This is a followon for ports/117128. The fix there doesn't work on boot when the rc.d/racoon script is sourced in /etc/rc. The reason is that on 4.x startup scripts were executed on boot. In 5.x and later in run_rc_script in /etc/rc.subr, it is sourced on boot. This was not detected on my 4.x-based appliance until we updated FreeBSD (to something newer than 4.x) recently. As a result the racoon_create_dirs=NO in rc.d/racoon is not overridden by a 'yes' setting in rc.conf (because _rc_conf_loaded is true and thus load_rc_config doesn't override the NO). Also (a second problem with rc.d/racoon on 5.x+), on boot rc.d scripts are normally invoked with faststart instead of start, so the test at the end fails, too. Fix: 1) Don't set racoon_create_dirs=NO if it's already set. 2) Create directories on 'faststart' as well as 'start'. How-To-Repeat: - install ipsec-tools - rm -rf /var/db/racoon (or have /var on an mfs) - add to /etc/rc.conf: racoon_enable=yes racoon_create_dirs=yes rc_debug=yes - reboot Observe that you get ... /usr/local/etc/rc.d/racoon: WARNING: /var/db/racoon is not a directory. ... and racoon does not start.
Maintainer of security/ipsec-tools, Please note that PR ports/148605 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/148605 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Hi. Patch seems to be ok, but unfortunately, I don't have actually any running setup on which I can test that this fix the PR. At least, it is simpler enough to not break anything, so ok for me. Yvan.
State Changed From-To: feedback->open Maintainer approved, but note that he was unable to test it. To maintainer: is this permanently the case? If so, perhaps the submitter would be able to maintain it?
Responsible Changed From-To: freebsd-ports-bugs->stephen I'll take it.
State Changed From-To: open->feedback Ask again who wants to be maintainer.
I'm planning to commit this PR soon. However linimon's question still stands: Yvan - are you willing to relinquish maintainership if John wants it? John - are you willing to take maintainership if Yvan is willing? Thanks, Stephen
Stephen Montgomery-Smith wrote at 11:11 -0500 on Jul 11, 2011: > I'm planning to commit this PR soon. > > However linimon's question still stands: > > Yvan - are you willing to relinquish maintainership if John wants it? > John - are you willing to take maintainership if Yvan is willing? >From last July... VANHULLEBUS Yvan wrote at 09:30 +0200 on Jul 26, 2010: > I'm still working on ipsec-tools project, but just don't have actually a > FreeBSD host on which I can easilly set up a dynamic /var and install > ipsec-tools port and check that this startup script works. >From the above quote, it seems Yvan answered that he is still maintaining it - as of last year. If that has changed, I'll do it. As for not having a setup where he can test a dynamic /var, I can only say that I do & I've tested it, and it works. But it's also not hard to test even if you don't have /var on mfs. See the "How-To-Repeat" for steps to do so.
Le lundi 11 juillet 2011 à 11:11 -0500, Stephen Montgomery-Smith a écrit : > I'm planning to commit this PR soon. Cool. > However linimon's question still stands: > > Yvan - are you willing to relinquish maintainership if John wants it? > John - are you willing to take maintainership if Yvan is willing? I said I don't have easy access to a specific setup where /var is on mfs, to check if John's patches really fixes the issue. I just checked his patch doesn't break things on a standard install. I'm still an ipsec-tools developper, I'm still working on IPsec on FreeBSD, and actually, I still have enough time to do most of the work for ipsec-tools port. I'll be the first to warn you if those things changes. Yvan.
So there will be no change to the maintainer. Thank you both for answering. I'll get it committed as soon as I get approval from my mentors (as I am a "committer in training").
State Changed From-To: feedback->analyzed Ready to commit after mentors' approval.
State Changed From-To: analyzed->closed Committed, thanks.
stephen 2011-07-19 03:33:26 UTC FreeBSD ports repository Modified files: security/ipsec-tools Makefile security/ipsec-tools/files racoon.sh.in Log: - Fix startup script rc.d/racoon. - Bump portrevision. PR: ports/148605 Submitted by: John Hein <jhein@symmetricom.com> Approved by: maho (mentor) and vanhu@netasq.com (maintainer) Revision Changes Path 1.29 +1 -0 ports/security/ipsec-tools/Makefile 1.8 +3 -3 ports/security/ipsec-tools/files/racoon.sh.in _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"