[Pkg-swan-devel] [Git][debian/strongswan][debian/master] 10 commits: ship xfrmi only on Linux, fix FTBFS on kfreebsd
Yves-Alexis Perez
gitlab at salsa.debian.org
Sat Oct 5 14:56:25 BST 2019
Yves-Alexis Perez pushed to branch debian/master at Debian / strongswan
Commits:
9014f3d1 by Yves-Alexis Perez at 2019-10-04T14:41:08Z
ship xfrmi only on Linux, fix FTBFS on kfreebsd
- - - - -
8586de15 by Yves-Alexis Perez at 2019-10-04T15:50:40Z
d/libcharon-extra-plugins.install: drop plugins disabled in Debian
Gbp-dch: no
- - - - -
d97e6ae7 by Yves-Alexis Perez at 2019-10-04T15:52:35Z
d/control: update standards version to 4.4.1
- - - - -
b0a12d4e by Yves-Alexis Perez at 2019-10-04T15:53:22Z
d/strongswan-starter.templates: drop runlevel_changes
- - - - -
e7253a6e by Yves-Alexis Perez at 2019-10-04T16:01:07Z
let dh_installinit handle update-rc.d cals
- - - - -
05194035 by Yves-Alexis Perez at 2019-10-04T16:02:44Z
d/salsa-ci.yml: add a salsa pipeline config
- - - - -
1913d9a3 by Yves-Alexis Perez at 2019-10-04T16:11:59Z
d/rules: drop dbgsym migration
- - - - -
93d81d5b by Yves-Alexis Perez at 2019-10-05T12:53:34Z
strongswan-starter: update line number in lintian override
- - - - -
e18a5e54 by Yves-Alexis Perez at 2019-10-05T13:03:53Z
finalize changelog
- - - - -
dce56242 by Yves-Alexis Perez at 2019-10-05T13:04:03Z
upload strongSwan 5.8.0-2 to unstable
- - - - -
9 changed files:
- debian/changelog
- debian/control
- debian/libcharon-extra-plugins.install
- debian/rules
- + debian/salsa-ci.yml
- debian/strongswan-libcharon.install
- debian/strongswan-starter.lintian-overrides
- debian/strongswan-starter.postrm
- debian/strongswan-starter.templates
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,40 @@
+strongswan (5.8.0-2) unstable; urgency=medium
+
+ [ Christian Ehrhardt ]
+ * d/control: Mention mgf1 plugin which is in libstrongswan now
+ * Complete the disabling of libfast
+ * Clean up d/strongswan-starter.postinst: section about runlevel changes
+ * Clean up d/strongswan-starter.postinst: opportunistic encryption
+ * Enable kernel-libipsec for use of strongswan in containers
+ * d/control, d/libcharon-{extras,extauth}-plugins.install: Add
+ extauth-plugins package (Recommends)
+ * apparmor: d/usr.lib.ipsec.charon: sync notify rule from charon-systemd
+ * apparmor: fix apparmor denies reading the own FDs (LP: 1786250)
+ * apparmor: d/usr.sbin.charon-systemd: allow CLUSTERIP for ha plugin
+ (LP: 1773956)
+ * apparmor: d/usr.lib.ipsec.stroke: executables need to be able to read map
+ and execute themselves
+ * apparmor: d/usr.lib.ipsec.lookip: executables need to be able to read map
+ and execute themselves
+ * apparmor: d/usr.sbin.swanctl: add apparmor rule for af-alg plugin
+ (LP: 1807962)
+ * d/control: libtpmtss is actually packaged in libstrongswan-extra-plugins
+
+ [ Ryan Harper ]
+ * Remove code related to unused debconf managed config
+
+ [ Yves-Alexis Perez ]
+ * ship xfrmi only on Linux, fix FTBFS on kfreebsd
+ * d/libcharon-extra-plugins.install: drop plugins disabled in Debian
+ * d/control: update standards version to 4.4.1
+ * d/strongswan-starter.templates: drop runlevel_changes
+ * let dh_installinit handle update-rc.d calls
+ * d/salsa-ci.yml: add a salsa pipeline config
+ * d/rules: drop dbgsym migration
+ * strongswan-starter: update line number in lintian override
+
+ -- Yves-Alexis Perez <corsac at debian.org> Sat, 05 Oct 2019 15:03:59 +0200
+
strongswan (5.8.0-1) unstable; urgency=medium
[ Christian Ehrhardt ]
=====================================
debian/control
=====================================
@@ -3,7 +3,7 @@ Section: net
Priority: optional
Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
Uploaders: Yves-Alexis Perez <corsac at debian.org>
-Standards-Version: 4.4.0
+Standards-Version: 4.4.1
Vcs-Browser: https://salsa.debian.org/debian/strongswan
Vcs-Git: https://salsa.debian.org/debian/strongswan.git
Build-Depends: bison,
@@ -239,8 +239,8 @@ Description: strongSwan charon library
- counters
- bypass-lan (disabled by default)
.
