OpenVPN: Add to update and exclude

Message ID 20200417163459.10032-1-ummeegge@ipfire.org
State Superseded
Headers
Series OpenVPN: Add to update and exclude |

Commit Message

ummeegge April 17, 2020, 4:34 p.m. UTC
  Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
---
 config/rootfiles/core/144/exclude   |  1 +
 config/rootfiles/core/144/update.sh | 12 ++++++++++++
 2 files changed, 13 insertions(+)
  

Comments

Michael Tremer April 17, 2020, 5:41 p.m. UTC | #1
Hi,

This patch is for Core Update 144, but I am not sure if we can ship it with this.

The update will contain the OpenSSL update that is announced for Tuesday and I would like to be able to release it as soon as possible.

I am not sure what the risk is with this patch delaying that release, so I will let Arne decide.

See below for more...

> On 17 Apr 2020, at 17:34, Erik Kapfer <ummeegge@ipfire.org> wrote:
> 
> Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again.

Normally this should to be a problem. Tar is normally able to replace any binary, even if it is just running.

We definitely need to restart OpenVPN to take advantage of the new version.

> 
> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
> ---
> config/rootfiles/core/144/exclude   |  1 +
> config/rootfiles/core/144/update.sh | 12 ++++++++++++
> 2 files changed, 13 insertions(+)
> 
> diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude
> index b22159878..ba1b646e6 100644
> --- a/config/rootfiles/core/144/exclude
> +++ b/config/rootfiles/core/144/exclude
> @@ -24,5 +24,6 @@ var/lib/alternatives
> var/log/cache
> var/log/dhcpcd.log
> var/log/messages
> +var/ipfire/ovpn
> var/state/dhcp/dhcpd.leases
> var/updatecache
> diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh
> index 6a9c51931..81a6c626e 100644
> --- a/config/rootfiles/core/144/update.sh
> +++ b/config/rootfiles/core/144/update.sh
> @@ -47,6 +47,15 @@ done
> # Remove files
> 
> # Stop services
> +# Stop OpenVPN server if it runs
> +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then
> +	/usr/local/bin/openvpnctrl -k
> +fi
> +
> +# Stop OpenVPN N2N if it runs
> +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then
> +	/usr/local/bin/openvpnctrl -kn2n
> +fi

Interesting way to stop it. Can we not call openvpnctrl regardless, because it won’t matter if the daemon wasn’t running at all.

> # Extract files
> extract_files
> @@ -55,6 +64,9 @@ extract_files
> ldconfig
> 
> # Start services
> +# Start OpenVPN again
> +/usr/local/bin/openvpnctrl -s
> +/usr/local/bin/openvpnctrl -sn2n
> 
> # Update Language cache
> /usr/local/bin/update-lang-cache
> — 
> 2.20.1
> 

Best,
-Michael
  
ummeegge April 17, 2020, 6:59 p.m. UTC | #2
Hi Michael,

Am Freitag, den 17.04.2020, 18:41 +0100 schrieb Michael Tremer:
> Hi,
> 
> This patch is for Core Update 144, but I am not sure if we can ship
> it with this.
> 
> The update will contain the OpenSSL update that is announced for
> Tuesday and I would like to be able to release it as soon as
> possible.
OK, may also a good date for this ?

> 
> I am not sure what the risk is with this patch delaying that release,
> so I will let Arne decide.
Alright.

> 
> See below for more...
> 
> > On 17 Apr 2020, at 17:34, Erik Kapfer <ummeegge@ipfire.org> wrote:
> > 
> > Since some OpenVPN updates did not apply, the service will be
> > stopped before the update to prevent 'Text file busy' and start up
> > again.
> 
> Normally this should to be a problem. Tar is normally able to replace
> any binary, even if it is just running.
> 
> We definitely need to restart OpenVPN to take advantage of the new
> version.
Thought we should give it a try in that way.

> 
> > 
> > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
> > ---
> > config/rootfiles/core/144/exclude   |  1 +
> > config/rootfiles/core/144/update.sh | 12 ++++++++++++
> > 2 files changed, 13 insertions(+)
> > 
> > diff --git a/config/rootfiles/core/144/exclude
> > b/config/rootfiles/core/144/exclude
> > index b22159878..ba1b646e6 100644
> > --- a/config/rootfiles/core/144/exclude
> > +++ b/config/rootfiles/core/144/exclude
> > @@ -24,5 +24,6 @@ var/lib/alternatives
> > var/log/cache
> > var/log/dhcpcd.log
> > var/log/messages
> > +var/ipfire/ovpn
> > var/state/dhcp/dhcpd.leases
> > var/updatecache
> > diff --git a/config/rootfiles/core/144/update.sh
> > b/config/rootfiles/core/144/update.sh
> > index 6a9c51931..81a6c626e 100644
> > --- a/config/rootfiles/core/144/update.sh
> > +++ b/config/rootfiles/core/144/update.sh
> > @@ -47,6 +47,15 @@ done
> > # Remove files
> > 
> > # Stop services
> > +# Stop OpenVPN server if it runs
> > +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then
> > +	/usr/local/bin/openvpnctrl -k
> > +fi
> > +
> > +# Stop OpenVPN N2N if it runs
> > +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then
> > +	/usr/local/bin/openvpnctrl -kn2n
> > +fi
> 
> Interesting way to stop it. Can we not call openvpnctrl regardless,
> because it won’t matter if the daemon wasn’t running at all.
May you are right haven´t checked it deeper. Should we do it now or in
the next update ? It should nothing break in my opinion.

> 
> > # Extract files
> > extract_files
> > @@ -55,6 +64,9 @@ extract_files
> > ldconfig
> > 
> > # Start services
> > +# Start OpenVPN again
> > +/usr/local/bin/openvpnctrl -s
> > +/usr/local/bin/openvpnctrl -sn2n
> > 
> > # Update Language cache
> > /usr/local/bin/update-lang-cache
> > — 
> > 2.20.1
> > 
> 
> Best,
> -Michael
> 
>
  

Patch

diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude
index b22159878..ba1b646e6 100644
--- a/config/rootfiles/core/144/exclude
+++ b/config/rootfiles/core/144/exclude
@@ -24,5 +24,6 @@  var/lib/alternatives
 var/log/cache
 var/log/dhcpcd.log
 var/log/messages
+var/ipfire/ovpn
 var/state/dhcp/dhcpd.leases
 var/updatecache
diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh
index 6a9c51931..81a6c626e 100644
--- a/config/rootfiles/core/144/update.sh
+++ b/config/rootfiles/core/144/update.sh
@@ -47,6 +47,15 @@  done
 # Remove files
 
 # Stop services
+# Stop OpenVPN server if it runs
+if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then
+	/usr/local/bin/openvpnctrl -k
+fi
+
+# Stop OpenVPN N2N if it runs
+if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then
+	/usr/local/bin/openvpnctrl -kn2n
+fi
 
 # Extract files
 extract_files
@@ -55,6 +64,9 @@  extract_files
 ldconfig
 
 # Start services
+# Start OpenVPN again
+/usr/local/bin/openvpnctrl -s
+/usr/local/bin/openvpnctrl -sn2n
 
 # Update Language cache
 /usr/local/bin/update-lang-cache