ports/96368: security/ipsec-tools: use OPTIONS, extend featureset
VANHULLEBUS Yvan
yvan.vanhullebus at netasq.com
Wed May 3 08:10:22 UTC 2006
The following reply was made to PR ports/96368; it has been noted by GNATS.
From: VANHULLEBUS Yvan <yvan.vanhullebus at netasq.com>
To: Joerg Pulz <Joerg.Pulz at frm2.tum.de>
Cc: Renato Botelho <garga at freebsd.org>, bug-followup at freebsd.org
Subject: Re: ports/96368: security/ipsec-tools: use OPTIONS, extend featureset
Date: Wed, 3 May 2006 10:04:56 +0200
--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, May 03, 2006 at 08:05:20AM +0200, Joerg Pulz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
>=20
> On Tue, 2 May 2006, VANHULLEBUS Yvan wrote:
>=20
> >On Sun, Apr 30, 2006 at 11:20:51PM +0200, Joerg Pulz wrote:
> [...]
> >>- - added some descriptive output if NATT is enabled (to please Yvan ;)=
)
> >
> >The simplest description in the option would be "enable NAT-T if
> >kernel support". That is exactly what configure will do.
>=20
> The OPTIONS description for NATT is already set to:
> "enable NAT-Traversal (kernel-patch required)"
>=20
> I think this is enough, as it is more than the current version of the=20
> port has as description (currently there is no message at all).
Yep.
> >The warning message if activated is also a good thing.
>=20
> There is a warning now which points the user to the URL for the=20
> downloadable patches. It appears just before configure kicks in.
Yes, I already noticed it, that's the warning message I was talking
about.
> >>- - small change to pkg-plist to create and delete the STATEDIR
> >
> >
> >I also took more time to look at the configure patch.
> >
> >If this is not "so urgent", the best way is to report a patch to
> >configure.ac directly to ipsec-tools-devel Ml (or directly to me),
> >I'll integrate it for 0.6.6 (which will soon need to be released).
>=20
> I will take a look at this, maybe i can write a small patch which you can=
=20
> integrate in the next release.
Send me the patch if you have time to make it.
> But for now we should keep it as it is, to=20
> have a consistent behavior for port and package.
Ok for me if it's not trivial to do the patch directly in ipsec-tools
0.6.6.
[adminport]
> >The reason why I'm not sure it is a good idea to enable it by default
> >is that it will create the socket file needed to communicate between
> >racoonctl/racoon, but I know they are some caveheats where the file is
> >not correctly removed (for example if racoon crashes).
> >
> >People may take a lot of time to understant that racoon doesn't
> >restart just because the file already exists !
>=20
> Just curious, i have no problem starting/restarting racoon when the socke=
t=20
> file already exists.
I just often use adminport, and just remember that "I had some
problems in the past", perhaps it has been fixed by someone else, I'll
recheck.
> Anyway, to please you even more, I've modified the racoon.sh rcNG script =
a=20
> little bit, that it removes the pidfile and the socketfile after a normal=
=20
> stop of racoon and just before the racoon startup, in case racoon died=20
> unexpectedly. Now we are sure that we have no leftovers from previously=
=20
> running racoon processes.
> I've also set the ADMINPORT OPTION to off by default.
Good.
> The new complete patch is:
Just for information, I don't know why, but if I just save your patch
and try to apply it, I always have a "File to patch:" request by
patch...
I don't know if I use an old version of patch (FreeBSD6.1's one) or if
your diff has "something" (I noticed that all lines which should start
by "- " starts by "- -", but I also tried to remove those manually,
and it doesn't change anything), as I'm not a diff/patch guru....
If the commiter don't have this problem applying the patch, it's ok
for me.
Thanks again for the time you took to provide the patch, and for the
time you took to made it "Vanhu compliant" :-)
Yvan.
--=20
NETASQ - Secure Internet Connectivity
http://www.netasq.com
--jRHKVT23PllUwdXP
Content-Type: application/x-pkcs7-signature
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIINPQYJKoZIhvcNAQcCoIINLjCCDSoCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
CokwggZ/MIIFZ6ADAgECAgpwxrFIFmvykFosMA0GCSqGSIb3DQEBBAUAMIGRMQswCQYDVQQG
EwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV
BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5F
VEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTA3MTUxNDQ0NDNaFw0wNzA3MTUx
NDQ0NDNaMIHYMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEuMCwGA1UEChMlTkVUQVNR
IC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEZMBcGA1UE
AxMQeXZhbiBWQU5IVUxMRUJVUzEqMCgGCSqGSIb3DQEJARYbeXZhbi52YW5odWxsZWJ1c0Bu
ZXRhc3EuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0quG0Q0oe+uM8lT
HAklvpFArPSxUE8qM+NzfqOUaMaAI9/+Zg1kFOSrcYYRnB0R7ZGj9H+wk92l6+9jdOJx+1cG
9wwhCzTFuN1qxiznhXtryOwZ9vZswnAJXH3b0R0hL0CUsv54KWGsZIDI72KHrEx/KThY7iU7
AMq8/MqGGjSixXzhm89ybWm4N36dWRJvyT3oHFRREDLhGhherC+FJPied4FwIjth7worVD9m
SVAPgp0WHpAhMqVe4vp4bJvpT9Qrv38cccfEiaaFaUvOCSF7h5gXy6F+D7xV/3adGqAwZ3sI
o1qN4SijkaI6uqbUP+zslX3t78qHSc7HWhVm4QIDAQABo4ICjjCCAoowDAYDVR0TAQH/BAIw
ADAdBgNVHQ4EFgQU/CR/mkkP1k1mu7ApVahPzBnqdJowgb4GA1UdIwSBtjCBs4AUJyrrHdlE
2joXc2oJICDJJaj5f7KhgZekgZQwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwROb3JkMRow
GAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2VjdXJlIElu
dGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5ggEAMA4GA1UdDwEB/wQEAwIF4DARBglghkgBhvhCAQEEBAMCBaAwKwYJKwYBBAGC
NxQCBB4eHABTAG0AYQByAHQAYwBhAHIAZABMAG8AZwBvAG4wLAYDVR0lAQH/BCIwIAYIKwYB
BQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3FAICMCsGA1UdEQQkMCKgIAYKKwYBBAGCNxQCA6AS
DBB5dmFudkBuZXRhc3EuY29tMIHNBgNVHR8EgcUwgcIwWqBYoFaGVGxkYXA6Ly9wa2kubmV0
YXNxLmNvbS9jbj1md2NhLG91PWNhcyxvPW5ldGFzcSxkYz1mcj9jZXJ0aWZpY2F0ZVJldm9j
YXRpb25MaXN0O2JpbmFyeTA4oDagNIYyaHR0cDovL2ludHJhbmV0Lm5ldGFzcS5jb20vaW50
cmFuZXQvcGtpL25ldGFzcS5jcmwwKqAooCaGJGh0dHA6Ly93d3cubmV0YXNxLmNvbS9wa2kv
bmV0YXNxLmNybDAfBglghkgBhvhCAQ0EEhYQVXNlciBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
AQQFAAOCAQEAMlfufwmHT/3KRXLIx0jcRwT9bOboCGMQrI7xK/kk9t0jvGm3KTlVN2uuZ0Hk
VU2QWqw6hPPoc1mclOPPWfNW4DHGafbIAqritDMoAtwCe7BkeZFaTRcigrnNJhyIjlfTHrrF
Pz8Iul+ZugtAV8gCrpMPrF/RUJ2wgvUiBrp/1zhTZ0WMini5KK/MEiWgvZKHq0Y4riD9Sw5L
84TbPcwQmHG4aQhsKkTNC9S80qurRVmTre+Qo68fzGXznPsSU/atH0OCIka3KYcJmrnoFosh
0fuWOhKRTDfcTVarpCFhFiNvg8gxUxi9kdI2m/u2h7zEYvEH89G4HQ6NFBNvh0XfjjCCBAIw
ggLqoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwRO
b3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2Vj
dXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MB4XDTAyMDIxOTEyMzQ1NVoXDTIyMDIxNDEyMzQ1NVowgZExCzAJBgNV
BAYTAkZSMQ0wCwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwG
A1UEChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMe
TkVUQVNRIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwYBPi3ref6t0tuJMoj5R4H7sa+WMSZwDh4XHjZV5e6P6LObyrleC6oNFDZJr
gBtKk9Swzfnnf4m3xc0QS9kKCPLFwLpmIK3RCx0K4YYi+uBrrL347kH4UPfrI6KvrYcFpG3Y
wFZUK+7LZn/Y9HSB6n4gvdiCk7cmkuFr1ifFtDYZqktNUss9yQCPqh0d9dXfuhRV8vyggvVk
cfTZcCyVpRaDYaDm0j30Urba62KsKxfh6cEAt6kmPUxviGVaoEiiaABDZVSu6PjS17qDcZaQ
zlnwhLacKyM1zR7+lvfFR03/h6m8JYGBPMP7zccH2uJfufh+Of3AvOfCFZFcNhzHCwIDAQAB
o2MwYTAdBgNVHQ4EFgQUJyrrHdlE2joXc2oJICDJJaj5f7IwHwYDVR0jBBgwFoAUJyrrHdlE
2joXc2oJICDJJaj5f7IwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
hvcNAQEEBQADggEBAJclqFN/WqYmhcZlXabrw6KJQNq/TK6TLDHzwZVcyjn0QhujHRr+EcVp
aE1pIS4fjsywzpINE3fe9DSlC4IzyeqDq3EtM4eQDSXm4YRGLZp8X2M5TdccmxlElDgZzlVX
MOlo/Ehhh4vqzSbc1M4FEfETiEV+vLX5MaWEHH8dmzlEL632mOme19QJN6BQKJPmCCj1VbxJ
DrJSpF01kXFJUtyrA0ilrEG0mA+FLFjfsWuZXzYEPjv1/FIPMlSnCCiW8ZSzwstQX2BhLEi0
ugZJRpakVMY/TkdoLEErYt0mjZD+d/oXFR7QNzMxAHpDEPmlZRotP1W7sO6kpBP7lyh/Yc4x
ggJ8MIICeAIBATCBoDCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcT
EVZpbGxlbmV1dmUgZCdBc2NxMS4wLAYDVQQKEyVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQg
Q29ubmVjdGl2aXR5MScwJQYDVQQLEx5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkC
CnDGsUgWa/KQWiwwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0wNjA1MDMwODA0NTVaMCMGCSqGSIb3DQEJBDEWBBQpLGDNo9M32RZb
jp2Eg5kpbdRBeTBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA
gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEF
AASCAQBgWvK4SG3rm/Rj7WQiCq+QP+1q6y6yDmSC9P/vz69rr2IcmpL8XYCrb0ah8Bt1+nG8
trlfaiWUDZ8Hm/JXGKNEcnSbsNpkYTKRgGr9MdfYtv2yxiQqh/yJ/HVN8QZ2tiYzCig66mhm
aG4OQHMsyVg5FCFnBrBFABKhUh8/09XnKoHh/madZebcc0ClqPh7hzUUxZ8FCggsMhBFI6uY
e56akS8ijTruusy5PEtxiCl3L7tPqiSC5+6fhCyeFwfSsei7BbBAIUG+4e4YyV6SZXw93hbG
7p1XQe3ejxCIM14XuOT4Y7h5R0AyfSbNC0hLdVHSiNd6IBnwgrX7LMFNmRc8
--jRHKVT23PllUwdXP--
More information about the freebsd-ports-bugs
mailing list