lagertonne/tinc
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Wiki Activity

Import Debian changes 1.1~pre2-1

Browse source 
tinc (1.1~pre2-1) experimental; urgency=low

  * first cut of 1.1-tobe.
    Rewrote control scripts et al to use tincctl.
  * build-depend on libssl >>1.0.0 to get proper EC support
  * remove crypto-related symlinks from src/ in clean --
    probably should go into upstream makefile instead
This commit is contained in:
Michael Tokarev 2011-08-07 12:57:15 +04:00 committed by Guus Sliepen
commit cf2ac65444
193 changed files with 32385 additions and 26596 deletions
Download patch file Download diff file Expand all files Collapse all files

21
debian/NEWS vendored
View file

@ -1,14 +1,11 @@
tinc (1.0.27-1) unstable; urgency=medium
tinc (1.1~pre2-1) experimental; urgency=low
This package now provides native systemd service files, allowing multiple
instances of tinc to be managed. Existing networks listed in
/etc/tinc/nets.boot will be converted to service instances once during this
upgrade. Afterwards, you can enable and disable networks using:
systemctl enable tinc@<netname>
systemctl disable tinc@<netname>
If you do not have systemd installed, the SysV init script will continue to
work as usual. For more information, see README.Debian.
* tinc-1.1 has separate control utility, tincctl, which is now used
to start/stop tinc instances, to reload configuration, to get
various information about running tincd (including dump of nodes
and connections) and so on. tincd still reacts to some signals
as before, but this usage is deprecated. In particular, -k
option is now gone. Also, node/connection/etc dumps are
produced on tincctl stdout, not into syslog.
-- Guus Sliepen <guus@debian.org> Sun, 10 Apr 2016 01:33:55 +0200
-- Michael Tokarev <mjt@tls.msk.ru> Sun, 07 Aug 2011 13:16:17 +0400

55
debian/README.Debian vendored
View file

@ -1,54 +1,17 @@
tinc for Debian
---------------
----------------------
The manual for tinc is also available as info pages, type `info tinc'
to read it.
There are several ways in which tinc may be automatically started at boot:
Systemd
-------
Since 1.0.27-1, the tinc package comes with native systemd service files.
To enable and start a net, call:
systemctl enable tinc@<netname>
systemctl start tinc@<netname>
This will cause a tincd to be started which uses the configuration from
/etc/tinc/<netname>, and also makes sure that it will be started next time your
system boots.
Apart from controlling individual instances, you can also start/stop/reload all
enabled instances simultaneously by omitting @<netname>, for example:
systemctl reload tinc
Note that when you have systemd installed on your system, the file
/etc/tinc/nets.boot will not be used anymore to automatically start tinc
daemons. If the variable EXTRA is defined in /etc/default/tinc, it will be
passed on to tinc. The variable LIMITS is however not used.
The service files that come with this package start tinc unconditionally.
However, tinc does support socket activation. If you wish to write a socket
unit for tinc, use the ListenStream option to specify on which port(s) and
address(es) tinc should listen.
SysVinit
--------
The system startup script for tinc, /etc/init.d/tinc, uses the file
/etc/tinc/nets.boot to find out which networks have to be started. Use one
netname per line. Lines starting with a # are ignored.
/etc/tinc/nets.boot to find out which networks have to be started.
/etc/network/interfaces
-----------------------
You can create a stanza in /etc/network/interfaces, and add a line with
"tinc-net <netname>". This will cause a tincd to be started which uses the
configuration from /etc/tinc/<netname>. You can use an inet static (with
address and netmask options) or inet dhcp stanza, in which case the ifup will
configure the VPN interface and you do not need to have a tinc-up script.
Alternatively, you can create a stanza in /etc/network/interfaces, and add a
line with "tinc-net <netname>". This will cause a tincd to be started which
uses the configuration from /etc/tinc/<netname>. You can use an inet static
(with address and netmask options) or inet dhcp stanza, in which case the ifup
will configure the VPN interface and you do not need to have a tinc-up script.
The following options are also recognized and map directly to the corresponding
command line options for tincd:
@ -57,7 +20,6 @@ tinc-config <directory>
tinc-debug <level>
tinc-mlock yes
tinc-logfile <filename>
tinc-pidfile <filename>
tinc-chroot yes
tinc-user <username>
@ -70,11 +32,10 @@ iface vpn inet static
tinc-debug 1
tinc-mlock yes
tinc-user nobody
tinc-pidfile /tmp/tinc.pid
This will start a tinc daemon that reads its configuration from
/etc/tinc/myvpn, logs at debug level 1, locks itself in RAM, runs as user
nobody, and creates a network interface called "vpn". Ifup then sets the
address and netmask on that interface.
-- Guus Sliepen <guus@debian.org>, Sun, 10 April 2016, 01:38:08 +0200
-- Guus Sliepen <guus@debian.org>, Fri, 24 June 2011, 18:10:53 +0200

