import freeradius-3.0.21-26.el9
This commit is contained in:
commit
d40d999666
1
.freeradius.metadata
Normal file
1
.freeradius.metadata
Normal file
@ -0,0 +1 @@
|
||||
3d90d63bf1452794cf9d0b04147745a254872c3f SOURCES/freeradius-server-3.0.21.tar.bz2
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
SOURCES/freeradius-server-3.0.21.tar.bz2
|
@ -0,0 +1,60 @@
|
||||
From 958f470cda2ba8943f02f13d1b46f357f92d9639 Mon Sep 17 00:00:00 2001
|
||||
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
||||
Date: Mon, 8 Sep 2014 12:32:13 +0300
|
||||
Subject: [PATCH] Adjust configuration to fit Red Hat specifics
|
||||
|
||||
---
|
||||
raddb/mods-available/eap | 4 ++--
|
||||
raddb/radiusd.conf.in | 7 +++----
|
||||
2 files changed, 5 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
|
||||
index 2621e183c..94494b2c6 100644
|
||||
--- a/raddb/mods-available/eap
|
||||
+++ b/raddb/mods-available/eap
|
||||
@@ -533,7 +533,7 @@
|
||||
# You should also delete all of the files
|
||||
# in the directory when the server starts.
|
||||
#
|
||||
- # tmpdir = /tmp/radiusd
|
||||
+ # tmpdir = /var/run/radiusd/tmp
|
||||
|
||||
# The command used to verify the client cert.
|
||||
# We recommend using the OpenSSL command-line
|
||||
@@ -548,7 +548,7 @@
|
||||
# deleted by the server when the command
|
||||
# returns.
|
||||
#
|
||||
- # client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
|
||||
+ # client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
|
||||
}
|
||||
|
||||
# OCSP Configuration
|
||||
diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
|
||||
index a83c1f687..e500cf97b 100644
|
||||
--- a/raddb/radiusd.conf.in
|
||||
+++ b/raddb/radiusd.conf.in
|
||||
@@ -70,8 +70,7 @@ certdir = ${confdir}/certs
|
||||
cadir = ${confdir}/certs
|
||||
run_dir = ${localstatedir}/run/${name}
|
||||
|
||||
-# Should likely be ${localstatedir}/lib/radiusd
|
||||
-db_dir = ${raddbdir}
|
||||
+db_dir = ${localstatedir}/lib/radiusd
|
||||
|
||||
#
|
||||
# libdir: Where to find the rlm_* modules.
|
||||
@@ -398,8 +397,8 @@ security {
|
||||
# member. This can allow for some finer-grained access
|
||||
# controls.
|
||||
#
|
||||
-# user = radius
|
||||
-# group = radius
|
||||
+ user = radiusd
|
||||
+ group = radiusd
|
||||
|
||||
# Core dumps are a bad thing. This should only be set to
|
||||
# 'yes' if you're debugging a problem with the server.
|
||||
--
|
||||
2.13.2
|
||||
|
10880
SOURCES/freeradius-Backport-OpenSSL3-fixes.patch
Normal file
10880
SOURCES/freeradius-Backport-OpenSSL3-fixes.patch
Normal file
File diff suppressed because it is too large
Load Diff
32
SOURCES/freeradius-Fix-resource-hard-limit-error.patch
Normal file
32
SOURCES/freeradius-Fix-resource-hard-limit-error.patch
Normal file
@ -0,0 +1,32 @@
|
||||
commit 1ce4508c92493cf03ea1b3c42e83540b387884fa
|
||||
Author: Antonio Torres <antorres@redhat.com>
|
||||
Date: Fri Jul 2 07:12:48 2021 -0400
|
||||
Subject: [PATCH] debug: don't set resource hard limit to zero
|
||||
|
||||
Setting the resource hard limit to zero is irreversible, meaning if it
|
||||
is set to zero then there is no way to set it higher. This means
|
||||
enabling core dump is not possible, since setting a new resource limit
|
||||
for RLIMIT_CORE would fail. By only setting the soft limit to zero, we
|
||||
can disable and enable core dumps without failures.
|
||||
|
||||
This fix is present in both main and 3.0.x upstream branches.
