diff options
| author | wxs <wxs@FreeBSD.org> | 2011-06-03 08:49:45 +0800 |
|---|---|---|
| committer | wxs <wxs@FreeBSD.org> | 2011-06-03 08:49:45 +0800 |
| commit | 0cbb74e839daf422743f0fbf71f9e8de5e22ad3d (patch) | |
| tree | 13c995c236b3398d56b1e7b0bac9bffda6b95c60 /net | |
| parent | f4e81ca8227da071f66d36808c80c7f1d9f52081 (diff) | |
| download | freebsd-ports-gnome-0cbb74e839daf422743f0fbf71f9e8de5e22ad3d.tar.gz freebsd-ports-gnome-0cbb74e839daf422743f0fbf71f9e8de5e22ad3d.tar.zst freebsd-ports-gnome-0cbb74e839daf422743f0fbf71f9e8de5e22ad3d.zip | |
- Run under an unprivileged user (freeradius)
- Utilise bsd.port.options.mk
- Remove Makefile hack for python
- Change the ownership of files & directories to new user
PR: ports/157400
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
Approved by: Ryan Steinmetz <rpsfa@rit.edu> (maintainer)
Diffstat (limited to 'net')
| -rw-r--r-- | net/freeradius/Makefile | 102 | ||||
| -rw-r--r-- | net/freeradius/files/patch-raddb_radiusd.conf.in | 13 | ||||
| -rw-r--r-- | net/freeradius/files/radiusd.in (renamed from net/freeradius/files/radiusd.sh.in) | 0 |
3 files changed, 70 insertions, 45 deletions
diff --git a/net/freeradius/Makefile b/net/freeradius/Makefile index f30750374488..741217653e6b 100644 --- a/net/freeradius/Makefile +++ b/net/freeradius/Makefile @@ -15,38 +15,67 @@ MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \ http://ftp.cc.uoc.gr/mirrors/ftp.freeradius.org/%SUBDIR%/ \ http://freeradius.portal-to-web.de/%SUBDIR%/ MASTER_SITE_SUBDIR= . old +# If FREERADIUS_SLAVE_MYSQL is defined, we want to build the +# freeradius-mysql slave port +.ifdef(FREERADIUS_SLAVE_MYSQL) +PKGNAMESUFFIX= -mysql +.endif MAINTAINER?= rpsfa@rit.edu COMMENT?= A free RADIUS server implementation -USE_BZIP2= yes -WANT_PERL= yes - LIB_DEPENDS= gdbm.3:${PORTSDIR}/databases/gdbm -LOGDIR?= /var/log - +CONFLICTS= gnu-radius-[0-9].* openradius-[0-9].* radiusd-cistron-[0-9].* # If FREERADIUS_SLAVE_MYSQL is defined, we want to build the # freeradius-mysql slave port - -CONFLICTS= gnu-radius-[0-9].* openradius-[0-9].* radiusd-cistron-[0-9].* .ifdef(FREERADIUS_SLAVE_MYSQL) CONFLICTS+= freeradius-[0-9].* freeradius-mysql-[02-9].* -PKGNAMESUFFIX= -mysql .else CONFLICTS+= freeradius-mysql-[0-9].* freeradius-[02-9].* .endif + +MAN1= radclient.1 radeapclient.1 radlast.1 radtest.1 radwho.1 \ + radzap.1 +MAN5= acct_users.5 clients.5 clients.conf.5 dictionary.5 naslist.5 \ + radiusd.conf.5 rlm_acct_unique.5 rlm_always.5 \ + rlm_attr_filter.5 rlm_attr_rewrite.5 rlm_chap.5 rlm_counter.5 \ + rlm_detail.5 rlm_expr.5 rlm_files.5 rlm_mschap.5 rlm_pap.5 \ + rlm_passwd.5 rlm_realm.5 rlm_sql.5 rlm_sql_log.5 rlm_unix.5 \ + users.5 +MAN8= radiusd.8 radrelay.8 radsqlrelay.8 radwatch.8 rlm_ippool_tool.8 + +USE_BZIP2= yes +WANT_PERL= yes + +LOGDIR?= /var/log + NO_LATEST_LINK= yes -USE_RC_SUBR= radiusd.sh +USE_RC_SUBR= radiusd USE_AUTOTOOLS= libltdl libtool autoconf USE_GMAKE= yes USE_OPENSSL= yes +USE_LDCONFIG= yes +CONFIGURE_ARGS= --quiet \ + --prefix=${PREFIX} \ + --localstatedir=/var \ + --with-system-libtool \ + --with-logdir=${LOGDIR} \ + --with-large-files \ + --with-openssl-includes=${OPENSSLINC} \ + --without-rlm_sql_db2 \ + --without-rlm_sql_freetds \ + --without-rlm_sql_iodbc \ + --without-rlm_sql_oracle \ + --without-rlm_sql_sybase MAKE_ARGS+= LDFLAGS="-L${LOCALBASE}/lib ${PTHREAD_LIBS}" CFLAGS+= -I${LOCALBASE}/include -L${LOCALBASE}/lib MAKE_JOBS_UNSAFE= yes PLIST_SUB= PORTVERSION=${PORTVERSION} +USERS= freeradius +GROUPS= freeradius OPTIONS= KERBEROS "With Kerberos support" off \ HEIMDAL "With Heimdal Kerberos support" off \ @@ -62,19 +91,15 @@ OPTIONS+= PGSQL "With PostgreSQL database support" off \ NOPERL "Do not require perl (use only if necessary)" off \ EXPERIMENTAL "Build experimental modules" off -.include <bsd.port.pre.mk> - # Default requirements for rc script _REQUIRE= NETWORKING SERVERS +.include <bsd.port.options.mk> + .ifdef(FREERADIUS_SLAVE_MYSQL) WITH_MYSQL= yes .endif -CONFIGURE_ARGS= --quiet \ - --prefix=${PREFIX} \ - --localstatedir=/var \ - --with-system-libtool .ifdef(NOPORTDOCS) CONFIGURE_ARGS+=--without-docdir PLIST_SUB+= PORTDOCS="@comment " @@ -82,23 +107,6 @@ PLIST_SUB+= PORTDOCS="@comment " CONFIGURE_ARGS+=--with-docdir=${DOCSDIR} PLIST_SUB+= PORTDOCS="" .endif -CONFIGURE_ARGS+=--with-logdir=${LOGDIR} \ - --with-large-files \ - --with-openssl-includes=${OPENSSLINC} -# This conditionality avoids -L/usr/lib in the radiusd build step when -# building with base system OpenSSL -.if ${OPENSSLLIB} != "/usr/lib" -CONFIGURE_ARGS+=--with-openssl-libraries=${OPENSSLLIB} -.endif -CONFIGURE_ARGS+=--without-rlm_sql_db2 \ - --without-rlm_sql_freetds \ - --without-rlm_sql_iodbc \ - --without-rlm_sql_oracle \ - --without-rlm_sql_sybase - -.if ${ARCH} == amd64 -CONFIGURE_ARGS+= --with-pic -.endif .if defined(WITH_HEIMDAL) && !defined(WITH_KERBEROS) WITH_KERBEROS= yes @@ -187,8 +195,6 @@ CONFIGURE_ARGS+=--without-snmp .ifdef(WITH_EXPERIMENTAL) USE_PYTHON= yes -# hack to get the dependency -.include "${PORTSDIR}/Mk/bsd.python.mk" CONFIGURE_ARGS+=--with-experimental-modules PLIST_SUB+= EXPM="" .else @@ -208,19 +214,19 @@ CONFIGURE_ARGS+=--with-rlm_perl PLIST_SUB+= RLMPERL="" .endif -USE_LDCONFIG= yes +SUB_LIST+= REQUIRE="${_REQUIRE}" -MAN1= radclient.1 radeapclient.1 radlast.1 radtest.1 radwho.1 \ - radzap.1 -MAN5= acct_users.5 clients.5 clients.conf.5 dictionary.5 naslist.5 \ - radiusd.conf.5 rlm_acct_unique.5 rlm_always.5 \ - rlm_attr_filter.5 rlm_attr_rewrite.5 rlm_chap.5 rlm_counter.5 \ - rlm_detail.5 rlm_expr.5 rlm_files.5 rlm_mschap.5 rlm_pap.5 \ - rlm_passwd.5 rlm_realm.5 rlm_sql.5 rlm_sql_log.5 rlm_unix.5 \ - users.5 -MAN8= radiusd.8 radrelay.8 radsqlrelay.8 radwatch.8 rlm_ippool_tool.8 +.include <bsd.port.pre.mk> -SUB_LIST+= REQUIRE="${_REQUIRE}" +# This conditionality avoids -L/usr/lib in the radiusd build step when +# building with base system OpenSSL +.if ${OPENSSLLIB} != "/usr/lib" +CONFIGURE_ARGS+=--with-openssl-libraries=${OPENSSLLIB} +.endif + +.if ${ARCH} == amd64 +CONFIGURE_ARGS+= --with-pic +.endif post-patch: # Patch Makefile / Makefile.in throughout the source tree to install raddb @@ -263,5 +269,11 @@ post-install: # Set ${PREFIX}/etc/raddb and all the files and folders in it to g-w,o-rwx # (FreeRADIUS will probably complain if this is not done) @${CHMOD} -R g-w,o-rwx ${PREFIX}/etc/raddb + @${CHOWN} -R ${USERS}:${GROUPS} ${PREFIX}/etc/raddb + + @${TOUCH} ${LOGDIR}/radius.log + @${CHOWN} ${USERS}:${GROUPS} ${LOGDIR}/radius.log + @${CHOWN} ${USERS}:${GROUPS} ${LOGDIR}/radacct + @${CHOWN} ${USERS}:${GROUPS} /var/run/radiusd .include <bsd.port.post.mk> diff --git a/net/freeradius/files/patch-raddb_radiusd.conf.in b/net/freeradius/files/patch-raddb_radiusd.conf.in new file mode 100644 index 000000000000..2f374bab936b --- /dev/null +++ b/net/freeradius/files/patch-raddb_radiusd.conf.in @@ -0,0 +1,13 @@ +--- raddb/radiusd.conf.in.orig 2011-05-29 19:22:10.091905921 +0000 ++++ raddb/radiusd.conf.in 2011-05-29 19:22:36.633918942 +0000 +@@ -106,8 +106,8 @@ pidfile = ${run_dir}/radiusd.pid + # that the debugging mode server is running as a user that can read the + # shadow info, and the user listed below can not. + # +-#user = nobody +-#group = nobody ++user = freeradius ++group = freeradius + + # max_request_time: The maximum time (in seconds) to handle a request. + # diff --git a/net/freeradius/files/radiusd.sh.in b/net/freeradius/files/radiusd.in index 86724eb68800..86724eb68800 100644 --- a/net/freeradius/files/radiusd.sh.in +++ b/net/freeradius/files/radiusd.in |