###############################################################################
name = freeradius-server
-version = 2.1.9
-release = 2
+version = 2.1.12
+release = 3
groups = System/Daemons
url = http://www.freeradius.org
summary = High-performance and highly configurable free RADIUS server.
description
- The FreeRADIUS Server Project is a high performance and highly \
- configurable GPL'd free RADIUS server. \
- FreeRADIUS is an Internet authentication daemon, which implements \
- the RADIUS protocol, as defined in RFC 2865. It allows \
+ The FreeRADIUS Server Project is a high performance and highly
+ configurable GPL'd free RADIUS server.
+ FreeRADIUS is an Internet authentication daemon, which implements
+ the RADIUS protocol, as defined in RFC 2865. It allows
Network Access Servers to perform authentication for dial-up users.
end
-source_dl =
+source_dl = ftp://ftp.freeradius.org/pub/freeradius/
build
requires
libtool-devel
openssl-devel
perl
+ shadow-utils
end
- build
- ./configure \
- %{CONFIGURE_ARCH} \
- --prefix=/usr \
- --sysconfdir=/etc \
- --libdir=/usr/lib/freeradius \
- --localstatedir=/var \
- --with-system-libtool \
- --with-threads \
- --with-thread-pool \
- --disable-ltdl-install \
- --with-gnu-ld \
- --without-rlm_eap_ikev2 \
- --without-rlm_sql_iodbc \
- --without-rlm_sql_firebird \
- --without-rlm_sql_db2 \
- --without-rlm_sql_oracle
-
- make LIBTOOL="libtool --tag=CC" #%{PARALLELISMFLAGS}
+ PARALLELISMFLAGS = # Disabled
+
+ configure_options +=\
+ %{CONFIGURE_ARCH} \
+ --sysconfdir=/etc \
+ --libdir=/usr/lib/freeradius \
+ --localstatedir=/var \
+ --with-system-libtool \
+ --with-threads \
+ --with-thread-pool \
+ --disable-ltdl-install \
+ --with-gnu-ld \
+ --without-rlm_eap_ikev2 \
+ --without-rlm_sql_iodbc \
+ --without-rlm_sql_firebird \
+ --without-rlm_sql_db2 \
+ --without-rlm_sql_oracle
+
+ prepare_cmds
+ %{create_user}
end
+ make_build_targets = LINK_MODE=-pie
+
install
- R=%{BUILDROOT} make install
- end
+ make install R=%{BUILDROOT}
+
+ # Change freeradius user and group.
+ perl -i -pe 's/^#user =.*$/user = radiusd/' %{BUILDROOT}/etc/raddb/radiusd.conf
+ perl -i -pe 's/^#group =.*$/group = radiusd/' %{BUILDROOT}/etc/raddb/radiusd.conf
+
+ # Create emty logfiles.
+ mkdir -pv %{BUILDROOT}/var/log/radius/radacct
+ touch %{BUILDROOT}/var/log/radius/{radutmp,radius.log}
+ chown -Rv radiusd.radiusd %{BUILDROOT}/var/log/radius/
+
+ # Create tmpfiles folder.
+ mkdir -pv %{BUILDROOT}/run/radiusd
+ chown -Rv radiusd.radiusd %{BUILDROOT}/run/radiusd/
+
+ # Remove unneeded stuff.
+ rm -vf %{BUILDROOT}/usr/sbin/rc.radiusd
+ rm -rvf %{BUILDROOT}/etc/raddb/sql/
+ rm -rvf %{BUILDROOT}/var/run/
+
+ # Remove header files, we don't ship a devel package.
+ rm -rvf %{BUILDROOT}/usr/include/
- install_cmds
- mkdir -pv %{BUILDROOT}/etc/logrotate.d/
- cp -vf %{DIR_SOURCE}/logrotate/freeradius %{BUILDROOT}/etc/logrotate.d/
+ # remove unsupported config file.
+ rm -vf %{BUILDROOT}/etc/raddb/experimental.conf
+
+ # Fix permissions.
+ chown -Rv root.radiusd %{BUILDROOT}/etc/raddb
end
end
+create_user
+ getent group radiusd >/dev/null || /usr/sbin/groupadd -r radiusd
+ getent passwd radiusd >/dev/null || /usr/sbin/useradd -r -g radiusd \
+ -d /var/lib/radiusd -s /sbin/nologin radiusd
+end
+
quality-agent
whitelist_rpath
/usr/lib/freeradius
end
end
-# Generate certificates after installation
-# Command: cd /etc/raddb/certs/ && make Makefile
-
packages
package %{name}
- requires = make
+ configfiles
+ /etc/raddb/radiusd.conf
+ end
+
+ prerequires = shadow-utils systemd-units
+
+ script prein
+ %{create_user}
+ end
+
+ script postin
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ end
+
+ script preun
+ /bin/systemctl --no-reload disable freeradius.service >/dev/null 2>&1 || :
+ /bin/systemctl stop freeradius.service >/dev/null 2>&1 || :
+ end
+
+ script postup
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl try-restart freeradius.service >/dev/null 2>&1 || :
+ end
+ end
+
+ package freeradius-utils
+ summary = FreeRADIUS utilities.
+ description
+ Additional utilities to configure and manage FreeRADUIS
+ Servers.
+ end
+
+ files
+ /usr/bin/*
+ /usr/share/man/man1/radclient.1
+ /usr/share/man/man1/radeapclient.1
+ /usr/share/man/man1/radlast.1
+ /usr/share/man/man1/radtest.1
+ /usr/share/man/man1/radwho.1
+ /usr/share/man/man1/radzap.1
+ /usr/share/man/man1/smbencrypt.1
+ /usr/share/man/man5/checkrad.5
+ /usr/share/man/man8/radconf2xml.8
+ /usr/share/man/man8/radcrypt.8
+ /usr/share/man/man8/radsniff.8
+ /usr/share/man/man8/radsqlrelay.8
+ /usr/share/man/man8/rlm_ippool_tool.8
+ end
end
end
+++ /dev/null
-diff -r -u freeradius-server-2.1.8.orig/raddb/certs/ca.cnf freeradius-server-2.1.8/raddb/certs/ca.cnf
---- freeradius-server-2.1.8.orig/raddb/certs/ca.cnf 2009-12-30 10:44:35.000000000 -0500
-+++ freeradius-server-2.1.8/raddb/certs/ca.cnf 2010-01-08 12:35:23.000000000 -0500
-@@ -14,9 +14,9 @@
- RANDFILE = $dir/.rand
- name_opt = ca_default
- cert_opt = ca_default
--default_days = 365
-+default_days = 60
- default_crl_days = 30
--default_md = md5
-+default_md = sha1
- preserve = no
- policy = policy_match
-
-Only in freeradius-server-2.1.8/raddb/certs: ca.cnf~
-diff -r -u freeradius-server-2.1.8.orig/raddb/certs/client.cnf freeradius-server-2.1.8/raddb/certs/client.cnf
---- freeradius-server-2.1.8.orig/raddb/certs/client.cnf 2009-12-30 10:44:35.000000000 -0500
-+++ freeradius-server-2.1.8/raddb/certs/client.cnf 2010-01-08 12:35:37.000000000 -0500
-@@ -14,9 +14,9 @@
- RANDFILE = $dir/.rand
- name_opt = ca_default
- cert_opt = ca_default
--default_days = 365
-+default_days = 60
- default_crl_days = 30
--default_md = md5
-+default_md = sha1
- preserve = no
- policy = policy_match
-
-Only in freeradius-server-2.1.8/raddb/certs: client.cnf~
-diff -r -u freeradius-server-2.1.8.orig/raddb/certs/server.cnf freeradius-server-2.1.8/raddb/certs/server.cnf
---- freeradius-server-2.1.8.orig/raddb/certs/server.cnf 2009-12-30 10:44:35.000000000 -0500
-+++ freeradius-server-2.1.8/raddb/certs/server.cnf 2010-01-08 12:35:05.000000000 -0500
-@@ -14,9 +14,9 @@
- RANDFILE = $dir/.rand
- name_opt = ca_default
- cert_opt = ca_default
--default_days = 365
-+default_days = 60
- default_crl_days = 30
--default_md = md5
-+default_md = sha1
- preserve = no
- policy = policy_match
-
-Only in freeradius-server-2.1.8/raddb/certs: server.cnf~
-diff -r -u freeradius-server-2.1.8.orig/raddb/eap.conf freeradius-server-2.1.8/raddb/eap.conf
---- freeradius-server-2.1.8.orig/raddb/eap.conf 2009-12-30 10:44:35.000000000 -0500
-+++ freeradius-server-2.1.8/raddb/eap.conf 2010-01-08 12:36:04.000000000 -0500
-@@ -251,15 +251,6 @@
- cipher_list = "DEFAULT"
-
- #
--
-- # This configuration entry should be deleted
-- # once the server is running in a normal
-- # configuration. It is here ONLY to make
-- # initial deployments easier.
-- #
-- make_cert_command = "${certdir}/bootstrap"
--
-- #
- # Session resumption / fast reauthentication
- # cache.
- #
-Only in freeradius-server-2.1.8/raddb: eap.conf~
--- /dev/null
+diff -r -u freeradius-server-2.1.12.orig/raddb/certs/ca.cnf freeradius-server-2.1.12/raddb/certs/ca.cnf
+--- freeradius-server-2.1.12.orig/raddb/certs/ca.cnf 2011-09-07 06:59:21.000000000 -0400
++++ freeradius-server-2.1.12/raddb/certs/ca.cnf 2011-09-07 10:28:28.000000000 -0400
+@@ -14,9 +14,9 @@
+ RANDFILE = $dir/.rand
+ name_opt = ca_default
+ cert_opt = ca_default
+-default_days = 365
++default_days = 60
+ default_crl_days = 30
+-default_md = md5
++default_md = sha1
+ preserve = no
+ policy = policy_match
+
+diff -r -u freeradius-server-2.1.12.orig/raddb/certs/client.cnf freeradius-server-2.1.12/raddb/certs/client.cnf
+--- freeradius-server-2.1.12.orig/raddb/certs/client.cnf 2011-09-07 06:59:21.000000000 -0400
++++ freeradius-server-2.1.12/raddb/certs/client.cnf 2011-09-07 10:28:28.000000000 -0400
+@@ -14,9 +14,9 @@
+ RANDFILE = $dir/.rand
+ name_opt = ca_default
+ cert_opt = ca_default
+-default_days = 365
++default_days = 60
+ default_crl_days = 30
+-default_md = md5
++default_md = sha1
+ preserve = no
+ policy = policy_match
+
+diff -r -u freeradius-server-2.1.12.orig/raddb/certs/server.cnf freeradius-server-2.1.12/raddb/certs/server.cnf
+--- freeradius-server-2.1.12.orig/raddb/certs/server.cnf 2011-09-07 06:59:21.000000000 -0400
++++ freeradius-server-2.1.12/raddb/certs/server.cnf 2011-09-07 10:28:28.000000000 -0400
+@@ -14,9 +14,9 @@
+ RANDFILE = $dir/.rand
+ name_opt = ca_default
+ cert_opt = ca_default
+-default_days = 365
++default_days = 60
+ default_crl_days = 30
+-default_md = md5
++default_md = sha1
+ preserve = no
+ policy = policy_match
+
+diff -r -u freeradius-server-2.1.12.orig/raddb/eap.conf freeradius-server-2.1.12/raddb/eap.conf
+--- freeradius-server-2.1.12.orig/raddb/eap.conf 2011-09-07 06:59:21.000000000 -0400
++++ freeradius-server-2.1.12/raddb/eap.conf 2011-09-07 10:28:28.000000000 -0400
+@@ -281,7 +281,11 @@
+ # for the server to print out an error message,
+ # and refuse to start.
+ #
+- make_cert_command = "${certdir}/bootstrap"
++ # Redhat RPM's run the bootstrap certificate creation
++ # as part of the RPM install (not upgrade), therefore
++ # the make_cert_command is commented out.
++ #
++ #make_cert_command = "${certdir}/bootstrap"
+
+ #
+ # Elliptical cryptography configuration
+Only in freeradius-server-2.1.12/raddb: eap.conf.orig