From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 29 Dec 2013 20:13:55 +0000 (+0100)
Subject: openvpn: Move verify script out of configuration directory.
X-Git-Tag: v2.13-core75~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1d0a260a8b804e43037a2c0aa3ef9bae1ddca656;p=ipfire-2.x.git

openvpn: Move verify script out of configuration directory.
---

diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index ae6d6eee6f..d1b836a1b4 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -5,6 +5,7 @@
 usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
 #usr/lib/openvpn/plugins/openvpn-plugin-down-root.la
 usr/lib/openvpn/plugins/openvpn-plugin-down-root.so
+usr/lib/openvpn/verify
 usr/sbin/openvpn
 #usr/share/doc/openvpn
 #usr/share/doc/openvpn/COPYING
@@ -31,4 +32,3 @@ var/ipfire/ovpn/ovpn-leases.db
 var/ipfire/ovpn/ovpnconfig
 var/ipfire/ovpn/scripts
 var/ipfire/ovpn/settings
-var/ipfire/ovpn/verify
diff --git a/config/rootfiles/core/75/filelists/files b/config/rootfiles/core/75/filelists/files
index 46af05486a..647eb2660a 100644
--- a/config/rootfiles/core/75/filelists/files
+++ b/config/rootfiles/core/75/filelists/files
@@ -1,6 +1,6 @@
 etc/system-release
 etc/issue
 opt/pakfire/lib/functions.pl
+usr/lib/openvpn/verify
 var/ipfire/header.pl
 var/ipfire/langs
-var/ipfire/ovpn/verify
diff --git a/config/rootfiles/core/75/update.sh b/config/rootfiles/core/75/update.sh
index 05e2de3e6a..3fd00fe3bc 100644
--- a/config/rootfiles/core/75/update.sh
+++ b/config/rootfiles/core/75/update.sh
@@ -38,6 +38,12 @@ extract_files
 
 # Start services
 
+# Replace path to verify script.
+if [ -r "/var/ipfire/ovpn/server.conf" ]; then
+	sed -e "s@^tls-verify.*@tls-verify /usr/lib/openvpn/verify@g" \
+		-i /var/ipfire/ovpn/server.conf
+fi
+
 # Update Language cache
 perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
 
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 73e610bfdf..2f3ac4d553 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -425,7 +425,7 @@ sub writeserverconf {
     if ($sovpnsettings{DHCP_WINS} ne '') {
 	print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
     }	
-    print CONF "tls-verify /var/ipfire/ovpn/verify\n";
+    print CONF "tls-verify /usr/lib/openvpn/verify\n";
     print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
     print CONF "user nobody\n";
     print CONF "group nobody\n";
diff --git a/lfs/openvpn b/lfs/openvpn
index 87daf07ebf..727d3741f8 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -93,8 +93,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	chown -R root:root /var/ipfire/ovpn/scripts
 	chown -R nobody:nobody /var/ipfire/ovpn
 	chown root.nobody /var/log/ovpnserver.log
-	chmod 755 /var/ipfire/ovpn/verify
 	chmod 660 /var/log/ovpnserver.log
 	chmod 700 /var/ipfire/ovpn/certs
+	mv -v /var/ipfire/ovpn/verify /usr/lib/openvpn/verify
+	chmod 755 /usr/lib/openvpn/verify
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)