freeradius/freeradius.spec@0ba300bdf30a (annotated)
freeradius/freeradius.spec
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- parent 47
- 120a0b206db9
- child 306
- cc6a45887422
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
| michael@47 | 1 | ## |
| michael@47 | 2 | ## freeradius.spec -- OpenPKG RPM Package Specification |
| michael@47 | 3 | ## Copyright (c) 2000-2008 OpenPKG Foundation e.V. <http://openpkg.net/> |
| michael@47 | 4 | ## |
| michael@47 | 5 | ## Permission to use, copy, modify, and distribute this software for |
| michael@47 | 6 | ## any purpose with or without fee is hereby granted, provided that |
| michael@47 | 7 | ## the above copyright notice and this permission notice appear in all |
| michael@47 | 8 | ## copies. |
| michael@47 | 9 | ## |
| michael@47 | 10 | ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
| michael@47 | 11 | ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| michael@47 | 12 | ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| michael@47 | 13 | ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR |
| michael@47 | 14 | ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| michael@47 | 15 | ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| michael@47 | 16 | ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
| michael@47 | 17 | ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| michael@47 | 18 | ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| michael@47 | 19 | ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
| michael@47 | 20 | ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| michael@47 | 21 | ## SUCH DAMAGE. |
| michael@47 | 22 | ## |
| michael@47 | 23 | |
| michael@47 | 24 | # FIXME: rse: default configuration is a little bit fat |
| michael@47 | 25 | # FIXME: rse: still not run-time tested |
| michael@47 | 26 | |
| michael@47 | 27 | # package information |
| michael@47 | 28 | Name: freeradius |
| michael@47 | 29 | Summary: FreeRADIUS Server |
| michael@47 | 30 | URL: http://www.freeradius.org/ |
| michael@47 | 31 | Vendor: The FreeRADIUS Server Project |
| michael@47 | 32 | Packager: OpenPKG Foundation e.V. |
| michael@47 | 33 | Distribution: OpenPKG Community |
| michael@47 | 34 | Class: EVAL |
| michael@47 | 35 | Group: RADIUS |
| michael@47 | 36 | License: GPL |
| michael@47 | 37 | Version: 2.1.3 |
| michael@48 | 38 | Release: 20090106 |
| michael@47 | 39 | |
| michael@47 | 40 | # package options |
| michael@47 | 41 | %option with_mysql no |
| michael@47 | 42 | %option with_openldap no |
| michael@47 | 43 | %option with_pgsql no |
| michael@47 | 44 | %option with_snmp no |
| michael@47 | 45 | |
| michael@47 | 46 | # list of sources |
| michael@47 | 47 | Source0: ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-%{version}.tar.gz |
| michael@47 | 48 | Source1: rc.freeradius |
| michael@47 | 49 | Patch0: freeradius.patch |
| michael@47 | 50 | |
| michael@47 | 51 | # build information |
| michael@47 | 52 | Prefix: %{l_prefix} |
| michael@47 | 53 | BuildRoot: %{l_buildroot} |
| michael@47 | 54 | BuildPreReq: OpenPKG, openpkg >= 20060823, make, gcc, libtool |
| michael@47 | 55 | PreReq: OpenPKG, openpkg >= 20060823 |
| michael@47 | 56 | BuildPreReq: perl, openssl, gdbm, readline |
| michael@47 | 57 | PreReq: perl, openssl, gdbm, readline |
| michael@47 | 58 | %if "%{with_mysql}" == "yes" |
| michael@47 | 59 | BuildPreReq: mysql, zlib |
| michael@47 | 60 | PreReq: mysql, zlib |
| michael@47 | 61 | %endif |
| michael@47 | 62 | %if "%{with_openldap}" == "yes" |
| michael@47 | 63 | BuildPreReq: openldap |
| michael@47 | 64 | PreReq: openldap |
| michael@47 | 65 | %endif |
| michael@47 | 66 | %if "%{with_pgsql}" == "yes" |
| michael@47 | 67 | BuildPreReq: postgresql |
| michael@47 | 68 | PreReq: postgresql |
| michael@47 | 69 | %endif |
| michael@47 | 70 | %if "%{with_snmp}" == "yes" |
| michael@47 | 71 | BuildPreReq: snmp |
| michael@47 | 72 | PreReq: snmp |
| michael@47 | 73 | %endif |
| michael@47 | 74 | AutoReq: no |
| michael@47 | 75 | AutoReqProv: no |
| michael@47 | 76 | |
| michael@47 | 77 | %description |
| michael@47 | 78 | FreeRADIUS is one of the most modular and featureful RADIUS servers |
| michael@47 | 79 | available today. It has been written by a team of developers who |
| michael@47 | 80 | have more than a decade of collective experience in implementing |
| michael@47 | 81 | and deploying RADIUS software, in software engineering, and in Unix |
| michael@47 | 82 | package management. |
| michael@47 | 83 | |
| michael@47 | 84 | %track |
| michael@47 | 85 | prog freeradius = { |
| michael@47 | 86 | version = %{version} |
| michael@47 | 87 | url = ftp://ftp.freeradius.org/pub/freeradius/ |
| michael@47 | 88 | regex = freeradius-server-(\d+\.\d+(\.\d+)*)\.tar\.gz |
| michael@47 | 89 | } |
| michael@47 | 90 | |
| michael@47 | 91 | %prep |
| michael@47 | 92 | %setup -q -n freeradius-server-%{version} |
| michael@47 | 93 | %patch -p0 |
| michael@47 | 94 | %if "%{with_openldap}" == "yes" |
| michael@47 | 95 | %{l_shtool} subst \ |
| michael@47 | 96 | -e 's;\(LIBS *=.* *-lldap\);\1 -llber -lssl -lcrypto;' \ |
| michael@47 | 97 | src/modules/rlm_ldap/configure |
| michael@47 | 98 | %endif |
| michael@47 | 99 | |
| michael@47 | 100 | %build |
| michael@47 | 101 | # configure package |
| michael@47 | 102 | CC="%{l_cc}" \ |
| michael@47 | 103 | CFLAGS="-I`pwd`/src/include %{l_cflags -O} %{l_cppflags}" \ |
| michael@47 | 104 | CPPFLAGS="%{l_cppflags}" \ |
| michael@47 | 105 | LDFLAGS="%{l_ldflags}" \ |
| michael@47 | 106 | %if "%{with_openldap}" == "yes" |
| michael@47 | 107 | LIBS="-llber -lssl -lcrypto -lreadline" \ |
| michael@47 | 108 | %endif |
| michael@47 | 109 | ./configure \ |
| michael@47 | 110 | --prefix=%{l_prefix} \ |
| michael@47 | 111 | --libdir=%{l_prefix}/lib/freeradius \ |
| michael@47 | 112 | --mandir=%{l_prefix}/man \ |
| michael@47 | 113 | --localstatedir=%{l_prefix}/var/freeradius \ |
| michael@47 | 114 | --datadir=%{l_prefix}/share/freeradius \ |
| michael@47 | 115 | --sysconfdir=%{l_prefix}/etc \ |
| michael@47 | 116 | --with-system-libtool \ |
| michael@47 | 117 | --disable-shared \ |
| michael@47 | 118 | --enable-static \ |
| michael@47 | 119 | --with-logdir=%{l_prefix}/var/freeradius \ |
| michael@47 | 120 | --with-radacctdir=%{l_prefix}/var/freeradius \ |
| michael@47 | 121 | --with-raddbdir=%{l_prefix}/etc/freeradius \ |
| michael@47 | 122 | --without-threads \ |
| michael@47 | 123 | --with-openssl-includes=%{l_prefix}/include/openssl \ |
| michael@47 | 124 | --with-openssl-libraries=%{l_prefix}/lib/ \ |
| michael@47 | 125 | --with-rlm_perl \ |
| michael@47 | 126 | %if "%{with_mysql}" == "yes" || "%{with_pgsql}" == "yes" |
| michael@47 | 127 | --with-rlm_sql \ |
| michael@47 | 128 | --with-rlm_sqlippool \ |
| michael@47 | 129 | %else |
| michael@47 | 130 | --without-rlm_sql \ |
| michael@47 | 131 | --without-rlm_sqlippool \ |
| michael@47 | 132 | %endif |
| michael@47 | 133 | %if "%{with_mysql}" == "yes" |
| michael@47 | 134 | --with-rlm_sql_mysql \ |
| michael@47 | 135 | %else |
| michael@47 | 136 | --without-rlm_sql_mysql \ |
| michael@47 | 137 | %endif |
| michael@47 | 138 | %if "%{with_pgsql}" == "yes" |
| michael@47 | 139 | --with-rlm_sql_postgresql \ |
| michael@47 | 140 | %else |
| michael@47 | 141 | --without-rlm_sql_postgresql \ |
| michael@47 | 142 | %endif |
| michael@47 | 143 | --without-rlm_sql_db2 \ |
| michael@47 | 144 | --without-rlm_sql_firebird \ |
| michael@47 | 145 | --without-rlm_sql_freetds \ |
| michael@47 | 146 | --without-rlm_sql_iodbc \ |
| michael@47 | 147 | --without-rlm_sql_oracle \ |
| michael@47 | 148 | --without-rlm_sql_sybase \ |
| michael@47 | 149 | --without-rlm_sql_unixodbc \ |
| michael@47 | 150 | %if "%{with_openldap}" == "yes" |
| michael@47 | 151 | --with-rlm-ldap-include-dir=%{l_prefix}/include/ \ |
| michael@47 | 152 | --with-rlm-ldap-lib-dir=%{l_prefix}/lib/ \ |
| michael@47 | 153 | %else |
| michael@47 | 154 | --without-rlm-ldap \ |
| michael@47 | 155 | %endif |
| michael@47 | 156 | --without-rlm_eap_ikev2 \ |
| michael@47 | 157 | --without-rlm_eap_sim \ |
| michael@47 | 158 | --without-rlm_eap_tls \ |
| michael@47 | 159 | --without-rlm_eap_peap \ |
| michael@47 | 160 | --without-rlm_eap_ttls \ |
| michael@47 | 161 | --without-rlm_eap_tnc \ |
| michael@47 | 162 | --without-rlm_krb5 \ |
| michael@47 | 163 | --without-rlm_dbm \ |
| michael@47 | 164 | --without-rlm_otp \ |
| michael@47 | 165 | --without-rlm_pam \ |
| michael@47 | 166 | --without-rlm_python \ |
| michael@47 | 167 | %if "%{with_snmp}" == "yes" |
| michael@47 | 168 | --with-snmp \ |
| michael@47 | 169 | %else |
| michael@47 | 170 | --without-snmp \ |
| michael@47 | 171 | %endif |
| michael@47 | 172 | --enable-strict-dependencies \ |
| michael@47 | 173 | --with-ltdl-lib=%{l_prefix}/lib \ |
| michael@47 | 174 | --with-ltdl-include=%{l_prefix}/include \ |
| michael@47 | 175 | --disable-ltdl-install |
| michael@47 | 176 | |
| michael@47 | 177 | # build package |
| michael@47 | 178 | %{l_make} %{l_mflags} |
| michael@47 | 179 | |
| michael@47 | 180 | %install |
| michael@47 | 181 | # install package |
| michael@47 | 182 | rm -rf $RPM_BUILD_ROOT |
| michael@47 | 183 | %{l_shtool} mkdir -f -p -m 755 \ |
| michael@47 | 184 | $RPM_BUILD_ROOT%{l_prefix}/lib/freeradius |
| michael@47 | 185 | %{l_make} %{l_mflags} install \ |
| michael@47 | 186 | R=$RPM_BUILD_ROOT |
| michael@47 | 187 | |
| michael@47 | 188 | # strip down installation |
| michael@47 | 189 | strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true |
| michael@47 | 190 | rm -rf $RPM_BUILD_ROOT%{l_prefix}/etc/freeradius/certs |
| michael@47 | 191 | rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/freeradius/*.sample |
| michael@47 | 192 | rm -rf $RPM_BUILD_ROOT%{l_prefix}/share/freeradius/doc |
| michael@47 | 193 | rm -f $RPM_BUILD_ROOT%{l_prefix}/sbin/rc.radiusd |
| michael@47 | 194 | rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/freeradius/*%{version}* |
| michael@47 | 195 | rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/freeradius/rlm_* |
| michael@47 | 196 | |
| michael@47 | 197 | # adjust default configuration |
| michael@47 | 198 | %{l_shtool} subst \ |
| michael@47 | 199 | -e 's;^#user = nobody;user = %{l_rusr};' \ |
| michael@47 | 200 | -e 's;^#group = nobody;group = %{l_rgrp};' \ |
| michael@47 | 201 | $RPM_BUILD_ROOT%{l_prefix}/etc/freeradius/radiusd.conf |
| michael@47 | 202 | |
| michael@47 | 203 | # install run-command script |
| michael@47 | 204 | %{l_shtool} mkdir -f -p -m 755 \ |
| michael@47 | 205 | $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d |
| michael@47 | 206 | %{l_shtool} install -c -m 755 %{l_value -s -a} \ |
| michael@47 | 207 | %{SOURCE rc.freeradius} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ |
| michael@47 | 208 | |
| michael@47 | 209 | # determine installation files |
| michael@47 | 210 | %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ |
| michael@47 | 211 | %{l_files_std} \ |
| michael@47 | 212 | '%config %{l_prefix}/etc/freeradius/*' \ |
| michael@47 | 213 | '%attr(755,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/freeradius' |
| michael@47 | 214 | |
| michael@47 | 215 | %files -f files |
| michael@47 | 216 | |
| michael@47 | 217 | %clean |
| michael@47 | 218 | rm -rf $RPM_BUILD_ROOT |
| michael@47 | 219 |
