diff --git a/createlinks b/createlinks index 416804c..d5e2b77 100644 --- a/createlinks +++ b/createlinks @@ -82,6 +82,8 @@ $event="smeserver-radiusd-update"; safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/radiusd"); safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog"); templates2events("/etc/rsyslog.conf",$event); +templates2events("/etc/raddb/certs/dh", $event); + # systemd-specific action mandatory for this package-update event event_link("systemd-reload", $event, "89"); event_link("systemd-default", $event, "88"); @@ -94,3 +96,12 @@ safe_symlink("restart", "root/etc/e-smith/events/ssl-update/services2adjust/radi safe_symlink("../mods-available/ldap", "root/etc/raddb/mods-enabled/ldap"); safe_symlink("../mods-available/smbpasswd", "root/etc/raddb/mods-enabled/smbpasswd"); + +$event = "dhparam-update"; +templates2events("/etc/raddb/certs/dh", $event); +safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/radiusd"); + +$event = "smeserver-base-update"; +templates2events("/etc/raddb/certs/dh", $event); +safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/radiusd"); + diff --git a/root/etc/e-smith/templates.metadata/etc/raddb/certs/dh b/root/etc/e-smith/templates.metadata/etc/raddb/certs/dh new file mode 100644 index 0000000..546652d --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/raddb/certs/dh @@ -0,0 +1,5 @@ +TEMPLATE_PATH="/home/e-smith/dh.pem" +OUTPUT_FILENAME="/etc/raddb/certs/dh" +UID="root" +GID="root" +PERMS=0644 diff --git a/root/sbin/e-smith/systemd/radiusd-configure b/root/sbin/e-smith/systemd/radiusd-configure index 1f6144c..b288664 100644 --- a/root/sbin/e-smith/systemd/radiusd-configure +++ b/root/sbin/e-smith/systemd/radiusd-configure @@ -1,9 +1,6 @@ #!/bin/sh # Ensure that PRNG is adequately seeded. -[ -s /etc/raddb/certs/dh ] ||\ - /usr/bin/envuidgid stunnel \ - /usr/bin/openssl dhparam -out /etc/raddb/certs/dh 2048 [ -s /etc/raddb/certs/random ] ||\ /usr/bin/envuidgid stunnel \ /bin/dd if=/dev/urandom of=/etc/raddb/certs/random bs=1k count=1 diff --git a/root/usr/lib/systemd/system/radiusd.service.d/50-koozali.conf b/root/usr/lib/systemd/system/radiusd.service.d/50-koozali.conf index c2bc928..fabbab9 100644 --- a/root/usr/lib/systemd/system/radiusd.service.d/50-koozali.conf +++ b/root/usr/lib/systemd/system/radiusd.service.d/50-koozali.conf @@ -5,6 +5,7 @@ After=ldap.service ExecStartPre= ExecStartPre=/sbin/e-smith/service-status radiusd ExecStartPre=/sbin/e-smith/systemd/radiusd-configure +ExecStartPre=/sbin/e-smith/expand-template /etc/raddb/certs/dh ExecStartPre=/sbin/e-smith/expand-template /etc/raddb/certs/radiusd.pem ExecStartPre=-/bin/chown -R radiusd.radiusd /var/run/radiusd ExecStartPre=/usr/sbin/radiusd -C diff --git a/smeserver-radiusd.spec b/smeserver-radiusd.spec index cfbbbc4..770c850 100644 --- a/smeserver-radiusd.spec +++ b/smeserver-radiusd.spec @@ -4,7 +4,7 @@ Summary: smeserver server and gateway - configure PPTP inbound VPN %define name smeserver-radiusd Name: %{name} %define version 11.0.0 -%define release 10 +%define release 11 Version: %{version} Release: %{release}%{?dist} License: GPL @@ -30,6 +30,9 @@ Provides: e-smith-radiusd smeserver server and gateway - configure radius server %changelog +* Tue Mar 18 2025 Jean-Philippe Pialasse 11.0.0-11.sme +- handle dhparam via template [SME: 12964] + * Sun Jan 26 2025 Jean-Philippe Pialasse 11.0.0-10.sme - prestart script requires daemontools bins [SME: 12566]