# Contributor: Vladyslav Frolov # Contributor: Ɓukasz Jendrysik # Contributor: Natanael Copa # Contributor: Jakub Jirutka # Maintainer: Leonardo Arena pkgname=freeradius pkgver=3.0.20 pkgrel=9 pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server" url="https://freeradius.org/" arch="all" license="GPL-2.0-or-later" makedepends=" autoconf automake bash curl-dev gdbm-dev hiredis-dev json-c-dev krb5-dev libpcap-dev libtool linux-headers linux-pam-dev mariadb-connector-c-dev net-snmp-tools openldap-dev openssl-dev perl-dev postgresql-dev python3-dev readline-dev sqlite-dev talloc-dev unixodbc-dev " pkggroups="radius" pkgusers="radius" install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade" subpackages=" $pkgname-dbg $pkgname-doc $pkgname-static $pkgname-dev $pkgname-eap $pkgname-ldap $pkgname-dhcp $pkgname-lib $pkgname-mssql $pkgname-mysql $pkgname-sql $pkgname-perl $pkgname-postgresql $pkgname-python3 $pkgname-sqlite $pkgname-unixodbc $pkgname-pam $pkgname-krb5 $pkgname-rest $pkgname-redis $pkgname-checkrad $pkgname-utils " provides="freeradius3=$pkgver-r$pkgrel" source="ftp://ftp.freeradius.org/pub/freeradius/$pkgname-server-$pkgver.tar.gz $pkgname.logrotated radiusd.confd radiusd.initd setup-freeradius.in print-var.mk musl-fix-headers.patch fix-scopeid.patch default-config.patch remove-eap-from-default-mods.patch readme-setup-script.patch Fix-permissions-of-certs-in-bootstrap-fallback.patch fix-request_running-segfault.patch dont-install-test-tools.patch " builddir="$srcdir/$pkgname-server-$pkgver" # secfixes: # 3.0.19-r3: # - CVE-2019-10143 # 3.0.19-r0: # - CVE-2019-11234 # - CVE-2019-11235 _radconfdir="etc/raddb" _radmodsdir="$_radconfdir/mods-available" _radlibdir="usr/lib/freeradius" _radmodsconfdir="$_radconfdir/mods-config" ldpath="$_radlibdir" prepare() { default_prepare update_config_sub local default_mods default_mods=$(make -f "$srcdir"/print-var.mk -f raddb/all.mk \ print-DEFAULT_MODULES 2>/dev/null) sed "s|@@DEFAULT_MODULES@@|$default_mods|" \ "$srcdir"/setup-freeradius.in > setup-freeradius } build() { # freeradius requries json.h to be in a dir called 'json'. We fool # the configure script with a symlink pointing to proper location. ln -s /usr/include/json-c json ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ --localstatedir=/var \ --datarootdir=/usr/share \ --libdir="/$_radlibdir" \ --with-logdir=/var/log/radius \ --with-radacctdir=/var/log/radius/radacct \ --with-system-libtool \ --with-system-libltdl \ --with-shared-libs \ --with-udpfromto \ --with-rlm_sql_sqlite \ --with-rlm_sql_postgresql \ --with-rlm_sql_mysql \ --with-rlm_krb5 \ --with-rlm_rest \ --with-rlm_redis \ --with-rlm_rediswho \ --with-modules="rlm_python3" \ --without-rlm_eap_tnc \ --without-rlm_eap_ikev2 \ --without-rlm_sql_iodbc \ --without-rlm_sql_oracle \ --without-rlm_yubikey \ --without-rlm_ykclient \ --with-jsonc-include-dir="$PWD" make -j1 LDFLAGS="$LDFLAGS -lssl" } package() { install -d -m0750 -o root -g radius \ "$pkgdir"/$_radconfdir install -d -m0750 -o radius -g radius \ "$pkgdir"/var/cache/radiusd \ "$pkgdir"/var/lib/radiusd \ "$pkgdir"/var/log/radius \ "$pkgdir"/var/log/radius/radacct PACKAGE=yes make -j1 R="$pkgdir" install chown -R root:radius "$pkgdir"/etc/raddb/* # Ensure that files generated by Makefile or bootstrap scripts are # readable by the radiusd daemin. chmod 2750 "$pkgdir"/etc/raddb/certs install -m755 -D "$srcdir"/radiusd.initd "$pkgdir"/etc/init.d/radiusd install -m644 -D "$srcdir"/radiusd.confd "$pkgdir"/etc/conf.d/radiusd install -m644 -D "$srcdir"/$pkgname.logrotated "$pkgdir"/etc/logrotate.d/$pkgname install -m755 -D setup-freeradius "$pkgdir"/usr/sbin/setup-freeradius # Install misses to create this mkdir -p "$pkgdir"/$_radmodsconfdir/sql/ippool-dhcp/postgresql # Default modules are enabled by post-install script. # The reason for this is that when we include these symlinks # in the package, the user basically cannot permanently disable any # default module by removing the symlink because apk will install them # back on every upgrade of the package. rm -f "$pkgdir"/$_radconfdir/mods-enabled/* # Remove unneeded and unused stuff (e.g. for disabled modules). rm -f "$pkgdir"/usr/sbin/rc.radiusd rm -f "$pkgdir"/$_radlibdir/rlm_test.so rm -f "$pkgdir"/$_radconfdir/experimental.conf # https://github.com/FreeRADIUS/freeradius-server/issues/1734#issuecomment-247848277 rm -f "$pkgdir"/usr/bin/dhcpclient rm -f "$pkgdir"/usr/share/man/man1/dhcpclient.1* cd "$pkgdir"/$_radmodsdir rm -f couchbase python unbound yubikey cd "$pkgdir"/$_radmodsconfdir rm -rf sql/*/mongo rm -rf sql/*/oracle rm -rf unbound cd "$pkgdir"/$_radconfdir/sites-available rm -f *.orig } eap() { pkgdesc="EAP module for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel" provides="freeradius3-eap=$pkgver-r$pkgrel" amove $_radlibdir/rlm_eap*.so $_radlibdir/libfreeradius-eap.so amove usr/bin/radeapclient amove $_radmodsdir/eap $_radmodsdir/inner-eap amove $_radconfdir/sites-available/check-eap-tls _enable_mod eap } ldap() { pkgdesc="LDAP module for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel" provides="freeradius3-ldap=$pkgver-r$pkgrel" amove $_radlibdir/rlm_ldap* amove $_radmodsdir/ldap _enable_mod ldap } krb5() { pkgdesc="Kerberos module for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel" provides="freeradius3-krb5=$pkgver-r$pkgrel" amove $_radlibdir/rlm_krb5* amove $_radmodsdir/krb5 _enable_mod krb5 } dhcp() { pkgdesc="DHCP module for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel" amove $_radlibdir/*_dhcp.so $_radlibdir/libfreeradius-dhcp.so amove $_radmodsdir/dhcp amove $_radconfdir/sites-available/dhcp _enable_mod dhcp } lib() { pkgdesc="Freeradius shared libraries" depends="" amove $_radlibdir/libfreeradius-*.so amove usr/share/freeradius/* } sql() { pkgdesc="SQL module for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel" provides="freeradius3-sql=$pkgver-r$pkgrel" local lib; for lib in sql sqlippool sql_null sqlcounter; do amove $_radlibdir/rlm_$lib.so done amove $_radconfdir/sites-available/buffered-sql amove $_radmodsdir/*sql* _enable_mod sql } mysql() { pkgdesc="MySQL module for FreeRADIUS server" depends="freeradius-sql=$pkgver-r$pkgrel" provides="freeradius3-mysql=$pkgver-r$pkgrel" _mvdb mysql amove $_radmodsconfdir/sql/*/ndb } mssql() { pkgdesc="MSSQL module for FreeRADIUS server" depends="freeradius-sql=$pkgver-r$pkgrel" provides="freeradius3-mssql=$pkgver-r$pkgrel" amove $_radmodsconfdir/sql/main/mssql } perl() { pkgdesc="Perl module for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel perl" provides="freeradius3-perl=$pkgver-r$pkgrel" amove $_radlibdir/rlm_perl* amove $_radconfdir/mods-available/perl amove $_radmodsconfdir/perl _enable_mod perl } checkrad() { pkgdesc="Check if a user is (still) logged in on a certain port" depends="perl perl-net-telnet perl-snmp-session net-snmp-tools" amove usr/sbin/checkrad } postgresql() { pkgdesc="PostgreSQL module for FreeRADIUS server" depends="freeradius-sql=$pkgver-r$pkgrel" provides="freeradius3-postgresql=$pkgver-r$pkgrel" _mvdb postgresql } python3() { depends="freeradius=$pkgver-r$pkgrel" pkgdesc="Python 3 module for FreeRADIUS server" amove $_radlibdir/rlm_python* amove $_radmodsdir/python3 amove $_radmodsconfdir/python3 _enable_mod python3 } sqlite() { pkgdesc="SQLite module for FreeRADIUS server" depends="freeradius-sql=$pkgver-r$pkgrel" provides="freeradius3-sqlite=$pkgver-r$pkgrel" _mvdb sqlite } unixodbc() { pkgdesc="ODBC module for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel" provides="freeradius3-unixodbc=$pkgver-r$pkgrel" amove $_radlibdir/rlm_sql_unixodbc.so } pam() { pkgdesc="PAM module for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel" provides="freeradius3-pam=$pkgver-r$pkgrel" amove $_radlibdir/rlm_pam* amove $_radmodsdir/pam _enable_mod pam } rest() { pkgdesc="REST module for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel" amove $_radlibdir/rlm_rest* amove $_radmodsdir/rest _enable_mod rest } redis() { pkgdesc="Redis modules for FreeRADIUS server" depends="freeradius=$pkgver-r$pkgrel" amove $_radlibdir/rlm_redis* amove $_radmodsdir/redis* _enable_mod redis } utils() { pkgdesc="FreeRADIUS utilities" # provides/replaces for backward compatibility provides="freeradius-radclient=$pkgver-r$pkgrel freeradius3-radclient=$pkgver-r$pkgrel" replaces="freeradius-radclient" amove usr/bin/* } _mvdb() { amove $_radmodsconfdir/sql/*/$1 amove $_radlibdir/rlm_sql_$1.so } _enable_mod() { mkdir -p "$subpkgdir"/$_radconfdir/mods-enabled ln -s ../mods-available/$1 "$subpkgdir"/$_radconfdir/mods-enabled/$1 } sha512sums="513ed0a5d9e6b9a8d89a9b02c86ff528a9ff14d928f4c1040ca44702465abd711588fe6afa35554cb2c8e8bd7f19dd5be3dbc78445c62c7b00bf5cbc4c621312 freeradius-server-3.0.20.tar.gz c3ae1ee6bd7743f883310612ba2c20c6ff7f288fedc308735df05b097ecb2f7fa4d1679b844e262757808978c7bb2d7630b99e4b87ce6d6ba7f84013f9c49f1d freeradius.logrotated bb3df1fa2c9ed95514ae090e0f6619c4e3280f424c4351bc79f5254bf1a327fa7d27e5fe3add5ab8d9e5ba3792c9553bd9a0481fe9c5bc34945ce46627ef2638 radiusd.confd a66ab5d3f1c86450e9c50aa8be10a40fb4118467670048773ad8c80b5f3fb958dd3addc6ef245289d93ce2b184ce2c9882a8a2585d4a134d55c2326c9559f558 radiusd.initd 9f6a4f76fd06e81cfcfe4536f1f8be494634b07e548a6f7e651e5501aded24b030ed7d57dbdc867ae0eb39ee4a090234c4122a89bed84c13733c77de36b9c2cf setup-freeradius.in 5f940e200aa39b2fbbfaf5b24f2ad99869fa75bb7e2008876940ea96cb9dbc7f2b27dd1672aa56cdb5243faabdcbc38875594dd8792af965987183c0aa2aefd1 print-var.mk c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d musl-fix-headers.patch 41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch c266718d830076423c19a31c608a925ec664156ef2da87c97166d376b16f4582e7f8adebd9c8e3ef51b24da0ca3252f00b557ed9ee9dd8325d8a6a317f4e3ed1 default-config.patch f96b7b2e0fc614cb8b70bd500933538e98e05b58718af931a62bc7ba2307600cf8c2a8a99de856ad2e18101dd5bfe95c50ee34de20eef21ba0ad795577a6619b remove-eap-from-default-mods.patch 55e179d5e6b31d289c2da7f907e494a6a6f5900483fdff8d3bb25ee15a583b8705942eca1f0d5390e91376966e66e457dce9b2cf1a1f61c8eac6d8fb825404dd readme-setup-script.patch f88cb4ae335d67211c8563b6df88e20ee3729e57aa56423f99b518f83b190479b38bb189a0ab53c70ef9709a6229ccaa506ea6b79844cbfd4f2a7f0c7c292045 Fix-permissions-of-certs-in-bootstrap-fallback.patch 7ddf75901f635216b0d972c14631334a8138e0dbb021685bb6b3a996f38d232b84146c621dae541b00f6149fa401e835d1579bbacd27fad72a80bacd4391b404 fix-request_running-segfault.patch 908c4408ab6538ddd96577e47d5e509b19e227e144655eaa0fd7569ddadbe5b2298e6599b8370847b3bcb5e788067b163b0cb66e1b3afa4d83dc3f724e058674 dont-install-test-tools.patch"