openvpn3: 20 -> 23

Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>
This commit is contained in:
Petr Portnov 2024-07-08 20:56:36 +03:00
parent 7fb87169ef
commit 279d00a8f5
No known key found for this signature in database
GPG Key ID: 7E8FC8F7D1BB84A3
6 changed files with 382 additions and 146 deletions

View File

@ -1,29 +1,87 @@
{ config, lib, pkgs, ... }:
let
json = pkgs.formats.json { };
cfg = config.programs.openvpn3;
in
{
inherit (lib) mkEnableOption mkPackageOption mkOption literalExpression max options lists;
inherit (lib.types) bool submodule ints;
in {
options.programs.openvpn3 = {
enable = lib.mkEnableOption "the openvpn3 client";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.openvpn3.override {
enableSystemdResolved = config.services.resolved.enable;
enable = mkEnableOption "the openvpn3 client";
package = mkPackageOption pkgs "openvpn3" { };
netcfg = mkOption {
description = "Network configuration";
default = { };
type = submodule {
options = {
settings = mkOption {
description = "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file";
default = { };
type = submodule {
freeformType = json.type;
options = {
systemd_resolved = mkOption {
type = bool;
description = "Whether to use systemd-resolved integration";
default = config.services.resolved.enable;
defaultText = literalExpression "config.services.resolved.enable";
example = false;
};
};
};
};
};
};
};
log-service = mkOption {
description = "Log service configuration";
default = { };
type = submodule {
options = {
settings = mkOption {
description = "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file";
default = { };
type = submodule {
freeformType = json.type;
options = {
journald = mkOption {
description = "Use systemd-journald";
type = bool;
default = true;
example = false;
};
log_dbus_details = mkOption {
description = "Add D-Bus details in log file/syslog";
type = bool;
default = true;
example = false;
};
log_level = mkOption {
description = "How verbose should the logging be";
type = (ints.between 0 7) // {
merge = _loc: defs:
lists.foldl max 0 (options.getValues defs);
};
default = 3;
example = 6;
};
timestamp = mkOption {
description = "Add timestamp log file";
type = bool;
default = false;
example = true;
};
};
};
};
};
};
defaultText = lib.literalExpression ''pkgs.openvpn3.override {
enableSystemdResolved = config.services.resolved.enable;
}'';
description = ''
Which package to use for `openvpn3`.
'';
};
};
config = lib.mkIf cfg.enable {
services.dbus.packages = [
cfg.package
];
services.dbus.packages = [ cfg.package ];
users.users.openvpn = {
isSystemUser = true;
@ -31,13 +89,20 @@ in
group = "openvpn";
};
users.groups.openvpn = {
gid = config.ids.gids.openvpn;
users.groups.openvpn = { gid = config.ids.gids.openvpn; };
environment = {
systemPackages = [ cfg.package ];
etc = {
"openvpn3/netcfg.json".source =
json.generate "netcfg.json" cfg.netcfg.settings;
"openvpn3/log-service.json".source =
json.generate "log-service.json" cfg.log-service.settings;
};
};
environment.systemPackages = [
cfg.package
];
systemd.packages = [ cfg.package ];
};
meta.maintainers = with lib.maintainers; [ shamilton progrm_jarvis ];
}

