rpms/freeradius/F-12 freeradius-cert-config.patch, NONE, 1.1 freeradius.spec, 1.89, 1.90
John Dennis
jdennis at fedoraproject.org
Fri Jan 8 18:12:12 UTC 2010
Author: jdennis
Update of /cvs/pkgs/rpms/freeradius/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25683
Modified Files:
freeradius.spec
Added Files:
freeradius-cert-config.patch
Log Message:
- resolves: bug #526559 initial install should run bootstrap to create certificates
running radiusd in debug mode to generate inital temporary certificates
is no longer necessary, the /etc/raddb/certs/bootstrap is invoked on initial
rpm install (not upgrade) if there is no existing /etc/raddb/certs/server.pem file
- resolves: bug #528493 use sha1 algorithm instead of md5 during cert generation
the certificate configuration (/etc/raddb/certs/{ca,server,client}.cnf) files
were modifed to use sha1 instead of md5 and the validity reduced from 1 year to 2 months
freeradius-cert-config.patch:
certs/ca.cnf | 4 ++--
certs/ca.cnf~ |only
certs/client.cnf | 4 ++--
certs/client.cnf~ |only
certs/server.cnf | 4 ++--
certs/server.cnf~ |only
eap.conf | 9 ---------
eap.conf~ |only
8 files changed, 6 insertions(+), 15 deletions(-)
--- NEW FILE freeradius-cert-config.patch ---
diff -r -u freeradius-server-2.1.8.orig/raddb/certs/ca.cnf freeradius-server-2.1.8/raddb/certs/ca.cnf
--- freeradius-server-2.1.8.orig/raddb/certs/ca.cnf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/certs/ca.cnf 2010-01-08 12:35:23.000000000 -0500
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
-default_md = md5
+default_md = sha1
preserve = no
policy = policy_match
Only in freeradius-server-2.1.8/raddb/certs: ca.cnf~
diff -r -u freeradius-server-2.1.8.orig/raddb/certs/client.cnf freeradius-server-2.1.8/raddb/certs/client.cnf
--- freeradius-server-2.1.8.orig/raddb/certs/client.cnf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/certs/client.cnf 2010-01-08 12:35:37.000000000 -0500
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
-default_md = md5
+default_md = sha1
preserve = no
policy = policy_match
Only in freeradius-server-2.1.8/raddb/certs: client.cnf~
diff -r -u freeradius-server-2.1.8.orig/raddb/certs/server.cnf freeradius-server-2.1.8/raddb/certs/server.cnf
--- freeradius-server-2.1.8.orig/raddb/certs/server.cnf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/certs/server.cnf 2010-01-08 12:35:05.000000000 -0500
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
-default_md = md5
+default_md = sha1
preserve = no
policy = policy_match
Only in freeradius-server-2.1.8/raddb/certs: server.cnf~
diff -r -u freeradius-server-2.1.8.orig/raddb/eap.conf freeradius-server-2.1.8/raddb/eap.conf
--- freeradius-server-2.1.8.orig/raddb/eap.conf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/eap.conf 2010-01-08 12:36:04.000000000 -0500
@@ -251,15 +251,6 @@
cipher_list = "DEFAULT"
#
-
- # This configuration entry should be deleted
- # once the server is running in a normal
- # configuration. It is here ONLY to make
- # initial deployments easier.
- #
- make_cert_command = "${certdir}/bootstrap"
-
- #
# Session resumption / fast reauthentication
# cache.
#
Only in freeradius-server-2.1.8/raddb: eap.conf~
Index: freeradius.spec
===================================================================
RCS file: /cvs/pkgs/rpms/freeradius/F-12/freeradius.spec,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -p -r1.89 -r1.90
--- freeradius.spec 31 Dec 2009 13:30:13 -0000 1.89
+++ freeradius.spec 8 Jan 2010 18:12:12 -0000 1.90
@@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
Version: 2.1.8
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
URL: http://www.freeradius.org/
@@ -11,6 +11,8 @@ Source100: freeradius-radiusd-init
Source102: freeradius-logrotate
Source103: freeradius-pam-conf
+Patch1: freeradius-cert-config.patch
+
Obsoletes: freeradius-devel
Obsoletes: freeradius-libs
@@ -139,6 +141,7 @@ This plugin provides the unixODBC suppor
%prep
%setup -q -n freeradius-server-%{version}
+%patch1 -p1 -b .cert-config
# Some source files mistakenly have execute permissions set
find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} +
@@ -248,6 +251,9 @@ exit 0
%post
if [ $1 = 1 ]; then
/sbin/chkconfig --add radiusd
+ if [ ! -e /etc/raddb/certs/server.pem ]; then
+ /sbin/runuser -g radiusd -c 'umask 007; /etc/raddb/certs/bootstrap' > /dev/null 2>&1 || :
+ fi
fi
%preun
@@ -551,6 +557,15 @@ fi
%{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so
%changelog
+* Thu Jan 7 2010 John Dennis <jdennis at redhat.com> - 2.1.8-2
+- resolves: bug #526559 initial install should run bootstrap to create certificates
+ running radiusd in debug mode to generate inital temporary certificates
+ is no longer necessary, the /etc/raddb/certs/bootstrap is invoked on initial
+ rpm install (not upgrade) if there is no existing /etc/raddb/certs/server.pem file
+- resolves: bug #528493 use sha1 algorithm instead of md5 during cert generation
+ the certificate configuration (/etc/raddb/certs/{ca,server,client}.cnf) files
+ were modifed to use sha1 instead of md5 and the validity reduced from 1 year to 2 months
+
* Wed Dec 30 2009 John Dennis <jdennis at redhat.com> - 2.1.8-1
- update to latest upstream
Feature improvements
More information about the fedora-extras-commits
mailing list