summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-01-02 15:33:59 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-01-02 15:33:59 +0100
commit5c2a7ea94eccdac906a5472ebb4966a4ed1d0cb9 (patch)
tree188fa2ed01ec5dcbabd0afaaf2ff8a8c96e748e3
parent490b8469adf6ec0c742b4b36a6819cb87ff0c7b6 (diff)
downloadvyos-strongswan-5c2a7ea94eccdac906a5472ebb4966a4ed1d0cb9.tar.gz
vyos-strongswan-5c2a7ea94eccdac906a5472ebb4966a4ed1d0cb9.zip
remove references to pluto.
* debian/ipsec.secrets.proto: remove reference to pluto. * debian/strongswan-starter.* remove references to pluto.
-rw-r--r--debian/changelog2
-rw-r--r--debian/ipsec.secrets.proto3
-rw-r--r--debian/strongswan-starter.ipsec.init28
-rw-r--r--debian/strongswan-starter.postinst4
-rw-r--r--debian/strongswan-starter.templates16
5 files changed, 15 insertions, 38 deletions
diff --git a/debian/changelog b/debian/changelog
index 567606552..bad75a3c8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,8 @@ strongswan (5.0.1-1) UNRELEASED; urgency=low
* debian/libstrongswan.install:
- install new xauth-eap, xauth-generic, xauth-pam and nonce plugins.
* debian/strongswan.docs: CREDITS file is gone.
+ * debian/ipsec.secrets.proto: remove reference to pluto.
+ * debian/strongswan-starter.* remove references to pluto.
-- Yves-Alexis Perez <corsac@debian.org> Wed, 02 Jan 2013 14:18:34 +0100
diff --git a/debian/ipsec.secrets.proto b/debian/ipsec.secrets.proto
index 0fe54b65d..b164b64ed 100644
--- a/debian/ipsec.secrets.proto
+++ b/debian/ipsec.secrets.proto
@@ -1,5 +1,4 @@
-# This file holds shared secrets or RSA private keys for inter-Pluto
-# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
+# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
diff --git a/debian/strongswan-starter.ipsec.init b/debian/strongswan-starter.ipsec.init
index cd10682cf..0f4e153eb 100644
--- a/debian/strongswan-starter.ipsec.init
+++ b/debian/strongswan-starter.ipsec.init
@@ -15,9 +15,7 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="strongswan IPsec services"
NAME=ipsec
STARTER=/usr/sbin/$NAME
-PIDFILE1=/var/run/pluto.pid
-PIDFILE2=/var/run/charon.pid
-PLUTO=/usr/lib/ipsec/pluto
+PIDFILE=/var/run/charon.pid
CHARON=/usr/lib/ipsec/charon
SCRIPTNAME=/etc/init.d/$NAME
@@ -47,13 +45,9 @@ do_start()
# 1 if daemon was already running
# 2 if daemon could not be started
- # test if either charon or pluto are currently running (PIDFILE1 or PIDFILE2)
- if [ -e $PLUTO ]; then
- start-stop-daemon --start --quiet --pidfile $PIDFILE1 --exec $STARTER --test > /dev/null \
- || return 1
- fi
+ # test if charon is currently running
if [ -e $CHARON ]; then
- start-stop-daemon --start --quiet --pidfile $PIDFILE2 --exec $STARTER --test > /dev/null \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $STARTER --test > /dev/null \
|| return 1
fi
@@ -75,13 +69,8 @@ do_stop()
RETVAL=0
# but kill if that didn't work
- if [ -e $PIDFILE1 ]; then
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE1 --name $NAME
- RETVAL="$?"
- [ "$RETVAL" = 2 ] && return 2
- fi
- if [ -e $PIDFILE2 ]; then
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE2 --name $NAME
+ if [ -e $PIDFILE ]; then
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
fi
@@ -92,19 +81,14 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- if [ -e $PLUTO ]; then
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $PLUTO
- [ "$?" = 2 ] && return 2
- fi
if [ -e $CHARON ]; then
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $CHARON
[ "$?" = 2 ] && return 2
fi
# strongswan is known to leave PID files behind when something goes wrong, cleanup here
- rm -f $PIDFILE1 $PIDFILE2
+ rm -f $PIDFILE
# and just to make sure they are really really dead at this point...
- killall -9 $PLUTO 2>/dev/null
killall -9 $CHARON 2>/dev/null
return "$RETVAL"
diff --git a/debian/strongswan-starter.postinst b/debian/strongswan-starter.postinst
index 52e895a88..9e4d7b10e 100644
--- a/debian/strongswan-starter.postinst
+++ b/debian/strongswan-starter.postinst
@@ -79,7 +79,7 @@ enable_daemon_start() {
daemon=$1
protocol=$2
- echo -n "Enabling ${protocol} support by pluto ... "
+ echo -n "Enabling ${protocol} support by ${daemon}... "
if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then
echo "already enabled"
elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then
@@ -103,7 +103,7 @@ disable_daemon_start() {
daemon=$1
protocol=$2
- echo -n "Disabling ${protocol} support by pluto ... "
+ echo -n "Disabling ${protocol} support by ${daemon}... "
if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE ||
egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then
echo "already disabled"
diff --git a/debian/strongswan-starter.templates b/debian/strongswan-starter.templates
index f36a76388..a54581e8a 100644
--- a/debian/strongswan-starter.templates
+++ b/debian/strongswan-starter.templates
@@ -28,18 +28,11 @@ _Description: Restart strongSwan now?
existing connections and then bring them back up, so if you are using such
a strongSwan tunnel to connect for this update, restarting is not recommended.
-Template: strongswan/ikev1
+Template: strongswan/charon
Type: boolean
Default: true
-_Description: Start strongSwan's IKEv1 daemon?
- The pluto daemon must be running to support version 1 of the Internet Key
- Exchange protocol.
-
-Template: strongswan/ikev2
-Type: boolean
-Default: true
-_Description: Start strongSwan's IKEv2 daemon?
- The charon daemon must be running to support version 2 of the Internet Key
+_Description: Start strongSwan's charon daemon?
+ The charon daemon must be running to support the Internet Key
Exchange protocol.
Template: strongswan/install_x509_certificate
@@ -190,5 +183,4 @@ _Description: Enable opportunistic encryption?
cause a significant delay for every new outgoing connection.
.
You should only enable opportunistic encryption if you are sure you want it.
- It may break the Internet connection (default route) as the pluto daemon
- starts.
+ It may break the Internet connection (default route) as the daemon starts.