Bug#1098865: marked as done (strongswan-starter: bug in /usr/sbin/ipsec, service fails to start)

Tue, 25 Feb 2025 11:00:17 -0800 

Your message dated Tue, 25 Feb 2025 19:56:46 +0100
with message-id <[email protected]>
and subject line Re: [Pkg-swan-devel] Bug#1098865: strongswan-starter: bug in 
/usr/sbin/ipsec, service fails to start
has caused the Debian Bug report #1098865,
regarding strongswan-starter: bug in /usr/sbin/ipsec, service fails to start
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1098865: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098865
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: strongswan-starter
Version: 6.0.0-2
Severity: important

Dear Maintainer,

the latest strongswan-starter package has a bug in the starting script: it 
attempts to execute /ust/lib/ipsec/charon (hardcoded) but /ust/lib/ipsec/charon 
is not installed by it nor by any of its dependencies. There is 
/usr/lib/ipsec/charon-nm, but no charon. Creating by hand a link charon-nm -> 
charon allowed it to successfully start, but this is not the kind of manual 
fiddling one would want to do.
Please make sure that the starter script attempts to use an executable that can 
be assumed to be present, either because it was installed by its dependencies 
or because it created it.

Thanks in advance, best regards
Giacomo Mulas


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (401, 'unstable'), (10, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.16-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages strongswan-starter depends on:
ii  adduser                3.141
ii  debconf [debconf-2.0]  1.5.89
ii  init-system-helpers    1.68
ii  libc6                  2.40-7
ii  libstrongswan          6.0.0-2
ii  sysvinit-utils         3.14-3

Versions of packages strongswan-starter recommends:
pn  strongswan-charon  <none>

strongswan-starter suggests no packages.

-- Configuration Files:
/etc/ipsec.secrets [Errno 13] Permesso negato: '/etc/ipsec.secrets'

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 2025-02-25 at 11:45 +0100, Giacomo Mulas wrote:
> the latest strongswan-starter package has a bug in the starting script: it
> attempts to execute /ust/lib/ipsec/charon (hardcoded) but
> /ust/lib/ipsec/charon is not installed by it nor by any of its dependencies.
> There is /usr/lib/ipsec/charon-nm, but no charon. Creating by hand a link
> charon-nm -> charon allowed it to successfully start, but this is not the
> kind of manual fiddling one would want to do.
> Please make sure that the starter script attempts to use an executable that
> can be assumed to be present, either because it was installed by its
> dependencies or because it created it.

Hi Giuacomo, indeed that's because it's totally wrong to do that. You don't
install strongswan-starter, you install the charon daemon you need. If you
want to use the ipsec.conf configuration then you install strongswan-charon
which will in turn pull the strongswan-starter package. Also strongswan-
starter Recommends: the strongswan-charon package so on fresh install it
should pull it by default as well.

Note that this was explained in the NEWS.Debian entry which should have been
displayed at upgrade time.

I'm closing this bug then. I hope it's more clear for you.

Regards,
- -- 
Yves-Alexis

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAme+Em8ACgkQ3rYcyPpX
RFts2wf/XlE5fIX4fSnMBFsfsI1OmTzYEsOLrzJmr9j9vFl6ynoYt4pQAbTxv3/u
bkw296as7thhDGa7CuQsz2G1cT7hKOa5rcmiWPV+M8K58DnflGcIzhoU5dvJzf3N
KxW8AaXgTBEYBgFvLpAe5byqR7qKTUnczr+KgNSu2pH7bV1KPnl7NKoQ7UpSqg94
dfWBs7V6TpSi2x8+Q7OptSNiU9tquaS75boxQExvZoxWM3YDqqETPZUn2w7Ic8Cg
8QHjONOfA+B7i3IdYcnsLth/LOwcotr58rDhf1JUf8EE3RVcpBSjKo9dj6aZO8j3
TPaiVMzEYLXO1LDlDVvEM160Q4e13g==
=nOJn
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to