- It also contains the xfrmi binary which can be used on Linux 4.19+ to create
- XFRM interfaces (for more information, see
+ On Linux, it also contains the xfrmi binary which can be used on Linux 4.19+
+ to create XFRM interfaces (for more information, see
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN)
Package: strongswan-charon
=====================================
debian/libcharon-extra-plugins.install
=====================================
@@ -1,20 +1,11 @@
# libcharon plugins
usr/lib/ipsec/plugins/libstrongswan-addrblock.so
usr/lib/ipsec/plugins/libstrongswan-certexpire.so
-usr/lib/ipsec/plugins/libstrongswan-eap-aka-3gpp2.so
usr/lib/ipsec/plugins/libstrongswan-eap-aka.so
-usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so
usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so
usr/lib/ipsec/plugins/libstrongswan-eap-identity.so
usr/lib/ipsec/plugins/libstrongswan-eap-md5.so
-usr/lib/ipsec/plugins/libstrongswan-eap-peap.so
usr/lib/ipsec/plugins/libstrongswan-eap-radius.so
-usr/lib/ipsec/plugins/libstrongswan-eap-sim-file.so
-usr/lib/ipsec/plugins/libstrongswan-eap-sim-pcsc.so
-usr/lib/ipsec/plugins/libstrongswan-eap-sim.so
-usr/lib/ipsec/plugins/libstrongswan-eap-simaka-pseudonym.so
-usr/lib/ipsec/plugins/libstrongswan-eap-simaka-reauth.so
-usr/lib/ipsec/plugins/libstrongswan-eap-simaka-sql.so
usr/lib/ipsec/plugins/libstrongswan-eap-tls.so
usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so
usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so
@@ -28,25 +19,15 @@ usr/lib/ipsec/plugins/libstrongswan-lookip.so
usr/lib/ipsec/plugins/libstrongswan-tnc-tnccs.so
usr/lib/ipsec/plugins/libstrongswan-unity.so
usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
-usr/lib/ipsec/plugins/libstrongswan-xauth-noauth.so
usr/lib/ipsec/plugins/libstrongswan-xauth-pam.so
# standard configuration files
usr/share/strongswan/templates/config/plugins/addrblock.conf
usr/share/strongswan/templates/config/plugins/certexpire.conf
-usr/share/strongswan/templates/config/plugins/eap-aka-3gpp2.conf
usr/share/strongswan/templates/config/plugins/eap-aka.conf
-usr/share/strongswan/templates/config/plugins/eap-dynamic.conf
usr/share/strongswan/templates/config/plugins/eap-gtc.conf
usr/share/strongswan/templates/config/plugins/eap-identity.conf
usr/share/strongswan/templates/config/plugins/eap-md5.conf
-usr/share/strongswan/templates/config/plugins/eap-peap.conf
usr/share/strongswan/templates/config/plugins/eap-radius.conf
-usr/share/strongswan/templates/config/plugins/eap-sim-file.conf
-usr/share/strongswan/templates/config/plugins/eap-sim-pcsc.conf
-usr/share/strongswan/templates/config/plugins/eap-sim.conf
-usr/share/strongswan/templates/config/plugins/eap-simaka-pseudonym.conf
-usr/share/strongswan/templates/config/plugins/eap-simaka-reauth.conf
-usr/share/strongswan/templates/config/plugins/eap-simaka-sql.conf
usr/share/strongswan/templates/config/plugins/eap-tls.conf
usr/share/strongswan/templates/config/plugins/eap-tnc.conf
usr/share/strongswan/templates/config/plugins/eap-ttls.conf
@@ -60,26 +41,16 @@ usr/share/strongswan/templates/config/plugins/lookip.conf
usr/share/strongswan/templates/config/plugins/tnc-tnccs.conf
usr/share/strongswan/templates/config/plugins/unity.conf
usr/share/strongswan/templates/config/plugins/xauth-eap.conf
-usr/share/strongswan/templates/config/plugins/xauth-noauth.conf
usr/share/strongswan/templates/config/plugins/xauth-pam.conf
usr/share/strongswan/templates/config/strongswan.d/tnc.conf
etc/strongswan.d/tnc.conf
etc/strongswan.d/charon/addrblock.conf
etc/strongswan.d/charon/certexpire.conf
-etc/strongswan.d/charon/eap-aka-3gpp2.conf
etc/strongswan.d/charon/eap-aka.conf
-etc/strongswan.d/charon/eap-dynamic.conf
etc/strongswan.d/charon/eap-gtc.conf
etc/strongswan.d/charon/eap-identity.conf
etc/strongswan.d/charon/eap-md5.conf
-etc/strongswan.d/charon/eap-peap.conf
etc/strongswan.d/charon/eap-radius.conf
-etc/strongswan.d/charon/eap-sim-file.conf
-etc/strongswan.d/charon/eap-sim-pcsc.conf
-etc/strongswan.d/charon/eap-sim.conf
-etc/strongswan.d/charon/eap-simaka-pseudonym.conf
-etc/strongswan.d/charon/eap-simaka-reauth.conf
