summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Gerus <arachnist@i.am-a.cat>2015-05-08 00:54:31 +0200
committerRobert Gerus <arachnist@i.am-a.cat>2015-05-08 00:54:31 +0200
commitd9d825128427ea99f32c87ac74a643fb22849107 (patch)
tree3e7b3cb2a1d19f857efaf1dec3613d89297602a7
parent39cc7ed0efb98cf6feafaf01f6b680f1df8f0496 (diff)
downloadgentoo-overlay-d9d825128427ea99f32c87ac74a643fb22849107.tar.gz
gentoo-overlay-d9d825128427ea99f32c87ac74a643fb22849107.tar.bz2
gentoo-overlay-d9d825128427ea99f32c87ac74a643fb22849107.tar.xz
gentoo-overlay-d9d825128427ea99f32c87ac74a643fb22849107.zip
Import net-misc/openvpn and fix it for musl.
-rw-r--r--net-misc/openvpn/Manifest12
-rw-r--r--net-misc/openvpn/files/2.3.6-disable-compression.patch18
-rw-r--r--net-misc/openvpn/files/2.3.6-null-cipher.patch46
-rwxr-xr-xnet-misc/openvpn/files/down.sh33
-rw-r--r--net-misc/openvpn/files/openvpn-2.1.conf18
-rwxr-xr-xnet-misc/openvpn/files/openvpn-2.1.init133
-rw-r--r--net-misc/openvpn/files/openvpn-2.3.6-musl-compat.diff14
-rw-r--r--net-misc/openvpn/files/openvpn.service12
-rw-r--r--net-misc/openvpn/files/openvpn.tmpfile1
-rwxr-xr-xnet-misc/openvpn/files/up.sh100
-rw-r--r--net-misc/openvpn/openvpn-2.3.6-r2.ebuild137
-rw-r--r--net-misc/openvpn/openvpn-9999.ebuild127
12 files changed, 651 insertions, 0 deletions
diff --git a/net-misc/openvpn/Manifest b/net-misc/openvpn/Manifest
new file mode 100644
index 0000000..1a7c6f0
--- /dev/null
+++ b/net-misc/openvpn/Manifest
@@ -0,0 +1,12 @@
+AUX 2.3.6-disable-compression.patch 579 SHA256 644068d1925a7b2866a4afaef15ebb27f5bbf1b55eed0894d34f7603c230bd9a SHA512 56acdd4716df4f6a0367fd583296718e30d3fa4b6b129159f61f913eba97769943a2354e9b51572314a206f68a20def091a89aec12bc942d94b05369128d3a97 WHIRLPOOL 1fb293d49f63a75cb772c262d9a55a6cb00be0f154387bf4fb3e9be1602038bd70348fad5f1a2b714fa7b45cbcd36a4db2c6f1441f3a00aff7d51732b3629708
+AUX 2.3.6-null-cipher.patch 1531 SHA256 a3f8ac3630c9887d18d21e0ac9781d615cf8dff277c070306b36c5d0faa8a1ac SHA512 0aa288af3c0b43977bf84b099ea28dbf7ab9a1096d76e8f706989570984c70a4c298430eac35b0c80eab8bc05e6072d965c20a9e3689e7448e759abb92c93fb2 WHIRLPOOL cbefb2a1b6d63373890a76d3a6153335f8d05b07e4546893e7a8871c653d39f06941615181308fbf41a07cf702b2a730dfacc6a01840efdbfbeaf301a58362bb
+AUX down.sh 943 SHA256 39debebcd8c899f20e6d355cbc8eaab46e28b83a9f6c33a94c065688a4f3d2c7 SHA512 5defd61edf11cc63f3f8f60bef7fa730c4bcdd2545d664bd94666dd3aea80bd9d190263d8835a555e4287a594f6fce0f52426aed49c60233ff637a2a6164a997 WHIRLPOOL c66fd1e016656fe83d7f55b77bf232058397f9cd3054abe13ec006c227afe6746ee4ada310ff43761ec95510f736b8e542f136711d648642eecafe055975c57e
