upgrading freeradius

Fajar A. Nugraha list at fajar.net
Mon Jan 28 01:34:02 CET 2013


On Mon, Jan 28, 2013 at 8:42 AM, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> On Sun, Jan 27, 2013 at 08:51:28PM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
>> > I have a working server running on version 2.1.10
>
>> if you got your 2.1.10 from distribution...then you have to wait
>> for your distro to catch up
>
> Actually, with Debian and Ubuntu, building new local packages of
> the latest version is trivially easy, and the way I would
> recommend upgrading.
>
> http://wiki.freeradius.org/building/Build#Building-Debian-packages
>

Debian packages generated from FR source is mostly compatible with
current Debian/Ubuntu packages. It's great for when used for new
servers.
There's a catch though: if you have upgrade current installation,
there might be some things that needed manual tweaking (IIRC it was
certificate-related).

FR's debian recipe is based on some old version in Debian. Current
Debian package has diverged somewhat, so you might see some minor
differences (configuration, init script, pre/post install script,
etc). If we ported ALL Debian/Ubuntu changes, it would mean build
failure on some older systems. So for the 2.2.0 FR release I only
backported ones that were essential and wouldn't break things.

If you currently have an Ubuntu system running with 2.1.10, you might
find my PPA to be more seamless for upgrading:
https://launchpad.net/~freeradius/+archive/stable (yes, it's also
mentioned in the wiki: http://wiki.freeradius.org/building/Packages ).
It takes a different approach, in that it takes current Debian/Ubuntu
packages, and make necessary modification so that you can put 2.2.0
sources and have it build. Some of the changes were too intrusive to
be included in the official source (for example, there are different
recipes for Hardy/Lucid), but if you're just an end user that have no
experience with building packages, you might find this one easier to
use.


> But of course if you roll your own packages you've got to watch
> for security issues when they crop up, and rebuild yourself. With
> distro supported packages they tend to patch up the security
> issues, though you might be left with older non-security related
> bugs unpatched.
>
> Like Alan wrote: if it says 2.1.10, you have no easy way of
> guaranteeing all latest security patches have been applied.
>
> Popping up on this list and saying you're using an old version is
> also likely to get you a lot of 'go away and upgrade' responses,
> rather than answers to your question...

If you have support from the Ubuntu, it might be better to stick with
the provided version. But yes, when asking to this list, the most
likely answer would be "upgrade". If one wants to stick to Ubuntu's
provided version and wants to ask for security backports, better ask
Canonical.

--
Fajar


More information about the Freeradius-Users mailing list