Problems with bootstrapping certificates
Alan DeKok
aland at deployingradius.com
Thu Oct 15 13:02:22 CEST 2009
Petr Uzel wrote:
> To be more specific: I work on packaging freeradius server RPM. The
> README explictly states that "This bootstrap script SHOULD be run on
> installation of any pre-built binary package for your OS." I
> understand that it should be ran automatically in the %post section,
> like in the suse spec file included in the tarball. This leads to two
> problems:
> - if the user runs bootstrap script manually after installation, the
> certificates get corrupted
Yes. Re-generating the certs causes them to be regenerated.
> - if the user performs upgrade of the package, the certificates get
> corrupted - this is worse than the first problem, since the user
> might already have his 'production' certificates installed.
So don't regenerate them...
> So I suggest either to
> 1) do not recommend running the bootstrap script automatically and
> force the user to run it manually
> or
> 2) fix the bootstrap script and/or Makefile to do nothing if
> the required files already exist.
That's already in the "makefile". I suggest a patch to the bootstrap
script.
Alan DeKok.
More information about the Freeradius-Users
mailing list