[Swan] libreswan 3.6 pluto nss err -8015
Paul Wouters
paul at nohats.ca
Tue Nov 5 19:42:59 EET 2013
On Tue, 5 Nov 2013, csszep wrote:
> Hello list!
>
> I complied libreswan 3.6 on debian 7.0 with make deb, but ....
>
> Nov 5 11:19:01 debian7vm pluto[38061]: nss directory plutomain: /etc/ipsec.d
> Nov 5 11:19:01 debian7vm pluto[38061]: NSS readonly initialization failed (err -8015)
try: ipsec initnss
Pluto now opens the nss database readonly, instead of readwrite. So it
needs to exist before pluto starts. While we have upgraded the
fedora/rhel spec files to do this, the debian/ubuntu packages still need
to provide this. Basically in the "post install" phase of the package,
you need:
if [ ! -f /etc/ipsec.d/cert8.db ] ; then
echo > /var/tmp/libreswan-nss-pwd
certutil -N -f /var/tmp/libreswan-nss-pwd -d /etc/ipsec.d
# SElinux only
# restorecon /etc/ipsec.d/*db 2>/dev/null || :
rm /var/tmp/libreswan-nss-pwd
fi
Paul
More information about the Swan
mailing list