Fix certificate generation at build time
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
This commit is contained in:
Alexander Scheel
parent
a9000f05d2
commit
765b2552b2
104
freeradius-no-buildtime-cert-gen.patch
Normal file
104
freeradius-no-buildtime-cert-gen.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From e6f7c9d4c2af1cda7760ca8155166bb5d4d541d0 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Wed, 8 May 2019 12:58:02 -0400
|
||||
Subject: [PATCH] Don't generate certificates in reproducible builds
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
Make.inc.in | 5 +++++
|
||||
configure | 4 ++++
|
||||
configure.ac | 3 +++
|
||||
raddb/all.mk | 4 ++++
|
||||
4 files changed, 16 insertions(+)
|
||||
|
||||
diff --git a/Make.inc.in b/Make.inc.in
|
||||
index 0b2cd74de8..8c623cf95c 100644
|
||||
--- a/Make.inc.in
|
||||
+++ b/Make.inc.in
|
||||
@@ -173,3 +173,8 @@ else
|
||||
TESTBINDIR = ./$(BUILD_DIR)/bin
|
||||
TESTBIN = ./$(BUILD_DIR)/bin
|
||||
endif
|
||||
+
|
||||
+#
|
||||
+# With reproducible builds, do not generate certificates during installation
|
||||
+#
|
||||
+ENABLE_REPRODUCIBLE_BUILDS = @ENABLE_REPRODUCIBLE_BUILDS@
|
||||
diff --git a/configure b/configure
|
||||
index c2c599c92b..3d4403a844 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -655,6 +655,7 @@ RUSERS
|
||||
SNMPWALK
|
||||
SNMPGET
|
||||
PERL
|
||||
+ENABLE_REPRODUCIBLE_BUILDS
|
||||
openssl_version_check_config
|
||||
WITH_DHCP
|
||||
modconfdir
|
||||
@@ -5586,6 +5587,7 @@ else
|
||||
fi
|
||||
|
||||
|
||||
+ENABLE_REPRODUCIBLE_BUILDS=yes
|
||||
# Check whether --enable-reproducible-builds was given.
|
||||
if test "${enable_reproducible_builds+set}" = set; then :
|
||||
enableval=$enable_reproducible_builds; case "$enableval" in
|
||||
@@ -5597,6 +5599,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h
|
||||
;;
|
||||
*)
|
||||
reproducible_builds=no
|
||||
+ ENABLE_REPRODUCIBLE_BUILDS=no
|
||||
esac
|
||||
|
||||
fi
|
||||
@@ -5604,6 +5607,7 @@ fi
|
||||
|
||||
|
||||
|
||||
+
|
||||
CHECKRAD=checkrad
|
||||
# Extract the first word of "perl", so it can be a program name with args.
|
||||
set dummy perl; ac_word=$2
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index a7abf0025a..35b013f4af 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -619,6 +619,7 @@ AC_SUBST([openssl_version_check_config])
|
||||
dnl #
|
||||
dnl # extra argument: --enable-reproducible-builds
|
||||
dnl #
|
||||
+ENABLE_REPRODUCIBLE_BUILDS=yes
|
||||
AC_ARG_ENABLE(reproducible-builds,
|
||||
[AS_HELP_STRING([--enable-reproducible-builds],
|
||||
[ensure the build does not change each time])],
|
||||
@@ -630,8 +631,10 @@ AC_ARG_ENABLE(reproducible-builds,
|
||||
;;
|
||||
*)
|
||||
reproducible_builds=no
|
||||
+ ENABLE_REPRODUCIBLE_BUILDS=no
|
||||
esac ]
|
||||
)
|
||||
+AC_SUBST(ENABLE_REPRODUCIBLE_BUILDS)
|
||||
|
||||
|
||||
dnl #############################################################
|
||||
diff --git a/raddb/all.mk b/raddb/all.mk
|
||||
index c966edd657..c8e976a499 100644
|
||||
--- a/raddb/all.mk
|
||||
+++ b/raddb/all.mk
|
||||
@@ -124,7 +124,11 @@ $(R)$(raddbdir)/users: $(R)$(modconfdir)/files/authorize
|
||||
ifneq "$(LOCAL_CERT_PRODUCTS)" ""
|
||||
$(LOCAL_CERT_PRODUCTS):
|
||||
@echo BOOTSTRAP raddb/certs/
|
||||
+ifeq "$(ENABLE_REPRODUCIBLE_BUILDS)" "yes"
|
||||
+ @$(MAKE) -C $(R)$(raddbdir)/certs/ passwords.mk
|
||||
+else
|
||||
@$(MAKE) -C $(R)$(raddbdir)/certs/
|
||||
+endif
|
||||
|
||||
# Bootstrap is special
|
||||
$(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS)
|
||||
--
|
||||
2.21.0
|
||||
|
||||
@ -23,6 +23,7 @@ Source104: freeradius-tmpfiles.conf
|
||||
Patch1: freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch
|
||||
Patch2: freeradius-Use-system-crypto-policy-by-default.patch
|
||||
Patch3: freeradius-bootstrap-create-only.patch
|
||||
Patch4: freeradius-no-buildtime-cert-gen.patch
|
||||
|
||||
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||
|
||||
@ -192,6 +193,7 @@ This plugin provides the REST support for the FreeRADIUS server project.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
# Force compile/link options, extra security for network facing daemon
|
||||
@ -199,6 +201,8 @@ This plugin provides the REST support for the FreeRADIUS server project.
|
||||
|
||||
%configure \
|
||||
--libdir=%{_libdir}/freeradius \
|
||||
--enable-reproducible-builds \
|
||||
--with-package \
|
||||
--disable-openssl-version-check \
|
||||
--with-openssl \
|
||||
--with-udpfromto \
|
||||
@ -790,9 +794,11 @@ exit 0
|
||||
%changelog
|
||||
* Wed May 08 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.19-2
|
||||
- Updated crypto-policies patch
|
||||
- Updated /etc/raddb/certs/bootstrap to only create certificates if missing
|
||||
- Updated logrotate definitions to run as radiusd:radiusd
|
||||
- Updated /etc/raddb/certs/bootstrap to only create certificates if missing: bz#1705165
|
||||
- Updated logrotate definitions to run as radiusd:radiusd: bz#1705343
|
||||
- Drop python2 package on Fedora 31+
|
||||
- Add database dependencies: bz#1658697
|
||||
- Don't generate certificate during build
|
||||
|
||||
* Wed Apr 10 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.19-1
|
||||
- Rebased to 3.0.19
|
||||
|
||||
Loading…
Reference in New Issue
Block a user