[PATCH v1 1/1] feature 3590: support modular conf and secrets files

From: Philip Prindeville <philipp@cpan.org>

From: Philip Prindeville <philipp@redfish-solutions.com>

As certs, CAs, keys, etc. are all contained individually in their
own files, so should it be with configurations and secrets.  This
makes managing a VPN concentrator with scripts easier since you
don't have to worry about replacing/deleting/etc parts of a file:
you either write the entire file, or you delete the entire file.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
---
 man/ipsec.secrets.5.in    | 2 +-
 src/starter/Makefile.am   | 2 ++
 src/starter/ipsec.conf    | 2 ++
 src/starter/ipsec.secrets | 2 ++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in
index 15e36faff30ff50cbdc3cbe1793feeef46d7e880..9b06458a196946a8a9c719f1d1f2c1a8d4c696ad 100644
--- a/man/ipsec.secrets.5.in
+++ b/man/ipsec.secrets.5.in
@@ -27,7 +27,7 @@ carol : XAUTH "4iChxLT3"
 dave  : XAUTH "ryftzG4A"
 
 # get secrets from other files
-include ipsec.*.secrets
+include ipsec.d/secrets/*
 .fi
 .RE
 .LP
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 298a1fb5782776b5f869cbada1f768cbbf0528f9..107cea630223039e6104a0fcbd80b1fcaee98c46 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -68,4 +68,6 @@ install-exec-local :
 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
 		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/conf" || true
 		test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d -m 700 "$(DESTDIR)$(sysconfdir)/ipsec.d/secrets" || true
diff --git a/src/starter/ipsec.conf b/src/starter/ipsec.conf
index a33d68c0a34aaa30dd3c8a0f31dfe74ef609ded8..2c82a9f774c5c3542f953890d63cdb3caf83c0e5 100644
--- a/src/starter/ipsec.conf
+++ b/src/starter/ipsec.conf
@@ -26,3 +26,5 @@ config setup
 #      rightsubnet=10.2.0.0/16
 #      rightid="C=CH, O=Linux strongSwan CN=peer name"
 #      auto=start
+
+include ipsec.d/conf/*.conf
diff --git a/src/starter/ipsec.secrets b/src/starter/ipsec.secrets
index dae7709a126b6a82c4a6a77a9a9dd087b1e6f8c7..6b3b8964a26df3c10b05f93a1b6a29d43d3c0bf5 100644
--- a/src/starter/ipsec.secrets
+++ b/src/starter/ipsec.secrets
@@ -1 +1,3 @@
 # ipsec.secrets - strongSwan IPsec secrets file
+
+include ipsec.d/secrets/*
-- 
2.17.1
0
philipp
10/10/2020 12:35:13 AM
perl.perl5.porters 48226 articles. 1 followers. Follow

2 Replies
1 Views

Similar Articles

[PageSpeed] 52

On 10/9/20 8:35 PM, Philip Prindeville wrote:
> From: Philip Prindeville <philipp@cpan.org>
> 
> From: Philip Prindeville <philipp@redfish-solutions.com>
> 
> As certs, CAs, keys, etc. are all contained individually in their
> own files, so should it be with configurations and secrets.  This
> makes managing a VPN concentrator with scripts easier since you
> don't have to worry about replacing/deleting/etc parts of a file:
> you either write the entire file, or you delete the entire file.
> 
> Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
> ---
>   man/ipsec.secrets.5.in    | 2 +-
>   src/starter/Makefile.am   | 2 ++
>   src/starter/ipsec.conf    | 2 ++
>   src/starter/ipsec.secrets | 2 ++
>   4 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in
> index 15e36faff30ff50cbdc3cbe1793feeef46d7e880..9b06458a196946a8a9c719f1d1f2c1a8d4c696ad 100644
> --- a/man/ipsec.secrets.5.in
> +++ b/man/ipsec.secrets.5.in
> @@ -27,7 +27,7 @@ carol : XAUTH "4iChxLT3"
>   dave  : XAUTH "ryftzG4A"
>   
>   # get secrets from other files
> -include ipsec.*.secrets
> +include ipsec.d/secrets/*
>   .fi
>   .RE
>   .LP
> diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
> index 298a1fb5782776b5f869cbada1f768cbbf0528f9..107cea630223039e6104a0fcbd80b1fcaee98c46 100644
> --- a/src/starter/Makefile.am
> +++ b/src/starter/Makefile.am
> @@ -68,4 +68,6 @@ install-exec-local :
>   		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
>   		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
>   		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
> +		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/conf" || true
>   		test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true
> +		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d -m 700 "$(DESTDIR)$(sysconfdir)/ipsec.d/secrets" || true
> diff --git a/src/starter/ipsec.conf b/src/starter/ipsec.conf
> index a33d68c0a34aaa30dd3c8a0f31dfe74ef609ded8..2c82a9f774c5c3542f953890d63cdb3caf83c0e5 100644
> --- a/src/starter/ipsec.conf
> +++ b/src/starter/ipsec.conf
> @@ -26,3 +26,5 @@ config setup
>   #      rightsubnet=10.2.0.0/16
>   #      rightid="C=CH, O=Linux strongSwan CN=peer name"
>   #      auto=start
> +
> +include ipsec.d/conf/*.conf
> diff --git a/src/starter/ipsec.secrets b/src/starter/ipsec.secrets
> index dae7709a126b6a82c4a6a77a9a9dd087b1e6f8c7..6b3b8964a26df3c10b05f93a1b6a29d43d3c0bf5 100644
> --- a/src/starter/ipsec.secrets
> +++ b/src/starter/ipsec.secrets
> @@ -1 +1,3 @@
>   # ipsec.secrets - strongSwan IPsec secrets file
> +
> +include ipsec.d/secrets/*
> 

I don't understand why you're submitting these patches to the 
perl5-porters mailing list.  The files being patches do not appear in 
our MANIFEST.

Can you clarify?

Thank you very much.
Jim Keenan
0
jkeenan
10/10/2020 1:14:59 AM

> On Oct 9, 2020, at 7:14 PM, James E Keenan <jkeenan@pobox.com> wrote:
>=20
> On 10/9/20 8:35 PM, Philip Prindeville wrote:
>> From: Philip Prindeville <philipp@cpan.org>
>> From: Philip Prindeville <philipp@redfish-solutions.com>
>> As certs, CAs, keys, etc. are all contained individually in their
>> own files, so should it be with configurations and secrets.  This
>> makes managing a VPN concentrator with scripts easier since you
>> don't have to worry about replacing/deleting/etc parts of a file:
>> you either write the entire file, or you delete the entire file.
>> Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
>> ---
>>  man/ipsec.secrets.5.in    | 2 +-
>>  src/starter/Makefile.am   | 2 ++
>>  src/starter/ipsec.conf    | 2 ++
>>  src/starter/ipsec.secrets | 2 ++
>>  4 files changed, 7 insertions(+), 1 deletion(-)
>> diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in
>> index =
15e36faff30ff50cbdc3cbe1793feeef46d7e880..9b06458a196946a8a9c719f1d1f2c1a8=
d4c696ad 100644
>> --- a/man/ipsec.secrets.5.in
>> +++ b/man/ipsec.secrets.5.in
>> @@ -27,7 +27,7 @@ carol : XAUTH "4iChxLT3"
>>  dave  : XAUTH "ryftzG4A"
>>    # get secrets from other files
>> -include ipsec.*.secrets
>> +include ipsec.d/secrets/*
>>  .fi
>>  .RE
>>  .LP
>> diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
>> index =
298a1fb5782776b5f869cbada1f768cbbf0528f9..107cea630223039e6104a0fcbd80b1fc=
aee98c46 100644
>> --- a/src/starter/Makefile.am
>> +++ b/src/starter/Makefile.am
>> @@ -68,4 +68,6 @@ install-exec-local :
>>  		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || =
$(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
>>  		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || =
$(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
>>  		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || =
$(INSTALL) -m 644 $(srcdir)/ipsec.conf =
$(DESTDIR)$(sysconfdir)/ipsec.conf || true
>> +		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || =
$(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/conf" || true
>>  		test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || =
$(INSTALL) -m 600 $(srcdir)/ipsec.secrets =
$(DESTDIR)$(sysconfdir)/ipsec.secrets || true
>> +		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || =
$(INSTALL) -d -m 700 "$(DESTDIR)$(sysconfdir)/ipsec.d/secrets" || true
>> diff --git a/src/starter/ipsec.conf b/src/starter/ipsec.conf
>> index =
a33d68c0a34aaa30dd3c8a0f31dfe74ef609ded8..2c82a9f774c5c3542f953890d63cdb3c=
af83c0e5 100644
>> --- a/src/starter/ipsec.conf
>> +++ b/src/starter/ipsec.conf
>> @@ -26,3 +26,5 @@ config setup
>>  #      rightsubnet=3D10.2.0.0/16
>>  #      rightid=3D"C=3DCH, O=3DLinux strongSwan CN=3Dpeer name"
>>  #      auto=3Dstart
>> +
>> +include ipsec.d/conf/*.conf
>> diff --git a/src/starter/ipsec.secrets b/src/starter/ipsec.secrets
>> index =
dae7709a126b6a82c4a6a77a9a9dd087b1e6f8c7..6b3b8964a26df3c10b05f93a1b6a29d4=
3d3c0bf5 100644
>> --- a/src/starter/ipsec.secrets
>> +++ b/src/starter/ipsec.secrets
>> @@ -1 +1,3 @@
>>  # ipsec.secrets - strongSwan IPsec secrets file
>> +
>> +include ipsec.d/secrets/*
>=20
> I don't understand why you're submitting these patches to the =
perl5-porters mailing list.  The files being patches do not appear in =
our MANIFEST.
>=20
> Can you clarify?
>=20
> Thank you very much.
> Jim Keenan


Broken scripting... sorry about that.

-Philip
0
philipp
10/10/2020 4:56:34 AM
Reply: