Ubuntu
strongswan package

Merge ~ahasenack/ubuntu/+source/strongswan:bionic-strongswan-charon-apparmor-1932197 into ubuntu/+source/strongswan:ubuntu/bionic-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/strongswan
  3. bionic-strongswan-charon-apparmor-1932197
  4. Merge into ubuntu/bionic-devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 485784dc9c9c71b7106f831e05c93560b13f36cc
Merge reported by: Andreas Hasenack
Merged at revision: 485784dc9c9c71b7106f831e05c93560b13f36cc
Proposed branch: ~ahasenack/ubuntu/+source/strongswan:bionic-strongswan-charon-apparmor-1932197
Merge into: ubuntu/+source/strongswan:ubuntu/bionic-devel
Diff against target: 42 lines (+10/-2)
2 files modified
debian/changelog (+8/-0)
debian/control (+2/-2)
Reviewer Review Type Date Requested Status
Lucas Kanashiro (community) Approve
Canonical Server Core Reviewers Pending
Review via email: mp+404423@code.launchpad.net

Description of the change

Bileto ticket (still ongoing): https://bileto.ubuntu.com/#/ticket/4589

Associated PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4589

Change the dependencies between strongswan-starter and strongswan-charon to what we have in focal and later (cherry-picked patch) so that the charon daemon will run confined with its apparmor profile on first install, and not just after a restart.

The linked bug has the SRU template filled in and a more detailed explanation, as well as a simple test case.

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

I am grabbing this for review.

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

The packaging changes look good, I reproduced the bug and confirmed that the version in the PPA fixes the issue.

I was not able to check the test runs triggered by bileto, did I miss something there? FWIW I did run autopkgtest locally and it passed:

autopkgtest [12:01:20]: @@@@@@@@@@@@@@@@@@@@ summary
daemon PASS
admin-strongswan-charon PASS
admin-strongswan-starter PASS
plugins PASS

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I just checked bileto, and there are no test results listed, so that means they are all green.
Bileto itself is saying "failed" but that's because it's an SRU and bileto doesn't know how to interpret that the package is blocked from automated migration (because the SRU team has to do the upload):

"Not touching package due to block request by freeze (please contact ubuntu-release if update is needed) "

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Pushing upload tag:

$ git push pkg upload/5.6.2-1ubuntu2.6
Enumerating objects: 13, done.
Counting objects: 100% (13/13), done.
Delta compression using up to 4 threads
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 1.33 KiB | 65.00 KiB/s, done.
Total 9 (delta 6), reused 0 (delta 0), pack-reused 0
To ssh://git.launchpad.net/ubuntu/+source/strongswan
 * [new tag] upload/5.6.2-1ubuntu2.6 -> upload/5.6.2-1ubuntu2.6

Uploading package:
$ dput ubuntu ../strongswan_5.6.2-1ubuntu2.6_source.changes
Checking signature on .changes
gpg: ../strongswan_5.6.2-1ubuntu2.6_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../strongswan_5.6.2-1ubuntu2.6.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading strongswan_5.6.2-1ubuntu2.6.dsc: done.
  Uploading strongswan_5.6.2-1ubuntu2.6.debian.tar.xz: done.
  Uploading strongswan_5.6.2-1ubuntu2.6_source.buildinfo: done.
  Uploading strongswan_5.6.2-1ubuntu2.6_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index d1780cc..b92dee3 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+strongswan (5.6.2-1ubuntu2.6) bionic; urgency=medium
7+
8+ * d/control: change dependency relationship between strongswan-charon and
9+ strongswan-starter so that the charon service is started with the apparmor
10+ profile applied (LP: #1932197)
11+
12+ -- Andreas Hasenack <andreas@canonical.com> Fri, 18 Jun 2021 19:58:12 +0000
13+
14 strongswan (5.6.2-1ubuntu2.5) bionic; urgency=medium
15
16 * d/p/lp-1772705-charon-nm-Fix-building-list-of-DNS-MDNS-servers-with.patch:
17diff --git a/debian/control b/debian/control
18index 2f24752..1f54245 100644
19--- a/debian/control
20+++ b/debian/control
21@@ -248,9 +248,9 @@ Architecture: any
22 Depends: adduser,
23 libstrongswan (= ${binary:Version}),
24 lsb-base (>= 3.0-6),
25+ strongswan-charon,
26 ${misc:Depends},
27 ${shlibs:Depends}
28-Recommends: strongswan-charon
29 Conflicts: openswan
30 Description: strongSwan daemon starter and configuration file parser
31 The strongSwan VPN suite uses the native IPsec stack in the standard
32@@ -285,9 +285,9 @@ Architecture: any
33 Pre-Depends: debconf | debconf-2.0
34 Depends: iproute2 [linux-any] | iproute [linux-any],
35 libstrongswan (= ${binary:Version}),
36- strongswan-starter,
37 ${misc:Depends},
38 ${shlibs:Depends}
39+Recommends: strongswan-starter,
40 Provides: ike-server
41 Description: strongSwan Internet Key Exchange daemon
42 The strongSwan VPN suite uses the native IPsec stack in the standard

Subscribers

People subscribed via source and target branches