636572 – ipsec service is started by default

Bug 636572 - ipsec service is started by default

Summary: ipsec service is started by default

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openswan
Sub Component:
Version:	14
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Avesh Agarwal
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F14Target
TreeView+	depends on / blocked

Reported:	2010-09-22 15:38 UTC by Orion Poplawski
Modified:	2010-11-10 01:06 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openswan-2.6.29-2.fc14
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-11-09 17:47:17 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Orion Poplawski 2010-09-22 15:38:38 UTC

Description of problem:

The presence of:

# Default-Start:     2 3 4 5

in /etc/rc.d/init.d/ipsec causes it to be started by default. This should be empty, e.g.:

# Default-Start:

Version-Release number of selected component (if applicable):
openswan-2.6.27-1.fc14.x86_64

Comment 1 Avesh Agarwal 2010-09-30 15:43:17 UTC

Fixed and made a new build openswan-2.6.29-2.fc14.

Comment 2 Paul Wouters 2010-09-30 16:07:11 UTC

This conflicts with http://wiki.debian.org/LSBInitScripts

Can Debian/Fedora talk and decide on what the LSB really means?

Comment 3 Paul Wouters 2010-09-30 16:07:42 UTC

just to clarify, Debian wanted us to put the numbers us. Fedora wants us not to put the numbers in......

Comment 4 Paul Wouters 2010-09-30 16:08:05 UTC

http://refspecs.freestandards.org/LSB_2.1.0/LSB-generic/LSB-generic/initscrcomconv.html

Comment 5 Orion Poplawski 2010-09-30 16:12:43 UTC

But what decides whether the service is enabled by default or not?

Comment 6 Steve Grubb 2010-09-30 21:16:31 UTC

Unnecessary daemons should not run by default. If you look at /etc/rc.d/init.d/raccoon, you will see that it does not run by default. Pluto is a replacement for it.

There should also be a way for NetworkManager to start pluto if its not running and it needs to be running...

Comment 7 Paul Wouters 2010-09-30 23:09:13 UTC

I understand openswan should not run per default after install. However, debian asked us to change this, because Default-Start is used by their update-rc.d to know what symlinks to create. However, they do not run update-rc.d on package install - the sysadmin does that.

So, as stated above, Fedora and Debian do not agree on the meaning of Default-Start in the LSB, and openswan seems to be stuck in the middle.

Comment 8 Avesh Agarwal 2010-10-13 14:33:11 UTC

(In reply to comment #6)
> 
> There should also be a way for NetworkManager to start pluto if its not running
> and it needs to be running...

Actually NetworkManager-openswan already does this.

Comment 9 Orion Poplawski 2010-10-13 14:41:41 UTC

Same issue in openswan-2.6.29-1.fc13

Comment 10 Avesh Agarwal 2010-10-13 14:45:01 UTC

The patch to fix this issue is only in F14/F15 right now. Once it gets some testing there, I can commit the patch in F13 too.

Comment 11 Orion Poplawski 2010-10-13 14:51:44 UTC

I don't see an update for F14.

Comment 12 Avesh Agarwal 2010-10-13 14:56:15 UTC

http://koji.fedoraproject.org/koji/buildinfo?buildID=198247

Comment 13 Orion Poplawski 2010-10-13 15:00:40 UTC

Can you please submit an update to testing with bodhi?

Comment 14 Fedora Update System 2010-10-13 15:05:55 UTC

openswan-2.6.29-2.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/openswan-2.6.29-2.fc14

Comment 15 Fedora Update System 2010-10-13 21:22:55 UTC

openswan-2.6.29-2.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openswan'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/openswan-2.6.29-2.fc14

Comment 16 Avesh Agarwal 2010-11-09 17:47:17 UTC

Closing this as the issue has been resolved. Please reopen if the issue still persists.

Comment 17 Fedora Update System 2010-11-10 01:06:43 UTC

openswan-2.6.29-2.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.