[Pkg-swan-devel] Ubuntu strongSwan changes

[Jonathan Davies]

On 06/01/2014 17:15, Yves-Alexis Perez wrote:
> On Sat, Jan 04, 2014 at 05:05:06AM +0000, Jonathan Davies wrote:
>> Hello,
> 
>> Over the last few weeks, I made a series of changes to the strongSwan
>> packaging in Ubuntu to improve it. I would now like to have these
>> changes placed into Debian.
> 
> Sorry for the answer delay, and thanks for the mail. Before going
> further, did you base your modifications on the latest uploaded package
> or on the git master branch [1] ?

These are based off the master Git branch.

>> These changes include:
> 
>>   * Define *.install files for new binary packages for plugins.
> 
> Nice, we are actually considering (well, at least, I'd like us to
> consider that :) something like that. The point was mostly to have a
> strongswan minimal package working for the common setup, and leave
> everything else for binary package.
> 
> I'm not sure i like have one binary package per plugin though. Also we
> need to consider upgrade path.

Yes, I saw that after I had done the work. I was looking at a why to
avoid having people recompile the package if they need a missing plugin.
I have some recent feedback from upstream that I have to apply to the
packaging, nothing major.

>>   * debian/control: Merged in Ubuntu changes:
>>     - Updated Standards-Version to 3.9.5.
>>     - Added build dependency on: check, libldns-dev, libunbound-dev,
>>       libsoup2.4-dev, libpcsclite-dev, libtspi-dev, libmysqlclient-dev.
>>     - Bring down build-dependency version on dpkg-dev to >= 1.16.1.
>>     - Defined a large set of binary packages for individual plugins.
>>     - libstrongswan package: Added Suggests on strongswan-tnc-imcvs.
>>     - strongswan-ike package: Depend on crypto plugins and also iproute2.
>>     - strongswan-ike package: Suggest a series of plugin packages.
>>     - strongswan-libfast: New package for libfast library of strongSwan.
>>   * debian/usr.lib.ipsec.charon: AppArmor profile for charon daemon.
>>   * debian/strongswan-starter.strongswan.upstart: Upstart profile for charon
>>     daemon.
>>   * debian/rules:
>>     - Build strongSwan with unit tests and the majority of plugins enabled.
>>     - Install AppArmor profile with dh_apparmor and new Upstart
>> configuration.
>>   * debian/strongswan-starter.postinst: Removed that useless runlevels
>> prompt -
>>     it's now 2014.
>>   * debian/strongswan-starter.prerm: Renamed init script to stop here.
>>   * debian/strongswan-starter.dirs: Stop referencing init.d.
>>   * debian/strongswan-starter.postrm: Likewise, stop referencing old Sys-V
>>     script.
> 
>> These changes are/[will be] available in a Git repo here [once Alioth
>> updates]:
> 
>> -
>> http://anonscm.debian.org/gitweb/?p=users/jpds-guest/strongswan.git;a=summary
> 
>> This should be already fetchable via SSH.
> 
> I'll take a look. I'll also process your alioth application so you can
> later push to the main repo, in case you're interested.

Thanks.

>> As you can see, I've enabled as many plugins as possible and split them
>> into little subpackages. This is to offer people as much choice as
>> possible, without having to recompile strongSwan should we have left out
>> a plugin.
> 
>> Also, if Debian is using systemd as it's init daemon - I suggest you
>> drop the init.d script in the packaging and use the configuration in the
>> init/ directory of the upstream source. I've included an Upstart job in
>> the debian/ directory itself.
> 
> Let's wait for the tech-ctte then :)

Of course.

>> Cheers, let me know if you have any feedback.
> 
> Also, are you interested in beeing more involved in the Debian side, or
> is more to keep changes between Debian and Ubuntu minimal?

I'm committed to making strongSwan solid on Ubuntu, but am more than
happy to feed things back to Debian/upstream as well where appropriate.

-- 
 Jonathan Davies | Canonical Ltd.
 www.canonical.com | www.ubuntu.com