packages/tinc: use new service functions, change 'disabled' option to 'enabled' like most other services are using
packages/tinc: use new service functions, change 'disabled' option to 'enabled' like most other services are using

git-svn-id: svn://svn.openwrt.org/openwrt/packages@29166 3c298f89-4303-0410-b956-a3cf2f4a3e73

# #
# Copyright (C) 2007-2011 OpenWrt.org # Copyright (C) 2007-2011 OpenWrt.org
# #
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
# #
   
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
   
PKG_NAME:=tinc PKG_NAME:=tinc
PKG_VERSION:=1.0.16 PKG_VERSION:=1.0.16
PKG_RELEASE:=2 PKG_RELEASE:=3
   
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.tinc-vpn.org/packages PKG_SOURCE_URL:=http://www.tinc-vpn.org/packages
PKG_MD5SUM:=f1c7ed94878725fb2cf4efb02bf160da PKG_MD5SUM:=f1c7ed94878725fb2cf4efb02bf160da
   
PKG_INSTALL:=1 PKG_INSTALL:=1
   
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
   
define Package/tinc define Package/tinc
SECTION:=net SECTION:=net
CATEGORY:=Network CATEGORY:=Network
DEPENDS:=+liblzo +libopenssl +kmod-tun DEPENDS:=+liblzo +libopenssl +kmod-tun
TITLE:=VPN tunneling daemon TITLE:=VPN tunneling daemon
URL:=http://www.tinc-vpn.org/ URL:=http://www.tinc-vpn.org/
SUBMENU:=VPN SUBMENU:=VPN
endef endef
   
define Package/tinc/description define Package/tinc/description
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and
encryption to create a secure private network between hosts on the Internet. encryption to create a secure private network between hosts on the Internet.
endef endef
   
TARGET_CFLAGS += -std=gnu99 TARGET_CFLAGS += -std=gnu99
   
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--with-kernel="$(LINUX_DIR)" \ --with-kernel="$(LINUX_DIR)" \
--with-zlib="$(STAGING_DIR)/usr" \ --with-zlib="$(STAGING_DIR)/usr" \
--with-lzo-include="$(STAGING_DIR)/usr/include/lzo" --with-lzo-include="$(STAGING_DIR)/usr/include/lzo"
   
define Package/tinc/install define Package/tinc/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/tincd $(1)/usr/sbin/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/tincd $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/init.d/ $(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_BIN) files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME) $(INSTALL_BIN) files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME)
$(INSTALL_DIR) $(1)/etc/config $(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) files/$(PKG_NAME).config $(1)/etc/config/$(PKG_NAME) $(INSTALL_CONF) files/$(PKG_NAME).config $(1)/etc/config/$(PKG_NAME)
$(INSTALL_DIR) $(1)/etc/openvpn $(INSTALL_DIR) $(1)/etc/openvpn
$(INSTALL_DIR) $(1)/lib/upgrade/keep.d $(INSTALL_DIR) $(1)/lib/upgrade/keep.d
$(INSTALL_DATA) files/tinc.upgrade $(1)/lib/upgrade/keep.d/tinc $(INSTALL_DATA) files/tinc.upgrade $(1)/lib/upgrade/keep.d/tinc
endef endef
   
$(eval $(call BuildPackage,tinc)) $(eval $(call BuildPackage,tinc))
   
config tinc-net NETNAME config tinc-net NETNAME
# Remove to enable option enabled 0
option disabled 1  
   
## Daemon Configuration (cmd arguments) ## Daemon Configuration (cmd arguments)
#option generate_keys 0 #option generate_keys 0
#option key_size 2048 #option key_size 2048
#option log /tmp/log/tinc.NETNAME.log #option log /tmp/log/tinc.NETNAME.log
#option debug 3 #option debug 3
   
## Server Configuration (tinc.conf) ## Server Configuration (tinc.conf)
#option AddressFamily any #option AddressFamily any
#option BindToAddress 127.0.0.1 #option BindToAddress 127.0.0.1
#option BindToInterface lo #option BindToInterface lo
   
#list ConnectTo peer1 #list ConnectTo peer1
   
#option DirectOnly 0 #option DirectOnly 0
#option Forwarding internal #option Forwarding internal
#option GraphDumpFile /tmp/log/tinc.NETNAME.dot #option GraphDumpFile /tmp/log/tinc.NETNAME.dot
#option Hostnames 0 #option Hostnames 0
#option IffOneQueue 0 #option IffOneQueue 0
#option Interface NETNAME #option Interface NETNAME
#option KeyExpire 3600 #option KeyExpire 3600
#option MACExpire 600 #option MACExpire 600
#option MaxTimeout 900 #option MaxTimeout 900
#option Mode router #option Mode router
   
option Name NODENAME option Name NODENAME
   
#option PingInterval 60 #option PingInterval 60
#option PingTimeout 5 #option PingTimeout 5
#option PriorityInheritance 0 #option PriorityInheritance 0
#option PrivateKeyFile /etc/tinc/NETNAME/rsa_key.priv #option PrivateKeyFile /etc/tinc/NETNAME/rsa_key.priv
#option ProcessPriority normal #option ProcessPriority normal
#option ReplayWindow 16 #option ReplayWindow 16
#option StrictSubnets 0 #option StrictSubnets 0
#option TunnelServer 0 #option TunnelServer 0
#option UDPRcvBuf x #option UDPRcvBuf x
#option UDPSndBuf x #option UDPSndBuf x
   
config tinc-host NODENAME config tinc-host NODENAME
# Remove to enable option enabled 0
option disabled 1  
   
option net NETNAME option net NETNAME
   
#list Address example.com #list Address example.com
#option Cipher blowfish #option Cipher blowfish
#option ClampMSS yes #option ClampMSS yes
#option Compression 0 #option Compression 0
#option Digest sha1 #option Digest sha1
#option IndirectData 0 #option IndirectData 0
#option MACLength 4 #option MACLength 4
#option PMTU 1514 #option PMTU 1514
#option PMTUDiscovery yes #option PMTUDiscovery yes
#option Port 655 #option Port 655
#option Subnet 192.168.1.0/24 #option Subnet 192.168.1.0/24
   
#!/bin/sh /etc/rc.common #!/bin/sh /etc/rc.common
# Tinc init script # Copyright (C) 2011 OpenWrt.org
# Copyright (C) 2011 Linus Lüssing # Copyright (C) 2011 Linus Lüssing
# Based on Jo-Philipp Wich's OpenVPN init script # Based on Jo-Philipp Wich's OpenVPN init script
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
   
START=42 START=42
   
  SERVICE_USE_PID=1
   
BIN=/usr/sbin/tincd BIN=/usr/sbin/tincd
SSD=start-stop-daemon  
EXTRA_COMMANDS="up down" EXTRA_COMMANDS="up down"
   
LIST_SEP=" LIST_SEP="
" "
TMP_TINC="/tmp/tinc" TMP_TINC="/tmp/tinc"
   
append_param() { append_param() {
local v="$1" local v="$1"
case "$v" in case "$v" in
*_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; *_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; *_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
*_*) v=${v%%_*}-${v#*_} ;; *_*) v=${v%%_*}-${v#*_} ;;
esac esac
ARGS="$ARGS --$v" ARGS="$ARGS --$v"
return 0 return 0
} }
   
append_conf_bools() { append_conf_bools() {
local p; local v; local s="$1"; local f="$2"; shift; shift local p; local v; local s="$1"; local f="$2"; shift; shift
for p in $*; do for p in $*; do
config_get_bool v "$s" "$p" config_get_bool v "$s" "$p"
[ "$v" == 1 ] && echo "$p = yes" >> "$f" [ "$v" == 1 ] && echo "$p = yes" >> "$f"
[ "$v" == 0 ] && echo "$p = no" >> "$f" [ "$v" == 0 ] && echo "$p = no" >> "$f"
done done
} }
   
append_params() { append_params() {
local p; local v; local s="$1"; shift local p; local v; local s="$1"; shift
for p in $*; do for p in $*; do
config_get v "$s" "$p" config_get v "$s" "$p"
IFS="$LIST_SEP" IFS="$LIST_SEP"
for v in $v; do for v in $v; do
[ -n "$v" ] && append_param "$p" && ARGS="$ARGS $v" [ -n "$v" ] && append_param "$p" && ARGS="$ARGS $v"
done done
unset IFS unset IFS
done done
} }
   
append_conf_params() { append_conf_params() {
local p; local v; local s="$1"; local f="$2"; shift; shift local p; local v; local s="$1"; local f="$2"; shift; shift
for p in $*; do for p in $*; do
config_get v "$s" "$p" config_get v "$s" "$p"
IFS="$LIST_SEP" IFS="$LIST_SEP"
for v in $v; do for v in $v; do
# Look up OpenWRT interface names # Look up OpenWRT interface names
[ "$p" = "BindToInterface" ] && { [ "$p" = "BindToInterface" ] && {
local ifname=$(uci -P /var/state get network.$v.ifname 2>&-) local ifname=$(uci -P /var/state get network.$v.ifname 2>&-)
[ -n "$ifname" ] && v="$ifname" [ -n "$ifname" ] && v="$ifname"
} }
   
[ -n "$v" ] && echo "$p = $v" >> "$f" [ -n "$v" ] && echo "$p = $v" >> "$f"
done done
unset IFS unset IFS
done done
} }
   
  section_enabled() {
  config_get_bool enabled "$1" 'enabled' 0
  [ $enabled -gt 0 ]
  }
   
prepare_host() { prepare_host() {
local s="$1"; local n local s="$1"
local disabled=0 local n
   
# net disabled? # net disabled?
config_get n "$s" net config_get n "$s" net
config_get_bool disabled "$n" disabled 0 section_enabled "$n" || return 1
[ "$disabled" == 1 ] && return 0  
   
if [ "$#" = "2" ]; then if [ "$#" = "2" ]; then
[ "$2" != "$n" ] && return 0 [ "$2" != "$n" ] && return 1
fi fi
   
# host disabled? # host disabled?
config_get_bool disabled "$s" disabled 0 section_enabled "$s" || {
[ "$disabled" == 1 ] && {  
[ -f "$TMP_TINC/$n/hosts/$s" ] && rm "$TMP_TINC/$n/hosts/$s" [ -f "$TMP_TINC/$n/hosts/$s" ] && rm "$TMP_TINC/$n/hosts/$s"
return 0 return 1
} }
   
[ ! -f "/etc/tinc/$n/hosts/$s" ] && { [ ! -f "/etc/tinc/$n/hosts/$s" ] && {
echo -n "tinc: Warning, public key for $s for network $n " echo -n "tinc: Warning, public key for $s for network $n "
echo -n "missing in /etc/tinc/$n/hosts/$s, " echo -n "missing in /etc/tinc/$n/hosts/$s, "
echo "skipping configuration of $s" echo "skipping configuration of $s"
return 0 return 1
} }
   
# append flags # append flags
append_conf_bools "$s" "$TMP_TINC/$n/hosts/$s" \ append_conf_bools "$s" "$TMP_TINC/$n/hosts/$s" \
ClampMSS IndirectData PMTUDiscovery ClampMSS IndirectData PMTUDiscovery
   
# append params # append params
append_conf_params "$s" "$TMP_TINC/$n/hosts/$s" \ append_conf_params "$s" "$TMP_TINC/$n/hosts/$s" \
Address Cipher Compression Digest MACLength PMTU Port Subnet Address Cipher Compression Digest MACLength PMTU Port Subnet
} }
   
check_gen_own_key() { check_gen_own_key() {
local s="$1"; local n; local k local s="$1"; local n; local k
   
config_get n "$s" Name config_get n "$s" Name
config_get_bool k "$s" generate_keys 0 config_get_bool k "$s" generate_keys 0
[ "$k" == 0 ] && return 0 [ "$k" == 0 ] && return 0
   
([ -z "$n" ] || [ -f "$TMP_TINC/$s/hosts/$n" ] || [ -f "$TMP_TINC/$s/rsa_key.priv" ]) && \ ([ -z "$n" ] || [ -f "$TMP_TINC/$s/hosts/$n" ] || [ -f "$TMP_TINC/$s/rsa_key.priv" ]) && \
return 0 return 0
[ ! -d "$TMP_TINC/$s/hosts" ] && mkdir -p "$TMP_TINC/$s/hosts" [ ! -d "$TMP_TINC/$s/hosts" ] && mkdir -p "$TMP_TINC/$s/hosts"
   
config_get k "$s" key_size config_get k "$s" key_size
if [ -z "$k" ]; then if [ -z "$k" ]; then
$BIN -c "$TMP_TINC/$s" --generate-keys </dev/null $BIN -c "$TMP_TINC/$s" --generate-keys </dev/null
else else
$BIN -c "$TMP_TINC/$s" "--generate-keys=$k" </dev/null $BIN -c "$TMP_TINC/$s" "--generate-keys=$k" </dev/null
fi fi
   
[ ! -d "/etc/tinc/$s/hosts" ] && mkdir -p "/etc/tinc/$s/hosts" [ ! -d "/etc/tinc/$s/hosts" ] && mkdir -p "/etc/tinc/$s/hosts"
cp "$TMP_TINC/$s/rsa_key.priv" "/etc/tinc/$s/" cp "$TMP_TINC/$s/rsa_key.priv" "/etc/tinc/$s/"
[ -n "$n" ] && cp "$TMP_TINC/$s/hosts/$n" "/etc/tinc/$s/hosts/" [ -n "$n" ] && cp "$TMP_TINC/$s/hosts/$n" "/etc/tinc/$s/hosts/"
} }
   
prepare_net() { prepare_net() {
local s="$1" local s="$1"
local disabled=0  
local n local n
   
# disabled? section_enabled "$s" || return 1
config_get_bool disabled "$s" disabled 0  
[ "$disabled" == 1 ] && return 0  
   
[ ! -d "$TMP_TINC/$s" ] && mkdir -p "$TMP_TINC/$s" [ ! -d "$TMP_TINC/$s" ] && mkdir -p "$TMP_TINC/$s"
[ -d "/etc/tinc/$s" ] && cp -r "/etc/tinc/$s" "$TMP_TINC/" [ -d "/etc/tinc/$s" ] && cp -r "/etc/tinc/$s" "$TMP_TINC/"
   
# append flags # append flags
append_conf_bools "$s" "$TMP_TINC/$s/tinc.conf" \ append_conf_bools "$s" "$TMP_TINC/$s/tinc.conf" \
DirectOnly Hostnames IffOneQueue PriorityInheritance \ DirectOnly Hostnames IffOneQueue PriorityInheritance \
StrictSubnets TunnelServer \ StrictSubnets TunnelServer \
ClampMSS IndirectData PMTUDiscovery ClampMSS IndirectData PMTUDiscovery
   
# append params # append params
append_conf_params "$s" "$TMP_TINC/$s/tinc.conf" \ append_conf_params "$s" "$TMP_TINC/$s/tinc.conf" \
AddressFamily BindToAddress ConnectTo BindToInterface \ AddressFamily BindToAddress ConnectTo BindToInterface \
Forwarding GraphDumpFile Interface KeyExpire MACExpire \ Forwarding GraphDumpFile Interface KeyExpire MACExpire \
MaxTimeout Mode Name PingInterval PingTimeout PrivateKeyFile \ MaxTimeout Mode Name PingInterval PingTimeout PrivateKeyFile \
ProcessPriority ReplayWindow UDPRcvBuf UDPSndBuf \ ProcessPriority ReplayWindow UDPRcvBuf UDPSndBuf \
Address Cipher Compression Digest MACLength PMTU Port Subnet Address Cipher Compression Digest MACLength PMTU Port Subnet
   
check_gen_own_key "$s" && return 0 check_gen_own_key "$s" && return 0
} }
   
start_net() { start_instance() {
local s="$1" local s="$1"
local disabled=0  
  section_enabled "$s" || return 1
# disabled?  
config_get_bool disabled "$s" disabled 0  
[ "$disabled" == 1 ] && return 0  
   
PID="/var/run/tinc.$s.pid"  
ARGS="" ARGS=""
   
# append params # append params
append_params "$s" \ append_params "$s" log debug
log debug  
  SERVICE_PID_FILE="/var/run/tinc.$s.pid" \
$BIN -c "$TMP_TINC/$s" -n $s $ARGS --pidfile="$PID" service_start $BIN -c "$TMP_TINC/$s" -n $s $ARGS --pidfile="$PID"
} }
   
kill_net() { stop_instance() {
local s="$1" local s="$1"
local S="${2:-TERM}"  
local disabled=0 section_enabled "$s" || return 1
   
# disabled? SERVICE_PID_FILE="/var/run/tinc.$s.pid" \
config_get_bool disabled "$s" disabled 0 service_stop $BIN
[ "$disabled" == 0 ] || [ "$S" == "TERM" ] || return 0 }
   
PID="/var/run/tinc.$s.pid" reload_instance() {
  local s="$1"
$SSD -q -p $PID -x $BIN -K -s $S  
[ "$S" == "TERM" ] && { section_enabled "$s" || return 1
rm -f "$PID"  
[ -n "$s" ] && rm -rf "$TMP_TINC/$s" SERVICE_PID_FILE="/var/run/tinc.$s.pid" \
} service_reload $BIN
} }
   
hup_net() { kill_net "$1" HUP; }  
stop_net() { kill_net "$1" TERM; }  
   
start() { start() {
config_load tinc config_load 'tinc'
   
config_foreach prepare_net tinc-net config_foreach prepare_net 'tinc-net'
config_foreach prepare_host tinc-host config_foreach prepare_host 'tinc-host'
   
config_foreach start_net tinc-net config_foreach start_instance 'tinc-net'
} }
   
stop() { stop() {
config_load tinc config_load 'tinc'
config_foreach stop_net tinc-net config_foreach stop_instance 'tinc-net'
} }
   
reload() { reload() {
config_load tinc config_load 'tinc'
config_foreach hup_net tinc-net config_foreach reload_instance 'tinc-net'
}  
   
restart() {  
stop; sleep 5; start  
} }
   
up() { up() {
local exists local exists
local INSTANCE local instance
config_load tinc config_load 'tinc'
for INSTANCE in "$@"; do for instance in "$@"; do
config_get exists "$INSTANCE" TYPE config_get exists "$instance" 'TYPE'
if [ "$exists" == "tinc-net" ]; then if [ "$exists" == "tinc-net" ]; then
prepare_net "$INSTANCE" prepare_net "$instance"
config_foreach prepare_host tinc-host "$INSTANCE" config_foreach prepare_host 'tinc-host' "$instance"
start_net "$INSTANCE" start_instance "$instance"
fi fi
done done
} }
   
down() { down() {
local exists local exists
local INSTANCE local instance
config_load tinc config_load 'tinc'
for INSTANCE in "$@"; do for instance in "$@"; do
config_get exists "$INSTANCE" TYPE config_get exists "$instance" 'TYPE'
if [ "$exists" == "tinc-net" ]; then if [ "$exists" == "tinc-net" ]; then
stop_net "$INSTANCE" stop_instance "$instance"
fi fi
done done
} }
   
comments