[Swan-dev] cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:10: syntax error, unexpected STRING [crl_strict]

Andrew Cagney andrew.cagney at gmail.com
Wed Oct 7 02:02:59 UTC 2020


On Tue, 6 Oct 2020 at 21:37, Paul Wouters <paul at nohats.ca> wrote:
>
> On Tue, 6 Oct 2020, Andrew Cagney wrote:
>
> >> We have had that situation for many years now (like 5-7 or so)
> >>
> >> I placed back aliaes for virtual_private and plutostderrlog because
> >> those are part of many default config files we shipped. I think the
> >> rest should really go or else we should forever keep them.
> >
> > I think the middle ground is to reject the old names, but have the log
> > message spell out the replacement.  In the above noting that
> > crl_strict is replaced by crl-strict.  Other is to just allow [-_].
>
> Unfortunately since this mostly happens in addconn, there is no real
> logging, but only stderr or stdout. And if those are issued, it
> screws up ipsec addconn --configsetup which is used to grab config
> values by other (init)scripts. Since the libipsecconf code also
> goes through all connections when loading/parsing the config
> file to get the "config setup" section, _any_ obsolete warning
> will throw of the init system.

That sounds like a bug.  Scripts should only capture stdout; and check
$?.  stderr can then bubble up to the console.

>
> All of this could be addressed, but I think in practise, we would
> be okay with just the two old ones I added as aliases (not as
> kt_obsolete to prevent the warnings).
>
> Although for RHEL 8.4, we cannot break things between 3.32 -> 4.0,
> so for that I need to backport the old names until we hit RHEL9.
>
> We could undo it all, but then we have to live with underscores
> forever :/


More information about the Swan-dev mailing list