* [gentoo-commits] repo/proj/libressl:master commit in: net-dialup/freeradius/files/, net-dialup/freeradius/
@ 2023-05-10 21:14 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2023-05-10 21:14 UTC (permalink / raw
To: gentoo-commits
commit: e35adb974b397b7ab29b4c27a00ac35a8c22edbc
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed May 10 19:37:44 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed May 10 19:55:16 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=e35adb97
net-dialup/freeradius: drop 3.0.25-r2, 3.0.26, 3.2.0, 3.2.1
Signed-off-by: orbea <orbea <AT> riseup.net>
net-dialup/freeradius/Manifest | 4 -
.../files/freeradius-3.0.25-libressl.patch | 161 -----------
net-dialup/freeradius/freeradius-3.0.25-r2.ebuild | 268 ------------------
net-dialup/freeradius/freeradius-3.0.26.ebuild | 268 ------------------
net-dialup/freeradius/freeradius-3.2.0.ebuild | 310 --------------------
net-dialup/freeradius/freeradius-3.2.1.ebuild | 312 ---------------------
net-dialup/freeradius/metadata.xml | 6 -
7 files changed, 1329 deletions(-)
diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest
index ef9b716..f07da4b 100644
--- a/net-dialup/freeradius/Manifest
+++ b/net-dialup/freeradius/Manifest
@@ -1,5 +1 @@
-DIST freeradius-3.0.25.tar.gz 5300245 BLAKE2B bf8908aa7bfabb9e15fa841457f176a4f2697bdec7994485516ef338908b46f2168260b7acf1a7120a687e543f0381bb787567bb4d564b9d14a3eb464a0e9ed6 SHA512 13382a53e6a1a4495c6f53e662ce21b80d73b6134a72f099f05495b64c56ae1a6c1cd1281311f1c3695d8532207fe5bd3d2026ed2c45f3cb5adb1011f1505ee7
-DIST freeradius-3.0.26.tar.gz 5300930 BLAKE2B e8922182f69ff201af331a03ef109072d24fb169c14179c5e71910ed3f767526afd7efe6000fd8a3881fa2ddb0487ebd12f8fdf6845136fdc15fdcb8a83fdf39 SHA512 83825ce1dd3d2e005c11d10ebadd2b37884130c158d3ea43595fa52478e3d194725b15dc73633758b0b1e916e00ea9358d254c38c2b721c475c9a4235aa1a5a3
-DIST freeradius-server-3.2.0.tar.bz2 3399380 BLAKE2B 103cb1faf7efd78520dd613da51671ff37b870fcd356d7d11454d655cf460bcb4132cd91b99be70557242907dd5e4d741b6a776de81c37a24ab9d04a4fe5866b SHA512 e7aa7bfc5a6968cdb860bb565ebd45bc1b3f78a665a9888a8b8dacaa1c5256755468aed33bdffe39465f8678c1fb9d6f47f0dbcf0178dfdcb38d99e3bc4b747d
-DIST freeradius-server-3.2.1.tar.bz2 3399164 BLAKE2B d0e69d468736d2a5dd85b32bb8b1fa44f2e56725ae525a3895df1b926f5ce525c70af08c2b76b62a9479d00d02c3e4915586fb1e5c7d42955c6b9e5cdeda8f6e SHA512 0f9e98cbf0eff4c5af54731ec34a8c9070252eaf2f91ca0c87caae939f6356fa91a6e1ed98ba66dbf1c1bafecdfcf38603fb4f65a5955e88974f49a5b7885f7a
DIST freeradius-server-3.2.2.tar.bz2 3418998 BLAKE2B 584d1ff79cf3a75c79f5b24f9e47d7c8d8caee0d706eb47bb387300172f0699f904804d963aab8c252a21fe67f7885a47659b8cd9db5292a6d4db087d72e8e38 SHA512 91dc574560a1f75cafa8bc78c0676f0e3dae7154ecbb395e0e1f6738f78d8bcfe1bff122364452798fd0434c4056fd946799b8f29a1141398bf0542a37870689
diff --git a/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch b/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch
deleted file mode 100644
index 1319523..0000000
--- a/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-From OpenBSD:
-
-https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_cb_c
-https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_tls_c
-https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_modules_rlm_eap_types_rlm_eap_fast_rlm_eap_fast_c
-https://github.com/openbsd/ports/blob/master/net/freeradius/patches/patch-src_modules_rlm_pap_rlm_pap_c
-
-Index: src/main/cb.c
---- a/src/main/cb.c.orig
-+++ b/src/main/cb.c
-@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret)
- /*
- * After a ClientHello, list all the proposed ciphers from the client
- */
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) {
- int i;
- int num_ciphers;
-@@ -192,7 +192,7 @@ void cbtls_msg(int write_p, int msg_version, int conte
- state->info.alert_level = 0x00;
- state->info.alert_description = 0x00;
-
--#if OPENSSL_VERSION_NUMBER >= 0x10101000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
- } else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) {
- /* let tls_ack_handler set application_data */
- state->info.content_type = SSL3_RT_HANDSHAKE;
-Index: src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
---- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c.orig
-+++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
-@@ -200,7 +200,7 @@ static void eap_fast_session_ticket(tls_session_t *tls
- }
-
- // hostap:src/crypto/tls_openssl.c:tls_sess_sec_cb()
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- static int _session_secret(SSL *s, void *secret, int *secret_len,
- UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers,
- UNUSED SSL_CIPHER **cipher, void *arg)
-@@ -224,7 +224,7 @@ static int _session_secret(SSL *s, void *secret, int *
-
- RDEBUG("processing PAC-Opaque");
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len);
- #else
- uint8_t client_random[SSL3_RANDOM_SIZE];
-Index: src/main/tls.c
---- a/src/main/tls.c.orig
-+++ b/src/main/tls.c
-@@ -622,7 +622,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls
- /*
- * Swap empty store with the old one.
- */
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx);
- /* Bump refcnt so the store is kept allocated till next store replacement */
- X509_STORE_up_ref(conf->old_x509_store);
-@@ -1340,7 +1340,7 @@ void tls_session_information(tls_session_t *tls_sessio
- if ((tls_session->info.version > tls_session->conf->max_version) &&
- (rad_debug_lvl > 0)) {
- WARN("TLS 1.3 has been negotiated even though it was disabled. This is an OpenSSL Bug.");
-- WARN("Please set: cipher_list = \"DEFAULT@SECLEVEL=1\" in the tls {...} section.");
-+ WARN("Setting cipher_list in the tls {...} section might help.");
- }
- #endif
- break;
-@@ -1697,7 +1697,7 @@ static int load_dh_params(SSL_CTX *ctx, char *file)
- *
- * Change suggested by @t8m
- */
--#if OPENSSL_VERSION_NUMBER >= 0x10101000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
- if (FIPS_mode() > 0) {
- WARN(LOG_PREFIX ": Ignoring user-selected DH parameters in FIPS mode. Using defaults.");
- return 0;
-@@ -1920,7 +1920,7 @@ done:
- return 0;
- }
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy)
- #else
- static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy)
-@@ -2304,7 +2304,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION *
- return 0;
- }
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- static SSL_SESSION *cbtls_cache_load(SSL *ssl, unsigned char *data, int len, int *copy)
- #else
- static SSL_SESSION *cbtls_cache_load(SSL *ssl, const unsigned char *data, int len, int *copy)
-@@ -2840,7 +2840,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
- char cn_str[1024];
- char buf[64];
- X509 *client_cert;
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- const STACK_OF(X509_EXTENSION) *ext_list;
- #else
- STACK_OF(X509_EXTENSION) *ext_list;
-@@ -3058,7 +3058,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
- }
-
- if (lookup == 0) {
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- ext_list = X509_get0_extensions(client_cert);
- #else
- X509_CINF *client_inf;
-@@ -3111,7 +3111,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
- value[0] = '0';
- value[1] = 'x';
- const unsigned char *srcp;
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- const ASN1_STRING *srcasn1p;
- srcasn1p = X509_EXTENSION_get_data(ext);
- srcp = ASN1_STRING_get0_data(srcasn1p);
-@@ -3203,13 +3203,13 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
- */
- if (depth == 0) {
- tls_session_t *ssn = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_SSN);
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- STACK_OF(X509)* untrusted = NULL;
- #endif
-
- rad_assert(ssn != NULL);
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- /*
- * See if there are any untrusted certificates.
- * If so, complain about them.
-@@ -4169,7 +4169,7 @@ post_ca:
- * disable early data.
- *
- */
--#if OPENSSL_VERSION_NUMBER >= 0x10101000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
- SSL_CTX_set_max_early_data(ctx, 0);
- #endif
-
-Index: src/modules/rlm_pap/rlm_pap.c
---- a/src/modules/rlm_pap/rlm_pap.c.orig
-+++ b/src/modules/rlm_pap/rlm_pap.c
-@@ -930,7 +930,7 @@ static inline rlm_rcode_t CC_HINT(nonnull) pap_auth_pb
- digest_len = SHA512_DIGEST_LENGTH;
- break;
-
--# if OPENSSL_VERSION_NUMBER >= 0x10101000L
-+# if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
- case PW_SSHA3_224_PASSWORD:
- evp_md = EVP_sha3_224();
- digest_len = SHA224_DIGEST_LENGTH;
diff --git a/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild b/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild
deleted file mode 100644
index df95f1c..0000000
--- a/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild
+++ /dev/null
@@ -1,268 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{9..10} )
-inherit autotools pam python-single-r1 systemd
-
-MY_PV=$(ver_rs 1- "_")
-
-DESCRIPTION="Highly configurable free RADIUS server"
-HOMEPAGE="https://freeradius.org/"
-SRC_URI="https://github.com/FreeRADIUS/freeradius-server/archive/release_${MY_PV}.tar.gz -> ${P}.tar.gz"
-S="${WORKDIR}/freeradius-server-release_${MY_PV}"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~sparc x86"
-
-IUSE="
- debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
- pcap postgres python readline redis rest samba sqlite ssl systemd
-"
-
-RESTRICT="test firebird? ( bindist )"
-
-# NOTE: Temporary freeradius doesn't support linking with mariadb client
-# libs also if code is compliant, will be available in the next release.
-# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
-
-# TODO: rlm_mschap works with both samba library or without. I need to avoid
-# linking of samba library if -samba is used.
-RDEPEND="acct-group/radius
- acct-user/radius
- !net-dialup/cistronradius
- dev-lang/perl:=
- sys-libs/gdbm:=
- sys-libs/talloc
- virtual/libcrypt:=
- firebird? ( dev-db/firebird )
- iodbc? ( dev-db/libiodbc )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap:= )
- memcached? ( dev-libs/libmemcached )
- mysql? ( dev-db/mysql-connector-c:= )
- mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
- odbc? ( dev-db/unixODBC )
- oracle? ( dev-db/oracle-instantclient[sdk] )
- pam? ( sys-libs/pam )
- pcap? ( net-libs/libpcap )
- postgres? ( dev-db/postgresql:= )
- python? ( ${PYTHON_DEPS} )
- readline? ( sys-libs/readline:0= )
- redis? ( dev-libs/hiredis:= )
- rest? ( dev-libs/json-c:= )
- samba? ( net-fs/samba )
- sqlite? ( dev-db/sqlite:3 )
- ssl? (
- dev-libs/openssl:0=[-bindist(-)]
- )
- systemd? ( sys-apps/systemd )"
-DEPEND="${RDEPEND}"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-# 721040
-QA_SONAME="usr/lib.*/libfreeradius-.*.so"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.0.25-libressl.patch
- "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
-)
-
-pkg_setup() {
- if use python ; then
- python-single-r1_pkg_setup
- export PYTHONBIN="${EPYTHON}"
- fi
-}
-
-src_prepare() {
- # most of the configuration options do not appear as ./configure
- # switches. Instead it identifies the directories that are available
- # and run through them. These might check for the presence of
- # various libraries, in which case they are not built. To avoid
- # automagic dependencies, we just remove all the modules that we're
- # not interested in using.
-
- eapply_user
- default
-
- use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
- use ldap || { rm -r src/modules/rlm_ldap || die ; }
- use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
- use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
- use pam || { rm -r src/modules/rlm_pam || die ; }
- # Drop support of python2
- rm -r src/modules/rlm_python || die
- use python || { rm -r src/modules/rlm_python3 || die ; }
- use rest || { rm -r src/modules/rlm_rest || die ; }
- use redis || { rm -r src/modules/rlm_redis{,who} || die ; }
- # Do not install ruby rlm module, bug #483108
- rm -r src/modules/rlm_ruby || die
-
- # these are all things we don't have in portage/I don't want to deal
- # with myself
- rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library
- rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2
- rm -r src/modules/rlm_opendirectory || die # requires some membership.h
- rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
-
- # sql drivers that are not part of experimental are loaded from a
- # file, so we have to remove them from the file itself when we
- # remove them.
- usesqldriver() {
- local flag=$1
- local driver=rlm_sql_${2:-${flag}}
-
- if ! use ${flag}; then
- rm -r src/modules/rlm_sql/drivers/${driver} || die
- sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
- fi
- }
-
- sed -i \
- -e 's:^#\tuser = :\tuser = :g' \
- -e 's:^#\tgroup = :\tgroup = :g' \
- -e 's:/var/run/radiusd:/run/radiusd:g' \
- -e '/^run_dir/s:${localstatedir}::g' \
- raddb/radiusd.conf.in || die
-
- # verbosity
- # build shared libraries using jlibtool -shared
- sed -i \
- -e '/$(LIBTOOL)/s|--quiet ||g' \
- -e 's:--mode=\(compile\|link\):& -shared:g' \
- Make.inc.in || die
-
- sed -i \
- -e 's|--silent ||g' \
- -e 's:--mode=\(compile\|link\):& -shared:g' \
- scripts/libtool.mk || die
-
- # crude measure to stop jlibtool from running ranlib and ar
- sed -i \
- -e '/LIBRARIAN/s|".*"|"true"|g' \
- -e '/RANLIB/s|".*"|"true"|g' \
- scripts/jlibtool.c || die
-
- usesqldriver mysql
- usesqldriver postgres postgresql
- usesqldriver firebird
- usesqldriver iodbc
- usesqldriver odbc unixodbc
- usesqldriver oracle
- usesqldriver sqlite
- usesqldriver mongodb mongo
-
- eautoreconf
-}
-
-src_configure() {
- # do not try to enable static with static-libs; upstream is a
- # massacre of libtool best practices so you also have to make sure
- # to --enable-shared explicitly.
- local myeconfargs=(
- --enable-shared
- --disable-static
- --disable-ltdl-install
- --with-system-libtool
- --with-system-libltdl
- --with-ascend-binary
- --with-udpfromto
- --with-dhcp
- --with-iodbc-include-dir=/usr/include/iodbc
- --with-experimental-modules
- --with-docdir=/usr/share/doc/${PF}
- --with-logdir=/var/log/radius
- $(use_enable debug developer)
- $(use_with ldap edir)
- $(use_with ssl openssl)
- $(use_with systemd systemd)
- )
- # fix bug #77613
- if has_version app-crypt/heimdal; then
- myeconfargs+=( --enable-heimdal-krb5 )
- fi
-
- if use python ; then
- myeconfargs+=(
- --with-rlm-python3-bin=${EPYTHON}
- --with-rlm-python3-config-bin=${EPYTHON}-config
- )
- fi
-
- use readline || export ac_cv_lib_readline=no
- use pcap || export ac_cv_lib_pcap_pcap_open_live=no
-
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- # verbose, do not generate certificates
- emake \
- Q='' ECHO=true \
- LOCAL_CERT_PRODUCTS=''
-}
-
-src_install() {
- dodir /etc
- diropts -m0750 -o root -g radius
- dodir /etc/raddb
- diropts -m0750 -o radius -g radius
- dodir /var/log/radius
- keepdir /var/log/radius/radacct
- diropts
-
- # verbose, do not install certificates
- # Parallel install fails (#509498)
- emake -j1 \
- Q='' ECHO=true \
- LOCAL_CERT_PRODUCTS='' \
- R="${D}" \
- install
-
- if use pam; then
- pamd_mimic_system radiusd auth account password session
- fi
-
- # fix #711756
- fowners -R radius:radius /etc/raddb
- fowners -R radius:radius /var/log/radius
-
- dodoc CREDITS
-
- rm "${ED}/usr/sbin/rc.radiusd" || die
-
- newinitd "${FILESDIR}/radius.init-r4" radiusd
- newconfd "${FILESDIR}/radius.conf-r6" radiusd
-
- if ! use systemd ; then
- # If systemd builtin is not enabled we need use Type=Simple
- # as systemd .service
- sed -i -e 's:^Type=.*::g' \
- -e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \
- "${S}"/debian/freeradius.service
- fi
- systemd_dounit "${S}"/debian/freeradius.service
-
- find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
-}
-
-pkg_config() {
- if use ssl; then
- cd "${ROOT}"/etc/raddb/certs || die
- ./bootstrap || die "Error while running ./bootstrap script."
- chown root:radius "${ROOT}"/etc/raddb/certs || die
- chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die
- chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die
- fi
-}
-
-pkg_preinst() {
- if ! has_version ${CATEGORY}/${PN} && use ssl; then
- elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
- elog "to start the radiusd service."
- fi
-}
diff --git a/net-dialup/freeradius/freeradius-3.0.26.ebuild b/net-dialup/freeradius/freeradius-3.0.26.ebuild
deleted file mode 100644
index b0355c8..0000000
--- a/net-dialup/freeradius/freeradius-3.0.26.ebuild
+++ /dev/null
@@ -1,268 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{9..10} )
-inherit autotools pam python-single-r1 systemd
-
-MY_PV=$(ver_rs 1- "_")
-
-DESCRIPTION="Highly configurable free RADIUS server"
-HOMEPAGE="https://freeradius.org/"
-SRC_URI="https://github.com/FreeRADIUS/freeradius-server/archive/release_${MY_PV}.tar.gz -> ${P}.tar.gz"
-S="${WORKDIR}/freeradius-server-release_${MY_PV}"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86"
-
-IUSE="
- debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
- pcap postgres python readline redis rest samba sqlite ssl systemd
-"
-
-RESTRICT="test firebird? ( bindist )"
-
-# NOTE: Temporary freeradius doesn't support linking with mariadb client
-# libs also if code is compliant, will be available in the next release.
-# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
-
-# TODO: rlm_mschap works with both samba library or without. I need to avoid
-# linking of samba library if -samba is used.
