1 |
commit: ca263beccd204324898a868316cf905059a00511 |
2 |
Author: orbea <orbea <AT> riseup <DOT> net> |
3 |
AuthorDate: Fri May 6 21:44:11 2022 +0000 |
4 |
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com> |
5 |
CommitDate: Sat May 7 01:31:21 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=ca263bec |
7 |
|
8 |
net-dialup/freeradius: Updated for version 3.0.25-r2 |
9 |
|
10 |
Signed-off-by: orbea <orbea <AT> riseup.net> |
11 |
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com> |
12 |
|
13 |
net-dialup/freeradius/Manifest | 1 + |
14 |
.../files/freeradius-3.0.25-libressl.patch | 148 ++++++++++++ |
15 |
net-dialup/freeradius/files/radius.conf-r6 | 22 ++ |
16 |
net-dialup/freeradius/files/radius.init-r4 | 31 +++ |
17 |
net-dialup/freeradius/freeradius-3.0.25-r2.ebuild | 268 +++++++++++++++++++++ |
18 |
net-dialup/freeradius/metadata.xml | 11 +- |
19 |
6 files changed, 472 insertions(+), 9 deletions(-) |
20 |
|
21 |
diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest |
22 |
index b0ca97f..849cc39 100644 |
23 |
--- a/net-dialup/freeradius/Manifest |
24 |
+++ b/net-dialup/freeradius/Manifest |
25 |
@@ -1 +1,2 @@ |
26 |
+DIST freeradius-3.0.25.tar.gz 5300245 BLAKE2B bf8908aa7bfabb9e15fa841457f176a4f2697bdec7994485516ef338908b46f2168260b7acf1a7120a687e543f0381bb787567bb4d564b9d14a3eb464a0e9ed6 SHA512 13382a53e6a1a4495c6f53e662ce21b80d73b6134a72f099f05495b64c56ae1a6c1cd1281311f1c3695d8532207fe5bd3d2026ed2c45f3cb5adb1011f1505ee7 |
27 |
DIST freeradius-server-3.0.20.tar.gz 5002727 BLAKE2B f481ad22105694a4af3f0f0c1b4f6e395e8da0fe65274e32ebeed07e3c9b1869029e6ffbc655cfa41d5de2a1dcba54acee33a7a10d28bfbfce791b7ccd0fc57a SHA512 513ed0a5d9e6b9a8d89a9b02c86ff528a9ff14d928f4c1040ca44702465abd711588fe6afa35554cb2c8e8bd7f19dd5be3dbc78445c62c7b00bf5cbc4c621312 |
28 |
|
29 |
diff --git a/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch b/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch |
30 |
new file mode 100644 |
31 |
index 0000000..8da9279 |
32 |
--- /dev/null |
33 |
+++ b/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch |
34 |
@@ -0,0 +1,148 @@ |
35 |
+From OpenBSD: |
36 |
+ |
37 |
+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_cb_c |
38 |
+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_tls_c |
39 |
+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_modules_rlm_eap_types_rlm_eap_fast_rlm_eap_fast_c |
40 |
+ |
41 |
+Index: src/main/cb.c |
42 |
+--- a/src/main/cb.c.orig |
43 |
++++ b/src/main/cb.c |
44 |
+@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret) |
45 |
+ /* |
46 |
+ * After a ClientHello, list all the proposed ciphers from the client |
47 |
+ */ |
48 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
49 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
50 |
+ if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) { |
51 |
+ int i; |
52 |
+ int num_ciphers; |
53 |
+@@ -192,7 +192,7 @@ void cbtls_msg(int write_p, int msg_version, int conte |
54 |
+ state->info.alert_level = 0x00; |
55 |
+ state->info.alert_description = 0x00; |
56 |
+ |
57 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
58 |
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
59 |
+ } else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) { |
60 |
+ /* let tls_ack_handler set application_data */ |
61 |
+ state->info.content_type = SSL3_RT_HANDSHAKE; |
62 |
+Index: src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c |
63 |
+--- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c.orig |
64 |
++++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c |
65 |
+@@ -200,7 +200,7 @@ static void eap_fast_session_ticket(tls_session_t *tls |
66 |
+ } |
67 |
+ |
68 |
+ // hostap:src/crypto/tls_openssl.c:tls_sess_sec_cb() |
69 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
70 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
71 |
+ static int _session_secret(SSL *s, void *secret, int *secret_len, |
72 |
+ UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers, |
73 |
+ UNUSED SSL_CIPHER **cipher, void *arg) |
74 |
+@@ -224,7 +224,7 @@ static int _session_secret(SSL *s, void *secret, int * |
75 |
+ |
76 |
+ RDEBUG("processing PAC-Opaque"); |
77 |
+ |
78 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
79 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
80 |
+ eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len); |
81 |
+ #else |
82 |
+ uint8_t client_random[SSL3_RANDOM_SIZE]; |
83 |
+Index: src/main/tls.c |
84 |
+--- a/src/main/tls.c.orig |
85 |
++++ b/src/main/tls.c |
86 |
+@@ -622,7 +622,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls |
87 |
+ /* |
88 |
+ * Swap empty store with the old one. |
89 |
+ */ |
90 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
91 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
92 |
+ conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx); |
93 |
+ /* Bump refcnt so the store is kept allocated till next store replacement */ |
94 |
+ X509_STORE_up_ref(conf->old_x509_store); |
95 |
+@@ -1340,7 +1340,7 @@ void tls_session_information(tls_session_t *tls_sessio |
96 |
+ if ((tls_session->info.version > tls_session->conf->max_version) && |
97 |
+ (rad_debug_lvl > 0)) { |
98 |
+ WARN("TLS 1.3 has been negotiated even though it was disabled. This is an OpenSSL Bug."); |
99 |
+- WARN("Please set: cipher_list = \"DEFAULT@SECLEVEL=1\" in the tls {...} section."); |
100 |
++ WARN("Setting cipher_list in the tls {...} section might help."); |
101 |
+ } |
102 |
+ #endif |
103 |
+ break; |
104 |
+@@ -1697,7 +1697,7 @@ static int load_dh_params(SSL_CTX *ctx, char *file) |
105 |
+ * |
106 |
+ * Change suggested by @t8m |
107 |
+ */ |
108 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
109 |
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
110 |
+ if (FIPS_mode() > 0) { |
111 |
+ WARN(LOG_PREFIX ": Ignoring user-selected DH parameters in FIPS mode. Using defaults."); |
112 |
+ return 0; |
113 |
+@@ -1920,7 +1920,7 @@ done: |
114 |
+ return 0; |
115 |
+ } |
116 |
+ |
117 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
118 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
119 |
+ static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy) |
120 |
+ #else |
121 |
+ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy) |
122 |
+@@ -2304,7 +2304,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION * |
123 |
+ return 0; |
124 |
+ } |
125 |
+ |
126 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
127 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
128 |
+ static SSL_SESSION *cbtls_cache_load(SSL *ssl, unsigned char *data, int len, int *copy) |
129 |
+ #else |
130 |
+ static SSL_SESSION *cbtls_cache_load(SSL *ssl, const unsigned char *data, int len, int *copy) |
131 |
+@@ -2840,7 +2840,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) |
132 |
+ char cn_str[1024]; |
133 |
+ char buf[64]; |
134 |
+ X509 *client_cert; |
135 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
136 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
137 |
+ const STACK_OF(X509_EXTENSION) *ext_list; |
138 |
+ #else |
139 |
+ STACK_OF(X509_EXTENSION) *ext_list; |
140 |
+@@ -3058,7 +3058,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) |
141 |
+ } |
142 |
+ |
143 |
+ if (lookup == 0) { |
144 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
145 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
146 |
+ ext_list = X509_get0_extensions(client_cert); |
147 |
+ #else |
148 |
+ X509_CINF *client_inf; |
149 |
+@@ -3111,7 +3111,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) |
150 |
+ value[0] = '0'; |
151 |
+ value[1] = 'x'; |
152 |
+ const unsigned char *srcp; |
153 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
154 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
155 |
+ const ASN1_STRING *srcasn1p; |
156 |
+ srcasn1p = X509_EXTENSION_get_data(ext); |
157 |
+ srcp = ASN1_STRING_get0_data(srcasn1p); |
158 |
+@@ -3203,13 +3203,13 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) |
159 |
+ */ |
160 |
+ if (depth == 0) { |
161 |
+ tls_session_t *ssn = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_SSN); |
162 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
163 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
164 |
+ STACK_OF(X509)* untrusted = NULL; |
165 |
+ #endif |
166 |
+ |
167 |
+ rad_assert(ssn != NULL); |
168 |
+ |
169 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
170 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
171 |
+ /* |
172 |
+ * See if there are any untrusted certificates. |
173 |
+ * If so, complain about them. |
174 |
+@@ -4169,7 +4169,7 @@ post_ca: |
175 |
+ * disable early data. |
176 |
+ * |
177 |
+ */ |
178 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
179 |
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
180 |
+ SSL_CTX_set_max_early_data(ctx, 0); |
181 |
+ #endif |
182 |
+ |
183 |
|
184 |
diff --git a/net-dialup/freeradius/files/radius.conf-r6 b/net-dialup/freeradius/files/radius.conf-r6 |
185 |
new file mode 100644 |
186 |
index 0000000..50d2a1c |
187 |
--- /dev/null |
188 |
+++ b/net-dialup/freeradius/files/radius.conf-r6 |
189 |
@@ -0,0 +1,22 @@ |
190 |
+# Config file for /etc/init.d/radiusd |
191 |
+ |
192 |
+# see man pages for radiusd run `radiusd -h` |
193 |
+# for valid cmdline options |
194 |
+#RADIUSD_OPTS="" |
195 |
+ |
196 |
+# Change this value if you change it in /etc/raddb/radiusd.conf |
197 |
+pidfile=/run/radiusd/radiusd.pid |
198 |
+ |
199 |
+# Change these values if you change them in /etc/raddb/radiusd.conf |
200 |
+RADIUSD_USER=radius |
201 |
+RADIUSD_GROUP=radius |
202 |
+ |
203 |
+RADIUSD_LOGPATH=/var/log/radius |
204 |
+ |
205 |
+# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want |
206 |
+# to uncomment the following line. |
207 |
+#rc_use="logger" |
208 |
+ |
209 |
+# If you use ldap, start the ldap server prior to FreeRADIUS to avoid |
210 |
+# startup crashes. |
211 |
+#rc_use="ldap" |
212 |
|
213 |
diff --git a/net-dialup/freeradius/files/radius.init-r4 b/net-dialup/freeradius/files/radius.init-r4 |
214 |
new file mode 100644 |
215 |
index 0000000..dee1842 |
216 |
--- /dev/null |
217 |
+++ b/net-dialup/freeradius/files/radius.init-r4 |
218 |
@@ -0,0 +1,31 @@ |
219 |
+#!/sbin/openrc-run |
220 |
+# Copyright 1999-2020 Gentoo Authors |
221 |
+# Distributed under the terms of the GNU General Public License v2 |
222 |
+ |
223 |
+command=/usr/sbin/radiusd |
224 |
+command_args="${RADIUSD_OPTS}" |
225 |
+pidfile="${pidfile:-/run/radiusd/radiusd.pid}" |
226 |
+extra_started_commands="reload" |
227 |
+ |
228 |
+depend() { |
229 |
+ need localmount |
230 |
+ use dns |
231 |
+} |
232 |
+ |
233 |
+start_pre() { |
234 |
+ if [ ! -f /etc/raddb/radiusd.conf ] ; then |
235 |
+ eerror "No /etc/raddb/radiusd.conf file exists!" |
236 |
+ return 1 |
237 |
+ fi |
238 |
+ |
239 |
+ checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \ |
240 |
+ $(dirname ${pidfile}) "${RADIUSD_LOGPATH:-/var/log/radius}" |
241 |
+ checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \ |
242 |
+ $(dirname ${pidfile}) /run/radiusd |
243 |
+} |
244 |
+ |
245 |
+reload() { |
246 |
+ ebegin "Reloading radiusd" |
247 |
+ kill -HUP $(cat ${pidfile}) |
248 |
+ eend $? |
249 |
+} |
250 |
|
251 |
diff --git a/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild b/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild |
252 |
new file mode 100644 |
253 |
index 0000000..8e473f0 |
254 |
--- /dev/null |
255 |
+++ b/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild |
256 |
@@ -0,0 +1,268 @@ |
257 |
+# Copyright 1999-2022 Gentoo Authors |
258 |
+# Distributed under the terms of the GNU General Public License v2 |
259 |
+ |
260 |
+EAPI=7 |
261 |
+ |
262 |
+PYTHON_COMPAT=( python3_{8..10} ) |
263 |
+inherit autotools pam python-single-r1 systemd |
264 |
+ |
265 |
+MY_PV=$(ver_rs 1- "_") |
266 |
+ |
267 |
+DESCRIPTION="Highly configurable free RADIUS server" |
268 |
+HOMEPAGE="https://freeradius.org/" |
269 |
+SRC_URI="https://github.com/FreeRADIUS/freeradius-server/archive/release_${MY_PV}.tar.gz -> ${P}.tar.gz" |
270 |
+S="${WORKDIR}/freeradius-server-release_${MY_PV}" |
271 |
+ |
272 |
+LICENSE="GPL-2" |
273 |
+SLOT="0" |
274 |
+KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~sparc x86" |
275 |
+ |
276 |
+IUSE=" |
277 |
+ debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam |
278 |
+ pcap postgres python readline redis rest samba sqlite ssl systemd |
279 |
+" |
280 |
+ |
281 |
+RESTRICT="test firebird? ( bindist )" |
282 |
+ |
283 |
+# NOTE: Temporary freeradius doesn't support linking with mariadb client |
284 |
+# libs also if code is compliant, will be available in the next release. |
285 |
+# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a |
286 |
+ |
287 |
+# TODO: rlm_mschap works with both samba library or without. I need to avoid |
288 |
+# linking of samba library if -samba is used. |
289 |
+RDEPEND="acct-group/radius |
290 |
+ acct-user/radius |
291 |
+ !net-dialup/cistronradius |
292 |
+ dev-lang/perl:= |
293 |
+ sys-libs/gdbm:= |
294 |
+ sys-libs/talloc |
295 |
+ virtual/libcrypt:= |
296 |
+ firebird? ( dev-db/firebird ) |
297 |
+ iodbc? ( dev-db/libiodbc ) |
298 |
+ kerberos? ( virtual/krb5 ) |
299 |
+ ldap? ( net-nds/openldap:= ) |
300 |
+ memcached? ( dev-libs/libmemcached ) |
301 |
+ mysql? ( dev-db/mysql-connector-c:= ) |
302 |
+ mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 ) |
303 |
+ odbc? ( dev-db/unixODBC ) |
304 |
+ oracle? ( dev-db/oracle-instantclient[sdk] ) |
305 |
+ pam? ( sys-libs/pam ) |
306 |
+ pcap? ( net-libs/libpcap ) |
307 |
+ postgres? ( dev-db/postgresql:= ) |
308 |
+ python? ( ${PYTHON_DEPS} ) |
309 |
+ readline? ( sys-libs/readline:0= ) |
310 |
+ redis? ( dev-libs/hiredis:= ) |
311 |
+ rest? ( dev-libs/json-c:= ) |
312 |
+ samba? ( net-fs/samba ) |
313 |
+ sqlite? ( dev-db/sqlite:3 ) |
314 |
+ ssl? ( |
315 |
+ dev-libs/openssl:0=[-bindist(-)] |
316 |
+ ) |
317 |
+ systemd? ( sys-apps/systemd )" |
318 |
+DEPEND="${RDEPEND}" |
319 |
+ |
320 |
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
321 |
+ |
322 |
+# 721040 |
323 |
+QA_SONAME="usr/lib.*/libfreeradius-.*.so" |
324 |
+ |
325 |
+PATCHES=( |
326 |
+ "${FILESDIR}"/${PN}-3.0.25-libressl.patch |
327 |
+ "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch |
328 |
+) |
329 |
+ |
330 |
+pkg_setup() { |
331 |
+ if use python ; then |
332 |
+ python-single-r1_pkg_setup |
333 |
+ export PYTHONBIN="${EPYTHON}" |
334 |
+ fi |
335 |
+} |
336 |
+ |
337 |
+src_prepare() { |
338 |
+ # most of the configuration options do not appear as ./configure |
339 |
+ # switches. Instead it identifies the directories that are available |
340 |
+ # and run through them. These might check for the presence of |
341 |
+ # various libraries, in which case they are not built. To avoid |
342 |
+ # automagic dependencies, we just remove all the modules that we're |
343 |
+ # not interested in using. |
344 |
+ |
345 |
+ eapply_user |
346 |
+ default |
347 |
+ |
348 |
+ use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; } |
349 |
+ use ldap || { rm -r src/modules/rlm_ldap || die ; } |
350 |
+ use kerberos || { rm -r src/modules/rlm_krb5 || die ; } |
351 |
+ use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; } |
352 |
+ use pam || { rm -r src/modules/rlm_pam || die ; } |
353 |
+ # Drop support of python2 |
354 |
+ rm -r src/modules/rlm_python || die |
355 |
+ use python || { rm -r src/modules/rlm_python3 || die ; } |
356 |
+ use rest || { rm -r src/modules/rlm_rest || die ; } |
357 |
+ use redis || { rm -r src/modules/rlm_redis{,who} || die ; } |
358 |
+ # Do not install ruby rlm module, bug #483108 |
359 |
+ rm -r src/modules/rlm_ruby || die |
360 |
+ |
361 |
+ # these are all things we don't have in portage/I don't want to deal |
362 |
+ # with myself |
363 |
+ rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library |
364 |
+ rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2 |
365 |
+ rm -r src/modules/rlm_opendirectory || die # requires some membership.h |
366 |
+ rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die |
367 |
+ |
368 |
+ # sql drivers that are not part of experimental are loaded from a |
369 |
+ # file, so we have to remove them from the file itself when we |
370 |
+ # remove them. |
371 |
+ usesqldriver() { |
372 |
+ local flag=$1 |
373 |
+ local driver=rlm_sql_${2:-${flag}} |
374 |
+ |
375 |
+ if ! use ${flag}; then |
376 |
+ rm -r src/modules/rlm_sql/drivers/${driver} || die |
377 |
+ sed -i -e /${driver}/d src/modules/rlm_sql/stable || die |
378 |
+ fi |
379 |
+ } |
380 |
+ |
381 |
+ sed -i \ |
382 |
+ -e 's:^#\tuser = :\tuser = :g' \ |
383 |
+ -e 's:^#\tgroup = :\tgroup = :g' \ |
384 |
+ -e 's:/var/run/radiusd:/run/radiusd:g' \ |
385 |
+ -e '/^run_dir/s:${localstatedir}::g' \ |
386 |
+ raddb/radiusd.conf.in || die |
387 |
+ |
388 |
+ # verbosity |
389 |
+ # build shared libraries using jlibtool -shared |
390 |
+ sed -i \ |
391 |
+ -e '/$(LIBTOOL)/s|--quiet ||g' \ |
392 |
+ -e 's:--mode=\(compile\|link\):& -shared:g' \ |
393 |
+ Make.inc.in || die |
394 |
+ |
395 |
+ sed -i \ |
396 |
+ -e 's|--silent ||g' \ |
397 |
+ -e 's:--mode=\(compile\|link\):& -shared:g' \ |
398 |
+ scripts/libtool.mk || die |
399 |
+ |
400 |
+ # crude measure to stop jlibtool from running ranlib and ar |
401 |
+ sed -i \ |
402 |
+ -e '/LIBRARIAN/s|".*"|"true"|g' \ |
403 |
+ -e '/RANLIB/s|".*"|"true"|g' \ |
404 |
+ scripts/jlibtool.c || die |
405 |
+ |
406 |
+ usesqldriver mysql |
407 |
+ usesqldriver postgres postgresql |
408 |
+ usesqldriver firebird |
409 |
+ usesqldriver iodbc |
410 |
+ usesqldriver odbc unixodbc |
411 |
+ usesqldriver oracle |
412 |
+ usesqldriver sqlite |
413 |
+ usesqldriver mongodb mongo |
414 |
+ |
415 |
+ eautoreconf |
416 |
+} |
417 |
+ |
418 |
+src_configure() { |
419 |
+ # do not try to enable static with static-libs; upstream is a |
420 |
+ # massacre of libtool best practices so you also have to make sure |
421 |
+ # to --enable-shared explicitly. |
422 |
+ local myeconfargs=( |
423 |
+ --enable-shared |
424 |
+ --disable-static |
425 |
+ --disable-ltdl-install |
426 |
+ --with-system-libtool |
427 |
+ --with-system-libltdl |
428 |
+ --with-ascend-binary |
429 |
+ --with-udpfromto |
430 |
+ --with-dhcp |
431 |
+ --with-iodbc-include-dir=/usr/include/iodbc |
432 |
+ --with-experimental-modules |
433 |
+ --with-docdir=/usr/share/doc/${PF} |
434 |
+ --with-logdir=/var/log/radius |
435 |
+ $(use_enable debug developer) |
436 |
+ $(use_with ldap edir) |
437 |
