[Pkg-swan-devel] Bug#866324: Bug#866324: strongswan-swanctl: Install empty directories that ‘swanctl --load-all’ expects

Gerald Turner gturner at unzane.com
Wed Jun 28 21:16:52 UTC 2017


On Wed, Jun 28 2017, Gerald Turner wrote:
> On Wed, Jun 28 2017, Yves-Alexis Perez wrote:
>> I don't have those logs message, because the folders actually exist
>> here, so I somehow have the feeling that strongSwan actually created
>> the directories itself.
>
> I'm not sure... I made the conversion to VICI in April, I had these
> errors in my test environment for days until I wrote that patch,
> unfortunately my persistent journald logs don't go back that far.  I
> do distinctly remember taking the time to grok the source code in
> order to determine the correctness of this patch - and I don't recall
> seeing any code which creates these directories.

I just tested by stopping strongswan-swanctl, rmdir /etc/swanctl/ecdsa
(I'm not using ECDSA certificates), and started strongswan-swanctl.  The
directory wasn't created.

Inspecting my commit message I see that I had written “… subsystem
‘lib’, log level 1”, so you'd have to turn up charon-systemd.journal
logging to see these messages.

Apologies for the nearly frivilous patch, but having mode 0700 set on
directories potentially containing private keys is kind of nifty ;-)
(and consistent with the strongswan-starter package)

-- 
Gerald Turner <gturner at unzane.com>        Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 962 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20170628/8599a424/attachment.sig>


More information about the Pkg-swan-devel mailing list