+AUX openvpn-2.1.conf 892 SHA256 330149a83684ddabe413d134d4c8efad4c88b18c2ab67165014deff5f7fffad2 SHA512 982ade883afbe2e656a9cbbe36c31c0e8b4f7bbbe5b63df9f7b834f02a9153032fb7445c85d3e91f62c68a7ddd13c3afbf420fb71cdd13d9c4b69f867bdd9f37 WHIRLPOOL 6ef644826e1e9e2a100e0fa20b5c9190e92c9e08a366dee28dccf3f70fa0593f3c4d271e42db3920630f03704aa2aef8e84d9efbb2b4b6a0d08e74bb340fb0a5
+AUX openvpn-2.1.init 4186 SHA256 d1b1f8a00935d77521bceb62535350444df3470fa45f4d33c3934051a1bb595b SHA512 7ecd0b4dc7341ea0df598752bec8ae6011bea7973ed9dbf17a12c308aed46362e1507fcb3a3bb26049619747f2f819deec1a42c6dce2c13d2a769f1e37735a2f WHIRLPOOL 9d34c438b7d9e45678e2aa48ab42a68b9e2801423688c6280cbb4934a8ef04cbf8a7953a061659f57fb02adf535596ac9313268c29e2dc18cffbf7315681da82
+AUX openvpn-2.3.6-musl-compat.diff 433 SHA256 5837eef6d66b56ce9c0cb5fe93dac1a27900c085ab8a2e295c5a7b8fcae52e60 SHA512 ef002c1bff131924d8ca1ee41f10c3f274788c85fa122d2b9839bb571579fa836f1bcf865bcb8b825db21681ea7dd9290d796f7005690a2070f32439da105e0f WHIRLPOOL 482e1717c27b89ebd3d2294eea16d588a892ef984e947c0a06eb9c4924247af4a81f4877d6cd89d65840ff28ac8badd4bf5d7ee7b44889b4b8e465d3be1ca8fa
+AUX openvpn.service 335 SHA256 a63a6e1505f2b3e20f2c82588dd0c23da9d8c750e1f36fec2ba20a8b5b0c9de1 SHA512 fbd41b80253aaae6750301ac95d8b3bf09e3a70556cc0513792c8e06faa70a716233d134d4928295f381f0f235fcde0eeac9cfa074924b6666a4b46ff7cf91a9 WHIRLPOOL 16f44d10ab03110a21a69716fbac2e64e5376426edd26783d7946d928dd0cc106810126436488843da8e16277d3aa83d208fe50c4aebd9cff86526ce1762b215
+AUX openvpn.tmpfile 39 SHA256 ef3453056a26487d27908d5ced124285403d8e88deb843fccdba9f6724966826 SHA512 659713b35eee340f2b6578796f4335dda391aa635892e802e3f2531f31c9470460b4e4b3be45457f81f3b08b7d60ce15d16f8d70b968fbf24f846ef5f8611a58 WHIRLPOOL 19e4611ffda68a99851921ccaf3a99d04350cd3e0d8833136da151119c267edc383ff96162aa47a2f77171ae908ad011e4119a7a18961ed0bddcbf38d997b976
+AUX up.sh 2865 SHA256 d887ee065261affd849227fa27e092cf66549d824a698f302312d15f787dd840 SHA512 35201b0e60ad20358080007e595eb4f96d186ba8e88f0485c55d164c28e3d78a12f3e09347ba3d76abb9b8b03fb4a53664bd74ab484be1548090022b956925fd WHIRLPOOL 8d25a66d192a6710466d149aec7a1719dfe91558205e8ba7e25b93e58869c8fedc96ba4ce2aedb0595b7e0b63299e6e41be1ba82c6b93ae6bbbb26d409c9bf51
+DIST openvpn-2.3.6.tar.gz 1213272 SHA256 7baed2ff39c12e1a1a289ec0b46fcc49ff094ca58b8d8d5f29b36ac649ee5b26 SHA512 70e0045ea41f6588769ab8b98d8f550b69148adbf7fedcdc36900e25950df43379950492652e243ec6e7965bf9c7dcc86a56ba5dfdc44523aaa81cfc508b1c6e WHIRLPOOL 737f2d1d69ee1c7700d5cd5a4e7d5d1b2f55d8b2229f7c2565fcb8c731ebb719ec8d6bad3b76f763f36e5c70c6e40a666db3508f3024f8e4637c0659061dba48
+EBUILD openvpn-2.3.6-r2.ebuild 4534 SHA256 0d683a89b74dbd5c416066aadd5ee04a1dbe1814f0ac3d10bf687cfd87f23633 SHA512 e2dfdf4cacf626f13aca1fd92e360d460ac5fd601579e0177a2970289055419ff9732a91c3b06e758a76c1f01f4d6bf414d8668b40a34f83b118483fde7954a0 WHIRLPOOL 97d7eb2e7863ba8c28df1922a7b71a39a3f2e18b8cfaeede67b2584f300c53b0d75455df5638b792f41726a9c38cb8a1ffe484d9047816b9cc82e19b920d8a0c
+EBUILD openvpn-9999.ebuild 3992 SHA256 415d1d9807851cdbb0af597b28ca3dfffcb270b7d97ce710e3808c89d02f29bb SHA512 52442555ff2a1cdb4c5842c17f5f1a7f21ca3d1a7785817ebee0e3cab1d38fce2992c1550a7ca6b85d0c75dcdb1859b47611c6da8bf537f27f0f5adda8ce9113 WHIRLPOOL 973c40edde037069d492a96dbc5a88bc6e87ceafd1947e16d825b593c2c57e419b7f2667d6be737bef1beb7621724dcdd6a6cef33094117a32a8883c18300682
diff --git a/net-misc/openvpn/files/2.3.6-disable-compression.patch b/net-misc/openvpn/files/2.3.6-disable-compression.patch
new file mode 100644
index 0000000..d9d1c76
--- /dev/null
+++ b/net-misc/openvpn/files/2.3.6-disable-compression.patch
@@ -0,0 +1,18 @@
+https://community.openvpn.net/openvpn/changeset/5d5233778868ddd568140c394adfcfc8e3453245/
+
+--- openvpn-2.3.6/src/openvpn/ssl_openssl.c.orig 2014-11-29 23:00:35.000000000 +0800
++++ openvpn-2.3.6/src/openvpn/ssl_openssl.c 2015-01-12 21:14:30.186993686 +0800
+@@ -238,6 +238,13 @@
+ if (tls_ver_min > TLS_VER_1_2 || tls_ver_max < TLS_VER_1_2)
+ sslopt |= SSL_OP_NO_TLSv1_2;
+ #endif
++
++#ifdef SSL_OP_NO_COMPRESSION
++ msg (M_WARN, "[Workaround] disable SSL compression");
++ sslopt |= SSL_OP_NO_COMPRESSION;
++#endif
++
++
+ SSL_CTX_set_options (ctx->ctx, sslopt);
+ }
+
diff --git a/net-misc/openvpn/files/2.3.6-null-cipher.patch b/net-misc/openvpn/files/2.3.6-null-cipher.patch
new file mode 100644
index 0000000..1e831cf
--- /dev/null
+++ b/net-misc/openvpn/files/2.3.6-null-cipher.patch
@@ -0,0 +1,46 @@
+The "really fix cipher none" patch has been merged to release/2.3 and master:
+
+commit 785838614afc20d362b64907b0212e9a779e2287 (release/2.3)
+commit 98156e90e1e83133a6a6a020db8e7333ada6156b (master)
+
+diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
+index 8749878..4e45df0 100644
+--- a/src/openvpn/crypto_backend.h
++++ b/src/openvpn/crypto_backend.h
+@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt);
+ *
+ * @return true iff the cipher is a CBC mode cipher.
+ */
+-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
+- __attribute__((nonnull));
++bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
+
+ /**
+ * Check if the supplied cipher is a supported OFB or CFB mode cipher.
+@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
+ *
+ * @return true iff the cipher is a OFB or CFB mode cipher.
