diff options
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/ipsec.secrets.proto | 3 | ||||
-rw-r--r-- | debian/strongswan-starter.ipsec.init | 28 | ||||
-rw-r--r-- | debian/strongswan-starter.postinst | 4 | ||||
-rw-r--r-- | debian/strongswan-starter.templates | 16 |
5 files changed, 15 insertions, 38 deletions
diff --git a/debian/changelog b/debian/changelog index 567606552..bad75a3c8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -24,6 +24,8 @@ strongswan (5.0.1-1) UNRELEASED; urgency=low * debian/libstrongswan.install: - install new xauth-eap, xauth-generic, xauth-pam and nonce plugins. * debian/strongswan.docs: CREDITS file is gone. + * debian/ipsec.secrets.proto: remove reference to pluto. + * debian/strongswan-starter.* remove references to pluto. -- Yves-Alexis Perez <corsac@debian.org> Wed, 02 Jan 2013 14:18:34 +0100 diff --git a/debian/ipsec.secrets.proto b/debian/ipsec.secrets.proto index 0fe54b65d..b164b64ed 100644 --- a/debian/ipsec.secrets.proto +++ b/debian/ipsec.secrets.proto @@ -1,5 +1,4 @@ -# This file holds shared secrets or RSA private keys for inter-Pluto -# authentication. See ipsec_pluto(8) manpage, and HTML documentation. +# This file holds shared secrets or RSA private keys for authentication. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, diff --git a/debian/strongswan-starter.ipsec.init b/debian/strongswan-starter.ipsec.init index cd10682cf..0f4e153eb 100644 --- a/debian/strongswan-starter.ipsec.init +++ b/debian/strongswan-starter.ipsec.init @@ -15,9 +15,7 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="strongswan IPsec services" NAME=ipsec STARTER=/usr/sbin/$NAME -PIDFILE1=/var/run/pluto.pid -PIDFILE2=/var/run/charon.pid -PLUTO=/usr/lib/ipsec/pluto +PIDFILE=/var/run/charon.pid CHARON=/usr/lib/ipsec/charon SCRIPTNAME=/etc/init.d/$NAME @@ -47,13 +45,9 @@ do_start() # 1 if daemon was already running # 2 if daemon could not be started - # test if either charon or pluto are currently running (PIDFILE1 or PIDFILE2) - if [ -e $PLUTO ]; then - start-stop-daemon --start --quiet --pidfile $PIDFILE1 --exec $STARTER --test > /dev/null \ - || return 1 - fi + # test if charon is currently running if [ -e $CHARON ]; then - start-stop-daemon --start --quiet --pidfile $PIDFILE2 --exec $STARTER --test > /dev/null \ + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $STARTER --test > /dev/null \ || return 1 fi @@ -75,13 +69,8 @@ do_stop() RETVAL=0 # but kill if that didn't work - if [ -e $PIDFILE1 ]; then - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE1 --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - fi - if [ -e $PIDFILE2 ]; then - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE2 --name $NAME + if [ -e $PIDFILE ]; then + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 fi @@ -92,19 +81,14 @@ do_stop() # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. - if [ -e $PLUTO ]; then - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $PLUTO - [ "$?" = 2 ] && return 2 - fi if [ -e $CHARON ]; then start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $CHARON [ "$?" = 2 ] && return 2 fi # strongswan is known to leave PID files behind when something goes wrong, cleanup here - rm -f $PIDFILE1 $PIDFILE2 + rm -f $PIDFILE # and just to make sure they are really really dead at this point... - killall -9 $PLUTO 2>/dev/null killall -9 $CHARON 2>/dev/null return "$RETVAL" diff --git a/debian/strongswan-starter.postinst b/debian/strongswan-starter.postinst index 52e895a88..9e4d7b10e 100644 --- a/debian/strongswan-starter.postinst +++ b/debian/strongswan-starter.postinst @@ -79,7 +79,7 @@ enable_daemon_start() { daemon=$1 protocol=$2 - echo -n "Enabling ${protocol} support by pluto ... " + echo -n "Enabling ${protocol} support by ${daemon}... " if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then echo "already enabled" elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then @@ -103,7 +103,7 @@ disable_daemon_start() { daemon=$1 protocol=$2 - echo -n "Disabling ${protocol} support by pluto ... " + echo -n "Disabling ${protocol} support by ${daemon}... " if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE || egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then echo "already disabled" diff --git a/debian/strongswan-starter.templates b/debian/strongswan-starter.templates index f36a76388..a54581e8a 100644 --- a/debian/strongswan-starter.templates +++ b/debian/strongswan-starter.templates @@ -28,18 +28,11 @@ _Description: Restart strongSwan now? existing connections and then bring them back up, so if you are using such a strongSwan tunnel to connect for this update, restarting is not recommended. -Template: strongswan/ikev1 +Template: strongswan/charon Type: boolean Default: true -_Description: Start strongSwan's IKEv1 daemon? - The pluto daemon must be running to support version 1 of the Internet Key - Exchange protocol. - -Template: strongswan/ikev2 -Type: boolean -Default: true -_Description: Start strongSwan's IKEv2 daemon? - The charon daemon must be running to support version 2 of the Internet Key +_Description: Start strongSwan's charon daemon? + The charon daemon must be running to support the Internet Key Exchange protocol. Template: strongswan/install_x509_certificate @@ -190,5 +183,4 @@ _Description: Enable opportunistic encryption? cause a significant delay for every new outgoing connection. . You should only enable opportunistic encryption if you are sure you want it. - It may break the Internet connection (default route) as the pluto daemon - starts. + It may break the Internet connection (default route) as the daemon starts. |