202
debian/changelog vendored
View file

@ -1,200 +1,12 @@
tinc (1.0.35-2) unstable; urgency=medium
tinc (1.1~pre2-1) experimental; urgency=low
* Bump Standards-Version and Build-Depend on debhelper-compat (= 12).
* Remove calls to dh_installinit and dh_systemd_start from debian/rules,
compat level 12 does the right thing by default.
* Ensure we clean up doc/tinc.info.
* first cut of 1.1-tobe.
Rewrote control scripts et al to use tincctl.
* build-depend on libssl >>1.0.0 to get proper EC support
* remove crypto-related symlinks from src/ in clean --
probably should go into upstream makefile instead
-- Guus Sliepen <guus@debian.org> Mon, 28 Jan 2019 21:54:45 +0100
tinc (1.0.35-1) unstable; urgency=medium
* New upstream release.
- Includes fixes for CVE-2018-16737, CVE-2018-16738, CVE-2018-16758.
-- Guus Sliepen <guus@debian.org> Mon, 08 Oct 2018 16:09:06 +0200
tinc (1.0.34-1) unstable; urgency=medium
[ Guus Sliepen ]
* New upstream release.
- Fixes a potential segmentation fault when connecting to an IPv6
peer via a proxy. Closes: #887401
* Add support for the $EXTRA variable in /etc/default/tinc when using
systemd. Closes: #887116
[ Benda Xu ]
* Prevent possible incorrect IPv6 checksums due to function inlining.
Closes: #891400
-- Guus Sliepen <guus@debian.org> Tue, 12 Jun 2018 23:00:49 +0200
tinc (1.0.33-1) unstable; urgency=medium
* New upstream release.
* Test for /etc/default/tinc before trying to source it. Closes: #777262
* Use --runstatedir=/run.
-- Guus Sliepen <guus@debian.org> Sat, 04 Nov 2017 16:22:06 +0100
tinc (1.0.32-1) unstable; urgency=medium
* New upstream release.
* Add a note to new nets.boot files that it is not used with systemd.
Closes: #841052
* In the post-down script, read the pid file only once. Closes: #832784
* Explicitly use /bin/sleep from coreutils. Closes: #772379
* Bump Standards-Version.
-- Guus Sliepen <guus@debian.org> Tue, 05 Sep 2017 20:23:36 +0200
tinc (1.0.31-1) unstable; urgency=medium
* New upstream release.
* Bump Standards-Version.
* Bump debian/compat.
* Add missing Depends: lsb-base.
-- Guus Sliepen <guus@debian.org> Sun, 15 Jan 2017 16:20:40 +0100
tinc (1.0.29-2) unstable; urgency=medium
* Rebuild with libssl-dev from unstable.
-- Guus Sliepen <guus@debian.org> Thu, 27 Oct 2016 13:09:46 +0200
tinc (1.0.29-1) unstable; urgency=medium
* New upstream release.
* Bump debian/compat.
-- Guus Sliepen <guus@debian.org> Mon, 10 Oct 2016 22:30:25 +0200
tinc (1.0.28-1) unstable; urgency=medium
* New upstream release.
- Fixes FTBFS on kfreebsd.
* Systemd service files are now provided by upstream.
-- Guus Sliepen <guus@debian.org> Sun, 10 Apr 2016 15:44:28 +0200
tinc (1.0.27-2) unstable; urgency=medium
* Fix tinc@.service.
-- Guus Sliepen <guus@debian.org> Sun, 10 Apr 2016 12:45:33 +0200
tinc (1.0.27-1) unstable; urgency=medium
* New upstream release.
* Bump Standards-Version.
* Add native systemd unit files.
* Automatically convert networks listed in nets.boot to systemd service
instances on upgrade.
-- Guus Sliepen <guus@debian.org> Sun, 10 Apr 2016 01:39:16 +0200
tinc (1.0.26-1) unstable; urgency=medium
* New upstream release.
* Use the contents, not the presence, of the pidfile to check that tincd is
shut down properly. Closes: #774682
* Bump Standards-Version.
-- Guus Sliepen <guus@debian.org> Sun, 05 Jul 2015 17:23:08 +0200
tinc (1.0.24-2) unstable; urgency=medium
* Improve the init script: stopping tinc now waits for the process to
terminate. If that doesn't happen in 5 seconds, it will send the TERM
signal again (which helps if tinc is waiting for a script to finish
executing). It now also detects whether the process mentioned in the PID
file is actually running, and if not it will exit early and without
warnings. Closes: #748107
-- Guus Sliepen <guus@debian.org> Wed, 14 May 2014 21:44:16 +0200
tinc (1.0.24-1) unstable; urgency=medium
[ Guus Sliepen ]
* New upstream release
* Add a debian/watch file.
* Bump Standards-Version.
[ Gian Piero Carrubba ]
* Allow resource limits to be set in /etc/default/tinc.
Closes: #690685, #704702
-- Guus Sliepen <guus@debian.org> Sun, 11 May 2014 21:17:13 +0200
tinc (1.0.23-2) unstable; urgency=low
* Use if-statements instead of && in shell scripts. Closes: #731279
The && operator does not clear the error status, and if the next statement
in a shell script does not change the error status it would cause the
script to prematurely exit. Thanks to Peter Reinholdtsen for spotting it.
* Use absolute path to tincd in the if-post-down script.
-- Guus Sliepen <guus@debian.org> Thu, 05 Dec 2013 09:41:13 +0000
tinc (1.0.23-1) unstable; urgency=low
* New upstream release.
-- Guus Sliepen <guus@debian.org> Sat, 19 Oct 2013 21:06:05 +0200
tinc (1.0.22-1) unstable; urgency=low
* New upstream release.
- Handles whitespace between command line flags and optional arguments.
Closes: #710267
* Bump Standards-Version.
* Source /lib/lsb/init-functions in the init.d script.
* Don't use texi2html anymore, use automake's install-html target which uses
makeinfo.
-- Guus Sliepen <guus@debian.org> Wed, 14 Aug 2013 15:34:29 +0200
tinc (1.0.21-1) unstable; urgency=low
* New upstream release.
- Includes fix for CVE-2013-1428.
-- Guus Sliepen <guus@debian.org> Sun, 05 May 2013 10:42:33 +0200
tinc (1.0.19-3) unstable; urgency=high
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
-- Guus Sliepen <guus@debian.org> Fri, 12 Apr 2013 22:52:10 +0200
tinc (1.0.19-2) unstable; urgency=low
* Fix behaviour of tinc-pidfile. Closes: #679130
* Enable parallel building in debian/rules.
-- Guus Sliepen <guus@debian.org> Tue, 26 Jun 2012 18:28:34 +0200
tinc (1.0.19-1) unstable; urgency=low
* New upstream release.
* Bump debian/compat so tinc gets built with hardening flags.
* Allow tinc-pidfile in /etc/network/interfaces.
-- Guus Sliepen <guus@debian.org> Mon, 25 Jun 2012 20:29:22 +0200
tinc (1.0.18-1) unstable; urgency=low
* New upstream release.
-- Guus Sliepen <guus@debian.org> Sun, 25 Mar 2012 18:52:15 +0200
tinc (1.0.17-1) unstable; urgency=low
* New upstream release.
* Enable support for UML and VDE.
-- Guus Sliepen <guus@debian.org> Sat, 10 Mar 2012 14:50:00 +0100
-- Michael Tokarev <mjt@tls.msk.ru> Sun, 07 Aug 2011 12:57:15 +0400
tinc (1.0.16-1) unstable; urgency=low