+ */
+-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
+- __attribute__((nonnull));
++bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
+
+
+ /**
+diff --git a/tests/t_lpback.sh b/tests/t_lpback.sh
+index 8f88ad9..d7792cd 100755
+--- a/tests/t_lpback.sh
++++ b/tests/t_lpback.sh
+@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \
+ # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
+ CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
+
++# Also test cipher 'none'
++CIPHERS=${CIPHERS}$(printf "\nnone")
++
+ "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
+ set +e
+
+--
+1.9.1
+
diff --git a/net-misc/openvpn/files/down.sh b/net-misc/openvpn/files/down.sh
new file mode 100755
index 0000000..1c70db0
--- /dev/null
+++ b/net-misc/openvpn/files/down.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Copyright (c) 2006-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# Contributed by Roy Marples (uberlord@gentoo.org)
+
+# If we have a service specific script, run this now
+if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
+ /etc/openvpn/"${SVCNAME}"-down.sh "$@"
+fi
+
+# Restore resolv.conf to how it was
+if [ "${PEER_DNS}" != "no" ]; then
+ if [ -x /sbin/resolvconf ] ; then
+ /sbin/resolvconf -d "${dev}"
+ elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then
+ # Important that we copy instead of move incase resolv.conf is
+ # a symlink and not an actual file
+ cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf
+ rm -f /etc/resolv.conf-"${dev}".sv
+ fi
+fi
+
+if [ -n "${SVCNAME}" ]; then
+ # Re-enter the init script to start any dependant services
+ if /etc/init.d/"${SVCNAME}" --quiet status ; then
+ export IN_BACKGROUND=true
+ /etc/init.d/"${SVCNAME}" --quiet stop
+ fi
+fi
+
+exit 0
+
+# vim: ts=4 :
diff --git a/net-misc/openvpn/files/openvpn-2.1.conf b/net-misc/openvpn/files/openvpn-2.1.conf
new file mode 100644
index 0000000..72510c3
--- /dev/null
+++ b/net-misc/openvpn/files/openvpn-2.1.conf
@@ -0,0 +1,18 @@
+# OpenVPN automatically creates an /etc/resolv.conf (or sends it to
+# resolvconf) if given DNS information by the OpenVPN server.
+# Set PEER_DNS="no" to stop this.
+PEER_DNS="yes"
+
+# OpenVPN can run in many modes. Most people will want the init script
+# to automatically detect the mode and try and apply a good default
+# configuration and setup scripts. However, there are cases where the
+# OpenVPN configuration looks like a client, but it's really a peer or
+# something else. DETECT_CLIENT controls this behaviour.
+DETECT_CLIENT="yes"
+
+# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn
+# init script (ie, it first becomes "inactive" and the script then starts the
+# script again to make it "started") then you can state this below.
+# In other words, unless you understand service dependencies and are a
+# competent shell scripter, don't set this.
+RE_ENTER="no"
diff --git a/net-misc/openvpn/files/openvpn-2.1.init b/net-misc/openvpn/files/openvpn-2.1.init
new file mode 100755
index 0000000..d65e6f8
--- /dev/null
+++ b/net-misc/openvpn/files/openvpn-2.1.init
@@ -0,0 +1,133 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPNDIR=${VPNDIR:-/etc/openvpn}
+VPN=${SVCNAME#*.}
+if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
+ VPNPID="/var/run/openvpn.${VPN}.pid"
+else
+ VPNPID="/var/run/openvpn.pid"
+fi
+VPNCONF="${VPNDIR}/${VPN}.conf"
+
+depend() {
+ need localmount net
+ use dns
+ after bootmisc
+}
+
+checkconfig() {
+ # Linux has good dynamic tun/tap creation
+ if [ $(uname -s) = "Linux" ] ; then
+ if [ ! -e /dev/net/tun ]; then
+ if ! modprobe tun ; then
+ eerror "TUN/TAP support is not available" \
+ "in this kernel"
+ return 1
+ fi
+ fi
+ if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
+ ebegin "Detected broken /dev/net/tun symlink, fixing..."
+ rm -f /dev/net/tun
+ ln -s /dev/misc/net/tun /dev/net/tun
+ eend $?
+ fi
+ return 0
+ fi
+
+ # Other OS's don't, so we rely on a pre-configured interface
+ # per vpn instance
+ local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}")
+ if [ -z ${ifname} ] ; then
+ eerror "You need to specify the interface that this openvpn" \
+ "instance should use" \
+ "by using the dev option in ${VPNCONF}"
+ return 1
+ fi
+
+ if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
+ # Try and create it
+ echo > /dev/"${ifname}" >/dev/null
+ fi
+ if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
+ eerror "${VPNCONF} requires interface ${ifname}" \
+ "but that does not exist"
+ return 1
+ fi
+}
+
+start() {
+ # If we are re-called by the openvpn gentoo-up.sh script
+ # then we don't actually want to start openvpn
+ [ "${IN_BACKGROUND}" = "true" ] && return 0
+
+ ebegin "Starting ${SVCNAME}"
+
+ checkconfig || return 1
+
+ local args="" reenter=${RE_ENTER:-no}
+ # If the config file does not specify the cd option, we do
+ # But if we specify it, we override the config option which we do not want
+ if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then
+ args="${args} --cd ${VPNDIR}"
+ fi
+
+ # We mark the service as inactive and then start it.
+ # When we get an authenticated packet from the peer then we run our script
+ # which configures our DNS if any and marks us as up.
+ if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
+ grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then
+ reenter="yes"
+ args="${args} --up-delay --up-restart"
+ args="${args} --script-security 2"
+ args="${args} --up /etc/openvpn/up.sh"
+ args="${args} --down-pre --down /etc/openvpn/down.sh"
+
+ # Warn about setting scripts as we override them
+ if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then
+ ewarn "WARNING: You have defined your own up/down scripts"
+ ewarn "As you're running as a client, we now force Gentoo specific"
+ ewarn "scripts to be run for up and down events."
+ ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
+ ewarn "where you can put your own code."
+ fi
+
+ # Warn about the inability to change ip/route/dns information when
+ # dropping privs
+ if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then
+ ewarn "WARNING: You are dropping root privileges!"
+ ewarn "As such openvpn may not be able to change ip, routing"
+ ewarn "or DNS configuration."
+ fi
+ else
+ # So we're a server. Run as openvpn unless otherwise specified
+ grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn"
+ grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn"
+ fi
+
+ # Ensure that our scripts get the PEER_DNS variable
+ [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"
+
+ [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
+ start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
+ -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
+ --setenv SVCNAME "${SVCNAME}" ${args}
+ eend $? "Check your logs to see why startup failed"
+}
+
+stop() {
+ # If we are re-called by the openvpn gentoo-down.sh script
+ # then we don't actually want to stop openvpn
+ if [ "${IN_BACKGROUND}" = "true" ] ; then
+ mark_service_inactive "${SVCNAME}"
+ return 0
+ fi
+
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --quiet \
+ --exec /usr/sbin/openvpn --pidfile "${VPNPID}"
+ eend $?
+}
+
+# vim: set ts=4 :
diff --git a/net-misc/openvpn/files/openvpn-2.3.6-musl-compat.diff b/net-misc/openvpn/files/openvpn-2.3.6-musl-compat.diff
new file mode 100644
index 0000000..9b1289b
--- /dev/null
+++ b/net-misc/openvpn/files/openvpn-2.3.6-musl-compat.diff
@@ -0,0 +1,14 @@
+diff -Naur openvpn-2.3.6.orig/src/openvpn/syshead.h openvpn-2.3.6/src/openvpn/syshead.h
+--- openvpn-2.3.6.orig/src/openvpn/syshead.h 2014-11-29 16:00:35.000000000 +0100
++++ openvpn-2.3.6/src/openvpn/syshead.h 2015-05-08 00:42:34.171634884 +0200
+@@ -214,10 +214,6 @@
+
+ #ifdef TARGET_LINUX
+
+-#if defined(HAVE_NETINET_IF_ETHER_H)
+-#include <netinet/if_ether.h>
+-#endif
+-
+ #ifdef HAVE_LINUX_IF_TUN_H
+ #include <linux/if_tun.h>
+ #endif
diff --git a/net-misc/openvpn/files/openvpn.service b/net-misc/openvpn/files/openvpn.service
new file mode 100644
index 0000000..358dcb7
--- /dev/null
+++ b/net-misc/openvpn/files/openvpn.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
+After=syslog.target network.target
+
+[Service]
+PrivateTmp=true
+Type=forking
+PIDFile=/var/run/openvpn/%i.pid
+ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-misc/openvpn/files/openvpn.tmpfile b/net-misc/openvpn/files/openvpn.tmpfile
new file mode 100644
index 0000000..d5fca71
--- /dev/null
+++ b/net-misc/openvpn/files/openvpn.tmpfile
@@ -0,0 +1 @@
+D /var/run/openvpn 0710 root openvpn -
diff --git a/net-misc/openvpn/files/up.sh b/net-misc/openvpn/files/up.sh
new file mode 100755
index 0000000..6ce82d6
--- /dev/null
+++ b/net-misc/openvpn/files/up.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+# Copyright (c) 2006-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# Contributed by Roy Marples (uberlord@gentoo.org)
+
+# Setup our resolv.conf
+# Vitally important that we use the domain entry in resolv.conf so we
+# can setup the nameservers are for the domain ONLY in resolvconf if
+# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc.
+# nscd/libc users will get the VPN nameservers before their other ones
+# and will use the first one that responds - maybe the LAN ones?
+# non resolvconf users just the the VPN resolv.conf
+
+# FIXME:- if we have >1 domain, then we have to use search :/
+# We need to add a flag to resolvconf to say
+# "these nameservers should only be used for the listed search domains
+# if other global nameservers are present on other interfaces"
+# This however, will break compatibility with Debians resolvconf
+# A possible workaround would be to just list multiple domain lines
+# and try and let resolvconf handle it
+
+min_route() {
+ local n=1
+ local m
+ local r
+
+ eval m="\$route_metric_$n"
+ while [ -n "${m}" ]; do
+ if [ -z "$r" ] || [ "$r" -gt "$m" ]; then
+ r="$m"
+ fi
+ n="$(($n+1))"
+ eval m="\$route_metric_$n"
+ done
+
+ echo "$r"
+}
+
+if [ "${PEER_DNS}" != "no" ]; then
+ NS=
+ DOMAIN=
+ SEARCH=
+ i=1
+ while true ; do
+ eval opt=\$foreign_option_${i}
+ [ -z "${opt}" ] && break
+ if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then
+ if [ -z "${DOMAIN}" ] ; then
+ DOMAIN="${opt#dhcp-option DOMAIN *}"
+ else
+ SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
+ fi
+ elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then
+ NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
+ fi
+ i=$((${i} + 1))
+ done
+
+ if [ -n "${NS}" ] ; then
+ DNS="# Generated by openvpn for interface ${dev}\n"
+ if [ -n "${SEARCH}" ] ; then
+ DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
+ elif [ -n "${DOMAIN}" ]; then
+ DNS="${DNS}domain ${DOMAIN}\n"
+ fi
+ DNS="${DNS}${NS}"
+ if [ -x /sbin/resolvconf ] ; then
+ metric="$(min_route)"
+ printf "${DNS}" | /sbin/resolvconf -a "${dev}" ${metric:+-m ${metric}}
+ else
+ # Preserve the existing resolv.conf
+ if [ -e /etc/resolv.conf ] ; then
+ cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
+ fi
+ printf "${DNS}" > /etc/resolv.conf
+ chmod 644 /etc/resolv.conf
+ fi
+ fi
+fi
+
+# Below section is Gentoo specific
+# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
+# as we could have >1 openvpn service
+
+if [ -n "${SVCNAME}" ]; then
+ # If we have a service specific script, run this now
+ if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then
+ /etc/openvpn/"${SVCNAME}"-up.sh "$@"
+ fi
+
+ # Re-enter the init script to start any dependant services
+ if ! /etc/init.d/"${SVCNAME}" --quiet status ; then
+ export IN_BACKGROUND=true
+ /etc/init.d/${SVCNAME} --quiet start
+ fi
+fi
+
+exit 0
+
+# vim: ts=4 :
diff --git a/net-misc/openvpn/openvpn-2.3.6-r2.ebuild b/net-misc/openvpn/openvpn-2.3.6-r2.ebuild
new file mode 100644
index 0000000..d76ad0c
--- /dev/null
+++ b/net-misc/openvpn/openvpn-2.3.6-r2.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/openvpn-2.3.6-r2.ebuild,v 1.1 2015/02/17 18:46:07 djc Exp $
+
+EAPI=4
+
+inherit multilib autotools flag-o-matic user systemd
+
+DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
+SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz"
+HOMEPAGE="http://openvpn.net/"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux"
+IUSE="examples down-root iproute2 pam passwordsave pkcs11 +plugins +polarssl selinux +ssl systemd +lzo static userland_BSD"
+
+REQUIRED_USE="static? ( !plugins !pkcs11 )
+ polarssl? ( ssl )
+ pkcs11? ( ssl )
+ !plugins? ( !pam !down-root )"
+
+DEPEND="
+ kernel_linux? (
+ iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools )
+ )
+ pam? ( virtual/pam )
+ ssl? (
+ !polarssl? ( >=dev-libs/openssl-0.9.7 ) polarssl? ( >=net-libs/polarssl-1.2.10 )
