building freeradius 1.1.0 suse rpm

Sat Jan 14 16:42:00 CET 2006

On 2006-01-14 at 16:14:54 +0100, Nicolas Baradakis wrote (shortened):

> It's 1.1.0.

yes, it was wrong autogenerated because for some internal reason. I
haven't rechecked this.

> > Source3:      radqkstart.pdf
> > Source4:      radadmin.pdf
> 
> You didn't provide these files. Are they licensed under the GNU FDL?
> Perhaps in the CVS we need a modifed version of freeradius.spec which
> doesn't use them.

This is the documentation which can be found here:
http://www.novell.com/documentation/edir_radius/index.html
I don't think it's GNU FDL. So it can't be provided here I think.
I haven't reworked the package to fit perfectly here because I think
Peter Nixon always did that in the past.

> > --with-threads \
> > --with-thread-pool \
> > --with-snmp \
> 
> The options "with-threads" and "with-snmp" are already to yes by
> default, thus not needed. And I think the option "with-thread-pool"
> doesn't exist. (I can't find it in 1.1.0)

Maybe it disappeared. I haven't checked it yet.
That a option is set to yes doesn't mean that it doesn't make sense to
add it here.

> I'd suggest to add the option "with-udpfromto". On a system with multiple
> IP addresses, it ensures that replies come from the same address as
> the request arrived at. This option is in the Debian package for a long
> time.

Thanks for the hint. Didn't know this.

> > %attr(755,root,root) %dir /usr/lib/freeradius
> > #%attr(755,root,root) /usr/lib/freeradius/*.so*
> > /usr/lib/freeradius/libeap*.so
> > /usr/lib/freeradius/libradius*.so
> > /usr/lib/freeradius/rlm_acct_unique*.so
> > /usr/lib/freeradius/rlm_always*.so
> > [...]
> 
> Is it necessary to list every module? If a user edit the module list
> and rebuild a package for himself it may not work.
> 
> I think this line would be better. (but perhaps I'm wrong)
> %attr(755,root,root) /usr/lib/freeradius/*.so*

We had this that way. I have changed it for our needs because we had
some libtool problem in one of the recent builds and didn't observe it.
Listing all modules will break the build if not all modules are
available. 
Your suggestion would be the better choice for the spec file
included in the source package I agree.

> > Some short description for the patches:
> >
> > dialup_admin.patch:
> >   just change path names
> >
> > lib64.patch:
> >   (dirty) workaround for building some modules on biarch platforms
> 
> I think the first two should be added to the suse/ dir, so a user can
> do a "rpmbuild" and it works out of the box.

that's the reason why I've attached them ;-)

> > ltdl.patch:
> >   try *.so shared libs before any other libtool stuff
> 
> I've no idea why this workaround is necessary.

at least we had the problem in the past that module loading didn't work
if *.la files were available. I haven't checked with current FreeRadius.

> > pie.patch:
> >   link radiusd with -pie flag for some security improvement
> 
> It's not mandatory to make the server work, but perhaps it could
> be added to the suse/ dir, too.

It's not mandatory and it doesn't work with old compilers.
(similar to the -fstack-protection flag which only works since gcc 4.1)

Thanks for your comments,

   Wolfgang

-- 
SUSE LINUX GmbH             -o)   Tel: +49-(0)911-740 53 0
Maxfeldstr. 5               /\\   Fax: +49-(0)911-740 53 679
90409 Nuernberg, Germany   _\_v   simply change to www.suse.com