1
debian/compat vendored Normal file
View file

@ -0,0 +1 @@
7

8
debian/control vendored
View file

@ -2,15 +2,13 @@ Source: tinc
Section: net
Priority: optional
Maintainer: Guus Sliepen <guus@debian.org>
Standards-Version: 4.3.0
Build-Depends: libssl-dev, debhelper-compat (= 12), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev
Standards-Version: 3.9.2
Build-Depends: libssl-dev (>>1.0.0), debhelper (>= 7.0.50~), gettext, texi2html, texinfo, zlib1g-dev, liblzo2-dev
Homepage: http://www.tinc-vpn.org/
Rules-Requires-Root: no
Package: tinc
Architecture: any
Pre-Depends: ${misc:Pre-Depends}
Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-6)
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Virtual Private Network daemon
tinc is a daemon with which you can create a virtual private network
(VPN). One daemon can handle multiple connections, so you can

4
debian/doc-base.tinc vendored
View file

@ -6,5 +6,5 @@ Abstract: This manual describes how to set up a Virtual Private
Section: System/Security
Format: HTML
Files: /usr/share/doc/tinc/tinc.html/*
Index: /usr/share/doc/tinc/tinc.html/index.html
Files: /usr/share/doc/tinc/tinc*.html
Index: /usr/share/doc/tinc/tinc_toc.html

65
debian/patches/fix-incorrect-icmpv6-checksum vendored
View file

@ -1,65 +0,0 @@
Package: tinc
Version: 1.0.33-1
Severity: important
Dear Guus,
I have been using tinc since 2009 and it is great!
When PMTUDiscovery=yes and Mode=switch, and if ipv6 is used inside
tinc, the ICMPv6 "Packet Too Big" packets have incorrect checksums.
It can be reproduced by `ping6 <host in tinc> -s 1800` and `tcpdump -i
<tinc interface>`. Consequently, the host ignores the tinc-generated
ICMPv6 packets, PMTUDiscovery does not work and the connections freeze
when data flows are big.
I find the bug is gone if the function "inet_checksum" in route.c is
not inlined, either by compiling tinc with "-O2
-fno-inline-functions", or apply a patch such as,
diff --git a/src/route.c b/src/route.c
index ff82c06e..cd55383a 100644
--- a/src/route.c
+++ b/src/route.c
@@ -60,7 +60,7 @@ static const size_t opt_size = sizeof(struct nd_opt_hdr);
/* RFC 1071 */
-static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) {
+__attribute__ ((noinline)) static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) {
uint16_t *p = data;
uint32_t checksum = prevsum ^ 0xFFFF;
I have tested with gcc-7.3.0 and gcc-5.4.0. They behaved the same. I
am not good at assembly to find out what really happened, but it is
for sure that inet_checksum does not work as expected if compiled
inline.
Thanks!
Yours,
Benda
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages tinc depends on:
ii libc6 2.26-2
ii liblzo2-2 2.08-1.2+b2
ii libssl1.1 1.1.0g-2
ii lsb-base 9.20170808
ii zlib1g 1:1.2.8.dfsg-5
tinc recommends no packages.
tinc suggests no packages.

2
debian/patches/series vendored
View file

@ -1,2 +0,0 @@
fix-incorrect-icmpv6-checksum
support-etc-defaults-tinc

12
debian/patches/support-etc-defaults-tinc vendored
View file

@ -1,12 +0,0 @@
--- a/systemd/tinc@.service.in
+++ b/systemd/tinc@.service.in
@@ -9,7 +9,8 @@
[Service]
Type=simple
WorkingDirectory=@sysconfdir@/tinc/%i
-ExecStart=@sbindir@/tincd -n %i -D
+EnvironmentFile=/etc/default/tinc
+ExecStart=@sbindir@/tincd -n %i -D $EXTRA
ExecReload=@sbindir@/tincd -n %i -kHUP
KillMode=mixed
Restart=on-failure

7
debian/postinst vendored
View file

@ -7,15 +7,14 @@ set -e
case "$1" in
configure)
if [ ! -e /dev/.devfsd ] ; then if [ ! -e /dev/.devfs ] ; then
if [ ! -e /dev/net/tun ] ; then if [ ! -e /dev/tun ] ; then if [ -e /dev/MAKEDEV ]; then
if [ ! -e /dev/net/tun ] ; then if [ ! -e /dev/tun ] ; then
echo "Creating tun device..."
cd /dev && ./MAKEDEV net/tun 2>/dev/null || ./MAKEDEV tun 2>/dev/null || echo "Failed to create tun device."
fi; fi; fi
fi; fi
fi; fi
if [ ! -e $NETSFILE ] ; then
echo "## This file contains all names of the networks to be started on system startup when using sysvinit." > $NETSFILE
echo "## If you are using systemd, use systemctl enable tinc@netname to enable individual networks." >> $NETSFILE
echo "## This file contains all names of the networks to be started on system startup." > $NETSFILE
fi
;;

28
debian/preinst vendored
View file

@ -1,28 +0,0 @@
#!/bin/sh
NETSFILE="/etc/tinc/nets.boot"
SYSTEM="/lib/systemd/system"
WANTS="/etc/systemd/system/multi-user.target.wants"
set -e
case "$1" in
upgrade)
if dpkg --compare-versions "$2" '<<' "1.0.27-1"; then
if [ -f "$NETSFILE" ]; then
echo -n "Creating systemd service instances from nets.boot:"
mkdir -p "$WANTS"
egrep '^[ ]*[a-zA-Z0-9_-]+' $NETSFILE | while read net args; do
echo -n " $net"
ln -s "$SYSTEM/tinc@.service" "$WANTS/tinc@$net.service" 2>/dev/null || true
done
echo "."
fi
fi
;;
*)
;;
esac
#DEBHELPER#

