From 6580bdeb6b94eac07a77587d205435f61e6d3e2d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 10 Aug 2019 03:11:45 +0100 Subject: [PATCH] freeradius: Build package without generating certificates Signed-off-by: Michael Tremer --- lfs/freeradius | 1 + .../freeradius-no-buildtime-cert-gen.patch | 104 ++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 src/patches/freeradius-no-buildtime-cert-gen.patch diff --git a/lfs/freeradius b/lfs/freeradius index 9afcdbf7e1..b68a31f380 100644 --- a/lfs/freeradius +++ b/lfs/freeradius @@ -81,6 +81,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/freeradius-no-buildtime-cert-gen.patch $(UPDATE_AUTOMAKE) cd $(DIR_APP) && \ ./configure \ diff --git a/src/patches/freeradius-no-buildtime-cert-gen.patch b/src/patches/freeradius-no-buildtime-cert-gen.patch new file mode 100644 index 0000000000..aa3be66487 --- /dev/null +++ b/src/patches/freeradius-no-buildtime-cert-gen.patch @@ -0,0 +1,104 @@ +From e6f7c9d4c2af1cda7760ca8155166bb5d4d541d0 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Wed, 8 May 2019 12:58:02 -0400 +Subject: [PATCH] Don't generate certificates in reproducible builds + +Signed-off-by: Alexander Scheel +--- + Make.inc.in | 5 +++++ + configure | 4 ++++ + configure.ac | 3 +++ + raddb/all.mk | 4 ++++ + 4 files changed, 16 insertions(+) + +diff --git a/Make.inc.in b/Make.inc.in +index 0b2cd74de8..8c623cf95c 100644 +--- a/Make.inc.in ++++ b/Make.inc.in +@@ -173,3 +173,8 @@ else + TESTBINDIR = ./$(BUILD_DIR)/bin + TESTBIN = ./$(BUILD_DIR)/bin + endif ++ ++# ++# With reproducible builds, do not generate certificates during installation ++# ++ENABLE_REPRODUCIBLE_BUILDS = @ENABLE_REPRODUCIBLE_BUILDS@ +diff --git a/configure b/configure +index c2c599c92b..3d4403a844 100755 +--- a/configure ++++ b/configure +@@ -655,6 +655,7 @@ RUSERS + SNMPWALK + SNMPGET + PERL ++ENABLE_REPRODUCIBLE_BUILDS + openssl_version_check_config + WITH_DHCP + modconfdir +@@ -5586,6 +5587,7 @@ else + fi + + ++ENABLE_REPRODUCIBLE_BUILDS=yes + # Check whether --enable-reproducible-builds was given. + if test "${enable_reproducible_builds+set}" = set; then : + enableval=$enable_reproducible_builds; case "$enableval" in +@@ -5597,6 +5599,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h + ;; + *) + reproducible_builds=no ++ ENABLE_REPRODUCIBLE_BUILDS=no + esac + + fi +@@ -5604,6 +5607,7 @@ fi + + + ++ + CHECKRAD=checkrad + # Extract the first word of "perl", so it can be a program name with args. + set dummy perl; ac_word=$2 +diff --git a/configure.ac b/configure.ac +index a7abf0025a..35b013f4af 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -619,6 +619,7 @@ AC_SUBST([openssl_version_check_config]) + dnl # + dnl # extra argument: --enable-reproducible-builds + dnl # ++ENABLE_REPRODUCIBLE_BUILDS=yes + AC_ARG_ENABLE(reproducible-builds, + [AS_HELP_STRING([--enable-reproducible-builds], + [ensure the build does not change each time])], +@@ -630,8 +631,10 @@ AC_ARG_ENABLE(reproducible-builds, + ;; + *) + reproducible_builds=no ++ ENABLE_REPRODUCIBLE_BUILDS=no + esac ] + ) ++AC_SUBST(ENABLE_REPRODUCIBLE_BUILDS) + + + dnl ############################################################# +diff --git a/raddb/all.mk b/raddb/all.mk +index c966edd657..c8e976a499 100644 +--- a/raddb/all.mk ++++ b/raddb/all.mk +@@ -124,7 +124,11 @@ $(R)$(raddbdir)/users: $(R)$(modconfdir)/files/authorize + ifneq "$(LOCAL_CERT_PRODUCTS)" "" + $(LOCAL_CERT_PRODUCTS): + @echo BOOTSTRAP raddb/certs/ ++ifeq "$(ENABLE_REPRODUCIBLE_BUILDS)" "yes" ++ @$(MAKE) -C $(R)$(raddbdir)/certs/ passwords.mk ++else + @$(MAKE) -C $(R)$(raddbdir)/certs/ ++endif + + # Bootstrap is special + $(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS) +-- +2.21.0 + -- 2.39.5