Bug #2362: starter still documented as valid command for ipsec in 5.5.3 - strongSwan

Bug #2362

starter still documented as valid command for ipsec in 5.5.3

Added by Marcel Müller over 3 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tobias Brunner

Category:

documentation

Target version:

5.6.0

Start date:

Due date:

Estimated time:

Affected version:

5.5.2

Resolution:

Fixed

Description

Hello,

I've updated my 5.5.0 install to 5.5.3 and strongswan wouldn't start after the update. After further investigation I found that ipsec starter can't be called directly anymore (I had something like this in my startup script: $STARTER starter --auto-update 150 || return 2). But according to ipsec --help it is still a valid command:


root@strongSwan:~/strongswan-5.5.3# ipsec --version
Linux strongSwan U5.5.3/K4.8.0-0.bpo.2-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.

root@strongSwan:~/strongswan-5.5.3# ipsec --help
ipsec command [arguments]

Commands:
        start|restart [arguments]
        update|reload|stop
        up|down|route|unroute <connectionname>
        down-srcip <start> [<end>]
        status|statusall [<connectionname>]
        listalgs|listpubkeys|listcerts [--utc]
        listcacerts|listaacerts|listocspcerts [--utc]
        listacerts|listgroups|listcainfos [--utc]
        listcrls|listocsp|listplugins|listall [--utc]
        listcounters|resetcounters [name]
        leases [<poolname> [<address>]]
        rereadsecrets|rereadcacerts|rereadaacerts
        rereadocspcerts|rereadacerts|rereadcrls|rereadall
        purgecerts|purgecrls|purgeike|purgeocsp
        scepclient|pki
>>        starter|stroke
        version

Refer to the ipsec(8) man page for details.
Some commands have their own man pages, e.g. pki(1) or scepclient(8).

root@strongSwan:~/strongswan-5.5.3# ipsec starter
/usr/sbin/ipsec: unknown command `starter' (`ipsec --help' for list)

So I'm wondering is this a bug in ipsec or a documentation issue in ipsec --help?

Just in case anyone is searching for this, changing my startup script to $STARTER start --auto-update 150 || return 2 worked fine.

Best Regards,
Marcel

Associated revisions

Revision ee413671 (diff)
Added by Tobias Brunner over 3 years ago

ipsec: Remove `starter` as valid command in --help

`start` is basically the same thing.

Fixes #2362.

History

#1 Updated by Tobias Brunner over 3 years ago

Tracker changed from Issue to Bug
Subject changed from ipsec starter missing in 5.5.3 to starter still documented as valid command for ipsec in 5.5.3
Category set to documentation
Status changed from New to Feedback
Assignee set to Tobias Brunner
Target version set to 5.6.0
Affected version changed from 5.5.3 to 5.5.2
Resolution set to Fixed

So I'm wondering is this a bug in ipsec or a documentation issue in ipsec --help?

I'd argue the latter. As you noticed starter is redundant because start is basically the same (and usually used to start the daemon). starter also only worked before 5.5.2 because any "unknown" command was just combined with the path to the binaries and executed, which poses a security issue if ipsec can be run via sudo by regular users (see 2ec6372f5a).

#2 Updated by Tobias Brunner over 3 years ago

Status changed from Feedback to Closed

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

New issues