diff options
Diffstat (limited to 'freeradius-bootstrap-create-only.patch')
| -rw-r--r-- | freeradius-bootstrap-create-only.patch | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/freeradius-bootstrap-create-only.patch b/freeradius-bootstrap-create-only.patch new file mode 100644 index 0000000..17cab04 --- /dev/null +++ b/freeradius-bootstrap-create-only.patch @@ -0,0 +1,89 @@ +From acaf4be8e301a01041acba189194d9502994611d Mon Sep 17 00:00:00 2001 +From: Alexander Scheel <ascheel@redhat.com> +Date: Wed, 13 May 2020 10:01:47 -0400 +Subject: [PATCH] Don't clobber existing files on bootstrap + +Signed-off-by: Alexander Scheel <ascheel@redhat.com> +--- + raddb/certs/bootstrap | 31 +++++++++++++++---------------- + 1 file changed, 15 insertions(+), 16 deletions(-) + +diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap +index ede09bc..e555491 100755 +--- a/raddb/certs/bootstrap ++++ b/raddb/certs/bootstrap +@@ -20,56 +20,55 @@ cd `dirname $0` + # Don't edit the following text. Instead, edit the Makefile, and + # re-generate these commands. + # +-if [ ! -f dh ]; then ++if [ ! -e dh ]; then + openssl dhparam -out dh 2048 || exit 1 +- if [ -e /dev/urandom ] ; then +- ln -sf /dev/urandom random +- else +- date > ./random; +- fi ++ ln -sf /dev/urandom random + fi + +-if [ ! -f server.key ]; then ++if [ ! -e server.key ]; then + openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1 + chmod g+r server.key + fi + +-if [ ! -f ca.key ]; then ++if [ ! -e ca.key ]; then + openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1 + fi + +-if [ ! -f index.txt ]; then ++if [ ! -e index.txt ]; then + touch index.txt + fi + +-if [ ! -f serial ]; then ++if [ ! -e serial ]; then + echo '01' > serial + fi + +-if [ ! -f server.crt ]; then ++if [ ! -e server.crt ]; then + openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1 + fi + +-if [ ! -f server.p12 ]; then ++if [ ! -e server.p12 ]; then + openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1 + chmod g+r server.p12 + fi + +-if [ ! -f server.pem ]; then ++if [ ! -e server.pem ]; then + openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1 + openssl verify -CAfile ca.pem server.pem || exit 1 + chmod g+r server.pem + fi + +-if [ ! -f ca.der ]; then ++if [ ! -e ca.der ]; then + openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1 + fi + +-if [ ! -f client.key ]; then ++if [ ! -e client.key ]; then + openssl req -new -out client.csr -keyout client.key -config ./client.cnf + chmod g+r client.key + fi + +-if [ ! -f client.crt ]; then ++if [ ! -e client.crt ]; then + openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf + fi ++ ++chown root:radiusd dh ca.* client.* server.* ++chmod 640 dh ca.* client.* server.* +-- +2.26.2 + |