aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authororbea <orbea@riseup.net>2022-05-06 14:44:11 -0700
committerQuentin Retornaz <gentoo@retornaz.com>2022-05-07 03:31:21 +0200
commitca263beccd204324898a868316cf905059a00511 (patch)
treecbc88ed545d7947d7109900925081ef77b8596ac /net-dialup
parentdev-lang/ruby: Added (diff)
downloadlibressl-ca263beccd204324898a868316cf905059a00511.tar.gz
libressl-ca263beccd204324898a868316cf905059a00511.tar.bz2
libressl-ca263beccd204324898a868316cf905059a00511.zip
net-dialup/freeradius: Updated for version 3.0.25-r2
Signed-off-by: orbea <orbea@riseup.net> Signed-off-by: Quentin Retornaz <gentoo@retornaz.com>
Diffstat (limited to 'net-dialup')
-rw-r--r--net-dialup/freeradius/Manifest1
-rw-r--r--net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch148
-rw-r--r--net-dialup/freeradius/files/radius.conf-r622
-rw-r--r--net-dialup/freeradius/files/radius.init-r431
-rw-r--r--net-dialup/freeradius/freeradius-3.0.25-r2.ebuild268
-rw-r--r--net-dialup/freeradius/metadata.xml11
6 files changed, 472 insertions, 9 deletions
diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest
index b0ca97f..849cc39 100644
--- a/net-dialup/freeradius/Manifest
+++ b/net-dialup/freeradius/Manifest
@@ -1 +1,2 @@
+DIST freeradius-3.0.25.tar.gz 5300245 BLAKE2B bf8908aa7bfabb9e15fa841457f176a4f2697bdec7994485516ef338908b46f2168260b7acf1a7120a687e543f0381bb787567bb4d564b9d14a3eb464a0e9ed6 SHA512 13382a53e6a1a4495c6f53e662ce21b80d73b6134a72f099f05495b64c56ae1a6c1cd1281311f1c3695d8532207fe5bd3d2026ed2c45f3cb5adb1011f1505ee7
DIST freeradius-server-3.0.20.tar.gz 5002727 BLAKE2B f481ad22105694a4af3f0f0c1b4f6e395e8da0fe65274e32ebeed07e3c9b1869029e6ffbc655cfa41d5de2a1dcba54acee33a7a10d28bfbfce791b7ccd0fc57a SHA512 513ed0a5d9e6b9a8d89a9b02c86ff528a9ff14d928f4c1040ca44702465abd711588fe6afa35554cb2c8e8bd7f19dd5be3dbc78445c62c7b00bf5cbc4c621312
diff --git a/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch b/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch
new file mode 100644
index 0000000..8da9279
--- /dev/null
+++ b/net-dialup/freeradius/files/freeradius-3.0.25-libressl.patch
@@ -0,0 +1,148 @@
+From OpenBSD:
+
+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_cb_c
+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_main_tls_c
+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/freeradius/patches/patch-src_modules_rlm_eap_types_rlm_eap_fast_rlm_eap_fast_c
+
+Index: src/main/cb.c
+--- a/src/main/cb.c.orig
++++ b/src/main/cb.c
+@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret)
+ /*
+ * After a ClientHello, list all the proposed ciphers from the client
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) {
+ int i;
+ int num_ciphers;
+@@ -192,7 +192,7 @@ void cbtls_msg(int write_p, int msg_version, int conte
+ state->info.alert_level = 0x00;
+ state->info.alert_description = 0x00;
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ } else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) {
+ /* let tls_ack_handler set application_data */
+ state->info.content_type = SSL3_RT_HANDSHAKE;
+Index: src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
+--- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c.orig
++++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
+@@ -200,7 +200,7 @@ static void eap_fast_session_ticket(tls_session_t *tls
+ }
+
+ // hostap:src/crypto/tls_openssl.c:tls_sess_sec_cb()
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static int _session_secret(SSL *s, void *secret, int *secret_len,
+ UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers,
+ UNUSED SSL_CIPHER **cipher, void *arg)
+@@ -224,7 +224,7 @@ static int _session_secret(SSL *s, void *secret, int *
+
+ RDEBUG("processing PAC-Opaque");
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len);
+ #else
+ uint8_t client_random[SSL3_RANDOM_SIZE];
+Index: src/main/tls.c
+--- a/src/main/tls.c.orig
++++ b/src/main/tls.c
+@@ -622,7 +622,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls
+ /*
+ * Swap empty store with the old one.
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx);
+ /* Bump refcnt so the store is kept allocated till next store replacement */
+ X509_STORE_up_ref(conf->old_x509_store);
+@@ -1340,7 +1340,7 @@ void tls_session_information(tls_session_t *tls_sessio
+ if ((tls_session->info.version > tls_session->conf->max_version) &&
+ (rad_debug_lvl > 0)) {
+ WARN("TLS 1.3 has been negotiated even though it was disabled. This is an OpenSSL Bug.");
+- WARN("Please set: cipher_list = \"DEFAULT@SECLEVEL=1\" in the tls {...} section.");
++ WARN("Setting cipher_list in the tls {...} section might help.");
+ }
+ #endif
+ break;
+@@ -1697,7 +1697,7 @@ static int load_dh_params(SSL_CTX *ctx, char *file)
+ *
+ * Change suggested by @t8m
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (FIPS_mode() > 0) {
+ WARN(LOG_PREFIX ": Ignoring user-selected DH parameters in FIPS mode. Using defaults.");
+ return 0;
+@@ -1920,7 +1920,7 @@ done:
+ return 0;
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy)
+ #else
+ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy)
+@@ -2304,7 +2304,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION *
+ return 0;
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static SSL_SESSION *cbtls_cache_load(SSL *ssl, unsigned char *data, int len, int *copy)
+ #else
+ static SSL_SESSION *cbtls_cache_load(SSL *ssl, const unsigned char *data, int len, int *copy)
+@@ -2840,7 +2840,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ char cn_str[1024];
+ char buf[64];
+ X509 *client_cert;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const STACK_OF(X509_EXTENSION) *ext_list;
+ #else
+ STACK_OF(X509_EXTENSION) *ext_list;
+@@ -3058,7 +3058,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ }
+
+ if (lookup == 0) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ ext_list = X509_get0_extensions(client_cert);
+ #else
+ X509_CINF *client_inf;
+@@ -3111,7 +3111,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ value[0] = '0';
+ value[1] = 'x';
+ const unsigned char *srcp;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const ASN1_STRING *srcasn1p;
+ srcasn1p = X509_EXTENSION_get_data(ext);
+ srcp = ASN1_STRING_get0_data(srcasn1p);
+@@ -3203,13 +3203,13 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ */
+ if (depth == 0) {
+ tls_session_t *ssn = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_SSN);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ STACK_OF(X509)* untrusted = NULL;
+ #endif
+
+ rad_assert(ssn != NULL);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /*
+ * See if there are any untrusted certificates.
+ * If so, complain about them.
+@@ -4169,7 +4169,7 @@ post_ca:
+ * disable early data.
+ *
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CTX_set_max_early_data(ctx, 0);
+ #endif
+
diff --git a/net-dialup/freeradius/files/radius.conf-r6 b/net-dialup/freeradius/files/radius.conf-r6
new file mode 100644
index 0000000..50d2a1c
--- /dev/null
+++ b/net-dialup/freeradius/files/radius.conf-r6
@@ -0,0 +1,22 @@
+# Config file for /etc/init.d/radiusd
+
+# see man pages for radiusd run `radiusd -h`
+# for valid cmdline options
+#RADIUSD_OPTS=""
+
+# Change this value if you change it in /etc/raddb/radiusd.conf
+pidfile=/run/radiusd/radiusd.pid
+
+# Change these values if you change them in /etc/raddb/radiusd.conf
+RADIUSD_USER=radius
+RADIUSD_GROUP=radius
+
+RADIUSD_LOGPATH=/var/log/radius
+
+# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
+# to uncomment the following line.
