[Swan-dev] break down of 5.0 fixes v2

Andrew Cagney andrew.cagney at gmail.com
Tue Dec 26 17:51:43 EET 2023 

We've started pushing more stuff into mainline, which for all
Looking over the commits since:

documentation: more README.md tweaks
7312fe13a454e81b167c83d85d1e6dab33777906

This group are straight forward doco updates:

  documentation: use @@IPSEC_CONFDDIR@@ and not @@IPSEC__CONFDDIR@@
  documentation: fix typo in ipsec-pluto.8 - IPSEC_CONF{,D}DIR
  documentation: fix typo in ipsec-pluto.8 - @@{IPSEC_,}RUNDIR@@

The next group, which fixing @@ in XML include files, are more
invasive and even managed to break on FreeBSD (a good reminder of how
frail this is).  I'd say probably - our builder is happy again:

  documentation: use ENTITY includes to build ipsec.conf.5.xml
  documentation: update html rule; fix substitution when including
  documentation: update .man rule, fix substutions in includes
  building freebsd: use GNU sed when transforming

This next one is maybe - it's little more than nice to have:

  x509: log more details when cert add fails

The next should go in.  They help with maintaining the branch:

  testing: swan-prep fixes
  testing: update TESTLIST for cat tests that are good, not wip
  testing: addconn-25-missing-cert - add pluto log check
  testing: updated TESTLIST for addconn-25-missing-cert

Next we have this pair.  With the second reverting much of the first.
Let's pretend this never happened.

  testing: minor tweaks for certoe-17-asymmetric-cert-nat* and
certoe-11-symmetric-cert-nat
  testing: add new cat ipsec policies to two tests

These two, which tweak WIP tests, are a toss up:

  testing: don't make addconn-24-conn-default-rsasigkey "pass"
  testing: drop notvalidanymore cert, unused

The next set shouldn't go into the  5.0 branch.  Changing the
configuration is dangerous at the best of times.  Which is why, post
release candidate, they should be confined to fixing known broken
builds:

  building: do not abuse USE_IPTABLES or USE_NFTABLES
  building: add sanity check for USE_CAT and USE_NFLOG
  building: fix logics in sanity check
  building: when USE_NFLOG is disabled, disable it really
  ... with more to come ...

More information about the Swan-dev mailing list