Received: by mail.netbsd.org (Postfix, from userid 605)
	id DA92D84DFB; Thu, 16 Apr 2020 15:49:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 62E2F84DF7
	for <pkgsrc-changes@NetBSD.org>; Thu, 16 Apr 2020 15:49:31 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id Du3q-Z06RtID for <pkgsrc-changes@netbsd.org>;
	Thu, 16 Apr 2020 15:49:30 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 9AD5884D83
	for <pkgsrc-changes@NetBSD.org>; Thu, 16 Apr 2020 15:49:30 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 94353FB27; Thu, 16 Apr 2020 15:49:30 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_158705217093400"
MIME-Version: 1.0
Date: Thu, 16 Apr 2020 15:49:30 +0000
From: "Jonathan Perkin" <jperkin@netbsd.org>
Subject: CVS commit: pkgsrc/net/freeradius
To: pkgsrc-changes@NetBSD.org
Reply-To: jperkin@netbsd.org
X-Mailer: log_accum
Message-Id: <20200416154930.94353FB27@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_158705217093400
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	jperkin
Date:		Thu Apr 16 15:49:30 UTC 2020

Modified Files:
	pkgsrc/net/freeradius: Makefile distinfo
	pkgsrc/net/freeradius/files/smf: manifest.xml
Added Files:
	pkgsrc/net/freeradius/files/smf: radiusd.sh
	pkgsrc/net/freeradius/patches: patch-raddb_radiusd.conf.in

Log Message:
freeradius: Fix SMF initialisation.

Ensures the user/group are correctly substituted into the config file so that
the daemon can run as root then drop privileges appropriately, as well as
creating the rundir as necessary.

Submitted by Jorge Schrauwen in NetBSD/pkgsrc#58.  Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.106 -r1.107 pkgsrc/net/freeradius/Makefile
cvs rdiff -u -r1.40 -r1.41 pkgsrc/net/freeradius/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/freeradius/files/smf/manifest.xml
cvs rdiff -u -r0 -r1.1 pkgsrc/net/freeradius/files/smf/radiusd.sh
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/net/freeradius/patches/patch-raddb_radiusd.conf.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_158705217093400
Content-Disposition: inline
Content-Length: 6976
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/freeradius/Makefile
diff -u pkgsrc/net/freeradius/Makefile:1.106 pkgsrc/net/freeradius/Makefile:1.107
--- pkgsrc/net/freeradius/Makefile:1.106	Wed Apr  8 09:42:05 2020
+++ pkgsrc/net/freeradius/Makefile	Thu Apr 16 15:49:30 2020
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.106 2020/04/08 09:42:05 adam Exp $
+# $NetBSD: Makefile,v 1.107 2020/04/16 15:49:30 jperkin Exp $
 
 .include "Makefile.common"
 
 PKGNAME=	${DISTNAME:S/-server//}
+PKGREVISION=	1
 COMMENT=	Free RADIUS server implementation
 
 BUILD_DEFS+=		VARBASE
@@ -29,6 +30,7 @@ CONFIGURE_ARGS+=	--without-rlm_sql_postg
 CONFIGURE_ARGS+=	--without-rlm_sql_unixodbc
 
 RCD_SCRIPTS=		radiusd
+SMF_METHODS=		radiusd
 RADIUS_GROUP?=		radiusd
 RADIUS_USER?=		radiusd
 PKG_GROUPS=		${RADIUS_GROUP}
@@ -42,6 +44,12 @@ OWN_DIRS_PERMS+=	${VARBASE}/run/radiusd 
 
 PKG_SYSCONFSUBDIR=	raddb
 
+SUBST_CLASSES+=		secconf
+SUBST_STAGE.secconf=	post-configure
+SUBST_MESSAGE.secconf=	Substituting user and group in radiusd.conf
+SUBST_FILES.secconf=	raddb/radiusd.conf
+SUBST_VARS.secconf=	RADIUS_USER RADIUS_GROUP
+
 FILES_SUBST+=		RADIUS_USER=${RADIUS_USER} RADIUS_GROUP=${RADIUS_GROUP}
 MESSAGE_SUBST+=		BOOTSTRAP=${PKG_SYSCONFDIR}/certs/bootstrap
 
@@ -175,19 +183,19 @@ EGFILES=		certs/ca.cnf certs/client.cnf 
 			users templates.conf trigger.conf
 
 EGDIRS=			certs mods-available mods-config mods-config/attr_filter mods-config/files \
-			mods-config/perl mods-config/preprocess mods-config/sql mods-config/sql/counter  \
-			mods-config/sql/counter/mysql mods-config/sql/counter/postgresql  \
-			mods-config/sql/counter/sqlite mods-config/sql/cui mods-config/sql/cui/mysql  \
-			mods-config/sql/cui/postgresql mods-config/sql/cui/sqlite mods-config/sql/ippool  \
-			mods-config/sql/ippool-dhcp mods-config/sql/ippool-dhcp/mysql  \
-			mods-config/sql/ippool-dhcp/oracle mods-config/sql/ippool-dhcp/sqlite  \
-			mods-config/sql/ippool/mysql mods-config/sql/ippool/oracle  \
-			mods-config/sql/ippool/postgresql mods-config/sql/ippool/sqlite  \
-			mods-config/sql/main mods-config/sql/main/mssql mods-config/sql/main/mysql  \
-			mods-config/sql/main/mysql/extras mods-config/sql/main/mysql/extras/wimax  \
-			mods-config/sql/main/ndb mods-config/sql/main/oracle  \
-			mods-config/sql/main/postgresql mods-config/sql/main/postgresql/extras  \
-			mods-config/sql/main/sqlite mods-config/unbound mods-enabled  \
+			mods-config/perl mods-config/preprocess mods-config/sql mods-config/sql/counter \
+			mods-config/sql/counter/mysql mods-config/sql/counter/postgresql \
+			mods-config/sql/counter/sqlite mods-config/sql/cui mods-config/sql/cui/mysql \
+			mods-config/sql/cui/postgresql mods-config/sql/cui/sqlite mods-config/sql/ippool \
+			mods-config/sql/ippool-dhcp mods-config/sql/ippool-dhcp/mysql \
+			mods-config/sql/ippool-dhcp/oracle mods-config/sql/ippool-dhcp/sqlite \
+			mods-config/sql/ippool/mysql mods-config/sql/ippool/oracle \
+			mods-config/sql/ippool/postgresql mods-config/sql/ippool/sqlite \
+			mods-config/sql/main mods-config/sql/main/mssql mods-config/sql/main/mysql \
+			mods-config/sql/main/mysql/extras mods-config/sql/main/mysql/extras/wimax \
+			mods-config/sql/main/ndb mods-config/sql/main/oracle \
+			mods-config/sql/main/postgresql mods-config/sql/main/postgresql/extras \
+			mods-config/sql/main/sqlite mods-config/unbound mods-enabled \
 			policy.d sites-available sites-enabled
 
 REPLACE_PERL+=		scripts/sql/radsqlrelay \

Index: pkgsrc/net/freeradius/distinfo
diff -u pkgsrc/net/freeradius/distinfo:1.40 pkgsrc/net/freeradius/distinfo:1.41
--- pkgsrc/net/freeradius/distinfo:1.40	Wed Apr  8 09:42:05 2020
+++ pkgsrc/net/freeradius/distinfo	Thu Apr 16 15:49:30 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.40 2020/04/08 09:42:05 adam Exp $
+$NetBSD: distinfo,v 1.41 2020/04/16 15:49:30 jperkin Exp $
 
 SHA1 (freeradius-server-3.0.21.tar.bz2) = 3d90d63bf1452794cf9d0b04147745a254872c3f
 RMD160 (freeradius-server-3.0.21.tar.bz2) = 04a038b701f19d9c598e826a795a0cdaacd3768b
@@ -8,4 +8,5 @@ SHA1 (patch-ai) = e32ffd24b93e2cef2e72ef
 SHA1 (patch-configure.ac) = ffec1f851d23f560797c12eba5092f2940e4d662
 SHA1 (patch-main_command.c) = 1c79b29eb13df341906c710c8dd41860a27473dd
 SHA1 (patch-main_util.c) = e8814255c32c8469e81d62f2c7092e8d42744e85
+SHA1 (patch-raddb_radiusd.conf.in) = 353cbed35013777bf055a77cc610b50a637ae7b7
 SHA1 (patch-src_lib_udpfromto.c) = 2457f0a7223b1f3ef86d0af020290b26380e6319

Index: pkgsrc/net/freeradius/files/smf/manifest.xml
diff -u pkgsrc/net/freeradius/files/smf/manifest.xml:1.1 pkgsrc/net/freeradius/files/smf/manifest.xml:1.2
--- pkgsrc/net/freeradius/files/smf/manifest.xml:1.1	Sat Aug 26 10:07:28 2017
+++ pkgsrc/net/freeradius/files/smf/manifest.xml	Thu Apr 16 15:49:30 2020
@@ -19,10 +19,8 @@
     <dependency name='system-log' grouping='optional_all' restart_on='none' type='service'>
       <service_fmri value='svc:/system/system-log' />
     </dependency>
-    <method_context>
-      <method_credential user='@RADIUS_USER@' group='@RADIUS_GROUP@' />
-    </method_context>
-    <exec_method name='start' type='method' exec='@PREFIX@/sbin/radiusd' timeout_seconds='60' />
+    <method_context></method_context>
+    <exec_method name='start' type='method' exec='@PREFIX@/@SMF_METHOD_FILE.radiusd@' timeout_seconds='60' />
     <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60' />
     <property_group name='startd' type='framework'>
       <propval name='ignore_error' type='astring' value='core,signal' />

Added files:

Index: pkgsrc/net/freeradius/files/smf/radiusd.sh
diff -u /dev/null pkgsrc/net/freeradius/files/smf/radiusd.sh:1.1
--- /dev/null	Thu Apr 16 15:49:30 2020
+++ pkgsrc/net/freeradius/files/smf/radiusd.sh	Thu Apr 16 15:49:30 2020
@@ -0,0 +1,14 @@
+#!@SMF_METHOD_SHELL@
+#
+# $NetBSD: radiusd.sh,v 1.1 2020/04/16 15:49:30 jperkin Exp $
+#
+
+. /lib/svc/share/smf_include.sh
+
+if [ ! -d @VARBASE@/run/radiusd ]; then
+	@MKDIR@ @VARBASE@/run/radiusd
+	@CHMOD@ 0750 @VARBASE@/run/radiusd
+	@CHOWN@ @RADIUS_USER@:@RADIUS_GROUP@ @VARBASE@/run/radiusd
+fi
+
+@PREFIX@/sbin/radiusd "$@"

Index: pkgsrc/net/freeradius/patches/patch-raddb_radiusd.conf.in
diff -u /dev/null pkgsrc/net/freeradius/patches/patch-raddb_radiusd.conf.in:1.1
--- /dev/null	Thu Apr 16 15:49:30 2020
+++ pkgsrc/net/freeradius/patches/patch-raddb_radiusd.conf.in	Thu Apr 16 15:49:30 2020
@@ -0,0 +1,17 @@
+$NetBSD: patch-raddb_radiusd.conf.in,v 1.1 2020/04/16 15:49:30 jperkin Exp $
+
+Update example radiusd.conf to include the correct user/group
+
+--- raddb/radiusd.conf.in.orig	2020-04-15 11:59:38.209113301 +0000
++++ raddb/radiusd.conf.in	2020-04-15 12:00:19.973538936 +0000
+@@ -501,8 +501,8 @@
+ 	#  member.  This can allow for some finer-grained access
+ 	#  controls.
+ 	#
+-#	user = radius
+-#	group = radius
++	user = @RADIUS_USER@
++	group = @RADIUS_GROUP@
+ 
+ 	#  Core dumps are a bad thing.  This should only be set to
+ 	#  'yes' if you're debugging a problem with the server.


--_----------=_158705217093400--