You are not logged in.

#1 2023-04-01 08:05:32

moormaster
Member
Registered: 2009-11-09
Posts: 15

[SOLVED] AUR submission guidelines vs. older version of openvpn

The cyberghostvpn binary installed by the aur package cyberghostvpn only works if one downgrades the openvpn package to v2.5.x.
If one manually downgrades the openvpn package from the official repository with "pacman -U" it will conflict on every system upgrade.

So my plan is to to create an aur package based on the official commit for openvpn 2.5.8 https://github.com/archlinux/svntogit-p … tra-x86_64
and name the aur package "openvpn25" (like the python aur packages).

According to the AUR submission guidelines one should not submit packages that are already part of the official repositories. Would this particular case be a valid exception from that rule?

PKGCONFIG for the planned AUR package:

# Maintainer: André Herbst <moormaster@gmx.net>
# Contributor: Christian Hesse <mail@eworm.de>

_pkgname=openvpn
pkgname=openvpn25
_tag='9c08cfacc470152e8ac2a774713c6fc1d8683e27' # git rev-parse v${pkgver}
pkgver=2.5.8
pkgrel=2
pkgdesc='An easy-to-use, robust and highly configurable VPN (Virtual Private Network) - downgraded version compatible to cyberghostvpn'
arch=('x86_64')
url='https://openvpn.net/index.php/open-source.html'
license=('custom')
conflicts=('openvpn')
provides=('openvpn=2.5.8')
depends=('openssl' 'lzo' 'lz4' 'systemd-libs' 'libsystemd.so' 'pkcs11-helper' 'libpkcs11-helper.so')
optdepends=('easy-rsa: easy CA and certificate handling'
            'pam: authenticate via PAM')
makedepends=('git' 'systemd' 'python-docutils')
options=('debug')
install=openvpn.install
validpgpkeys=('F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7'  # OpenVPN - Security Mailing List <security@openvpn.net>
              'B62E6A2B4E56570B7BDC6BE01D829EFECA562812') # Gert Doering <gert@v6.de>
source=("git+https://github.com/OpenVPN/openvpn.git#tag=${_tag}?signed"
        '0001-unprivileged.patch'
        'sysusers.conf'
        'tmpfiles.conf')
sha256sums=('SKIP'
            '8e7d292514f30729bc37d6681789b1bfdf87a992a3aa77e2a28b8da9cd8d4bfe'
            '3646b865ac67783fafc6652589cfe2a3105ecef06f3907f33de5135815f6a621'
            'b1436f953a4f1be7083711d11928a9924993f940ff56ff92d288d6100df673fc')

prepare() {
  cd "${srcdir}"/${_pkgname}

  # https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19302.html
  sed -i '/^CONFIGURE_DEFINES=/s/set/env/g' configure.ac

  # start with unprivileged user and keep granted privileges
  patch -Np1 < ../0001-unprivileged.patch

  autoreconf --force --install
}

build() {
  mkdir "${srcdir}"/build
  cd "${srcdir}"/build

  "${srcdir}"/openvpn/configure \
    --prefix=/usr \
    --sbindir=/usr/bin \
    --enable-pkcs11 \
    --enable-plugins \
    --enable-systemd \
    --enable-x509-alt-username
  make
}

check() {
  cd "${srcdir}"/build

  make check
}

package() {
  cd "${srcdir}"/build

  # Install openvpn
  make DESTDIR="${pkgdir}" install

  # Install sysusers and tmpfiles files
  install -D -m0644 ../sysusers.conf "${pkgdir}"/usr/lib/sysusers.d/openvpn.conf
  install -D -m0644 ../tmpfiles.conf "${pkgdir}"/usr/lib/tmpfiles.d/openvpn.conf

  # Install license
  install -d -m0755 "${pkgdir}"/usr/share/licenses/openvpn/
  ln -sf /usr/share/doc/openvpn/{COPYING,COPYRIGHT.GPL} "${pkgdir}"/usr/share/licenses/openvpn/

  cd "${srcdir}"/${_pkgname}

  # Install examples
  install -d -m0755 "${pkgdir}"/usr/share/openvpn
  cp -r sample/sample-config-files "${pkgdir}"/usr/share/openvpn/examples

  # Install contrib
  for FILE in $(find contrib -type f); do
    case "$(file --brief --mime-type --no-sandbox "${FILE}")" in
      "text/x-shellscript")
        install -D -m0755 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
      *)
        install -D -m0644 "${FILE}" "${pkgdir}/usr/share/openvpn/${FILE}" ;;
    esac
  done
}

Last edited by moormaster (2023-04-04 13:36:26)

Offline

#2 2023-04-01 08:11:31

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: [SOLVED] AUR submission guidelines vs. older version of openvpn

Do you really think that using an outdated software will help you increase privacy and / or security on your system?
Besides, there are descriptions of workarounds mentioned in the respective package's AUR comment section.

Offline

#3 2023-04-01 12:26:09

moormaster
Member
Registered: 2009-11-09
Posts: 15

Re: [SOLVED] AUR submission guidelines vs. older version of openvpn

I know the ongoing discussion im the cyberghost package. There currently is no working workaround to use the cyberghost utility - only for using openvpn completely manually.

The the cyberghost utility runs the openvpn binary with a -ncp-disable parameter which is deprecated in the most current versions of openvpn.

So the only workarounds currently are
- to not use the cyberghostvpn cli at all and use a manually downloaded openvpn profile
- or to downgrade openvpn to a version below <2.6

Offline

#4 2023-04-04 13:35:30

moormaster
Member
Registered: 2009-11-09
Posts: 15

Re: [SOLVED] AUR submission guidelines vs. older version of openvpn

I found a way to make cyberghostvpn call an openvpn wrapper script which removes the deprecated start parameter before calling the real openvpn command. This way one can keep using the most current openvpn package so there is no need to downgrade openvpn anymore in this case.

Offline

Board footer

Powered by FluxBB