rpms/freeradius/devel freeradius-cert-config.patch, NONE, 1.1 freeradius-radiusd-init, 1.3, 1.4 freeradius.spec, 1.95, 1.96
John Dennis
jdennis at fedoraproject.org
Fri Jan 8 17:55:23 UTC 2010
Author: jdennis
Update of /cvs/pkgs/rpms/freeradius/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22502
Modified Files:
freeradius-radiusd-init freeradius.spec
Added Files:
freeradius-cert-config.patch
Log Message:
- resolves: bug #526559 initial install should run bootstrap to create certificates
running radiusd in debug mode to generate inital temporary certificates
is no longer necessary, the /etc/raddb/certs/bootstrap is invoked on initial
rpm install (not upgrade) if there is no existing /etc/raddb/certs/server.pem file
- resolves: bug #528493 use sha1 algorithm instead of md5 during cert generation
the certificate configuration (/etc/raddb/certs/{ca,server,client}.cnf) files
were modifed to use sha1 instead of md5 and the validity reduced from 1 year to 2 months
freeradius-cert-config.patch:
certs/ca.cnf | 4 ++--
certs/ca.cnf~ |only
certs/client.cnf | 4 ++--
certs/client.cnf~ |only
certs/server.cnf | 4 ++--
certs/server.cnf~ |only
eap.conf | 9 ---------
eap.conf~ |only
8 files changed, 6 insertions(+), 15 deletions(-)
--- NEW FILE freeradius-cert-config.patch ---
diff -r -u freeradius-server-2.1.8.orig/raddb/certs/ca.cnf freeradius-server-2.1.8/raddb/certs/ca.cnf
--- freeradius-server-2.1.8.orig/raddb/certs/ca.cnf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/certs/ca.cnf 2010-01-08 12:35:23.000000000 -0500
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
-default_md = md5
+default_md = sha1
preserve = no
policy = policy_match
Only in freeradius-server-2.1.8/raddb/certs: ca.cnf~
diff -r -u freeradius-server-2.1.8.orig/raddb/certs/client.cnf freeradius-server-2.1.8/raddb/certs/client.cnf
--- freeradius-server-2.1.8.orig/raddb/certs/client.cnf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/certs/client.cnf 2010-01-08 12:35:37.000000000 -0500
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
-default_md = md5
+default_md = sha1
preserve = no
policy = policy_match
Only in freeradius-server-2.1.8/raddb/certs: client.cnf~
diff -r -u freeradius-server-2.1.8.orig/raddb/certs/server.cnf freeradius-server-2.1.8/raddb/certs/server.cnf
--- freeradius-server-2.1.8.orig/raddb/certs/server.cnf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/certs/server.cnf 2010-01-08 12:35:05.000000000 -0500
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
-default_md = md5
+default_md = sha1
preserve = no
policy = policy_match
Only in freeradius-server-2.1.8/raddb/certs: server.cnf~
diff -r -u freeradius-server-2.1.8.orig/raddb/eap.conf freeradius-server-2.1.8/raddb/eap.conf
--- freeradius-server-2.1.8.orig/raddb/eap.conf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/eap.conf 2010-01-08 12:36:04.000000000 -0500
@@ -251,15 +251,6 @@
cipher_list = "DEFAULT"
#
-
- # This configuration entry should be deleted
- # once the server is running in a normal
- # configuration. It is here ONLY to make
- # initial deployments easier.
- #
- make_cert_command = "${certdir}/bootstrap"
-
- #
# Session resumption / fast reauthentication
# cache.
#
Only in freeradius-server-2.1.8/raddb: eap.conf~
Index: freeradius-radiusd-init
===================================================================
RCS file: /cvs/pkgs/rpms/freeradius/devel/freeradius-radiusd-init,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- freeradius-radiusd-init 19 Dec 2009 20:10:12 -0000 1.3
+++ freeradius-radiusd-init 8 Jan 2010 17:55:23 -0000 1.4
@@ -21,18 +21,20 @@
. /etc/rc.d/init.d/functions
prog=radiusd
-exec=/usr/sbin/$prog
-config=/etc/raddb/radiusd.conf
-pidfile=/var/run/$prog/$prog.pid
-lockfile=/var/lock/subsys/radiusd
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+exec=${exec:=/usr/sbin/$prog}
+config_dir=${config_dir:=/etc/raddb}
+config=${config:=$config_dir/radiusd.conf}
+pidfile=${pidfile:=/var/run/$prog/$prog.pid}
+lockfile=${lockfile:=/var/lock/subsys/radiusd}
+
start() {
[ -x $exec ] || exit 5
[ -f $config ] || exit 6
echo -n $"Starting $prog: "
- daemon --pidfile $pidfile $exec
+ daemon --pidfile $pidfile $exec -d $config_dir
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
Index: freeradius.spec
===================================================================
RCS file: /cvs/pkgs/rpms/freeradius/devel/freeradius.spec,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -p -r1.95 -r1.96
--- freeradius.spec 30 Dec 2009 18:12:37 -0000 1.95
+++ freeradius.spec 8 Jan 2010 17:55:23 -0000 1.96
@@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
Version: 2.1.8
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
URL: http://www.freeradius.org/
@@ -11,6 +11,8 @@ Source100: freeradius-radiusd-init
Source102: freeradius-logrotate
Source103: freeradius-pam-conf
+Patch1: freeradius-cert-config.patch
+
Obsoletes: freeradius-devel
Obsoletes: freeradius-libs
@@ -139,6 +141,7 @@ This plugin provides the unixODBC suppor
%prep
%setup -q -n freeradius-server-%{version}
+%patch1 -p1 -b .cert-config
# Some source files mistakenly have execute permissions set
find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} +
@@ -248,6 +251,9 @@ exit 0
%post
if [ $1 = 1 ]; then
/sbin/chkconfig --add radiusd
+ if [ ! -e /etc/raddb/certs/server.pem ]; then
+ /sbin/runuser -g radiusd -c 'umask 007; /etc/raddb/certs/bootstrap' > /dev/null 2>&1 || :
+ fi
fi
%preun
@@ -551,6 +557,15 @@ fi
%{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so
%changelog
+* Thu Jan 7 2010 John Dennis <jdennis at redhat.com> - 2.1.8-2
+- resolves: bug #526559 initial install should run bootstrap to create certificates
+ running radiusd in debug mode to generate inital temporary certificates
+ is no longer necessary, the /etc/raddb/certs/bootstrap is invoked on initial
+ rpm install (not upgrade) if there is no existing /etc/raddb/certs/server.pem file
+- resolves: bug #528493 use sha1 algorithm instead of md5 during cert generation
+ the certificate configuration (/etc/raddb/certs/{ca,server,client}.cnf) files
+ were modifed to use sha1 instead of md5 and the validity reduced from 1 year to 2 months
+
* Wed Dec 30 2009 John Dennis <jdennis at redhat.com> - 2.1.8-1
- update to latest upstream
Feature improvements
More information about the fedora-extras-commits
mailing list