38
debian/rules vendored
View file

@ -1,16 +1,34 @@
#!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
# This file was originally written by Joey Hess and Craig Small.
# As a special exception, when this file is copied by dh-make into a
# dh-make output file, you may use that output file without restriction.
# This special exception was added by Craig Small in version 0.37 of dh-make.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
%:
dh $@
dh $@
override_dh_auto_build:
dh_auto_build
cd doc && $(MAKE) texi2html
override_dh_auto_install:
dh_auto_install
# Guess where texi2html installed its output today...
[ -f doc/tinc/tinc.html ] \
&& mv doc/tinc/*.html debian/tinc/usr/share/doc/tinc/ \
|| mv doc/*.html debian/tinc/usr/share/doc/tinc/
# Remove info dir file
rm -f debian/tinc/usr/share/info/dir
override_dh_installinit:
dh_installinit -R
override_dh_clean:
dh_clean
rm -f doc/tinc.info
override_dh_auto_configure:
dh_auto_configure -- --enable-uml --enable-vde --with-systemd=/lib/systemd/system --runstatedir=/run
override_dh_auto_install:
dh_auto_install -- install-html
# Remove info dir file
rm -f debian/tinc/usr/share/info/dir
rm -f src/device.c
rm -f src/rsa.[ch] src/rsagen.[ch] src/prf.[ch] src/ecdh.[ch] src/ecdsa.[ch] src/ecdsagen.[ch] src/digest.[ch] src/crypto.[ch] src/cipher.[ch]

5
debian/tinc.default vendored
View file

@ -1,7 +1,2 @@
# Extra options to be passed to tincd.
# EXTRA="-d"
# Limits to be configured for the tincd process. Please read your shell
# (pointed by /bin/sh) documentation for ulimit. You probably want to raise the
# max locked memory value if using both --mlock and --user flags.
# LIMITS="-l 1024"

1
debian/tinc.dirs vendored
View file

@ -2,6 +2,5 @@ usr/sbin
usr/share
etc
etc/init.d
usr/share/locale
usr/share/doc/tinc
etc/tinc

2
debian/tinc.files vendored
View file

@ -1,6 +1,6 @@
usr/sbin/tincd
usr/sbin/tincctl
usr/share/man
etc
usr/share/doc/tinc
usr/share/locale
usr/share/info

46
debian/tinc.if-post-down vendored
View file

@ -2,40 +2,18 @@
set -e
if [ "$METHOD" = loopback -o -z "$IF_TINC_NET" ]; then
exit 0
if [ "$IF_TINC_NET" ] ; then
tincctl -n "$IF_TINC_NET" stop
sleep 0.1
i=0;
while [ -f "/var/run/tinc.$IF_TINC_NET.pid" ] ; do
if [ $i = '30' ] ; then
echo 'Failed to stop tinc daemon!'
exit 1
fi
sleep 0.1
i=$(($i+1))
done
fi
# Determine location of the PID file
EXTRA=""
if [ -n "$IF_TINC_PIDFILE" ]; then
EXTRA="--pidfile=$IF_TINC_PIDFILE"
else
IF_TINC_PIDFILE=/var/run/tinc.$IF_TINC_NET.pid
fi
# Stop the tinc daemon
read pid rest < $IF_TINC_PIDFILE 2>/dev/null
/usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA
# Wait for it to shut down properly
/bin/sleep 0.1
i=0;
while [ -f $IF_TINC_PIDFILE ] ; do
if [ ! -e "/proc/$pid" ] ; then
exit 0
fi
if [ $i = '30' ] ; then
echo 'Failed to stop tinc daemon!'
exit 1
fi
/bin/sleep 0.1
i=$(($i+1))
done
exit 0

43
debian/tinc.if-pre-up vendored
View file

@ -2,29 +2,11 @@
set -e
if [ "$METHOD" = loopback -o -z "$IF_TINC_NET" ]; then
exit 0
fi
[ -z "$IF_TINC_NET" ] && exit 0
# Read options from /etc/default
[ -r /etc/default/tinc ] && . /etc/default/tinc
# Set process limits
setlimits() {
while [ $# -gt 0 ]; do
parm=$1 ; shift
if [ -n "$1" -a "${1#-}" = "$1" ]; then
value=$1 ; shift
ulimit $parm $value
else
ulimit $parm
fi
done
}
test -n "$LIMITS" && setlimits $LIMITS
. /etc/default/tinc
# Read options from /etc/network/interfaces
@ -32,38 +14,23 @@ test -n "$LIMITS" && setlimits $LIMITS
[ -n "$IF_TINC_DEBUG" ] && EXTRA="$EXTRA -d$IF_TINC_DEBUG"
[ -n "$IF_TINC_MLOCK" ] && EXTRA="$EXTRA --mlock"
[ -n "$IF_TINC_LOGFILE" ] && EXTRA="$EXTRA --logfile=$IF_TINC_LOGFILE"
[ -n "$IF_TINC_PIDFILE" ] && EXTRA="$EXTRA --pidfile=$IF_TINC_PIDFILE" || IF_TINC_PIDFILE=/var/run/tinc.$IF_TINC_NET.pid
[ -n "$IF_TINC_CHROOT" ] && EXTRA="$EXTRA --chroot"
[ -n "$IF_TINC_USER" ] && EXTRA="$EXTRA --user=$IF_TINC_USER"
# Start tinc daemon
/usr/sbin/tincd -n "$IF_TINC_NET" -o "Interface=$IFACE" $EXTRA
# Wait for it to come up properly
/bin/sleep 0.1
sleep 0.1
i=0;
while [ ! -f $IF_TINC_PIDFILE ] ; do
while [ ! -f "/var/run/tinc.$IF_TINC_NET.pid" ] ; do
if [ $i = '30' ] ; then
echo 'Failed to start tinc daemon!'
exit 1
fi
/bin/sleep 0.1
i=$(($i+1))
done
while read pid rest < $IF_TINC_PIDFILE ; do
if [ -e "/proc/$pid" ] ; then
exit 0
fi
if [ $i = '30' ] ; then
echo 'Failed to start tinc daemon!'
exit 1
fi
/bin/sleep 0.1
sleep 0.1
i=$(($i+1))
done

