* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme

- handle dhparam via template [SME: 12964]
2025-03-18 01:20:46 -04:00
parent 3986d4512c
commit b4d575a11f
5 changed files with 21 additions and 4 deletions
--- a/root/etc/e-smith/templates.metadata/etc/raddb/certs/dh
+++ b/root/etc/e-smith/templates.metadata/etc/raddb/certs/dh
@@ -0,0 +1,5 @@
+TEMPLATE_PATH="/home/e-smith/dh.pem"
+OUTPUT_FILENAME="/etc/raddb/certs/dh"
+UID="root"
+GID="root"
+PERMS=0644
--- a/root/sbin/e-smith/systemd/radiusd-configure
+++ b/root/sbin/e-smith/systemd/radiusd-configure
@@ -1,9 +1,6 @@
 #!/bin/sh

 # Ensure that PRNG is adequately seeded.
-[ -s /etc/raddb/certs/dh ] ||\
-  /usr/bin/envuidgid stunnel \
-      /usr/bin/openssl dhparam -out /etc/raddb/certs/dh 2048
 [ -s /etc/raddb/certs/random ] ||\
  /usr/bin/envuidgid stunnel \
      /bin/dd if=/dev/urandom of=/etc/raddb/certs/random bs=1k count=1
--- a/root/usr/lib/systemd/system/radiusd.service.d/50-koozali.conf
+++ b/root/usr/lib/systemd/system/radiusd.service.d/50-koozali.conf
@@ -5,6 +5,7 @@ After=ldap.service
 ExecStartPre=
 ExecStartPre=/sbin/e-smith/service-status radiusd
 ExecStartPre=/sbin/e-smith/systemd/radiusd-configure
+ExecStartPre=/sbin/e-smith/expand-template /etc/raddb/certs/dh
 ExecStartPre=/sbin/e-smith/expand-template /etc/raddb/certs/radiusd.pem
 ExecStartPre=-/bin/chown -R radiusd.radiusd /var/run/radiusd
 ExecStartPre=/usr/sbin/radiusd -C