%global _hardened_build 1 %global debug_package %{nil} %define dkms_name ovpn %define repo_name ovpn-backports %define git_tag ovpn-net-next/main-6.15.0-rc5-20250522 %define tar_dir ovpn-backports-ovpn-net-next-main-6.15.0-rc5-20250522 Name: %{repo_name} Version: 6.15.0.20250522 Release: 2%{?dist} Summary: OpenVPN Data Channel Offload kernel accelerator License: GPL-2.0-only URL: https://github.com/OpenVPN/%{repo_name} Source0: https://github.com/OpenVPN/%{repo_name}/archive/refs/tags/%{git_tag}/v%{version}.tar.gz Source1: dkms.conf.in BuildArch: noarch BuildRequires: make BuildRequires: kernel-devel %description OpenVPN Data Channel Offload kernel module %package -n kmod-%{dkms_name} Summary: OpenVPN Data Channel Offload kernel accelerator (DKMS package) Requires: dkms >= 1.95 Requires: kernel-devel >= 4.18.0 Requires: kernel >= 4.18.0 %description -n kmod-%{dkms_name} This package contains an kernel module to accelerate OpenVPN traffic by doing the data channel encryption and decryption directly in the kernel space and put it directly unto a virtual network interface. By avoiding going via the user-space (which the traditional TUN/TAP devices requires), the encrypted data path from the remote host to the unencrypted data on the local virtual interface is shorter and more direct. Beware that the %{dkms_name} kernel module does not support all the same data channel ciphers OpenVPN may support using a TUN/TAP device. This is because all the encryption/decryption of data channel packets utilizes the crypto API available directly in the Linux kernel and does not involve OpenSSL. Only the control channel packets are handled in user-space, where OpenSSL is used for the TLS packet handling. This is a backport of the ovpn module available in Linux 6.16 or newer. You need a matching dco-enabled OpenVPN to use this, this version requires OpenVPN 2.7 or newer. It is not compatible with the DCO support in OpenVPN 2.6. %prep %autosetup -n %{tar_dir} %build # Nothing to build %install mkdir -p %{buildroot}/%{_prefix}/src/ mkdir -p %{buildroot}/%{_datarootdir}/%{module_name} cp -rv ../%{tar_dir} %{buildroot}/%{_prefix}/src rm -f %{buildroot}/%{_prefix}/src/%{tar_dir}/.gitignore # Prepare dkms.conf cat %{SOURCE1} | sed -e 's/@@VERSION@@/%{version}.%{release}/' > %{buildroot}/%{_prefix}/src/%{tar_dir}/dkms.conf # Rename source dir to the module name and package version including distro release tag mv %{buildroot}/%{_prefix}/src/%{tar_dir} %{buildroot}/%{_prefix}/src/%{dkms_name}-%{version}.%{release} mkdir -p %{buildroot}/%{_pkgdocdir} install -m644 README.md %{buildroot}/%{_pkgdocdir} if [ -f "%{name}-%{version}.dkms.tar.gz" ]; then install -m 644 %{dkms_name}-%{version}.dkms.tar.gz %{buildroot}/%{_datarootdir}/%{dkms_name} fi %post -n kmod-%{dkms_name} dkms add -m %{dkms_name} -v %{version}.%{release} -q --rpm_safe_upgrade || : # Rebuild and make available for the currently running kernel: dkms build -m %{dkms_name} -v %{version}.%{release} -q || : dkms install -m %{dkms_name} -v %{version}.%{release} -q --force || : exit 0 %preun -n kmod-%{dkms_name} echo -e echo -e "Uninstall of %{dkms_name} module (version %{version}.%{release}) beginning:" dkms remove -m %{dkms_name} -v %{version}.%{release} --all --rpm_safe_upgrade || : exit 0 %files -n kmod-%{dkms_name} %{_pkgdocdir} %{_prefix}/src/%{dkms_name}-%{version}.%{release} %changelog * Fri May 23 2025 OpenVPN CI - 6.15.0.20250522 - Update to tag ovpn-net-next/main-6.15.0-rc5-20250522 * Wed May 21 2025 David Sommerseth - 6.15.0.20250516-2 - Updated the DKMS integration to the recommended upstream DKMS approach * Wed May 21 2025 Frank Lichtenheld - 6.15.0.20250516 - Update to tag ovpn-net-next/main-6.15.0-rc5-20250516 * Wed May 14 2025 OpenVPN CI - 20250513 - Update to tag v20250513 * Sat May 10 2025 OpenVPN CI - 20250509 - Update to tag v20250509 * Wed May 07 2025 OpenVPN CI - 20250506 - Update to tag v20250506 * Tue May 06 2025 OpenVPN CI - 20250505 - Update to tag v20250505 * Thu May 01 2025 OpenVPN CI - 20250430 - Update to tag v20250430 * Mon Apr 28 2025 Frank Lichtenheld - 20250423 - New package based on ovpn backports from Linux kernel (net-next for now)