diff --git a/root/sbin/e-smith/systemd/openvpn-routed b/root/sbin/e-smith/systemd/openvpn-routed index 2b9dbe5..ea4205d 100644 --- a/root/sbin/e-smith/systemd/openvpn-routed +++ b/root/sbin/e-smith/systemd/openvpn-routed @@ -24,7 +24,12 @@ if [[ ! -f /etc/openvpn/routed/pub/cacrl.pem && -f /etc/openvpn/bridge/pub/cacrl /sbin/e-smith/expand-template /etc/openvpn/routed/openvpn.conf fi fi -chmod 0600 /etc/openvpn/routed/priv/* -chmod 0644 /etc/openvpn/routed/pub/* -chown root:admin /etc/openvpn/routed/priv/* -chown root:admin /etc/openvpn/routed/pub/* + +if [ ! -z "$( ls -A '/etc/openvpn/routed/priv/' )" ]; then + chmod 0600 /etc/openvpn/routed/priv/* + chown root:admin /etc/openvpn/routed/priv/* +fi +if [ ! -z "$( ls -A '/etc/openvpn/routed/pub/' )" ]; then + chmod 0644 /etc/openvpn/routed/pub/* + chown root:admin /etc/openvpn/routed/pub/* +fi diff --git a/root/usr/lib/systemd/system/openvpn-routed.service b/root/usr/lib/systemd/system/openvpn-routed.service index 95b4764..005544a 100644 --- a/root/usr/lib/systemd/system/openvpn-routed.service +++ b/root/usr/lib/systemd/system/openvpn-routed.service @@ -1,11 +1,17 @@ [Unit] Description=OpenVPN Server routed for Roadwariors After=network.service +ConditionPathExists=/etc/openvpn/routed/priv/key.pem +ConditionPathExists=/etc/openvpn/routed/pub/cert.pem +ConditionPathExists=/etc/openvpn/routed/pub/cacert.pem +ConditionPathExists=/etc/openvpn/routed/pub/dh.pem +# /etc/openvpn/routed/priv/takey.pem is optional [Service] Type=notify PrivateTmp=true WorkingDirectory=/etc/openvpn/routed +PermissionsStartOnly=true ExecStartPre=-/sbin/e-smith/service-status 'openvpn-routed' ExecStartPre=-/sbin/e-smith/systemd/openvpn-routed diff --git a/smeserver-openvpn-routed.spec b/smeserver-openvpn-routed.spec index aa8cdcf..afd2be3 100644 --- a/smeserver-openvpn-routed.spec +++ b/smeserver-openvpn-routed.spec @@ -4,7 +4,7 @@ Summary: OpenVPN, a strong VPN solution build over SSL, pre-configured for routed mode Name: smeserver-openvpn-routed %define version 0.1.6 -%define release 8 +%define release 9 Version: %{version} Release: %{release}%{?dist} License: GPL @@ -26,6 +26,9 @@ to have a full working openvpn server running in routed mode. %changelog +* Fri Aug 29 2025 Jean-Philippe Pialasse 0.1.6-9.sme +- fix service unit permission issues [SME: 12258] + * Thu Mar 06 2025 cvs2git.sh aka Brian Read 0.1.6-8.sme - Roll up patches and move to git repo [SME: 12338]