|
||||
|
||||
Ticket in RHEL Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1977572
|
||||
Signed-off-by: Antonio Torres antorres@redhat.com
|
||||
---
|
||||
src/lib/debug.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib/debug.c b/src/lib/debug.c
|
||||
index 576bcb2a65..6330c9cb66 100644
|
||||
--- a/src/lib/debug.c
|
||||
+++ b/src/lib/debug.c
|
||||
@@ -599,7 +599,7 @@ int fr_set_dumpable(bool allow_core_dumps)
|
||||
struct rlimit no_core;
|
||||
|
||||
no_core.rlim_cur = 0;
|
||||
- no_core.rlim_max = 0;
|
||||
+ no_core.rlim_max = core_limits.rlim_max;
|
||||
|
||||
if (setrlimit(RLIMIT_CORE, &no_core) < 0) {
|
||||
fr_strerror_printf("Failed disabling core dumps: %s", fr_syserror(errno));
|
86
SOURCES/freeradius-Use-system-crypto-policy-by-default.patch
Normal file
86
SOURCES/freeradius-Use-system-crypto-policy-by-default.patch
Normal file
@ -0,0 +1,86 @@
|
||||
From a7ed62fbcc043a9ec7a4f09962a2cd2acffa019b Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Wed, 8 May 2019 10:16:31 -0400
|
||||
Subject: [PATCH] Use system-provided crypto-policies by default
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
raddb/mods-available/eap | 4 ++--
|
||||
raddb/mods-available/inner-eap | 2 +-
|
||||
raddb/sites-available/abfab-tls | 2 +-
|
||||
raddb/sites-available/tls | 4 ++--
|
||||
4 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
|
||||
index 36849e10f2..b28c0f19c6 100644
|
||||
--- a/raddb/mods-available/eap
|
||||
+++ b/raddb/mods-available/eap
|
||||
@@ -368,7 +368,7 @@ eap {
|
||||
#
|
||||
# For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2"
|
||||
#
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
|
||||
# If enabled, OpenSSL will use server cipher list
|
||||
# (possibly defined by cipher_list option above)
|
||||
@@ -912,7 +912,7 @@ eap {
|
||||
# Note - for OpenSSL 1.1.0 and above you may need
|
||||
# to add ":@SECLEVEL=0"
|
||||
#
|
||||
- # cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2"
|
||||
+ # cipher_list = "PROFILE=SYSTEM"
|
||||
|
||||
# PAC lifetime in seconds (default: seven days)
|
||||
#
|
||||
diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap
|
||||
index 576eb7739e..ffa07188e2 100644
|
||||
--- a/raddb/mods-available/inner-eap
|
||||
+++ b/raddb/mods-available/inner-eap
|
||||
@@ -77,7 +77,7 @@ eap inner-eap {
|
||||
# certificates. If so, edit this file.
|
||||
ca_file = ${cadir}/ca.pem
|
||||
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
|
||||
# You may want to set a very small fragment size.
|
||||
# The TLS data here needs to go inside of the
|
||||
diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls
|
||||
index 92f1d6330e..cd69b3905a 100644
|
||||
--- a/raddb/sites-available/abfab-tls
|
||||
+++ b/raddb/sites-available/abfab-tls
|
||||
@@ -19,7 +19,7 @@ listen {
|
||||
dh_file = ${certdir}/dh
|
||||
fragment_size = 8192
|
||||
ca_path = ${cadir}
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
|
||||
cache {
|
||||
enable = no
|
||||
diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
|
||||
index bbc761b1c5..83cd35b851 100644
|
||||
--- a/raddb/sites-available/tls
|
||||
+++ b/raddb/sites-available/tls
|
||||
@@ -215,7 +215,7 @@ listen {
|
||||
# Set this option to specify the allowed
|
||||
# TLS cipher suites. The format is listed
|
||||
# in "man 1 ciphers".
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
|
||||
# If enabled, OpenSSL will use server cipher list
|
||||
# (possibly defined by cipher_list option above)
|
||||
@@ -517,7 +517,7 @@ home_server tls {
|
||||
# Set this option to specify the allowed
|
||||
# TLS cipher suites. The format is listed
|
||||
# in "man 1 ciphers".
|
||||
- cipher_list = "DEFAULT"
|
||||
+ cipher_list = "PROFILE=SYSTEM"
|
||||
}
|
||||
|
||||
}
|
||||
--
|
||||
2.21.0
|
||||
|
89
SOURCES/freeradius-bootstrap-create-only.patch
Normal file
89
SOURCES/freeradius-bootstrap-create-only.patch
Normal file
@ -0,0 +1,89 @@
|
||||
From acaf4be8e301a01041acba189194d9502994611d Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Wed, 13 May 2020 10:01:47 -0400
|
||||
Subject: [PATCH] Don't clobber existing files on bootstrap
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
raddb/certs/bootstrap | 31 +++++++++++++++----------------
|
||||
1 file changed, 15 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
|
||||
index ede09bc..e555491 100755
|
||||
--- a/raddb/certs/bootstrap
|
||||
+++ b/raddb/certs/bootstrap
|
||||
@@ -20,56 +20,55 @@ cd `dirname $0`
|
||||
# Don't edit the following text. Instead, edit the Makefile, and
|
||||
# re-generate these commands.
|
||||
#
|
||||
-if [ ! -f dh ]; then
|
||||
+if [ ! -e dh ]; then
|
||||
openssl dhparam -out dh 2048 || exit 1
|
||||
- if [ -e /dev/urandom ] ; then
|
||||
- ln -sf /dev/urandom random
|
||||
- else
|
||||
- date > ./random;
|
||||
- fi
|
||||
+ ln -sf /dev/urandom random
|
||||
fi
|
||||
|
||||
-if [ ! -f server.key ]; then
|
||||
+if [ ! -e server.key ]; then
|
||||
openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1
|
||||
chmod g+r server.key
|
||||
fi
|
||||
|
||||
-if [ ! -f ca.key ]; then
|
||||
+if [ ! -e ca.key ]; then
|
||||
openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
|
||||
fi
|
||||
|
||||
-if [ ! -f index.txt ]; then
|
||||
+if [ ! -e index.txt ]; then
|
||||
touch index.txt
|
||||
fi
|
||||
|
||||
-if [ ! -f serial ]; then
|
||||
+if [ ! -e serial ]; then
|
||||
echo '01' > serial
|
||||
fi
|
||||
|
||||
-if [ ! -f server.crt ]; then
|
||||
+if [ ! -e server.crt ]; then
|
||||
openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1
|
||||
fi
|
||||
|
||||
-if [ ! -f server.p12 ]; then
|
||||
+if [ ! -e server.p12 ]; then
|
||||
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
|
||||
chmod g+r server.p12
|
||||
fi
|
||||
|
||||
-if [ ! -f server.pem ]; then
|
||||
+if [ ! -e server.pem ]; then
|
||||
openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
|
||||
openssl verify -CAfile ca.pem server.pem || exit 1
|
||||
chmod g+r server.pem
|
||||
fi
|
||||
|
||||
-if [ ! -f ca.der ]; then
|
||||
+if [ ! -e ca.der ]; then
|
||||
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1
|
||||
fi
|
||||
|
||||
-if [ ! -f client.key ]; then
|
||||
+if [ ! -e client.key ]; then
|
||||
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
|
||||
chmod g+r client.key
|
||||
fi
|
||||
|
||||
-if [ ! -f client.crt ]; then
|
||||
+if [ ! -e client.crt ]; then
|
||||
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
|
||||
fi
|
||||
+
|
||||
+chown root:radiusd dh ca.* client.* server.*
|
||||
+chmod 640 dh ca.* client.* server.*
|
||||
--
|
||||
2.26.2
|
||||
|
29
SOURCES/freeradius-bootstrap-make-permissions.patch
Normal file
29
SOURCES/freeradius-bootstrap-make-permissions.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From ea164ceafa05f96079204a3f0ae379e46e64a455 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Tue, 4 Aug 2020 10:08:15 -0400
|
||||
Subject: [PATCH] Fix permissions after generating certificates with make
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
raddb/certs/bootstrap | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
|
||||
index 336a2bd..9920ecf 100755
|
||||
--- a/raddb/certs/bootstrap
|
||||
+++ b/raddb/certs/bootstrap
|
||||
@@ -21,7 +21,10 @@ make -h > /dev/null 2>&1
|
||||
#
|
||||
if [ "$?" = "0" ]; then
|
||||
make all
|
||||
- exit $?
|
||||
+ ret=$?
|
||||
+ chown root:radiusd dh ca.* client.* server.*
|
||||
+ chmod 640 dh ca.* client.* server.*
|
||||
+ exit $ret
|
||||
fi
|
||||
|
||||
#
|
||||
--
|
||||
2.26.2
|
||||
|
31
SOURCES/freeradius-ldap-infinite-timeout-on-starttls.patch
Normal file
31
SOURCES/freeradius-ldap-infinite-timeout-on-starttls.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From: Antonio Torres <antorres@redhat.com>
|
||||
Date: Fri, 28 Jan 2022
|
||||
Subject: Use infinite timeout when using LDAP+start-TLS
|
||||
|
||||
This will ensure that the TLS connection to the LDAP server will complete
|
||||
before starting FreeRADIUS, as it forces libldap to use a blocking socket during
|
||||
the process. Infinite timeout is the OpenLDAP default.
