openssl gendh during make install
Alan DeKok
aland at deployingradius.com
Thu Jul 9 00:57:32 CEST 2015
On Jul 8, 2015, at 5:10 PM, Michael Ströder <michael at stroeder.com> wrote:
> I have to admit that I find the openssl gendh during make install not ideal.
Creating the "snake oil" certs and associated data is meant for debugging. There could be an option to *not* install it.
> The reason is that most .spec files use make install to create files in a
> build root during package build. And therefore at least it wastes a lot of CPU
> cycles during the build process for generating a file which the admin should
> re-generate *after* installing the package anyway.
Sure.
> Any possible solution for this?
See debian/rules. do:
$ make install PACKAGE='foo'
Which causes it to *not* run the bootstrap scripts.
> E.g. I'd prefer start scripts to invoke openssl gendh if the file does not
> exist yet.
There is a "bootstrap" command in raddb/certs/. But as Alan Buxey noted, it can't be run when the server starts.
Alan DeKok.
More information about the Freeradius-Users
mailing list