rpms / freeradius

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main rawhide
  1.   f28
  2.   freeradius-bootstrap-create-only.patch
Blob Blame History Raw 
From d38836ca4158b42c27f4d7f474e64f4f10aed16d Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 8 May 2019 10:29:08 -0400
Subject: [PATCH] Don't clobber existing files on bootstrap

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 raddb/certs/bootstrap | 39 ++++++++++++---------------------------
 1 file changed, 12 insertions(+), 27 deletions(-)

diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
index 0f719aafd4..be81a2d697 100755
--- a/raddb/certs/bootstrap
+++ b/raddb/certs/bootstrap
@@ -13,17 +13,6 @@
 umask 027
 cd `dirname $0`

-make -h > /dev/null 2>&1
-
-#
-#  If we have a working "make", then use it.  Otherwise, run the commands
-#  manually.
-#
-if [ "$?" = "0" ]; then
-  make all
-  exit $?
-fi
-
 #
 #  The following commands were created by running "make -n", and edited
 #  to remove the trailing backslash, and to add "exit 1" after the commands.
@@ -31,52 +20,51 @@ fi
 #  Don't edit the following text.  Instead, edit the Makefile, and
 #  re-generate these commands.
 #
-if [ ! -f dh ]; then
+if [ ! -e dh ]; then
   openssl dhparam -out dh 2048 || exit 1
-  if [ -e /dev/urandom ] ; then
-	ln -sf /dev/urandom random
-  else
-	date > ./random;
-  fi
+  ln -sf /dev/urandom random
 fi

-if [ ! -f server.key ]; then
+if [ ! -e server.key ]; then
   openssl req -new  -out server.csr -keyout server.key -config ./server.cnf || exit 1
 fi

-if [ ! -f ca.key ]; then
+if [ ! -e ca.key ]; then
   openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
 fi

-if [ ! -f index.txt ]; then
+if [ ! -e index.txt ]; then
   touch index.txt
 fi

-if [ ! -f serial ]; then
+if [ ! -e serial ]; then
   echo '01' > serial
 fi

-if [ ! -f server.crt ]; then
+if [ ! -e server.crt ]; then
   openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr  -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1
 fi

-if [ ! -f server.p12 ]; then
+if [ ! -e server.p12 ]; then
   openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12  -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
 fi

-if [ ! -f server.pem ]; then
+if [ ! -e server.pem ]; then
   openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
   openssl verify -CAfile ca.pem server.pem || exit 1
 fi

-if [ ! -f ca.der ]; then
+if [ ! -e ca.der ]; then
   openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1
 fi

-if [ ! -f client.key ]; then
+if [ ! -e client.key ]; then
   openssl req -new  -out client.csr -keyout client.key -config ./client.cnf
 fi

-if [ ! -f client.crt ]; then
+if [ ! -e client.crt ]; then
   openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr  -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
 fi
+
+chown root:radiusd dh ca.* client.* server.*
+chmod 644 dh ca.* client.* server.*
--
2.21.0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.