freeradius/freeradius.spec@0ba300bdf30a
freeradius/freeradius.spec
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- parent 47
- 120a0b206db9
- child 306
- cc6a45887422
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
1 ##
2 ## freeradius.spec -- OpenPKG RPM Package Specification
3 ## Copyright (c) 2000-2008 OpenPKG Foundation e.V. <http://openpkg.net/>
4 ##
5 ## Permission to use, copy, modify, and distribute this software for
6 ## any purpose with or without fee is hereby granted, provided that
7 ## the above copyright notice and this permission notice appear in all
8 ## copies.
9 ##
10 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
11 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
12 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
13 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
14 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
16 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
17 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
18 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
19 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
20 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
21 ## SUCH DAMAGE.
22 ##
24 # FIXME: rse: default configuration is a little bit fat
25 # FIXME: rse: still not run-time tested
27 # package information
28 Name: freeradius
29 Summary: FreeRADIUS Server
30 URL: http://www.freeradius.org/
31 Vendor: The FreeRADIUS Server Project
32 Packager: OpenPKG Foundation e.V.
33 Distribution: OpenPKG Community
34 Class: EVAL
35 Group: RADIUS
36 License: GPL
37 Version: 2.1.3
38 Release: 20090106
40 # package options
41 %option with_mysql no
42 %option with_openldap no
43 %option with_pgsql no
44 %option with_snmp no
46 # list of sources
47 Source0: ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-%{version}.tar.gz
48 Source1: rc.freeradius
49 Patch0: freeradius.patch
51 # build information
52 Prefix: %{l_prefix}
53 BuildRoot: %{l_buildroot}
54 BuildPreReq: OpenPKG, openpkg >= 20060823, make, gcc, libtool
55 PreReq: OpenPKG, openpkg >= 20060823
56 BuildPreReq: perl, openssl, gdbm, readline
57 PreReq: perl, openssl, gdbm, readline
58 %if "%{with_mysql}" == "yes"
59 BuildPreReq: mysql, zlib
60 PreReq: mysql, zlib
61 %endif
62 %if "%{with_openldap}" == "yes"
63 BuildPreReq: openldap
64 PreReq: openldap
65 %endif
66 %if "%{with_pgsql}" == "yes"
67 BuildPreReq: postgresql
68 PreReq: postgresql
69 %endif
70 %if "%{with_snmp}" == "yes"
71 BuildPreReq: snmp
72 PreReq: snmp
73 %endif
74 AutoReq: no
75 AutoReqProv: no
77 %description
78 FreeRADIUS is one of the most modular and featureful RADIUS servers
79 available today. It has been written by a team of developers who
80 have more than a decade of collective experience in implementing
81 and deploying RADIUS software, in software engineering, and in Unix
82 package management.
84 %track
85 prog freeradius = {
86 version = %{version}
87 url = ftp://ftp.freeradius.org/pub/freeradius/
88 regex = freeradius-server-(\d+\.\d+(\.\d+)*)\.tar\.gz
89 }
91 %prep
92 %setup -q -n freeradius-server-%{version}
93 %patch -p0
94 %if "%{with_openldap}" == "yes"
95 %{l_shtool} subst \
96 -e 's;\(LIBS *=.* *-lldap\);\1 -llber -lssl -lcrypto;' \
97 src/modules/rlm_ldap/configure
98 %endif
100 %build
101 # configure package
102 CC="%{l_cc}" \
103 CFLAGS="-I`pwd`/src/include %{l_cflags -O} %{l_cppflags}" \
104 CPPFLAGS="%{l_cppflags}" \
105 LDFLAGS="%{l_ldflags}" \
106 %if "%{with_openldap}" == "yes"
107 LIBS="-llber -lssl -lcrypto -lreadline" \
108 %endif
109 ./configure \
110 --prefix=%{l_prefix} \
111 --libdir=%{l_prefix}/lib/freeradius \
112 --mandir=%{l_prefix}/man \
113 --localstatedir=%{l_prefix}/var/freeradius \
114 --datadir=%{l_prefix}/share/freeradius \
115 --sysconfdir=%{l_prefix}/etc \
116 --with-system-libtool \
117 --disable-shared \
118 --enable-static \
119 --with-logdir=%{l_prefix}/var/freeradius \
120 --with-radacctdir=%{l_prefix}/var/freeradius \
121 --with-raddbdir=%{l_prefix}/etc/freeradius \
122 --without-threads \
123 --with-openssl-includes=%{l_prefix}/include/openssl \
124 --with-openssl-libraries=%{l_prefix}/lib/ \
125 --with-rlm_perl \
126 %if "%{with_mysql}" == "yes" || "%{with_pgsql}" == "yes"
127 --with-rlm_sql \
128 --with-rlm_sqlippool \
129 %else
130 --without-rlm_sql \
131 --without-rlm_sqlippool \
132 %endif
133 %if "%{with_mysql}" == "yes"
134 --with-rlm_sql_mysql \
135 %else
136 --without-rlm_sql_mysql \
137 %endif
138 %if "%{with_pgsql}" == "yes"
139 --with-rlm_sql_postgresql \
140 %else
141 --without-rlm_sql_postgresql \
142 %endif
143 --without-rlm_sql_db2 \
144 --without-rlm_sql_firebird \
145 --without-rlm_sql_freetds \
146 --without-rlm_sql_iodbc \
147 --without-rlm_sql_oracle \
148 --without-rlm_sql_sybase \
149 --without-rlm_sql_unixodbc \
150 %if "%{with_openldap}" == "yes"
151 --with-rlm-ldap-include-dir=%{l_prefix}/include/ \
152 --with-rlm-ldap-lib-dir=%{l_prefix}/lib/ \
153 %else
154 --without-rlm-ldap \
155 %endif
156 --without-rlm_eap_ikev2 \
157 --without-rlm_eap_sim \
158 --without-rlm_eap_tls \
159 --without-rlm_eap_peap \
160 --without-rlm_eap_ttls \
161 --without-rlm_eap_tnc \
162 --without-rlm_krb5 \
163 --without-rlm_dbm \
164 --without-rlm_otp \
165 --without-rlm_pam \
166 --without-rlm_python \
167 %if "%{with_snmp}" == "yes"
168 --with-snmp \
169 %else
170 --without-snmp \
171 %endif
172 --enable-strict-dependencies \
173 --with-ltdl-lib=%{l_prefix}/lib \
174 --with-ltdl-include=%{l_prefix}/include \
175 --disable-ltdl-install
177 # build package
178 %{l_make} %{l_mflags}
180 %install
181 # install package
182 rm -rf $RPM_BUILD_ROOT
183 %{l_shtool} mkdir -f -p -m 755 \
184 $RPM_BUILD_ROOT%{l_prefix}/lib/freeradius
185 %{l_make} %{l_mflags} install \
186 R=$RPM_BUILD_ROOT
188 # strip down installation
189 strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true
190 rm -rf $RPM_BUILD_ROOT%{l_prefix}/etc/freeradius/certs
191 rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/freeradius/*.sample
192 rm -rf $RPM_BUILD_ROOT%{l_prefix}/share/freeradius/doc
193 rm -f $RPM_BUILD_ROOT%{l_prefix}/sbin/rc.radiusd
194 rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/freeradius/*%{version}*
195 rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/freeradius/rlm_*
197 # adjust default configuration
198 %{l_shtool} subst \
199 -e 's;^#user = nobody;user = %{l_rusr};' \
200 -e 's;^#group = nobody;group = %{l_rgrp};' \
201 $RPM_BUILD_ROOT%{l_prefix}/etc/freeradius/radiusd.conf
203 # install run-command script
204 %{l_shtool} mkdir -f -p -m 755 \
205 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
206 %{l_shtool} install -c -m 755 %{l_value -s -a} \
207 %{SOURCE rc.freeradius} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
209 # determine installation files
210 %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
211 %{l_files_std} \
212 '%config %{l_prefix}/etc/freeradius/*' \
213 '%attr(755,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/freeradius'
215 %files -f files
217 %clean
218 rm -rf $RPM_BUILD_ROOT
