openssl gendh during make install

Alan DeKok aland at deployingradius.com
Thu Jul 9 00:57:32 CEST 2015


On Jul 8, 2015, at 5:10 PM, Michael Ströder <michael at stroeder.com> wrote:
> I have to admit that I find the openssl gendh during make install not ideal.

  Creating the "snake oil" certs and associated data is meant for debugging.  There could be an option to *not* install it.

> The reason is that most .spec files use make install to create files in a
> build root during package build. And therefore at least it wastes a lot of CPU
> cycles during the build process for generating a file which the admin should
> re-generate *after* installing the package anyway.

  Sure.

> Any possible solution for this?

  See debian/rules.  do:

$ make install PACKAGE='foo'

  Which causes it to *not* run the bootstrap scripts.

> E.g. I'd prefer start scripts to invoke openssl gendh if the file does not
> exist yet.

  There is a "bootstrap" command in raddb/certs/.  But as Alan Buxey noted, it can't be run when the server starts.

  Alan DeKok.




More information about the Freeradius-Users mailing list