Arch Linux User Repository

The example config needs to be updated to reflect the new path to /usr/bin/

@somini, thanks

Sadly this package doesn't work for me. Or dns server in my internet router still has a higher priority.

Here's a patch to implement the changes I mentioned before, mostly for standards compliance: - Install binaries on /usr/bin - Install polkit rules in /usr/share/polkit-1/rules.d/ - Install openvpn configuration example in /usr/share/doc/openvpn/ (this is used by openvpn

This moves all the files out of /etc.

Setting the PATH is also irrelevant as @christoph.gysin mentioned, it can be removed.

diff --git i/.SRCINFO w/.SRCINFO
index 8764137..95e4585 100644
--- i/.SRCINFO
+++ w/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = openvpn-update-systemd-resolved
    pkgdesc = OpenVPN systemd-resolved Updater
    pkgver = 1.3.0
-   pkgrel = 2
+   pkgrel = 3
    url = https://github.com/jonathanio/update-systemd-resolved
    install = openvpn-update-systemd-resolved.install
    arch = any
@@ -14,7 +14,7 @@ pkgbase = openvpn-update-systemd-resolved
    source = openvpn-update-systemd-resolved.install
    source = openvpn-update-systemd-resolved.rules
    sha256sums = ee88c1862cb7d197adfcb0e088530993e092f7035fdd95693827d6526f2817af
-   sha256sums = 4905c25c753bd7d3c9323baf67ffdf4d1dca5109df92fec1e853a7a2e7e0ab2b
+   sha256sums = 2a84e0d96fab9735454007053df4946aa7890cd63981087944d5b4d8906fdd07
    sha256sums = b8a4d95c950a0efd12a3270a5f14077710adeff1a82cad74df8bd254a00c1169

 pkgname = openvpn-update-systemd-resolved
diff --git i/PKGBUILD w/PKGBUILD
index b06aa7b..0544042 100644
--- i/PKGBUILD
+++ w/PKGBUILD
@@ -1,6 +1,6 @@
 pkgname=openvpn-update-systemd-resolved
 pkgver=1.3.0
-pkgrel=2
+pkgrel=3
 pkgdesc="OpenVPN systemd-resolved Updater"
 arch=("any")
 url="https://github.com/jonathanio/update-systemd-resolved"
@@ -11,15 +11,15 @@ source=("https://github.com/jonathanio/update-systemd-resolved/archive/v${pkgver
         'openvpn-update-systemd-resolved.rules')
 install=$pkgname.install
 sha256sums=('ee88c1862cb7d197adfcb0e088530993e092f7035fdd95693827d6526f2817af'
-            '4905c25c753bd7d3c9323baf67ffdf4d1dca5109df92fec1e853a7a2e7e0ab2b'
+            '2a84e0d96fab9735454007053df4946aa7890cd63981087944d5b4d8906fdd07'
             'b8a4d95c950a0efd12a3270a5f14077710adeff1a82cad74df8bd254a00c1169')

 package() {
-  install -D -m644 openvpn-update-systemd-resolved.rules "${pkgdir}/etc/polkit-1/rules.d/00-openvpn-systemd-resolved.rules"
+  install -D -m644 openvpn-update-systemd-resolved.rules "${pkgdir}/usr/share/polkit-1/rules.d/00-openvpn-systemd-resolved.rules"

   cd $srcdir/update-systemd-resolved-${pkgver}
-  install -D -m755 update-systemd-resolved "${pkgdir}/etc/openvpn/scripts/update-systemd-resolved"
-  install -D -m644 update-systemd-resolved.conf "${pkgdir}/etc/openvpn/scripts/update-systemd-resolved.conf"
+  install -D -m755 update-systemd-resolved "${pkgdir}/usr/bin/update-systemd-resolved"
+  install -D -m644 update-systemd-resolved.conf "${pkgdir}/usr/share/doc/openvpn/update-systemd-resolved.conf"
 }

 # vim:set ts=2 sw=2 et:
diff --git i/openvpn-update-systemd-resolved.install w/openvpn-update-systemd-resolved.install
index 331fc92..3890034 100644
--- i/openvpn-update-systemd-resolved.install
+++ w/openvpn-update-systemd-resolved.install
@@ -3,10 +3,9 @@ post_install() {
   echo "To complete the installation, please add this script to your OpenVPN"
   echo "settings for each of the VPNs you wish it to manage the DNS for:"
   echo "    script-security 2"
-  echo "    setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-  echo "    up /etc/openvpn/scripts/update-systemd-resolved"
+  echo "    up /usr/bin/update-systemd-resolved"
   echo "    up-restart"
-  echo "    down /etc/openvpn/scripts/update-systemd-resolved"
+  echo "    down /usr/bin/update-systemd-resolved"
   echo "    down-pre"
   echo
 }
@@ -16,8 +15,8 @@ post_upgrade() {
   echo
   echo "The path to the script has changed. Please ensure you update all your"
   echo "configuration files to match this:"
-  echo "    up /etc/openvpn/scripts/update-systemd-resolved"
-  echo "    down /etc/openvpn/scripts/update-systemd-resolved"
+  echo "    up /usr/bin/update-systemd-resolved"
+  echo "    down /usr/bin/update-systemd-resolved"
   echo
   echo "If you are using persist-tun and ping-restart, you should add up-restart"
   echo "to your configuration so that update-systemd-resolved is called when"

@dimop Thanks. This was something I was certainly not aware of either. I'll work on this today and get an update out with the extra configuration.

Thank you! This is a breaking change I think, surprised it didn't make the news.

openvpn 2.5.0-3 runs no longer scripts as root but as the user openvpn. Thus the D-BUS call to SetLinkDNS fails. My workaround is to authorize the user openvpn using a PolicyKit rule to update the DNS server in resolved:

in /etc/polkit-1/rules.d/00-openvpn-resolve.rules write:

polkit.addRule(function(action, subject) {
    if (action.id == 'org.freedesktop.resolve1.set-dns-servers' ||
        action.id == 'org.freedesktop.resolve1.set-domains' ||
//       action.id == 'org.freedesktop.resolve1.set-default-route' ||
        action.id == 'org.freedesktop.resolve1.set-dnssec') {
        if (subject.user == 'openvpn') {
            return polkit.Result.YES;
        }
    }
});

Setting the path as instructed in the post install seems unnecessary. I assume this was copied from upstream? Could we remove it?

@mprom Mostly adherence to standards.

• Installing executable binaries on /etc doesn't make much sense. Keep them in its location
• The .conf file is not supposed to be editable, it doesn't need to be added to /etc. You can always source it on the OpenVPN configuration and then redefine stuff.

@somini Could you elaborate as to why?