View File

@ -0,0 +1,46 @@
From 30b2528054e6627a7124ac04cb018356ef23d864 Mon Sep 17 00:00:00 2001
From: Petr Portnov <mrjarviscraft@gmail.com>
Date: Mon, 2 Sep 2024 22:25:33 +0300
Subject: [PATCH 1/1] build: reduce hardcode in `asio_path`
Currently, `asio_path` variable value is concatenated with `/asio/include`
to specify the path to custom `asio` installation.
The problem is that this is too strict as some distros (namely NixOS)
may have the `include` directory with a differently named parent.
Thus this change minimizes the hardcoded part of the path to make it more flexible.
Signed-off-by: Petr Portnov <mrjarviscraft@gmail.com>
---
meson.build | 2 +-
meson_options.txt | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
index c9e0a2d..c01eb8e 100644
--- a/meson.build
+++ b/meson.build
@@ -74,7 +74,7 @@ endif
#
# Setup additional include header dirs
#
-asio_inc = get_option('asio_path') / 'asio' / 'include'
+asio_inc = get_option('asio_path') / 'include'
message ('ASIO library: ' + asio_inc)
openvpn3_core_inc = get_option('openvpn3_core_path')
diff --git a/meson_options.txt b/meson_options.txt
index d9cf02e..43e301e 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -26,7 +26,7 @@ option('debug_options', type: 'boolean', value: false,
#
# Build environment and related build time options
#
-option('asio_path', type: 'string', value: './vendor/asio',
+option('asio_path', type: 'string', value: './vendor/asio/asio',
description: 'Path to the ASIO header files')
option('openvpn3_core_path', type: 'string', value: './openvpn3-core',
--
2.43.0

View File

@ -0,0 +1,115 @@
From 848cc46d05c203de393d75434a3f571d78687f50 Mon Sep 17 00:00:00 2001
From: Petr Portnov <mrjarviscraft@gmail.com>
Date: Sun, 22 Sep 2024 13:16:02 +0300
Subject: [PATCH] build: allow installation directories' customization
This allows to configure the installation directories
for systemd and D-Bus files.
Signed-off-by: Petr Portnov <mrjarviscraft@gmail.com>
---
distro/systemd/meson.build | 9 +++++++--
meson.build | 12 ++++++++++--
meson_options.txt | 12 ++++++++++++
src/configmgr/meson.build | 10 ++++++----
4 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/distro/systemd/meson.build b/distro/systemd/meson.build
index 36d556c..9c636b6 100644
--- a/distro/systemd/meson.build
+++ b/distro/systemd/meson.build
@@ -15,12 +15,17 @@ systemd_cfg = configuration_data({
systemd_service_cfg = dependency('systemd')
+systemd_system_unit_dir = get_option('systemd_system_unit_dir')
+if systemd_system_unit_dir == ''
+ systemd_system_unit_dir = systemd_service_cfg.get_variable('systemdsystemunitdir')
+endif
+
configure_file(
input: 'openvpn3-autoload.service.in',
output: 'openvpn3-autoload.service',
configuration: systemd_cfg,
install: true,
- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
+ install_dir: systemd_system_unit_dir,
)
configure_file(
@@ -28,7 +33,7 @@ configure_file(
output: 'openvpn3-session@.service',
configuration: systemd_cfg,
install: true,
- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
+ install_dir: systemd_system_unit_dir,
)
custom_target('openvpn3-systemd',
diff --git a/meson.build b/meson.build
index 586c72a..ba41440 100644
--- a/meson.build
+++ b/meson.build
@@ -203,8 +203,16 @@ message('OpenVPN 3 Linux service binary directory: ' + get_option('prefix') / li
#
# D-Bus configuration
-dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
-dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
+dbus_policy_dir = get_option('dbus_policy_dir')
+if dbus_policy_dir == ''
+ dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
+endif
+
+dbus_service_dir = get_option('dbus_system_service_dir')
+if dbus_service_dir == ''
+ dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
+endif
+
dbus_config = {
'OPENVPN_USERNAME': get_option('openvpn_username'),
'LIBEXEC_PATH': get_option('prefix') / libexec_dir,
diff --git a/meson_options.txt b/meson_options.txt
index 43e301e..04809df 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -93,6 +93,18 @@ option('use-legacy-polkit-pkla', type: 'feature', value: 'disabled',
option('polkit_pkla_rulesdir', type: 'string', value: '',
description: 'Override PolicyKit PKLA rules directory')
+#
+# Installation
+#
+option('dbus_policy_dir', type: 'string',
+ description: 'D-Bus policy directory')
+option('dbus_system_service_dir', type: 'string',
+ description: 'D-Bus system service directory')
+option('systemd_system_unit_dir', type: 'string',
+ description: 'Path to systemd system unit directory')
+option('create_statedir', type: 'feature', value: 'enabled',
+ description: 'Create directory for OpenVPN 3 state during install phase')
+
#
# Testing tools
#
diff --git a/src/configmgr/meson.build b/src/configmgr/meson.build
index 5d0a649..6f788b7 100644
--- a/src/configmgr/meson.build
+++ b/src/configmgr/meson.build
@@ -52,7 +52,9 @@ configure_file(
install_dir: dbus_service_dir,
)
-# Create the configs directory for persistent configuration profiles
-# NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
-# is available on all supported distros
-meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
+if get_option('create_statedir').enabled()
+ # Create the configs directory for persistent configuration profiles
+ # NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
+ # is available on all supported distros
+ meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
+endif
--
2.45.2

