Ubuntu
strongswan package

libstrongswan-extra-plugins dependency problem with libstrongswan

Bug #1993515 reported by Deadolus on 2022-10-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	strongswan (Ubuntu)	Expired	Undecided	Unassigned

Bug Description

libstrongswan-extra-plugins depends on a wrong libstrongswan version.
Or maybe the libstrongswan version in the package repository was wrongly compiled/distributed.
The amd64 version of the packet has the version tag "5.9.5-2ubuntu2.1", all others are "5.9.5-2ubuntu2".
Thus the dependency is not found while installing libstrongswan-extra-plugins.
See following output while trying to install the package:

$ sudo apt install libstrongswan-extra-plugins
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
libstrongswan-extra-plugins : Depends: libstrongswan (= 5.9.5-2ubuntu2) but 5.9.5-2ubuntu2.1 is to be installed
E: Unable to correct problems, you have held broken packages.

Revision history for this message

Paride Legovini (paride) wrote on 2022-10-20:

Hello and thanks for this bug report. In Jammy by doing `apt show libstrongswan-extra-plugins` I see:

Depends: libstrongswan (= 5.9.5-2ubuntu2.1), ...

and looks like all the packages built from the strongswan source package have the correct versioned dependencies. Actually it would be quite hard to break them in they way you reported, so I think your local cache of available packages is corrupted or out of date (in a strange way).

Can you please run an `apt update` and check if the problem goes away? Thank you.

Changed in strongswan (Ubuntu):
status:	New → Incomplete

Revision history for this message

Deadolus (deadolus) wrote on 2022-10-21:

Download full text (5.4 KiB)

@paride
The failure did not go away with a apt update.
The official packet repository also highlights the problem:

https://packages.ubuntu.com/jammy/libstrongswan-extra-plugins

says it depends on libstrongswan, but

https://packages.ubuntu.com/jammy/libstrongswan

says it installs 5.9.5-2ubuntu2.1.
This is what my "apt show" command returns for both packages in question:

$ sudo apt show libstrongswan-extra-plugins
Package: libstrongswan-extra-plugins
Version: 5.9.5-2ubuntu2
Priority: optional
Section: universe/net
Source: strongswan
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: strongSwan Maintainers <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 864 kB
Depends: libstrongswan (= 5.9.5-2ubuntu2), libc6 (>= 2.34), libcurl4 (>= 7.16.2), libgcrypt20 (>= 1.9.0), libgpg-error0 (>= 1.14), libldap-2.5-0 (>= 2.5.4), libtss2-sys1 (>= 3.0.1)
Breaks: libcharon-extra-plugins (<= 5.5.3-1)
Replaces: libcharon-extra-plugins (<= 5.5.3-1)
Homepage: http://www.strongswan.org
Download-Size: 225 kB
APT-Sources: http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
Description: strongSwan utility and crypto library (extra plugins)
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides extra plugins for the strongSwan utility and
cryptographic library.
.
Included plugins are:
  - af-alg [linux] (AF_ALG Linux crypto API interface, provides
    ciphers/hashers/hmac/xcbc)
  - ccm (CCM cipher mode wrapper)
  - cmac (CMAC cipher mode wrapper)
  - ctr (CTR cipher mode wrapper)
  - curl (libcurl based HTTP/FTP fetcher)
  - curve25519 (support for Diffie-Hellman group 31 using Curve25519 and
    support for the Ed25519 digital signature algorithm for IKEv2)
  - gcrypt (Crypto backend based on libgcrypt, provides
    RSA/DH/ciphers/hashers/rng)
  - ldap (LDAP fetching plugin based on libldap)
  - ntru (key exchanged based on post-quantum computer NTRU)
  - padlock (VIA padlock crypto backend, provides AES128/SHA1)
  - pkcs11 (PKCS#11 smartcard backend)
  - rdrand (High quality / high performance random source using the Intel
    rdrand instruction found on Ivy Bridge processors)
  - test-vectors (Set of test vectors for various algorithms)
.
Also included is the libtpmtss library adding support for TPM plugin
(https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin)

$ sudo apt show libstrongswan
Package: libstrongswan
Version: 5.9.5-2ubuntu2.1
Priority: optional
Section: net
Source: strongswan
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: strongSwan Maintainers <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 1’500 kB
Depends: libc6 (>= 2.34), libcap2 (>= 1:2.10), libgmp10 (>= 2:6.2.1+dfsg), libsystemd0 (>= 227)
Recommends: libstrongswan-standard-plugins
Suggests: libstrongswan-extra-plugins
Homepage: http://www.strongswan.org
Download-Size: 394 kB
APT-Manual-Installed: yes
APT-Sources: http://archive.ubuntu....

