ports/96368: security/ipsec-tools: use OPTIONS, extend featureset

[VANHULLEBUS Yvan]

The following reply was made to PR ports/96368; it has been noted by GNATS.

From: VANHULLEBUS Yvan <yvan.vanhullebus at netasq.com>
To: Joerg Pulz <Joerg.Pulz at frm2.tum.de>
Cc: Renato Botelho <garga at FreeBSD.org>, bug-followup at FreeBSD.org
Subject: Re:  ports/96368: security/ipsec-tools: use OPTIONS, extend featureset
Date: Tue, 2 May 2006 11:21:52 +0200

 --qDbXVdCdHGoSgWSk
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Sun, Apr 30, 2006 at 11:20:51PM +0200, Joerg Pulz wrote:
 > -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
 >=20
 >=20
 > Hi again,
 
 Hi.
 
 > here is a new version of my patch.
 
 Good.
 
 
 > What has changed:
 > - - default settings for OPTIONS changed
 >    * STATS, PAM and HYBRID default off (requested by Yvan)
 
 Thanks :-)
 
 
 > - - added some descriptive output if NATT is enabled (to please Yvan ;) )
 
 The simplest description in the option would be "enable NAT-T if
 kernel support". That is exactly what configure will do.
 
 
 The warning message if activated is also a good thing.
 
 
 > - - small change to pkg-plist to create and delete the STATEDIR
 
 
 I also took more time to look at the configure patch.
 
 If this is not "so urgent", the best way is to report a patch to
 configure.ac directly to ipsec-tools-devel Ml (or directly to me),
 I'll integrate it for 0.6.6 (which will soon need to be released).
 
 
 
 > Why is there still --localstatedir=3D${STATEDIR:S/\/racoon//} ?
 > I triple checked the statedir thing, and it turned out, that this=20
 > directory defaults to ${PREFIX}/var/racoon and is created by the=20
 > ipsec-tools Makefiles regardless wether adminport or stats are enabled or=
 =20
 > not. In my opinion, ${PREFIX}/var/racoon is a very bad place for a=20
 > communication socket between racconctl or libracoon based programs and=20
 > racoon or to store statistical logs. This kind of data belongs to=20
 > /var/db/racoon and therefor --localstatedir should be used every time.
 > Yvan should have knowledge of this as there is the line
 > "@dirrmtry var/racoon" in the pkg-plist to remove this directory when=20
 > deinstalling the port/package.
 
 Ok for localstatedir.
 
 
 [....]
 > I hope i get an approval for this version of the patch as would really=20
 > like to see this in the tree.
 
 Well, I whish I'll have enough time to just get your patch and do
 quickly myself the minor changes I've requested, but I'm really very
 busy those days....
 
 The "last" remaining problem is adminport....
 
 The reason why I'm not sure it is a good idea to enable it by default
 is that it will create the socket file needed to communicate between
 racoonctl/racoon, but I know they are some caveheats where the file is
 not correctly removed (for example if racoon crashes).
 
 People may take a lot of time to understant that racoon doesn't
 restart just because the file already exists !
 
 
 
 Yvan.
 
 --=20
 NETASQ - Secure Internet Connectivity
 http://www.netasq.com
 
 --qDbXVdCdHGoSgWSk
 Content-Type: application/x-pkcs7-signature
 Content-Disposition: attachment; filename="smime.p7s"
 Content-Transfer-Encoding: base64
 
 MIINPQYJKoZIhvcNAQcCoIINLjCCDSoCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
 CokwggZ/MIIFZ6ADAgECAgpwxrFIFmvykFosMA0GCSqGSIb3DQEBBAUAMIGRMQswCQYDVQQG
 EwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV
 BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5F
 VEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTA3MTUxNDQ0NDNaFw0wNzA3MTUx
 NDQ0NDNaMIHYMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEuMCwGA1UEChMlTkVUQVNR
 IC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRp
 ZmljYXRpb24gQXV0aG9yaXR5MRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEZMBcGA1UE
 AxMQeXZhbiBWQU5IVUxMRUJVUzEqMCgGCSqGSIb3DQEJARYbeXZhbi52YW5odWxsZWJ1c0Bu
 ZXRhc3EuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0quG0Q0oe+uM8lT
 HAklvpFArPSxUE8qM+NzfqOUaMaAI9/+Zg1kFOSrcYYRnB0R7ZGj9H+wk92l6+9jdOJx+1cG
 9wwhCzTFuN1qxiznhXtryOwZ9vZswnAJXH3b0R0hL0CUsv54KWGsZIDI72KHrEx/KThY7iU7
 AMq8/MqGGjSixXzhm89ybWm4N36dWRJvyT3oHFRREDLhGhherC+FJPied4FwIjth7worVD9m
 SVAPgp0WHpAhMqVe4vp4bJvpT9Qrv38cccfEiaaFaUvOCSF7h5gXy6F+D7xV/3adGqAwZ3sI
 o1qN4SijkaI6uqbUP+zslX3t78qHSc7HWhVm4QIDAQABo4ICjjCCAoowDAYDVR0TAQH/BAIw
 ADAdBgNVHQ4EFgQU/CR/mkkP1k1mu7ApVahPzBnqdJowgb4GA1UdIwSBtjCBs4AUJyrrHdlE
 2joXc2oJICDJJaj5f7KhgZekgZQwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwROb3JkMRow
 GAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2VjdXJlIElu
 dGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRpb24gQXV0
 aG9yaXR5ggEAMA4GA1UdDwEB/wQEAwIF4DARBglghkgBhvhCAQEEBAMCBaAwKwYJKwYBBAGC
 NxQCBB4eHABTAG0AYQByAHQAYwBhAHIAZABMAG8AZwBvAG4wLAYDVR0lAQH/BCIwIAYIKwYB
 BQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3FAICMCsGA1UdEQQkMCKgIAYKKwYBBAGCNxQCA6AS
 DBB5dmFudkBuZXRhc3EuY29tMIHNBgNVHR8EgcUwgcIwWqBYoFaGVGxkYXA6Ly9wa2kubmV0
 YXNxLmNvbS9jbj1md2NhLG91PWNhcyxvPW5ldGFzcSxkYz1mcj9jZXJ0aWZpY2F0ZVJldm9j
 YXRpb25MaXN0O2JpbmFyeTA4oDagNIYyaHR0cDovL2ludHJhbmV0Lm5ldGFzcS5jb20vaW50
 cmFuZXQvcGtpL25ldGFzcS5jcmwwKqAooCaGJGh0dHA6Ly93d3cubmV0YXNxLmNvbS9wa2kv
 bmV0YXNxLmNybDAfBglghkgBhvhCAQ0EEhYQVXNlciBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
 AQQFAAOCAQEAMlfufwmHT/3KRXLIx0jcRwT9bOboCGMQrI7xK/kk9t0jvGm3KTlVN2uuZ0Hk
 VU2QWqw6hPPoc1mclOPPWfNW4DHGafbIAqritDMoAtwCe7BkeZFaTRcigrnNJhyIjlfTHrrF
 Pz8Iul+ZugtAV8gCrpMPrF/RUJ2wgvUiBrp/1zhTZ0WMini5KK/MEiWgvZKHq0Y4riD9Sw5L
 84TbPcwQmHG4aQhsKkTNC9S80qurRVmTre+Qo68fzGXznPsSU/atH0OCIka3KYcJmrnoFosh
 0fuWOhKRTDfcTVarpCFhFiNvg8gxUxi9kdI2m/u2h7zEYvEH89G4HQ6NFBNvh0XfjjCCBAIw
 ggLqoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwRO
 b3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2Vj
 dXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRp
 b24gQXV0aG9yaXR5MB4XDTAyMDIxOTEyMzQ1NVoXDTIyMDIxNDEyMzQ1NVowgZExCzAJBgNV
 BAYTAkZSMQ0wCwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwG
 A1UEChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMe
 TkVUQVNRIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 MIIBCgKCAQEAwYBPi3ref6t0tuJMoj5R4H7sa+WMSZwDh4XHjZV5e6P6LObyrleC6oNFDZJr
 gBtKk9Swzfnnf4m3xc0QS9kKCPLFwLpmIK3RCx0K4YYi+uBrrL347kH4UPfrI6KvrYcFpG3Y
 wFZUK+7LZn/Y9HSB6n4gvdiCk7cmkuFr1ifFtDYZqktNUss9yQCPqh0d9dXfuhRV8vyggvVk
 cfTZcCyVpRaDYaDm0j30Urba62KsKxfh6cEAt6kmPUxviGVaoEiiaABDZVSu6PjS17qDcZaQ
 zlnwhLacKyM1zR7+lvfFR03/h6m8JYGBPMP7zccH2uJfufh+Of3AvOfCFZFcNhzHCwIDAQAB
 o2MwYTAdBgNVHQ4EFgQUJyrrHdlE2joXc2oJICDJJaj5f7IwHwYDVR0jBBgwFoAUJyrrHdlE
 2joXc2oJICDJJaj5f7IwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
 hvcNAQEEBQADggEBAJclqFN/WqYmhcZlXabrw6KJQNq/TK6TLDHzwZVcyjn0QhujHRr+EcVp
 aE1pIS4fjsywzpINE3fe9DSlC4IzyeqDq3EtM4eQDSXm4YRGLZp8X2M5TdccmxlElDgZzlVX
 MOlo/Ehhh4vqzSbc1M4FEfETiEV+vLX5MaWEHH8dmzlEL632mOme19QJN6BQKJPmCCj1VbxJ
 DrJSpF01kXFJUtyrA0ilrEG0mA+FLFjfsWuZXzYEPjv1/FIPMlSnCCiW8ZSzwstQX2BhLEi0
 ugZJRpakVMY/TkdoLEErYt0mjZD+d/oXFR7QNzMxAHpDEPmlZRotP1W7sO6kpBP7lyh/Yc4x
 ggJ8MIICeAIBATCBoDCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcT
 EVZpbGxlbmV1dmUgZCdBc2NxMS4wLAYDVQQKEyVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQg
 Q29ubmVjdGl2aXR5MScwJQYDVQQLEx5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkC
 CnDGsUgWa/KQWiwwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
 CSqGSIb3DQEJBTEPFw0wNjA1MDIwOTIxNTJaMCMGCSqGSIb3DQEJBDEWBBQjrsZjUkyfFd5f
 593zih2DN7J/bjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA
 gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEF
 AASCAQBqKrTZyj8hltEfDwCxG0vk0fWI+kYwjomlmdjtEJs1ARPQWgR/bxglwDw0n/ekR+IX
 NoMG8gqNXyg2/Op2mSlR1aveIxCxOCAy7qIoqRjhEDAjGKVU8p0bTRk+hgsd9/m3W6f+2Q6V
 7X/JDe7EVMkAXJoEpIM81nOhUZdNfmXiBLtAyQRZcr/kQOfMKBioZ5pcFaA5YXAoiJZKhJLM
 wn8ewLkOeAPutYVpaCwarCRnhQxRdTleHuqVSbLDjlAFvJ/SKcSQF5JpNZAjLq0o+YvW8gZF
 LPyjHVTJrJw/DQFsqp2eeaPo7j73NJZ3jPwKLNC8IBdgkVjb4nxkF70KLEjL
 
 --qDbXVdCdHGoSgWSk--