From f7a8e2c049c2c3e2bfcb801d7b65214c0a5bad77 Mon Sep 17 00:00:00 2001
From: Yoann Congal <yoann.congal@smile.fr>
Date: Tue, 15 Apr 2025 17:27:20 +0200
Subject: [PATCH] libreswan: Allow skipping test_config for old ipsec

In some case, /usr/sbin/ipsec does not handle the readwriteconf command.
e.g. on Debian 12 with strongswan installed.
As with the other OLD_* variables, add an OLD_LIBRESWAN environment
variable to skip configuration testing on those systems.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Upstream-Status: Backport [https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/237]
---
 python/policygenerators/libreswan.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/python/policygenerators/libreswan.py b/python/policygenerators/libreswan.py
index a2b02f5..d81ec0c 100644
--- a/python/policygenerators/libreswan.py
+++ b/python/policygenerators/libreswan.py
@@ -227,6 +227,8 @@ class LibreswanGenerator(ConfigGenerator):
 
     @classmethod
     def test_config(cls, config):
+        if os.getenv('OLD_LIBRESWAN') == '1':
+            return True
         if not os.access('/usr/sbin/ipsec', os.X_OK):
             return True