-RDEPEND="acct-group/radius
- acct-user/radius
- !net-dialup/cistronradius
- dev-lang/perl:=
- sys-libs/gdbm:=
- sys-libs/talloc
- virtual/libcrypt:=
- firebird? ( dev-db/firebird )
- iodbc? ( dev-db/libiodbc )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap:= )
- memcached? ( dev-libs/libmemcached )
- mysql? ( dev-db/mysql-connector-c:= )
- mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
- odbc? ( dev-db/unixODBC )
- oracle? ( dev-db/oracle-instantclient[sdk] )
- pam? ( sys-libs/pam )
- pcap? ( net-libs/libpcap )
- postgres? ( dev-db/postgresql:= )
- python? ( ${PYTHON_DEPS} )
- readline? ( sys-libs/readline:0= )
- redis? ( dev-libs/hiredis:= )
- rest? ( dev-libs/json-c:= )
- samba? ( net-fs/samba )
- sqlite? ( dev-db/sqlite:3 )
- ssl? (
- dev-libs/openssl:0=[-bindist(-)]
- )
- systemd? ( sys-apps/systemd )"
-DEPEND="${RDEPEND}"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-# 721040
-QA_SONAME="usr/lib.*/libfreeradius-.*.so"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.0.25-libressl.patch
- "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
-)
-
-pkg_setup() {
- if use python ; then
- python-single-r1_pkg_setup
- export PYTHONBIN="${EPYTHON}"
- fi
-}
-
-src_prepare() {
- # most of the configuration options do not appear as ./configure
- # switches. Instead it identifies the directories that are available
- # and run through them. These might check for the presence of
- # various libraries, in which case they are not built. To avoid
- # automagic dependencies, we just remove all the modules that we're
- # not interested in using.
-
- eapply_user
- default
-
- use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
- use ldap || { rm -r src/modules/rlm_ldap || die ; }
- use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
- use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
- use pam || { rm -r src/modules/rlm_pam || die ; }
- # Drop support of python2
- rm -r src/modules/rlm_python || die
- use python || { rm -r src/modules/rlm_python3 || die ; }
- use rest || { rm -r src/modules/rlm_rest || die ; }
- use redis || { rm -r src/modules/rlm_redis{,who} || die ; }
- # Do not install ruby rlm module, bug #483108
- rm -r src/modules/rlm_ruby || die
-
- # these are all things we don't have in portage/I don't want to deal
- # with myself
- rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library
- rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2
- rm -r src/modules/rlm_opendirectory || die # requires some membership.h
- rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
-
- # sql drivers that are not part of experimental are loaded from a
- # file, so we have to remove them from the file itself when we
- # remove them.
- usesqldriver() {
- local flag=$1
- local driver=rlm_sql_${2:-${flag}}
-
- if ! use ${flag}; then
- rm -r src/modules/rlm_sql/drivers/${driver} || die
- sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
- fi
- }
-
- sed -i \
- -e 's:^#\tuser = :\tuser = :g' \
- -e 's:^#\tgroup = :\tgroup = :g' \
- -e 's:/var/run/radiusd:/run/radiusd:g' \
- -e '/^run_dir/s:${localstatedir}::g' \
- raddb/radiusd.conf.in || die
-
- # verbosity
- # build shared libraries using jlibtool -shared
- sed -i \
- -e '/$(LIBTOOL)/s|--quiet ||g' \
- -e 's:--mode=\(compile\|link\):& -shared:g' \
- Make.inc.in || die
-
- sed -i \
- -e 's|--silent ||g' \
- -e 's:--mode=\(compile\|link\):& -shared:g' \
- scripts/libtool.mk || die
-
- # crude measure to stop jlibtool from running ranlib and ar
- sed -i \
- -e '/LIBRARIAN/s|".*"|"true"|g' \
- -e '/RANLIB/s|".*"|"true"|g' \
- scripts/jlibtool.c || die
-
- usesqldriver mysql
- usesqldriver postgres postgresql
- usesqldriver firebird
- usesqldriver iodbc
- usesqldriver odbc unixodbc
- usesqldriver oracle
- usesqldriver sqlite
- usesqldriver mongodb mongo
-
- eautoreconf
-}
-
-src_configure() {
- # do not try to enable static with static-libs; upstream is a
- # massacre of libtool best practices so you also have to make sure
- # to --enable-shared explicitly.
- local myeconfargs=(
- --enable-shared
- --disable-static
- --disable-ltdl-install
- --with-system-libtool
- --with-system-libltdl
- --with-ascend-binary
- --with-udpfromto
- --with-dhcp
- --with-iodbc-include-dir=/usr/include/iodbc
- --with-experimental-modules
- --with-docdir=/usr/share/doc/${PF}
- --with-logdir=/var/log/radius
- $(use_enable debug developer)
- $(use_with ldap edir)
- $(use_with ssl openssl)
- $(use_with systemd systemd)
- )
- # fix bug #77613
- if has_version app-crypt/heimdal; then
- myeconfargs+=( --enable-heimdal-krb5 )
- fi
-
- if use python ; then
- myeconfargs+=(
- --with-rlm-python3-bin=${EPYTHON}
- --with-rlm-python3-config-bin=${EPYTHON}-config
- )
- fi
-
- use readline || export ac_cv_lib_readline=no
- use pcap || export ac_cv_lib_pcap_pcap_open_live=no
-
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- # verbose, do not generate certificates
- emake \
- Q='' ECHO=true \
- LOCAL_CERT_PRODUCTS=''
-}
-
-src_install() {
- dodir /etc
- diropts -m0750 -o root -g radius
- dodir /etc/raddb
- diropts -m0750 -o radius -g radius
- dodir /var/log/radius
- keepdir /var/log/radius/radacct
- diropts
-
- # verbose, do not install certificates
- # Parallel install fails (#509498)
- emake -j1 \
- Q='' ECHO=true \
- LOCAL_CERT_PRODUCTS='' \
- R="${D}" \
- install
-
- if use pam; then
- pamd_mimic_system radiusd auth account password session
- fi
-
- # fix #711756
- fowners -R radius:radius /etc/raddb
- fowners -R radius:radius /var/log/radius
-
- dodoc CREDITS
-
- rm "${ED}/usr/sbin/rc.radiusd" || die
-
- newinitd "${FILESDIR}/radius.init-r4" radiusd
- newconfd "${FILESDIR}/radius.conf-r6" radiusd
-
- if ! use systemd ; then
- # If systemd builtin is not enabled we need use Type=Simple
- # as systemd .service
- sed -i -e 's:^Type=.*::g' \
- -e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \
- "${S}"/debian/freeradius.service
- fi
- systemd_dounit "${S}"/debian/freeradius.service
-
- find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
-}
-
-pkg_config() {
- if use ssl; then
- cd "${ROOT}"/etc/raddb/certs || die
- ./bootstrap || die "Error while running ./bootstrap script."
- chown root:radius "${ROOT}"/etc/raddb/certs || die
- chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die
- chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die
- fi
-}
-
-pkg_preinst() {
- if ! has_version ${CATEGORY}/${PN} && use ssl; then
- elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
- elog "to start the radiusd service."
- fi
-}
diff --git a/net-dialup/freeradius/freeradius-3.2.0.ebuild b/net-dialup/freeradius/freeradius-3.2.0.ebuild
deleted file mode 100644
index 1754c9a..0000000
--- a/net-dialup/freeradius/freeradius-3.2.0.ebuild
+++ /dev/null
@@ -1,310 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..10} )
-inherit autotools pam python-single-r1 systemd
-
-MY_PN=${PN}-server
-MY_P=${MY_PN}-${PV}
-MY_PV=$(ver_rs 1- "_")
-
-DESCRIPTION="Highly configurable free RADIUS server"
-HOMEPAGE="https://freeradius.org/"
-SRC_URI="https://github.com/FreeRADIUS/freeradius-server/releases/download/release_${MY_PV}/${MY_P}.tar.bz2"
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~sparc x86"
-
-IUSE="
- debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
- postgres python readline redis samba sqlite ssl systemd
-"
-
-RESTRICT="firebird? ( bindist )"
-
-# NOTE: Temporary freeradius doesn't support linking with mariadb client
-# libs also if code is compliant, will be available in the next release.
-# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
-
-# TODO: rlm_mschap works with both samba library or without. I need to avoid
-# linking of samba library if -samba is used.
-
-# TODO: unconditional json-c for now as automagic dep despite efforts to stop it
-# ditto libpcap. Can restore USE=rest, USE=pcap if/when fixed.
-
-RDEPEND="acct-group/radius
- acct-user/radius
- !net-dialup/cistronradius
- dev-libs/libltdl
- dev-libs/libpcre
- dev-libs/json-c:=
- dev-lang/perl:=
- net-libs/libpcap
- sys-libs/gdbm:=
- sys-libs/libcap
- sys-libs/talloc
- virtual/libcrypt:=
- firebird? ( dev-db/firebird )
- iodbc? ( dev-db/libiodbc )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap:= )
- memcached? ( dev-libs/libmemcached )
- mysql? ( dev-db/mysql-connector-c:= )
- mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
- odbc? ( dev-db/unixODBC )
- oracle? ( dev-db/oracle-instantclient[sdk] )
- pam? ( sys-libs/pam )
- postgres? ( dev-db/postgresql:= )
- python? ( ${PYTHON_DEPS} )
- readline? ( sys-libs/readline:= )
- redis? ( dev-libs/hiredis:= )
- samba? ( net-fs/samba )
- sqlite? ( dev-db/sqlite:3 )
- ssl? ( >=dev-libs/openssl-1.0.2:=[-bindist(-)] )
- systemd? ( sys-apps/systemd:= )"
-DEPEND="${RDEPEND}"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-# bug #721040
-QA_SONAME="usr/lib.*/libfreeradius-.*.so"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.0.25-libressl.patch
- "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
-)
-
-pkg_setup() {
- if use python ; then
- python-single-r1_pkg_setup
- export PYTHONBIN="${EPYTHON}"
- fi
-}
-
-src_prepare() {
- default
-
- # Most of the configuration options do not appear as ./configure
- # switches. Instead it identifies the directories that are available
- # and run through them. These might check for the presence of
- # various libraries, in which case they are not built. To avoid
- # automagic dependencies, we just remove all the modules that we're
- # not interested in using.
- # TODO: shift more of these into configure args below as things
- # are a bit better now.
- use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
- use ldap || { rm -r src/modules/rlm_ldap || die ; }
- use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
- use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
- use pam || { rm -r src/modules/rlm_pam || die ; }
-
- # Drop support for python2
- rm -r src/modules/rlm_python || die
-
- use python || { rm -r src/modules/rlm_python3 || die ; }
- #use rest || { rm -r src/modules/rlm_rest || die ; }
- use redis || { rm -r src/modules/rlm_redis{,who} || die ; }
- # Do not install ruby rlm module, bug #483108
- rm -r src/modules/rlm_ruby || die
-
- # These are all things we don't have in portage/I don't want to deal
- # with myself.
- #
- # Requires TNCS library
- rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die
- # Requires libeap-ikev2
- rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die
- # Requires some membership.h
- rm -r src/modules/rlm_opendirectory || die
- # ?
- rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
-
- # SQL drivers that are not part of experimental are loaded from a
- # file, so we have to remove them from the file itself when we
- # remove them.
- usesqldriver() {
- local flag=$1
- local driver=rlm_sql_${2:-${flag}}
-
- if ! use ${flag} ; then
- rm -r src/modules/rlm_sql/drivers/${driver} || die
- sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
- fi
- }
-
- sed -i \
- -e 's:^#\tuser = :\tuser = :g' \
- -e 's:^#\tgroup = :\tgroup = :g' \
- -e 's:/var/run/radiusd:/run/radiusd:g' \
- -e '/^run_dir/s:${localstatedir}::g' \
- raddb/radiusd.conf.in || die
-
- # - Verbosity
- # - B uild shared libraries using jlibtool -shared
- sed -i \
- -e '/$(LIBTOOL)/s|--quiet ||g' \
- -e 's:--mode=\(compile\|link\):& -shared:g' \
- Make.inc.in || die
- sed -i \
- -e 's|--silent ||g' \
- -e 's:--mode=\(compile\|link\):& -shared:g' \
- scripts/libtool.mk || die
-
- # Crude measure to stop jlibtool from running ranlib and ar
- sed -i \
- -e '/LIBRARIAN/s|".*"|"true"|g' \
- -e '/RANLIB/s|".*"|"true"|g' \
- scripts/jlibtool.c || die
-
- usesqldriver mysql
- usesqldriver postgres postgresql
- usesqldriver firebird
- usesqldriver iodbc
- usesqldriver odbc unixodbc
- usesqldriver oracle
- usesqldriver sqlite
- usesqldriver mongodb mongo
-
- eautoreconf
-}
-
-src_configure() {
- # Do not try to enable static with static-libs; upstream is a
- # massacre of libtool best practices so you also have to make sure
- # to --enable-shared explicitly.
- local myeconfargs=(
- # Revisit confcache when not needing to use ac_cv anymore
- # for automagic deps.
- #--cache-file="${S}"/config.cache
-
- --enable-shared
- --disable-ltdl-install
- --disable-silent-rules
- --with-system-libtool
- --with-system-libltdl
-
- --enable-strict-dependencies
- --without-rlm_couchbase
- --without-rlm_securid
- --without-rlm_unbound
- --without-rlm_idn
- #--without-rlm_json
- #$(use_with rest libfreeradius-json)
-
- # Our OpenSSL should be patched. Avoid false-positive failures.
- --disable-openssl-version-check
- --with-ascend-binary
- --with-udpfromto
- --with-dhcp
- --with-pcre
- --with-iodbc-include-dir=/usr/include/iodbc
- --with-experimental-modules
- --with-docdir=/usr/share/doc/${PF}
- --with-logdir=/var/log/radius
-
- $(use_enable debug developer)
- $(use_with ldap edir)
- $(use_with ssl openssl)
- $(use_with systemd systemd)
- )
-
- # bug #77613
- if has_version app-crypt/heimdal ; then
- myeconfargs+=( --enable-heimdal-krb5 )
- fi
-
- if use python ; then
- myeconfargs+=(
- --with-rlm-python3-bin=${EPYTHON}
- --with-rlm-python3-config-bin=${EPYTHON}-config
- )
- fi
-
- if ! use readline ; then
- export ac_cv_lib_readline=no
- fi
-
- #if ! use pcap ; then
- # export ac_cv_lib_pcap_pcap_open_live=no
- # export ac_cv_header_pcap_h=no
- #fi
-
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- # Verbose, do not generate certificates
- emake \
- Q='' ECHO=true \
- LOCAL_CERT_PRODUCTS=''
-}
-
-src_install() {
- dodir /etc
-
- diropts -m0750 -o root -g radius
- dodir /etc/raddb
-
- diropts -m0750 -o radius -g radius
- dodir /var/log/radius
-
- keepdir /var/log/radius/radacct
- diropts
-
- # - Verbose, do not install certificates
- # - Parallel install fails (bug #509498)
- emake -j1 \
- Q='' ECHO=true \
- LOCAL_CERT_PRODUCTS='' \
- R="${D}" \
- install
-
- if use pam ; then
- pamd_mimic_system radiusd auth account password session
- fi
-
- # bug #711756
- fowners -R radius:radius /etc/raddb
- fowners -R radius:radius /var/log/radius
-
- dodoc CREDITS
-
- rm "${ED}"/usr/sbin/rc.radiusd || die
-
- newinitd "${FILESDIR}"/radius.init-r4 radiusd
- newconfd "${FILESDIR}"/radius.conf-r6 radiusd
-
- if ! use systemd ; then
- # If systemd builtin is not enabled we need use Type=Simple
- # as systemd .service
- sed -i -e 's:^Type=.*::g' \
- -e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \
- "${S}"/debian/freeradius.service
- fi
-
- systemd_dounit "${S}"/debian/freeradius.service
-
- find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
-}
-
-pkg_config() {
- if use ssl ; then
- cd "${ROOT}"/etc/raddb/certs || die
-
- ./bootstrap || die "Error while running ./bootstrap script."
- chown root:radius "${ROOT}"/etc/raddb/certs || die
- chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die
- chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die
- fi
-}
-
-pkg_preinst() {
- if ! has_version ${CATEGORY}/${PN} && use ssl ; then
- elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
- elog "to start the radiusd service."
- fi
-}
diff --git a/net-dialup/freeradius/freeradius-3.2.1.ebuild b/net-dialup/freeradius/freeradius-3.2.1.ebuild
deleted file mode 100644
index 8bee21c..0000000
--- a/net-dialup/freeradius/freeradius-3.2.1.ebuild
+++ /dev/null
@@ -1,312 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-inherit autotools pam python-single-r1 systemd
-
-MY_PN=${PN}-server
-MY_P=${MY_PN}-${PV}
-MY_PV=$(ver_rs 1- "_")
-
-DESCRIPTION="Highly configurable free RADIUS server"
-HOMEPAGE="https://freeradius.org/"
-SRC_URI="https://github.com/FreeRADIUS/freeradius-server/releases/download/release_${MY_PV}/${MY_P}.tar.bz2"
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86"
-
-IUSE="
- debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
- postgres python readline redis samba sqlite ssl systemd
-"
-
-RESTRICT="firebird? ( bindist )"
-
-# NOTE: Temporary freeradius doesn't support linking with mariadb client
-# libs also if code is compliant, will be available in the next release.
-# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
-
-# TODO: rlm_mschap works with both samba library or without. I need to avoid
-# linking of samba library if -samba is used.
-
-# TODO: unconditional json-c for now as automagic dep despite efforts to stop it
-# ditto libpcap. Can restore USE=rest, USE=pcap if/when fixed.
-
-RDEPEND="acct-group/radius
- acct-user/radius
- !net-dialup/cistronradius
- dev-libs/libltdl
- dev-libs/libpcre
- dev-libs/json-c:=
- dev-lang/perl:=
- net-libs/libpcap
- sys-libs/gdbm:=
- sys-libs/libcap
- sys-libs/talloc
- virtual/libcrypt:=
- firebird? ( dev-db/firebird )
- iodbc? ( dev-db/libiodbc )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap:= )
- memcached? ( dev-libs/libmemcached )
- mysql? ( dev-db/mysql-connector-c:= )
- mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
- odbc? ( dev-db/unixODBC )
- oracle? ( dev-db/oracle-instantclient[sdk] )
- pam? ( sys-libs/pam )
- postgres? ( dev-db/postgresql:= )
- python? ( ${PYTHON_DEPS} )
- readline? ( sys-libs/readline:= )
- redis? ( dev-libs/hiredis:= )
- samba? ( net-fs/samba )
- sqlite? ( dev-db/sqlite:3 )
- ssl? ( >=dev-libs/openssl-1.0.2:=[-bindist(-)] )
- systemd? ( sys-apps/systemd:= )"
-DEPEND="${RDEPEND}"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-# bug #721040
-QA_SONAME="usr/lib.*/libfreeradius-.*.so"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.2.1-libressl.patch
- "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
-)
-
-pkg_setup() {
- if use python ; then
- python-single-r1_pkg_setup
- export PYTHONBIN="${EPYTHON}"
- fi
-}
-
-src_prepare() {
- default
-
- # Most of the configuration options do not appear as ./configure
- # switches. Instead it identifies the directories that are available
- # and run through them. These might check for the presence of
- # various libraries, in which case they are not built. To avoid
- # automagic dependencies, we just remove all the modules that we're
- # not interested in using.
- # TODO: shift more of these into configure args below as things
- # are a bit better now.
- use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
- use ldap || { rm -r src/modules/rlm_ldap || die ; }
- use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
- use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
- use pam || { rm -r src/modules/rlm_pam || die ; }
-
- # Drop support for python2
- rm -r src/modules/rlm_python || die
-
- use python || { rm -r src/modules/rlm_python3 || die ; }
- #use rest || { rm -r src/modules/rlm_rest || die ; }
- # Do not install ruby rlm module, bug #483108
- rm -r src/modules/rlm_ruby || die
-
- # These are all things we don't have in portage/I don't want to deal
- # with myself.
- #
- # Requires TNCS library
- rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die
- # Requires libeap-ikev2
- rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die
- # Requires some membership.h
- rm -r src/modules/rlm_opendirectory || die
- # ?
- rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
-
- # SQL drivers that are not part of experimental are loaded from a
- # file, so we have to remove them from the file itself when we
- # remove them.
- usesqldriver() {
- local flag=$1
- local driver=rlm_sql_${2:-${flag}}
-
- if ! use ${flag} ; then
- rm -r src/modules/rlm_sql/drivers/${driver} || die
- sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
- fi
- }
-
- sed -i \
- -e 's:^#\tuser = :\tuser = :g' \
- -e 's:^#\tgroup = :\tgroup = :g' \
- -e 's:/var/run/radiusd:/run/radiusd:g' \
- -e '/^run_dir/s:${localstatedir}::g' \
- raddb/radiusd.conf.in || die
-
- # - Verbosity
- # - B uild shared libraries using jlibtool -shared
- sed -i \
- -e '/$(LIBTOOL)/s|--quiet ||g' \
- -e 's:--mode=\(compile\|link\):& -shared:g' \
- Make.inc.in || die
- sed -i \
- -e 's|--silent ||g' \
- -e 's:--mode=\(compile\|link\):& -shared:g' \
- scripts/libtool.mk || die
-
- # Crude measure to stop jlibtool from running ranlib and ar
- sed -i \
- -e '/LIBRARIAN/s|".*"|"true"|g' \
- -e '/RANLIB/s|".*"|"true"|g' \
- scripts/jlibtool.c || die
-
- usesqldriver mysql
- usesqldriver postgres postgresql
- usesqldriver firebird
- usesqldriver iodbc
- usesqldriver odbc unixodbc
- usesqldriver oracle
- usesqldriver sqlite
- usesqldriver mongodb mongo
-
- eautoreconf
-}
-
-src_configure() {
- # Do not try to enable static with static-libs; upstream is a
- # massacre of libtool best practices so you also have to make sure
- # to --enable-shared explicitly.
- local myeconfargs=(
- # Revisit confcache when not needing to use ac_cv anymore
- # for automagic deps.
- #--cache-file="${S}"/config.cache
-
- --enable-shared
- --disable-ltdl-install
- --disable-silent-rules
- --with-system-libtool
- --with-system-libltdl
-
- --enable-strict-dependencies
- --without-rlm_couchbase
- --without-rlm_securid
- --without-rlm_unbound
- --without-rlm_idn
- #--without-rlm_json
- #$(use_with rest libfreeradius-json)
-
- # Our OpenSSL should be patched. Avoid false-positive failures.
- --disable-openssl-version-check
- --with-ascend-binary
- --with-udpfromto
- --with-dhcp
- --with-pcre
- --with-iodbc-include-dir=/usr/include/iodbc
- --with-experimental-modules
- --with-docdir=/usr/share/doc/${PF}
- --with-logdir=/var/log/radius
-
- $(use_enable debug developer)
- $(use_with ldap edir)
- $(use_with redis rlm_cache_redis)
- $(use_with redis rlm_redis)
- $(use_with redis rlm_rediswho)
- $(use_with ssl openssl)
- $(use_with systemd systemd)
- )
-
- # bug #77613
- if has_version app-crypt/heimdal ; then
- myeconfargs+=( --enable-heimdal-krb5 )
- fi
-
- if use python ; then
- myeconfargs+=(
- --with-rlm-python3-bin=${EPYTHON}
- --with-rlm-python3-config-bin=${EPYTHON}-config
- )
- fi
-
- if ! use readline ; then
- export ac_cv_lib_readline=no
- fi
-
- #if ! use pcap ; then
- # export ac_cv_lib_pcap_pcap_open_live=no
- # export ac_cv_header_pcap_h=no
- #fi
-
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- # Verbose, do not generate certificates
- emake \
- Q='' ECHO=true \
- LOCAL_CERT_PRODUCTS=''
-}
-
-src_install() {
- dodir /etc
-
- diropts -m0750 -o root -g radius
- dodir /etc/raddb
-
- diropts -m0750 -o radius -g radius
- dodir /var/log/radius
-
- keepdir /var/log/radius/radacct
- diropts
-
- # - Verbose, do not install certificates
- # - Parallel install fails (bug #509498)
- emake -j1 \
- Q='' ECHO=true \
- LOCAL_CERT_PRODUCTS='' \
- R="${D}" \
- install
-
- if use pam ; then
- pamd_mimic_system radiusd auth account password session
- fi
-
- # bug #711756
- fowners -R radius:radius /etc/raddb
- fowners -R radius:radius /var/log/radius
-
- dodoc CREDITS
-
- rm "${ED}"/usr/sbin/rc.radiusd || die
-
- newinitd "${FILESDIR}"/radius.init-r4 radiusd
- newconfd "${FILESDIR}"/radius.conf-r6 radiusd
-
- if ! use systemd ; then
- # If systemd builtin is not enabled we need use Type=Simple
- # as systemd .service
- sed -i -e 's:^Type=.*::g' \
- -e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \
- "${S}"/debian/freeradius.service
- fi
-
- systemd_dounit "${S}"/debian/freeradius.service
-
- find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
-}
-
-pkg_config() {
- if use ssl ; then
- cd "${ROOT}"/etc/raddb/certs || die
-
- ./bootstrap || die "Error while running ./bootstrap script."
- chown root:radius "${ROOT}"/etc/raddb/certs || die
- chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die
- chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die
- fi
-}
-
-pkg_preinst() {
- if ! has_version ${CATEGORY}/${PN} && use ssl ; then
- elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
- elog "to start the radiusd service."
- fi
-}
diff --git a/net-dialup/freeradius/metadata.xml b/net-dialup/freeradius/metadata.xml
index a97e6b2..f88a6ec 100644
--- a/net-dialup/freeradius/metadata.xml
+++ b/net-dialup/freeradius/metadata.xml
@@ -6,12 +6,6 @@
<flag name="memcached">
Include <pkg>dev-libs/libmemcached</pkg> in caching drivers
</flag>
- <flag name="pcap">
- Build the RADIUS sniffer which requires <pkg>net-libs/libpcap</pkg>.
- </flag>
- <flag name="rest">
- Include support for sending and receiving HTTP requests
- </flag>
<flag name="redis">
Include support for Redis database
</flag>
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-dialup/freeradius/files/, net-dialup/freeradius/
@ 2023-12-29 15:34 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2023-12-29 15:34 UTC (permalink / raw
To: gentoo-commits
commit: 4f1026f51f63ff521ad4eb88c8b671f87805abf2
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Fri Dec 29 15:15:23 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Fri Dec 29 15:15:23 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=4f1026f5
net-dialup/freeradius: add 3.2.3
Signed-off-by: orbea <orbea <AT> riseup.net>
net-dialup/freeradius/Manifest | 1 +
.../files/freeradius-3.2.3-configure-c99.patch | 38 +++
net-dialup/freeradius/freeradius-3.2.3.ebuild | 322 +++++++++++++++++++++
3 files changed, 361 insertions(+)
diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest
index f07da4b..387fe37 100644
--- a/net-dialup/freeradius/Manifest
+++ b/net-dialup/freeradius/Manifest
@@ -1 +1,2 @@
DIST freeradius-server-3.2.2.tar.bz2 3418998 BLAKE2B 584d1ff79cf3a75c79f5b24f9e47d7c8d8caee0d706eb47bb387300172f0699f904804d963aab8c252a21fe67f7885a47659b8cd9db5292a6d4db087d72e8e38 SHA512 91dc574560a1f75cafa8bc78c0676f0e3dae7154ecbb395e0e1f6738f78d8bcfe1bff122364452798fd0434c4056fd946799b8f29a1141398bf0542a37870689
+DIST freeradius-server-3.2.3.tar.bz2 3454869 BLAKE2B 525204331a5b123dac7457c6adb755cbe9794dbff4a536ea665fc7d1cac97553e392b7b598741c2a9dd00c81decd00608499d6f25208e389b9f213f54977de84 SHA512 06767153e262a2baa2d0cc74099bc13c23b33c2316348b5dc8ec0f5834c028571bd09b8c01726a6eabeaab8fdc3050f40bfeba2d5b1c299585d1689abad365ce
diff --git a/net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch b/net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch
new file mode 100644
index 0000000..395e97d
--- /dev/null
+++ b/net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch
@@ -0,0 +1,38 @@
+https://src.fedoraproject.org/rpms/freeradius/c/1793f410aa789704b5ac0be9cf7d0eaece906d1a?branch=rawhide
+https://github.com/FreeRADIUS/freeradius-server/pull/5246
+
+The backtrace_symbols function expects a pointer to an array of void *
+values, not a pointer to an array of a single element. Removing the
+address operator ensures that the right type is used.
+
+This avoids an unconditional failure of this probe with compilers that
+treat incompatible pointer types as a compilation error.
+
+Submitted upstream: <https://github.com/FreeRADIUS/freeradius-server/pull/5246>
+
+diff --git a/configure b/configure
+index ed01ee2bdd912f63..1e6d2284779cdd58 100755
+--- a/configure
++++ b/configure
+@@ -13390,7 +13390,7 @@ main (void)
+ {
+
+ void *sym[1];
+- backtrace_symbols(&sym, sizeof(sym))
++ backtrace_symbols(sym, sizeof(sym))
+ ;
+ return 0;
+ }
+diff --git a/configure.ac b/configure.ac
+index 76320213b51d7bb4..6a689711d6c90483 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2168,7 +2168,7 @@ if test "x$ac_cv_header_execinfo_h" = "xyes"; then
+ #include <execinfo.h>
+ ]], [[
+ void *sym[1];
+- backtrace_symbols(&sym, sizeof(sym)) ]])],[
++ backtrace_symbols(sym, sizeof(sym)) ]])],[
+ AC_MSG_RESULT(yes)
+ ac_cv_lib_execinfo_backtrace_symbols="yes"
+ ],[
diff --git a/net-dialup/freeradius/freeradius-3.2.3.ebuild b/net-dialup/freeradius/freeradius-3.2.3.ebuild
new file mode 100644
index 0000000..a46fc9b
--- /dev/null
+++ b/net-dialup/freeradius/freeradius-3.2.3.ebuild
@@ -0,0 +1,322 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+AUTOTOOLS_DEPEND=">=sys-devel/autoconf-2.69"
+inherit autotools pam python-single-r1 systemd
+
+MY_PN=${PN}-server
+MY_P=${MY_PN}-${PV}
+MY_PV=$(ver_rs 1- "_")
+
+DESCRIPTION="Highly configurable free RADIUS server"
+HOMEPAGE="https://freeradius.org/"
+SRC_URI="https://github.com/FreeRADIUS/freeradius-server/releases/download/release_${MY_PV}/${MY_P}.tar.bz2"
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86"
+
+IUSE="
+ debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
+ postgres python readline redis samba selinux sqlite ssl systemd
+"
+
+RESTRICT="firebird? ( bindist )"
+
+# NOTE: Temporary freeradius doesn't support linking with mariadb client
+# libs also if code is compliant, will be available in the next release.
+# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
+
+# TODO: rlm_mschap works with both samba library or without. I need to avoid
+# linking of samba library if -samba is used.
+
+# TODO: unconditional json-c for now as automagic dep despite efforts to stop it
+# ditto libpcap. Can restore USE=rest, USE=pcap if/when fixed.
+
+DEPEND="
+ acct-group/radius
+ acct-user/radius
+ !net-dialup/cistronradius
+ dev-libs/libltdl
+ dev-libs/libpcre
+ dev-libs/json-c:=
+ dev-lang/perl:=
+ net-libs/libpcap
+ net-misc/curl
+ sys-libs/gdbm:=
+ sys-libs/libcap
+ sys-libs/talloc
+ virtual/libcrypt:=
+ firebird? ( dev-db/firebird )
+ iodbc? ( dev-db/libiodbc )
+ kerberos? ( virtual/krb5 )
+ ldap? ( net-nds/openldap:= )
+ memcached? ( dev-libs/libmemcached )
+ mysql? ( dev-db/mysql-connector-c:= )
+ mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
+ odbc? ( dev-db/unixODBC )
+ oracle? ( dev-db/oracle-instantclient[sdk] )
+ pam? ( sys-libs/pam )
+ postgres? ( dev-db/postgresql:= )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+ redis? ( dev-libs/hiredis:= )
+ samba? ( net-fs/samba )
+ sqlite? ( dev-db/sqlite:3 )
+ ssl? ( >=dev-libs/openssl-1.0.2:=[-bindist(-)] )
+ systemd? ( sys-apps/systemd:= )
+"
+RDEPEND="
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-radius )
+"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# bug #721040
+QA_SONAME="usr/lib.*/libfreeradius-.*.so"
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ # Not available on Linux (bug #900048)
+ htonll
+ htonlll
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.2.1-libressl.patch
+ "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
+ "${FILESDIR}"/${PN}-3.2.3-configure-c99.patch
+)
+
+pkg_setup() {
+ if use python ; then
+ python-single-r1_pkg_setup
+ export PYTHONBIN="${EPYTHON}"
+ fi
+}
+
+src_prepare() {
+ default
+
+ # Most of the configuration options do not appear as ./configure
+ # switches. Instead it identifies the directories that are available
+ # and run through them. These might check for the presence of
+ # various libraries, in which case they are not built. To avoid
+ # automagic dependencies, we just remove all the modules that we're
+ # not interested in using.
+ # TODO: shift more of these into configure args below as things
+ # are a bit better now.
+ use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
+ use ldap || { rm -r src/modules/rlm_ldap || die ; }
+ use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
+ use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
+ use pam || { rm -r src/modules/rlm_pam || die ; }
+
+ # Drop support for python2
+ rm -r src/modules/rlm_python || die
+
+ use python || { rm -r src/modules/rlm_python3 || die ; }
+ #use rest || { rm -r src/modules/rlm_rest || die ; }
+ # Do not install ruby rlm module, bug #483108
+ rm -r src/modules/rlm_ruby || die
+
+ # These are all things we don't have in portage/I don't want to deal
+ # with myself.
+ #
+ # Requires TNCS library
+ rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die
+ # Requires libeap-ikev2
+ rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die
+ # Requires some membership.h
+ rm -r src/modules/rlm_opendirectory || die
+ # ?
+ rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
+
+ # SQL drivers that are not part of experimental are loaded from a
+ # file, so we have to remove them from the file itself when we
+ # remove them.
+ usesqldriver() {
+ local flag=$1
+ local driver=rlm_sql_${2:-${flag}}
+
+ if ! use ${flag} ; then
+ rm -r src/modules/rlm_sql/drivers/${driver} || die
+ sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
+ fi
+ }
+
+ sed -i \
+ -e 's:^#\tuser = :\tuser = :g' \
+ -e 's:^#\tgroup = :\tgroup = :g' \
+ -e 's:/var/run/radiusd:/run/radiusd:g' \
+ -e '/^run_dir/s:${localstatedir}::g' \
+ raddb/radiusd.conf.in || die
+
+ # - Verbosity
+ # - B uild shared libraries using jlibtool -shared
+ sed -i \
+ -e 's|--silent ||g' \
+ -e 's:--mode=\(compile\|link\):& -shared:g' \
+ scripts/libtool.mk || die
+
+ # Crude measure to stop jlibtool from running ranlib and ar
+ sed -i \
+ -e '/LIBRARIAN/s|".*"|"true"|g' \
+ -e '/RANLIB/s|".*"|"true"|g' \
+ scripts/jlibtool.c || die
+
+ usesqldriver mysql
+ usesqldriver postgres postgresql
+ usesqldriver firebird
+ usesqldriver iodbc
+ usesqldriver odbc unixodbc
+ usesqldriver oracle
+ usesqldriver sqlite
+ usesqldriver mongodb mongo
+
+ eautoreconf
+}
+
+src_configure() {
+ # Do not try to enable static with static-libs; upstream is a
+ # massacre of libtool best practices so you also have to make sure
+ # to --enable-shared explicitly.
+ local myeconfargs=(
+ # Revisit confcache when not needing to use ac_cv anymore
+ # for automagic deps.
+ #--cache-file="${S}"/config.cache
+
+ --enable-shared
+ --disable-ltdl-install
+ --disable-silent-rules
+ --with-system-libtool
+ --with-system-libltdl
+
+ --enable-strict-dependencies
+ --without-rlm_couchbase
+ --without-rlm_securid
+ --without-rlm_unbound
+ --without-rlm_idn
+ #--without-rlm_json
+ #$(use_with rest libfreeradius-json)
+
+ # Our OpenSSL should be patched. Avoid false-positive failures.
