openvpn3: 20 -> 22_dev

NixOS · Jul 12, 2024 · ac170ae · ac170ae
1 parent 5d8362b
commit ac170ae
Show file tree

Hide file tree

Showing 4 changed files with 209 additions and 69 deletions.
diff --git a/nixos/modules/programs/openvpn3.nix b/nixos/modules/programs/openvpn3.nix
@@ -1,43 +1,42 @@
 { config, lib, pkgs, ... }:
 
-let
- cfg = config.programs.openvpn3;
-in
-{
+let cfg = config.programs.openvpn3;
+in {
  options.programs.openvpn3 = {
  enable = lib.mkEnableOption "the openvpn3 client";
  package = lib.mkOption {
  type = lib.types.package;
  default = pkgs.openvpn3.override {
  enableSystemdResolved = config.services.resolved.enable;
  };
- defaultText = lib.literalExpression ''pkgs.openvpn3.override {
- enableSystemdResolved = config.services.resolved.enable;
- }'';
+ defaultText = lib.literalExpression ''
+ pkgs.openvpn3.override {
+ enableSystemdResolved = config.services.resolved.enable;
+ }
+ '';
  description = ''
  Which package to use for `openvpn3`.
  '';
  };
  };
 
  config = lib.mkIf cfg.enable {
- services.dbus.packages = [
- cfg.package
- ];
+ services.dbus.packages = [ cfg.package ];
 
  users.users.openvpn = {
  isSystemUser = true;
  uid = config.ids.uids.openvpn;
  group = "openvpn";
  };
 
- users.groups.openvpn = {
- gid = config.ids.gids.openvpn;
- };
+ users.groups.openvpn = { gid = config.ids.gids.openvpn; };
 
- environment.systemPackages = [
- cfg.package
- ];
- };
+ environment.systemPackages = [ cfg.package ];
+
+ systemd.packages = [ cfg.package ];
 
+ system.activationScripts.openvpn3-admin-init-config = ''
+ ${cfg.package}/bin/openvpn3-admin init-config --write-configs --force > /dev/null
+ '';
+ };
 }
diff --git a/pkgs/tools/networking/openvpn3/default.nix b/pkgs/tools/networking/openvpn3/default.nix
@@ -2,10 +2,7 @@
 , stdenv
 , fetchFromGitHub
 , asio
-, autoconf-archive
-, autoreconfHook
 , glib
-, gtest
 , jsoncpp
 , libcap_ng
 , libnl
@@ -19,57 +16,66 @@
 , enableSystemdResolved ? false
 , tinyxml-2
 , wrapGAppsHook3
+, gobject-introspection
+, meson
+, ninja
+, bash
+, gdbuspp
+, cmake
+, git
 }:
 
-let
- openvpn3-core = fetchFromGitHub {
- owner = "OpenVPN";
- repo = "openvpn3";
- rev = "7590cb109349809b948e8edaeecabdbfe24e4b17";
- hash = "sha256-S9D/FQa7HYj0FJnyb5dCrtgTH9Nf2nvtyp/VHiebq7I=";
- };
-in
 stdenv.mkDerivation rec {
  pname = "openvpn3";
  # also update openvpn3-core
- version = "20";
+ version = "22_dev";
 
  src = fetchFromGitHub {
  owner = "OpenVPN";
  repo = "openvpn3-linux";
  rev = "v${version}";
- hash = "sha256-Weyb+rcx04mpDdcL7Qt4O+PvPf5MLPAP/Uy+8qoNXbQ=";
+ hash = "sha256-jO7hz88JgYq+svIuSe25URLXY/7lp+/nNdffRTiQCvw=";
+ # `openvpn3-core` is a submodule.
+ # TODO: make it into a separate package
+ fetchSubmodules = true;
+ # This is required to generate version information.
+ leaveDotGit = true;
  };
 
- postPatch = ''
- rm -r ./vendor/googletest
- cp -r ${gtest.src} ./vendor/googletest
- rm -r ./openvpn3-core
- ln -s ${openvpn3-core} ./openvpn3-core
-
- chmod -R +w ./vendor/googletest
- shopt -s globstar
-
- patchShebangs **/*.py **/*.sh ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
- ./distro/systemd/openvpn3-systemd ./src/tests/dbus/netcfg-subscription-test
+ patches = [
+ ./patches/0001-customizable-asio-path.patch
+ ./patches/0002-customizable-installation-paths.patch
+ ];
 
- echo "3.git:v${version}:unknown" > openvpn3-core-version
+ postPatch = ''
+ patchShebangs ** /*.py ** /*.sh \
+ ./sctipts \
+ ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
+ ./distro/systemd/openvpn3-systemd \
+ ./src/tests/dbus/netcfg-subscription-test
  '';
 
- preAutoreconf = ''
- substituteInPlace ./update-version-m4.sh --replace 'VERSION="$(git describe --always --tags)"' "VERSION=v${version}"
- ./update-version-m4.sh
- '';
+ pythonPath = python3.withPackages (ps: [
+ ps.dbus-python
+ ps.pygobject3
+ ps.systemd
+ ]);
 
  nativeBuildInputs = [
- autoconf-archive
- autoreconfHook
+ meson
+ ninja
+ bash
+ cmake
+ git
+
+ python3.pkgs.wrapPython
  python3.pkgs.docutils
  python3.pkgs.jinja2
+ python3.pkgs.dbus-python
  pkg-config
  wrapGAppsHook3
- python3.pkgs.wrapPython
- ] ++ pythonPath;
+ gobject-introspection
+ ];
 
  buildInputs = [
  asio
@@ -82,14 +88,22 @@ stdenv.mkDerivation rec {
  openssl
  protobuf
  tinyxml-2
+ gdbuspp
  ] ++ lib.optionals enableSystemdResolved [
  systemd
  ];
 
- # runtime deps
- pythonPath = with python3.pkgs; [
- dbus-python
- pygobject3
+ mesonFlags = [
+ (lib.mesonOption "selinux" "disabled")
+ (lib.mesonOption "selinux_policy" "disabled")
+ (lib.mesonOption "bash-completion" "enabled")
+ (lib.mesonOption "test_programs" "disabled")
+ (lib.mesonOption "unit_tests" "disabled")
+ (lib.mesonOption "asio_path" "${asio}")
+ (lib.mesonOption "dbus_policy_dir" "${placeholder "out"}/share/dbus-1/system.d")
+ (lib.mesonOption "dbus_system_service_dir" "${placeholder "out"}/share/dbus-1/system-services")
+ (lib.mesonOption "systemd_system_unit_dir" "${placeholder "out"}/lib/systemd/system")
+ (lib.mesonOption "sharedstatedir" "/var/lib")
  ];
 
  dontWrapGApps = true;
@@ -98,26 +112,20 @@ stdenv.mkDerivation rec {
  '';
  postFixup = ''
  wrapPythonPrograms
+ wrapPythonProgramsIn "$out/libexec/openvpn3-linux" "$out ${pythonPath}"
  '';
 
- configureFlags = [
- "--enable-bash-completion"
- "--enable-addons-aws"
- "--disable-selinux-build"
- "--disable-build-test-progs"
- ] ++ lib.optionals enableSystemdResolved [
- # This defaults to --resolv-conf /etc/resolv.conf. See
- # https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434
- "DEFAULT_DNS_RESOLVER=--systemd-resolved"
- ];
-
  NIX_LDFLAGS = "-lpthread";
 
