-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 05/06/15 15:43, Yves-Alexis Perez wrote: > On Fri, Jun 05, 2015 at 12:31:46PM +0200, Daniel Pocock wrote: >> Package: libstrongswan-standard-plugins Version: 5.2.1-6 >> Severity: serious >> >> I've marked this bug serious because it can lead to a loss of >> connectivity for remote users. >> >> The system was running fine with strongSwan on wheezy using >> ECDSA >> >> The system was upgraded to jessie using apt-get dist-upgrade >> >> After upgrade, the VPN would not start >> >> "ipsec up peer" would complain: >> >> no private key found for 'fromcert' >> >> Looking at the ipsec start logs in syslog, I observed the >> errors: >> >> building CRED_PRIVATE_KEY - ECDSA failed, tried 2 builders >> loading private key from 'hostKey.der' failed ... building >> CRED_CERTIFICATE - ANY failed, tried 1 builders loading >> certificate from 'hostCert.der' failed >> >> Installing the missing package and restarting ipsec resolved the >> issue: >> >> apt-get install libstrongswan-standard-plugins ipsec stop ipsec >> start >> > Hi, > > libstrongswan (which is a dependency of the various charon daemons) > as a Recommends: on libstrongswan-standard-plugins so if you > install Recommends: I think it /should/ be the case. > Thanks for the prompt feedback I tend to be a bit cautious about installing all recommended packages on dist-upgrade, mainly because of disk usage. Many of the systems I've worked with have deliberately small partitions (they are usually virtual servers) and even without all recommended packages, each upgrade tends to grow the disk usage and require some re-arranging of LVM. Even on my laptop, it is just a pain to backup if I let the disk usage grow too much. Do you feel these plugins definitely need to be in a separate package? Do you think you could use a metapackage for upgraders, with a mandatory dependency on the plugins, so they end up with the same plugins they had before? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVce97AAoJEOm1uwJp1aqD5lsP/jMzdv/74q526lYsZpll/53w E6TC9bjVoEheCDbmTrlKmWo0BDDcNtgl7mZuhSTMYYllNmhdxi/IF69ITZCe6EeO drhnXOaDnDgnzgeuc9iC3+yYQ6T/lEUyBTL05G8uFy5H41qMNxOcIzwxNqpJiGOf dZvw3e1hoOQ1bsHBSyDntkee5mEcndq5nRTYyF40fexMx/oW9583BXZd7bAcRttN IrhZLyZ0O2YleMyiJKqmyKMImZ3i1rV8thZtq7PJjLZ4z/PBXnmmH0Gypi7TQdr8 OE7iyK+45W+eHcBeJl3kbhpOer6NpcksrtnOgbqMdtOEQIxyMKXj9aJA0ssOS0ZS cvrplsDSPu9qttSGL01+LxHa9rwhRO4ZaYv1HSLX5556dQr9ZTtrouIfB3+ZpJJX Cmc8RA8n96HjInzBRRequks52HK/DlZdKR//Rg6c34R1khPz9o7lqKWinmAX1dY0 hRP1j7sHEEE+UytCMPD94a6q0a2VPB29s1tMZ6EPWBhvfLP1/TYKC6KnkbROQTEF xFsUG3xat+9JokizlKJaRn2A8yetNOobYJJyCJhXTbIusDgDoLe4i2oo9Rsxp3+w 3tekZOd5wypW0uyX08OgZEg16/D86hN/LyWDT+gFBWZdcKjdCd9NbnerCwTW03Wa uBeAxfsqSJGoOQk/R4Tn =0WrB -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org