+ )
+ lzo? ( >=dev-libs/lzo-1.07 )
+ pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )"
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-openvpn )
+"
+
+src_prepare() {
+ # Set correct pass to systemd-ask-password binary
+ sed -i "s:\(/bin/systemd-ask-password\):/usr\1:" ./src/openvpn/console.c || die
+ epatch "${FILESDIR}/2.3.6-null-cipher.patch" || die
+ epatch "${FILESDIR}/2.3.6-disable-compression.patch" || die
+ epatch "${FILESDIR}"/${P}-musl-compat.diff
+ eautoreconf
+}
+
+src_configure() {
+ use static && LDFLAGS="${LDFLAGS} -Xcompiler -static"
+ local myconf
+ echo "DROPPY"
+ use polarssl && echo "FLOZZY"
+ use polarssl && myconf="--with-crypto-library=polarssl"
+ econf \
+ ${myconf} \
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" \
+ --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \
+ $(use_enable passwordsave password-save) \
+ $(use_enable ssl) \
+ $(use_enable ssl crypto) \
+ $(use_enable lzo) \
+ $(use_enable pkcs11) \
+ $(use_enable plugins) \
+ $(use_enable iproute2) \
+ $(use_enable pam plugin-auth-pam) \
+ $(use_enable down-root plugin-down-root) \
+ $(use_enable systemd)
+}
+
+src_install() {
+ default
+ find "${ED}/usr" -name '*.la' -delete
+ # install documentation
+ dodoc AUTHORS ChangeLog PORTS README README.IPv6
+
+ # Install some helper scripts
+ keepdir /etc/openvpn
+ exeinto /etc/openvpn
+ doexe "${FILESDIR}/up.sh"
+ doexe "${FILESDIR}/down.sh"
+
+ # Install the init script and config file
+ newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
+ newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
+
+ # install examples, controlled by the respective useflag
+ if use examples ; then
+ # dodoc does not supportly support directory traversal, #15193
+ insinto /usr/share/doc/${PF}/examples
+ doins -r sample contrib
+ fi
+
+ systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf
+ systemd_newunit "${FILESDIR}"/${PN}.service 'openvpn@.service'
+}
+
+pkg_postinst() {
+ # Add openvpn user so openvpn servers can drop privs
+ # Clients should run as root so they can change ip addresses,
+ # dns information and other such things.
+ enewgroup openvpn
+ enewuser openvpn "" "" "" openvpn
+
+ if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then
+ ewarn "WARNING: The openvpn init script has changed"
+ ewarn ""
+ fi
+
+ elog "The openvpn init script expects to find the configuration file"
+ elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
+ elog ""
+ elog "To create more VPNs, simply create a new .conf file for it and"
+ elog "then create a symlink to the openvpn init script from a link called"
+ elog "openvpn.newconfname - like so"
+ elog " cd /etc/openvpn"
+ elog " ${EDITOR##*/} foo.conf"
+ elog " cd /etc/init.d"
+ elog " ln -s openvpn openvpn.foo"
+ elog ""
+ elog "You can then treat openvpn.foo as any other service, so you can"
+ elog "stop one vpn and start another if you need to."
+
+ if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
+ ewarn ""
+ ewarn "WARNING: If you use the remote keyword then you are deemed to be"
+ ewarn "a client by our init script and as such we force up,down scripts."
+ ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
+ ewarn "can move your scripts to."
+ fi
+
+ if use plugins ; then
+ einfo ""
+ einfo "plugins have been installed into /usr/$(get_libdir)/${PN}"
+ fi
+
+ einfo ""
+ einfo "OpenVPN 2.3.x no longer includes the easy-rsa suite of utilities."
+ einfo "They can now be emerged via app-crypt/easy-rsa."
