27984 – libreswan missing owned directory (/var/lib/ipsec/nss) in RPM SPEC file

Bug 27984 - libreswan missing owned directory (/var/lib/ipsec/nss) in RPM SPEC file

Summary: libreswan missing owned directory (/var/lib/ipsec/nss) in RPM SPEC file

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	Cauldron
Hardware:	x86_64 Linux

Priority:	Normal Severity: normal
Target Milestone:	Mageia 8
Assignee:	Stig-Ørjan Smelror
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-12-29 21:11 CET by Bill Randle
Modified:	2020-12-30 12:03 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	libreswan-4.1-1.mga8.src.rpm
CVE:
Status comment:	Packaging issue ?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bill Randle 2020-12-29 21:11:33 CET

Description of problem:
See log below.

Dec 29 11:51:11 neosoft systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Dec 29 11:51:11 neosoft systemd[1]: ipsec.service: Failed with result 'exit-code'.
Dec 29 11:51:11 neosoft systemd[1]: ipsec.service: Control process exited, code=exited, status=1/FAILURE
Dec 29 11:51:11 neosoft ipsec[39780]: ERROR: destination directory "/var/lib/ipsec/nss" is missing or permissi>
Dec 29 11:51:11 neosoft kernel: AVX or AES-NI instructions are not detected.
Dec 29 11:51:11 neosoft kernel: AVX or AES-NI instructions are not detected.
Dec 29 11:51:11 neosoft akonadi_sendlater_agent[1965]: "No such interface “org.freedesktop.DBus.Properties” on>
Dec 29 11:51:11 neosoft akonadi_sendlater_agent[1965]: "No such interface “org.freedesktop.DBus.Properties” on>
Dec 29 11:51:11 neosoft systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...


Version-Release number of selected component (if applicable):
libreswan-4.1-1.mga8

How reproducible:
Every time I attempt to connect.

Steps to Reproduce:
1. Create an l2tp/ipsec vpn (I used networkmanager to do this)
2. Attempt to start the connection
3.

I manually created the directory and got past that error.

See this Fedora bug report, which appears to be the same issue: https://bugzilla.redhat.com/show_bug.cgi?id=1889538

Comment 1 Aurelien Oudelet 2020-12-29 21:23:14 CET

Hi, thanks for reporting this bug.
Assigned to the package maintainer.

(Please set the status to 'assigned' if you are working on it)

Upstream comment in bugreport:
$ sudo ipsec initnss
ERROR: destination directory "/var/lib/ipsec/nss" is missing or permission denied



Version-Release number of selected component : libreswan-4.1-1

Additional info:

I suspect the libreswan-4.1-1 spec file might need to be modified to do the following in the %install section :

install -d -m 0700 %{_sharedstatedir}/ipsec/nss

and a corresponding entry added to the %files section.

Assignee: bugsquad => smelror
Version: 8 => Cauldron
Target Milestone: --- => Mageia 8
Summary: Directory /var/lib/ipsec/nss does not exist. => Directory /var/lib/ipsec/nss does not exist
Status comment: (none) => Packaging issue ?
CC: (none) => ouaurelien

Aurelien Oudelet 2020-12-29 21:28:14 CET

Summary: Directory /var/lib/ipsec/nss does not exist => libreswan missing owned directory (/var/lib/ipsec/nss) in RPM SP

Aurelien Oudelet 2020-12-29 21:28:24 CET

Summary: libreswan missing owned directory (/var/lib/ipsec/nss) in RPM SP => libreswan missing owned directory (/var/lib/ipsec/nss) in RPM SPEC file

Comment 2 David Walser 2020-12-30 12:03:37 CET

Should be fixed in libreswan-4.1-2.mga8.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.