Added openvpn-update-systemd-resolved v1.3.0

mortyr45 · Sep 1, 2023 · ccb7b39 · ccb7b39
1 parent 3378a5a
commit ccb7b39
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 0 deletions.
diff --git a/packages/openvpn-update-systemd-resolved/PKGBUILD b/packages/openvpn-update-systemd-resolved/PKGBUILD
@@ -0,0 +1,27 @@
+#Maintainer: max-k <max-k AT post DOT com>
+pkgname=openvpn-update-systemd-resolved
+pkgver=1.3.0
+pkgrel=4
+pkgdesc="OpenVPN systemd-resolved Updater"
+arch=("any")
+url="https://github.com/jonathanio/update-systemd-resolved"
+license=("GPL")
+depends=("openvpn" "bash" "iproute2" "systemd>229")
+source=("https://github.com/jonathanio/update-systemd-resolved/archive/v${pkgver}.tar.gz"
+        'openvpn-update-systemd-resolved.install'
+        'openvpn-update-systemd-resolved.rules')
+install=$pkgname.install
+sha256sums=('ee88c1862cb7d197adfcb0e088530993e092f7035fdd95693827d6526f2817af'
+            '2a84e0d96fab9735454007053df4946aa7890cd63981087944d5b4d8906fdd07'
+            'b8a4d95c950a0efd12a3270a5f14077710adeff1a82cad74df8bd254a00c1169')
+
+package() {
+  install -d -m750 "${pkgdir}/usr/share/polkit-1/rules.d"
+  install -D -m644 openvpn-update-systemd-resolved.rules "${pkgdir}/usr/share/polkit-1/rules.d/00-openvpn-systemd-resolved.rules"
+
+  cd "${srcdir}/update-systemd-resolved-${pkgver}"
+  install -D -m755 update-systemd-resolved "${pkgdir}/usr/bin/update-systemd-resolved"
+  install -D -m644 update-systemd-resolved.conf "${pkgdir}/usr/share/doc/openvpn/update-systemd-resolved.conf"
+}
+
+# vim:set ts=2 sw=2 et:
diff --git a/packages/openvpn-update-systemd-resolved/build b/packages/openvpn-update-systemd-resolved/build
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+make_srcinfo () {
+  makepkg --printsrcinfo > .SRCINFO
+}
+
+build () {
+  updpkgsums && makepkg -s "${@}"
+}
+
+clean () {
+  rm -rf *.pkg.tar.xz *.tar.gz ; rm -rf ./pkg ./src ; true
+}
+
+main () {
+  clean && build "${@}" && make_srcinfo
+}
+
+main "$@"
diff --git a/packages/openvpn-update-systemd-resolved/openvpn-update-systemd-resolved.install b/packages/openvpn-update-systemd-resolved/openvpn-update-systemd-resolved.install
@@ -0,0 +1,26 @@
+post_install() {
+  echo
+  echo "To complete the installation, please add this script to your OpenVPN"
+  echo "settings for each of the VPNs you wish it to manage the DNS for:"
+  echo "    script-security 2"
+  echo "    up /usr/bin/update-systemd-resolved"
+  echo "    up-restart"
+  echo "    down /usr/bin/update-systemd-resolved"
+  echo "    down-pre"
+  echo
+}
+
+post_upgrade() {
+  post_install
+  echo
+  echo "The path to the script has changed. Please ensure you update all your"
+  echo "configuration files to match this:"
+  echo "    up /usr/bin/update-systemd-resolved"
+  echo "    down /usr/bin/update-systemd-resolved"
+  echo
+  echo "If you are using persist-tun and ping-restart, you should add up-restart"
+  echo "to your configuration so that update-systemd-resolved is called when"
+  echo "there is a partial restart of the connection. Otherwise, or your DNS"
+  echo "configuration may not be restored."
+  echo
+}
diff --git a/packages/openvpn-update-systemd-resolved/openvpn-update-systemd-resolved.rules b/packages/openvpn-update-systemd-resolved/openvpn-update-systemd-resolved.rules
@@ -0,0 +1,12 @@
+// Allow the OpenVPN user to manage DNS via systemd-resolved
+// as part of the openvpn-update-systemd-resolved package
+polkit.addRule(function(action, subject) {
+    if (action.id == 'org.freedesktop.resolve1.set-dns-servers' ||
+        action.id == 'org.freedesktop.resolve1.set-domains' ||
+    //  action.id == 'org.freedesktop.resolve1.set-default-route' ||
+        action.id == 'org.freedesktop.resolve1.set-dnssec') {
+        if (subject.user == 'openvpn') {
+            return polkit.Result.YES;
+        }
+    }
+});