not able to install FR 3.0.16+git in (pure) Debian 9
a.cudbardb at freeradius.org
Sat Sep 9 20:59:58 CEST 2017
> On 9 Sep 2017, at 21:30, Fajar A. Nugraha <list at fajar.net> wrote:
> On Sat, Sep 9, 2017 at 7:56 PM, Alan DeKok <aland at deployingradius.com> wrote:
>> On Sep 9, 2017, at 12:11 AM, Fajar A. Nugraha <list at fajar.net> wrote:
>>> I think the problem arise because users see the debian directory, and
>>> expect to build it successfully (i.e. following
>>> https://wiki.freeradius.org/building/Debian-and-Ubuntu). But that
>>> fails for debian 9.
>> I can't feel overly responsible for distributions which break application software.
>> There's really no other way to describe this. They've added patches to Debian after 3.0.15 was released, and those patches break *all* versions of FreeRADIUS.
>>> IMHO some possible options are:
>>> (a) add some instructions (e.g. on
>>> https://wiki.freeradius.org/building/Debian-and-Ubuntu), something
>>> like 'if you're absolutely sure you're using patched/non-vulnerable
>>> versions of openssl, then you can edit these files manually, but don't
>>> complain if it's broken", and so on. And point any
>>> debian-package-related queries there. OR
>> I've pushed patches to v3.0.x which should help. I'll see if I can add notes to the wiki.
I think there's some confusion here...
Those were an adaptation of the fixes that I put into v4.0.x to call the new OpenSSL 1.1.0 API to set min/max TLS versions, they won't affect debian packaging, or alter which security issues FreeRADIUS flags.
...they will however allow users to override the TLS restrictions in Debian 9, which only allowed TLS 1.2 to be used, which was the subject of another thread.
I'm working on a new docker build image for Debian 9, after that's done we should be able to look at the packaging issues in v3.0.x on Debian 9.
As for discovering packaging issues early, yes there is a the beginnings of a Jenkins based CIT system, that publishes packages for centos7 and ubuntu to packages.networkradius.com.
The main issues are that packages aren't pushed for every debian/ubuntu/centos flavour, and there's currently no notifications of when a build fails.
>> We'll try to get automated builds set up... right now, we're up to a backlog of ~10-20 systems that people want.
It's up, it's just sort of, half finished, and not overly useful in its current form. Not to say it couldn't be useful, it just isn't right now, seeing as it doesn't publish notifications in any form... outside of maybe the jobs triggered by pull requests. Anyway that's an internal discussion.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Users