[Swan-dev] testing: swan-prep break on conflicting config files

Antony Antony antony at phenome.org
Mon Sep 21 17:12:18 UTC 2020

Hi Andrew,

I do not quite follow your arguments.

when did wel allow west.ipsec.secrets to work? It should not work! I had 
quick look at v3.30 west.ipsec.secrets would not be copied instead 
/etc/baseconfig/host/etc/ipsec.secerts will be copied as /etc/ipsec.secrets.

For host specific secerts file only allow west.secrets 

May be you are confusing with weststrongswan.conf some other combinations.
it is good to clean up the logic. 

I added support for  ipsec.secrets, which be coppied all test hosts, and not 
copy when there is ipsec.secrets and west.secrets (any host specific) files.

Most likely Paul still dislike ipsec.secrets:( as far I am concerned that is 
a different discussion for another day.

On Mon, Sep 21, 2020 at 12:37:57PM -0400, Andrew Cagney wrote:
> FYI, I removed the code because it seemed arbitrary.  It would reject some, but
> not all combinations of:
>     west.ipsec.secrets
>     westipsec.secrets
>     west.secrets
>     ipsec.secrets
> I figured reducing this list to just:
>    west.ipsec.secrets
>    ipsec.secrets
> (and perhaps only allowing one) + logging the result was for a later pass.
> On Mon, 21 Sep 2020 at 11:34, Antony Antony <antony at vault.libreswan.fi> wrote:
>     New commits:
>     commit eff59a46350f2e638f1ef5051ab6f7a29033e5cf
>     Author: Antony Antony <antony at phenome.org>
>     Date:   Mon Sep 21 15:24:13 2020 +0000
>         testing: swan-prep break on conflicting config files
>         fix 1e0b14ec0b20c3 this is a nice improvement, however, allowing
>         conflicting files and picking the first one is less than ideal.
>         We would end up with test cases with reduntant config files and endless
>         confusion. Even with this fix I suspect 1e0b14ec0b20c3 would allow more
>         config files than what a test would use.
>         This is a first step to refuse to copy config file when there are
>         conflicting files. The checks could stricter than this.
>     _______________________________________________
>     Swan-commit mailing list
>     Swan-commit at lists.libreswan.org
>     https://lists.libreswan.org/mailman/listinfo/swan-commit

> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list