+}
diff --git a/net-misc/openvpn/openvpn-9999.ebuild b/net-misc/openvpn/openvpn-9999.ebuild
new file mode 100644
index 0000000..42d4ffb
--- /dev/null
+++ b/net-misc/openvpn/openvpn-9999.ebuild
@@ -0,0 +1,127 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/openvpn-9999.ebuild,v 1.8 2014/11/02 09:13:00 swift Exp $
+
+EAPI=4
+
+inherit multilib autotools flag-o-matic user git-2
+
+DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
+EGIT_REPO_URI="https://github.com/OpenVPN/${PN}.git"
+HOMEPAGE="http://openvpn.net/"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS=""
+IUSE="examples down-root iproute2 pam passwordsave pkcs11 +plugins polarssl selinux +ssl +lzo static userland_BSD"
+
+REQUIRED_USE="static? ( !plugins !pkcs11 )
+ polarssl? ( ssl )
+ !plugins? ( !pam !down-root )"
+
+DEPEND="
+ kernel_linux? (
+ iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools )
+ )
+ pam? ( virtual/pam )
+ ssl? (
+ !polarssl? ( >=dev-libs/openssl-0.9.7 ) polarssl? ( >=net-libs/polarssl-1.1.0 )
+ )
+ lzo? ( >=dev-libs/lzo-1.07 )
+ pkcs11? ( >=dev-libs/pkcs11-helper-1.05 )"
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-openvpn )
+"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-2.3.6-musl-compat.diff
+ eautoreconf
+}
+
+src_configure() {
+ use static && LDFLAGS="${LDFLAGS} -Xcompiler -static"
+ local myconf
+ use polarssl && myconf="--with-crypto-library=polarssl"
+ econf \
+ ${myconf} \
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" \
+ --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \
+ $(use_enable passwordsave password-save) \
+ $(use_enable ssl) \
+ $(use_enable ssl crypto) \
+ $(use_enable lzo) \
+ $(use_enable pkcs11) \
+ $(use_enable plugins) \
+ $(use_enable iproute2) \
+ $(use_enable pam plugin-auth-pam) \
+ $(use_enable down-root plugin-down-root)
+}
+
+src_install() {
+ default
+ find "${ED}/usr" -name '*.la' -delete
+ # install documentation
+ dodoc AUTHORS ChangeLog PORTS README README.IPv6
+
+ # Install some helper scripts
+ keepdir /etc/openvpn
+ exeinto /etc/openvpn
+ doexe "${FILESDIR}/up.sh"
+ doexe "${FILESDIR}/down.sh"
+
+ # Install the init script and config file
+ newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
+ newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
+
+ # install examples, controlled by the respective useflag
+ if use examples ; then
+ # dodoc does not supportly support directory traversal, #15193
+ insinto /usr/share/doc/${PF}/examples
+ doins -r sample contrib
+ fi
+}
+
+pkg_postinst() {
+ # Add openvpn user so openvpn servers can drop privs
+ # Clients should run as root so they can change ip addresses,
+ # dns information and other such things.
+ enewgroup openvpn
+ enewuser openvpn "" "" "" openvpn
+
+ if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then
+ ewarn "WARNING: The openvpn init script has changed"
+ ewarn ""
+ fi
+
+ elog "The openvpn init script expects to find the configuration file"
+ elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
+ elog ""
+ elog "To create more VPNs, simply create a new .conf file for it and"
+ elog "then create a symlink to the openvpn init script from a link called"
+ elog "openvpn.newconfname - like so"
+ elog " cd /etc/openvpn"
+ elog " ${EDITOR##*/} foo.conf"
+ elog " cd /etc/init.d"
+ elog " ln -s openvpn openvpn.foo"
+ elog ""
+ elog "You can then treat openvpn.foo as any other service, so you can"
+ elog "stop one vpn and start another if you need to."
+
+ if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
+ ewarn ""
+ ewarn "WARNING: If you use the remote keyword then you are deemed to be"
+ ewarn "a client by our init script and as such we force up,down scripts."
+ ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
+ ewarn "can move your scripts to."
+ fi
+
+ if use plugins ; then
+ einfo ""
+ einfo "plugins have been installed into /usr/$(get_libdir)/${PN}"
+ fi
+
+ ewarn ""
+ ewarn "You are using a live ebuild building from the sources of openvpn"
+ ewarn "repository from http://openvpn.git.sourceforge.net. For reporting"
+ ewarn "bugs please contact: openvpn-devel@lists.sourceforge.net."
+}