blob: db3ea4b843d2e17b2f7d51d3f32ffd8e0a2270ee (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From f7a8e2c049c2c3e2bfcb801d7b65214c0a5bad77 Mon Sep 17 00:00:00 2001
From: Yoann Congal <yoann.congal@smile.fr>
Date: Tue, 15 Apr 2025 17:27:20 +0200
Subject: [PATCH] libreswan: Allow skipping test_config for old ipsec
In some case, /usr/sbin/ipsec does not handle the readwriteconf command.
e.g. on Debian 12 with strongswan installed.
As with the other OLD_* variables, add an OLD_LIBRESWAN environment
variable to skip configuration testing on those systems.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Upstream-Status: Backport [https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/237]
---
python/policygenerators/libreswan.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/python/policygenerators/libreswan.py b/python/policygenerators/libreswan.py
index a2b02f5..d81ec0c 100644
--- a/python/policygenerators/libreswan.py
+++ b/python/policygenerators/libreswan.py
@@ -227,6 +227,8 @@ class LibreswanGenerator(ConfigGenerator):
@classmethod
def test_config(cls, config):
+ if os.getenv('OLD_LIBRESWAN') == '1':
+ return True
if not os.access('/usr/sbin/ipsec', os.X_OK):
return True
|
