void-packages icon indicating copy to clipboard operation
void-packages copied to clipboard
verified publisher icon void-linux

openvpn: update to 2.6.9.

Open Bnyro opened this issue 1 year ago • 6 comments

Testing the changes

  • I tested the changes in this PR: briefly

Local build testing

  • I built this PR locally for my native architecture, x86_64-glibc

Bnyro avatar Feb 13 '24 11:02 Bnyro

Cool!

Would you consider adding a runit service?

files/openvpn/run

#!/bin/sh
exec 2>&1
[ -r conf ] && . ./conf
exec openvpn --config ${CONF_FILE:=/etc/openvpn/openvpn.conf}

template

post_install() {
	vsv openvpn

slymattz avatar Feb 18 '24 19:02 slymattz

Would you consider adding a runit service?

I personally think that's a good idea, but I just saw https://github.com/void-linux/void-packages/pull/17906#issuecomment-569937899 where adding a service has been rejected (for unknown reasons). I think we should better do this in a other PR to allow further discussions about it there, so that it won't block this update. Feel free to create one :+1:

Bnyro avatar Feb 18 '24 21:02 Bnyro

https://github.com/void-linux/void-packages/pull/17906#issuecomment-569937899 is really intriguing and I wonder what the rationale for such a decision was.

Anyhow, I see things two-fold here:

  1. running OpenVPN as a server - you must have a runit service here to start it on boot
  2. running OpenVPN as a client - you don't have to have a runit service here unless you want to run it on boot

So three scenarios pop-up: two where having a runit service is highly essential and one where it is redundant (like when you run openvpn /etc/openvpn/client/1.conf &

As a personal note, I've run the runit service in a server instance successfully today, so it works.

These are the technicalities but I'm wondering on what your opinions are. I propose a discussion.

slymattz avatar Feb 18 '24 21:02 slymattz

I personally agree that it makes sense to add a service for both options, one for running as openvpn server and one for running as client. But we probably get more opinions in a GitHub discussion, so that's probably a good idea 👍

Bnyro avatar Feb 18 '24 22:02 Bnyro

Would you consider adding a runit service?

I personally think that's a good idea, but I just saw #17906 (comment) where adding a service has been rejected (for unknown reasons). I think we should better do this in a other PR to allow further discussions about it there, so that it won't block this update. Feel free to create one 👍

I hope this is the right place for such a discussion: https://github.com/void-linux/void-packages/issues/48834

slymattz avatar Feb 19 '24 17:02 slymattz

(...) I think we should better do this in a other PR to allow further discussions about it there, so that it won't block this update. Feel free to create one 👍

Whoever reviews this PR, please bear in mind that I had no intention of hindering this OpenVPN update by opening up a discussion here - https://github.com/void-linux/void-packages/issues/48834

I believe keeping OpenVPN up-to-date is important regardless of the conclusions drawn in the aforementioned discussion. That being said, it would be nice to have runit services for openvpn-server and openvpn-client installed in /usr/share/examples/sv (see https://github.com/void-linux/void-packages/issues/48834#issuecomment-1953063448). One argument for doing so is that the service would be easily accessible to users who want to have it enabled on boot. And on top of that the proposed solution would be safe for those who run OpenVPN manually or use NetworkManager etc.

Another argument for including runit services for OpenVPN is that similar software like https://github.com/void-linux/void-packages/tree/master/srcpkgs/wireguard-tools does come with a runit service preinstalled.

slymattz avatar Feb 22 '24 15:02 slymattz