[Swan-dev] testing: swan-prep break on conflicting config files
Antony Antony
antony at phenome.org
Mon Sep 21 19:32:39 UTC 2020
Andrew,
after a closer look I see l2tp and ppp configuration file could be in the
form 'hostname + "." + config_file' in the test directory.
ikev1-l2tp-01/north.xl2tpd.conf
they are not copied using the function that got fixed in 1e0b14ec0b.
Now I am confused why this commit added 'hostname + "." + config_file'
That seems wrong to me. Why do we need it?
the test directory should only allow one config. If not found fall back to
host/ and then all/ May be there were bugs before 1e0b14ec0b as it is now it
looks bad to me. I don't have a good fix. So I will leave it for now.
eff59a46350f is only a hack to prevent a common error.
On Mon, Sep 21, 2020 at 07:12:18PM +0200, Antony Antony wrote:
> Hi Andrew,
>
> I do not quite follow your arguments.
>
> when did wel allow west.ipsec.secrets to work? It should not work! I had
> quick look at v3.30 west.ipsec.secrets would not be copied instead
> /etc/baseconfig/host/etc/ipsec.secerts will be copied as /etc/ipsec.secrets.
>
> For host specific secerts file only allow west.secrets
>
> May be you are confusing with weststrongswan.conf some other combinations.
> it is good to clean up the logic.
>
> I added support for ipsec.secrets, which be coppied all test hosts, and not
> copy when there is ipsec.secrets and west.secrets (any host specific) files.
>
> Most likely Paul still dislike ipsec.secrets:( as far I am concerned that is
> a different discussion for another day.
>
> On Mon, Sep 21, 2020 at 12:37:57PM -0400, Andrew Cagney wrote:
> > FYI, I removed the code because it seemed arbitrary. It would reject some, but
> > not all combinations of:
> > west.ipsec.secrets
> > westipsec.secrets
> > west.secrets
> > ipsec.secrets
> > I figured reducing this list to just:
> > west.ipsec.secrets
> > ipsec.secrets
> > (and perhaps only allowing one) + logging the result was for a later pass.
> >
> > On Mon, 21 Sep 2020 at 11:34, Antony Antony <antony at vault.libreswan.fi> wrote:
> >
> > New commits:
> > commit eff59a46350f2e638f1ef5051ab6f7a29033e5cf
> > Author: Antony Antony <antony at phenome.org>
> > Date: Mon Sep 21 15:24:13 2020 +0000
> >
> > testing: swan-prep break on conflicting config files
> >
> > fix 1e0b14ec0b20c3 this is a nice improvement, however, allowing
> > conflicting files and picking the first one is less than ideal.
> > We would end up with test cases with reduntant config files and endless
> > confusion. Even with this fix I suspect 1e0b14ec0b20c3 would allow more
> > config files than what a test would use.
> >
> > This is a first step to refuse to copy config file when there are
> > conflicting files. The checks could stricter than this.
> >
> > _______________________________________________
> > Swan-commit mailing list
> > Swan-commit at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan-commit
> >
>
> > _______________________________________________
> > Swan-dev mailing list
> > Swan-dev at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan-dev
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list