7
debian/tinc.if-up vendored
View file

@ -2,8 +2,7 @@
set -e
if [ "$METHOD" = loopback -o -n "$IF_TINC_NET" ]; then
exit 0
fi
[ "$METHOD" = loopback ] && exit 0
[ -n "$IF_TINC_NET" ] && exit 0
invoke-rc.d tinc alarm || exit 0
invoke-rc.d tinc retry

77
debian/tinc.init vendored
View file

@ -18,9 +18,8 @@
#
# Based on Lubomir Bulej's Redhat init script.
. /lib/lsb/init-functions
DAEMON="/usr/sbin/tincd"
CONTROL="/usr/sbin/tincctl"
NAME="tinc"
DESC="tinc daemons"
TCONF="/etc/tinc"
@ -41,7 +40,10 @@ foreach_net() {
shift
egrep '^[ ]*[a-zA-Z0-9_-]+' $NETSFILE | while read net args; do
echo -n " $net"
"$@" $net $args
case "$1" in
start) $CONTROL -n $net start -- $EXTRA $args ;;
*) $CONTROL -n $net $1 ;;
esac
done
echo "."
}
@ -49,72 +51,13 @@ foreach_net() {
signal_running() {
for i in /var/run/tinc.*pid; do
if [ -f "$i" ]; then
head -1 $i | while read pid; do
head -1 $i | while read pid junk; do
kill -$1 $pid
done
fi
done
}
setlimits() {
while [ $# -gt 0 ]; do
parm=$1 ; shift
if [ -n "$1" -a "${1#-}" = "$1" ]; then
value=$1 ; shift
ulimit $parm $value
else
ulimit $parm
fi
done
}
test -n "$LIMITS" && setlimits $LIMITS
start() {
$DAEMON $EXTRA -n "$@"
}
stop() {
[ -f /var/run/tinc.$1.pid ] || return
read pid rest </var/run/tinc.$1.pid || return
kill -0 "$pid" 2>/dev/null || return
$DAEMON -n $1 -k || return
i=0;
/bin/sleep 0.5
# Wait for the pidfile to disappear
while [ -f /var/run/tinc.$1.pid ]; do
# And check that there is an actual process running
kill -0 "$pid" 2>/dev/null || return
if [ $i = '10' ] ; then
# It's still alive, kill it again and give up
$DAEMON -n $1 -k && /bin/sleep 0.5
break
else
echo -n "."
i=$(($i+1))
fi
/bin/sleep 0.5
done
}
reload() {
$DAEMON -n $1 -kHUP
}
alarm() {
$DAEMON -n $1 -kALRM
}
restart() {
stop "$@"
start "$@"
}
case "$1" in
start)
foreach_net "Starting $DESC:" start
@ -128,11 +71,15 @@ case "$1" in
restart)
foreach_net "Restarting $DESC:" restart
;;
alarm)
force-restart)
$0 stop
$0 start
;;
retry)
signal_running ALRM
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|alarm}"
echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|retry}"
exit 1
;;
esac

