Import Debian changes 1.1~pre11-1

tinc (1.1~pre11-1) experimental; urgency=medium * New upstream release. * Update NEWS.Debian to reflect that tincctl has been renamed to tinc. Closes: #729889 * Warn about incompatibility with previous 1.1preX releases, and that new Ed25519 keys should be generated. * Add native systemd service files. * Automatically convert networks listed in nets.boot to systemd service instances on upgrade. * Don't restart tinc on upgrade for now.
2015-01-08 14:51:34 +01:00 · 2015-01-08 14:51:34 +01:00 · ff4039db4b
commit ff4039db4b
parent edfe2872c3 1813f3157e
138 changed files with 11154 additions and 3157 deletions
--- a/debian/NEWS
+++ b/debian/NEWS
@ -1,11 +1,43 @@
+tinc (1.1~pre11-1) experimental; urgency=medium
+
+  This package now provides a native systemd service file, allowing multiple
+  instances of tinc to be managed. Existing networks listed in
+  /etc/tinc/nets.boot will be converted to service instances once during this
+  upgrade. Afterwards, you can enable and disable networks using:
+
+    systemctl enable tinc@<netname>
+    systemctl disable tinc@<netname>
+
+  If you do not have systemd installed, the SysV init script will continue to
+  work as usual. For more information, see README.Debian.
+
+  Please note that tinc 1.1pre11 is backwards compatible with tinc 1.0.x, but
+  is not backwards compatible with 1.1pre1 to 1.1pre10 nodes if
+  ExperimentalProtocol is enabled, which is the default.
+
+  If you have more than one node running an 1.1 prerelease version in your VPN,
+  make sure you upgrade them all at the same time, or disable the new protocol
+  by adding the following line to tinc.conf:
+
+    ExperimentalProtocol = no
+
+  If you do want to use the new protocol, be aware that this version of tinc
+  switched to Ed25519 keys. You can generate a new Ed25519 keypair by running
+  the following command:
+
+    tinc -n <netname> generate-ed25519-keys
+
+  You have to manually restart tinc after this upgrade.
+
+ -- Guus Sliepen <guus@debian.org>  Sat, 08 Jan 2015 14:02:27 +0100
+
 tinc (1.1~pre2-1) experimental; urgency=low

-   tinc-1.1 has separate control utility, tincctl, which is now used
-   to start/stop tinc instances, to reload configuration, to get
-   various information about running tincd (including dump of nodes
-   and connections) and so on.  tincd still reacts to some signals
-   as before, but this usage is deprecated.  In particular, -k
-   option is now gone.  Also, node/connection/etc dumps are
-   produced on tincctl stdout, not into syslog.
+  tinc-1.1 has separate control utility, tinc (without the d), which is now
+  used to start/stop tinc instances, to reload configuration, to get various
+  information about running tincd (including dump of nodes and connections)
+  and so on. tincd still reacts to some signals as before, but this usage is
+  deprecated. In particular, -k option is now gone. Also, node/connection/etc
+  dumps are produced on tincctl stdout, not into syslog.

 -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 07 Aug 2011 13:16:17 +0400
--- a/debian/README.Debian
+++ b/debian/README.Debian
@ -1,17 +1,54 @@
 tinc for Debian
----------------------
+---------------

 The manual for tinc is also available as info pages, type `info tinc'
 to read it.

-The system startup script for tinc, /etc/init.d/tinc, uses the file
-/etc/tinc/nets.boot to find out which networks have to be started.
+There are several ways in which tinc may be automatically started at boot:

-Alternatively, you can create a stanza in /etc/network/interfaces, and add a
-line with "tinc-net <netname>". This will cause a tincd to be started which
-uses the configuration from /etc/tinc/<netname>. You can use an inet static
-(with address and netmask options) or inet dhcp stanza, in which case the ifup
-will configure the VPN interface and you do not need to have a tinc-up script.
+Systemd
+-------
+
+Since 1.1~pre11-1, the tinc package comes with native systemd service files.
+To enable and start a net, call:
+
+systemctl enable tinc@<netname>
+systemctl start tinc@<netname>
+
+This will cause a tincd to be started which uses the configuration from
+/etc/tinc/<netname>, and also makes sure that it will be started next time your
+system boots.
+
+Apart from controlling individual instances, you can also start/stop/reload all
+enabled instances simultaneously by omitting @<netname>, for example:
+
+systemctl reload tinc
+
+Note that when you have systemd installed on your system, the file
+/etc/tinc/nets.boot will not be used anymore to automatically start tinc
+daemons. If the variable EXTRA is defined in /etc/default/tinc, it will be
+passed on to tinc. The variable LIMITS is however not used.
+
+The service files that come with this package start tinc unconditionally.
+However, tinc does support socket activation. If you wish to write a socket
+unit for tinc, use the ListenStream option to specify on which port(s) and
+address(es) tinc should listen.
+
+SysVinit
+--------
+
+The system startup script for tinc, /etc/init.d/tinc, uses the file
+/etc/tinc/nets.boot to find out which networks have to be started. Use one
+netname per line. Lines starting with a # are ignored.
+
+/etc/network/interfaces
+-----------------------
+
+You can create a stanza in /etc/network/interfaces, and add a line with
+"tinc-net <netname>". This will cause a tincd to be started which uses the
+configuration from /etc/tinc/<netname>. You can use an inet static (with
+address and netmask options) or inet dhcp stanza, in which case the ifup will
+configure the VPN interface and you do not need to have a tinc-up script.

 The following options are also recognized and map directly to the corresponding
 command line options for tincd:
@ -38,4 +75,4 @@ This will start a tinc daemon that reads its configuration from
 nobody, and creates a network interface called "vpn". Ifup then sets the
 address and netmask on that interface.

- -- Guus Sliepen <guus@debian.org>, Fri, 24 June 2011, 18:10:53 +0200
+ -- Guus Sliepen <guus@debian.org>, Thu, 8 January 2015, 13:37:46 +0100
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,17 @@
+tinc (1.1~pre11-1) experimental; urgency=medium
+
+  * New upstream release.
+  * Update NEWS.Debian to reflect that tincctl has been renamed to tinc.
+    Closes: #729889
+  * Warn about incompatibility with previous 1.1preX releases, and that new
+    Ed25519 keys should be generated.
+  * Add native systemd service files.
+  * Automatically convert networks listed in nets.boot to systemd service
+    instances on upgrade.
+  * Don't restart tinc on upgrade for now.
+
+ -- Guus Sliepen <guus@debian.org>  Thu, 08 Jan 2015 14:51:34 +0100
+
 tinc (1.1~pre9-1) experimental; urgency=low

  * New upstream release.
--- a/debian/control
+++ b/debian/control
@ -2,7 +2,7 @@ Source: tinc
 Section: net
 Priority: optional
 Maintainer: Guus Sliepen <guus@debian.org>
-Standards-Version: 3.9.4
+Standards-Version: 3.9.6
 Build-Depends: libssl-dev (>>1.0.0), debhelper (>= 9), texinfo, zlib1g-dev, liblzo2-dev, libncurses5-dev, libreadline-dev, libvdeplug-dev
 Homepage: http://www.tinc-vpn.org/

--- a/debian/postinst
+++ b/debian/postinst
@ -6,13 +6,6 @@ set -e

 case "$1" in
    configure)
-	if [ ! -e /dev/.devfsd ] ; then if [ ! -e /dev/.devfs ] ; then
-		if [ ! -e /dev/net/tun ] ; then if [ ! -e /dev/tun ] ; then
-			echo "Creating tun device..."
-			cd /dev && ./MAKEDEV net/tun 2>/dev/null || ./MAKEDEV tun 2>/dev/null || echo "Failed to create tun device."
-		fi; fi
-	fi; fi
-
 	if [ ! -e $NETSFILE ] ; then
 	    echo "## This file contains all names of the networks to be started on system startup." > $NETSFILE
 	fi
--- a/debian/preinst
+++ b/debian/preinst
@ -0,0 +1,28 @@
+#!/bin/sh
+
+NETSFILE="/etc/tinc/nets.boot"
+SYSTEM="/lib/systemd/system"
+WANTS="/etc/systemd/system/multi-user.target.wants"
+
+set -e
+
+case "$1" in
+	upgrade)
+		if dpkg --compare-versions "$2" '<' "1.1~pre11-1"; then
+			if [ -f "$NETSFILE" ]; then
+				echo -n "Creating systemd service instances from nets.boot:"
+				mkdir -p "$WANTS"
+				egrep '^[ ]*[a-zA-Z0-9_-]+' $NETSFILE | while read net args; do
+					echo -n " $net"
+					ln -s "$SYSTEM/tinc@.service" "$WANTS/tinc@$net.service" 2>/dev/null || true
+				done
+				echo "."
+			fi
+		fi
+	;;
+
+	*)
+	;;
+esac
+
+#DEBHELPER#
--- a/debian/rules
+++ b/debian/rules
@ -28,4 +28,4 @@ override_dh_auto_test:
 	# I don't think the autobuilders will like this.

 override_dh_installinit:
-	dh_installinit -R
+	dh_installinit -r
--- a/debian/tinc.install
+++ b/debian/tinc.install
@ -5,3 +5,4 @@ usr/share/man/man5
 usr/share/man/man8/tincd.*
 usr/share/man/man8/tinc.*
 usr/share/info
+debian/*.service /lib/systemd/system/
--- a/debian/tinc.service
+++ b/debian/tinc.service
@ -0,0 +1,16 @@
+# This is a mostly empty service, but allows commands like stop, start, reload
+# to propagate to all tinc@ service instances.
+
+[Unit]
+Description=Tinc VPN
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecReload=/bin/true
+WorkingDirectory=/etc/tinc
+
+[Install]
+WantedBy=multi-user.target
--- a/debian/tinc@.service
+++ b/debian/tinc@.service
@ -0,0 +1,17 @@
+[Unit]
+Description=Tinc net %i
+PartOf=tinc.service
+ReloadPropagatedFrom=tinc.service
+ 
+[Service]
+Type=simple
+WorkingDirectory=/etc/tinc/%i
+ExecStart=/usr/sbin/tinc -n %i start -D
+ExecReload=/usr/sbin/tinc -n %i reload
+ExecStop=/usr/sbin/tinc -n %i stop
+TimeoutStopSec=5
+Restart=always
+RestartSec=60
+
+[Install]
+WantedBy=tinc.service