From patchwork Mon Feb 20 17:53:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 6567 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4PL95V340Vz3x1t for ; Mon, 20 Feb 2023 17:53:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4PL95S3mHkznv; Mon, 20 Feb 2023 17:53:48 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4PL95S2Gs9z2xlX; Mon, 20 Feb 2023 17:53:48 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4PL95R1Ycsz2xSJ for ; Mon, 20 Feb 2023 17:53:47 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4PL95Q4LT3zL3; Mon, 20 Feb 2023 17:53:46 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1676915626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=jPa9DzDLU8VatiLmvNdU535kMR7zEwgTeJCRbEmN92Q=; b=VtUIAOi3cx+dh4Wb05VTsjoMJUDzVf1YnSdSCrbTp2E6lk1xyoseUamSfk3mahEILz6m4s iFpWGAHXtZmFFSBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1676915626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=jPa9DzDLU8VatiLmvNdU535kMR7zEwgTeJCRbEmN92Q=; b=M58SzwLBBOSxkNUR7QDr0DVyX7ppsMdQeZeaLuy02FWERu2HmPte33oaE9VpaXOODe0ULL fFUXrWoupc5LlZ6fw8uuV7OU+z4bRFcnAsypvDKjIJktrlFcwsyxD+H+5IiJewizzLxA6q mtS+vjem3O/3Zqoc7Jcie7LvHP7fIVYERdZmpMp633xs7MZDbaQXb9YifRMiWg23xuzl1Z 3g3tZ7Ym3U8hrGkJfh0RNUkEsZTU7i4rrGQ2O8dD54Z1BlgB2Uj1jMTsUIuAshKFVRNUjp qrhkH5MnlIsRY/SlSAQ0YU8b4YOQnSA6B5m19qVxcMtUgzLH0tUYUjW/d/1mdw== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] freeradius: Drop package Date: Mon, 20 Feb 2023 18:53:41 +0100 Message-Id: <20230220175341.280693-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Outdated, Does not build and is not used ATM. Signed-off-by: Stefan Schantl --- freeradius/freeradius.nm | 161 ------------------ freeradius/freeradius.pam | 6 - freeradius/freeradius.tmpfiles | 2 - freeradius/logrotate/freeradius | 56 ------ .../patches/freeradius-cert-config.patch | 62 ------- freeradius/systemd/freeradius.service | 14 -- 6 files changed, 301 deletions(-) delete mode 100644 freeradius/freeradius.nm delete mode 100644 freeradius/freeradius.pam delete mode 100644 freeradius/freeradius.tmpfiles delete mode 100644 freeradius/logrotate/freeradius delete mode 100644 freeradius/patches/freeradius-cert-config.patch delete mode 100644 freeradius/systemd/freeradius.service diff --git a/freeradius/freeradius.nm b/freeradius/freeradius.nm deleted file mode 100644 index eec0ec21e..000000000 --- a/freeradius/freeradius.nm +++ /dev/null @@ -1,161 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team # -############################################################################### - -name = freeradius -version = 2.1.12 -release = 4 -thisapp = %{name}-server-%{version} - -groups = System/Daemons -url = http://www.freeradius.org -license = GPLv2+ and LGPLv2+ -summary = High-performance and highly configurable free RADIUS server. - -description - The FreeRADIUS Server Project is a high performance and highly - configurable GPL'd free RADIUS server. - FreeRADIUS is an Internet authentication daemon, which implements - the RADIUS protocol, as defined in RFC 2865. It allows - Network Access Servers to perform authentication for dial-up users. -end - -source_dl = ftp://ftp.freeradius.org/pub/freeradius/ - -build - requires - gdbm-devel - libpcap-devel - libtool - libtool-devel - openssl-devel - perl - shadow-utils - end - - PARALLELISMFLAGS = # Disabled - - configure_options +=\ - %{CONFIGURE_ARCH} \ - --libdir=%{libdir}/freeradius \ - --with-system-libtool \ - --with-threads \ - --with-thread-pool \ - --disable-ltdl-install \ - --with-gnu-ld \ - --without-rlm_eap_ikev2 \ - --without-rlm_sql_iodbc \ - --without-rlm_sql_firebird \ - --without-rlm_sql_db2 \ - --without-rlm_sql_oracle - - prepare_cmds - %{create_user} - end - - make_build_targets = LINK_MODE=-pie - - install - make install R=%{BUILDROOT} - - # Change freeradius user and group. - perl -i -pe 's/^#user =.*$/user = radiusd/' %{BUILDROOT}/etc/raddb/radiusd.conf - perl -i -pe 's/^#group =.*$/group = radiusd/' %{BUILDROOT}/etc/raddb/radiusd.conf - - # Create emty logfiles. - mkdir -pv %{BUILDROOT}/var/log/radius/radacct - touch %{BUILDROOT}/var/log/radius/{radutmp,radius.log} - chown -Rv radiusd.radiusd %{BUILDROOT}/var/log/radius/ - - # Create tmpfiles folder. - mkdir -pv %{BUILDROOT}/run/radiusd - chown -Rv radiusd.radiusd %{BUILDROOT}/run/radiusd/ - - # Remove unneeded stuff. - rm -vf %{BUILDROOT}/usr/sbin/rc.radiusd - rm -rvf %{BUILDROOT}/etc/raddb/sql/ - rm -rvf %{BUILDROOT}/var/run/ - - # Remove header files, we don't ship a devel package. - rm -rvf %{BUILDROOT}/usr/include/ - - # remove unsupported config file. - rm -vf %{BUILDROOT}/etc/raddb/experimental.conf - - # Fix permissions. - chown -Rv root.radiusd %{BUILDROOT}/etc/raddb - end -end - -create_user - getent group radiusd >/dev/null || /usr/sbin/groupadd -r radiusd - getent passwd radiusd >/dev/null || /usr/sbin/useradd -r -g radiusd \ - -d /var/lib/radiusd -s /sbin/nologin radiusd -end - -quality-agent - whitelist_rpath - %{libdir}/freeradius - end -end - -packages - package %{name} - configfiles - /etc/raddb/radiusd.conf - end - - prerequires - shadow-utils - systemd-units - end - - script prein - %{create_user} - end - - script postin - /bin/systemctl daemon-reload >/dev/null 2>&1 || : - end - - script preun - /bin/systemctl --no-reload disable freeradius.service >/dev/null 2>&1 || : - /bin/systemctl stop freeradius.service >/dev/null 2>&1 || : - end - - script postup - /bin/systemctl daemon-reload >/dev/null 2>&1 || : - /bin/systemctl try-restart freeradius.service >/dev/null 2>&1 || : - end - end - - package freeradius-utils - summary = FreeRADIUS utilities. - description - Additional utilities to configure and manage FreeRADUIS - Servers. - end - - files - /usr/bin/* - /usr/share/man/man1/radclient.1 - /usr/share/man/man1/radeapclient.1 - /usr/share/man/man1/radlast.1 - /usr/share/man/man1/radtest.1 - /usr/share/man/man1/radwho.1 - /usr/share/man/man1/radzap.1 - /usr/share/man/man1/smbencrypt.1 - /usr/share/man/man5/checkrad.5 - /usr/share/man/man8/radconf2xml.8 - /usr/share/man/man8/radcrypt.8 - /usr/share/man/man8/radsniff.8 - /usr/share/man/man8/radsqlrelay.8 - /usr/share/man/man8/rlm_ippool_tool.8 - end - end - - package %{name}-debuginfo - template DEBUGINFO - end -end diff --git a/freeradius/freeradius.pam b/freeradius/freeradius.pam deleted file mode 100644 index fff323801..000000000 --- a/freeradius/freeradius.pam +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include system-auth -account required pam_nologin.so -account include system-auth -password include system-auth -session include system-auth diff --git a/freeradius/freeradius.tmpfiles b/freeradius/freeradius.tmpfiles deleted file mode 100644 index 613d00892..000000000 --- a/freeradius/freeradius.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -d /run/radiusd 0750 radiusd radiusd - diff --git a/freeradius/logrotate/freeradius b/freeradius/logrotate/freeradius deleted file mode 100644 index 8c5c6fbba..000000000 --- a/freeradius/logrotate/freeradius +++ /dev/null @@ -1,56 +0,0 @@ -# You can use this to rotate the /var/log/radius/* files, simply copy -# it to /etc/logrotate.d/radiusd - -# There are different detail-rotating strategies you can use. One is -# to write to a single detail file per IP and use the rotate config -# below. Another is to write to a daily detail file per IP with: -# detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail -# (or similar) in radiusd.conf, without rotation. If you go with the -# second technique, you will need another cron job that removes old -# detail files. You do not need to comment out the below for method #2. -/var/log/radius/radacct/*/detail { - monthly - rotate 4 - nocreate - missingok - compress -} - -/var/log/radius/checkrad.log { - monthly - rotate 4 - create - missingok - compress -} - -/var/log/radius/radius.log { - monthly - rotate 4 - create - missingok - compress -} - -/var/log/radius/radutmp { - monthly - rotate 4 - create - compress - missingok -} - -/var/log/radius/radwtmp { - monthly - rotate 4 - create - compress - missingok -} -/var/log/radius/sqltrace.sql { - monthly - rotate 4 - create - compress - missingok -} diff --git a/freeradius/patches/freeradius-cert-config.patch b/freeradius/patches/freeradius-cert-config.patch deleted file mode 100644 index 9967a152e..000000000 --- a/freeradius/patches/freeradius-cert-config.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff -r -u freeradius-server-2.1.12.orig/raddb/certs/ca.cnf freeradius-server-2.1.12/raddb/certs/ca.cnf ---- freeradius-server-2.1.12.orig/raddb/certs/ca.cnf 2011-09-07 06:59:21.000000000 -0400 -+++ freeradius-server-2.1.12/raddb/certs/ca.cnf 2011-09-07 10:28:28.000000000 -0400 -@@ -14,9 +14,9 @@ - RANDFILE = $dir/.rand - name_opt = ca_default - cert_opt = ca_default --default_days = 365 -+default_days = 60 - default_crl_days = 30 --default_md = md5 -+default_md = sha1 - preserve = no - policy = policy_match - -diff -r -u freeradius-server-2.1.12.orig/raddb/certs/client.cnf freeradius-server-2.1.12/raddb/certs/client.cnf ---- freeradius-server-2.1.12.orig/raddb/certs/client.cnf 2011-09-07 06:59:21.000000000 -0400 -+++ freeradius-server-2.1.12/raddb/certs/client.cnf 2011-09-07 10:28:28.000000000 -0400 -@@ -14,9 +14,9 @@ - RANDFILE = $dir/.rand - name_opt = ca_default - cert_opt = ca_default --default_days = 365 -+default_days = 60 - default_crl_days = 30 --default_md = md5 -+default_md = sha1 - preserve = no - policy = policy_match - -diff -r -u freeradius-server-2.1.12.orig/raddb/certs/server.cnf freeradius-server-2.1.12/raddb/certs/server.cnf ---- freeradius-server-2.1.12.orig/raddb/certs/server.cnf 2011-09-07 06:59:21.000000000 -0400 -+++ freeradius-server-2.1.12/raddb/certs/server.cnf 2011-09-07 10:28:28.000000000 -0400 -@@ -14,9 +14,9 @@ - RANDFILE = $dir/.rand - name_opt = ca_default - cert_opt = ca_default --default_days = 365 -+default_days = 60 - default_crl_days = 30 --default_md = md5 -+default_md = sha1 - preserve = no - policy = policy_match - -diff -r -u freeradius-server-2.1.12.orig/raddb/eap.conf freeradius-server-2.1.12/raddb/eap.conf ---- freeradius-server-2.1.12.orig/raddb/eap.conf 2011-09-07 06:59:21.000000000 -0400 -+++ freeradius-server-2.1.12/raddb/eap.conf 2011-09-07 10:28:28.000000000 -0400 -@@ -281,7 +281,11 @@ - # for the server to print out an error message, - # and refuse to start. - # -- make_cert_command = "${certdir}/bootstrap" -+ # Redhat RPM's run the bootstrap certificate creation -+ # as part of the RPM install (not upgrade), therefore -+ # the make_cert_command is commented out. -+ # -+ #make_cert_command = "${certdir}/bootstrap" - - # - # Elliptical cryptography configuration -Only in freeradius-server-2.1.12/raddb: eap.conf.orig diff --git a/freeradius/systemd/freeradius.service b/freeradius/systemd/freeradius.service deleted file mode 100644 index 4f86f2140..000000000 --- a/freeradius/systemd/freeradius.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=FreeRADIUS Server -After=network.target - -[Service] -ExecStartPre=/etc/raddb/certs/bootstrap -ExecStartPre=/usr/sbin/radiusd -C -ExecStart=/usr/sbin/radiusd -f -d /etc/raddb -ExecReload=/usr/sbin/radiusd -C -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target -