From 527b1c3a1dcd1bc9b5769edf65afc08ab51b8a6d Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Aug 04 2020 14:22:02 +0000
Subject: Re-fix permissions issues


Since make is present on certain systems (and has the better certificate
generation logic), we should Require: make and add the relevant chmod
statements to bootstrap after executing make.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

---

diff --git a/freeradius-bootstrap-make-permissions.patch b/freeradius-bootstrap-make-permissions.patch
new file mode 100644
index 0000000..3548fa6
--- /dev/null
+++ b/freeradius-bootstrap-make-permissions.patch
@@ -0,0 +1,29 @@
+From ea164ceafa05f96079204a3f0ae379e46e64a455 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel@redhat.com>
+Date: Tue, 4 Aug 2020 10:08:15 -0400
+Subject: [PATCH] Fix permissions after generating certificates with make
+
+Signed-off-by: Alexander Scheel <ascheel@redhat.com>
+---
+ raddb/certs/bootstrap | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
+index 336a2bd..9920ecf 100755
+--- a/raddb/certs/bootstrap
++++ b/raddb/certs/bootstrap
+@@ -21,7 +21,10 @@ make -h > /dev/null 2>&1
+ #
+ if [ "$?" = "0" ]; then
+   make all
+-  exit $?
++  ret=$?
++  chown root:radiusd dh ca.* client.* server.*
++  chmod 640 dh ca.* client.* server.*
++  exit $ret
+ fi
+ 
+ #
+-- 
+2.26.2
+
diff --git a/freeradius.spec b/freeradius.spec
index 2b0e0f7..51a9d66 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 3.0.21
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: http://www.freeradius.org/
 
@@ -54,8 +54,9 @@ Requires: openssl >= %(rpm -q --queryformat '%%{EPOCH}:%%{VERSION}' openssl)
 Requires(pre): shadow-utils glibc-common
 Requires(post): systemd-sysv
 Requires(post): systemd-units
-# Needed for certificate generation
-Requires(post): make
+# Needed for certificate generation as upstream bootstrap script isn't
+# compatible with Makefile equivalent.
+Requires: make
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 
@@ -835,6 +836,10 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
 
 %changelog
+* Tue Aug 04 2020 Alexander Scheel <ascheel@redhat.com> - 3.0.21-6
+- Fix certificate permissions after make-based generation
+  Resolves: bz#1835249
+
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.21-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild