Fix certificate generation at build time
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
This commit is contained in:
parent
a9000f05d2
commit
765b2552b2
104
freeradius-no-buildtime-cert-gen.patch
Normal file
104
freeradius-no-buildtime-cert-gen.patch
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
From e6f7c9d4c2af1cda7760ca8155166bb5d4d541d0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexander Scheel <ascheel@redhat.com>
|
||||||
|
Date: Wed, 8 May 2019 12:58:02 -0400
|
||||||
|
Subject: [PATCH] Don't generate certificates in reproducible builds
|
||||||
|
|
||||||
|
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||||
|
---
|
||||||
|
Make.inc.in | 5 +++++
|
||||||
|
configure | 4 ++++
|
||||||
|
configure.ac | 3 +++
|
||||||
|
raddb/all.mk | 4 ++++
|
||||||
|
4 files changed, 16 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/Make.inc.in b/Make.inc.in
|
||||||
|
index 0b2cd74de8..8c623cf95c 100644
|
||||||
|
--- a/Make.inc.in
|
||||||
|
+++ b/Make.inc.in
|
||||||
|
@@ -173,3 +173,8 @@ else
|
||||||
|
TESTBINDIR = ./$(BUILD_DIR)/bin
|
||||||
|
TESTBIN = ./$(BUILD_DIR)/bin
|
||||||
|
endif
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# With reproducible builds, do not generate certificates during installation
|
||||||
|
+#
|
||||||
|
+ENABLE_REPRODUCIBLE_BUILDS = @ENABLE_REPRODUCIBLE_BUILDS@
|
||||||
|
diff --git a/configure b/configure
|
||||||
|
index c2c599c92b..3d4403a844 100755
|
||||||
|
--- a/configure
|
||||||
|
+++ b/configure
|
||||||
|
@@ -655,6 +655,7 @@ RUSERS
|
||||||
|
SNMPWALK
|
||||||
|
SNMPGET
|
||||||
|
PERL
|
||||||
|
+ENABLE_REPRODUCIBLE_BUILDS
|
||||||
|
openssl_version_check_config
|
||||||
|
WITH_DHCP
|
||||||
|
modconfdir
|
||||||
|
@@ -5586,6 +5587,7 @@ else
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
+ENABLE_REPRODUCIBLE_BUILDS=yes
|
||||||
|
# Check whether --enable-reproducible-builds was given.
|
||||||
|
if test "${enable_reproducible_builds+set}" = set; then :
