Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

92 networkmanager modules are missing #94

Merged
merged 4 commits into from
Nov 30, 2023
Merged

92 networkmanager modules are missing #94

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c76d830
components/nvidia: fixed required symlinks (#82)
itsManjeet Nov 27, 2023
07f4618
Staging (#90)
itsManjeet Nov 29, 2023
4ec1d27
components/networkmanager-openvpn: added OpenVPN NetworkManager plugin
itsManjeet Nov 30, 2023
9b4778d
Merge branch 'staging' into 92-networkmanager-modules-are-missing
itsManjeet Nov 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions elements/components/libcap-ng.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ id: libcap-ng
version: 0.8.3
about: A library for Linux that makes using posix capabilities easy

build-type: autotools

configure: >-
--enable-static=no
--without-python
Expand Down
26 changes: 26 additions & 0 deletions elements/components/networkmanager-openvpn.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
id: networkmanager-openvpn
version: 1.10.2
about: NetworkManager VPN plugin for OpenVPN

build-type: autotools

pre-script: |-
autoreconf -fiv

variables:
run-autogen: false
seperate-build-dir: false

depends:
- components/libnma.yml
- components/libsecret.yml
- components/openvpn.yml
- components/networkmanager.yml

post-script: |-
install -v -D -m 0644 /dev/stdin %{install-root}/%{libdir}/sysusers.d/%{id}.conf << "EOF"
u nm-openvpn - "NetworkManager OpenVPN"
EOF

sources:
- https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/archive/%{version}/NetworkManager-openvpn-%{version}.tar.gz
47 changes: 47 additions & 0 deletions elements/components/openvpn.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
id: openvpn
version: 2.6.8
about: An easy-to-use, robust and highly configurable VPN (Virtual Private Network)

build-type: autotools

pre-script: |-
sed -i '/^CONFIGURE_DEFINES=/s/set/env/g' configure.ac
patch -Np1 -i /patches/%{id}/0001-unprivileged.patch

autoreconf --force --install

configure: >-
--enable-plugins
--enable-systemd
--enable-x509-alt-username

post-script: |-
install -v -D -m 0644 /dev/stdin %{install-root}/%{libdir}/sysusers.d/%{id}.conf << "EOF"
u openvpn - "OpenVPN"
EOF

install -v -D -m 0644 /dev/stdin %{install-root}/%{libdir}/tmpfiles.d/%{id}.conf << "EOF"
d /etc/openvpn/client 0750 openvpn network -
d /etc/openvpn/server 0750 openvpn network -
d /run/openvpn-client 0750 openvpn network -
d /run/openvpn-server 0750 openvpn network -
EOF

for FILE in $(find contrib -type f); do
case "$(file --brief --mime-type --no-sandbox "${FILE}")" in
"text/x-shellscript")
install -D -m0755 ${FILE} "%{install-root}/%{datadir}/%{id}/${FILE}" ;;
*)
install -D -m0644 ${FILE} "%{install-root}/%{datadir}/%{id}/${FILE}" ;;
esac
done

depends:
- components/lz4.yml
- components/lzo.yml
- components/openssl.yml
- components/libnl.yml
- components/libcap-ng.yml

sources:
- https://github.com/OpenVPN/openvpn/releases/download/v%{version}/openvpn-%{version}.tar.gz
1 change: 1 addition & 0 deletions elements/system/repo.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ include:

- components/network-manager-applet.yml
- components/system-config-printer.yml
- components/networkmanager-openvpn.yml

- apps/firefox.yml

Expand Down
28 changes: 28 additions & 0 deletions patches/openvpn/0001-unprivileged.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
diff --git a/distro/systemd/[email protected] b/distro/systemd/[email protected]
index 159fb4dc..2277a7d9 100644
--- a/distro/systemd/[email protected]
+++ b/distro/systemd/[email protected]
@@ -11,6 +11,9 @@ Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/client
ExecStart=@sbindir@/openvpn --suppress-timestamps --nobind --config %i.conf
+User=openvpn
+Group=network
+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE
LimitNPROC=10
DeviceAllow=/dev/null rw
diff --git a/distro/systemd/[email protected] b/distro/systemd/[email protected]
index 6e8e7d94..b2814e4b 100644
--- a/distro/systemd/[email protected]
+++ b/distro/systemd/[email protected]
@@ -11,6 +11,9 @@ Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/server
ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+User=openvpn
+Group=network
+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw