freeradius: Build package without generating certificates

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/freeradius b/lfs/freeradius
index 9afcdbf7e19cebee037bbe20f794bbc6b89a0f68..b68a31f3803d23125a79a22700f1454749fd6c5a 100644 (file)
--- a/lfs/freeradius
+++ b/lfs/freeradius
@@ -81,6 +81,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/freeradius-no-buildtime-cert-gen.patch
        $(UPDATE_AUTOMAKE)
        cd $(DIR_APP) && \
                ./configure \

diff --git a/src/patches/freeradius-no-buildtime-cert-gen.patch b/src/patches/freeradius-no-buildtime-cert-gen.patch
new file mode 100644 (file)
index 0000000..aa3be66
--- /dev/null
+++ b/src/patches/freeradius-no-buildtime-cert-gen.patch
@@ -0,0 +1,104 @@
+From e6f7c9d4c2af1cda7760ca8155166bb5d4d541d0 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel@redhat.com>
+Date: Wed, 8 May 2019 12:58:02 -0400
+Subject: [PATCH] Don't generate certificates in reproducible builds
+
+Signed-off-by: Alexander Scheel <ascheel@redhat.com>
+---
+ Make.inc.in  | 5 +++++
+ configure    | 4 ++++
+ configure.ac | 3 +++
+ raddb/all.mk | 4 ++++
+ 4 files changed, 16 insertions(+)
+
+diff --git a/Make.inc.in b/Make.inc.in
+index 0b2cd74de8..8c623cf95c 100644
+--- a/Make.inc.in
++++ b/Make.inc.in
+@@ -173,3 +173,8 @@ else
+       TESTBINDIR = ./$(BUILD_DIR)/bin
+       TESTBIN    = ./$(BUILD_DIR)/bin
+ endif
++
++#
++#  With reproducible builds, do not generate certificates during installation
++#
++ENABLE_REPRODUCIBLE_BUILDS = @ENABLE_REPRODUCIBLE_BUILDS@
+diff --git a/configure b/configure
+index c2c599c92b..3d4403a844 100755
+--- a/configure
++++ b/configure
+@@ -655,6 +655,7 @@ RUSERS
+ SNMPWALK
+ SNMPGET
+ PERL
++ENABLE_REPRODUCIBLE_BUILDS
+ openssl_version_check_config
+ WITH_DHCP
+ modconfdir
+@@ -5586,6 +5587,7 @@ else
+ fi
+ 
+ 
++ENABLE_REPRODUCIBLE_BUILDS=yes
+ # Check whether --enable-reproducible-builds was given.
+ if test "${enable_reproducible_builds+set}" = set; then :
+   enableval=$enable_reproducible_builds;  case "$enableval" in
+@@ -5597,6 +5599,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h
+     ;;
+   *)
+     reproducible_builds=no
++    ENABLE_REPRODUCIBLE_BUILDS=no
+   esac
+ 
+ fi
+@@ -5604,6 +5607,7 @@ fi
+ 
+ 
+ 
++
+ CHECKRAD=checkrad
+ # Extract the first word of "perl", so it can be a program name with args.
+ set dummy perl; ac_word=$2
+diff --git a/configure.ac b/configure.ac
+index a7abf0025a..35b013f4af 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -619,6 +619,7 @@ AC_SUBST([openssl_version_check_config])
+ dnl #
+ dnl #  extra argument: --enable-reproducible-builds
+ dnl #
++ENABLE_REPRODUCIBLE_BUILDS=yes
+ AC_ARG_ENABLE(reproducible-builds,
+ [AS_HELP_STRING([--enable-reproducible-builds],
+                 [ensure the build does not change each time])],
+@@ -630,8 +631,10 @@ AC_ARG_ENABLE(reproducible-builds,
+     ;;
+   *)
+     reproducible_builds=no
++    ENABLE_REPRODUCIBLE_BUILDS=no
+   esac ]
+ )
++AC_SUBST(ENABLE_REPRODUCIBLE_BUILDS)
+ 
+ 
+ dnl #############################################################
+diff --git a/raddb/all.mk b/raddb/all.mk
+index c966edd657..c8e976a499 100644
+--- a/raddb/all.mk
++++ b/raddb/all.mk
+@@ -124,7 +124,11 @@ $(R)$(raddbdir)/users: $(R)$(modconfdir)/files/authorize
+ ifneq "$(LOCAL_CERT_PRODUCTS)" ""
+ $(LOCAL_CERT_PRODUCTS):
+       @echo BOOTSTRAP raddb/certs/
++ifeq "$(ENABLE_REPRODUCIBLE_BUILDS)" "yes"
++      @$(MAKE) -C $(R)$(raddbdir)/certs/ passwords.mk
++else
+       @$(MAKE) -C $(R)$(raddbdir)/certs/
++endif
+ 
+ # Bootstrap is special
+ $(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS)
+-- 
+2.21.0
+