|
||||
Avoids this: https://git.openldap.org/openldap/openldap/-/blob/87ffc60006298069a5a044b8e63dab27a61d3fdf/libraries/libldap/tls2.c#L1134
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1992551
|
||||
Signed-off-by: Antonio Torres <antorres@redhat.com>
|
||||
---
|
||||
src/modules/rlm_ldap/ldap.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/modules/rlm_ldap/ldap.c b/src/modules/rlm_ldap/ldap.c
|
||||
index cf7a84e069..841bf888a1 100644
|
||||
--- a/src/modules/rlm_ldap/ldap.c
|
||||
+++ b/src/modules/rlm_ldap/ldap.c
|
||||
@@ -1472,7 +1472,10 @@ void *mod_conn_create(TALLOC_CTX *ctx, void *instance)
|
||||
}
|
||||
|
||||
#ifdef LDAP_OPT_NETWORK_TIMEOUT
|
||||
- if (inst->net_timeout) {
|
||||
+ bool using_tls = inst->start_tls ||
|
||||
+ inst->port == 636 ||
|
||||
+ strncmp(inst->server, "ldaps://", strlen("ldaps://")) == 0;
|
||||
+ if (inst->net_timeout && !using_tls) {
|
||||
memset(&tv, 0, sizeof(tv));
|
||||
tv.tv_sec = inst->net_timeout;
|
||||
|
56
SOURCES/freeradius-logrotate
Normal file
56
SOURCES/freeradius-logrotate
Normal file
@ -0,0 +1,56 @@
|
||||
# You can use this to rotate the /var/log/radius/* files, simply copy
|
||||
# it to /etc/logrotate.d/radiusd
|
||||
|
||||
# There are different detail-rotating strategies you can use. One is
|
||||
# to write to a single detail file per IP and use the rotate config
|
||||
# below. Another is to write to a daily detail file per IP with:
|
||||
# detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail
|
||||
# (or similar) in radiusd.conf, without rotation. If you go with the
|
||||
# second technique, you will need another cron job that removes old
|
||||
# detail files. You do not need to comment out the below for method #2.
|
||||
/var/log/radius/radacct/*/detail {
|
||||
monthly
|
||||
rotate 4
|
||||
nocreate
|
||||
missingok
|
||||
compress
|
||||
su radiusd radiusd
|
||||
}
|
||||
|
||||
/var/log/radius/checkrad.log {
|
||||
monthly
|
||||
rotate 4
|
||||
create
|
||||
missingok
|
||||
compress
|
||||
su radiusd radiusd
|
||||
}
|
||||
|
||||
/var/log/radius/radius.log {
|
||||
monthly
|
||||
rotate 4
|
||||
create
|
||||
missingok
|
||||
compress
|
||||
su radiusd radiusd
|
||||
postrotate
|
||||
/usr/bin/systemctl reload-or-try-restart radiusd
|
||||
endscript
|
||||
}
|
||||
|
||||
/var/log/radius/radwtmp {
|
||||
monthly
|
||||
rotate 4
|
||||
create
|
||||
compress
|
||||
missingok
|
||||
su radiusd radiusd
|
||||
}
|
||||
/var/log/radius/sqltrace.sql {
|
||||
monthly
|
||||
rotate 4
|
||||
create
|
||||
compress
|
||||
missingok
|
||||
su radiusd radiusd
|
||||
}
|
104
SOURCES/freeradius-no-buildtime-cert-gen.patch
Normal file
104
SOURCES/freeradius-no-buildtime-cert-gen.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From e6f7c9d4c2af1cda7760ca8155166bb5d4d541d0 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Wed, 8 May 2019 12:58:02 -0400
|
||||
Subject: [PATCH] Don't generate certificates in reproducible builds
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
Make.inc.in | 5 +++++
|
||||
configure | 4 ++++
|
||||
configure.ac | 3 +++
|
||||
raddb/all.mk | 4 ++++
|
||||
4 files changed, 16 insertions(+)
|
||||
|
||||
diff --git a/Make.inc.in b/Make.inc.in
|
||||
index 0b2cd74de8..8c623cf95c 100644
|
||||
--- a/Make.inc.in
|
||||
+++ b/Make.inc.in
|
||||
@@ -173,3 +173,8 @@ else
|
||||
TESTBINDIR = ./$(BUILD_DIR)/bin
|
||||
TESTBIN = ./$(BUILD_DIR)/bin
|
||||
endif
|
||||
+
|
||||
+#
|
||||
+# With reproducible builds, do not generate certificates during installation
|
||||
+#
|
||||
+ENABLE_REPRODUCIBLE_BUILDS = @ENABLE_REPRODUCIBLE_BUILDS@
|
||||
diff --git a/configure b/configure
|
||||
index c2c599c92b..3d4403a844 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -655,6 +655,7 @@ RUSERS
|
||||
SNMPWALK
|
||||
SNMPGET
|
||||
PERL
|
||||
+ENABLE_REPRODUCIBLE_BUILDS
|
||||
openssl_version_check_config
|
||||
WITH_DHCP
|
||||
modconfdir
|
||||
@@ -5586,6 +5587,7 @@ else
|
||||
fi
|
||||
|
||||
|
||||
+ENABLE_REPRODUCIBLE_BUILDS=yes
|
||||
# Check whether --enable-reproducible-builds was given.
|
||||
if test "${enable_reproducible_builds+set}" = set; then :
|
||||
enableval=$enable_reproducible_builds; case "$enableval" in
|
||||
@@ -5597,6 +5599,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h
|
||||
;;
|
||||
*)
|
||||
reproducible_builds=no
|
||||
+ ENABLE_REPRODUCIBLE_BUILDS=no
|
||||
esac
|
||||
|
||||
fi
|
||||
@@ -5604,6 +5607,7 @@ fi
|
||||
|
||||
|
||||
|
||||
+
|
||||
CHECKRAD=checkrad
|
||||
# Extract the first word of "perl", so it can be a program name with args.
|
||||
set dummy perl; ac_word=$2
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index a7abf0025a..35b013f4af 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -619,6 +619,7 @@ AC_SUBST([openssl_version_check_config])
|
||||
dnl #
|
||||
dnl # extra argument: --enable-reproducible-builds
|
||||
dnl #
|
||||
+ENABLE_REPRODUCIBLE_BUILDS=yes
|
||||
AC_ARG_ENABLE(reproducible-builds,
|
||||
[AS_HELP_STRING([--enable-reproducible-builds],
|
||||
[ensure the build does not change each time])],
|
||||
@@ -630,8 +631,10 @@ AC_ARG_ENABLE(reproducible-builds,
|
||||
;;
|
||||
*)
|
||||
reproducible_builds=no
|
||||
+ ENABLE_REPRODUCIBLE_BUILDS=no
|
||||
esac ]
|
||||
)
|
||||
+AC_SUBST(ENABLE_REPRODUCIBLE_BUILDS)
|
||||
|
||||
|
||||
dnl #############################################################
|
||||
diff --git a/raddb/all.mk b/raddb/all.mk
|
||||
index c966edd657..c8e976a499 100644
|
||||
--- a/raddb/all.mk
|
||||
+++ b/raddb/all.mk
|
||||
@@ -124,7 +124,11 @@ $(R)$(raddbdir)/users: $(R)$(modconfdir)/files/authorize
|
||||
ifneq "$(LOCAL_CERT_PRODUCTS)" ""
|
||||
$(LOCAL_CERT_PRODUCTS):
|
||||
@echo BOOTSTRAP raddb/certs/
|
||||
+ifeq "$(ENABLE_REPRODUCIBLE_BUILDS)" "yes"
|
||||
+ @$(MAKE) -C $(R)$(raddbdir)/certs/ passwords.mk
|
||||
+else
|
||||
@$(MAKE) -C $(R)$(raddbdir)/certs/
|
||||
+endif
|
||||
|
||||
# Bootstrap is special
|
||||
$(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS)
|
||||
--
|
||||
2.21.0
|
||||
|
6
SOURCES/freeradius-pam-conf
Normal file
6
SOURCES/freeradius-pam-conf
Normal file
@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth include password-auth
|
||||
account required pam_nologin.so
|
||||
account include password-auth
|
||||
password include password-auth
|
||||
session include password-auth
|
2
SOURCES/freeradius-tmpfiles.conf
Normal file
2
SOURCES/freeradius-tmpfiles.conf
Normal file
@ -0,0 +1,2 @@
|
||||
D /run/radiusd 0710 radiusd radiusd -
|
||||
D /run/radiusd/tmp 0700 radiusd radiusd -
|
15
SOURCES/radiusd.service
Normal file
15
SOURCES/radiusd.service
Normal file
@ -0,0 +1,15 @@
|
||||
[Unit]
|
||||
Description=FreeRADIUS high performance RADIUS server.
|
||||
After=syslog.target network-online.target ipa.service dirsrv.target krb5kdc.service mysql.service mariadb.service postgresql.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/radiusd/radiusd.pid
|
||||
ExecStartPre=-/bin/chown -R radiusd.radiusd /var/run/radiusd
|
||||
ExecStartPre=/usr/sbin/radiusd -C
|
||||
ExecStart=/usr/sbin/radiusd -d /etc/raddb
|
||||
ExecReload=/usr/sbin/radiusd -C
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
2541
SPECS/freeradius.spec
Normal file
2541
SPECS/freeradius.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user