Package: strongswan
Version: 5.5.1-2
Severity: normal
Hi,
this is the part of the feed back of "Ubuntu changes" that is probably more
discussion worthy.
And I'm not even speaking of renamed service names yet :-)
Our Ubuntu Delta for quite a while dropped some outdated code.
I didn't come up with the wording - it was called outdated before I even
touched Strongswan - so no offense intended.
Since I was not 100% sure if I consider all special cases that might apply
to I'm only starting a discussion about it and we can see if you agree
(instead of submitting patches).
In d/strongswan-starter.postinst there seems to be code that is no more
needed:
- section about runlevel changes
- entire section on opportunistic encryption - this was never used
Also the debconf for the inc file is IMHO not working.
cat /var/lib/strongswan/ipsec.conf.inc
#include /etc/ipsec.d/examples/oe.conf
That file is not existing (and not created) on my Debian-sid system.
I tried to get as much as possible from its debconf but it does only add
the disabled OE.
$ dpkg-reconfigure strongswan-starter -p low
Disabling opportunistic encryption (OE) in config file ... already
disabled
All that together would make up some nice cleanup like the attached patch I
have as a suggestion.
Looking forward to a discussion on all of that.
--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
Cleanup outdated strongswan packaging code
* clean up d/strongswan-starter.postinst:
- Removed section about runlevel changes
- Removed entire section on opportunistic encryption
strongSwan.
* d/rules: Removed pieces on 'patching ipsec.conf' on build.
* d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
diff --git a/debian/strongswan-starter.postinst b/debian/strongswan-starter.postinst
index 9e4d7b1..a1dd748 100644
--- a/debian/strongswan-starter.postinst
+++ b/debian/strongswan-starter.postinst
@@ -29,7 +29,6 @@ set -e
# installation fails and the `postinst' is called with `abort-upgrade',
# `abort-remove' or `abort-deconfigure'.
-CONF_FILE=/var/lib/strongswan/ipsec.conf.inc
SECRETS_FILE=/var/lib/strongswan/ipsec.secrets.inc
Warn ()
@@ -75,50 +74,6 @@ make_x509_cert() {
-days $2 $selfsigned >/dev/null
}
-enable_daemon_start() {
-daemon=$1
-protocol=$2
-
-echo -n "Enabling ${protocol} support by ${daemon}... "
-if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then
-echo "already enabled"
-elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then
- sed "s/${daemon}start=no/${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp
-cp $CONF_FILE.tmp $CONF_FILE
- rm $CONF_FILE.tmp
-echo "done"
-elif [ -e $CONF_FILE ] && egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then
- sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp
-cp $CONF_FILE.tmp $CONF_FILE
- rm $CONF_FILE.tmp
-echo "done"
-elif [ ! -e $CONF_FILE ]; then
- echo -e "\t${daemon}start=yes" > $CONF_FILE
-else
-echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!"
-fi
-}
-
-disable_daemon_start() {
-daemon=$1
-protocol=$2
-
-echo -n "Disabling ${protocol} support by ${daemon}... "
-if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE ||
- egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then
-echo "already disabled"
-elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then
- sed "s/${daemon}start=yes/${daemon}start=no/" < $CONF_FILE > $CONF_FILE.tmp
-cp $CONF_FILE.tmp $CONF_FILE
- rm $CONF_FILE.tmp
-echo "done"
-elif [ ! -e $CONF_FILE ]; then
- echo -e "\t${daemon}start=yes" > $CONF_FILE
-else
-echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!"
-fi
-}
-
setup_strongswan_user() {
if ! getent passwd strongswan >/dev/null; then
adduser --quiet --system --no-create-home --home /var/lib/strongswan --shell /usr/sbin/nologin strongswan
@@ -209,88 +164,17 @@ case "$1" in
db_set strongswan/install_x509_certificate false
fi
- # lets see if we are already using dependency based booting or the correct runlevel parameters
- if ! ( [ "`find /etc/init.d/ -name '.depend.*'`" ] || [ "$runlevels" = "0K841K842S163S164S165S166K84" ] ); then
- db_fset strongswan/runlevel_changes seen false
- db_input high strongswan/runlevel_changes || true
- db_go
-
- # if the admin did not change the runlevels which got installed by older packages we can modify them
- if [ "$runlevels" = "0K346K34SS41" ] || [ "$runlevels" = "0K301K302S153S154S155S156K30" ] || [ "$runlevels" = "0K191K192S213S214S215S216K19" ]; then
- update-rc.d -f ipsec remove
- fi
-
- update-rc.d ipsec defaults 16 84 > /dev/null
- fi