openvpn3: v20 -> v23

[JarvisCraft]

Description of changes

This updates openvpn3 from v20 to v22_dev.
Considering that v20 and v21 currently don't work due to glib problems (see #235986 for details) it is worth jumping to _dev version for now (worth noting that Aur already uses this version).

This PR also adds the gdbuspp module which is a D-Bus library developed by OpenVPN team now used by openvpn3-linux.

Also, the corresponding NixOS module now generates the openvpn3 configs in /etc with the settings exposed via module's configuration.

I've tested the changes on my setup and they seem to fix issues previously observed on v20.

cc @dsommers as suggested by my colleague.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[JarvisCraft]

Small status update: working on cleaning some stuff up and on checking of it is possible to use custom users and groups (so that two consecutive breakages can be omitted)

UPD: custom user and group option seems to be untested in upstream and there seems to not be much need for it

[JarvisCraft]

Looks like v23 has been released recently, so I will soon take a look at the changes and fixes and adopt the PR.

Seems nice to me that we will skip the _dev-tagged version.

[dsommers]

Looks like v23 has been released recently, so I will soon take a look at the changes and fixes and adopt the PR.

Correct! I usually announce new releases on the openvpn-devel and openvpn-user mailing lists

https://www.mail-archive.com/[email protected]/msg29065.html

The git tags will be pushed out about the same time as well.

Seems nice to me that we will skip the _dev-tagged version.

Some background for this tagging ... The _dev tag (and other) may appear from time to time. It attempts to signal the code quality. _dev is development snapshots. _beta has been used in the past and may appear again, that is more stable than development snapshots. Releases without a "tag" are stable releases. Only stable releases will be available for .deb/.rpm users via the repositories hosted packages.openvpn.net.

Which versions you want to publish in NixOS are entirely up to you. Or if you want to have a parallel package with a different naming to have separate builds between stable releases and non-stable releases. You know your user base and the packaging policies best.

[dsommers]

Small status update: working on cleaning some stuff up and on checking of it is possible to use custom users and groups (so that two consecutive breakages can be omitted)

UPD: custom user and group option seems to be untested in upstream and there seems to not be much need for it

I believe you're referring to the openvpn_username and openvpn_group settings via meson configure. These are primarily for package maintainers. I didn't want to hardcode openvpn into the main code base, in case some distributions would like to use a different user/group for OpenVPN - or even separate openvpn 2.x from openvpn3-linux. Again, this is a setting targetting distribution packagers primarily - and it defaults to openvpn//openvpn.

[bobvanderlinden]

Hmm, currently openvpn3 seems broken in some cases. I ran into #235986, OpenVPN/openvpn3-linux#171 and this PR while searching for Failed to disconnect tunnel (object does not exist). I guess the _dev version is needed to get it in some cases going?

[JarvisCraft]

Hi @bobvanderlinden! Yup, this version is (almost) ready for use with the exception of me awaiting for the patches to be merged to upstream so that I can reference them in the package for further removal (once the patches are available in a fresh release).
I've just pushed the fresh commits fixing some previously mentioned issues.
By the way, it is now v23 thus no more _dev suffix uncertainty.

Side note (mostly for me) the latest v22_dev commit was: d2456c8

By the way, @KFearsoff is no longer the maintainer of the package, though it is worth giving him credit for the initial packaging and the thorough review of this PR!

[JarvisCraft]

@dsommers, apologies for the long reply in this thread!

Thanks for your support from the upstream side of this PR and the details about _dev versioning :)

I believe you're referring to the openvpn_username and openvpn_group settings via meson configure. These are primarily for package maintainers. I didn't want to hardcode openvpn into the main code base, in case some distributions would like to use a different user/group for OpenVPN - or even separate openvpn 2.x from openvpn3-linux. Again, this is a setting targetting distribution packagers primarily - and it defaults to openvpn//openvpn.

Exactly, these are the variables I was experimenting with. For now I've decided to stick to the defaults given the currently packaged openvpn3 relies on them and that I've sees some non-trivial occurrences of the fixes openvpn in the upstream. So I guess user/group customization may come as a separate PR not to overcomplicate this one.

[JarvisCraft]

Oh hi, glad to see you again ❤️