-etc/strongswan.d/charon/eap-simaka-sql.conf
etc/strongswan.d/charon/eap-tls.conf
etc/strongswan.d/charon/eap-tnc.conf
etc/strongswan.d/charon/eap-ttls.conf
@@ -93,7 +64,6 @@ etc/strongswan.d/charon/lookip.conf
etc/strongswan.d/charon/tnc-tnccs.conf
etc/strongswan.d/charon/unity.conf
etc/strongswan.d/charon/xauth-eap.conf
-etc/strongswan.d/charon/xauth-noauth.conf
etc/strongswan.d/charon/xauth-pam.conf
debian/usr.lib.ipsec.lookip /etc/apparmor.d/
# support libs
=====================================
debian/rules
=====================================
@@ -132,6 +132,8 @@ ifeq ($(DEB_HOST_ARCH_OS),linux)
dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/af-alg.conf
# the systemd service file only gets generated on Linux
dh_install -p strongswan-starter lib/systemd/system/strongswan-starter.service
+ # XFRM is Linux only
+ dh_install -p strongswan-libcharon usr/lib/ipsec/xfrmi
endif
ifeq ($(DEB_HOST_ARCH_OS),kfreebsd)
@@ -216,14 +218,11 @@ endif
find $(CURDIR)/debian/*strongswan*/ -name "/.svn/" | xargs --no-run-if-empty rm -rf
override_dh_installinit:
- dh_installinit -n --name=ipsec
+ dh_installinit --name=ipsec
override_dh_installchangelogs:
dh_installchangelogs NEWS
-override_dh_strip:
- dh_strip --dbgsym-migration='strongswan-dbg (<< 5.3.5-2~)'
-
override_dh_fixperms:
dh_fixperms \
-X etc/ipsec.d \
=====================================
debian/salsa-ci.yml
=====================================
@@ -0,0 +1,4 @@
+---
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
=====================================
debian/strongswan-libcharon.install
=====================================
@@ -1,5 +1,4 @@
usr/lib/ipsec/libcharon*
-usr/lib/ipsec/xfrmi
## libcharon plugins
# socket-default
usr/lib/ipsec/plugins/libstrongswan-socket-default.so
=====================================
debian/strongswan-starter.lintian-overrides
=====================================
@@ -3,4 +3,4 @@ strongswan-starter: non-standard-dir-perm etc/ipsec.d/private/ 0700 != 0755
strongswan-starter: non-standard-file-perm etc/ipsec.secrets 0600 != 0644
strongswan-starter: non-standard-dir-perm var/lib/strongswan/ 0700 != 0755
# the full path is used to check the command presence
-strongswan-starter: command-with-path-in-maintainer-script postrm:36 /usr/sbin/deluser
+strongswan-starter: command-with-path-in-maintainer-script postrm:35 /usr/sbin/deluser
=====================================
debian/strongswan-starter.postrm
=====================================
@@ -31,7 +31,6 @@ case "$1" in
esac
if [ "$1" = "purge" ] ; then
- update-rc.d ipsec remove >/dev/null
if getent passwd strongswan>/dev/null; then
if [ -x /usr/sbin/deluser ]; then
deluser --system strongswan
=====================================
debian/strongswan-starter.templates
=====================================
@@ -7,17 +7,6 @@
# Even minor modifications require translation updates and such
# changes should be coordinated with translators and reviewers.
-Template: strongswan/runlevel_changes
-Type: note
-_Description: Old runlevel management superseded
- Previous versions of the strongSwan package gave a choice between
- three different Start/Stop-Levels. Due to changes in the standard system
- startup procedure, this is no longer necessary or useful. For all new
- installations as well as old ones running in any of the predefined modes,
- sane default levels will now be set. If you are upgrading from a previous
- version and changed your strongSwan startup parameters, then please take a
- look at NEWS.Debian for instructions on how to modify your setup accordingly.
-
Template: strongswan/restart
Type: boolean
Default: true
View it on GitLab: https://salsa.debian.org/debian/strongswan/compare/77495db864055d524a3f3a8f3c918f4889b1dd5c...dce56242e23e63ab40dcf57c86bc07f9283e4786
--
View it on GitLab: https://salsa.debian.org/debian/strongswan/compare/77495db864055d524a3f3a8f3c918f4889b1dd5c...dce56242e23e63ab40dcf57c86bc07f9283e4786
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-swan-devel/attachments/20191005/14202681/attachment-0001.html>
More information about the Pkg-swan-devel
mailing list