[Pkg-swan-devel] Bug#866324: Bug#866324: strongswan-swanctl: Install empty directories that ‘swanctl --load-all’ expects
gturner at unzane.com
Wed Jun 28 21:16:52 UTC 2017
On Wed, Jun 28 2017, Gerald Turner wrote:
> On Wed, Jun 28 2017, Yves-Alexis Perez wrote:
>> I don't have those logs message, because the folders actually exist
>> here, so I somehow have the feeling that strongSwan actually created
>> the directories itself.
> I'm not sure... I made the conversion to VICI in April, I had these
> errors in my test environment for days until I wrote that patch,
> unfortunately my persistent journald logs don't go back that far. I
> do distinctly remember taking the time to grok the source code in
> order to determine the correctness of this patch - and I don't recall
> seeing any code which creates these directories.
I just tested by stopping strongswan-swanctl, rmdir /etc/swanctl/ecdsa
(I'm not using ECDSA certificates), and started strongswan-swanctl. The
directory wasn't created.
Inspecting my commit message I see that I had written “… subsystem
‘lib’, log level 1”, so you'd have to turn up charon-systemd.journal
logging to see these messages.
Apologies for the nearly frivilous patch, but having mode 0700 set on
directories potentially containing private keys is kind of nifty ;-)
(and consistent with the strongswan-starter package)
Gerald Turner <gturner at unzane.com> Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 962 bytes
Desc: not available
More information about the Pkg-swan-devel