Bootstrap overwrite my certs

Rafael Leiva-Ochoa spawn at rloteck.net
Tue Apr 30 23:38:08 CEST 2019


I got it from Fedora 28 Repo: freeradius-3.0.19-1.fc28.armv7hl


Here is what I have on my /usr/lib/systemd/system/radiusd.service script
for systemd

[Unit]
Description=FreeRADIUS high performance RADIUS server.
After=syslog.target network-online.target ipa.service dirsrv.target
krb5kdc.service

[Service]
Type=forking
PIDFile=/var/run/radiusd/radiusd.pid
ExecStartPre=-/bin/chown -R radiusd.radiusd /var/run/radiusd
#ExecStartPre=/bin/sh /etc/raddb/certs/bootstrap
ExecStartPre=/bin/chgrp -R radiusd /etc/raddb/certs/
ExecStartPre=/usr/sbin/radiusd -C
ExecStart=/usr/sbin/radiusd -d /etc/raddb
ExecReload=/usr/sbin/radiusd -C
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target


On Tue, Apr 30, 2019 at 2:27 PM Matthew Newton <mcn at freeradius.org> wrote:

> On Tue, 2019-04-30 at 14:17 -0700, Rafael Leiva-Ochoa wrote:
> >      I recently upgraded to 3.0.19-1
>
> From where?
>
> > After a lot of digging, I found that a "bootstrap" script on the
> > /etc/raddb/certs/ directory was being called on
> > the /usr/lib/systemd/system/radiusd.service. This script overwrote my
> > current certificate files. I had to comment out the
> > ExecStartPre=/bin/sh
> > /etc/raddb/certs/bootstrap to fix the problem. I am not sure if
> > anyone else
> > encountered this problem before. Is this being addressed on future
> > releases?
>
> That's not in the official release.
>
>
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/redhat/radiusd.service
>
> Calling bootstrap in the service file is wrong. It should be done
> manually, or upon a clean install by the package manager.
>
> --
> Matthew
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list