Re-fix permissions issues

Since make is present on certain systems (and has the better certificate
generation logic), we should Require: make and add the relevant chmod
statements to bootstrap after executing make.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
This commit is contained in:
Alexander Scheel 2020-08-04 10:22:02 -04:00
parent 1139a33473
commit 527b1c3a1d
No known key found for this signature in database
GPG Key ID: C0D6C737D0003143
2 changed files with 37 additions and 3 deletions

View File

@ -0,0 +1,29 @@
From ea164ceafa05f96079204a3f0ae379e46e64a455 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Tue, 4 Aug 2020 10:08:15 -0400
Subject: [PATCH] Fix permissions after generating certificates with make
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
raddb/certs/bootstrap | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
index 336a2bd..9920ecf 100755
--- a/raddb/certs/bootstrap
+++ b/raddb/certs/bootstrap
@@ -21,7 +21,10 @@ make -h > /dev/null 2>&1
#
if [ "$?" = "0" ]; then
make all
- exit $?
+ ret=$?
+ chown root:radiusd dh ca.* client.* server.*
+ chmod 640 dh ca.* client.* server.*
+ exit $ret
fi
#
--
2.26.2

View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
Version: 3.0.21
Release: 5%{?dist}
Release: 6%{?dist}
License: GPLv2+ and LGPLv2+
URL: http://www.freeradius.org/
@ -54,8 +54,9 @@ Requires: openssl >= %(rpm -q --queryformat '%%{EPOCH}:%%{VERSION}' openssl)
Requires(pre): shadow-utils glibc-common
Requires(post): systemd-sysv
Requires(post): systemd-units
# Needed for certificate generation
Requires(post): make
# Needed for certificate generation as upstream bootstrap script isn't
# compatible with Makefile equivalent.
Requires: make
Requires(preun): systemd-units
Requires(postun): systemd-units
@ -835,6 +836,10 @@ exit 0
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%changelog
* Tue Aug 04 2020 Alexander Scheel <ascheel@redhat.com> - 3.0.21-6
- Fix certificate permissions after make-based generation
Resolves: bz#1835249
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.21-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild