From 502084cc99ac04c6989c03c23b8aa9c04425e976 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Thu, 6 Feb 2020 19:22:03 +0800 Subject: freeradius: upgrade 3.0.19 -> 3.0.20 * Drop backported patch: 0001-su-to-radiusd-user-group-when-rotating-logs.patch * Disable python2 module build and add PACKAGECONFIG for python3 module build Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --- ...-rlm_python3-add-PY_INC_DIR-in-search-dir.patch | 58 +++++ ...-to-radiusd-user-group-when-rotating-logs.patch | 104 --------- .../freeradius/freeradius_3.0.19.bb | 234 -------------------- .../freeradius/freeradius_3.0.20.bb | 237 +++++++++++++++++++++ 4 files changed, 295 insertions(+), 338 deletions(-) create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch delete mode 100644 meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch delete mode 100644 meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb create mode 100644 meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb (limited to 'meta-networking/recipes-connectivity/freeradius') diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch new file mode 100644 index 0000000000..d63023162d --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch @@ -0,0 +1,58 @@ +From 733330888fff49e4d2b6c2121a6050fdd9f11a87 Mon Sep 17 00:00:00 2001 +From: Yi Zhao +Date: Thu, 6 Feb 2020 09:32:04 +0800 +Subject: [PATCH] rlm_python3: add PY_INC_DIR in search dir + +The configure option --with-rlm-python3-include-dir is used to set +PY_INC_DIR which is never used and it fails to find Python.h, +so add it into search dir to fix it. + +Also remove SMART_LIBS from mod_flags because it introduces rpath +to LDFALGS which causes a do_package_qa error: + +ERROR: freeradius-3.0.20-r0 do_package_qa: QA Issue: package freeradius-python contains bad RPATH +/buildarea/build/tmp/work/core2-64-poky-linux/freeradius/3.0.20-r0/recipe-sysroot-native/usr/lib/python3.8/config in file +/buildarea/build/tmp/work/core2-64-poky-linux/freeradius/3.0.20-r0/packages-split/freeradius-python/usr/lib/rlm_python3.so.0.0.0 +package freeradius-python contains bad RPATH +/buildarea/build/tmp/work/core2-64-poky-linux/freeradius/3.0.20-r0/recipe-sysroot-native/usr/lib/python3.8/config in file +/buildarea/build/tmp/work/core2-64-poky-linux/freeradius/3.0.20-r0/packages-split/freeradius-python/usr/lib/rlm_python3.so.0.0.0 [rpaths] + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Yi Zhao +--- + src/modules/rlm_python3/configure.ac | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/modules/rlm_python3/configure.ac b/src/modules/rlm_python3/configure.ac +index a00320f..adbdf19 100644 +--- a/src/modules/rlm_python3/configure.ac ++++ b/src/modules/rlm_python3/configure.ac +@@ -95,7 +95,7 @@ if test x$with_[]modname != xno; then + + old_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS $PY_CFLAGS" +- smart_try_dir="$PY_PREFIX/include/python$PY_SYS_VERSION" ++ smart_try_dir="$PY_PREFIX/include/python$PY_SYS_VERSION $PY_INC_DIR" + FR_SMART_CHECK_INCLUDE(Python.h) + CFLAGS=$old_CFLAGS + +@@ -114,13 +114,13 @@ if test x$with_[]modname != xno; then + + eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}} + if test "x$t" = "xyes"; then +- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm" ++ mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS -lm" + targetname=modname + else + FR_SMART_CHECK_LIB(python${PY_SYS_VERSION}m, Py_Initialize) + eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}} + if test "x$t" = "xyes"; then +- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm" ++ mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS -lm" + targetname=modname + else + targetname= +-- +2.7.4 + diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch deleted file mode 100644 index 5859dc7ed0..0000000000 --- a/meta-networking/recipes-connectivity/freeradius/files/0001-su-to-radiusd-user-group-when-rotating-logs.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 1f233773962bf1a9c2d228a180eacddb9db2d574 Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Tue, 7 May 2019 16:04:29 -0400 -Subject: [PATCH] su to radiusd user/group when rotating logs - -The su directive to logrotate ensures that log rotation happens under the -owner of the logs. Otherwise, logrotate runs as root:root, potentially -enabling privilege escalation if a RCE is discovered against the -FreeRADIUS daemon. - -Signed-off-by: Alexander Scheel - -Upstream-Status: Backport -[https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574] - -CVE: CVE-2019-10143 - -Signed-off-by: Yi Zhao ---- - debian/freeradius.logrotate | 3 +++ - redhat/freeradius-logrotate | 1 + - scripts/logrotate/freeradius | 3 +++ - suse/radiusd-logrotate | 1 + - 4 files changed, 8 insertions(+) - -diff --git a/debian/freeradius.logrotate b/debian/freeradius.logrotate -index 7d837d5..a8d29b7 100644 ---- a/debian/freeradius.logrotate -+++ b/debian/freeradius.logrotate -@@ -9,6 +9,7 @@ - notifempty - - copytruncate -+ su freerad freerad - } - - # (in order) -@@ -26,6 +27,7 @@ - notifempty - - nocreate -+ su freerad freerad - } - - # There are different detail-rotating strategies you can use. One is -@@ -45,4 +47,5 @@ - notifempty - - nocreate -+ su freerad freerad - } -diff --git a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate -index 360765d..bb97ca5 100644 ---- a/redhat/freeradius-logrotate -+++ b/redhat/freeradius-logrotate -@@ -9,6 +9,7 @@ rotate 4 - missingok - compress - delaycompress -+su radiusd radiusd - - # - # The main server log -diff --git a/scripts/logrotate/freeradius b/scripts/logrotate/freeradius -index 3de435e..eecf631 100644 ---- a/scripts/logrotate/freeradius -+++ b/scripts/logrotate/freeradius -@@ -17,6 +17,7 @@ - notifempty - - copytruncate -+ su radiusd radiusd - } - - # (in order) -@@ -34,6 +35,7 @@ - notifempty - - nocreate -+ su radiusd radiusd - } - - # There are different detail-rotating strategies you can use. One is -@@ -53,4 +55,5 @@ - notifempty - - nocreate -+ su radiusd radiusd - } -diff --git a/suse/radiusd-logrotate b/suse/radiusd-logrotate -index 24d56be..be5a797 100644 ---- a/suse/radiusd-logrotate -+++ b/suse/radiusd-logrotate -@@ -11,6 +11,7 @@ missingok - compress - delaycompress - notifempty -+su radiusd radiusd - - # - # The main server log --- -2.7.4 - diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb deleted file mode 100644 index 8887433062..0000000000 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.19.bb +++ /dev/null @@ -1,234 +0,0 @@ -DESCRIPTION = "FreeRADIUS is an Internet authentication daemon, which implements the RADIUS \ -protocol, as defined in RFC 2865 (and others). It allows Network Access \ -Servers (NAS boxes) to perform authentication for dial-up users. There are \ -also RADIUS clients available for Web servers, firewalls, Unix logins, and \ -more. Using RADIUS allows authentication and authorization for a network to \ -be centralized, and minimizes the amount of re-configuration which has to be \ -done when adding or deleting new users." - -SUMMARY = "High-performance and highly configurable RADIUS server" -HOMEPAGE = "http://www.freeradius.org/" -SECTION = "System/Servers" -LICENSE = "GPLv2 & LGPLv2+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a" -DEPENDS = "openssl-native openssl libidn libtool libpcap libtalloc" - -SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x; \ - file://freeradius \ - file://volatiles.58_radiusd \ - file://freeradius-enble-user-in-conf.patch \ - file://freeradius-configure.ac-allow-cross-compilation.patch \ - file://freeradius-libtool-detection.patch \ - file://freeradius-configure.ac-add-option-for-libcap.patch \ - file://freeradius-avoid-searching-host-dirs.patch \ - file://freeradius-rlm_python-add-PY_INC_DIR.patch \ - file://freeradius-libtool-do-not-use-jlibtool.patch \ - file://freeradius-fix-quoting-for-BUILT_WITH.patch \ - file://freeradius-fix-error-for-expansion-of-macro.patch \ - file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \ - file://0001-su-to-radiusd-user-group-when-rotating-logs.patch \ - file://radiusd.service \ - file://radiusd-volatiles.conf \ -" - -SRCREV = "ab4c767099f263a7cd4109bcdca80ee74210a769" - -PARALLEL_MAKE = "" - -S = "${WORKDIR}/git" - -LDFLAGS_append_powerpc = " -latomic" -LDFLAGS_append_mipsarch = " -latomic" -LDFLAGS_append_armv5 = " -latomic" - -EXTRA_OECONF = " --enable-strict-dependencies \ - --with-docdir=${docdir}/freeradius-${PV} \ - --with-openssl-includes=${STAGING_INCDIR} \ - --with-openssl-libraries=${STAGING_LIBDIR} \ - --without-rlm_ippool \ - --without-rlm_cache_memcached \ - --without-rlm_counter \ - --without-rlm_couchbase \ - --without-rlm_dbm \ - --without-rlm_eap_tnc \ - --without-rlm_eap_ikev2 \ - --without-rlm_opendirectory \ - --without-rlm_redis \ - --without-rlm_rediswho \ - --without-rlm_sql_db2 \ - --without-rlm_sql_firebird \ - --without-rlm_sql_freetds \ - --without-rlm_sql_iodbc \ - --without-rlm_sql_oracle \ - --without-rlm_sql_sybase \ - --without-rlm_sqlhpwippool \ - --without-rlm_securid \ - --without-rlm_unbound \ - ac_cv_path_PERL=${bindir}/perl \ - ax_cv_cc_builtin_choose_expr=no \ - ax_cv_cc_builtin_types_compatible_p=no \ - ax_cv_cc_builtin_bswap64=no \ - ax_cv_cc_bounded_attribute=no \ -" - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)} \ - pcre libcap \ - openssl rlm-eap-fast rlm-eap-pwd \ -" - -PACKAGECONFIG[krb5] = "--with-rlm_krb5,--without-rlm_krb5,krb5" -PACKAGECONFIG[pam] = "--with-rlm_pam,--without-rlm_pam,libpam" -PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" -PACKAGECONFIG[ldap] = "--with-rlm_ldap,--without-rlm_ldap,openldap" -PACKAGECONFIG[mysql] = "--with-rlm_sql_mysql,--without-rlm_sql_mysql,mysql5" -PACKAGECONFIG[sqlite] = "--with-rlm_sql_sqlite,--without-rlm_sql_sqlite,sqlite3" -PACKAGECONFIG[unixodbc] = "--with-rlm_sql_unixodbc,--without-rlm_sql_unixodbc,unixodbc" -PACKAGECONFIG[postgresql] = "--with-rlm_sql_postgresql,--without-rlm_sql_postgresql,postgresql" -PACKAGECONFIG[pcre] = "--with-pcre,--without-pcre,libpcre" -PACKAGECONFIG[perl] = "--with-perl=${STAGING_BINDIR_NATIVE}/perl-native/perl --with-rlm_perl,--without-rlm_perl,perl-native perl,perl" -PACKAGECONFIG[python] = "--with-rlm_python --with-rlm-python-bin=${STAGING_BINDIR_NATIVE}/python-native/python --with-rlm-python-include-dir=${STAGING_INCDIR}/${PYTHON_DIR},--without-rlm_python,python-native python" -PACKAGECONFIG[rest] = "--with-rlm_rest,--without-rlm_rest,curl json-c" -PACKAGECONFIG[ruby] = "--with-rlm_ruby,--without-rlm_ruby,ruby" -PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl" -PACKAGECONFIG[rlm-eap-fast] = "--with-rlm_eap_fast, --without-rlm_eap_fast" -PACKAGECONFIG[rlm-eap-pwd] = "--with-rlm_eap_pwd, --without-rlm_eap_pwd" - -inherit useradd autotools-brokensep update-rc.d systemd - -# This is not a cpan or python based package, but it needs some definitions -# from cpan-base and python3-dir bbclasses for building rlm_perl and rlm_python -# correctly. -inherit cpan-base python3-dir - -# The modules subdirs also need to be processed by autoreconf. Use autogen.sh -# in order to handle the subdirs correctly. -do_configure () { - ./autogen.sh - - # the configure of rlm_perl needs this to get correct - # mod_cflags and mod_ldflags - if ${@bb.utils.contains('PACKAGECONFIG', 'perl', 'true', 'false', d)}; then - export PERL5LIB="${STAGING_LIBDIR}${PERL_OWN_DIR}/perl/${@get_perl_version(d)}" - fi - - oe_runconf - - # we don't need dhcpclient - sed -i -e 's/dhcpclient.mk//' ${S}/src/modules/proto_dhcp/all.mk -} - -INITSCRIPT_NAME = "radiusd" - -SYSTEMD_SERVICE_${PN} = "radiusd.service" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --no-create-home --shell /bin/false --user-group radiusd" - -do_install() { - rm -rf ${D} - mkdir -p ${D}/${sysconfdir}/logrotate.d - mkdir -p ${D}/${sysconfdir}/pam.d - mkdir -p ${D}/${sysconfdir}/init.d - mkdir -p ${D}/${localstatedir}/lib/radiusd - mkdir -p ${D}${sysconfdir}/default/volatiles - - export LD_LIBRARY_PATH=${D}/${libdir} - oe_runmake install R=${D} INSTALLSTRIP="" - - # remove unsupported config files - rm -f ${D}/${sysconfdir}/raddb/experimental.conf - - # remove scripts that required Perl(DBI) - rm -rf ${D}/${bindir}/radsqlrelay - - cp -f ${WORKDIR}/freeradius ${D}/etc/init.d/radiusd - rm -f ${D}/${sbindir}/rc.radiusd - chmod +x ${D}/${sysconfdir}/init.d/radiusd - rm -rf ${D}/${localstatedir}/run/ - install -m 0644 ${WORKDIR}/volatiles.58_radiusd ${D}${sysconfdir}/default/volatiles/58_radiusd - - chown -R radiusd:radiusd ${D}/${sysconfdir}/raddb/ - chown -R radiusd:radiusd ${D}/${localstatedir}/lib/radiusd - - # For systemd - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/radiusd.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@STATEDIR@,${localstatedir},g' \ - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - ${D}${systemd_unitdir}/system/radiusd.service - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d/ - install -m 0644 ${WORKDIR}/radiusd-volatiles.conf ${D}${sysconfdir}/tmpfiles.d/ - fi -} - -# This is only needed when we install/update on a running target. -# -pkg_postinst_${PN} () { - if [ -z "$D" ]; then - if command -v systemd-tmpfiles >/dev/null; then - # create /var/log/radius, /var/run/radiusd - systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/radiusd-volatiles.conf - elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then - ${sysconfdir}/init.d/populate-volatile.sh update - fi - - # Fix ownership for /etc/raddb/*, /var/lib/radiusd - chown -R radiusd:radiusd ${sysconfdir}/raddb - chown -R radiusd:radiusd ${localstatedir}/lib/radiusd - fi -} - -# We really need the symlink :( -INSANE_SKIP_${PN} = "dev-so" -INSANE_SKIP_${PN}-krb5 = "dev-so" -INSANE_SKIP_${PN}-ldap = "dev-so" -INSANE_SKIP_${PN}-mysql = "dev-so" -INSANE_SKIP_${PN}-perl = "dev-so" -INSANE_SKIP_${PN}-postgresql = "dev-so" -INSANE_SKIP_${PN}-python = "dev-so" -INSANE_SKIP_${PN}-unixodbc = "dev-so" - -PACKAGES =+ "${PN}-utils ${PN}-ldap ${PN}-krb5 ${PN}-perl \ - ${PN}-python ${PN}-mysql ${PN}-postgresql ${PN}-unixodbc" - -FILES_${PN}-utils = "${bindir}/*" - -FILES_${PN}-ldap = "${libdir}/rlm_ldap.so* \ - ${sysconfdir}/raddb/mods-available/ldap \ -" - -FILES_${PN}-krb5 = "${libdir}/rlm_krb5.so* \ - ${sysconfdir}/raddb/mods-available/krb5 \ -" - -FILES_${PN}-perl = "${libdir}/rlm_perl.so* \ - ${sysconfdir}/raddb/mods-config/perl \ - ${sysconfdir}/raddb/mods-available/perl \ -" - -FILES_${PN}-python = "${libdir}/rlm_python.so* \ - ${sysconfdir}/raddb/mods-config/python \ - ${sysconfdir}/raddb/mods-available/python \ -" - -FILES_${PN}-mysql = "${libdir}/rlm_sql_mysql.so* \ - ${sysconfdir}/raddb/mods-config/sql/*/mysql \ - ${sysconfdir}/raddb/mods-available/sql \ -" - -FILES_${PN}-postgresql = "${libdir}/rlm_sql_postgresql.so* \ - ${sysconfdir}/raddb/mods-config/sql/*/postgresql \ -" - -FILES_${PN}-unixodbc = "${libdir}/rlm_sql_unixodbc.so*" - -FILES_${PN} =+ "${libdir}/rlm_*.so* ${libdir}/proto_*so*" - -RDEPENDS_${PN} += "perl" -RDEPENDS_${PN}-utils = "${PN} perl" - -CLEANBROKEN = "1" diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb new file mode 100644 index 0000000000..a9c2fad0fd --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb @@ -0,0 +1,237 @@ +DESCRIPTION = "FreeRADIUS is an Internet authentication daemon, which implements the RADIUS \ +protocol, as defined in RFC 2865 (and others). It allows Network Access \ +Servers (NAS boxes) to perform authentication for dial-up users. There are \ +also RADIUS clients available for Web servers, firewalls, Unix logins, and \ +more. Using RADIUS allows authentication and authorization for a network to \ +be centralized, and minimizes the amount of re-configuration which has to be \ +done when adding or deleting new users." + +SUMMARY = "High-performance and highly configurable RADIUS server" +HOMEPAGE = "http://www.freeradius.org/" +SECTION = "System/Servers" +LICENSE = "GPLv2 & LGPLv2+" +LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a" +DEPENDS = "openssl-native openssl libidn libtool libpcap libtalloc" + +SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x; \ + file://freeradius \ + file://volatiles.58_radiusd \ + file://freeradius-enble-user-in-conf.patch \ + file://freeradius-configure.ac-allow-cross-compilation.patch \ + file://freeradius-libtool-detection.patch \ + file://freeradius-configure.ac-add-option-for-libcap.patch \ + file://freeradius-avoid-searching-host-dirs.patch \ + file://freeradius-rlm_python-add-PY_INC_DIR.patch \ + file://freeradius-libtool-do-not-use-jlibtool.patch \ + file://freeradius-fix-quoting-for-BUILT_WITH.patch \ + file://freeradius-fix-error-for-expansion-of-macro.patch \ + file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \ + file://0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch \ + file://radiusd.service \ + file://radiusd-volatiles.conf \ +" + +SRCREV = "d94c953ab9602a238433ba18533111b845fd8e9e" + +PARALLEL_MAKE = "" + +S = "${WORKDIR}/git" + +LDFLAGS_append_powerpc = " -latomic" +LDFLAGS_append_mipsarch = " -latomic" +LDFLAGS_append_armv5 = " -latomic" + +EXTRA_OECONF = " --enable-strict-dependencies \ + --with-docdir=${docdir}/freeradius-${PV} \ + --with-openssl-includes=${STAGING_INCDIR} \ + --with-openssl-libraries=${STAGING_LIBDIR} \ + --without-rlm_ippool \ + --without-rlm_cache_memcached \ + --without-rlm_counter \ + --without-rlm_couchbase \ + --without-rlm_dbm \ + --without-rlm_eap_tnc \ + --without-rlm_eap_ikev2 \ + --without-rlm_opendirectory \ + --without-rlm_redis \ + --without-rlm_rediswho \ + --without-rlm_sql_db2 \ + --without-rlm_sql_firebird \ + --without-rlm_sql_freetds \ + --without-rlm_sql_iodbc \ + --without-rlm_sql_oracle \ + --without-rlm_sql_sybase \ + --without-rlm_sql_mongo \ + --without-rlm_sqlhpwippool \ + --without-rlm_securid \ + --without-rlm_unbound \ + --without-rlm_python \ + ac_cv_path_PERL=${bindir}/perl \ + ax_cv_cc_builtin_choose_expr=no \ + ax_cv_cc_builtin_types_compatible_p=no \ + ax_cv_cc_builtin_bswap64=no \ + ax_cv_cc_bounded_attribute=no \ +" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)} \ + pcre libcap \ + openssl rlm-eap-fast rlm-eap-pwd \ +" + +PACKAGECONFIG[krb5] = "--with-rlm_krb5,--without-rlm_krb5,krb5" +PACKAGECONFIG[pam] = "--with-rlm_pam,--without-rlm_pam,libpam" +PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" +PACKAGECONFIG[ldap] = "--with-rlm_ldap,--without-rlm_ldap,openldap" +PACKAGECONFIG[mysql] = "--with-rlm_sql_mysql,--without-rlm_sql_mysql,mysql5" +PACKAGECONFIG[sqlite] = "--with-rlm_sql_sqlite,--without-rlm_sql_sqlite,sqlite3" +PACKAGECONFIG[unixodbc] = "--with-rlm_sql_unixodbc,--without-rlm_sql_unixodbc,unixodbc" +PACKAGECONFIG[postgresql] = "--with-rlm_sql_postgresql,--without-rlm_sql_postgresql,postgresql" +PACKAGECONFIG[pcre] = "--with-pcre,--without-pcre,libpcre" +PACKAGECONFIG[perl] = "--with-perl=${STAGING_BINDIR_NATIVE}/perl-native/perl --with-rlm_perl,--without-rlm_perl,perl-native perl,perl" +PACKAGECONFIG[python3] = "--with-rlm_python3 --with-rlm-python3-bin=${STAGING_BINDIR_NATIVE}/python3-native/python3 --with-rlm-python3-include-dir=${STAGING_INCDIR}/${PYTHON_DIR},--without-rlm_python3,python3-native python3" +PACKAGECONFIG[rest] = "--with-rlm_rest,--without-rlm_rest,curl json-c" +PACKAGECONFIG[ruby] = "--with-rlm_ruby,--without-rlm_ruby,ruby" +PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl" +PACKAGECONFIG[rlm-eap-fast] = "--with-rlm_eap_fast, --without-rlm_eap_fast" +PACKAGECONFIG[rlm-eap-pwd] = "--with-rlm_eap_pwd, --without-rlm_eap_pwd" + +inherit useradd autotools-brokensep update-rc.d systemd + +# This is not a cpan or python based package, but it needs some definitions +# from cpan-base and python3-dir bbclasses for building rlm_perl and rlm_python +# correctly. +inherit cpan-base python3-dir + +# The modules subdirs also need to be processed by autoreconf. Use autogen.sh +# in order to handle the subdirs correctly. +do_configure () { + ./autogen.sh + + # the configure of rlm_perl needs this to get correct + # mod_cflags and mod_ldflags + if ${@bb.utils.contains('PACKAGECONFIG', 'perl', 'true', 'false', d)}; then + export PERL5LIB="${STAGING_LIBDIR}${PERL_OWN_DIR}/perl/${@get_perl_version(d)}" + fi + + oe_runconf + + # we don't need dhcpclient + sed -i -e 's/dhcpclient.mk//' ${S}/src/modules/proto_dhcp/all.mk +} + +INITSCRIPT_NAME = "radiusd" + +SYSTEMD_SERVICE_${PN} = "radiusd.service" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --no-create-home --shell /bin/false --user-group radiusd" + +do_install() { + rm -rf ${D} + mkdir -p ${D}/${sysconfdir}/logrotate.d + mkdir -p ${D}/${sysconfdir}/pam.d + mkdir -p ${D}/${sysconfdir}/init.d + mkdir -p ${D}/${localstatedir}/lib/radiusd + mkdir -p ${D}${sysconfdir}/default/volatiles + + export LD_LIBRARY_PATH=${D}/${libdir} + oe_runmake install R=${D} INSTALLSTRIP="" + + # remove unsupported config files + rm -f ${D}/${sysconfdir}/raddb/experimental.conf + + # remove scripts that required Perl(DBI) + rm -rf ${D}/${bindir}/radsqlrelay + + cp -f ${WORKDIR}/freeradius ${D}/etc/init.d/radiusd + rm -f ${D}/${sbindir}/rc.radiusd + chmod +x ${D}/${sysconfdir}/init.d/radiusd + rm -rf ${D}/${localstatedir}/run/ + rm -rf ${D}/${localstatedir}/log/ + install -m 0644 ${WORKDIR}/volatiles.58_radiusd ${D}${sysconfdir}/default/volatiles/58_radiusd + + chown -R radiusd:radiusd ${D}/${sysconfdir}/raddb/ + chown -R radiusd:radiusd ${D}/${localstatedir}/lib/radiusd + + # For systemd + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/radiusd.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@STATEDIR@,${localstatedir},g' \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + ${D}${systemd_unitdir}/system/radiusd.service + + install -d ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${WORKDIR}/radiusd-volatiles.conf ${D}${sysconfdir}/tmpfiles.d/radiusd.conf + fi +} + +# This is only needed when we install/update on a running target. +# +pkg_postinst_${PN} () { + if [ -z "$D" ]; then + if command -v systemd-tmpfiles >/dev/null; then + # create /var/log/radius, /var/run/radiusd + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/radiusd.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + + # Fix ownership for /etc/raddb/*, /var/lib/radiusd + chown -R radiusd:radiusd ${sysconfdir}/raddb + chown -R radiusd:radiusd ${localstatedir}/lib/radiusd + fi +} + +# We really need the symlink :( +INSANE_SKIP_${PN} = "dev-so" +INSANE_SKIP_${PN}-krb5 = "dev-so" +INSANE_SKIP_${PN}-ldap = "dev-so" +INSANE_SKIP_${PN}-mysql = "dev-so" +INSANE_SKIP_${PN}-perl = "dev-so" +INSANE_SKIP_${PN}-postgresql = "dev-so" +INSANE_SKIP_${PN}-python = "dev-so" +INSANE_SKIP_${PN}-unixodbc = "dev-so" + +PACKAGES =+ "${PN}-utils ${PN}-ldap ${PN}-krb5 ${PN}-perl \ + ${PN}-python ${PN}-mysql ${PN}-postgresql ${PN}-unixodbc" + +FILES_${PN}-utils = "${bindir}/*" + +FILES_${PN}-ldap = "${libdir}/rlm_ldap.so* \ + ${sysconfdir}/raddb/mods-available/ldap \ +" + +FILES_${PN}-krb5 = "${libdir}/rlm_krb5.so* \ + ${sysconfdir}/raddb/mods-available/krb5 \ +" + +FILES_${PN}-perl = "${libdir}/rlm_perl.so* \ + ${sysconfdir}/raddb/mods-config/perl \ + ${sysconfdir}/raddb/mods-available/perl \ +" + +FILES_${PN}-python = "${libdir}/rlm_python3.so* \ + ${sysconfdir}/raddb/mods-config/python3 \ + ${sysconfdir}/raddb/mods-available/python3 \ +" + +FILES_${PN}-mysql = "${libdir}/rlm_sql_mysql.so* \ + ${sysconfdir}/raddb/mods-config/sql/*/mysql \ + ${sysconfdir}/raddb/mods-available/sql \ +" + +FILES_${PN}-postgresql = "${libdir}/rlm_sql_postgresql.so* \ + ${sysconfdir}/raddb/mods-config/sql/*/postgresql \ +" + +FILES_${PN}-unixodbc = "${libdir}/rlm_sql_unixodbc.so*" + +FILES_${PN} =+ "${libdir}/rlm_*.so* ${libdir}/proto_*so*" + +RDEPENDS_${PN} += "perl" +RDEPENDS_${PN}-utils = "${PN} perl" + +CLEANBROKEN = "1" -- cgit 1.2.3-korg