rpms / freeradius

Clone
Source Code
GIT

Blame SOURCES/freeradius-bootstrap-create-only.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-3.0 c8-stream-3.0 c8s-stream-3.0 c9 c9-beta
  1.   42d0ad4c00afbbcecfa9e32f387f7d51d25a5590
  2.   SOURCES
  3.   freeradius-bootstrap-create-only.patch
Blob History Raw
42d0ad 
From 3f40655ad0708b74a4a41b13c2b21995b157c14d Mon Sep 17 00:00:00 2001
8ba9e1 
From: Alexander Scheel <ascheel@redhat.com>
42d0ad 
Date: Wed, 5 Aug 2020 15:53:45 -0400
8ba9e1 
Subject: [PATCH] Don't clobber existing files on bootstrap
8ba9e1
42d0ad 
Rebased: v3.0.20
42d0ad
8ba9e1 
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
8ba9e1 
---
42d0ad 
 raddb/certs/bootstrap | 35 +++++++++++++++++++----------------
42d0ad 
 1 file changed, 19 insertions(+), 16 deletions(-)
8ba9e1
8ba9e1 
diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
42d0ad 
index 0f719aa..336a2bd 100755
8ba9e1 
--- a/raddb/certs/bootstrap
8ba9e1 
+++ b/raddb/certs/bootstrap
42d0ad 
@@ -31,52 +31,55 @@ fi
8ba9e1 
 #  Don't edit the following text.  Instead, edit the Makefile, and
8ba9e1 
 #  re-generate these commands.
8ba9e1 
 #
8ba9e1 
-if [ ! -f dh ]; then
8ba9e1 
+if [ ! -e dh ]; then
8ba9e1 
   openssl dhparam -out dh 2048 || exit 1
8ba9e1 
-  if [ -e /dev/urandom ] ; then
8ba9e1 
-	ln -sf /dev/urandom random
8ba9e1 
-  else
8ba9e1 
-	date > ./random;
8ba9e1 
-  fi
8ba9e1 
+  ln -sf /dev/urandom random
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f server.key ]; then
8ba9e1 
+if [ ! -e server.key ]; then
8ba9e1 
   openssl req -new  -out server.csr -keyout server.key -config ./server.cnf || exit 1
42d0ad 
+  chmod g+r server.key
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f ca.key ]; then
8ba9e1 
+if [ ! -e ca.key ]; then
8ba9e1 
   openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f index.txt ]; then
8ba9e1 
+if [ ! -e index.txt ]; then
8ba9e1 
   touch index.txt
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f serial ]; then
8ba9e1 
+if [ ! -e serial ]; then
8ba9e1 
   echo '01' > serial
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f server.crt ]; then
8ba9e1 
+if [ ! -e server.crt ]; then
8ba9e1 
   openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr  -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f server.p12 ]; then
8ba9e1 
+if [ ! -e server.p12 ]; then
8ba9e1 
   openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12  -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
42d0ad 
+  chmod g+r server.p12
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f server.pem ]; then
8ba9e1 
+if [ ! -e server.pem ]; then
8ba9e1 
   openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
8ba9e1 
   openssl verify -CAfile ca.pem server.pem || exit 1
42d0ad 
+  chmod g+r server.pem
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f ca.der ]; then
8ba9e1 
+if [ ! -e ca.der ]; then
8ba9e1 
   openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f client.key ]; then
8ba9e1 
+if [ ! -e client.key ]; then
8ba9e1 
   openssl req -new  -out client.csr -keyout client.key -config ./client.cnf
42d0ad 
+  chmod g+r client.key
8ba9e1 
 fi
42d0ad
8ba9e1 
-if [ ! -f client.crt ]; then
8ba9e1 
+if [ ! -e client.crt ]; then
8ba9e1 
   openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr  -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
8ba9e1 
 fi
8ba9e1 
+
8ba9e1 
+chown root:radiusd dh ca.* client.* server.*
42d0ad 
+chmod 640 dh ca.* client.* server.*
42d0ad 
--
42d0ad 
2.26.2
8ba9e1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation