From: Petr Menšík Date: Sun, 15 Jan 2023 15:55:45 +0000 (+0100) Subject: man: Use configured path for config files in man pages X-Git-Tag: android-2.4.0~8^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee046552bb1f3c98d89837d58f7da7d83c8fbb82;p=thirdparty%2Fstrongswan.git man: Use configured path for config files in man pages --- diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index ced12680f0..4e256538ee 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -690,7 +690,7 @@ but for the second authentication round (IKEv2 only). .BR leftcert " = " the path to the left participant's X.509 certificate. The file can be encoded either in PEM or DER format. OpenPGP certificates are supported as well. -Both absolute paths or paths relative to \fI/etc/ipsec.d/certs\fP +Both absolute paths or paths relative to \fI@sysconfdir@/ipsec.d/certs\fP are accepted. By default .B leftcert sets @@ -871,7 +871,7 @@ prefix in front of 0x or 0s, the public key is expected to be in either the RFC 3110 (not the full RR, only RSA key part) or RFC 4253 public key format, respectively. Also accepted is the path to a file containing the public key in PEM, DER or SSH -encoding. Both absolute paths or paths relative to \fI/etc/ipsec.d/certs\fP +encoding. Both absolute paths or paths relative to \fI@sysconfdir@/ipsec.d/certs\fP are accepted. .TP .BR leftsendcert " = never | no | " ifasked " | always | yes" @@ -1219,7 +1219,7 @@ of this connection will be used as peer ID. .SH "CA SECTIONS" These are optional sections that can be used to assign special parameters to a Certification Authority (CA). Because the daemons -automatically import CA certificates from \fI/etc/ipsec.d/cacerts\fP, +automatically import CA certificates from \fI@sysconfdir@/ipsec.d/cacerts\fP, there is no need to explicitly add them with a CA section, unless you want to assign special parameters (like a CRL) to a CA. .TP @@ -1235,7 +1235,7 @@ currently can have either the value .TP .BR cacert " = " defines a path to the CA certificate either relative to -\fI/etc/ipsec.d/cacerts\fP or as an absolute path. +\fI@sysconfdir@/ipsec.d/cacerts\fP or as an absolute path. .br A value in the form .B %smartcard[[@]]: @@ -1284,7 +1284,7 @@ section are: .BR cachecrls " = yes | " no if enabled, certificate revocation lists (CRLs) fetched via HTTP or LDAP will be cached in -.I /etc/ipsec.d/crls/ +.I @sysconfdir@/ipsec.d/crls/ under a unique file name derived from the certification authority's public key. .TP .BR charondebug " = " @@ -1463,12 +1463,12 @@ time equals zero and, thus, rekeying gets disabled. .SH FILES .nf -/etc/ipsec.conf -/etc/ipsec.d/aacerts -/etc/ipsec.d/acerts -/etc/ipsec.d/cacerts -/etc/ipsec.d/certs -/etc/ipsec.d/crls +@sysconfdir@/ipsec.conf +@sysconfdir@/ipsec.d/aacerts +@sysconfdir@/ipsec.d/acerts +@sysconfdir@/ipsec.d/cacerts +@sysconfdir@/ipsec.d/certs +@sysconfdir@/ipsec.d/crls .SH SEE ALSO strongswan.conf(5), ipsec.secrets(5), ipsec(8) diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in index 15e36faff3..c54e1a18b9 100644 --- a/man/ipsec.secrets.5.in +++ b/man/ipsec.secrets.5.in @@ -15,7 +15,7 @@ Here is an example. .LP .RS .nf -# /etc/ipsec.secrets - strongSwan IPsec secrets file +# @sysconfdir@/ipsec.secrets - strongSwan IPsec secrets file 192.168.0.1 %any : PSK "v+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL" : RSA moonKey.pem @@ -140,7 +140,7 @@ is interpreted as Base64 encoded binary data. .TQ .B : ECDSA [ | %prompt ] For the private key file both absolute paths or paths relative to -\fI/etc/ipsec.d/private\fP are accepted. If the private key file is +\fI@sysconfdir@/ipsec.d/private\fP are accepted. If the private key file is encrypted, the \fIpassphrase\fP must be defined. Instead of a passphrase .B %prompt can be used which then causes the daemon to ask the user for the password @@ -148,7 +148,7 @@ whenever it is required to decrypt the key. .TP .B : P12 [ | %prompt ] For the PKCS#12 file both absolute paths or paths relative to -\fI/etc/ipsec.d/private\fP are accepted. If the container is +\fI@sysconfdir@/ipsec.d/private\fP are accepted. If the container is encrypted, the \fIpassphrase\fP must be defined. Instead of a passphrase .B %prompt can be used which then causes the daemon to ask the user for the password @@ -182,7 +182,7 @@ can be specified, which causes the daemon to ask the user for the pin code. .LP .SH FILES -/etc/ipsec.secrets +@sysconfdir@/ipsec.secrets .SH SEE ALSO ipsec.conf(5), strongswan.conf(5), ipsec(8) .br