From: Michael Tremer Date: Fri, 26 Feb 2010 21:27:36 +0000 (+0100) Subject: freeradius: New package. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c1c8b40432f38e1beef7988f53250e63d2722d71;p=ipfire-3.x.git freeradius: New package. --- diff --git a/pkgs/core/freeradius/freeradius.init b/pkgs/core/freeradius/freeradius.init new file mode 100644 index 000000000..a89f62c0c --- /dev/null +++ b/pkgs/core/freeradius/freeradius.init @@ -0,0 +1,12 @@ +description "Starts the free RADIUS server" +author "IPFire Team" + +start on started network +stop on starting shutdown + +exec /usr/sbin/radiusd -f +respawn + +post-stop script + rm -vf /var/run/radiusd/radiusd.sock +end script diff --git a/pkgs/core/freeradius/freeradius.nm b/pkgs/core/freeradius/freeradius.nm new file mode 100644 index 000000000..8e9412556 --- /dev/null +++ b/pkgs/core/freeradius/freeradius.nm @@ -0,0 +1,85 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = freeradius-server +PKG_VER = 2.1.6 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = System/Daemons +PKG_URL = http://www.freeradius.org +PKG_LICENSE = GPLv2+ and LGPLv2+ +PKG_SUMMARY = High-performance and highly configurable free RADIUS server. + +PKG_BUILD_DEPS+= libtool +PKG_DEPS += gdbm libpcap openssl perl + +define PKG_DESCRIPTION + The FreeRADIUS Server Project is a high performance and highly \ + configurable GPL'd free RADIUS server. \ + FreeRADIUS is an Internet authentication daemon, which implements \ + the RADIUS protocol, as defined in RFC 2865. It allows \ + Network Access Servers to perform authentication for dial-up users. +endef + +PKG_TARBALL = $(THISAPP).tar.bz2 + +define QUALITY_AGENT_WHITELIST_RPATH + /usr/bin/* + /usr/sbin/* + /usr/lib/freeradius/* +endef + +define STAGE_BUILD + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=/usr \ + --sysconfdir=/etc \ + --libdir=/usr/lib/freeradius \ + --localstatedir=/var \ + --with-system-libtool \ + --with-threads \ + --with-thread-pool \ + --disable-ltdl-install \ + --with-gnu-ld \ + --without-rlm_eap_ikev2 \ + --without-rlm_sql_iodbc \ + --without-rlm_sql_firebird \ + --without-rlm_sql_db2 \ + --without-rlm_sql_oracle + + cd $(DIR_APP) && make LIBTOOL="libtool --tag=CC" #$(PARALLELISMFLAGS) +endef + +define STAGE_INSTALL + cd $(DIR_APP) && R=$(BUILDROOT) make install +endef + +define STAGE_INSTALL_CMDS + -mkdir -pv $(BUILDROOT)/etc/logrotate.d/ + cp -vf $(DIR_SOURCE)/logrotate/freeradius $(BUILDROOT)/etc/logrotate.d/ +endef diff --git a/pkgs/core/freeradius/freeradius.pam b/pkgs/core/freeradius/freeradius.pam new file mode 100644 index 000000000..fff323801 --- /dev/null +++ b/pkgs/core/freeradius/freeradius.pam @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include system-auth +account required pam_nologin.so +account include system-auth +password include system-auth +session include system-auth diff --git a/pkgs/core/freeradius/logrotate/freeradius b/pkgs/core/freeradius/logrotate/freeradius new file mode 100644 index 000000000..8c5c6fbba --- /dev/null +++ b/pkgs/core/freeradius/logrotate/freeradius @@ -0,0 +1,56 @@ +# You can use this to rotate the /var/log/radius/* files, simply copy +# it to /etc/logrotate.d/radiusd + +# There are different detail-rotating strategies you can use. One is +# to write to a single detail file per IP and use the rotate config +# below. Another is to write to a daily detail file per IP with: +# detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail +# (or similar) in radiusd.conf, without rotation. If you go with the +# second technique, you will need another cron job that removes old +# detail files. You do not need to comment out the below for method #2. +/var/log/radius/radacct/*/detail { + monthly + rotate 4 + nocreate + missingok + compress +} + +/var/log/radius/checkrad.log { + monthly + rotate 4 + create + missingok + compress +} + +/var/log/radius/radius.log { + monthly + rotate 4 + create + missingok + compress +} + +/var/log/radius/radutmp { + monthly + rotate 4 + create + compress + missingok +} + +/var/log/radius/radwtmp { + monthly + rotate 4 + create + compress + missingok +} +/var/log/radius/sqltrace.sql { + monthly + rotate 4 + create + compress + missingok +} diff --git a/pkgs/core/freeradius/patches/freeradius-2.1.6-cert-config.patch b/pkgs/core/freeradius/patches/freeradius-2.1.6-cert-config.patch new file mode 100644 index 000000000..8390beb78 --- /dev/null +++ b/pkgs/core/freeradius/patches/freeradius-2.1.6-cert-config.patch @@ -0,0 +1,68 @@ +diff -r -u freeradius-server-2.1.8.orig/raddb/certs/ca.cnf freeradius-server-2.1.8/raddb/certs/ca.cnf +--- freeradius-server-2.1.8.orig/raddb/certs/ca.cnf 2009-12-30 10:44:35.000000000 -0500 ++++ freeradius-server-2.1.8/raddb/certs/ca.cnf 2010-01-08 12:35:23.000000000 -0500 +@@ -14,9 +14,9 @@ + RANDFILE = $dir/.rand + name_opt = ca_default + cert_opt = ca_default +-default_days = 365 ++default_days = 60 + default_crl_days = 30 +-default_md = md5 ++default_md = sha1 + preserve = no + policy = policy_match + +Only in freeradius-server-2.1.8/raddb/certs: ca.cnf~ +diff -r -u freeradius-server-2.1.8.orig/raddb/certs/client.cnf freeradius-server-2.1.8/raddb/certs/client.cnf +--- freeradius-server-2.1.8.orig/raddb/certs/client.cnf 2009-12-30 10:44:35.000000000 -0500 ++++ freeradius-server-2.1.8/raddb/certs/client.cnf 2010-01-08 12:35:37.000000000 -0500 +@@ -14,9 +14,9 @@ + RANDFILE = $dir/.rand + name_opt = ca_default + cert_opt = ca_default +-default_days = 365 ++default_days = 60 + default_crl_days = 30 +-default_md = md5 ++default_md = sha1 + preserve = no + policy = policy_match + +Only in freeradius-server-2.1.8/raddb/certs: client.cnf~ +diff -r -u freeradius-server-2.1.8.orig/raddb/certs/server.cnf freeradius-server-2.1.8/raddb/certs/server.cnf +--- freeradius-server-2.1.8.orig/raddb/certs/server.cnf 2009-12-30 10:44:35.000000000 -0500 ++++ freeradius-server-2.1.8/raddb/certs/server.cnf 2010-01-08 12:35:05.000000000 -0500 +@@ -14,9 +14,9 @@ + RANDFILE = $dir/.rand + name_opt = ca_default + cert_opt = ca_default +-default_days = 365 ++default_days = 60 + default_crl_days = 30 +-default_md = md5 ++default_md = sha1 + preserve = no + policy = policy_match + +Only in freeradius-server-2.1.8/raddb/certs: server.cnf~ +diff -r -u freeradius-server-2.1.8.orig/raddb/eap.conf freeradius-server-2.1.8/raddb/eap.conf +--- freeradius-server-2.1.8.orig/raddb/eap.conf 2009-12-30 10:44:35.000000000 -0500 ++++ freeradius-server-2.1.8/raddb/eap.conf 2010-01-08 12:36:04.000000000 -0500 +@@ -251,15 +251,6 @@ + cipher_list = "DEFAULT" + + # +- +- # This configuration entry should be deleted +- # once the server is running in a normal +- # configuration. It is here ONLY to make +- # initial deployments easier. +- # +- make_cert_command = "${certdir}/bootstrap" +- +- # + # Session resumption / fast reauthentication + # cache. + # +Only in freeradius-server-2.1.8/raddb: eap.conf~