[Swan-dev] testing: swan-prep break on conflicting config files

Antony Antony antony at phenome.org
Mon Sep 21 19:32:39 UTC 2020 

Andrew,

after a closer look I see l2tp and ppp configuration file could be in the 
form 'hostname + "." + config_file' in the test directory.

ikev1-l2tp-01/north.xl2tpd.conf 

they are not copied using the function that got fixed in 1e0b14ec0b.
 Now I am confused why this commit added 'hostname + "." + config_file'
That seems wrong to me. Why do we need it?

the test directory should only allow one config. If not found fall back to 
host/ and then all/ May be there were bugs before 1e0b14ec0b as it is now it 
looks bad to me. I don't have a good fix. So I will leave it for now.

eff59a46350f is only a hack to prevent a common error.

On Mon, Sep 21, 2020 at 07:12:18PM +0200, Antony Antony wrote:
> Hi Andrew,
> 
> I do not quite follow your arguments.
> 
> when did wel allow west.ipsec.secrets to work? It should not work! I had 
> quick look at v3.30 west.ipsec.secrets would not be copied instead 
> /etc/baseconfig/host/etc/ipsec.secerts will be copied as /etc/ipsec.secrets.
> 
> For host specific secerts file only allow west.secrets 
> 
> May be you are confusing with weststrongswan.conf some other combinations.
> it is good to clean up the logic. 
> 
> I added support for  ipsec.secrets, which be coppied all test hosts, and not 
> copy when there is ipsec.secrets and west.secrets (any host specific) files.
> 
> Most likely Paul still dislike ipsec.secrets:( as far I am concerned that is 
> a different discussion for another day.
> 
> On Mon, Sep 21, 2020 at 12:37:57PM -0400, Andrew Cagney wrote:
> > FYI, I removed the code because it seemed arbitrary.  It would reject some, but
> > not all combinations of:
> >     west.ipsec.secrets
> >     westipsec.secrets
> >     west.secrets
> >     ipsec.secrets
> > I figured reducing this list to just:
> >    west.ipsec.secrets
> >    ipsec.secrets
> > (and perhaps only allowing one) + logging the result was for a later pass.
> > 
> > On Mon, 21 Sep 2020 at 11:34, Antony Antony <antony at vault.libreswan.fi> wrote:
> > 
> >     New commits:
> >     commit eff59a46350f2e638f1ef5051ab6f7a29033e5cf
> >     Author: Antony Antony <antony at phenome.org>
> >     Date:   Mon Sep 21 15:24:13 2020 +0000
> > 
> >         testing: swan-prep break on conflicting config files
> > 
> >         fix 1e0b14ec0b20c3 this is a nice improvement, however, allowing
> >         conflicting files and picking the first one is less than ideal.
> >         We would end up with test cases with reduntant config files and endless
> >         confusion. Even with this fix I suspect 1e0b14ec0b20c3 would allow more
> >         config files than what a test would use.
> > 
> >         This is a first step to refuse to copy config file when there are
> >         conflicting files. The checks could stricter than this.
> > 
> >     _______________________________________________
> >     Swan-commit mailing list
> >     Swan-commit at lists.libreswan.org
> >     https://lists.libreswan.org/mailman/listinfo/swan-commit
> > 
> 
> > _______________________________________________
> > Swan-dev mailing list
> > Swan-dev at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan-dev
> 
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list