[Openswan dev] First pass README update

Thomas Geulig geulig at nentec.de
Fri Oct 15 03:28:02 EDT 2010

Am Donnerstag 14 Oktober 2010, 19:26:29 schrieb Paul Wouters:
> On Thu, 14 Oct 2010, Harald Jenny wrote:
> >> Yes it would be. The only two commands in perl are policy (for mast)
> >> and verify. I'd prefer python for both of them. They could be done
> >> with shell scripting, but in our experience, most embedded systems are
> >> using fairly broken/limited awk/sed/sh versions and usually miss
> >> auxiliary commands (dirname, id, etc) to work properly. So these
> >> commands tend to not work on embedded systems anyway.
> >
> > Hmmmm but wouldn't this be desirable to improve openswan for such
> > systems?
> embedded people often make the wrong decisions on limiting busybox
> functionality.

I try not to take this personally ;-)

> We do have some workarounds for missing options to "test" and missing
> dirname and some others. But modifying the awk stuff is harder. We're
> working on facing it out, since most of it now happens via "ipsec addconn
> --configsetup" but we're not there yet.
> The real fix for those systems is to use posix compliant,  slightly larger
> versions of regex,sed,awk etc. Space gained from not having "id" or
> "dirname" is really meaningless.

Busybox tries to be POSIX-compliant. "id" and "dirname" are available,
and it's much easier to add these to an embedded system then Perl or

If there are problems using these commands, they should be fixed (in

Implementing Openswan commands in C would be another (good) option.


More information about the Dev mailing list