From: Jo-Philipp Wich Date: Sat, 4 Feb 2012 20:30:22 +0000 (+0000) Subject: [packages_10.03.2] tinc: merge r27633, r27795, r29137, r29166, r29185, r29199 X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;hb=6871617f23cd7486486265ee909281b9d643a168 [packages_10.03.2] tinc: merge r27633, r27795, r29137, r29166, r29185, r29199 SVN-Revision: 30121 --- diff --git a/net/tinc/Makefile b/net/tinc/Makefile index 9f9a2e4128..b2b6c47a16 100644 --- a/net/tinc/Makefile +++ b/net/tinc/Makefile @@ -8,14 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tinc -PKG_VERSION:=1.0.14 -PKG_RELEASE:=1 +PKG_VERSION:=1.0.16 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://www.tinc-vpn.org/packages \ - http://ftp.yi.se/pub/tinc \ - http://www.mirrors.wiretapped.net/security/network-security/tinc -PKG_MD5SUM:=967dfafc4aa41a614c1d2739df8a8372 +PKG_SOURCE_URL:=http://www.tinc-vpn.org/packages +PKG_MD5SUM:=f1c7ed94878725fb2cf4efb02bf160da PKG_INSTALL:=1 @@ -45,6 +43,17 @@ CONFIGURE_ARGS += \ define Package/tinc/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/tincd $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/init.d/ + $(INSTALL_BIN) files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME) + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) files/$(PKG_NAME).config $(1)/etc/config/$(PKG_NAME) + $(INSTALL_DIR) $(1)/etc/openvpn + $(INSTALL_DIR) $(1)/lib/upgrade/keep.d + $(INSTALL_DATA) files/tinc.upgrade $(1)/lib/upgrade/keep.d/tinc +endef + +define Package/tinc/conffiles +/etc/config/tinc endef $(eval $(call BuildPackage,tinc)) diff --git a/net/tinc/files/tinc.config b/net/tinc/files/tinc.config new file mode 100644 index 0000000000..f9f2b53f83 --- /dev/null +++ b/net/tinc/files/tinc.config @@ -0,0 +1,56 @@ +config tinc-net NETNAME + option enabled 0 + + ## Daemon Configuration (cmd arguments) + #option generate_keys 0 + #option key_size 2048 + #option log /tmp/log/tinc.NETNAME.log + #option debug 3 + + ## Server Configuration (tinc.conf) + #option AddressFamily any + #option BindToAddress 127.0.0.1 + #option BindToInterface lo + + #list ConnectTo peer1 + + #option DirectOnly 0 + #option Forwarding internal + #option GraphDumpFile /tmp/log/tinc.NETNAME.dot + #option Hostnames 0 + #option IffOneQueue 0 + #option Interface NETNAME + #option KeyExpire 3600 + #option MACExpire 600 + #option MaxTimeout 900 + #option Mode router + + option Name NODENAME + + #option PingInterval 60 + #option PingTimeout 5 + #option PriorityInheritance 0 + #option PrivateKeyFile /etc/tinc/NETNAME/rsa_key.priv + #option ProcessPriority normal + #option ReplayWindow 16 + #option StrictSubnets 0 + #option TunnelServer 0 + #option UDPRcvBuf x + #option UDPSndBuf x + +config tinc-host NODENAME + option enabled 0 + + option net NETNAME + + #list Address example.com + #option Cipher blowfish + #option ClampMSS yes + #option Compression 0 + #option Digest sha1 + #option IndirectData 0 + #option MACLength 4 + #option PMTU 1514 + #option PMTUDiscovery yes + #option Port 655 + #option Subnet 192.168.1.0/24 diff --git a/net/tinc/files/tinc.init b/net/tinc/files/tinc.init new file mode 100644 index 0000000000..e93f0d97a3 --- /dev/null +++ b/net/tinc/files/tinc.init @@ -0,0 +1,232 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2011 OpenWrt.org +# Copyright (C) 2011 Linus Lüssing +# Based on Jo-Philipp Wich's OpenVPN init script +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. + +START=42 + +SERVICE_USE_PID=1 + +BIN=/usr/sbin/tincd +EXTRA_COMMANDS="up down" + +LIST_SEP=" +" +TMP_TINC="/tmp/tinc" + +append_param() { + local v="$1" + case "$v" in + *_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; + *_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; + *_*) v=${v%%_*}-${v#*_} ;; + esac + ARGS="$ARGS --$v" + return 0 +} + +append_conf_bools() { + local p; local v; local s="$1"; local f="$2"; shift; shift + for p in $*; do + config_get_bool v "$s" "$p" + [ "$v" == 1 ] && echo "$p = yes" >> "$f" + [ "$v" == 0 ] && echo "$p = no" >> "$f" + done +} + +append_params() { + local p; local v; local s="$1"; shift + for p in $*; do + config_get v "$s" "$p" + IFS="$LIST_SEP" + for v in $v; do + [ -n "$v" ] && append_param "$p" && ARGS="$ARGS $v" + done + unset IFS + done +} + +append_conf_params() { + local p; local v; local s="$1"; local f="$2"; shift; shift + for p in $*; do + config_get v "$s" "$p" + IFS="$LIST_SEP" + for v in $v; do + # Look up OpenWRT interface names + [ "$p" = "BindToInterface" ] && { + local ifname=$(uci -P /var/state get network.$v.ifname 2>&-) + [ -n "$ifname" ] && v="$ifname" + } + + [ -n "$v" ] && echo "$p = $v" >> "$f" + done + unset IFS + done +} + +section_enabled() { + config_get_bool enabled "$1" 'enabled' 0 + [ $enabled -gt 0 ] +} + +prepare_host() { + local s="$1" + local n + + # net disabled? + config_get n "$s" net + section_enabled "$n" || return 1 + + if [ "$#" = "2" ]; then + [ "$2" != "$n" ] && return 1 + fi + + # host disabled? + section_enabled "$s" || { + [ -f "$TMP_TINC/$n/hosts/$s" ] && rm "$TMP_TINC/$n/hosts/$s" + return 1 + } + + [ ! -f "/etc/tinc/$n/hosts/$s" ] && { + echo -n "tinc: Warning, public key for $s for network $n " + echo -n "missing in /etc/tinc/$n/hosts/$s, " + echo "skipping configuration of $s" + return 1 + } + + # append flags + append_conf_bools "$s" "$TMP_TINC/$n/hosts/$s" \ + ClampMSS IndirectData PMTUDiscovery + + # append params + append_conf_params "$s" "$TMP_TINC/$n/hosts/$s" \ + Address Cipher Compression Digest MACLength PMTU Port Subnet +} + +check_gen_own_key() { + local s="$1"; local n; local k + + config_get n "$s" Name + config_get_bool k "$s" generate_keys 0 + [ "$k" == 0 ] && return 0 + + ([ -z "$n" ] || [ -f "$TMP_TINC/$s/hosts/$n" ] || [ -f "$TMP_TINC/$s/rsa_key.priv" ]) && \ + return 0 + [ ! -d "$TMP_TINC/$s/hosts" ] && mkdir -p "$TMP_TINC/$s/hosts" + + config_get k "$s" key_size + if [ -z "$k" ]; then + $BIN -c "$TMP_TINC/$s" --generate-keys