[Pkg-swan-devel] Bug#836862: libreswan: /etc/ipsec.conf is already shipped by strongswan-starter

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Feb 3 17:34:58 UTC 2017 

Control: clone 836862 -1
Control: reassign -1 src:strongswan
Control: retitle -1 strongswan-starter should Provide: ike-server, not strongswan-charon

On Tue 2016-09-06 11:46:29 -0400, Andreas Beckmann wrote:
> during a test with piuparts I noticed your package fails to upgrade from
> 'sid' to 'experimental'.
> It installed fine in 'sid', then the upgrade to 'experimental' fails
> because it tries to overwrite other packages files.
>
> See policy 7.6 at
> https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces
>
>>From the attached log (scroll to the bottom...):
>
>   Selecting previously unselected package libreswan.
>   Preparing to unpack .../43-libreswan_3.18-1_amd64.deb ...
>   Unpacking libreswan (3.18-1) ...
>   dpkg: error processing archive /tmp/apt-dpkg-install-za7Gyz/43-libreswan_3.18-1_amd64.deb (--unpack):
>    trying to overwrite '/etc/ipsec.conf', which is also in package strongswan-starter 5.5.0-1
>   dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
>
>
> Using Breaks+Replaces would most likely be the wrong solution here.
> If the conffile can be shared by both packages (hopefully it does),
> it should be factored out into a separate package instead and both
> users should add a dependency on this new package.

I'd have expected strongswan-starter to declare itself an "ike-server"
package, so that the existing breaks/replaces/provides trio would here.

ike-server is a virtual package like mail-transport-agent which is
provided by the packages:

 ike
 racoon
 isakmpd
 strongswan-charon
 libreswan

only one of these can be functional on a system at any time anyway.

I'm suprised to see that strongswan-charon is the package providing
ike-server, if stronswan-starter is the package that contains the system
integration.

Here's the current contents of strongswan-charon:

usr/share/strongswan/templates/config/strongswan.d/charon.conf
usr/share/strongswan/templates/config/strongswan.d/charon-logging.conf
usr/share/doc/strongswan-charon/copyright
usr/share/doc/strongswan-charon/changelog.gz
usr/share/doc/strongswan-charon/changelog.Debian.gz
usr/share/doc/strongswan-charon/NEWS.Debian.gz
usr/lib/ipsec/charon
etc/strongswan.d/charon.conf
etc/strongswan.d/charon-logging.conf
etc/apparmor.d/usr.lib.ipsec.charon

None of these are system integration bits, and i don't think this
package should be labeled as the thing that Provides: ike-server.  (i
note that strongswan-charon Depends: strongswan-starter, but i'm not
sure i understand why those deps are in that order instead of the other
way around.

Anyway, i'll make libreswan explicitly conflict with strongswan-starter
to resolve 836862, but hopefully this cloned bug can be resolved on the
strongswan side.

Regards,

        -dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20170203/98e9a51c/attachment.sig>

More information about the Pkg-swan-devel mailing list