| Message ID | 20200417163459.10032-1-ummeegge@ipfire.org |
|---|---|
| State | Superseded |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 493hXH01dpz3xQt for <patchwork@web04.haj.ipfire.org>; Fri, 17 Apr 2020 16:35:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 493hXF4K5hzgv; Fri, 17 Apr 2020 16:35:09 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 493hXD6sZRz2yjL; Fri, 17 Apr 2020 16:35:08 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 493hXC0mdgz2y3R for <development@lists.ipfire.org>; Fri, 17 Apr 2020 16:35:07 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 493hXB4XqQzgv; Fri, 17 Apr 2020 16:35:06 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1587141306; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=SHfToAi0Y5bCvGNmleRj29Aet3oMoDc6YX52JqnviiM=; b=jM4SsvZNLIo/vh7U/lowYNvc6eveePiFYkygtRjj+e2FogqylWt2nM5Jyhp/JYpcQiubWk Z3lBkEpFMBC5ppCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1587141306; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=SHfToAi0Y5bCvGNmleRj29Aet3oMoDc6YX52JqnviiM=; b=eDWU3CJNzkqcydU9wI1Gffw68K8FEXCHv3OqF9LtyYskmEPpqISXVpR9S1TdEL1/sWdXlK xMJx087TeCh/zbwomjvYxtn+ghcRnOMT9UEj/xm9azIXmNavRL9DAWP0dOwnr2mfFVY2wf wUn9SxXcqrBNE5FCC3ypRCDJhbhUnLeNjyRpxj4Pu5BNqQ0W5K6b+ipwOCO2FFyWO4cSlX 0rmtXXy491IsyNgcwPMBrCpQfvO/rkgQ0Jg8o3hG1j0M1X+39wdTJqKmjy+rftMGBoJOvg cUMfIL7RsBJyLLtCvhrENX3B0THYl2RSuqASl6OF0yicAgaJgEavdbx/qd4rEg== From: Erik Kapfer <ummeegge@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] OpenVPN: Add to update and exclude Date: Fri, 17 Apr 2020 16:34:59 +0000 Message-Id: <20200417163459.10032-1-ummeegge@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
OpenVPN: Add to update and exclude
|
|
Commit Message
ummeegge
April 17, 2020, 4:34 p.m. UTC
Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
---
config/rootfiles/core/144/exclude | 1 +
config/rootfiles/core/144/update.sh | 12 ++++++++++++
2 files changed, 13 insertions(+)
Comments
Hi, This patch is for Core Update 144, but I am not sure if we can ship it with this. The update will contain the OpenSSL update that is announced for Tuesday and I would like to be able to release it as soon as possible. I am not sure what the risk is with this patch delaying that release, so I will let Arne decide. See below for more... > On 17 Apr 2020, at 17:34, Erik Kapfer <ummeegge@ipfire.org> wrote: > > Since some OpenVPN updates did not apply, the service will be stopped before the update to prevent 'Text file busy' and start up again. Normally this should to be a problem. Tar is normally able to replace any binary, even if it is just running. We definitely need to restart OpenVPN to take advantage of the new version. > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > --- > config/rootfiles/core/144/exclude | 1 + > config/rootfiles/core/144/update.sh | 12 ++++++++++++ > 2 files changed, 13 insertions(+) > > diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude > index b22159878..ba1b646e6 100644 > --- a/config/rootfiles/core/144/exclude > +++ b/config/rootfiles/core/144/exclude > @@ -24,5 +24,6 @@ var/lib/alternatives > var/log/cache > var/log/dhcpcd.log > var/log/messages > +var/ipfire/ovpn > var/state/dhcp/dhcpd.leases > var/updatecache > diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh > index 6a9c51931..81a6c626e 100644 > --- a/config/rootfiles/core/144/update.sh > +++ b/config/rootfiles/core/144/update.sh > @@ -47,6 +47,15 @@ done > # Remove files > > # Stop services > +# Stop OpenVPN server if it runs > +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then > + /usr/local/bin/openvpnctrl -k > +fi > + > +# Stop OpenVPN N2N if it runs > +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then > + /usr/local/bin/openvpnctrl -kn2n > +fi Interesting way to stop it. Can we not call openvpnctrl regardless, because it won’t matter if the daemon wasn’t running at all. > # Extract files > extract_files > @@ -55,6 +64,9 @@ extract_files > ldconfig > > # Start services > +# Start OpenVPN again > +/usr/local/bin/openvpnctrl -s > +/usr/local/bin/openvpnctrl -sn2n > > # Update Language cache > /usr/local/bin/update-lang-cache > — > 2.20.1 > Best, -Michael
