building freeradius 1.1.0 suse rpm

Nicolas Baradakis nbk at sitadelle.com
Sat Jan 14 16:14:54 CET 2006 

Wolfgang Rosenauer wrote:

> I have attached an archive of current specfile and our incorporated
> patches.

Thankyou. I don't really care for Suse package but I made a diff
between the specfiles out of curiosity. I noticed a few things,
though they're just minor details.

> # spec file for package freeradius (Version 1.0.5)

It's 1.1.0.

> Source3:      radqkstart.pdf
> Source4:      radadmin.pdf

You didn't provide these files. Are they licensed under the GNU FDL?
Perhaps in the CVS we need a modifed version of freeradius.spec which
doesn't use them.

> --with-threads \
> --with-thread-pool \
> --with-snmp \

The options "with-threads" and "with-snmp" are already to yes by
default, thus not needed. And I think the option "with-thread-pool"
doesn't exist. (I can't find it in 1.1.0)

I'd suggest to add the option "with-udpfromto". On a system with multiple
IP addresses, it ensures that replies come from the same address as
the request arrived at. This option is in the Debian package for a long
time.

> %attr(755,root,root) %dir /usr/lib/freeradius
> #%attr(755,root,root) /usr/lib/freeradius/*.so*
> /usr/lib/freeradius/libeap*.so
> /usr/lib/freeradius/libradius*.so
> /usr/lib/freeradius/rlm_acct_unique*.so
> /usr/lib/freeradius/rlm_always*.so
> [...]

Is it necessary to list every module? If a user edit the module list
and rebuild a package for himself it may not work.

I think this line would be better. (but perhaps I'm wrong)
%attr(755,root,root) /usr/lib/freeradius/*.so*

> Some short description for the patches:
>
> dialup_admin.patch:
>   just change path names
>
> lib64.patch:
>   (dirty) workaround for building some modules on biarch platforms

I think the first two should be added to the suse/ dir, so a user can
do a "rpmbuild" and it works out of the box.

> ltdl.patch:
>   try *.so shared libs before any other libtool stuff

I've no idea why this workaround is necessary.

> pie.patch:
>   link radiusd with -pie flag for some security improvement

It's not mandatory to make the server work, but perhaps it could
be added to the suse/ dir, too.

-- 
Nicolas Baradakis

More information about the Freeradius-Devel mailing list