[Bug 1755693] [NEW] strongswan-starter should conflict with openswan due to shared file /usr/sbin/ipsec

Launchpad Bug Tracker 1755693 at bugs.launchpad.net
Wed Mar 14 07:03:54 UTC 2018 

You have been subscribed to a public bug by Trent Lloyd (lathiat):

strongswan-starter and openswan both share the file /usr/sbin/ipsec
however there is no Conflicts relationship

openswan was deprecated in utopic, so trusty installations may wish to
migrate to strongswan ahead of a xenial upgrade.  In that case, the
package upgrade can fail.

This was previously fixed upstream in Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740808

For apt operation ordering reasons I don't understand, the issue only
appears when something else on the system (such as neutron-vpn-agent)
depends on (strongswan | openswan).  Just installing strongswan and
replacing it with openswan or vica-versa doesn't cause the issue to
trigger.

The Conflicts already exists in xenial through bionic, just not in
trusty.  So the upload would only be required in trusty.

[Impact]

 * Users are unable to replace openswan with strongswan on trusty systems, where the next major Ubuntu release (xenial) dropped support for openswan completely but strongswan exists on both
 * Only users on trusty are affected, once upgraded to xenial this change is already in place

[Test Case]

On a trusty machine (e.g. lxd)

add-apt-repository cloud-archive:mitaka # the trusty version of neutron-vpn-agent does not have the dependency on openswan causing the bug to trigger
apt update
apt install neutron-vpn-agent openswan # you can answer no to X509 generation
apt install strongswan

[Regression Potential]

 * I don't believe the conflicts introduces a new issue in terms of a
conflict that didn't previously exist, since the packages contain a
conflicting file and strongswan-starter depends on strongswan-ike which
already has a Conflicts in place.  So in terms of the dependency tree
they already conflicted, but did not prevent this temporary file
conflict.

 * Other regression potential would be package rebuild related -- this
package has had security uploads as recently as August 2017 so that risk
appears reduced

[Other Info]
 
 * Same change is already in place from xenial onwards, so no SRU uploads other than trusty are required

** Affects: strongswan (Ubuntu)
     Importance: Undecided
         Status: Confirmed


** Tags: sts
-- 
strongswan-starter should conflict with openswan due to shared file /usr/sbin/ipsec
https://bugs.launchpad.net/bugs/1755693
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list