70
debian/upstream/signing-key.asc vendored
View file

@ -1,70 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBEVZzTABEADawFv/ibQ48uA1eRhL07vdM36Pcq2HDyuyNA+vYEalNH4jLmha
nGPvDALWwX0DXIWDAG8zeTj8s8zliLIjuPS4WRI2YdKIvWeG9fEvpKSXVWa42ica
dpzn/H2aBd4Ax6rQaiTXKOvxANAp2Veb+73ssPV5AL00uGTpzhh98xQzfFQCZ9ZL
YSVPqbMed5oCt/4jM9FBO2CuBtkfiO0dVVYtW7FAVjcIlE2NaZol/KGvz7wsS+yA
dE42W0l5MdQueLmTF4AIUSSTyPFGMQoyqh+MPif73Y589IGcW6GdfKYWnVDo6Trh
HOhcEky+uTYKb6NL0vrJgUiYVMzAOXFDdJni1eQGO6EfZRNYtTga3alWq/jVelK7
BID5JyNbkrTAqdPnhJGivVyk8gGX3+Hng8rkXTfWhp6yAYau1QfBm0F2tIQmpL1C
+7DoLvFErboQf685jXJBjzyvsJxB2ZLH1OOw6mNL0hy2LFkIyGza/bktY2em4apo
KWV5AM5LpyW6THH1oDS7706xFNkf4IFhKE0hKPzBiRnMDjRtMI131lkc5+P8Lqf5
jLTCFUgbEhU6Dz2YjhHAumVm0NWJETUpFDtVvMrqk+mp5xldUOWRNlYQC5aQOyda
eHOlNzB/BFbPhKMWI/zWlEH6f0t6WjHb4iwpWO47511aVNHF59aPzbAHxwARAQAB
tC9UaW5jIERldmVsb3BtZW50IFRlYW0gPHRpbmMtZGV2ZWxAdGluYy12cG4ub3Jn
PokCNgQTAQIAIAUCRVnNMAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEEpg
hLnA1x9KxOAQAMPhO2WTXv9AaGQBQhyyoGseKoSfcRjtI9YEfE0OInQQ2E+SPYF/
dkfeLGAUqa4foTYQlMqfw70vBhTdVCb7HLTGn6/ICFUtDwakUQCgUQGlUVQiondA
8W6jj+QWrh5BQhHuXy2nCVaKnksu0/xQPsJotghxuYqaot3iJ4qVw9iT/Yeo9irH
Ffftqu0OVCdQ5zQuFNI9YCv/C83L59ecH7bOzYz2efTyobvxrhmgQtgOQwCWOE09
Kr3veM9KLG33YoXlqv8QN/3CwtsJvSwfhj+R2JowZC7RqHe/yznRzmRMsgbrolxi
uiJLonGxcNNkD7WhXi7/zL4A/JaC27XrFf1MPLv8aiTwnOIfrXd5jawpauUOZOXK
UjIZHlIqviB0r5s7A+AFeHW38Tp9VzNuQ7aEl5bHbSXV+s7DTAwGb279z0AVaJ3h
5hWFxupw7UoGdzROwCBYzeX3sioAL6QvkXua8X6zOH45VEiSwrRX3Hlx/MLo7Z4g
PWgFLf6WviHQXCG834To1XIwUk9RgNsL7OzGjtaCuRymADImKMNwierq2zTfoRFQ
v9onIadIMF1fsc70hiBG9yAi36MEuk4VxG8Jc3PQQfSFm4RWazv1k3E0AAIob2Ek
DLVjvLO62Navo/OQ6D7yyiX0qes5S7/k3F1h8+87eRn3yxZE2kbxPg8KuQENBEVZ
zYYBCACoYgExmMKEtABL3pir/IXI4exR/45hkP6txFIrkVQb8DGJ9H39kiDr4gtj
F+pvcgMpec35S3m4fJ7WhDNvbDB4ZvONc1NMKs9cqDXfB+TLWPm4W+SkcKUrs+nK
i8l7ieggTALJcvRoLTX2EFmUFrD6y870W3rK2SfC/0VJX8Ou5cPbwCeueExjo5x0
3gNfu0jWUS0cyA9y+1rVVekrLuJY/+SI4jv3gdzrYbxD0f6dpbpC37QHoJdd0KGF
acPtT2azjY+HxW10EA3Aw9oZWFXnb1nFg2RbDpkaGLmLbaXweltLyw154UmCXxym
PXPqi9bSfEkj0GiYrapk4mW114u9ABEBAAGJA0QEGAECAA8FAkVZzYcCGwIFCQHh
M4ABKQkQSmCEucDXH0rAXSAEGQECAAYFAkVZzYcACgkQ017duBDeLmmu3wf/TFZM
tLKxiyQPtGSTE3eULPdWCEMDZXdSPTY0QHM7Zvh+qn1ei+iFpD0549MYnBEAwDIV
4o62Nrcg8IPu0CEkZIAn2JiFFGYvMGk91awZGV1GS3umd7Dt349E1oKDPZVzRn+j
QIKarXxxabRmx2s/dZZgSs/eguWTboBFmvls9tVfe8x/xPvcHFmqHVUoGKEJy6Tm
no+s4yNjpc5wAaRml+GYf1tK9WMFuZn79qKxkYv4WI96dXR0FL59YbFRkkaI+1/b
G31MvWTqVjY1nJGslByFPUUB8Ca1djtp1gx6NXnOYr3V5MEDfdbjjPu79No+/y6M
tIua5yNtSRlk2nKhIqo3D/sGQ/uHijiMRAtoLhiyqYMc9W9vx/KOoCUHoMJqE39a
Eputvgwwo0rwgSmNfB1dzneFojBdJ47WBSHC8NKtkpJj6mzvvlaI9jmEpK54x3nl
OmBj3X/xaepoRGAtrmgTBP4A9hSjrTMGu/tUQjlX+Xcr6n3g7GSVe5FpUyIMPXEU
+JZDTiEUyn1OdzfNGmnWP+KJX5pQVq4czf5XK6otLZJELDVw/Hbjnjmdz5WOKgEH
jSof3WPeMBgPAcd/cMAZeiGtWM1UpJBHqEXTkthmrpmtRftJKDbooNM9d5OwKiT+
I3vNBv/plMSr8NDjhTWC+ihrN6RBj1vaqpDgGpucPhoO2hwNqWuI4q5WUKtCyw6J
An7ErNaH4c0nVaZq6kJ8Vxdt+LpKYmOsJ8y9xtl6StcrkKNn+6ZfCfee7DEo2bvb
scfpqJqqOqb5KOagTpYs8mo6yQ3leRvFtoeBOQHVQzct23EwOMxbDyeunT50a1eH
MZTEWuIiuCUudM81QXU46oIcaAtj8tpG0Tmnku9g27EjwxUt+8kVmhlPHMb2TdoF
k5d0ce+JuxIG5+i+t8sUCorMc8zfp4g1bxZeMOcPnfyO3bSW11EVcN7ZxHlFC+XE
YOByP50CM3P8lItPlQ+WpY9kYWjiwu9kVPaGQ16G47nspngJInU5dhka3KJGtIZe
q7kBDQRFWc3GAQgAz/JUs24niKsd0ZtOjUWd4R4y0gjS0kC/vvLL2gbXYkA9tcjG
5iEvVWJY34QsudX0v1ULsVnJ89X/gsk8hAhAia1TQm+0Qq+MSxEaQkMSaOO8N70U
XzgH1dielvpea20WO4MyWQuRIJ0K2nsGmEPnt6ZP7fK8HVHFNggP/mQ6LMu1reAF
gvb8cEtjb9B5QaCUEoLjsbsuo+vLW7AWy4GfIRNESHw2Qt08AUaGrihpu6zi7N2b
QkHHJtqa63GzYJ+kYzAVvrFJXdwL/TRXLBzv+6yyvYSIHi8uB6/o6CZN6hpjfpME
ph+oYPqXeNOyMd1E9Kg8ymcPrNyQKfE3WnCRXQARAQABiQIlBBgBAgAPBQJFWc3H
AhsMBQkB4TOAAAoJEEpghLnA1x9KXYMP/3D9JYti6C8DWuX2hWv+2SUbLcMa5u1e
ETewIo5S3mqGWSaxX4YLPVRkZ1lOLmFysOLimf0thYm7IsatLcWmBdYUpK92ilvr
Sk2sKlhrOoBXEX/79Kz+Aj5PjeyiQxgQ7Ba/afwhU6aTqs2Dp1T0YNu2eBvV+1QH
lZnW2Wh96zzwc0dJUuY9eBk5Fgpu08Wce7o6jxFPtVyAaQa0zcNAmw2TSY7wbunJ
WTl9OgATAyqVCuhWW7AnPcSqkH8lQigSc00wfqJKOD2Us0FqN6UKDCZTyQkdP6hx
G+3aUkkvGSOxy7u9bVWmrikuJMoiIY/CH/m+GcJJATVibI7t5MhhtBGySKc3PAwc
58sVe9AnbDvs84efrNP59j2KG2KKqcqjTGAmKyJnG3N50xJGakDIsqfneIRNWpEE
pOOPaOqR4qnPAS9OSt9A3hqBpWPjQcScd6AuO+J2PE5y23pTnb9PtLBQb5e4VFiv
N54u8j4bU2CO0SC2isZ3CR68dPHthWsxt4XbjhgktjbpQRQ8L2EDBQ8oE13GOrOw
P8x4Q0eC5uzkXNyRqzKOsxlZEuc+75aDDd3M2GDw08FG7GI1p/L+NgenwT+9TmFX
2hOKVrjgyx+fPut1t5DJJubDWXGOK33qvrL7HTCEv1zz7LNbbPwwNHK4lfMAWuJW
D9wc3Y9Se/P/
=5MAs
-----END PGP PUBLIC KEY BLOCK-----

2
debian/watch vendored
View file

@ -1,2 +0,0 @@
version=3
opts=pgpsigurlmangle=s/$/.sig/ http://www.tinc-vpn.org/packages/tinc-(1\.0\.\d+)\.tar\.gz