View File

@ -0,0 +1,135 @@
{
lib,
stdenv,
fetchFromGitHub,
asio,
glib,
jsoncpp,
libcap_ng,
libnl,
libuuid,
lz4,
openssl,
pkg-config,
protobuf,
python3,
systemd,
tinyxml-2,
wrapGAppsHook3,
gobject-introspection,
meson,
ninja,
gdbuspp,
cmake,
git,
enableSystemdResolved ? true,
}:
stdenv.mkDerivation rec {
pname = "openvpn3";
# also update openvpn3-core
version = "23";
src = fetchFromGitHub {
owner = "OpenVPN";
repo = "openvpn3-linux";
rev = "refs/tags/v${version}";
hash = "sha256-5gkutqyUPZDwRPzSFdUXg2G5mtQKbdhZu8xnNAdXoF0=";
# `openvpn3-core` is a submodule.
# TODO: make it into a separate package
fetchSubmodules = true;
};
patches = [
# Merged in upstream, will land in v24
# https://github.com/OpenVPN/openvpn3-linux/commit/75abb7dc9366ba85fb1a144d88f02a1e8a62f538
./0001-build-reduce-hardcode-in-asio_path.patch
./0002-build-allow-installation-directories-customization.patch
];
postPatch = ''
echo '#define OPENVPN_VERSION "3.git:unknown:unknown"
#define PACKAGE_GUIVERSION "v${builtins.replaceStrings [ "_" ] [ ":" ] version}"
#define PACKAGE_NAME "openvpn3-linux"
' > ./src/build-version.h
patchShebangs \
./scripts \
./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
./distro/systemd/openvpn3-systemd \
./src/tests/dbus/netcfg-subscription-test \
./src/shell/bash-completion/gen-openvpn2-completion.py
'';
pythonPath = python3.withPackages (ps: [
ps.dbus-python
ps.pygobject3
ps.systemd
]);
nativeBuildInputs = [
meson
ninja
pkg-config
cmake
git
python3.pkgs.wrapPython
python3.pkgs.docutils
python3.pkgs.jinja2
python3.pkgs.dbus-python
wrapGAppsHook3
gobject-introspection
];
buildInputs = [
asio
glib
jsoncpp
libcap_ng
libnl
libuuid
lz4
openssl
protobuf
tinyxml-2
gdbuspp
] ++ lib.optionals enableSystemdResolved [ systemd.dev ];
mesonFlags = [
(lib.mesonOption "selinux" "disabled")
(lib.mesonOption "selinux_policy" "disabled")
(lib.mesonOption "bash-completion" "enabled")
(lib.mesonOption "test_programs" "disabled")
(lib.mesonOption "unit_tests" "disabled")
(lib.mesonOption "asio_path" "${asio}")
(lib.mesonOption "dbus_policy_dir" "${placeholder "out"}/share/dbus-1/system.d")
(lib.mesonOption "dbus_system_service_dir" "${placeholder "out"}/share/dbus-1/system-services")
(lib.mesonOption "systemd_system_unit_dir" "${placeholder "out"}/lib/systemd/system")
(lib.mesonOption "create_statedir" "disabled")
(lib.mesonOption "sharedstatedir" "/etc")
];
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
postFixup = ''
wrapPythonPrograms
wrapPythonProgramsIn "$out/libexec/openvpn3-linux" "$out ${pythonPath}"
'';
NIX_LDFLAGS = "-lpthread";
meta = {
description = "OpenVPN 3 Linux client";
license = lib.licenses.agpl3Plus;
homepage = "https://github.com/OpenVPN/openvpn3-linux/";
changelog = "https://github.com/OpenVPN/openvpn3-linux/releases/tag/v${version}";
maintainers = with lib.maintainers; [
shamilton
progrm_jarvis
];
platforms = lib.platforms.linux;
};
}

View File

@ -1,123 +0,0 @@
{ lib
, stdenv
, fetchFromGitHub
, asio
, autoconf-archive
, autoreconfHook
, glib
, gtest
, jsoncpp
, libcap_ng
, libnl
, libuuid
, lz4
, openssl
, pkg-config
, protobuf
, python3
, systemd
, enableSystemdResolved ? false
, tinyxml-2
, wrapGAppsHook3
}:
let
openvpn3-core = fetchFromGitHub {
owner = "OpenVPN";
repo = "openvpn3";
rev = "7590cb109349809b948e8edaeecabdbfe24e4b17";
hash = "sha256-S9D/FQa7HYj0FJnyb5dCrtgTH9Nf2nvtyp/VHiebq7I=";
};
in
stdenv.mkDerivation rec {
pname = "openvpn3";
# also update openvpn3-core
version = "20";
src = fetchFromGitHub {
owner = "OpenVPN";
repo = "openvpn3-linux";
rev = "v${version}";
hash = "sha256-Weyb+rcx04mpDdcL7Qt4O+PvPf5MLPAP/Uy+8qoNXbQ=";
};
postPatch = ''
rm -r ./vendor/googletest
cp -r ${gtest.src} ./vendor/googletest
rm -r ./openvpn3-core
ln -s ${openvpn3-core} ./openvpn3-core
chmod -R +w ./vendor/googletest
shopt -s globstar
patchShebangs **/*.py **/*.sh ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
./distro/systemd/openvpn3-systemd ./src/tests/dbus/netcfg-subscription-test
echo "3.git:v${version}:unknown" > openvpn3-core-version
'';
preAutoreconf = ''
substituteInPlace ./update-version-m4.sh --replace 'VERSION="$(git describe --always --tags)"' "VERSION=v${version}"
./update-version-m4.sh
'';
nativeBuildInputs = [
autoconf-archive
autoreconfHook
python3.pkgs.docutils
python3.pkgs.jinja2
pkg-config
wrapGAppsHook3
python3.pkgs.wrapPython
] ++ pythonPath;
buildInputs = [
asio
glib
jsoncpp
libcap_ng
libnl
libuuid
lz4
openssl
protobuf
tinyxml-2
] ++ lib.optionals enableSystemdResolved [
systemd
];
# runtime deps
pythonPath = with python3.pkgs; [
dbus-python
pygobject3
];
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
postFixup = ''
wrapPythonPrograms
'';
configureFlags = [
"--enable-bash-completion"
"--enable-addons-aws"
"--disable-selinux-build"
"--disable-build-test-progs"
] ++ lib.optionals enableSystemdResolved [
# This defaults to --resolv-conf /etc/resolv.conf. See
# https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434
"DEFAULT_DNS_RESOLVER=--systemd-resolved"
];
NIX_LDFLAGS = "-lpthread";
meta = with lib; {
description = "OpenVPN 3 Linux client";
license = licenses.agpl3Plus;
homepage = "https://github.com/OpenVPN/openvpn3-linux/";
maintainers = with maintainers; [ shamilton ];
platforms = platforms.linux;
};
}

View File

@ -10747,8 +10747,6 @@ with pkgs;
openvpn = callPackage ../tools/networking/openvpn {};
openvpn3 = callPackage ../tools/networking/openvpn3 { };
openvpn_learnaddress = callPackage ../tools/networking/openvpn/openvpn_learnaddress.nix { };
openvpn-auth-ldap = callPackage ../tools/networking/openvpn/openvpn-auth-ldap.nix {