Hi Michael, Am Freitag, den 17.04.2020, 18:41 +0100 schrieb Michael Tremer: > Hi, > > This patch is for Core Update 144, but I am not sure if we can ship > it with this. > > The update will contain the OpenSSL update that is announced for > Tuesday and I would like to be able to release it as soon as > possible. OK, may also a good date for this ? > > I am not sure what the risk is with this patch delaying that release, > so I will let Arne decide. Alright. > > See below for more... > > > On 17 Apr 2020, at 17:34, Erik Kapfer <ummeegge@ipfire.org> wrote: > > > > Since some OpenVPN updates did not apply, the service will be > > stopped before the update to prevent 'Text file busy' and start up > > again. > > Normally this should to be a problem. Tar is normally able to replace > any binary, even if it is just running. > > We definitely need to restart OpenVPN to take advantage of the new > version. Thought we should give it a try in that way. > > > > > Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> > > --- > > config/rootfiles/core/144/exclude | 1 + > > config/rootfiles/core/144/update.sh | 12 ++++++++++++ > > 2 files changed, 13 insertions(+) > > > > diff --git a/config/rootfiles/core/144/exclude > > b/config/rootfiles/core/144/exclude > > index b22159878..ba1b646e6 100644 > > --- a/config/rootfiles/core/144/exclude > > +++ b/config/rootfiles/core/144/exclude > > @@ -24,5 +24,6 @@ var/lib/alternatives > > var/log/cache > > var/log/dhcpcd.log > > var/log/messages > > +var/ipfire/ovpn > > var/state/dhcp/dhcpd.leases > > var/updatecache > > diff --git a/config/rootfiles/core/144/update.sh > > b/config/rootfiles/core/144/update.sh > > index 6a9c51931..81a6c626e 100644 > > --- a/config/rootfiles/core/144/update.sh > > +++ b/config/rootfiles/core/144/update.sh > > @@ -47,6 +47,15 @@ done > > # Remove files > > > > # Stop services > > +# Stop OpenVPN server if it runs > > +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then > > + /usr/local/bin/openvpnctrl -k > > +fi > > + > > +# Stop OpenVPN N2N if it runs > > +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then > > + /usr/local/bin/openvpnctrl -kn2n > > +fi > > Interesting way to stop it. Can we not call openvpnctrl regardless, > because it won’t matter if the daemon wasn’t running at all. May you are right haven´t checked it deeper. Should we do it now or in the next update ? It should nothing break in my opinion. > > > # Extract files > > extract_files > > @@ -55,6 +64,9 @@ extract_files > > ldconfig > > > > # Start services > > +# Start OpenVPN again > > +/usr/local/bin/openvpnctrl -s > > +/usr/local/bin/openvpnctrl -sn2n > > > > # Update Language cache > > /usr/local/bin/update-lang-cache > > — > > 2.20.1 > > > > Best, > -Michael > >
diff --git a/config/rootfiles/core/144/exclude b/config/rootfiles/core/144/exclude index b22159878..ba1b646e6 100644 --- a/config/rootfiles/core/144/exclude +++ b/config/rootfiles/core/144/exclude @@ -24,5 +24,6 @@ var/lib/alternatives var/log/cache var/log/dhcpcd.log var/log/messages +var/ipfire/ovpn var/state/dhcp/dhcpd.leases var/updatecache diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh index 6a9c51931..81a6c626e 100644 --- a/config/rootfiles/core/144/update.sh +++ b/config/rootfiles/core/144/update.sh @@ -47,6 +47,15 @@ done # Remove files # Stop services +# Stop OpenVPN server if it runs +if pgrep openvpn -fl | grep 'server.conf' >/dev/null 2>&1; then + /usr/local/bin/openvpnctrl -k +fi + +# Stop OpenVPN N2N if it runs +if pgrep openvpn -fl | grep 'n2nconf' >/dev/null 2>&1; then + /usr/local/bin/openvpnctrl -kn2n +fi # Extract files extract_files @@ -55,6 +64,9 @@ extract_files ldconfig # Start services +# Start OpenVPN again +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n # Update Language cache /usr/local/bin/update-lang-cache