summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog4
-rwxr-xr-xdebian/rules4
-rw-r--r--debian/strongswan.ipsec.init (renamed from debian/strongswan.init)7
-rw-r--r--debian/strongswan.postinst38
-rw-r--r--debian/strongswan.postrm4
5 files changed, 33 insertions, 24 deletions
diff --git a/debian/changelog b/debian/changelog
index 90e191222..077708211 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
strongswan (4.1.8-2) unstable; urgency=medium
- * Ship our own init script, since upstream no longer doesn't.
+ * Ship our own init script, since upstream no longer doesn't. This is still
+ installed as /etc/init.d/ipsec (and not /etc/init.d/strongswan) to be
+ backwards compatible.
Really closes: #442880: strongswan: postinst failure (missing
/etc/init.d/ipsec)
* Actually, need to be smarter with ipsec.conf and ipsec.secrets. Not
diff --git a/debian/rules b/debian/rules
index e49876403..4a11486f2 100755
--- a/debian/rules
+++ b/debian/rules
@@ -71,7 +71,7 @@ install-strongswan: build-stamp
install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan/etc/ipsec.secrets
# also "patch" ipsec.conf to include the debconf-managed file
echo >> $(CURDIR)/debian/strongswan/etc/ipsec.conf
- echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan/etc/ipsec.secrets
+ echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan/etc/ipsec.conf
# and to enable both IKEv1 and IKEv2 by default
sed -r 's/^[ \t]+# *plutostart=(yes|no) */\tplutostart=yes/;s/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan/etc/ipsec.conf > $(CURDIR)/debian/strongswan/etc/ipsec.conf.tmp
mv $(CURDIR)/debian/strongswan/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan/etc/ipsec.conf
@@ -117,7 +117,7 @@ install-strongswan: build-stamp
binary-common:
dh_testdir
dh_testroot
- dh_installinit
+ dh_installinit --name=ipsec
dh_installdebconf
dh_installchangelogs ChangeLog
dh_link
diff --git a/debian/strongswan.init b/debian/strongswan.ipsec.init
index c264e973f..5cefef516 100644
--- a/debian/strongswan.init
+++ b/debian/strongswan.ipsec.init
@@ -42,8 +42,7 @@ do_start()
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
- $DAEMON_ARGS \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- start \
|| return 2
}
@@ -57,6 +56,10 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
+ # give the proper signal to stop
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- stop \
+ || return 2
+ # but kill if that didn't work
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
diff --git a/debian/strongswan.postinst b/debian/strongswan.postinst
index 394b6c6f0..e2b4f6f66 100644
--- a/debian/strongswan.postinst
+++ b/debian/strongswan.postinst
@@ -41,7 +41,7 @@ EOF
}
insert_private_key_filename() {
- if ! grep -q ": RSA $1" $SECRETS_FILE; then
+ if [ ! -e $SECRETS_FILE ] || ! grep -q ": RSA $1" $SECRETS_FILE; then
echo ": RSA $1" >> $SECRETS_FILE
fi
}
@@ -53,7 +53,7 @@ IPSEC_SECRETS_PATTERN_4='# do not change the indenting of that "}"'
# remove old, misguided attempts at a default ipsec.secrets files
repair_legacy_secrets() {
- if grep -A 2 "$IPSEC_SECRETS_PATTERN_1" $SECRETS_FILE |
+ if [ -e $SECRETS_FILE ] && grep -A 2 "$IPSEC_SECRETS_PATTERN_1" $SECRETS_FILE |
tail --lines=2 |
grep -A 1 "$IPSEC_SECRETS_PATTERN_2" |
tail --lines=1 |
@@ -107,18 +107,20 @@ enable_daemon_start() {
protocol=$2
echo -n "Enabling ${protocol} support by pluto ... "
- if egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then
+ if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then
echo "already enabled"
- elif egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then
+ elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then
sed "s/${daemon}start=no/${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp
cp $CONF_FILE.tmp $CONF_FILE
rm $CONF_FILE.tmp
echo "done"
- elif egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then
+ elif [ -e $CONF_FILE ] && egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then
sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp
cp $CONF_FILE.tmp $CONF_FILE
rm $CONF_FILE.tmp
echo "done"
+ else [ ! -e $CONF_FILE ]; then
+ echo -e "\t${daemon}start=yes" > $CONF_FILE
else
echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!"
fi
@@ -129,14 +131,16 @@ disable_daemon_start() {
protocol=$2
echo -n "Disabling ${protocol} support by pluto ... "
- if egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE ||
- egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then
+ if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE ||
+ egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then
echo "already disabled"
- elif egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then
+ elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then
sed "s/${daemon}start=yes/${daemon}start=no/" < $CONF_FILE > $CONF_FILE.tmp
cp $CONF_FILE.tmp $CONF_FILE
rm $CONF_FILE.tmp
echo "done"
+ else [ ! -e $CONF_FILE ]; then
+ echo -e "\t${daemon}start=yes" > $CONF_FILE
else
echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!"
fi
@@ -153,11 +157,11 @@ case "$1" in
db_get strongswan/rsa_key_type
if [ "$RET" = "plain" ]; then
# a RSA keypair should be created - check if there is one already
- if egrep -q ": RSA[:space:]*" /etc/ipsec.secrets; then
+ if [ -e /etc/ipsec.secrets ] && egrep -q ": RSA[:space:]*" /etc/ipsec.secrets; then
echo "Warning: there is already a RSA key in /etc/ipsec.secrets."
echo "Creating an additional one."
fi
- if egrep -q ": RSA[:space:]*" $SECRETS_FILE; then
+ if [ -e $SECRETS_FILE ] && egrep -q ": RSA[:space:]*" $SECRETS_FILE; then
echo "Warning: there is already a RSA key in $SECRETS_FILE."
echo "Creating an additional one."
fi
@@ -253,33 +257,37 @@ case "$1" in
db_get strongswan/enable-oe
if [ "$RET" != "true" ]; then
echo -n "Disabling opportunistic encryption (OE) in config file ... "
- if egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then
+ if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then
# also update to new-style config
sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp
mv $CONF_FILE.tmp $CONF_FILE
echo -n "converted old config line to new format"
fi
- if egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then
+ if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then
sed 's/include \/etc\/ipsec.d\/examples\/oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp
mv $CONF_FILE.tmp $CONF_FILE
echo "done"
+ elif [ ! -e $CONF_FILE ]; then
+ echo "#include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE
else
echo "already disabled"
fi
else
echo -n "Enabling opportunistic encryption (OE) in config file ... "
- if egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then
+ if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then
# also update to new-style config
sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp
mv $CONF_FILE.tmp $CONF_FILE
echo -n "converted old config line to new format"
fi
- if egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then
+ if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then
echo "already enabled"
- elif egrep -q "^#.*include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then
+ elif [ -e $CONF_FILE ] && egrep -q "^#.*include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then
sed 's/#.*include \/etc\/ipsec.d\/examples\/oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp
mv $CONF_FILE.tmp $CONF_FILE
echo "done"
+ elif [ ! -e $CONF_FILE ]; then
+ echo "include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE
else
cat <<EOF >> $CONF_FILE
#Enable Opportunistic Encryption
diff --git a/debian/strongswan.postrm b/debian/strongswan.postrm
index 8ccb5b7a9..e42af1082 100644
--- a/debian/strongswan.postrm
+++ b/debian/strongswan.postrm
@@ -30,10 +30,6 @@ case "$1" in
esac
-if [ "$1" = "purge" ] ; then
- update-rc.d ipsec remove >/dev/null
-fi
-
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.