+ $(use_with ssl openssl) |
438 |
+ $(use_with systemd systemd) |
439 |
+ ) |
440 |
+ # fix bug #77613 |
441 |
+ if has_version app-crypt/heimdal; then |
442 |
+ myeconfargs+=( --enable-heimdal-krb5 ) |
443 |
+ fi |
444 |
+ |
445 |
+ if use python ; then |
446 |
+ myeconfargs+=( |
447 |
+ --with-rlm-python3-bin=${EPYTHON} |
448 |
+ --with-rlm-python3-config-bin=${EPYTHON}-config |
449 |
+ ) |
450 |
+ fi |
451 |
+ |
452 |
+ use readline || export ac_cv_lib_readline=no |
453 |
+ use pcap || export ac_cv_lib_pcap_pcap_open_live=no |
454 |
+ |
455 |
+ econf "${myeconfargs[@]}" |
456 |
+} |
457 |
+ |
458 |
+src_compile() { |
459 |
+ # verbose, do not generate certificates |
460 |
+ emake \ |
461 |
+ Q='' ECHO=true \ |
462 |
+ LOCAL_CERT_PRODUCTS='' |
463 |
+} |
464 |
+ |
465 |
+src_install() { |
466 |
+ dodir /etc |
467 |
+ diropts -m0750 -o root -g radius |
468 |
+ dodir /etc/raddb |
469 |
+ diropts -m0750 -o radius -g radius |
470 |
+ dodir /var/log/radius |
471 |
+ keepdir /var/log/radius/radacct |
472 |
+ diropts |
473 |
+ |
474 |
+ # verbose, do not install certificates |
475 |
+ # Parallel install fails (#509498) |
476 |
+ emake -j1 \ |
477 |
+ Q='' ECHO=true \ |
478 |
+ LOCAL_CERT_PRODUCTS='' \ |
479 |
+ R="${D}" \ |
480 |
+ install |
481 |
+ |
482 |
+ if use pam; then |
483 |
+ pamd_mimic_system radiusd auth account password session |
484 |
+ fi |
485 |
+ |
486 |
+ # fix #711756 |
487 |
+ fowners -R radius:radius /etc/raddb |
488 |
+ fowners -R radius:radius /var/log/radius |
489 |
+ |
490 |
+ dodoc CREDITS |
491 |
+ |
492 |
+ rm "${ED}/usr/sbin/rc.radiusd" || die |
493 |
+ |
494 |
+ newinitd "${FILESDIR}/radius.init-r4" radiusd |
495 |
+ newconfd "${FILESDIR}/radius.conf-r6" radiusd |
496 |
+ |
497 |
+ if ! use systemd ; then |
498 |
+ # If systemd builtin is not enabled we need use Type=Simple |
499 |
+ # as systemd .service |
500 |
+ sed -i -e 's:^Type=.*::g' \ |
501 |
+ -e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \ |
502 |
+ "${S}"/debian/freeradius.service |
503 |
+ fi |
504 |
+ systemd_dounit "${S}"/debian/freeradius.service |
505 |
+ |
506 |
+ find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die |
507 |
+} |
508 |
+ |
509 |
+pkg_config() { |
510 |
+ if use ssl; then |
511 |
+ cd "${ROOT}"/etc/raddb/certs || die |
512 |
+ ./bootstrap || die "Error while running ./bootstrap script." |
513 |
+ chown root:radius "${ROOT}"/etc/raddb/certs || die |
514 |
+ chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die |
515 |
+ chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die |
516 |
+ fi |
517 |
+} |
518 |
+ |
519 |
+pkg_preinst() { |
520 |
+ if ! has_version ${CATEGORY}/${PN} && use ssl; then |
521 |
+ elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able" |
522 |
+ elog "to start the radiusd service." |
523 |
+ fi |
524 |
+} |
525 |
|
526 |
diff --git a/net-dialup/freeradius/metadata.xml b/net-dialup/freeradius/metadata.xml |
527 |
index 6d8b1cc..2ae2372 100644 |
528 |
--- a/net-dialup/freeradius/metadata.xml |
529 |
+++ b/net-dialup/freeradius/metadata.xml |
530 |
@@ -1,14 +1,7 @@ |
531 |
<?xml version="1.0" encoding="UTF-8"?> |
532 |
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
533 |
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> |
534 |
<pkgmetadata> |
535 |
- <maintainer type="person"> |
536 |
- <email>geaaru@×××××.com</email> |
537 |
- <name>Daniele Rondina</name> |
538 |
- </maintainer> |
539 |
- <maintainer type="project"> |
540 |
- <email>proxy-maint@g.o</email> |
541 |
- <name>Proxy Maintainers</name> |
542 |
- </maintainer> |
543 |
+ <!-- maintainer-needed --> |
544 |
<use> |
545 |
<flag name="memcached"> |
546 |
Include <pkg>dev-libs/libmemcached</pkg> in caching drivers |