pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/freeradius Default to running radiusd as a non-roo...
details: https://anonhg.NetBSD.org/pkgsrc/rev/107a92ecac7f
branches: trunk
changeset: 517388:107a92ecac7f
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Thu Aug 10 10:55:51 2006 +0000
description:
Default to running radiusd as a non-root user
bump to nb2
diffstat:
net/freeradius/MESSAGE | 17 +++++++++++
net/freeradius/Makefile | 61 +++++++++++++++++++++++++++-------------
net/freeradius/distinfo | 3 +-
net/freeradius/files/radiusd.sh | 4 +-
net/freeradius/patches/patch-ak | 15 ++++++++++
5 files changed, 77 insertions(+), 23 deletions(-)
diffs (192 lines):
diff -r 88f0dffdd8c7 -r 107a92ecac7f net/freeradius/MESSAGE
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/freeradius/MESSAGE Thu Aug 10 10:55:51 2006 +0000
@@ -0,0 +1,17 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2006/08/10 10:55:52 adrianp Exp $
+
+Note to users who have been running radiusd as root before:
+
+As radiusd now runs unprivileged by default (as ${RADIUS_USER}:${RADIUS_GROUP}),
+you'll have to adapt some permissions:
+
+ ${CHOWN} -R ${RADIUS_USER}:${RADIUS_GROUP} ${VARBASE}/run/radiusd
+ ${CHOWN} -R ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}
+ ${FIND} ${PKG_SYSCONFDIR} -type d | ${XARGS} ${CHMOD} 0750
+ ${FIND} ${PKG_SYSCONFDIR} -type f | ${XARGS} ${CHMOD} 0640
+
+In addition to this the base logging directory has now been moved from
+${VARBASE}/log to ${VARBASE}/log/radiusd.
+
+===========================================================================
diff -r 88f0dffdd8c7 -r 107a92ecac7f net/freeradius/Makefile
--- a/net/freeradius/Makefile Thu Aug 10 08:54:44 2006 +0000
+++ b/net/freeradius/Makefile Thu Aug 10 10:55:51 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2006/08/09 16:42:09 adrianp Exp $
+# $NetBSD: Makefile,v 1.53 2006/08/10 10:55:52 adrianp Exp $
DISTNAME= freeradius-${RADVER}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \
ftp://ftp.Awfulhak.org/pub/radius/
@@ -15,18 +15,37 @@
CONFLICTS+= radiusd-cistron-[0-9]*
USE_TOOLS+= gmake perl:run
GNU_CONFIGURE= YES
+USE_LIBTOOL= YES
+USE_OLD_DES_API= YES
+
+BUILD_DEFS= VARBASE RADIUS_USER RADIUS_GROUP
PLIST_SRC= ${WRKDIR}/.PLIST_SRC
-FILES_SUBST+= ROOT_USER=${ROOT_USER:Q}
-FILES_SUBST+= ROOT_GROUP=${ROOT_GROUP:Q}
+FILES_SUBST+= RADIUS_USER=${RADIUS_USER:Q}
+FILES_SUBST+= RADIUS_GROUP=${RADIUS_GROUP:Q}
PLIST_SUBST+= RADVER=${RADVER}
-USE_OLD_DES_API= YES
+MESSAGE_SUBST+= CHOWN=${CHOWN:Q} CHMOD=${CHMOD:Q} VARBASE=${VARBASE}
+MESSAGE_SUBST+= RADIUS_USER=${RADIUS_USER:Q} XARGS=${XARGS:Q}
+MESSAGE_SUBST+= RADIUS_GROUP=${RADIUS_GROUP:Q} FIND=${FIND:Q}
+
+PKG_SYSCONFSUBDIR= raddb
+RCD_SCRIPTS= radiusd
+RADIUS_USER?= radius
+RADIUS_GROUP?= radius
+PKG_GROUPS= ${RADIUS_USER}
+PKG_USERS= ${RADIUS_USER}:${RADIUS_GROUP}
+OWN_DIRS_PERMS+= ${VARBASE}/run/radiusd \
+ ${RADIUS_USER} ${RADIUS_GROUP} 0750
+OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd \
+ ${RADIUS_USER} ${RADIUS_GROUP} 0750
+OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd/radacct \
+ ${RADIUS_USER} ${RADIUS_GROUP} 0750
+
RADVER= 1.1.2
+EGDIR= ${PREFIX}/share/examples/freeradius
BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.7
-USE_LIBTOOL= YES
-
-CONFIGURE_ARGS+= --with-logdir=${VARBASE}/log
+CONFIGURE_ARGS+= --with-logdir=${VARBASE}/log/radiusd
CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASEDIR:Q}
CONFIGURE_ARGS+= --disable-ltdl-install
@@ -37,6 +56,7 @@
CONFIGURE_ARGS+= --without-rlm_sql_iodbc
CONFIGURE_ARGS+= --without-rlm_sql_oracle
CONFIGURE_ARGS+= --without-rlm_sql_unixodbc
+CONFIGURE_ARGS+= --quiet
#CONFIGURE_ARGS+= --without-rlm_eap_peap
#CONFIGURE_ARGS+= --without-rlm_eap_sim
#CONFIGURE_ARGS+= --without-rlm_eap_tls
@@ -54,15 +74,14 @@
-L${PREFIX}/lib|g"
SUBST_MESSAGE.make= Fixing Makefiles.
-.include "options.mk"
-
-RCD_SCRIPTS= radiusd
+SUBST_CLASSES+= config
+SUBST_STAGE.config= post-patch
+SUBST_FILES.config= raddb/radiusd.conf.in
+SUBST_SED.config= -e "s|@@RADIUS_USER@@|${RADIUS_USER}|g"
+SUBST_SED.config+= -e "s|@@RADIUS_GROUP@@|${RADIUS_GROUP}|g"
+SUBST_MESSAGE.config= Fixing configuration files.
-OWN_DIRS= ${VARBASE}/run/radiusd
-
-PKG_SYSCONFSUBDIR= raddb
-EGDIR= ${PREFIX}/share/examples/freeradius
-CONF_FILES_MODE= 0640
+.include "options.mk"
EGFILES= acct_users attrs certs/demoCA/index.txt.old \
certs/demoCA/cacert.pem certs/demoCA/index.txt \
@@ -79,7 +98,8 @@
otp.conf otppasswd.sample
.for f in ${EGFILES}
-CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
+CONF_FILES_PERMS+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f} \
+ ${RADIUS_USER} ${RADIUS_GROUP} 0640
.endfor
.include "../../security/openssl/buildlink3.mk"
@@ -101,9 +121,6 @@
${PTHREAD_LDFLAGS:Q} ${PTHREAD_LIBS:Q}|g'
.endif
-.if ${OPSYS} == "DragonFly"
-.endif
-
.if ${MACHINE_ARCH} == "amd64"
CFLAGS+= -fPIC
.endif
@@ -121,5 +138,9 @@
${INSTALL_SCRIPT} ${WRKSRC}/src/modules/rlm_perl/example.pl ${EGDIR}
${MKDIR} ${PKG_SYSCONFDIR}/certs
${MKDIR} ${PKG_SYSCONFDIR}/certs/demoCA
+ ${CHOWN} ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}/certs
+ ${CHOWN} ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}/certs/demoCA
+ ${CHMOD} 0750 ${PKG_SYSCONFDIR}/certs
+ ${CHMOD} 0750 ${PKG_SYSCONFDIR}/certs/demoCA
.include "../../mk/bsd.pkg.mk"
diff -r 88f0dffdd8c7 -r 107a92ecac7f net/freeradius/distinfo
--- a/net/freeradius/distinfo Thu Aug 10 08:54:44 2006 +0000
+++ b/net/freeradius/distinfo Thu Aug 10 10:55:51 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2006/07/14 22:10:01 adrianp Exp $
+$NetBSD: distinfo,v 1.22 2006/08/10 10:55:52 adrianp Exp $
SHA1 (freeradius-1.1.2.tar.gz) = 0636c1afb14fc22e78ecb83aeaf63150d515d73d
RMD160 (freeradius-1.1.2.tar.gz) = 3c0960bd30d29af9bab699ee7a38c22ec0472eb5
@@ -7,3 +7,4 @@
SHA1 (patch-ae) = cf3497723b15b8a61c5458f312697a2d4a147439
SHA1 (patch-ai) = 128c5984464241294b201384d43a287e9bcb147e
SHA1 (patch-aj) = 422c9dfbde08c26acf41a040c57508ab9725004e
+SHA1 (patch-ak) = 7be986e3949a6f8368f7e01ba93521fac48eff7d
diff -r 88f0dffdd8c7 -r 107a92ecac7f net/freeradius/files/radiusd.sh
--- a/net/freeradius/files/radiusd.sh Thu Aug 10 08:54:44 2006 +0000
+++ b/net/freeradius/files/radiusd.sh Thu Aug 10 10:55:51 2006 +0000
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: radiusd.sh,v 1.5 2005/02/09 09:14:26 seb Exp $
+# $NetBSD: radiusd.sh,v 1.6 2006/08/10 10:55:51 adrianp Exp $
#
# PROVIDE: radiusd
# REQUIRE: network
@@ -22,7 +22,7 @@
if [ ! -d @VARBASE@/run/radiusd ]; then
@MKDIR@ @VARBASE@/run/radiusd
@CHMOD@ 0750 @VARBASE@/run/radiusd
- @CHOWN@ @ROOT_USER@:@ROOT_GROUP@ @VARBASE@/run/radiusd
+ @CHOWN@ @RADIUS_USER@:@RADIUS_GROUP@ @VARBASE@/run/radiusd
fi
}
diff -r 88f0dffdd8c7 -r 107a92ecac7f net/freeradius/patches/patch-ak
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/freeradius/patches/patch-ak Thu Aug 10 10:55:51 2006 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ak,v 1.7 2006/08/10 10:55:52 adrianp Exp $
+
+--- raddb/radiusd.conf.in.orig 2006-04-20 19:40:29.000000000 +0100
++++ raddb/radiusd.conf.in
+@@ -106,8 +106,8 @@ pidfile = ${run_dir}/radiusd.pid
+ # that the debugging mode server is running as a user that can read the
+ # shadow info, and the user listed below can not.
+ #
+-#user = nobody
+-#group = nobody
++user = @@RADIUS_USER@@
++group = @@RADIUS_GROUP@@
+
+ # max_request_time: The maximum time (in seconds) to handle a request.
+ #
Home |
Main Index |
Thread Index |
Old Index