diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-11-02 23:31:37 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-11-02 23:31:37 +0000 |
| commit | 56e6be606231f8e8de4fb36ce5f8bbe717ec6d9a (patch) | |
| tree | 2be860c3caf21ed4a6646c8ad5f5136fbaae04ec | |
| parent | 6c43665b8378bf94964804affcb91d2bfe027949 (diff) | |
| download | vyos-strongswan-56e6be606231f8e8de4fb36ce5f8bbe717ec6d9a.tar.gz vyos-strongswan-56e6be606231f8e8de4fb36ce5f8bbe717ec6d9a.zip | |
- Install init script as /etc/init.d/ipsec instead of as strongswan.
- Try to fix postinst and init scripts to actually work with the
recent changes.
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rwxr-xr-x | debian/rules | 4 | ||||
| -rw-r--r-- | debian/strongswan.ipsec.init (renamed from debian/strongswan.init) | 7 | ||||
| -rw-r--r-- | debian/strongswan.postinst | 38 | ||||
| -rw-r--r-- | debian/strongswan.postrm | 4 |
5 files changed, 33 insertions, 24 deletions
diff --git a/debian/changelog b/debian/changelog index 90e191222..077708211 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ strongswan (4.1.8-2) unstable; urgency=medium - * Ship our own init script, since upstream no longer doesn't. + * Ship our own init script, since upstream no longer doesn't. This is still + installed as /etc/init.d/ipsec (and not /etc/init.d/strongswan) to be + backwards compatible. Really closes: #442880: strongswan: postinst failure (missing /etc/init.d/ipsec) * Actually, need to be smarter with ipsec.conf and ipsec.secrets. Not diff --git a/debian/rules b/debian/rules index e49876403..4a11486f2 100755 --- a/debian/rules +++ b/debian/rules @@ -71,7 +71,7 @@ install-strongswan: build-stamp install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan/etc/ipsec.secrets # also "patch" ipsec.conf to include the debconf-managed file echo >> $(CURDIR)/debian/strongswan/etc/ipsec.conf - echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan/etc/ipsec.secrets + echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan/etc/ipsec.conf # and to enable both IKEv1 and IKEv2 by default sed -r 's/^[ \t]+# *plutostart=(yes|no) */\tplutostart=yes/;s/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan/etc/ipsec.conf > $(CURDIR)/debian/strongswan/etc/ipsec.conf.tmp mv $(CURDIR)/debian/strongswan/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan/etc/ipsec.conf @@ -117,7 +117,7 @@ install-strongswan: build-stamp binary-common: dh_testdir dh_testroot - dh_installinit + dh_installinit --name=ipsec dh_installdebconf dh_installchangelogs ChangeLog dh_link diff --git a/debian/strongswan.init b/debian/strongswan.ipsec.init index c264e973f..5cefef516 100644 --- a/debian/strongswan.init +++ b/debian/strongswan.ipsec.init @@ -42,8 +42,7 @@ do_start() # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS \ + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- start \ || return 2 } @@ -57,6 +56,10 @@ do_stop() # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred + # give the proper signal to stop + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- stop \ + || return 2 + # but kill if that didn't work start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 diff --git a/debian/strongswan.postinst b/debian/strongswan.postinst index 394b6c6f0..e2b4f6f66 100644 --- a/debian/strongswan.postinst +++ b/debian/strongswan.postinst @@ -41,7 +41,7 @@ EOF } insert_private_key_filename() { - if ! grep -q ": RSA $1" $SECRETS_FILE; then + if [ ! -e $SECRETS_FILE ] || ! grep -q ": RSA $1" $SECRETS_FILE; then echo ": RSA $1" >> $SECRETS_FILE fi } @@ -53,7 +53,7 @@ IPSEC_SECRETS_PATTERN_4='# do not change the indenting of that "}"' # remove old, misguided attempts at a default ipsec.secrets files repair_legacy_secrets() { - if grep -A 2 "$IPSEC_SECRETS_PATTERN_1" $SECRETS_FILE | + if [ -e $SECRETS_FILE ] && grep -A 2 "$IPSEC_SECRETS_PATTERN_1" $SECRETS_FILE | tail --lines=2 | grep -A 1 "$IPSEC_SECRETS_PATTERN_2" | tail --lines=1 | @@ -107,18 +107,20 @@ enable_daemon_start() { protocol=$2 echo -n "Enabling ${protocol} support by pluto ... " - if egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then echo "already enabled" - elif egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then sed "s/${daemon}start=no/${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp cp $CONF_FILE.tmp $CONF_FILE rm $CONF_FILE.tmp echo "done" - elif egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then + elif [ -e $CONF_FILE ] && egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp cp $CONF_FILE.tmp $CONF_FILE rm $CONF_FILE.tmp echo "done" + else [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE else echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" fi @@ -129,14 +131,16 @@ disable_daemon_start() { protocol=$2 echo -n "Disabling ${protocol} support by pluto ... " - if egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE || - egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then + if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE || + egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then echo "already disabled" - elif egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then sed "s/${daemon}start=yes/${daemon}start=no/" < $CONF_FILE > $CONF_FILE.tmp cp $CONF_FILE.tmp $CONF_FILE rm $CONF_FILE.tmp echo "done" + else [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE else echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" fi @@ -153,11 +157,11 @@ case "$1" in db_get strongswan/rsa_key_type if [ "$RET" = "plain" ]; then # a RSA keypair should be created - check if there is one already - if egrep -q ": RSA[:space:]*" /etc/ipsec.secrets; then + if [ -e /etc/ipsec.secrets ] && egrep -q ": RSA[:space:]*" /etc/ipsec.secrets; then echo "Warning: there is already a RSA key in /etc/ipsec.secrets." echo "Creating an additional one." fi - if egrep -q ": RSA[:space:]*" $SECRETS_FILE; then + if [ -e $SECRETS_FILE ] && egrep -q ": RSA[:space:]*" $SECRETS_FILE; then echo "Warning: there is already a RSA key in $SECRETS_FILE." echo "Creating an additional one." fi @@ -253,33 +257,37 @@ case "$1" in db_get strongswan/enable-oe if [ "$RET" != "true" ]; then echo -n "Disabling opportunistic encryption (OE) in config file ... " - if egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then # also update to new-style config sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp mv $CONF_FILE.tmp $CONF_FILE echo -n "converted old config line to new format" fi - if egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then sed 's/include \/etc\/ipsec.d\/examples\/oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp mv $CONF_FILE.tmp $CONF_FILE echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "#include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE else echo "already disabled" fi else echo -n "Enabling opportunistic encryption (OE) in config file ... " - if egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then # also update to new-style config sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp mv $CONF_FILE.tmp $CONF_FILE echo -n "converted old config line to new format" fi - if egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then echo "already enabled" - elif egrep -q "^#.*include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + elif [ -e $CONF_FILE ] && egrep -q "^#.*include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then sed 's/#.*include \/etc\/ipsec.d\/examples\/oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp mv $CONF_FILE.tmp $CONF_FILE echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE else cat <<EOF >> $CONF_FILE #Enable Opportunistic Encryption diff --git a/debian/strongswan.postrm b/debian/strongswan.postrm index 8ccb5b7a9..e42af1082 100644 --- a/debian/strongswan.postrm +++ b/debian/strongswan.postrm @@ -30,10 +30,6 @@ case "$1" in esac -if [ "$1" = "purge" ] ; then - update-rc.d ipsec remove >/dev/null -fi - # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. |