Bug #2362
starter still documented as valid command for ipsec in 5.5.3
Description
Hello,
I've updated my 5.5.0 install to 5.5.3 and strongswan wouldn't start after the update. After further investigation I found that ipsec starter
can't be called directly anymore (I had something like this in my startup script: $STARTER starter --auto-update 150 || return 2
). But according to ipsec --help
it is still a valid command:
root@strongSwan:~/strongswan-5.5.3# ipsec --version Linux strongSwan U5.5.3/K4.8.0-0.bpo.2-amd64 Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil, Switzerland See 'ipsec --copyright' for copyright information. root@strongSwan:~/strongswan-5.5.3# ipsec --help ipsec command [arguments] Commands: start|restart [arguments] update|reload|stop up|down|route|unroute <connectionname> down-srcip <start> [<end>] status|statusall [<connectionname>] listalgs|listpubkeys|listcerts [--utc] listcacerts|listaacerts|listocspcerts [--utc] listacerts|listgroups|listcainfos [--utc] listcrls|listocsp|listplugins|listall [--utc] listcounters|resetcounters [name] leases [<poolname> [<address>]] rereadsecrets|rereadcacerts|rereadaacerts rereadocspcerts|rereadacerts|rereadcrls|rereadall purgecerts|purgecrls|purgeike|purgeocsp scepclient|pki >> starter|stroke version Refer to the ipsec(8) man page for details. Some commands have their own man pages, e.g. pki(1) or scepclient(8). root@strongSwan:~/strongswan-5.5.3# ipsec starter /usr/sbin/ipsec: unknown command `starter' (`ipsec --help' for list)
So I'm wondering is this a bug in ipsec
or a documentation issue in ipsec --help
?
Just in case anyone is searching for this, changing my startup script to $STARTER start --auto-update 150 || return 2
worked fine.
Best Regards,
Marcel
Associated revisions
History
#1 Updated by Tobias Brunner over 3 years ago
- Tracker changed from Issue to Bug
- Subject changed from ipsec starter missing in 5.5.3 to starter still documented as valid command for ipsec in 5.5.3
- Category set to documentation
- Status changed from New to Feedback
- Assignee set to Tobias Brunner
- Target version set to 5.6.0
- Affected version changed from 5.5.3 to 5.5.2
- Resolution set to Fixed
So I'm wondering is this a bug in
ipsec
or a documentation issue inipsec --help
?
I'd argue the latter. As you noticed starter
is redundant because start
is basically the same (and usually used to start the daemon). starter
also only worked before 5.5.2 because any "unknown" command was just combined with the path to the binaries and executed, which poses a security issue if ipsec
can be run via sudo by regular users (see 2ec6372f5a).
#2 Updated by Tobias Brunner over 3 years ago
- Status changed from Feedback to Closed
ipsec: Remove `starter` as valid command in --help
`start` is basically the same thing.
Fixes #2362.