+ --disable-openssl-version-check
+ --with-ascend-binary
+ --with-udpfromto
+ --with-dhcp
+ --with-pcre
+ --with-iodbc-include-dir=/usr/include/iodbc
+ --with-experimental-modules
+ --with-docdir=/usr/share/doc/${PF}
+ --with-logdir=/var/log/radius
+
+ $(use_enable debug developer)
+ $(use_with ldap edir)
+ $(use_with redis rlm_cache_redis)
+ $(use_with redis rlm_redis)
+ $(use_with redis rlm_rediswho)
+ $(use_with ssl openssl)
+ $(use_with systemd systemd)
+ )
+
+ # bug #77613
+ if has_version app-crypt/heimdal ; then
+ myeconfargs+=( --enable-heimdal-krb5 )
+ fi
+
+ if use python ; then
+ myeconfargs+=(
+ --with-rlm-python3-bin=${EPYTHON}
+ --with-rlm-python3-config-bin=${EPYTHON}-config
+ )
+ fi
+
+ if ! use readline ; then
+ export ac_cv_lib_readline=no
+ fi
+
+ #if ! use pcap ; then
+ # export ac_cv_lib_pcap_pcap_open_live=no
+ # export ac_cv_header_pcap_h=no
+ #fi
+
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ # Verbose, do not generate certificates
+ emake \
+ Q='' ECHO=true \
+ LOCAL_CERT_PRODUCTS=''
+}
+
+src_install() {
+ dodir /etc
+
+ diropts -m0750 -o root -g radius
+ dodir /etc/raddb
+
+ diropts -m0750 -o radius -g radius
+ dodir /var/log/radius
+
+ keepdir /var/log/radius/radacct
+ diropts
+
+ # - Verbose, do not install certificates
+ # - Parallel install fails (bug #509498)
+ emake -j1 \
+ Q='' ECHO=true \
+ LOCAL_CERT_PRODUCTS='' \
+ R="${D}" \
+ install
+
+ if use pam ; then
+ pamd_mimic_system radiusd auth account password session
+ fi
+
+ # bug #711756
+ fowners -R radius:radius /etc/raddb
+ fowners -R radius:radius /var/log/radius
+
+ dodoc CREDITS
+
+ rm "${ED}"/usr/sbin/rc.radiusd || die
+
+ newinitd "${FILESDIR}"/radius.init-r4 radiusd
+ newconfd "${FILESDIR}"/radius.conf-r6 radiusd
+
+ if ! use systemd ; then
+ # If systemd builtin is not enabled we need use Type=Simple
+ # as systemd .service
+ sed -i -e 's:^Type=.*::g' \
+ -e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \
+ "${S}"/debian/freeradius.service
+ fi
+
+ systemd_dounit "${S}"/debian/freeradius.service
+
+ find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
+}
+
+pkg_config() {
+ if use ssl ; then
+ cd "${ROOT}"/etc/raddb/certs || die
+
+ ./bootstrap || die "Error while running ./bootstrap script."
+ chown root:radius "${ROOT}"/etc/raddb/certs || die
+ chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die
+ chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die
+ fi
+}
+
+pkg_preinst() {
+ if ! has_version ${CATEGORY}/${PN} && use ssl ; then
+ elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
+ elog "to start the radiusd service."
+ fi
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-dialup/freeradius/files/, net-dialup/freeradius/
@ 2025-01-04 19:07 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2025-01-04 19:07 UTC (permalink / raw
To: gentoo-commits
commit: 41f18a6ef06b61c87f5bdef4e4a7787636d39d0f
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sat Jan 4 16:15:26 2025 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Sat Jan 4 19:01:55 2025 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=41f18a6e
net-dialup/freeradius: add 3.2.6
Signed-off-by: orbea <orbea <AT> riseup.net>
net-dialup/freeradius/Manifest | 1 +
.../files/freeradius-3.2.6-libressl.patch | 123 ++++++++
net-dialup/freeradius/freeradius-3.2.6.ebuild | 321 +++++++++++++++++++++
3 files changed, 445 insertions(+)
diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest
index ebb8015..18bf6fc 100644
--- a/net-dialup/freeradius/Manifest
+++ b/net-dialup/freeradius/Manifest
@@ -1 +1,2 @@
DIST freeradius-server-3.2.3.tar.bz2 3454869 BLAKE2B 525204331a5b123dac7457c6adb755cbe9794dbff4a536ea665fc7d1cac97553e392b7b598741c2a9dd00c81decd00608499d6f25208e389b9f213f54977de84 SHA512 06767153e262a2baa2d0cc74099bc13c23b33c2316348b5dc8ec0f5834c028571bd09b8c01726a6eabeaab8fdc3050f40bfeba2d5b1c299585d1689abad365ce
+DIST freeradius-server-3.2.6.tar.bz2 3500878 BLAKE2B 0af7cdf7fb784f2d5019f3bcb06d1d44dca046c9a4513d780ab032367001b6a67e9ea17a3a5b4609b9d7b936647e60c96e35188ba9644c4360071ac8d021bd58 SHA512 3fdd0c1bf82cf7ea2e9ee46cda1061ef06c97eddd70b75be17f05d9dc13771b339d01f140b4288632700d6315c1ac506d225d1e83a179b6f7e8338e2ae42d7e8
diff --git a/net-dialup/freeradius/files/freeradius-3.2.6-libressl.patch b/net-dialup/freeradius/files/freeradius-3.2.6-libressl.patch
new file mode 100644
index 0000000..1ac75d2
--- /dev/null
+++ b/net-dialup/freeradius/files/freeradius-3.2.6-libressl.patch
@@ -0,0 +1,123 @@
+From OpenBSD:
+
+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_cb_c
+https://github.com/openbsd/ports/blob/master/net/freeradius/patches/patch-src_main_tls_c
+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_modules_rlm_eap_types_rlm_eap_fast_rlm_eap_fast_c
+https://github.com/openbsd/ports/blob/master/net/freeradius/patches/patch-src_modules_rlm_pap_rlm_pap_c
+
+--- a/src/main/cb.c
++++ b/src/main/cb.c
+@@ -61,7 +61,7 @@ void cbtls_info(SSL const *s, int where, int ret)
+ /*
+ * After a ClientHello, list all the proposed ciphers from the client
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) {
+ int i;
+ int num_ciphers;
+@@ -121,7 +121,7 @@ void cbtls_info(SSL const *s, int where, int ret)
+ return;
+ }
+ RERROR("(TLS) %s - %s: Error in %s", conf->name, role, state);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (RDEBUG_ENABLED3 && (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO)) goto report_ciphers;
+ #endif
+ }
+@@ -208,7 +208,7 @@ void cbtls_msg(int write_p, int msg_version, int content_type,
+ state->info.alert_level = 0x00;
+ state->info.alert_description = 0x00;
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ } else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) {
+ /* let tls_ack_handler set application_data */
+ state->info.content_type = SSL3_RT_HANDSHAKE;
+--- a/src/main/tls.c
++++ b/src/main/tls.c
+@@ -701,7 +701,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
+ /*
+ * Swap empty store with the old one.
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx);
+ /* Bump refcnt so the store is kept allocated till next store replacement */
+ X509_STORE_up_ref(conf->old_x509_store);
+@@ -2069,7 +2069,7 @@ done:
+ return 0;
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy)
+ #else
+ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy)
+@@ -2453,7 +2453,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION *sess)
+ return 0;
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static SSL_SESSION *cbtls_cache_load(SSL *ssl, unsigned char *data, int len, int *copy)
+ #else
+ static SSL_SESSION *cbtls_cache_load(SSL *ssl, const unsigned char *data, int len, int *copy)
+@@ -2985,7 +2985,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ char cn_str[1024];
+ char buf[64];
+ X509 *client_cert;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const STACK_OF(X509_EXTENSION) *ext_list;
+ #else
+ STACK_OF(X509_EXTENSION) *ext_list;
+@@ -3220,7 +3220,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ }
+
+ if (lookup == 0) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ ext_list = X509_get0_extensions(client_cert);
+ #else
+ X509_CINF *client_inf;
+@@ -3273,7 +3273,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ value[0] = '0';
+ value[1] = 'x';
+ const unsigned char *srcp;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const ASN1_STRING *srcasn1p;
+ srcasn1p = X509_EXTENSION_get_data(ext);
+ srcp = ASN1_STRING_get0_data(srcasn1p);
+@@ -4346,7 +4346,7 @@ post_ca:
+ }
+ }
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) /* SSL_CTX_set1_sigalgs_list */
+ if (conf->sigalgs_list) {
+ char *list;
+
+--- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
++++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
+@@ -224,7 +224,7 @@ static int _session_secret(SSL *s, void *secret, int *secret_len,
+
+ RDEBUG("processing PAC-Opaque");
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len);
+ #else
+ uint8_t client_random[SSL3_RANDOM_SIZE];
+--- a/src/modules/rlm_pap/rlm_pap.c
++++ b/src/modules/rlm_pap/rlm_pap.c
+@@ -934,7 +934,7 @@ static inline rlm_rcode_t CC_HINT(nonnull) pap_auth_pbkdf2_parse(REQUEST *reques
+ digest_len = SHA512_DIGEST_LENGTH;
+ break;
+
+-# if OPENSSL_VERSION_NUMBER >= 0x10101000L
++# if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ case PW_SSHA3_224_PASSWORD:
+ evp_md = EVP_sha3_224();
+ digest_len = SHA224_DIGEST_LENGTH;
diff --git a/net-dialup/freeradius/freeradius-3.2.6.ebuild b/net-dialup/freeradius/freeradius-3.2.6.ebuild
new file mode 100644
index 0000000..723f653
--- /dev/null
+++ b/net-dialup/freeradius/freeradius-3.2.6.ebuild
@@ -0,0 +1,321 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..13} python3_13t )
+AUTOTOOLS_DEPEND=">=dev-build/autoconf-2.69"
+inherit autotools pam python-single-r1 systemd
+
+MY_PN=${PN}-server
+MY_P=${MY_PN}-${PV}
+MY_PV=$(ver_rs 1- "_")
+
+DESCRIPTION="Highly configurable free RADIUS server"
+HOMEPAGE="https://www.freeradius.org/"
+SRC_URI="https://github.com/FreeRADIUS/freeradius-server/releases/download/release_${MY_PV}/${MY_P}.tar.bz2"
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86"
+
+IUSE="
+ debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
+ postgres python readline redis samba selinux sqlite ssl systemd
+"
+
+RESTRICT="firebird? ( bindist )"
+
+# NOTE: Temporary freeradius doesn't support linking with mariadb client
+# libs also if code is compliant, will be available in the next release.
+# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
+
+# TODO: rlm_mschap works with both samba library or without. I need to avoid
+# linking of samba library if -samba is used.
+
+# TODO: unconditional json-c for now as automagic dep despite efforts to stop it
+# ditto libpcap. Can restore USE=rest, USE=pcap if/when fixed.
+
+DEPEND="
+ acct-group/radius
+ acct-user/radius
+ dev-libs/libltdl
+ dev-libs/libpcre
+ dev-libs/json-c:=
+ dev-lang/perl:=
+ net-libs/libpcap
+ net-misc/curl
+ sys-libs/gdbm:=
+ sys-libs/libcap
+ sys-libs/talloc
+ virtual/libcrypt:=
+ firebird? ( dev-db/firebird )
+ iodbc? ( dev-db/libiodbc )
+ kerberos? ( virtual/krb5 )
+ ldap? ( net-nds/openldap:= )
+ memcached? ( dev-libs/libmemcached )
+ mysql? ( dev-db/mysql-connector-c:= )
+ mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
+ odbc? ( dev-db/unixODBC )
+ oracle? ( dev-db/oracle-instantclient[sdk] )
+ pam? ( sys-libs/pam )
+ postgres? ( dev-db/postgresql:= )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+ redis? ( dev-libs/hiredis:= )
+ samba? ( net-fs/samba )
+ sqlite? ( dev-db/sqlite:3 )
+ ssl? ( >=dev-libs/openssl-1.0.2:=[-bindist(-)] )
+ systemd? ( sys-apps/systemd:= )
+"
+RDEPEND="
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-radius )
+"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# bug #721040
+QA_SONAME="usr/lib.*/libfreeradius-.*.so"
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ # Not available on Linux (bug #900048)
+ htonll
+ htonlll
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.2.6-libressl.patch
+ "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
+ "${FILESDIR}"/${PN}-3.2.3-configure-c99.patch
+)
+
+pkg_setup() {
+ if use python ; then
+ python-single-r1_pkg_setup
+ export PYTHONBIN="${EPYTHON}"
+ fi
+}
+
+src_prepare() {
+ default
+
+ # Most of the configuration options do not appear as ./configure
+ # switches. Instead it identifies the directories that are available
+ # and run through them. These might check for the presence of
+ # various libraries, in which case they are not built. To avoid
+ # automagic dependencies, we just remove all the modules that we're
+ # not interested in using.
+ # TODO: shift more of these into configure args below as things
+ # are a bit better now.
+ use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
+ use ldap || { rm -r src/modules/rlm_ldap || die ; }
+ use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
+ use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
+ use pam || { rm -r src/modules/rlm_pam || die ; }
+
+ # Drop support for python2
+ rm -r src/modules/rlm_python || die
+
+ use python || { rm -r src/modules/rlm_python3 || die ; }
+ #use rest || { rm -r src/modules/rlm_rest || die ; }
+ # Do not install ruby rlm module, bug #483108
+ rm -r src/modules/rlm_ruby || die
+
+ # These are all things we don't have in portage/I don't want to deal
+ # with myself.
+ #
+ # Requires TNCS library
+ rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die
+ # Requires libeap-ikev2
+ rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die
+ # Requires some membership.h
+ rm -r src/modules/rlm_opendirectory || die
+ # ?
+ rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
+
+ # SQL drivers that are not part of experimental are loaded from a
+ # file, so we have to remove them from the file itself when we
+ # remove them.
+ usesqldriver() {
+ local flag=$1
+ local driver=rlm_sql_${2:-${flag}}
+
+ if ! use ${flag} ; then
+ rm -r src/modules/rlm_sql/drivers/${driver} || die
+ sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
+ fi
+ }
+
+ sed -i \
+ -e 's:^#\tuser = :\tuser = :g' \
+ -e 's:^#\tgroup = :\tgroup = :g' \
+ -e 's:/var/run/radiusd:/run/radiusd:g' \
+ -e '/^run_dir/s:${localstatedir}::g' \
+ raddb/radiusd.conf.in || die
+
+ # - Verbosity
+ # - B uild shared libraries using jlibtool -shared
+ sed -i \
+ -e 's|--silent ||g' \
+ -e 's:--mode=\(compile\|link\):& -shared:g' \
+ scripts/libtool.mk || die
+
+ # Crude measure to stop jlibtool from running ranlib and ar
+ sed -i \
+ -e '/LIBRARIAN/s|".*"|"true"|g' \
+ -e '/RANLIB/s|".*"|"true"|g' \
+ scripts/jlibtool.c || die
+
+ usesqldriver mysql
+ usesqldriver postgres postgresql
+ usesqldriver firebird
+ usesqldriver iodbc
+ usesqldriver odbc unixodbc
+ usesqldriver oracle
+ usesqldriver sqlite
+ usesqldriver mongodb mongo
+
+ eautoreconf
+}
+
+src_configure() {
+ # Do not try to enable static with static-libs; upstream is a
+ # massacre of libtool best practices so you also have to make sure
+ # to --enable-shared explicitly.
+ local myeconfargs=(
+ # Revisit confcache when not needing to use ac_cv anymore
+ # for automagic deps.
+ #--cache-file="${S}"/config.cache
+
+ --enable-shared
+ --disable-ltdl-install
+ --disable-silent-rules
+ --with-system-libtool
+ --with-system-libltdl
+
+ --enable-strict-dependencies
+ --without-rlm_couchbase
+ --without-rlm_securid
+ --without-rlm_unbound
+ --without-rlm_idn
+ #--without-rlm_json
+ #$(use_with rest libfreeradius-json)
+
+ # Our OpenSSL should be patched. Avoid false-positive failures.
+ --disable-openssl-version-check
+ --with-ascend-binary
+ --with-udpfromto
+ --with-dhcp
+ --with-pcre
+ --with-iodbc-include-dir=/usr/include/iodbc
+ --with-experimental-modules
+ --with-docdir=/usr/share/doc/${PF}
+ --with-logdir=/var/log/radius
+
+ $(use_enable debug developer)
+ $(use_with ldap edir)
+ $(use_with redis rlm_cache_redis)
+ $(use_with redis rlm_redis)
+ $(use_with redis rlm_rediswho)
+ $(use_with ssl openssl)
+ $(use_with systemd systemd)
+ )
+
+ # bug #77613
+ if has_version app-crypt/heimdal ; then
+ myeconfargs+=( --enable-heimdal-krb5 )
+ fi
+
+ if use python ; then
+ myeconfargs+=(
+ --with-rlm-python3-bin=${EPYTHON}
+ --with-rlm-python3-config-bin=${EPYTHON}-config
+ )
+ fi
+
+ if ! use readline ; then
+ export ac_cv_lib_readline=no
+ fi
+
+ #if ! use pcap ; then
+ # export ac_cv_lib_pcap_pcap_open_live=no
+ # export ac_cv_header_pcap_h=no
+ #fi
+
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ # Verbose, do not generate certificates
+ emake \
+ Q='' ECHO=true \
+ LOCAL_CERT_PRODUCTS=''
+}
+
+src_install() {
+ dodir /etc
+
+ diropts -m0750 -o root -g radius
+ dodir /etc/raddb
+
+ diropts -m0750 -o radius -g radius
+ dodir /var/log/radius
+
+ keepdir /var/log/radius/radacct
+ diropts
+
+ # - Verbose, do not install certificates
+ # - Parallel install fails (bug #509498)
+ emake -j1 \
+ Q='' ECHO=true \
+ LOCAL_CERT_PRODUCTS='' \
+ R="${D}" \
+ install
+
+ if use pam ; then
+ pamd_mimic_system radiusd auth account password session
+ fi
+
+ # bug #711756
+ fowners -R radius:radius /etc/raddb
+ fowners -R radius:radius /var/log/radius
+
+ dodoc CREDITS
+
+ rm "${ED}"/usr/sbin/rc.radiusd || die
+
+ newinitd "${FILESDIR}"/radius.init-r4 radiusd
+ newconfd "${FILESDIR}"/radius.conf-r6 radiusd
+
+ if ! use systemd ; then
+ # If systemd builtin is not enabled we need use Type=Simple
+ # as systemd .service
+ sed -i -e 's:^Type=.*::g' \
+ -e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \
+ "${S}"/debian/freeradius.service
+ fi
+
+ systemd_dounit "${S}"/debian/freeradius.service
+
+ find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
+}
+
+pkg_config() {
+ if use ssl ; then
+ cd "${ROOT}"/etc/raddb/certs || die
+
+ ./bootstrap || die "Error while running ./bootstrap script."
+ chown root:radius "${ROOT}"/etc/raddb/certs || die
+ chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die
+ chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die
+ fi
+}
+
+pkg_preinst() {
+ if ! has_version ${CATEGORY}/${PN} && use ssl ; then
+ elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
+ elog "to start the radiusd service."
+ fi
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-01-04 19:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-29 15:34 [gentoo-commits] repo/proj/libressl:master commit in: net-dialup/freeradius/files/, net-dialup/freeradius/ orbea
-- strict thread matches above, loose matches on Subject: below --
2025-01-04 19:07 orbea
2023-05-10 21:14 orbea
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox