strongswan-starter should conflict with openswan due to shared file /usr/sbin/ipsec
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Trent Lloyd |
Bug Description
strongswan-starter and openswan both share the file /usr/sbin/ipsec however there is no Conflicts relationship
$ apt-file search /usr/sbin/ipsec
openswan: /usr/sbin/ipsec
strongswan-starter: /usr/sbin/ipsec
openswan was deprecated in utopic, so trusty installations may wish to migrate to strongswan ahead of a xenial upgrade. In that case, the package upgrade can fail.
This was previously fixed upstream in Debian:
https:/
For apt operation ordering reasons I don't understand, the issue only appears when something else on the system (such as neutron-vpn-agent) depends on (strongswan | openswan). Just installing strongswan and replacing it with openswan or vica-versa doesn't cause the issue to trigger.
The Conflicts already exists in xenial through bionic, just not in trusty. So the upload would only be required in trusty.
[Impact]
* Users are unable to replace openswan with strongswan on trusty systems, where the next major Ubuntu release (xenial) dropped support for openswan completely but strongswan exists on both
* Only users on trusty are affected, once upgraded to xenial this change is already in place
[Test Case]
On a trusty machine (e.g. lxd)
add-apt-repository cloud-archive:
apt update
apt install neutron-vpn-agent openswan # you can answer no to X509 generation
apt install strongswan
[Regression Potential]
* I don't believe the conflicts introduces a new issue in terms of a conflict that didn't previously exist, since the packages contain a conflicting file and strongswan-starter depends on strongswan-ike which already has a Conflicts in place. So in terms of the dependency tree they already conflicted, but did not prevent this temporary file conflict.
* Other regression potential would be package rebuild related -- this package has had security uploads as recently as August 2017 so that risk appears reduced
[Other Info]
* Same change is already in place from xenial onwards, so no SRU uploads other than trusty are required
Changed in strongswan (Ubuntu): | |
status: | New → Confirmed |
description: | updated |
Changed in strongswan (Ubuntu Trusty): | |
assignee: | nobody → Trent Lloyd (lathiat) |
importance: | Undecided → Medium |
description: | updated |
Changed in strongswan (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in strongswan (Ubuntu): | |
status: | Confirmed → Fix Released |
debdiff to fix the issue