If pcre is built before freeradius, then freeradius' configure will
detect pcre and freeradius will be built with pcre functionality
enabled. This causes a "missing dependencies" error at the end of
package build.
This passes --without-pcre to configure to disable this autodetection.
This also removes the dependency on libpcre2 as freeradius v3 does not
have support for pcre2.
Fixes: 19ec30255f ("freeradius3: switch to pcre2")
Fixes: https://github.com/openwrt/packages/issues/22574
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
use libpcre2 as dependency for freeradius3-common
because PCRE is EOL with no further updates
Compile & run tested on mediatek mt76 ubnt-ui6-lr-v1 with musl
Signed-off-by: Martin Strobel <arctus@crza.de>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
The substring "release_" does not reflect the version number.
In addition, package names will be shorter.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
This meta-package contains only dependencies for modules needed in
FreeRADIUS default configuration.
This commit adds missing description and install sections.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Canonical radtest start results in an error:
$ radtest bob hello localhost 0 testing123
/usr/bin/radtest: line 1: hostname: not found
(0) Error parsing "stdin": Failed to get value
hostname command is not present in OpenWrt.
Instead, hostname can be obtained from file /proc/sys/kernel/hostname.
added: 004-get-hostname-from-proc-in-radtest.patch
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
radtest utility is used in many manuals to check the operation of
radius server.
At the moment all parameters must be specified at startup, for example:
$ radtest bob hello localhost 0 testing123 0 localhost
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Config files
/etc/freeradius3/policy.d/accounting
/etc/freeradius3/policy.d/filter
/etc/freeradius3/proxy.conf
/etc/freeradius3/sites-available/default
and link
/etc/freeradius3/sites-enabled/default
are in the freeradius3 package and are mentioned in the main config file
/etc/freeradius3/radiusd.conf
Thus, they must be explicitly specified in the Makefile.
File
/etc/freeradius3/sites/default
is not included in the package, is not created during installation,
is not mentioned in the main config file and should therefore be excluded
from the Makefile.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
To use eap tls, 'tmpdir' must be created before server starts.
This 'tmpdir' is used to store and verify client certificate,
and therefore radiusd do 'chmod go-rwx'.
If 'tmpdir' does NOT exists, server failed to start and default
'tmpdir' is '/tmp/radiusd'. So init script MUST create default
'tmpdir' like other directories.
Signed-off-by: Eiji MATSUMOTO <toudaiman@gmail.com>
This removes Python-related build variants, and adds
PYTHON3_PKG_BUILD:=0 and minor build adjustments (where appropriate),
for non-Python packages. There should be no changes to build output.
This also updates some include paths for python3-package.mk and/or
python3-host.mk to be relative to the package Makefile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
It was provided by both the freeradius3 and freeradius3-mod-realm packages.
Now provided by the freeradius3 package only.
Signed-off-by: Robby K <robbyke@gmail.com>
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23a3c46544b3
Signed-off-by: Robby K <robbyke@gmail.com>
This applies a patch from upstream that avoids a call to ENGINE_cleanup
when the openssl library was built without engine support.
A workaround for a missing header check was used to silence a warning
about the implicit definition of RAND_load_file. A proper fix has been
merged upstream as well.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
- Moves /etc/freeradius3/sites-{enabled,available}/inner-tunnel to be part of
the freeradius3-mod-eap package. This prevents conflicts between
freeradius3-mod-eap-peap and freeradius3-mod-eap-ttls which both included the
file before. This fixes LEDE bug FS#678.
- Change the demo cert validity to be 1 year instead of 60 days. Should keep the
cert valid for the duration of the LEDE release cycle (with some slack). This
fixes#4239.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The lack of LDAP support was one of the things which prevented users
from migrating from freeradius2 to freeradius3.
Enable LDAP in freeradius3 so we can finally burry freeradius2.
Reported-by: Martin Mueller <mm@sig21.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes two issues with the freeradius package init scripts:
- The package installs libraries in /usr/lib/freeradius{2,3}, but the
musl dynamic linker won't find them there unless LD_LIBRARY_PATH is
set to include this directory. This adds an appropriate env statement
to the procd init setup.
- procd expects services to stay in the foreground, or it will be unable
to properly shut them down again. This adds the -f flag to radiusd to
achieve that.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
freeradius-server version 2.x has been marked End-Of-Life.
This commit adds freeradius-server version 3.0.11 in a new package.
This commit also introduces the option "freeradius3-default"
which activate all modules needed to run radiusd with its default
configuration.
- rlm_digest (HTTP Digest Authentication) has been added
- rlm_unix (System Authentication) has been added
- rlm_attr_rewrite has been deleted
Note that SQL and LDAP support has been disabled.
Signed-off-by: Lucile Quirion <lucile.quirion@savoirfairelinux.com>
Andy Syam