[2/3] OpenVPN: Move the OpenSSL configuration file out of /var/ipfire
Commit Message
We should not have any configuration files that we share in this place,
therefore this patch is moving it into /usr/share/openvpn where we
should be able to update it without any issues.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
config/rootfiles/common/openvpn | 2 +-
html/cgi-bin/ovpnmain.cgi | 2 +-
lfs/openvpn | 6 ++++++
3 files changed, 8 insertions(+), 2 deletions(-)
@@ -25,6 +25,7 @@ usr/sbin/openvpn-authenticator
#usr/share/doc/openvpn/openvpn.8.html
#usr/share/man/man5/openvpn-examples.5
#usr/share/man/man8/openvpn.8
+usr/share/openvpn/openssl.cnf
var/ipfire/ovpn/ca
var/ipfire/ovpn/caconfig
var/ipfire/ovpn/ccd
@@ -35,7 +36,6 @@ var/ipfire/ovpn/certs/serial
var/ipfire/ovpn/crls
var/ipfire/ovpn/n2nconf
#var/ipfire/ovpn/openssl
-var/ipfire/ovpn/openssl/ovpn.cnf
var/ipfire/ovpn/openvpn-authenticator
var/ipfire/ovpn/ovpn-leases.db
var/ipfire/ovpn/ovpnconfig
@@ -54,7 +54,7 @@ my %mainsettings = ();
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
# Use a custom OpenSSL configuration file for all operations
-$ENV["OPENSSL_CONF"] = "${General::swroot}/ovpn/ca/cacert.pem";
+$ENV["OPENSSL_CONF"] = "/usr/share/openvpn/openssl.cnf";
###
### Initialize variables
@@ -101,6 +101,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
chown root:root /etc/fcron.daily/openvpn-crl-updater
chmod 750 /etc/fcron.daily/openvpn-crl-updater
+ # Move the OpenSSL configuration file out of /var/ipfire
+ mkdir -pv /usr/share/openvpn
+ mv -v /var/ipfire/ovpn/openssl/ovpn.cnf \
+ /usr/share/openvpn/
+ rmdir -v /usr/share/openvpn
+
# Install authenticator
install -v -m 755 $(DIR_SRC)/config/ovpn/openvpn-authenticator \
/usr/sbin/openvpn-authenticator