From fj@batmule.dk  Sun Feb 16 08:17:27 2003
Return-Path: <fj@batmule.dk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 474EB37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Feb 2003 08:17:27 -0800 (PST)
Received: from cicero1.cybercity.dk (cicero1.cybercity.dk [212.242.40.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 09C5743F3F
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Feb 2003 08:17:26 -0800 (PST)
	(envelope-from fj@batmule.dk)
Received: from prefect.unknown.dk (dag.batmule.dk [212.242.86.227])
	by cicero1.cybercity.dk (Postfix) with ESMTP id 241C615FF42
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Feb 2003 17:17:24 +0100 (CET)
Received: from prefect.unknown.dk (localhost [127.0.0.1])
	by prefect.unknown.dk (8.12.6/8.12.6) with ESMTP id h1GGHNU0050238
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Feb 2003 17:17:23 +0100 (CET)
	(envelope-from fj@prefect.unknown.dk)
Received: (from fj@localhost)
	by prefect.unknown.dk (8.12.6/8.12.6/Submit) id h1GGHNOq050237;
	Sun, 16 Feb 2003 17:17:23 +0100 (CET)
Message-Id: <200302161617.h1GGHNOq050237@prefect.unknown.dk>
Date: Sun, 16 Feb 2003 17:17:23 +0100 (CET)
From: Flemming Jacobsen <fj@batmule.dk>
Reply-To: Flemming Jacobsen <fj@batmule.dk>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] /etc/rc.d/ipsec has ipsec_file hardcoded, overriding rc.conf
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         48332
>Category:       conf
>Synopsis:       [PATCH] /etc/rc.d/ipsec has ipsec_file hardcoded, overriding rc.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    mtm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 16 08:20:05 PST 2003
>Closed-Date:    Sun Feb 16 12:48:21 PST 2003
>Last-Modified:  Sun Feb 16 14:00:24 PST 2003
>Originator:     Flemming Jacobsen <fj@batmule.dk>
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD dent.unknown.dk 5.0-CURRENT FreeBSD 5.0-CURRENT #11: Sun Feb 9 20:36:00 CET 2003 fj@dent.unknown.dk:/usr/obj/usr/src/sys/DENT i386
	
>Description:
	ipsec_file is set in /etc/defaults/rc.conf and (possibly) in 
	/etc/rc.conf. However /etc/rc.d/ipsec set it to /etc/ipsec.conf.
	The attached patch moved this setting into the NetBSD section 
	(where I assume it is needed).
>How-To-Repeat:
	Create a valid /etc/ipsec.conf file.
	Set ipsec_enable="YES" in /etc/rc.conf
	Reboot and observe that everything is behaving well.
	Rename /etc/ipsec.conf to (i.e.) /etc/ipsec1.conf
	Set ipsec_file="/etc/ipsec1.conf" in /etc/rc.conf
	Reboot and observe the following error:
	  /etc/rc: WARNING: /etc/ipsec.conf not readable; ipsec start aborted.
	  ERROR: ABORTING BOOT((sending SIGTERM to parent)!
	  Enter full pathname of shell or RETURN for /bin/sh:
>Fix:
	See attached patch.

--- ipsec.udiff begins here ---
--- ipsec.orig	Sun Feb 16 16:29:22 2003
+++ ipsec	Sun Feb 16 16:30:32 2003
@@ -15,8 +15,6 @@
 
 name="ipsec"
 rcvar=`set_rcvar`
-# This will be overiden from rc.conf on FreeBSD.
-ipsec_file="/etc/ipsec.conf"
 start_precmd="ipsec_prestart"
 start_cmd="ipsec_start"
 stop_precmd="test -f /etc/ipsec.conf"
@@ -27,9 +25,11 @@
 case ${OSTYPE} in
 FreeBSD)
 	ipsec_program="/usr/sbin/setkey"
+	# ipsec_file is set by rc.conf
 	;;
 NetBSD)
 	ipsec_program="/sbin/setkey"
+	ipsec_file="/etc/ipsec.conf"
 	;;
 esac
 
--- ipsec.udiff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->mtm 
Responsible-Changed-By: mtm 
Responsible-Changed-When: Sun Feb 16 12:35:46 PST 2003 
Responsible-Changed-Why:  
Ok, I'll take this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48332 
State-Changed-From-To: open->closed 
State-Changed-By: mtm 
State-Changed-When: Sun Feb 16 12:47:47 PST 2003 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48332 

From: Giorgos Keramidas <keramida@freebsd.org>
To: Flemming Jacobsen <fj@batmule.dk>
Cc: bug-followup@freebsd.org
Subject: Re: conf/48332: [PATCH] /etc/rc.d/ipsec has ipsec_file hardcoded, overriding rc.conf
Date: Sun, 16 Feb 2003 22:44:07 +0200

 On 2003-02-16 17:17, Flemming Jacobsen <fj@batmule.dk> wrote:
 >  name="ipsec"
 >  rcvar=`set_rcvar`
 > -# This will be overiden from rc.conf on FreeBSD.
 > -ipsec_file="/etc/ipsec.conf"
 
 How about (instead of deleting the assignment) making it conditional
 to ipsec_file being unset?
 
 	ipsec_file="${ipsec_file:-/etc/ipsec.conf}"
 
 >  FreeBSD)
 >  	ipsec_program="/usr/sbin/setkey"
 > +	# ipsec_file is set by rc.conf
 
 This will break if the admin forgets to set it in rc.conf.  I'd
 probably set it to /etc/ipsec.conf in /etc/defaults/rc.conf and
 also use the ${var:-value} assignment as above.
 
 What do you think?
 

From: Mike Makonnen <mtm@identd.net>
To: Giorgos Keramidas <keramida@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: conf/48332: [PATCH] /etc/rc.d/ipsec has ipsec_file hardcoded,
 overriding rc.conf
Date: Sun, 16 Feb 2003 16:21:40 -0500

 On Sun, 16 Feb 2003 13:10:11 -0800 (PST)
 Giorgos Keramidas <keramida@FreeBSD.org> wrote:
 
 >  How about (instead of deleting the assignment) making it conditional
 >  to ipsec_file being unset?
 
 Well, the issue is not really about it being set or not set, it's about the
 difference between FreeBSD and NetBSD. We have it defined, but they don't. The
 way it is currently setup only became a bug when we stopped reading in rc.conf
 for every script during boot (thus not overiding the default).
 
 >  
 >  	ipsec_file="${ipsec_file:-/etc/ipsec.conf}"
 >  
 >  >  FreeBSD)
 >  >  	ipsec_program="/usr/sbin/setkey"
 >  > +	# ipsec_file is set by rc.conf
 >  
 >  This will break if the admin forgets to set it in rc.conf.  I'd
 >  probably set it to /etc/ipsec.conf in /etc/defaults/rc.conf and
 >  also use the ${var:-value} assignment as above.
 
 It's allready in defaults/rc.conf
 
 Cheers.
 -- 
 Mike Makonnen  | GPG-KEY: http://www.identd.net/~mtm/mtm.asc
 mtm@identd.net | Fingerprint: D228 1A6F C64E 120A A1C9  A3AA DAE1 E2AF DBCC 68B9

From: Giorgos Keramidas <keramida@freebsd.org>
To: Mike Makonnen <mtm@identd.net>
Cc: bug-followup@freebsd.org
Subject: Re: conf/48332: [PATCH] /etc/rc.d/ipsec has ipsec_file hardcoded, overriding rc.conf
Date: Sun, 16 Feb 2003 23:26:00 +0200

 On 2003-02-16 16:21, Mike Makonnen <mtm@identd.net> wrote:
 > >  This will break if the admin forgets to set it in rc.conf.  I'd
 > >  probably set it to /etc/ipsec.conf in /etc/defaults/rc.conf and
 > >  also use the ${var:-value} assignment as above.
 >
 > It's allready in defaults/rc.conf
 
 Aye, I spoke too fast then.  The original change looks fine :)
 

From: Flemming Jacobsen <fj@batmule.dk>
To: Giorgos Keramidas <keramida@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: conf/48332: [PATCH] /etc/rc.d/ipsec has ipsec_file hardcoded, overriding rc.conf
Date: Sun, 16 Feb 2003 22:50:56 +0100

 Giorgos Keramidas wrote:
 > On 2003-02-16 17:17, Flemming Jacobsen <fj@batmule.dk> wrote:
 > >  name="ipsec"
 > >  rcvar=`set_rcvar`
 > > -# This will be overiden from rc.conf on FreeBSD.
 > > -ipsec_file="/etc/ipsec.conf"
 > 
 > How about (instead of deleting the assignment) making it conditional
 > to ipsec_file being unset?
 > 	ipsec_file="${ipsec_file:-/etc/ipsec.conf}"
 
 That shouldn't be needed.
 
 > >  FreeBSD)
 > >  	ipsec_program="/usr/sbin/setkey"
 > > +	# ipsec_file is set by rc.conf
 > 
 > This will break if the admin forgets to set it in rc.conf.  I'd
 > probably set it to /etc/ipsec.conf in /etc/defaults/rc.conf and
 > also use the ${var:-value} assignment as above.
 
 /etc/defaults/rc.conf sets ipsec_file allready.
 The only way the conditional would get used would be if the admin
 cleared the variable, and then (s)he asked for it.
 
 
 	Hyg'
 	Flemming
 
 -- 
 Flemming Jacobsen                                  Email: fj@batmule.dk
    ---===   If speed kills, Windows users may live forever.   ===---
>Unformatted:
