[Openswan dev] First pass README update
Harald Jenny
harald at a-little-linux-box.at
Sat Oct 16 09:07:27 EDT 2010
On Fri, Oct 15, 2010 at 09:28:02AM +0200, Thomas Geulig wrote:
> Am Donnerstag 14 Oktober 2010, 19:26:29 schrieb Paul Wouters:
> > On Thu, 14 Oct 2010, Harald Jenny wrote:
> > >> Yes it would be. The only two commands in perl are policy (for mast)
> > >> and verify. I'd prefer python for both of them. They could be done
> > >> with shell scripting, but in our experience, most embedded systems are
> > >> using fairly broken/limited awk/sed/sh versions and usually miss
> > >> auxiliary commands (dirname, id, etc) to work properly. So these
> > >> commands tend to not work on embedded systems anyway.
> > >
> > > Hmmmm but wouldn't this be desirable to improve openswan for such
> > > systems?
> >
> > embedded people often make the wrong decisions on limiting busybox
> > functionality.
>
> I try not to take this personally ;-)
;-)
>
> > We do have some workarounds for missing options to "test" and missing
> > dirname and some others. But modifying the awk stuff is harder. We're
> > working on facing it out, since most of it now happens via "ipsec addconn
> > --configsetup" but we're not there yet.
> >
> > The real fix for those systems is to use posix compliant, slightly larger
> > versions of regex,sed,awk etc. Space gained from not having "id" or
> > "dirname" is really meaningless.
>
> Busybox tries to be POSIX-compliant. "id" and "dirname" are available,
> and it's much easier to add these to an embedded system then Perl or
> Python.
I think what Paul means is not that they are not provided by busybox but
rather that not all embedded system designer compile that function in...
>
> If there are problems using these commands, they should be fixed (in
> Busybox).
To be honest I normally use busybox only when I broke my initrd or work with
OpenWRT but I think it does a fairly good job.
>
> Implementing Openswan commands in C would be another (good) option.
Hmmm I guess everybody agrees that it would be but who has the time to really
do it ;-) ?
>
> Thomas
Kind regards
Harald
More information about the Dev
mailing list