.agpl3Only;
    sourceProvenance = [ lib.sourceTypes.fromSource ];
    maintainers = [ lib.maintainers.progrm_jarvis ];
    platforms = lib.platforms.linux;
  };
 }
--- a/pkgs/by-name/op/openvpn3/0001-build-reduce-hardcode-in-asio_path.patch
+++ b/pkgs/by-name/op/openvpn3/0001-build-reduce-hardcode-in-asio_path.patch
@ -0,0 +1,46 @@
 From 30b2528054e6627a7124ac04cb018356ef23d864 Mon Sep 17 00:00:00 2001
 From: Petr Portnov <mrjarviscraft@gmail.com>
 Date: Mon, 2 Sep 2024 22:25:33 +0300
 Subject: [PATCH 1/1] build: reduce hardcode in `asio_path`
 Currently, `asio_path` variable value is concatenated with `/asio/include`
 to specify the path to custom `asio` installation.
 The problem is that this is too strict as some distros (namely NixOS)
 may have the `include` directory with a differently named parent.
 Thus this change minimizes the hardcoded part of the path to make it more flexible.
 Signed-off-by: Petr Portnov <mrjarviscraft@gmail.com>
 ---
 meson.build       | 2 +-
 meson_options.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/meson.build b/meson.build
 index c9e0a2d..c01eb8e 100644
 --- a/meson.build
 +++ b/meson.build
@@ -74,7 +74,7 @@ endif
 #
 #  Setup additional include header dirs
 #
 -asio_inc = get_option('asio_path') / 'asio' / 'include'
 +asio_inc = get_option('asio_path') / 'include'
 message ('ASIO library: ' + asio_inc)
 openvpn3_core_inc = get_option('openvpn3_core_path')
 diff --git a/meson_options.txt b/meson_options.txt
 index d9cf02e..43e301e 100644
 --- a/meson_options.txt
 +++ b/meson_options.txt
@@ -26,7 +26,7 @@ option('debug_options', type: 'boolean', value: false,
 #
 #  Build environment and related build time options
 #
 -option('asio_path', type: 'string', value: './vendor/asio',
 +option('asio_path', type: 'string', value: './vendor/asio/asio',
        description: 'Path to the ASIO header files')
 option('openvpn3_core_path', type: 'string', value: './openvpn3-core',
 -- 
 2.43.0
--- a/pkgs/by-name/op/openvpn3/0002-build-allow-installation-directories-customization.patch
+++ b/pkgs/by-name/op/openvpn3/0002-build-allow-installation-directories-customization.patch
@ -0,0 +1,115 @@
 From 848cc46d05c203de393d75434a3f571d78687f50 Mon Sep 17 00:00:00 2001
 From: Petr Portnov <mrjarviscraft@gmail.com>
 Date: Sun, 22 Sep 2024 13:16:02 +0300
 Subject: [PATCH] build: allow installation directories' customization
 This allows to configure the installation directories
 for systemd and D-Bus files.
 Signed-off-by: Petr Portnov <mrjarviscraft@gmail.com>
 ---
 distro/systemd/meson.build |  9 +++++++--
 meson.build                | 12 ++++++++++--
 meson_options.txt          | 12 ++++++++++++
 src/configmgr/meson.build  | 10 ++++++----
 4 files changed, 35 insertions(+), 8 deletions(-)
 diff --git a/distro/systemd/meson.build b/distro/systemd/meson.build
 index 36d556c..9c636b6 100644
 --- a/distro/systemd/meson.build
 +++ b/distro/systemd/meson.build
@@ -15,12 +15,17 @@ systemd_cfg = configuration_data({
 systemd_service_cfg = dependency('systemd')
 +systemd_system_unit_dir = get_option('systemd_system_unit_dir')
 +if systemd_system_unit_dir == ''
 +  systemd_system_unit_dir = systemd_service_cfg.get_variable('systemdsystemunitdir')
 +endif
 +
 configure_file(
     input: 'openvpn3-autoload.service.in',
     output: 'openvpn3-autoload.service',
     configuration: systemd_cfg,
     install: true,
 -    install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
 +    install_dir: systemd_system_unit_dir,
 )
 configure_file(
@@ -28,7 +33,7 @@ configure_file(
     output: 'openvpn3-session@.service',
     configuration: systemd_cfg,
     install: true,
 -    install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
 +    install_dir: systemd_system_unit_dir,
 )
 custom_target('openvpn3-systemd',
 diff --git a/meson.build b/meson.build
 index 586c72a..ba41440 100644
 --- a/meson.build
 +++ b/meson.build
@@ -203,8 +203,16 @@ message('OpenVPN 3 Linux service binary directory: ' + get_option('prefix') / li
 #
 #  D-Bus configuration
 -dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
 -dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
 +dbus_policy_dir = get_option('dbus_policy_dir')
 +if dbus_policy_dir == ''
 +    dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
 +endif
 +
 +dbus_service_dir = get_option('dbus_system_service_dir')
 +if dbus_service_dir == ''
 +    dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
 +endif
 +
 dbus_config = {
     'OPENVPN_USERNAME': get_option('openvpn_username'),
     'LIBEXEC_PATH': get_option('prefix') / libexec_dir,
 diff --git a/meson_options.txt b/meson_options.txt
 index 43e301e..04809df 100644
 --- a/meson_options.txt
 +++ b/meson_options.txt
@@ -93,6 +93,18 @@ option('use-legacy-polkit-pkla', type: 'feature', value: 'disabled',
 option('polkit_pkla_rulesdir', type: 'string', value: '',
        description: 'Override PolicyKit PKLA rules directory')
 +#
 +# Installation
 +#
 +option('dbus_policy_dir', type: 'string',
 +       description: 'D-Bus policy directory')
 +option('dbus_system_service_dir', type: 'string',
 +       description: 'D-Bus system service directory')
 +option('systemd_system_unit_dir', type: 'string',
 +       description: 'Path to systemd system unit directory')
 +option('create_statedir', type: 'feature', value: 'enabled',
 +       description: 'Create directory for OpenVPN 3 state during install phase')
 +
 #
 #  Testing tools
 #
 diff --git a/src/configmgr/meson.build b/src/configmgr/meson.build
 index 5d0a649..6f788b7 100644
 --- a/src/configmgr/meson.build
 +++ b/src/configmgr/meson.build
@@ -52,7 +52,9 @@ configure_file(
     install_dir: dbus_service_dir,
 )
 -# Create the configs directory for persistent configuration profiles
 -# NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
 -#       is available on all supported distros
 -meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
 +if get_option('create_statedir').enabled()
 +    # Create the configs directory for persistent configuration profiles
 +    # NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
 +    #       is available on all supported distros
 +    meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
 +endif
 -- 
 2.45.2
--- a/pkgs/by-name/op/openvpn3/package.nix
+++ b/pkgs/by-name/op/openvpn3/package.nix
@ -0,0 +1,135 @@
 {
  lib,
  stdenv,
  fetchFromGitHub,
  asio,
  glib,
  jsoncpp,
  libcap_ng,
  libnl,
  libuuid,
  lz4,
  openssl,
  pkg-config,
  protobuf,
  python3,
  systemd,
  tinyxml-2,
  wrapGAppsHook3,
  gobject-introspection,
  meson,
  ninja,
  gdbuspp,
  cmake,
  git,
  enableSystemdResolved ? true,
 }:
 stdenv.mkDerivation rec {
  pname = "openvpn3";
  # also update openvpn3-core
  version = "23";
  src = fetchFromGitHub {
    owner = "OpenVPN";
    repo = "openvpn3-linux";
    rev = "refs/tags/v${version}";
    hash = "sha256-5gkutqyUPZDwRPzSFdUXg2G5mtQKbdhZu8xnNAdXoF0=";
    # `openvpn3-core` is a submodule.
    # TODO: make it into a separate package
    fetchSubmodules = true;
  };
  patches = [
    # Merged in upstream, will land in v24
    # https://github.com/OpenVPN/openvpn3-linux/commit/75abb7dc9366ba85fb1a144d88f02a1e8a62f538
    ./0001-build-reduce-hardcode-in-asio_path.patch
    ./0002-build-allow-installation-directories-customization.patch
  ];
  postPatch = ''
    echo '#define OPENVPN_VERSION "3.git:unknown:unknown"
    #define PACKAGE_GUIVERSION "v${builtins.replaceStrings [ "_" ] [ ":" ] version}"
    #define PACKAGE_NAME "openvpn3-linux"
    ' > ./src/build-version.h
    patchShebangs \
      ./scripts \
      ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
      ./distro/systemd/openvpn3-systemd \
      ./src/tests/dbus/netcfg-subscription-test \
      ./src/shell/bash-completion/gen-openvpn2-completion.py
  '';
  pythonPath = python3.withPackages (ps: [
    ps.dbus-python
    ps.pygobject3
    ps.systemd
  ]);
  nativeBuildInputs = [
    meson
    ninja
    pkg-config
    cmake
    git
    python3.pkgs.wrapPython
    python3.pkgs.docutils
    python3.pkgs.jinja2
    python3.pkgs.dbus-python
    wrapGAppsHook3
    gobject-introspection
  ];
  buildInputs = [
    asio
    glib
    jsoncpp
    libcap_ng
    libnl
    libuuid
    lz4
    openssl
    protobuf
    tinyxml-2
    gdbuspp
  ] ++ lib.optionals enableSystemdResolved [ systemd.dev ];
  mesonFlags = [
    (lib.mesonOption "selinux" "disabled")
    (lib.mesonOption "selinux_policy" "disabled")
    (lib.mesonOption "bash-completion" "enabled")
    (lib.mesonOption "test_programs" "disabled")
    (lib.mesonOption "unit_tests" "disabled")
    (lib.mesonOption "asio_path" "${asio}")
    (lib.mesonOption "dbus_policy_dir" "${placeholder "out"}/share/dbus-1/system.d")
    (lib.mesonOption "dbus_system_service_dir" "${placeholder "out"}/share/dbus-1/system-services")
    (lib.mesonOption "systemd_system_unit_dir" "${placeholder "out"}/lib/systemd/system")
    (lib.mesonOption "create_statedir" "disabled")
    (lib.mesonOption "sharedstatedir" "/etc")
  ];
  dontWrapGApps = true;
  preFixup = ''
    makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
  '';
  postFixup = ''
    wrapPythonPrograms
    wrapPythonProgramsIn "$out/libexec/openvpn3-linux" "$out ${pythonPath}"
  '';
  NIX_LDFLAGS = "-lpthread";
  meta = {
    description = "OpenVPN 3 Linux client";
    license = lib.licenses.agpl3Plus;
    homepage = "https://github.com/OpenVPN/openvpn3-linux/";
    changelog = "https://github.com/OpenVPN/openvpn3-linux/releases/tag/v${version}";
    maintainers = with lib.maintainers; [
      shamilton
      progrm_jarvis
    ];
    platforms = lib.platforms.linux;
  };
 }
--- a/pkgs/tools/networking/openvpn3/default.nix
+++ b/pkgs/tools/networking/openvpn3/default.nix
@ -1,123 +0,0 @@
 { lib
 , stdenv
 , fetchFromGitHub
 , asio
 , autoconf-archive
 , autoreconfHook
 , glib
 , gtest
 , jsoncpp
 , libcap_ng
 , libnl
 , libuuid
 , lz4
 , openssl
 , pkg-config
 , protobuf
 , python3
 , systemd
 , enableSystemdResolved ? false
 , tinyxml-2
 , wrapGAppsHook3
 }:
 let
  openvpn3-core = fetchFromGitHub {
    owner = "OpenVPN";
    repo = "openvpn3";
    rev = "7590cb109349809b948e8edaeecabdbfe24e4b17";
    hash = "sha256-S9D/FQa7HYj0FJnyb5dCrtgTH9Nf2nvtyp/VHiebq7I=";
  };
 in
 stdenv.mkDerivation rec {
  pname = "openvpn3";
  # also update openvpn3-core
  version = "20";
  src = fetchFromGitHub {
    owner = "OpenVPN";
    repo = "openvpn3-linux";
    rev = "v${version}";
    hash = "sha256-Weyb+rcx04mpDdcL7Qt4O+PvPf5MLPAP/Uy+8qoNXbQ=";
  };
  postPatch = ''
    rm -r ./vendor/googletest
    cp -r ${gtest.src} ./vendor/googletest
    rm -r ./openvpn3-core
    ln -s ${openvpn3-core} ./openvpn3-core
    chmod -R +w ./vendor/googletest
    shopt -s globstar
    patchShebangs **/*.py **/*.sh ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
    ./distro/systemd/openvpn3-systemd ./src/tests/dbus/netcfg-subscription-test
    echo "3.git:v${version}:unknown" > openvpn3-core-version
  '';
  preAutoreconf = ''
    substituteInPlace ./update-version-m4.sh --replace 'VERSION="$(git describe --always --tags)"' "VERSION=v${version}"
    ./update-version-m4.sh
  '';
  nativeBuildInputs = [
    autoconf-archive
    autoreconfHook
    python3.pkgs.docutils
    python3.pkgs.jinja2
    pkg-config
    wrapGAppsHook3
    python3.pkgs.wrapPython
  ] ++ pythonPath;
  buildInputs = [
    asio
    glib
    jsoncpp
    libcap_ng
    libnl
    libuuid
    lz4
    openssl
    protobuf
    tinyxml-2
  ] ++ lib.optionals enableSystemdResolved [
    systemd
  ];
  # runtime deps
  pythonPath = with python3.pkgs; [
    dbus-python
    pygobject3
  ];
  dontWrapGApps = true;
  preFixup = ''
    makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
  '';
  postFixup = ''
    wrapPythonPrograms
  '';
  configureFlags = [
    "--enable-bash-completion"
    "--enable-addons-aws"
    "--disable-selinux-build"
    "--disable-build-test-progs"
  ] ++ lib.optionals enableSystemdResolved [
    # This defaults to --resolv-conf /etc/resolv.conf. See
    # https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434
    "DEFAULT_DNS_RESOLVER=--systemd-resolved"
  ];
  NIX_LDFLAGS = "-lpthread";
  meta = with lib; {
    description = "OpenVPN 3 Linux client";
    license = licenses.agpl3Plus;
    homepage = "https://github.com/OpenVPN/openvpn3-linux/";
    maintainers = with maintainers; [ shamilton ];
    platforms = platforms.linux;
  };
 }
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -10712,8 +10712,6 @@ with pkgs;
  openvpn = callPackage ../tools/networking/openvpn {};
  openvpn3 = callPackage ../tools/networking/openvpn3 { };
  openvpn_learnaddress = callPackage ../tools/networking/openvpn/openvpn_learnaddress.nix { };
  openvpn-auth-ldap = callPackage ../tools/networking/openvpn/openvpn-auth-ldap.nix {