[Swan-dev] path oddness in ../../pluto/bin/ipsec-look.sh

Andrew Cagney andrew.cagney at gmail.com
Tue Apr 2 15:06:14 UTC 2019 

In part at least, it was me ...

On Tue, 2 Apr 2019 at 10:08, Paul Wouters <paul at nohats.ca> wrote:
>
>
> Is there any reasin the final.sl uses ../../pluto/bin/ipsec-look.sh
> instead of the more intuitive ../bin/ipsec-look.sh   ?

... and your observation ...

> I mean, I do think testing/pluto/bin has seen mis-use. Orginally,
> anything running on the vm would be in /testing/guestbin/ but somehow
> it now also runs things in /testing/pluto/bin/ ? It's unclear to me
> why we wouldn't merge these two into one?

... is why.  Having .../pluto/bin/... provides a big hint as to where
to look for the script.

The impression I've been given (from asking on on IRC) is that
pluto/bin is for test scripts (and git history shows it is very old)
while guestbin/, which arrived later (~2012), contains the scripts
specific to setting up KVMs vis:

    * testing: updates to installer

    create iptables from files not kickstart file
    - remove old systemd attempts to re-network the system
    - added swanpath.sh and testing/guestbin
    - merged the mount-bind into testing/guestbin/swan-transmogrify
      that is called in rc.local.
    - also copies in sysctl.conf files and iptables files

looking in guestbin:

fipsoff: called when generating certificates
fipson: called by swan-prep, so also used by docker?
swan-prep:
  shared with docker?
swan-transmogrify:
  set up the KVM instances (seems to be shared with Docker?)
swan-transmogrify.sh:
  a far simpler version of swan-transmogrify that sets up kerberos
friendly domains
  written in SH, doesn't contain docker code, see ikev2-gssapi-01/gssapi.sh)
nic-internet:
  script to put nic on the internet (why not just given all domains a
natted interface)
swan-build:
  not used by the KVM build system
swan-install:
  still used by the KVM build system but I'm really not sure why
swan-run, swan-test:
  I suspect these are broken
swan-update:
  kvm-install made this redundant

so the redundant directory might well be guestbin.

More information about the Swan-dev mailing list