Description of problem: Most of strongSwan's configuration files are not protected from being overwritten during updates. Only the top-level ipsec.conf and strongswan.conf, as well as swanctl/swanctl.conf, are protected. Files under strongswan.d also need to be protected, as that is where module configuration is done. Steps to Reproduce: 1. Install strongswan 2. Change a module configuration, e.g. add a RADIUS server definition to /etc/strongswan/strongswan.d/charon/eap-radius.conf 3. Update or reinstall strongswan Actual results: Changes to the plugin configuration are overwritten with the defaults Expected results: Changes should be preserved Additional info: According to the documentation[1], the strongswan.d and strongswan.d/charon directories were introduced in version 5.1.2 [1] https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanDirectory
I think this could work for us... diff --git a/strongswan.spec b/strongswan.spec index ca8b400..9399f05 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -227,12 +227,8 @@ fi %files %doc README README.Fedora COPYING NEWS TODO -%dir %{_sysconfdir}/%{name} +%config(noreplace) %{_sysconfdir}/%{name} %{_sysconfdir}/%{name}/ipsec.d/ -%config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf -%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf -%dir %{_sysconfdir}/%{name}/swanctl/ -%config(noreplace) %{_sysconfdir}/%{name}/swanctl/swanctl.conf %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %{_unitdir}/%{name}.service %{_unitdir}/%{name}-swanctl.service @@ -327,7 +323,6 @@ fi %{_mandir}/man8/%{name}_scepclient.8.gz %{_mandir}/man8/%{name}_charon-cmd.8.gz %{_mandir}/man8/%{name}_swanctl.8.gz -%{_sysconfdir}/%{name}/%{name}.d/ %{_datadir}/%{name}/templates/config/ %{_datadir}/%{name}/templates/database/
Pushed to rawhide for now.
EPEL packages were recently updated using Fedora Rawhide.