@paride 
The failure did not go away with a apt update. 
The official packet repository also highlights the problem:

https://packages.ubuntu.com/jammy/libstrongswan-extra-plugins

says it depends on libstrongswan, but

https://packages.ubuntu.com/jammy/libstrongswan

says it installs 5.9.5-2ubuntu2.1. 
This is what my "apt show" command returns for both packages in question:

$ sudo apt show libstrongswan-extra-plugins
Package: libstrongswan-extra-plugins
Version: 5.9.5-2ubuntu2
Priority: optional
Section: universe/net
Source: strongswan
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 864 kB
Depends: libstrongswan (= 5.9.5-2ubuntu2), libc6 (>= 2.34), libcurl4 (>= 7.16.2), libgcrypt20 (>= 1.9.0), libgpg-error0 (>= 1.14), libldap-2.5-0 (>= 2.5.4), libtss2-sys1 (>= 3.0.1)
Breaks: libcharon-extra-plugins (<= 5.5.3-1)
Replaces: libcharon-extra-plugins (<= 5.5.3-1)
Homepage: http://www.strongswan.org
Download-Size: 225 kB
APT-Sources: http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
Description: strongSwan utility and crypto library (extra plugins)
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides extra plugins for the strongSwan utility and
 cryptographic library.
 .
 Included plugins are:
  - af-alg [linux] (AF_ALG Linux crypto API interface, provides
    ciphers/hashers/hmac/xcbc)
  - ccm (CCM cipher mode wrapper)
  - cmac (CMAC cipher mode wrapper)
  - ctr (CTR cipher mode wrapper)
  - curl (libcurl based HTTP/FTP fetcher)
  - curve25519 (support for Diffie-Hellman group 31 using Curve25519 and
    support for the Ed25519 digital signature algorithm for IKEv2)
  - gcrypt (Crypto backend based on libgcrypt, provides
    RSA/DH/ciphers/hashers/rng)
  - ldap (LDAP fetching plugin based on libldap)
  - ntru (key exchanged based on post-quantum computer NTRU)
  - padlock (VIA padlock crypto backend, provides AES128/SHA1)
  - pkcs11 (PKCS#11 smartcard backend)
  - rdrand (High quality / high performance random source using the Intel
    rdrand instruction found on Ivy Bridge processors)
  - test-vectors (Set of test vectors for various algorithms)
 .
 Also included is the libtpmtss library adding support for TPM plugin
 (https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin)

$ sudo apt show libstrongswan
Package: libstrongswan
Version: 5.9.5-2ubuntu2.1
Priority: optional
Section: net
Source: strongswan
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 1’500 kB
Depends: libc6 (>= 2.34), libcap2 (>= 1:2.10), libgmp10 (>= 2:6.2.1+dfsg), libsystemd0 (>= 227)
Recommends: libstrongswan-standard-plugins
Suggests: libstrongswan-extra-plugins
Homepage: http://www.strongswan.org
Download-Size: 394 kB
APT-Manual-Installed: yes
APT-Sources: http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
Description: strongSwan utility and crypto library
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides the underlying libraries of charon and other strongSwan
 components. It is built in a modular way and is extendable through various
 plugins.
 .
 Some default (as specified by the strongSwan projet) plugins are included.
 For libstrongswan (cryptographic backends, URI fetchers and database layers):
  - aes (AES-128/192/256 cipher software implementation)
  - constraints (X.509 certificate advanced constraint checking)
  - dnskey (Parse RFC 4034 public keys)
  - drbg (NIST SP-800-90A Deterministic Random Bit Generator)
  - fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms)
  - gmp (RSA/DH crypto backend based on libgmp)
  - hmac (HMAC wrapper using various hashers)
  - md5 (MD5 hasher software implementation)
  - mgf1 (Mask Generation Functions based on the SHA-1, SHA-256 and SHA-512)
  - nonce (Default nonce generation plugin)
  - pem (PEM encoding/decoding routines)
  - pgp (PGP encoding/decoding routines)
  - pkcs1 (PKCS#1 encoding/decoding routines)
  - pkcs8 (PKCS#8 decoding routines)
  - pkcs12 (PKCS#12 decoding routines)
  - pubkey (Wrapper to handle raw public keys as trusted certificates)
  - random (RNG reading from /dev/[u]random)
  - rc2 (RC2 cipher software implementation)
  - revocation (X.509 CRL/OCSP revocation checking)
  - sha1 (SHA1 hasher software implementation)
  - sha2 (SHA256/SHA384/SHA512 hasher software implementation)
  - sshkey (SSH key decoding routines)
  - x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs
    and OCSP messages)
  - xcbc (XCBC wrapper using various ciphers)
  - attr (Provides IKE attributes configured in strongswan.conf)
  - kernel-netlink [linux] (IPsec/Networking kernel interface using Linux
    Netlink)
  - kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY)
  - kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE)
  - resolve (Writes name servers received via IKE to a resolv.conf file or
    installs them via resolvconf(8))

N: There is 1 additional record. Please use the '-a' switch to see it

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-12-21:

[Expired for strongswan (Ubuntu) because there has been no activity for 60 days.]

Changed in strongswan (Ubuntu):
status:	Incomplete → Expired

Revision history for this message

Paride Legovini (paride) wrote on 2023-01-06:

Hi, if you are able to reproduce the issue from a clean Ubuntu system please unexpire the bug and comment back providing steps we can follow. LXD containers are very useful in these cases. Thanks!

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntustrongswan package

libstrongswan-extra-plugins dependency problem with libstrongswan

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
strongswan package