forked from mirrors/nixpkgs
openvpn: Add systemd startup notification
This causes OpenVPN services to reach the "active" state when the VPN connection is up (i.e., after OpenVPN prints "Initialization Sequence Completed"). This allows units to be ordered correctly after openvpn-* units, and makes systemctl present a password prompt: $ start openvpn-foo Enter Private Key Password: ************* (I first tried to implement this by calling "systemd-notify --ready" from the "up" script, but systemd-notify is not reliable.)
This commit is contained in:
parent
33b4ab3ac1
commit
27a8cada79
|
@ -56,6 +56,7 @@ let
|
||||||
|
|
||||||
serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --config ${configFile}";
|
serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --config ${configFile}";
|
||||||
serviceConfig.Restart = "always";
|
serviceConfig.Restart = "always";
|
||||||
|
serviceConfig.Type = "notify";
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
{ stdenv, fetchurl, iproute, lzo, openssl, pam }:
|
{ stdenv, fetchurl, iproute, lzo, openssl, pam, systemd }:
|
||||||
|
|
||||||
|
with stdenv.lib;
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "openvpn-2.3.3";
|
name = "openvpn-2.3.3";
|
||||||
|
@ -8,7 +10,9 @@ stdenv.mkDerivation rec {
|
||||||
sha256 = "04xiwim56sb1vis93k9hhm1s29jdrlq7i2fa07jncnhh653d29gh";
|
sha256 = "04xiwim56sb1vis93k9hhm1s29jdrlq7i2fa07jncnhh653d29gh";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = [ iproute lzo openssl pam ];
|
patches = optional stdenv.isLinux ./systemd-notify.patch;
|
||||||
|
|
||||||
|
buildInputs = [ iproute lzo openssl pam ] ++ optional stdenv.isLinux systemd;
|
||||||
|
|
||||||
configureFlags = ''
|
configureFlags = ''
|
||||||
--enable-password-save
|
--enable-password-save
|
||||||
|
@ -31,6 +35,8 @@ stdenv.mkDerivation rec {
|
||||||
|
|
||||||
enableParallelBuilding = true;
|
enableParallelBuilding = true;
|
||||||
|
|
||||||
|
NIX_LDFLAGS = optionalString stdenv.isLinux "-lsystemd-daemon"; # hacky
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
description = "A robust and highly flexible tunneling application";
|
description = "A robust and highly flexible tunneling application";
|
||||||
homepage = http://openvpn.net/;
|
homepage = http://openvpn.net/;
|
||||||
|
|
22
pkgs/tools/networking/openvpn/systemd-notify.patch
Normal file
22
pkgs/tools/networking/openvpn/systemd-notify.patch
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
diff -ru -x '*~' openvpn-2.3.1-orig/src/openvpn/init.c openvpn-2.3.1/src/openvpn/init.c
|
||||||
|
--- openvpn-2.3.1-orig/src/openvpn/init.c 2013-03-20 09:28:14.000000000 +0100
|
||||||
|
+++ openvpn-2.3.1/src/openvpn/init.c 2014-04-22 13:02:21.351026640 +0200
|
||||||
|
@@ -48,6 +48,8 @@
|
||||||
|
|
||||||
|
#include "occ-inline.h"
|
||||||
|
|
||||||
|
+#include <systemd/sd-daemon.h>
|
||||||
|
+
|
||||||
|
static struct context *static_context; /* GLOBAL */
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -1241,6 +1243,9 @@
|
||||||
|
{
|
||||||
|
static const char message[] = "Initialization Sequence Completed";
|
||||||
|
|
||||||
|
+ /* Tell systemd we're ready. */
|
||||||
|
+ sd_notify(0, "READY=1");
|
||||||
|
+
|
||||||
|
/* If we delayed UID/GID downgrade or chroot, do it now */
|
||||||
|
do_uid_gid_chroot (c, true);
|
||||||
|
|
Loading…
Reference in a new issue