|
||||||
|
enableval=$enable_reproducible_builds; case "$enableval" in
|
||||||
|
@@ -5597,6 +5599,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
reproducible_builds=no
|
||||||
|
+ ENABLE_REPRODUCIBLE_BUILDS=no
|
||||||
|
esac
|
||||||
|
|
||||||
|
fi
|
||||||
|
@@ -5604,6 +5607,7 @@ fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
+
|
||||||
|
CHECKRAD=checkrad
|
||||||
|
# Extract the first word of "perl", so it can be a program name with args.
|
||||||
|
set dummy perl; ac_word=$2
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index a7abf0025a..35b013f4af 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -619,6 +619,7 @@ AC_SUBST([openssl_version_check_config])
|
||||||
|
dnl #
|
||||||
|
dnl # extra argument: --enable-reproducible-builds
|
||||||
|
dnl #
|
||||||
|
+ENABLE_REPRODUCIBLE_BUILDS=yes
|
||||||
|
AC_ARG_ENABLE(reproducible-builds,
|
||||||
|
[AS_HELP_STRING([--enable-reproducible-builds],
|
||||||
|
[ensure the build does not change each time])],
|
||||||
|
@@ -630,8 +631,10 @@ AC_ARG_ENABLE(reproducible-builds,
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
reproducible_builds=no
|
||||||
|
+ ENABLE_REPRODUCIBLE_BUILDS=no
|
||||||
|
esac ]
|
||||||
|
)
|
||||||
|
+AC_SUBST(ENABLE_REPRODUCIBLE_BUILDS)
|
||||||
|
|
||||||
|
|
||||||
|
dnl #############################################################
|
||||||
|
diff --git a/raddb/all.mk b/raddb/all.mk
|
||||||
|
index c966edd657..c8e976a499 100644
|
||||||
|
--- a/raddb/all.mk
|
||||||
|
+++ b/raddb/all.mk
|
||||||
|
@@ -124,7 +124,11 @@ $(R)$(raddbdir)/users: $(R)$(modconfdir)/files/authorize
|
||||||
|
ifneq "$(LOCAL_CERT_PRODUCTS)" ""
|
||||||
|
$(LOCAL_CERT_PRODUCTS):
|
||||||
|
@echo BOOTSTRAP raddb/certs/
|
||||||
|
+ifeq "$(ENABLE_REPRODUCIBLE_BUILDS)" "yes"
|
||||||
|
+ @$(MAKE) -C $(R)$(raddbdir)/certs/ passwords.mk
|
||||||
|
+else
|
||||||
|
@$(MAKE) -C $(R)$(raddbdir)/certs/
|
||||||
|
+endif
|
||||||
|
|
||||||
|
# Bootstrap is special
|
||||||
|
$(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS)
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
@ -23,6 +23,7 @@ Source104: freeradius-tmpfiles.conf
|
|||||||
Patch1: freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch
|
Patch1: freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch
|
||||||
Patch2: freeradius-Use-system-crypto-policy-by-default.patch
|
Patch2: freeradius-Use-system-crypto-policy-by-default.patch
|
||||||
Patch3: freeradius-bootstrap-create-only.patch
|
Patch3: freeradius-bootstrap-create-only.patch
|
||||||
|
Patch4: freeradius-no-buildtime-cert-gen.patch
|
||||||
|
|
||||||
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||||
|
|
||||||
@ -192,6 +193,7 @@ This plugin provides the REST support for the FreeRADIUS server project.
|
|||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# Force compile/link options, extra security for network facing daemon
|
# Force compile/link options, extra security for network facing daemon
|
||||||
@ -199,6 +201,8 @@ This plugin provides the REST support for the FreeRADIUS server project.
|
|||||||
|
|
||||||
%configure \
|
%configure \
|
||||||
--libdir=%{_libdir}/freeradius \
|
--libdir=%{_libdir}/freeradius \
|
||||||
|
--enable-reproducible-builds \
|
||||||
|
--with-package \
|
||||||
--disable-openssl-version-check \
|
--disable-openssl-version-check \
|
||||||
--with-openssl \
|
--with-openssl \
|
||||||
--with-udpfromto \
|
--with-udpfromto \
|
||||||
@ -790,9 +794,11 @@ exit 0
|
|||||||
%changelog
|
%changelog
|
||||||
* Wed May 08 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.19-2
|
* Wed May 08 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.19-2
|
||||||
- Updated crypto-policies patch
|
- Updated crypto-policies patch
|
||||||
- Updated /etc/raddb/certs/bootstrap to only create certificates if missing
|
- Updated /etc/raddb/certs/bootstrap to only create certificates if missing: bz#1705165
|
||||||
- Updated logrotate definitions to run as radiusd:radiusd
|
- Updated logrotate definitions to run as radiusd:radiusd: bz#1705343
|
||||||
- Drop python2 package on Fedora 31+
|
- Drop python2 package on Fedora 31+
|
||||||
|
- Add database dependencies: bz#1658697
|
||||||
|
- Don't generate certificate during build
|
||||||
|
|
||||||
* Wed Apr 10 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.19-1
|
* Wed Apr 10 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.19-1
|
||||||
- Rebased to 3.0.19
|
- Rebased to 3.0.19
|
||||||
|
Loading…
Reference in New Issue
Block a user