RPM packages and certs dir
Gerald Vogt
vogt at spamcop.net
Fri Jul 14 12:03:04 UTC 2023
Hi!
It seems all the files for the test/bootstrap certs in raddb/certs are
packed into the RPM file. The README.md in the certs directory
specifically suggest to use "make destroycerts" to remove all the test
certificates before starting with the real ones.
Of course, that doesn't really help because with the next update the new
rpm will restore all those config files which are missing:
# rpm -V freeradius-config-3.2.3-1.el9.x86_64
missing c /etc/raddb/certs/01.pem
missing c /etc/raddb/certs/02.pem
missing c /etc/raddb/certs/ca.crl
missing c /etc/raddb/certs/ca.der
missing c /etc/raddb/certs/ca.key
SM5....T. c /etc/raddb/certs/ca.pem
missing c /etc/raddb/certs/client.crt
missing c /etc/raddb/certs/client.csr
missing c /etc/raddb/certs/client.key
missing c /etc/raddb/certs/client.p12
missing c /etc/raddb/certs/client.pem
missing c /etc/raddb/certs/dh
missing c /etc/raddb/certs/index.txt
missing c /etc/raddb/certs/index.txt.attr
missing c /etc/raddb/certs/index.txt.attr.old
missing c /etc/raddb/certs/index.txt.old
missing c /etc/raddb/certs/serial
missing c /etc/raddb/certs/serial.old
missing c /etc/raddb/certs/server.crt
missing c /etc/raddb/certs/server.csr
missing c /etc/raddb/certs/server.key
missing c /etc/raddb/certs/server.p12
missing c /etc/raddb/certs/server.pem
missing c /etc/raddb/certs/user at example.org.p12
missing c /etc/raddb/certs/user at example.org.pem
S.5....T. c /etc/raddb/clients.conf
...
So technically, those files shouldn't be included in the RPM file, but
instead, I guess the bootstrap script should run during the %post
section in the spec file unless it's not all in the original state...
Regards,
Gerald
More information about the Freeradius-Users
mailing list