Bug#848891: [Pkg-swan-devel] Bug#848891: Remove outdated code

2016-12-20 Thread Yves-Alexis Perez 
On Tue, 2016-12-20 at 17:08 +0100, Christian Ehrhardt wrote:
> > On Tue, Dec 20, 2016 at 4:27 PM, Yves-Alexis Perez 
> wrote:
> 
> > This change has been sitting in Ubuntu for how long?
> 
> 
> Like early 2014, so about 2.5 years at least.

Ok, so it has seen some user exposure I guess.


> Just before now no one seems to have picked up the work to ask for syncing
> it back to you.
> I beg a pardon for that.

No issue here. I didn't ask to blame you about not upstreaming thing, I was
really asking to know about user exposure and possible complaints :)

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part

Bug#848891: [Pkg-swan-devel] Bug#848891: Remove outdated code

2016-12-20 Thread Christian Ehrhardt 
On Tue, Dec 20, 2016 at 4:27 PM, Yves-Alexis Perez 
wrote:

> This change has been sitting in Ubuntu for how long?


Like early 2014, so about 2.5 years at least.
Just before now no one seems to have picked up the work to ask for syncing
it back to you.
I beg a pardon for that.


-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd

Bug#848891: [Pkg-swan-devel] Bug#848891: Remove outdated code

2016-12-20 Thread Yves-Alexis Perez 
Hi Christian, thanks for your bug report(s).

On Tue, 2016-12-20 at 16:15 +0100, Christian Ehrhardt wrote:
> In d/strongswan-starter.postinst there seems to be code that is no more
> needed:
>   - section about runlevel changes
>   - entire section on opportunistic encryption - this was never used
> 
> Also the debconf for the inc file is IMHO not working.
> cat /var/lib/strongswan/ipsec.conf.inc
>   #include /etc/ipsec.d/examples/oe.conf
> That file is not existing (and not created) on my Debian-sid system.
> 
> I tried to get as much as possible from its debconf but it does only add
> the disabled OE.
> $ dpkg-reconfigure strongswan-starter -p low
>   Disabling opportunistic encryption (OE) in config file ... already
> disabled

Yes, I think the ipsec.conf.inc was supposed to be handled by debconf, but I'm
not sure how it was supposed to work (it was before my time). I agree that
simplifying the packaging and removing unused stuff is a good idea, and this
is a start indeed.

This change has been sitting in Ubuntu for how long?

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part

Bug#848891: Remove outdated code

2016-12-20 Thread Christian Ehrhardt 
Package: strongswan
Version: 5.5.1-2
Severity: normal

Hi,
this is the part of the feed back of "Ubuntu changes" that is probably more
discussion worthy.
And I'm not even speaking of renamed service names yet :-)

Our Ubuntu Delta for quite a while dropped some outdated code.
I didn't come up with the wording - it was called outdated before I even
touched Strongswan - so no offense intended.

Since I was not 100% sure if I consider all special cases that might apply
to I'm only starting a discussion about it and we can see if you agree
(instead of submitting patches).

In d/strongswan-starter.postinst there seems to be code that is no more
needed:
  - section about runlevel changes
  - entire section on opportunistic encryption - this was never used

Also the debconf for the inc file is IMHO not working.
cat /var/lib/strongswan/ipsec.conf.inc
  #include /etc/ipsec.d/examples/oe.conf
That file is not existing (and not created) on my Debian-sid system.

I tried to get as much as possible from its debconf but it does only add
the disabled OE.
$ dpkg-reconfigure strongswan-starter -p low
  Disabling opportunistic encryption (OE) in config file ... already
disabled


All that together would make up some nice cleanup like the attached patch I
have as a suggestion.
Looking forward to a discussion on all of that.

-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
Cleanup outdated strongswan packaging code

* clean up d/strongswan-starter.postinst:
  - Removed section about runlevel changes
  - Removed entire section on opportunistic encryption
strongSwan.
* d/rules: Removed pieces on 'patching ipsec.conf' on build.
* d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.

diff --git a/debian/strongswan-starter.postinst b/debian/strongswan-starter.postinst
index 9e4d7b1..a1dd748 100644
--- a/debian/strongswan-starter.postinst
+++ b/debian/strongswan-starter.postinst
@@ -29,7 +29,6 @@ set -e
 # installation fails and the `postinst' is called with `abort-upgrade',
 # `abort-remove' or `abort-deconfigure'.
 
-CONF_FILE=/var/lib/strongswan/ipsec.conf.inc
 SECRETS_FILE=/var/lib/strongswan/ipsec.secrets.inc
 
 Warn ()
@@ -75,50 +74,6 @@ make_x509_cert() {
-days $2 $selfsigned >/dev/null
 }
 
-enable_daemon_start() {
-daemon=$1
-protocol=$2
-
-echo -n "Enabling ${protocol} support by ${daemon}... "
-if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then
-echo "already enabled"
-elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then
-  	sed "s/${daemon}start=no/${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp
-cp $CONF_FILE.tmp $CONF_FILE
-	rm $CONF_FILE.tmp
-echo "done"
-elif [ -e $CONF_FILE ] && egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then
-  	sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp
-cp $CONF_FILE.tmp $CONF_FILE
-	rm $CONF_FILE.tmp
-echo "done"
-elif [ ! -e $CONF_FILE ]; then
-	echo -e "\t${daemon}start=yes" > $CONF_FILE
-else
-echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!"
-fi
-}
-
-disable_daemon_start() {
-daemon=$1
-protocol=$2
-
-echo -n "Disabling ${protocol} support by ${daemon}... "
-if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE ||
-   egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then
-echo "already disabled"
-elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then
-  	sed "s/${daemon}start=yes/${daemon}start=no/" < $CONF_FILE > $CONF_FILE.tmp
-cp $CONF_FILE.tmp $CONF_FILE
-	rm $CONF_FILE.tmp
-echo "done"
-elif [ ! -e $CONF_FILE ]; then
-	echo -e "\t${daemon}start=yes" > $CONF_FILE
-else
-echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!"
-fi
-}
-
 setup_strongswan_user() {
 if ! getent passwd strongswan >/dev/null; then
 adduser --quiet --system --no-create-home --home /var/lib/strongswan --shell /usr/sbin/nologin strongswan
@@ -209,88 +164,17 @@ case "$1" in
 	db_set strongswan/install_x509_certificate false
 	fi
 
-	# lets see if we are already using dependency based booting or the correct runlevel parameters
-	if ! ( [ "`find /etc/init.d/ -name '.depend.*'`" ] || [ "$runlevels" = "0K841K842S163S164S165S166K84" ] ); then
-	db_fset strongswan/runlevel_changes seen false
-	db_input high strongswan/runlevel_changes || true
-	db_go
-
-	# if the admin did not change the runlevels which got installed by older packages we can modify them
-	if [ "$runlevels" = "0K346K34SS41" ] || [ "$runlevels" = "0K301K302S153S154S155S156K30" ] || [ "$runlevels" = "0K191K192S213S214S215S216K19" ]; then
-		update-rc.d -f ipsec remove
-	fi
-
-	update-rc.d ipsec defaults 16 84 > /dev/null
-	fi