- meta = with lib; {
+ meta = {
  description = "OpenVPN 3 Linux client";
- license = licenses.agpl3Plus;
+ license = lib.licenses.agpl3Plus;
  homepage = "https://github.com/OpenVPN/openvpn3-linux/";
- maintainers = with maintainers; [ shamilton kfears ];
- platforms = platforms.linux;
+ maintainers = [
+ lib.maintainers.shamilton
+ lib.maintainers.kfears
+ lib.maintainers.progrm_jarvis
+ ];
+ platforms = lib.platforms.linux;
  };
 }
diff --git a/pkgs/tools/networking/openvpn3/patches/0001-customizable-asio-path.patch b/pkgs/tools/networking/openvpn3/patches/0001-customizable-asio-path.patch
@@ -0,0 +1,13 @@
+diff --git a/meson.build b/meson.build
+index 2bba337..092b4ce 100644
+--- a/meson.build
++++ b/meson.build
+@@ -68,7 +68,7 @@ endif
+ #
+ # Setup additional include header dirs
+ #
+-asio_inc = get_option('asio_path') / 'asio' / 'include'
++asio_inc = get_option('asio_path') / 'include'
+ message ('ASIO library: ' + asio_inc)
+
+ openvpn3_core_inc = get_option('openvpn3_core_path')
diff --git a/pkgs/tools/networking/openvpn3/patches/0002-customizable-installation-paths.patch b/pkgs/tools/networking/openvpn3/patches/0002-customizable-installation-paths.patch
@@ -0,0 +1,120 @@
+diff --git a/distro/systemd/meson.build b/distro/systemd/meson.build
+index 36d556c..9c636b6 100644
+--- a/distro/systemd/meson.build
++++ b/distro/systemd/meson.build
+@@ -15,12 +15,17 @@ systemd_cfg = configuration_data({
+
+ systemd_service_cfg = dependency('systemd')
+
++systemd_system_unit_dir = get_option('systemd_system_unit_dir')
++if systemd_system_unit_dir == ''
++ systemd_system_unit_dir = systemd_service_cfg.get_variable('systemdsystemunitdir')
++endif
++
+ configure_file(
+ input: 'openvpn3-autoload.service.in',
+ output: 'openvpn3-autoload.service',
+ configuration: systemd_cfg,
+ install: true,
+- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
++ install_dir: systemd_system_unit_dir,
+ )
+
+ configure_file(
+@@ -28,7 +33,7 @@ configure_file(
+ output: 'openvpn3-session@.service',
+ configuration: systemd_cfg,
+ install: true,
+- install_dir: systemd_service_cfg.get_variable('systemdsystemunitdir'),
++ install_dir: systemd_system_unit_dir,
+ )
+
+ custom_target('openvpn3-systemd',
+diff --git a/meson.build b/meson.build
+index 092b4ce..e1ec8c1 100644
+--- a/meson.build
++++ b/meson.build
+@@ -180,8 +180,16 @@ message('OpenVPN 3 Linux service binary directory: ' + get_option('prefix') / li
+
+ #
+ # D-Bus configuration
+-dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
+-dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
++dbus_policy_dir = get_option('dbus_policy_dir')
++if dbus_policy_dir == ''
++ dbus_policy_dir = dep_dbus.get_variable('datadir') / 'dbus-1' / 'system.d'
++endif
++
++dbus_service_dir = get_option('dbus_system_service_dir')
++if dbus_service_dir == ''
++ dbus_service_dir = dep_dbus.get_variable('system_bus_services_dir')
++endif
++
+ dbus_config = {
+ 'OPENVPN_USERNAME': get_option('openvpn_username'),
+ 'LIBEXEC_PATH': get_option('prefix') / libexec_dir,
+diff --git a/meson_options.txt b/meson_options.txt
+index e9e759e..68fec37 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -81,6 +81,16 @@ option('use-legacy-polkit-pkla', type: 'feature', value: 'disabled',
+ option('polkit_pkla_rulesdir', type: 'string', value: '',
+ description: 'Override PolicyKit PKLA rules directory')
+
++#
++# Installation paths
++#
++option('dbus_policy_dir', type: 'string',
++ description: 'D-Bus policy directory')
++option('dbus_system_service_dir', type: 'string',
++ description: 'D-Bus system service directory')
++option('systemd_system_unit_dir', type: 'string',
++ description: 'Path to systemd system unit directory')
++
+ #
+ # Testing tools
+ #
+diff --git a/src/configmgr/meson.build b/src/configmgr/meson.build
+index 5d0a649..b534817 100644
+--- a/src/configmgr/meson.build
++++ b/src/configmgr/meson.build
+@@ -55,4 +55,4 @@ configure_file(
+ # Create the configs directory for persistent configuration profiles
+ # NOTE: Can be replaced with install_emptydir() when Meson 0.60 or newer
+ # is available on all supported distros
+-meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
++# meson.add_install_script('sh','-c', 'mkdir -p $DESTDIR@0@'.format(openvpn3_statedir / 'configs'))
+diff --git a/src/netcfg/meson.build b/src/netcfg/meson.build
+index 73f4b44..3c4b318 100644
+--- a/src/netcfg/meson.build
++++ b/src/netcfg/meson.build
+@@ -41,7 +41,7 @@ configure_file(
+
+ # D-Bus service autostart config
+ configure_file(
+- input: '../service-autostart/template.service.in',
++ input: '../service-autostart/template.stateful_service.in',
+ output: 'net.openvpn.v3.netcfg.service',
+ configuration: configuration_data(
+ dbus_config +
+diff --git a/src/service-autostart/template.stateful_service.in b/src/service-autostart/template.stateful_service.in
+new file mode 100644
+index 0000000..256cc43
+--- /dev/null
++++ b/src/service-autostart/template.stateful_service.in
+@@ -0,0 +1,15 @@
++# This file is part of the OpenVPN 3 Linux client
++#
++# SPDX-License-Identifier: AGPL-3.0-only
++#
++# Copyright (C) OpenVPN Inc <sales@openvpn.net>
++# Copyright (C) David Sommerseth <davids@openvpn.net>
++#
++
++[Service]
++StateDirectory=openvpn3
++
++[D-BUS Service]
++Name=@BUSNAME@
++User=@OPENVPN_USERNAME@
++Exec=@LIBEXEC_PATH@/@SERVICE_BIN@ @SERVICE_ARGS@