[gentoo-commits] repo/proj/libressl:master commit in: net-dialup/freeradius/, net-dialup/freeradius/files/ - gentoo-commits

From:	Quentin Retornaz <gentoo@××××××××.com>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/proj/libressl:master commit in: net-dialup/freeradius/, net-dialup/freeradius/files/
Date:	Sat, 07 May 2022 01:31:57
Message-Id:	`1651887081.ca263beccd204324898a868316cf905059a00511.quentin@gentoo`

1

commit:     ca263beccd204324898a868316cf905059a00511

2

Author:     orbea <orbea <AT> riseup <DOT> net>

3

AuthorDate: Fri May  6 21:44:11 2022 +0000

4

Commit:     Quentin Retornaz <gentoo <AT> retornaz <DOT> com>

5

CommitDate: Sat May  7 01:31:21 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=ca263bec

7

8

net-dialup/freeradius: Updated for version 3.0.25-r2

9

10

Signed-off-by: orbea <orbea <AT> riseup.net>

11

Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>

12

13

 net-dialup/freeradius/Manifest                     |   1 +

14

 .../files/freeradius-3.0.25-libressl.patch         | 148 ++++++++++++

15

 net-dialup/freeradius/files/radius.conf-r6         |  22 ++

16

 net-dialup/freeradius/files/radius.init-r4         |  31 +++

17

 net-dialup/freeradius/freeradius-3.0.25-r2.ebuild  | 268 +++++++++++++++++++++

18

 net-dialup/freeradius/metadata.xml                 |  11 +-

19

 6 files changed, 472 insertions(+), 9 deletions(-)

20

21

diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest

22

index b0ca97f..849cc39 100644

23

--- a/net-dialup/freeradius/Manifest

24

+++ b/net-dialup/freeradius/Manifest

25

@@ -1 +1,2 @@

26

+DIST freeradius-3.0.25.tar.gz 5300245 BLAKE2B bf8908aa7bfabb9e15fa841457f176a4f2697bdec7994485516ef338908b46f2168260b7acf1a7120a687e543f0381bb787567bb4d564b9d14a3eb464a0e9ed6 SHA512 13382a53e6a1a4495c6f53e662ce21b80d73b6134a72f099f05495b64c56ae1a6c1cd1281311f1c3695d8532207fe5bd3d2026ed2c45f3cb5adb1011f1505ee7

27

 DIST freeradius-server-3.0.20.tar.gz 5002727 BLAKE2B f481ad22105694a4af3f0f0c1b4f6e395e8da0fe65274e32ebeed07e3c9b1869029e6ffbc655cfa41d5de2a1dcba54acee33a7a10d28bfbfce791b7ccd0fc57a SHA512 513ed0a5d9e6b9a8d89a9b02c86ff528a9ff14d928f4c1040ca44702465abd711588fe6afa35554cb2c8e8bd7f19dd5be3dbc78445c62c7b00bf5cbc4c621312

28

29

diff --git a/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch b/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch

30

new file mode 100644

31

index 0000000..8da9279

32

--- /dev/null

33

+++ b/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch

34

@@ -0,0 +1,148 @@

35

+From OpenBSD:

36

+

37

+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_cb_c

38

+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_tls_c

39

+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_modules_rlm_eap_types_rlm_eap_fast_rlm_eap_fast_c

40

+

41

+Index: src/main/cb.c

42

+--- a/src/main/cb.c.orig

43

++++ b/src/main/cb.c

44

+@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret)

45

+ 			/*

46

+ 			 *	After a ClientHello, list all the proposed ciphers from the client

47

+ 			 */

48

+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L

49

++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

50

+ 			if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) {

51

+ 				int i;

52

+ 				int num_ciphers;

53

+@@ -192,7 +192,7 @@ void cbtls_msg(int write_p, int msg_version, int conte

54

+ 		state->info.alert_level = 0x00;

55

+ 		state->info.alert_description = 0x00;

56

+

57

+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L

58

++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)

59

+ 	} else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) {

60

+ 		/* let tls_ack_handler set application_data */

61

+ 		state->info.content_type = SSL3_RT_HANDSHAKE;

62

+Index: src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c

63

+--- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c.orig

64

++++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c

65

+@@ -200,7 +200,7 @@ static void eap_fast_session_ticket(tls_session_t *tls

66

+ }

67

+

68

+ // hostap:src/crypto/tls_openssl.c:tls_sess_sec_cb()

69

+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

70

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

71

+ static int _session_secret(SSL *s, void *secret, int *secret_len,

72

+ 			   UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers,

73

+ 			   UNUSED SSL_CIPHER **cipher, void *arg)

74

+@@ -224,7 +224,7 @@ static int _session_secret(SSL *s, void *secret, int *

75

+

76

+ 	RDEBUG("processing PAC-Opaque");

77

+

78

+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

79

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

80

+ 	eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len);

81

+ #else

82

+ 	uint8_t client_random[SSL3_RANDOM_SIZE];

83

+Index: src/main/tls.c

84

+--- a/src/main/tls.c.orig

85

++++ b/src/main/tls.c

86

+@@ -622,7 +622,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls

87

+ 				/*

88

+ 				 * Swap empty store with the old one.

89

+ 				 */

90

+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

91

++#if OPENSSL_VERSION_NUMBER >= 0x10100000L

92

+ 				conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx);

93

+ 				/* Bump refcnt so the store is kept allocated till next store replacement */

94

+ 				X509_STORE_up_ref(conf->old_x509_store);

95

+@@ -1340,7 +1340,7 @@ void tls_session_information(tls_session_t *tls_sessio

96

+ 					if ((tls_session->info.version > tls_session->conf->max_version) &&

97

+ 					    (rad_debug_lvl > 0)) {

98

+ 						WARN("TLS 1.3 has been negotiated even though it was disabled.  This is an OpenSSL Bug.");

99

+-						WARN("Please set: cipher_list = \"DEFAULT@SECLEVEL=1\" in the tls {...} section.");

100

++						WARN("Setting cipher_list in the tls {...} section might help.");

101

+ 					}

102

+ #endif

103

+ 					break;

104

+@@ -1697,7 +1697,7 @@ static int load_dh_params(SSL_CTX *ctx, char *file)

105

+ 	 *

106

+ 	 * Change suggested by @t8m

107

+ 	 */

108

+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L

109

++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)

110

+ 	if (FIPS_mode() > 0) {

111

+ 		WARN(LOG_PREFIX ": Ignoring user-selected DH parameters in FIPS mode. Using defaults.");

112

+ 		return 0;

113

+@@ -1920,7 +1920,7 @@ done:

114

+ 	return 0;

115

+ }

116

+

117

+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

118

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

119

+ static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy)

120

+ #else

121

+ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy)

122

+@@ -2304,7 +2304,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION *

123

+ 	return 0;

124

+ }

125

+

126

+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

127

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

128

+ static SSL_SESSION *cbtls_cache_load(SSL *ssl, unsigned char *data, int len, int *copy)

129

+ #else

130

+ static SSL_SESSION *cbtls_cache_load(SSL *ssl, const unsigned char *data, int len, int *copy)

131

+@@ -2840,7 +2840,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)

132

+ 	char		cn_str[1024];

133

+ 	char		buf[64];

134

+ 	X509		*client_cert;

135

+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

136

++#if OPENSSL_VERSION_NUMBER >= 0x10100000L

137

+ 	const STACK_OF(X509_EXTENSION) *ext_list;

138

+ #else

139

+ 	STACK_OF(X509_EXTENSION) *ext_list;

140

+@@ -3058,7 +3058,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)

141

+ 	}

142

+

143

+ 	if (lookup == 0) {

144

+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

145

++#if OPENSSL_VERSION_NUMBER >= 0x10100000L

146

+ 		ext_list = X509_get0_extensions(client_cert);

147

+ #else

148

+ 		X509_CINF	*client_inf;

149

+@@ -3111,7 +3111,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)

150

+ 				value[0] = '0';

151

+ 				value[1] = 'x';

152

+ 				const unsigned char *srcp;

153

+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

154

++#if OPENSSL_VERSION_NUMBER >= 0x10100000L

155

+ 				const ASN1_STRING *srcasn1p;

156

+ 				srcasn1p = X509_EXTENSION_get_data(ext);

157

+ 				srcp = ASN1_STRING_get0_data(srcasn1p);

158

+@@ -3203,13 +3203,13 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)

159

+ 	 */

160

+ 	if (depth == 0) {

161

+ 		tls_session_t *ssn = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_SSN);

162

+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L

163

++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

164

+ 		STACK_OF(X509)* untrusted = NULL;

165

+ #endif

166

+

167

+ 		rad_assert(ssn != NULL);

168

+

169

+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L

170

++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

171

+ 		/*

172

+ 		 *	See if there are any untrusted certificates.

173

+ 		 *	If so, complain about them.

174

+@@ -4169,7 +4169,7 @@ post_ca:

175

+ 	 *	disable early data.

176

+ 	 *

177

+ 	 */

178

+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L

179

++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)

180

+ 	SSL_CTX_set_max_early_data(ctx, 0);

181

+ #endif

182

+

183

184

diff --git a/net-dialup/freeradius/files/radius.conf-r6 b/net-dialup/freeradius/files/radius.conf-r6

185

new file mode 100644

186

index 0000000..50d2a1c

187

--- /dev/null

188

+++ b/net-dialup/freeradius/files/radius.conf-r6

189

@@ -0,0 +1,22 @@

190

+# Config file for /etc/init.d/radiusd

191

+

192

+# see man pages for radiusd run `radiusd -h`

193

+# for valid cmdline options

194

+#RADIUSD_OPTS=""

195

+

196

+# Change this value if you change it in /etc/raddb/radiusd.conf

197

+pidfile=/run/radiusd/radiusd.pid

198

+

199

+# Change these values if you change them in /etc/raddb/radiusd.conf

200

+RADIUSD_USER=radius

201

+RADIUSD_GROUP=radius

202

+

203

+RADIUSD_LOGPATH=/var/log/radius

204

+

205

+# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want

206

+# to uncomment the following line.

207

+#rc_use="logger"

208

+

209

+# If you use ldap, start the ldap server prior to FreeRADIUS to avoid

210

+# startup crashes.

211

+#rc_use="ldap"

212

213

diff --git a/net-dialup/freeradius/files/radius.init-r4 b/net-dialup/freeradius/files/radius.init-r4

214

new file mode 100644

215

index 0000000..dee1842

216

--- /dev/null

217

+++ b/net-dialup/freeradius/files/radius.init-r4

218

@@ -0,0 +1,31 @@

219

+#!/sbin/openrc-run

220

+# Copyright 1999-2020 Gentoo Authors

221

+# Distributed under the terms of the GNU General Public License v2

222

+

223

+command=/usr/sbin/radiusd

224

+command_args="${RADIUSD_OPTS}"

225

+pidfile="${pidfile:-/run/radiusd/radiusd.pid}"

226

+extra_started_commands="reload"

227

+

228

+depend() {

229

+	need localmount

230

+	use dns

231

+}

232

+

233

+start_pre() {

234

+	if [ ! -f /etc/raddb/radiusd.conf ] ; then

235

+		eerror "No /etc/raddb/radiusd.conf file exists!"

236

+		return 1

237

+	fi

238

+

239

+	checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \

240

+		$(dirname ${pidfile}) "${RADIUSD_LOGPATH:-/var/log/radius}"

241

+	checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \

242

+		$(dirname ${pidfile}) /run/radiusd

243

+}

244

+

245

+reload() {

246

+	ebegin "Reloading radiusd"

247

+	kill -HUP $(cat ${pidfile})

248

+	eend $?

249

+}

250

251

diff --git a/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild b/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild

252

new file mode 100644

253

index 0000000..8e473f0

254

--- /dev/null

255

+++ b/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild

256

@@ -0,0 +1,268 @@

257

+# Copyright 1999-2022 Gentoo Authors

258

+# Distributed under the terms of the GNU General Public License v2

259

+

260

+EAPI=7

261

+

262

+PYTHON_COMPAT=( python3_{8..10} )

263

+inherit autotools pam python-single-r1 systemd

264

+

265

+MY_PV=$(ver_rs 1- "_")

266

+

267

+DESCRIPTION="Highly configurable free RADIUS server"

268

+HOMEPAGE="https://freeradius.org/"

269

+SRC_URI="https://github.com/FreeRADIUS/freeradius-server/archive/release_${MY_PV}.tar.gz -> ${P}.tar.gz"

270

+S="${WORKDIR}/freeradius-server-release_${MY_PV}"

271

+

272

+LICENSE="GPL-2"

273

+SLOT="0"

274

+KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~sparc x86"

275

+

276

+IUSE="

277

+	debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam

278

+	pcap postgres python readline redis rest samba sqlite ssl systemd

279

+"

280

+

281

+RESTRICT="test firebird? ( bindist )"

282

+

283

+# NOTE: Temporary freeradius doesn't support linking with mariadb client

284

+#       libs also if code is compliant, will be available in the next release.

285

+#       (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a

286

+

287

+# TODO: rlm_mschap works with both samba library or without. I need to avoid

288

+#       linking of samba library if -samba is used.

289

+RDEPEND="acct-group/radius

290

+	acct-user/radius

291

+	!net-dialup/cistronradius

292

+	dev-lang/perl:=

293

+	sys-libs/gdbm:=

294

+	sys-libs/talloc

295

+	virtual/libcrypt:=

296

+	firebird? ( dev-db/firebird )

297

+	iodbc? ( dev-db/libiodbc )

298

+	kerberos? ( virtual/krb5 )

299

+	ldap? ( net-nds/openldap:= )

300

+	memcached? ( dev-libs/libmemcached )

301

+	mysql? ( dev-db/mysql-connector-c:= )

302

+	mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )

303

+	odbc? ( dev-db/unixODBC )

304

+	oracle? ( dev-db/oracle-instantclient[sdk] )

305

+	pam? ( sys-libs/pam )

306

+	pcap? ( net-libs/libpcap )

307

+	postgres? ( dev-db/postgresql:= )

308

+	python? ( ${PYTHON_DEPS} )

309

+	readline? ( sys-libs/readline:0= )

310

+	redis? ( dev-libs/hiredis:= )

311

+	rest? ( dev-libs/json-c:= )

312

+	samba? ( net-fs/samba )

313

+	sqlite? ( dev-db/sqlite:3 )

314

+	ssl? (

315

+		dev-libs/openssl:0=[-bindist(-)]

316

+	)

317

+	systemd? ( sys-apps/systemd )"

318

+DEPEND="${RDEPEND}"

319

+

320

+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"

321

+

322

+# 721040

323

+QA_SONAME="usr/lib.*/libfreeradius-.*.so"

324

+

325

+PATCHES=(

326

+	"${FILESDIR}"/${PN}-3.0.25-libressl.patch

327

+	"${FILESDIR}"/${PN}-3.0.20-systemd-service.patch

328

+)

329

+

330

+pkg_setup() {

331

+	if use python ; then

332

+		python-single-r1_pkg_setup

333

+		export PYTHONBIN="${EPYTHON}"

334

+	fi

335

+}

336

+

337

+src_prepare() {

338

+	# most of the configuration options do not appear as ./configure

339

+	# switches. Instead it identifies the directories that are available

340

+	# and run through them. These might check for the presence of

341

+	# various libraries, in which case they are not built.  To avoid

342

+	# automagic dependencies, we just remove all the modules that we're

343

+	# not interested in using.

344

+

345

+	eapply_user

346

+	default

347

+

348

+	use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }

349

+	use ldap || { rm -r src/modules/rlm_ldap || die ; }

350

+	use kerberos || { rm -r src/modules/rlm_krb5 || die ; }

351

+	use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }

352

+	use pam || { rm -r src/modules/rlm_pam || die ; }

353

+	# Drop support of python2

354

+	rm -r src/modules/rlm_python || die

355

+	use python || { rm -r src/modules/rlm_python3 || die ; }

356

+	use rest || { rm -r src/modules/rlm_rest || die ; }

357

+	use redis || { rm -r src/modules/rlm_redis{,who} || die ; }

358

+	# Do not install ruby rlm module, bug #483108

359

+	rm -r src/modules/rlm_ruby || die

360

+

361

+	# these are all things we don't have in portage/I don't want to deal

362

+	# with myself

363

+	rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library

364

+	rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2

365

+	rm -r src/modules/rlm_opendirectory || die # requires some membership.h

366

+	rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die

367

+

368

+	# sql drivers that are not part of experimental are loaded from a

369

+	# file, so we have to remove them from the file itself when we

370

+	# remove them.

371

+	usesqldriver() {

372

+		local flag=$1

373

+		local driver=rlm_sql_${2:-${flag}}

374

+

375

+		if ! use ${flag}; then

376

+			rm -r src/modules/rlm_sql/drivers/${driver} || die

377

+			sed -i -e /${driver}/d src/modules/rlm_sql/stable || die

378

+		fi

379

+	}

380

+

381

+	sed -i \

382

+		-e 's:^#\tuser = :\tuser = :g' \

383

+		-e 's:^#\tgroup = :\tgroup = :g' \

384

+		-e 's:/var/run/radiusd:/run/radiusd:g' \

385

+		-e '/^run_dir/s:${localstatedir}::g' \

386

+		raddb/radiusd.conf.in || die

387

+

388

+	# verbosity

389

+	# build shared libraries using jlibtool -shared

390

+	sed -i \

391

+		-e '/$(LIBTOOL)/s|--quiet ||g' \

392

+		-e 's:--mode=\(compile\|link\):& -shared:g' \

393

+		Make.inc.in || die

394

+

395

+	sed -i \

396

+		-e 's|--silent ||g' \

397

+		-e 's:--mode=\(compile\|link\):& -shared:g' \

398

+		scripts/libtool.mk || die

399

+

400

+	# crude measure to stop jlibtool from running ranlib and ar

401

+	sed -i \

402

+		-e '/LIBRARIAN/s|".*"|"true"|g' \

403

+		-e '/RANLIB/s|".*"|"true"|g' \

404

+		scripts/jlibtool.c || die

405

+

406

+	usesqldriver mysql

407

+	usesqldriver postgres postgresql

408

+	usesqldriver firebird

409

+	usesqldriver iodbc

410

+	usesqldriver odbc unixodbc

411

+	usesqldriver oracle

412

+	usesqldriver sqlite

413

+	usesqldriver mongodb mongo

414

+

415

+	eautoreconf

416

+}

417

+

418

+src_configure() {

419

+	# do not try to enable static with static-libs; upstream is a

420

+	# massacre of libtool best practices so you also have to make sure

421

+	# to --enable-shared explicitly.

422

+	local myeconfargs=(

423

+		--enable-shared

424

+		--disable-static

425

+		--disable-ltdl-install

426

+		--with-system-libtool

427

+		--with-system-libltdl

428

+		--with-ascend-binary

429

+		--with-udpfromto

430

+		--with-dhcp

431

+		--with-iodbc-include-dir=/usr/include/iodbc

432

+		--with-experimental-modules

433

+		--with-docdir=/usr/share/doc/${PF}

434

+		--with-logdir=/var/log/radius

435

+		$(use_enable debug developer)

436

+		$(use_with ldap edir)

437

+		$(use_with ssl openssl)

438

+		$(use_with systemd systemd)

439

+	)

440

+	# fix bug #77613

441

+	if has_version app-crypt/heimdal; then

442

+		myeconfargs+=( --enable-heimdal-krb5 )

443

+	fi

444

+

445

+	if use python ; then

446

+		myeconfargs+=(

447

+			--with-rlm-python3-bin=${EPYTHON}

448

+			--with-rlm-python3-config-bin=${EPYTHON}-config

449

+		)

450

+	fi

451

+

452

+	use readline || export ac_cv_lib_readline=no

453

+	use pcap || export ac_cv_lib_pcap_pcap_open_live=no

454

+

455

+	econf "${myeconfargs[@]}"

456

+}

457

+

458

+src_compile() {

459

+	# verbose, do not generate certificates

460

+	emake \

461

+		Q='' ECHO=true \

462

+		LOCAL_CERT_PRODUCTS=''

463

+}

464

+

465

+src_install() {

466

+	dodir /etc

467

+	diropts -m0750 -o root -g radius

468

+	dodir /etc/raddb

469

+	diropts -m0750 -o radius -g radius

470

+	dodir /var/log/radius

471

+	keepdir /var/log/radius/radacct

472

+	diropts

473

+

474

+	# verbose, do not install certificates

475

+	# Parallel install fails (#509498)

476

+	emake -j1 \

477

+		Q='' ECHO=true \

478

+		LOCAL_CERT_PRODUCTS='' \

479

+		R="${D}" \

480

+		install

481

+

482

+	if use pam; then

483

+		pamd_mimic_system radiusd auth account password session

484

+	fi

485

+

486

+	# fix #711756

487

+	fowners -R radius:radius /etc/raddb

488

+	fowners -R radius:radius /var/log/radius

489

+

490

+	dodoc CREDITS

491

+

492

+	rm "${ED}/usr/sbin/rc.radiusd" || die

493

+

494

+	newinitd "${FILESDIR}/radius.init-r4" radiusd

495

+	newconfd "${FILESDIR}/radius.conf-r6" radiusd

496

+

497

+	if ! use systemd ; then

498

+		# If systemd builtin is not enabled we need use Type=Simple

499

+		# as systemd .service

500

+		sed -i -e 's:^Type=.*::g' \

501

+			-e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \

502

+			"${S}"/debian/freeradius.service

503

+	fi

504

+	systemd_dounit "${S}"/debian/freeradius.service

505

+

506

+	find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die

507

+}

508

+

509

+pkg_config() {

510

+	if use ssl; then

511

+		cd "${ROOT}"/etc/raddb/certs || die

512

+		./bootstrap || die "Error while running ./bootstrap script."

513

+		chown root:radius "${ROOT}"/etc/raddb/certs || die

514

+		chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die

515

+		chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die

516

+	fi

517

+}

518

+

519

+pkg_preinst() {

520

+	if ! has_version ${CATEGORY}/${PN} && use ssl; then

521

+		elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"

522

+		elog "to start the radiusd service."

523

+	fi

524

+}

525

526

diff --git a/net-dialup/freeradius/metadata.xml b/net-dialup/freeradius/metadata.xml

527

index 6d8b1cc..2ae2372 100644

528

--- a/net-dialup/freeradius/metadata.xml

529

+++ b/net-dialup/freeradius/metadata.xml

530

@@ -1,14 +1,7 @@

531

 <?xml version="1.0" encoding="UTF-8"?>

532

-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">

533

+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">

534

 <pkgmetadata>

535

-  <maintainer type="person">

536

-    <email>geaaru@×××××.com</email>

537

-    <name>Daniele Rondina</name>

538

-  </maintainer>

539

-  <maintainer type="project">

540

-    <email>proxy-maint@g.o</email>

541

-    <name>Proxy Maintainers</name>

542

-  </maintainer>

543

+  <!-- maintainer-needed -->

544

   <use>

545

     <flag name="memcached">

546

       Include <pkg>dev-libs/libmemcached</pkg> in caching drivers

1	commit: ca263beccd204324898a868316cf905059a00511
2	Author: orbea <orbea <AT> riseup <DOT> net>
3	AuthorDate: Fri May 6 21:44:11 2022 +0000
4	Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
5	CommitDate: Sat May 7 01:31:21 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=ca263bec
7
8	net-dialup/freeradius: Updated for version 3.0.25-r2
9
10	Signed-off-by: orbea <orbea <AT> riseup.net>
11	Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
12
13	net-dialup/freeradius/Manifest \| 1 +
14	.../files/freeradius-3.0.25-libressl.patch \| 148 ++++++++++++
15	net-dialup/freeradius/files/radius.conf-r6 \| 22 ++
16	net-dialup/freeradius/files/radius.init-r4 \| 31 +++
17	net-dialup/freeradius/freeradius-3.0.25-r2.ebuild \| 268 +++++++++++++++++++++
18	net-dialup/freeradius/metadata.xml \| 11 +-
19	6 files changed, 472 insertions(+), 9 deletions(-)
20
21	diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest
22	index b0ca97f..849cc39 100644
23	--- a/net-dialup/freeradius/Manifest
24	+++ b/net-dialup/freeradius/Manifest
25	@@ -1 +1,2 @@
26	+DIST freeradius-3.0.25.tar.gz 5300245 BLAKE2B bf8908aa7bfabb9e15fa841457f176a4f2697bdec7994485516ef338908b46f2168260b7acf1a7120a687e543f0381bb787567bb4d564b9d14a3eb464a0e9ed6 SHA512 13382a53e6a1a4495c6f53e662ce21b80d73b6134a72f099f05495b64c56ae1a6c1cd1281311f1c3695d8532207fe5bd3d2026ed2c45f3cb5adb1011f1505ee7
27	DIST freeradius-server-3.0.20.tar.gz 5002727 BLAKE2B f481ad22105694a4af3f0f0c1b4f6e395e8da0fe65274e32ebeed07e3c9b1869029e6ffbc655cfa41d5de2a1dcba54acee33a7a10d28bfbfce791b7ccd0fc57a SHA512 513ed0a5d9e6b9a8d89a9b02c86ff528a9ff14d928f4c1040ca44702465abd711588fe6afa35554cb2c8e8bd7f19dd5be3dbc78445c62c7b00bf5cbc4c621312
28
29	diff --git a/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch b/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch
30	new file mode 100644
31	index 0000000..8da9279
32	--- /dev/null
33	+++ b/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch
34	@@ -0,0 +1,148 @@
35	+From OpenBSD:
36	+
37	+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_cb_c
38	+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_tls_c
39	+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_modules_rlm_eap_types_rlm_eap_fast_rlm_eap_fast_c
40	+
41	+Index: src/main/cb.c
42	+--- a/src/main/cb.c.orig
43	++++ b/src/main/cb.c
44	+@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret)
45	+ /*
46	+ * After a ClientHello, list all the proposed ciphers from the client
47	+ */
48	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
49	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
50	+ if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) {
51	+ int i;
52	+ int num_ciphers;
53	+@@ -192,7 +192,7 @@ void cbtls_msg(int write_p, int msg_version, int conte
54	+ state->info.alert_level = 0x00;
55	+ state->info.alert_description = 0x00;
56	+
57	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
58	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
59	+ } else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) {
60	+ /* let tls_ack_handler set application_data */
61	+ state->info.content_type = SSL3_RT_HANDSHAKE;
62	+Index: src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
63	+--- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c.orig
64	++++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
65	+@@ -200,7 +200,7 @@ static void eap_fast_session_ticket(tls_session_t *tls
66	+ }
67	+
68	+ // hostap:src/crypto/tls_openssl.c:tls_sess_sec_cb()
69	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
70	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
71	+ static int _session_secret(SSL s, void secret, int *secret_len,
72	+ UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers,
73	+ UNUSED SSL_CIPHER *cipher, void arg)
74	+@@ -224,7 +224,7 @@ static int _session_secret(SSL s, void secret, int *
75	+
76	+ RDEBUG("processing PAC-Opaque");
77	+
78	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
79	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
80	+ eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len);
81	+ #else
82	+ uint8_t client_random[SSL3_RANDOM_SIZE];
83	+Index: src/main/tls.c
84	+--- a/src/main/tls.c.orig
85	++++ b/src/main/tls.c
86	+@@ -622,7 +622,7 @@ tls_session_t tls_new_session(TALLOC_CTX ctx, fr_tls
87	+ /*
88	+ * Swap empty store with the old one.
89	+ */
90	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
91	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
92	+ conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx);
93	+ /* Bump refcnt so the store is kept allocated till next store replacement */
94	+ X509_STORE_up_ref(conf->old_x509_store);
95	+@@ -1340,7 +1340,7 @@ void tls_session_information(tls_session_t *tls_sessio
96	+ if ((tls_session->info.version > tls_session->conf->max_version) &&
97	+ (rad_debug_lvl > 0)) {
98	+ WARN("TLS 1.3 has been negotiated even though it was disabled. This is an OpenSSL Bug.");
99	+- WARN("Please set: cipher_list = \"DEFAULT@SECLEVEL=1\" in the tls {...} section.");
100	++ WARN("Setting cipher_list in the tls {...} section might help.");
101	+ }
102	+ #endif
103	+ break;
104	+@@ -1697,7 +1697,7 @@ static int load_dh_params(SSL_CTX ctx, char file)
105	+ *
106	+ * Change suggested by @t8m
107	+ */
108	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
109	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
110	+ if (FIPS_mode() > 0) {
111	+ WARN(LOG_PREFIX ": Ignoring user-selected DH parameters in FIPS mode. Using defaults.");
112	+ return 0;
113	+@@ -1920,7 +1920,7 @@ done:
114	+ return 0;
115	+ }
116	+
117	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
118	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
119	+ static SSL_SESSION cbtls_get_session(SSL ssl, unsigned char data, int len, int copy)
120	+ #else
121	+ static SSL_SESSION cbtls_get_session(SSL ssl, const unsigned char data, int len, int copy)
122	+@@ -2304,7 +2304,7 @@ static int cbtls_cache_refresh(SSL ssl, SSL_SESSION
123	+ return 0;
124	+ }
125	+
126	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
127	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
128	+ static SSL_SESSION cbtls_cache_load(SSL ssl, unsigned char data, int len, int copy)
129	+ #else
130	+ static SSL_SESSION cbtls_cache_load(SSL ssl, const unsigned char data, int len, int copy)
131	+@@ -2840,7 +2840,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
132	+ char cn_str[1024];
133	+ char buf[64];
134	+ X509 *client_cert;
135	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
136	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
137	+ const STACK_OF(X509_EXTENSION) *ext_list;
138	+ #else
139	+ STACK_OF(X509_EXTENSION) *ext_list;
140	+@@ -3058,7 +3058,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
141	+ }
142	+
143	+ if (lookup == 0) {
144	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
145	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
146	+ ext_list = X509_get0_extensions(client_cert);
147	+ #else
148	+ X509_CINF *client_inf;
149	+@@ -3111,7 +3111,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
150	+ value[0] = '0';
151	+ value[1] = 'x';
152	+ const unsigned char *srcp;
153	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
154	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
155	+ const ASN1_STRING *srcasn1p;
156	+ srcasn1p = X509_EXTENSION_get_data(ext);
157	+ srcp = ASN1_STRING_get0_data(srcasn1p);
158	+@@ -3203,13 +3203,13 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
159	+ */
160	+ if (depth == 0) {
161	+ tls_session_t *ssn = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_SSN);
162	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
163	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
164	+ STACK_OF(X509)* untrusted = NULL;
165	+ #endif
166	+
167	+ rad_assert(ssn != NULL);
168	+
169	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
170	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
171	+ /*
172	+ * See if there are any untrusted certificates.
173	+ * If so, complain about them.
174	+@@ -4169,7 +4169,7 @@ post_ca:
175	+ * disable early data.
176	+ *
177	+ */
178	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
179	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
180	+ SSL_CTX_set_max_early_data(ctx, 0);
181	+ #endif
182	+
183
184	diff --git a/net-dialup/freeradius/files/radius.conf-r6 b/net-dialup/freeradius/files/radius.conf-r6
185	new file mode 100644
186	index 0000000..50d2a1c
187	--- /dev/null
188	+++ b/net-dialup/freeradius/files/radius.conf-r6
189	@@ -0,0 +1,22 @@
190	+# Config file for /etc/init.d/radiusd
191	+
192	+# see man pages for radiusd run `radiusd -h`
193	+# for valid cmdline options
194	+#RADIUSD_OPTS=""
195	+
196	+# Change this value if you change it in /etc/raddb/radiusd.conf
197	+pidfile=/run/radiusd/radiusd.pid
198	+
199	+# Change these values if you change them in /etc/raddb/radiusd.conf
200	+RADIUSD_USER=radius
201	+RADIUSD_GROUP=radius
202	+
203	+RADIUSD_LOGPATH=/var/log/radius
204	+
205	+# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
206	+# to uncomment the following line.
207	+#rc_use="logger"
208	+
209	+# If you use ldap, start the ldap server prior to FreeRADIUS to avoid
210	+# startup crashes.
211	+#rc_use="ldap"
212
213	diff --git a/net-dialup/freeradius/files/radius.init-r4 b/net-dialup/freeradius/files/radius.init-r4
214	new file mode 100644
215	index 0000000..dee1842
216	--- /dev/null
217	+++ b/net-dialup/freeradius/files/radius.init-r4
218	@@ -0,0 +1,31 @@
219	+#!/sbin/openrc-run
220	+# Copyright 1999-2020 Gentoo Authors
221	+# Distributed under the terms of the GNU General Public License v2
222	+
223	+command=/usr/sbin/radiusd
224	+command_args="${RADIUSD_OPTS}"
225	+pidfile="${pidfile:-/run/radiusd/radiusd.pid}"
226	+extra_started_commands="reload"
227	+
228	+depend() {
229	+ need localmount
230	+ use dns
231	+}
232	+
233	+start_pre() {
234	+ if [ ! -f /etc/raddb/radiusd.conf ] ; then
235	+ eerror "No /etc/raddb/radiusd.conf file exists!"
236	+ return 1
237	+ fi
238	+
239	+ checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
240	+ $(dirname ${pidfile}) "${RADIUSD_LOGPATH:-/var/log/radius}"
241	+ checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
242	+ $(dirname ${pidfile}) /run/radiusd
243	+}
244	+
245	+reload() {
246	+ ebegin "Reloading radiusd"
247	+ kill -HUP $(cat ${pidfile})
248	+ eend $?
249	+}
250
251	diff --git a/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild b/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild
252	new file mode 100644
253	index 0000000..8e473f0
254	--- /dev/null
255	+++ b/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild
256	@@ -0,0 +1,268 @@
257	+# Copyright 1999-2022 Gentoo Authors
258	+# Distributed under the terms of the GNU General Public License v2
259	+
260	+EAPI=7
261	+
262	+PYTHON_COMPAT=( python3_{8..10} )
263	+inherit autotools pam python-single-r1 systemd
264	+
265	+MY_PV=$(ver_rs 1- "_")
266	+
267	+DESCRIPTION="Highly configurable free RADIUS server"
268	+HOMEPAGE="https://freeradius.org/"
269	+SRC_URI="https://github.com/FreeRADIUS/freeradius-server/archive/release_${MY_PV}.tar.gz -> ${P}.tar.gz"
270	+S="${WORKDIR}/freeradius-server-release_${MY_PV}"
271	+
272	+LICENSE="GPL-2"
273	+SLOT="0"
274	+KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~sparc x86"
275	+
276	+IUSE="
277	+ debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
278	+ pcap postgres python readline redis rest samba sqlite ssl systemd
279	+"
280	+
281	+RESTRICT="test firebird? ( bindist )"
282	+
283	+# NOTE: Temporary freeradius doesn't support linking with mariadb client
284	+# libs also if code is compliant, will be available in the next release.
285	+# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
286	+
287	+# TODO: rlm_mschap works with both samba library or without. I need to avoid
288	+# linking of samba library if -samba is used.
289	+RDEPEND="acct-group/radius
290	+ acct-user/radius
291	+ !net-dialup/cistronradius
292	+ dev-lang/perl:=
293	+ sys-libs/gdbm:=
294	+ sys-libs/talloc
295	+ virtual/libcrypt:=
296	+ firebird? ( dev-db/firebird )
297	+ iodbc? ( dev-db/libiodbc )
298	+ kerberos? ( virtual/krb5 )
299	+ ldap? ( net-nds/openldap:= )
300	+ memcached? ( dev-libs/libmemcached )
301	+ mysql? ( dev-db/mysql-connector-c:= )
302	+ mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
303	+ odbc? ( dev-db/unixODBC )
304	+ oracle? ( dev-db/oracle-instantclient[sdk] )
305	+ pam? ( sys-libs/pam )
306	+ pcap? ( net-libs/libpcap )
307	+ postgres? ( dev-db/postgresql:= )
308	+ python? ( ${PYTHON_DEPS} )
309	+ readline? ( sys-libs/readline:0= )
310	+ redis? ( dev-libs/hiredis:= )
311	+ rest? ( dev-libs/json-c:= )
312	+ samba? ( net-fs/samba )
313	+ sqlite? ( dev-db/sqlite:3 )
314	+ ssl? (
315	+ dev-libs/openssl:0=[-bindist(-)]
316	+ )
317	+ systemd? ( sys-apps/systemd )"
318	+DEPEND="${RDEPEND}"
319	+
320	+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
321	+
322	+# 721040
323	+QA_SONAME="usr/lib./libfreeradius-..so"
324	+
325	+PATCHES=(
326	+ "${FILESDIR}"/${PN}-3.0.25-libressl.patch
327	+ "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
328	+)
329	+
330	+pkg_setup() {
331	+ if use python ; then
332	+ python-single-r1_pkg_setup
333	+ export PYTHONBIN="${EPYTHON}"
334	+ fi
335	+}
336	+
337	+src_prepare() {
338	+ # most of the configuration options do not appear as ./configure
339	+ # switches. Instead it identifies the directories that are available
340	+ # and run through them. These might check for the presence of
341	+ # various libraries, in which case they are not built. To avoid
342	+ # automagic dependencies, we just remove all the modules that we're
343	+ # not interested in using.
344	+
345	+ eapply_user
346	+ default
347	+
348	+ use ssl \|\| { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} \|\| die ; }
349	+ use ldap \|\| { rm -r src/modules/rlm_ldap \|\| die ; }
350	+ use kerberos \|\| { rm -r src/modules/rlm_krb5 \|\| die ; }
351	+ use memcached \|\| { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached \|\| die ; }
352	+ use pam \|\| { rm -r src/modules/rlm_pam \|\| die ; }
353	+ # Drop support of python2
354	+ rm -r src/modules/rlm_python \|\| die
355	+ use python \|\| { rm -r src/modules/rlm_python3 \|\| die ; }
356	+ use rest \|\| { rm -r src/modules/rlm_rest \|\| die ; }
357	+ use redis \|\| { rm -r src/modules/rlm_redis{,who} \|\| die ; }
358	+ # Do not install ruby rlm module, bug #483108
359	+ rm -r src/modules/rlm_ruby \|\| die
360	+
361	+ # these are all things we don't have in portage/I don't want to deal
362	+ # with myself
363	+ rm -r src/modules/rlm_eap/types/rlm_eap_tnc \|\| die # requires TNCS library
364	+ rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 \|\| die # requires libeap-ikev2
365	+ rm -r src/modules/rlm_opendirectory \|\| die # requires some membership.h
366	+ rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} \|\| die
367	+
368	+ # sql drivers that are not part of experimental are loaded from a
369	+ # file, so we have to remove them from the file itself when we
370	+ # remove them.
371	+ usesqldriver() {
372	+ local flag=$1
373	+ local driver=rlm_sql_${2:-${flag}}
374	+
375	+ if ! use ${flag}; then
376	+ rm -r src/modules/rlm_sql/drivers/${driver} \|\| die
377	+ sed -i -e /${driver}/d src/modules/rlm_sql/stable \|\| die
378	+ fi
379	+ }
380	+
381	+ sed -i \
382	+ -e 's:^#\tuser = :\tuser = :g' \
383	+ -e 's:^#\tgroup = :\tgroup = :g' \
384	+ -e 's:/var/run/radiusd:/run/radiusd:g' \
385	+ -e '/^run_dir/s:${localstatedir}::g' \
386	+ raddb/radiusd.conf.in \|\| die
387	+
388	+ # verbosity
389	+ # build shared libraries using jlibtool -shared
390	+ sed -i \
391	+ -e '/$(LIBTOOL)/s\|--quiet \|\|g' \
392	+ -e 's:--mode=\(compile\\|link\):& -shared:g' \
393	+ Make.inc.in \|\| die
394	+
395	+ sed -i \
396	+ -e 's\|--silent \|\|g' \
397	+ -e 's:--mode=\(compile\\|link\):& -shared:g' \
398	+ scripts/libtool.mk \|\| die
399	+
400	+ # crude measure to stop jlibtool from running ranlib and ar
401	+ sed -i \
402	+ -e '/LIBRARIAN/s\|".*"\|"true"\|g' \
403	+ -e '/RANLIB/s\|".*"\|"true"\|g' \
404	+ scripts/jlibtool.c \|\| die
405	+
406	+ usesqldriver mysql
407	+ usesqldriver postgres postgresql
408	+ usesqldriver firebird
409	+ usesqldriver iodbc
410	+ usesqldriver odbc unixodbc
411	+ usesqldriver oracle
412	+ usesqldriver sqlite
413	+ usesqldriver mongodb mongo
414	+
415	+ eautoreconf
416	+}
417	+
418	+src_configure() {
419	+ # do not try to enable static with static-libs; upstream is a
420	+ # massacre of libtool best practices so you also have to make sure
421	+ # to --enable-shared explicitly.
422	+ local myeconfargs=(
423	+ --enable-shared
424	+ --disable-static
425	+ --disable-ltdl-install
426	+ --with-system-libtool
427	+ --with-system-libltdl
428	+ --with-ascend-binary
429	+ --with-udpfromto
430	+ --with-dhcp
431	+ --with-iodbc-include-dir=/usr/include/iodbc
432	+ --with-experimental-modules
433	+ --with-docdir=/usr/share/doc/${PF}
434	+ --with-logdir=/var/log/radius
435	+ $(use_enable debug developer)
436	+ $(use_with ldap edir)
437	+ $(use_with ssl openssl)
438	+ $(use_with systemd systemd)
439	+ )
440	+ # fix bug #77613
441	+ if has_version app-crypt/heimdal; then
442	+ myeconfargs+=( --enable-heimdal-krb5 )
443	+ fi
444	+
445	+ if use python ; then
446	+ myeconfargs+=(
447	+ --with-rlm-python3-bin=${EPYTHON}
448	+ --with-rlm-python3-config-bin=${EPYTHON}-config
449	+ )
450	+ fi
451	+
452	+ use readline \|\| export ac_cv_lib_readline=no
453	+ use pcap \|\| export ac_cv_lib_pcap_pcap_open_live=no
454	+
455	+ econf "${myeconfargs[@]}"
456	+}
457	+
458	+src_compile() {
459	+ # verbose, do not generate certificates
460	+ emake \
461	+ Q='' ECHO=true \
462	+ LOCAL_CERT_PRODUCTS=''
463	+}
464	+
465	+src_install() {
466	+ dodir /etc
467	+ diropts -m0750 -o root -g radius
468	+ dodir /etc/raddb
469	+ diropts -m0750 -o radius -g radius
470	+ dodir /var/log/radius
471	+ keepdir /var/log/radius/radacct
472	+ diropts
473	+
474	+ # verbose, do not install certificates
475	+ # Parallel install fails (#509498)
476	+ emake -j1 \
477	+ Q='' ECHO=true \
478	+ LOCAL_CERT_PRODUCTS='' \
479	+ R="${D}" \
480	+ install
481	+
482	+ if use pam; then
483	+ pamd_mimic_system radiusd auth account password session
484	+ fi
485	+
486	+ # fix #711756
487	+ fowners -R radius:radius /etc/raddb
488	+ fowners -R radius:radius /var/log/radius
489	+
490	+ dodoc CREDITS
491	+
492	+ rm "${ED}/usr/sbin/rc.radiusd" \|\| die
493	+
494	+ newinitd "${FILESDIR}/radius.init-r4" radiusd
495	+ newconfd "${FILESDIR}/radius.conf-r6" radiusd
496	+
497	+ if ! use systemd ; then
498	+ # If systemd builtin is not enabled we need use Type=Simple
499	+ # as systemd .service
500	+ sed -i -e 's:^Type=.*::g' \
501	+ -e 's:^WatchdogSec=.::g' -e 's:^NotifyAccess=all.::g' \
502	+ "${S}"/debian/freeradius.service
503	+ fi
504	+ systemd_dounit "${S}"/debian/freeradius.service
505	+
506	+ find "${ED}" \( -name ".a" -o -name ".la" \) -delete \|\| die
507	+}
508	+
509	+pkg_config() {
510	+ if use ssl; then
511	+ cd "${ROOT}"/etc/raddb/certs \|\| die
512	+ ./bootstrap \|\| die "Error while running ./bootstrap script."
513	+ chown root:radius "${ROOT}"/etc/raddb/certs \|\| die
514	+ chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem \|\| die
515	+ chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} \|\| die
516	+ fi
517	+}
518	+
519	+pkg_preinst() {
520	+ if ! has_version ${CATEGORY}/${PN} && use ssl; then
521	+ elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
522	+ elog "to start the radiusd service."
523	+ fi
524	+}
525
526	diff --git a/net-dialup/freeradius/metadata.xml b/net-dialup/freeradius/metadata.xml
527	index 6d8b1cc..2ae2372 100644
528	--- a/net-dialup/freeradius/metadata.xml
529	+++ b/net-dialup/freeradius/metadata.xml
530	@@ -1,14 +1,7 @@
531	<?xml version="1.0" encoding="UTF-8"?>
532	-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
533	+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
534	<pkgmetadata>
535	- <maintainer type="person">
536	- <email>geaaru@×××××.com</email>
537	- <name>Daniele Rondina</name>
538	- </maintainer>
539	- <maintainer type="project">
540	- <email>proxy-maint@g.o</email>
541	- <name>Proxy Maintainers</name>
542	- </maintainer>
543	+ <!-- maintainer-needed -->
544	<use>
545	<flag name="memcached">
546	Include <pkg>dev-libs/libmemcached</pkg> in caching drivers

Gentoo Archives: gentoo-commits