Bug#787810: marked as done (libstrongswan-standard-plugins not installed during dist-upgrade)

Sun, 07 Jun 2015 12:31:13 -0700 

Your message dated Sun, 07 Jun 2015 21:08:59 +0200
with message-id <1433704139.6082.2.ca...@debian.org>
and subject line Re: [Pkg-swan-devel] Bug#787810: Bug#787810: 
libstrongswan-standard-plugins not installed during dist-upgrade
has caused the Debian Bug report #787810,
regarding libstrongswan-standard-plugins not installed during dist-upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
787810: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787810
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libstrongswan-standard-plugins
Version: 5.2.1-6
Severity: serious

I've marked this bug serious because it can lead to a loss of
connectivity for remote users.

The system was running fine with strongSwan on wheezy using ECDSA

The system was upgraded to jessie using apt-get dist-upgrade

After upgrade, the VPN would not start

"ipsec up peer" would complain:

no private key found for 'fromcert'

Looking at the ipsec start logs in syslog, I observed the errors:

building CRED_PRIVATE_KEY - ECDSA failed, tried 2 builders
   loading private key from 'hostKey.der' failed
...
building CRED_CERTIFICATE - ANY failed, tried 1 builders
   loading certificate from 'hostCert.der' failed

Installing the missing package and restarting ipsec resolved the issue:

  apt-get install libstrongswan-standard-plugins
  ipsec stop
  ipsec start

This package may need to be sucked in automatically during dist-upgrade.

--- End Message ---
--- Begin Message --- 
Control: tag -1 wontfix

On ven., 2015-06-05 at 20:50 +0200, Daniel Pocock wrote:
> Do you feel these plugins definitely need to be in a separate package?

There are a lot of plugins, some of them really useful only for few
people. So yes it makes sense. There's no solution which will fit
everybody. Ubuntu decided to make one package per plugin, for example.
> 
> Do you think you could use a metapackage for upgraders, with a
> mandatory dependency on the plugins, so they end up with the same
> plugins they had before?

That's the reason for the recommends.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---

Reply via email to