diff options
| -rw-r--r-- | debian/changelog | 7 | ||||
| -rw-r--r-- | debian/strongswan-starter.ipsec.init | 52 |
2 files changed, 43 insertions, 16 deletions
diff --git a/debian/changelog b/debian/changelog index 13f27a175..7f5594f42 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +strongswan (4.4.1-4) unstable; urgency=low + + * Rewrote parts of the init.d script to make stop/restart more robust + when pluto or charon fail. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 09 Sep 2010 13:08:36 +0200 + strongswan (4.4.1-3) unstable; urgency=low * Change make clean to make distclean to make package building diff --git a/debian/strongswan-starter.ipsec.init b/debian/strongswan-starter.ipsec.init index 5cefef516..88f5fdea9 100644 --- a/debian/strongswan-starter.ipsec.init +++ b/debian/strongswan-starter.ipsec.init @@ -14,12 +14,13 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="strongswan IPsec services" NAME=ipsec -DAEMON=/usr/sbin/$NAME -PIDFILE=/var/run/$NAME.pid +STARTER=/usr/sbin/$NAME +PIDFILE1=/var/run/pluto.pid +PIDFILE2=/var/run/charon.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 +[ -x "$STARTER" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME @@ -40,10 +41,14 @@ do_start() # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + + # test if either charon or pluto are currently running (PIDFILE1 or PIDFILE2) + start-stop-daemon --start --quiet --pidfile $PIDFILE1 --exec $STARTER --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE2 --exec $STARTER --test > /dev/null \ || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- start \ - || return 2 + + $STARTER start || return 2 } # @@ -57,27 +62,42 @@ do_stop() # 2 if daemon could not be stopped # other if a failure occurred # give the proper signal to stop - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- stop \ - || return 2 + $STARTER stop || return 2 + # but kill if that didn't work - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 + if [ -e $PIDFILE1 ]; then + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE1 --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + fi + if [ -e $PIDFILE2 ]; then + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE2 --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + fi + # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec /usr/lib/ipsec/pluto + [ "$?" = 2 ] && return 2 + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec /usr/lib/ipsec/charon [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE + + # strongswan is known to leave PID files behind when something goes wrong, cleanup here + rm -f $PIDFILE1 $PIDFILE2 + # and just to make sure they are really really dead at this point... + killall -9 /usr/lib/ipsec/pluto 2>/dev/null + killall -9 /usr/lib/ipsec/charon 2>/dev/null + return "$RETVAL" } do_reload() { - $DAEMON reload + $STARTER reload return 0 } @@ -99,7 +119,7 @@ case "$1" in esac ;; status) - $DAEMON status + $STARTER status || exit $? ;; reload|force-reload) log_daemon_msg "Reloading $DESC" "$NAME" |