[Swan-dev] Strongswan version in test systems

Andrew Cagney andrew.cagney at gmail.com
Thu Jul 14 14:46:01 UTC 2016

On 13 July 2016 at 12:52, Paul Wouters <paul at nohats.ca> wrote:
>> On Jul 13, 2016, at 6:15 PM, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
>> Paul has said that we need to use a newer version of Strongswan.  Newer
>> than is built by the kvm-building makefiles.  Newer than is in the Fedora
>> 22 repos.

> No, strongswan 5.4.0 is in f22, but you need to use dnf distro-update and not yum update

"distro-update" isn/t in the dnf man page?  I see bleve corrected this
with "dnf distro-sync".

Something like?

- delete absolutely everything cloned from the base using:

    $ make uninstall-kvm-clones

- boot and log into the base domain and then run the above using:

     $ ./testing/utils/kvmsh.py --shutdown swanfedorabase dnf -y
distro-sync strongswan

- and finally get back to something testable:

    $ make kvm-install

It sounds like fedora22base.ks, which currently does this at the end:

# Need pyOpenSSL with ability to dump all certificates
yum upgrade -y 2>&1 \
    https://nohats.ca/ftp/pyOpenSSL/pyOpenSSL-0.14-4.fc21.noarch.rpm \
    | tee /var/tmp/pyOpenSSL.log

# Need strongswan with CTR, GCM, and other fixes
yum upgrade -y 2>&1 \
    https://nohats.ca/ftp/ssw/strongswan-5.3.2-1.0.lsw.fc22.x86_64.rpm \
    | tee /var/tmp/strongswan.log

needs updating?

I've been sitting on some unrelated changes that are going to trigger
a a base domain rebuild:

- set KVM_OS=fedora22 instead of fedora so it is easier to move
between OS releases
- have a per-prefix group disk so I can have *(@&$)*(@ kerberos stuff
installed in one place

Perhaps this (well post 3.18) is an opportune time to push all of them.

More information about the Swan-dev mailing list