writing out ipsec.secrets through postinst again since apparmor blocks any type of hide/displace action

debian/wit-network-config.displace

@@ -1,6 +1,5 @@
 /etc/frr/frr.conf.wit
 /etc/ipsec.conf.wit
-/etc/ipsec.secrets.wit
 /etc/qemu-ifdown.wit
 /etc/qemu-ifup.wit
 /etc/default/lldpd.wit

debian/wit-network-config.install

@@ -18,4 +18,3 @@ templates/frr.conf.wit etc/frr
 templates/70-persistent-net.rules etc/udev/rules.d
 templates/interfaces /etc/network
 templates/ipsec.conf.wit etc
-templates/ipsec.secrets.wit etc

debian/wit-network-config.postinst

@@ -26,7 +26,7 @@ case "$1" in
         UDEVCONFIG="etc/udev/rules.d/70-persistent-net.rules"
         FRRCONFIG="etc/frr/frr.conf.wit"
         IPSECCONFIG="etc/ipsec.conf.wit"
-        IPSECSECRETS="etc/ipsec.secrets.wit"
+        IPSECSECRETS="etc/ipsec.secrets"
         SWANCTLCONFIG="etc/swanctl/conf.d/wit-swanctl.conf"
         SYSCTLTWEAKS="etc/sysctl.d/10-frr.conf"
         DOMAINNAME=$(hostname -d)
@@ -356,7 +356,7 @@ case "$1" in
 
 
       # set ipsec config
-        for IPSECCONFIGFILE in $IPSECCONFIG $SWANCTLCONFIG $IPSECSECRETS
+        for IPSECCONFIGFILE in $IPSECCONFIG $SWANCTLCONFIG
 	  do
             sed -i \
                 -e "s/FQHOSTNAME/${HOSTNAME}/" \
@@ -367,6 +367,11 @@ case "$1" in
                 $IPSECCONFIGFILE
         done
 
+	cat <<-EOF >$IPSECSECRETS
+		# dynamic file, content is overwritten by wit-network-config. I'm sorry but divertion is not working due to apparmor blocking it to this place and didn't wanna deal with that
+		: RSA ${HOSTNAME}.key
+	EOF
+
     ## END config file section
 
 

templates/ipsec.secrets.wit

@@ -1,2 +0,0 @@
-# this file is dynamic and managed by wit-network-config, any changes will be lost
-: RSA FQHOSTNAME.key