+#rc_use="logger"
+
+# If you use ldap, start the ldap server prior to FreeRADIUS to avoid
+# startup crashes.
+#rc_use="ldap"
diff --git a/net-dialup/freeradius/files/radius.init-r4 b/net-dialup/freeradius/files/radius.init-r4
new file mode 100644
index 0000000..dee1842
--- /dev/null
+++ b/net-dialup/freeradius/files/radius.init-r4
@@ -0,0 +1,31 @@
+#!/sbin/openrc-run
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+command=/usr/sbin/radiusd
+command_args="${RADIUSD_OPTS}"
+pidfile="${pidfile:-/run/radiusd/radiusd.pid}"
+extra_started_commands="reload"
+
+depend() {
+ need localmount
+ use dns
+}
+
+start_pre() {
+ if [ ! -f /etc/raddb/radiusd.conf ] ; then
+ eerror "No /etc/raddb/radiusd.conf file exists!"
+ return 1
+ fi
+
+ checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
+ $(dirname ${pidfile}) "${RADIUSD_LOGPATH:-/var/log/radius}"
+ checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
+ $(dirname ${pidfile}) /run/radiusd
+}
+
+reload() {
+ ebegin "Reloading radiusd"
+ kill -HUP $(cat ${pidfile})
+ eend $?
+}
diff --git a/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild b/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild
new file mode 100644
index 0000000..8e473f0
--- /dev/null
+++ b/net-dialup/freeradius/freeradius-3.0.25-r2.ebuild
@@ -0,0 +1,268 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+inherit autotools pam python-single-r1 systemd
+
+MY_PV=$(ver_rs 1- "_")
+
+DESCRIPTION="Highly configurable free RADIUS server"
+HOMEPAGE="https://freeradius.org/"
+SRC_URI="https://github.com/FreeRADIUS/freeradius-server/archive/release_${MY_PV}.tar.gz -> ${P}.tar.gz"
+S="${WORKDIR}/freeradius-server-release_${MY_PV}"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm arm64 ~ppc ~ppc64 ~sparc x86"
+
+IUSE="
+ debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
+ pcap postgres python readline redis rest samba sqlite ssl systemd
+"
+
+RESTRICT="test firebird? ( bindist )"
+
+# NOTE: Temporary freeradius doesn't support linking with mariadb client
+# libs also if code is compliant, will be available in the next release.
+# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
+
+# TODO: rlm_mschap works with both samba library or without. I need to avoid
+# linking of samba library if -samba is used.
+RDEPEND="acct-group/radius
+ acct-user/radius
+ !net-dialup/cistronradius
+ dev-lang/perl:=
+ sys-libs/gdbm:=
+ sys-libs/talloc
+ virtual/libcrypt:=
+ firebird? ( dev-db/firebird )
+ iodbc? ( dev-db/libiodbc )
+ kerberos? ( virtual/krb5 )
+ ldap? ( net-nds/openldap:= )
+ memcached? ( dev-libs/libmemcached )
+ mysql? ( dev-db/mysql-connector-c:= )
+ mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
+ odbc? ( dev-db/unixODBC )
+ oracle? ( dev-db/oracle-instantclient[sdk] )
+ pam? ( sys-libs/pam )
+ pcap? ( net-libs/libpcap )
+ postgres? ( dev-db/postgresql:= )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:0= )
+ redis? ( dev-libs/hiredis:= )
+ rest? ( dev-libs/json-c:= )
+ samba? ( net-fs/samba )
+ sqlite? ( dev-db/sqlite:3 )
+ ssl? (
+ dev-libs/openssl:0=[-bindist(-)]
+ )
+ systemd? ( sys-apps/systemd )"
+DEPEND="${RDEPEND}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# 721040
+QA_SONAME="usr/lib.*/libfreeradius-.*.so"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.0.25-libressl.patch
+ "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
+)
+
+pkg_setup() {
+ if use python ; then
+ python-single-r1_pkg_setup
+ export PYTHONBIN="${EPYTHON}"
+ fi
+}
+
+src_prepare() {
+ # most of the configuration options do not appear as ./configure
+ # switches. Instead it identifies the directories that are available
+ # and run through them. These might check for the presence of
+ # various libraries, in which case they are not built. To avoid
+ # automagic dependencies, we just remove all the modules that we're
+ # not interested in using.
+
+ eapply_user
+ default
+
+ use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
+ use ldap || { rm -r src/modules/rlm_ldap || die ; }
+ use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
+ use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
+ use pam || { rm -r src/modules/rlm_pam || die ; }
+ # Drop support of python2
+ rm -r src/modules/rlm_python || die
+ use python || { rm -r src/modules/rlm_python3 || die ; }
+ use rest || { rm -r src/modules/rlm_rest || die ; }
+ use redis || { rm -r src/modules/rlm_redis{,who} || die ; }
+ # Do not install ruby rlm module, bug #483108
+ rm -r src/modules/rlm_ruby || die
+
+ # these are all things we don't have in portage/I don't want to deal
+ # with myself
+ rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library
+ rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2
+ rm -r src/modules/rlm_opendirectory || die # requires some membership.h
+ rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
+
+ # sql drivers that are not part of experimental are loaded from a
+ # file, so we have to remove them from the file itself when we
+ # remove them.
+ usesqldriver() {
+ local flag=$1
+ local driver=rlm_sql_${2:-${flag}}
+
+ if ! use ${flag}; then
+ rm -r src/modules/rlm_sql/drivers/${driver} || die
+ sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
+ fi
+ }
+
+ sed -i \
+ -e 's:^#\tuser = :\tuser = :g' \
+ -e 's:^#\tgroup = :\tgroup = :g' \
+ -e 's:/var/run/radiusd:/run/radiusd:g' \
+ -e '/^run_dir/s:${localstatedir}::g' \
+ raddb/radiusd.conf.in || die
+
+ # verbosity
+ # build shared libraries using jlibtool -shared
+ sed -i \
+ -e '/$(LIBTOOL)/s|--quiet ||g' \
+ -e 's:--mode=\(compile\|link\):& -shared:g' \
+ Make.inc.in || die
+
+ sed -i \
+ -e 's|--silent ||g' \
+ -e 's:--mode=\(compile\|link\):& -shared:g' \
+ scripts/libtool.mk || die
+
+ # crude measure to stop jlibtool from running ranlib and ar
+ sed -i \
+ -e '/LIBRARIAN/s|".*"|"true"|g' \
+ -e '/RANLIB/s|".*"|"true"|g' \
+ scripts/jlibtool.c || die
+
+ usesqldriver mysql
+ usesqldriver postgres postgresql
+ usesqldriver firebird
+ usesqldriver iodbc
+ usesqldriver odbc unixodbc
+ usesqldriver oracle
+ usesqldriver sqlite
+ usesqldriver mongodb mongo
+
+ eautoreconf
+}
+
+src_configure() {
+ # do not try to enable static with static-libs; upstream is a
+ # massacre of libtool best practices so you also have to make sure
+ # to --enable-shared explicitly.
+ local myeconfargs=(
+ --enable-shared
+ --disable-static
+ --disable-ltdl-install
+ --with-system-libtool
+ --with-system-libltdl
+ --with-ascend-binary
+ --with-udpfromto
+ --with-dhcp
+ --with-iodbc-include-dir=/usr/include/iodbc
+ --with-experimental-modules
+ --with-docdir=/usr/share/doc/${PF}
+ --with-logdir=/var/log/radius
+ $(use_enable debug developer)
+ $(use_with ldap edir)
+ $(use_with ssl openssl)
+ $(use_with systemd systemd)
+ )
+ # fix bug #77613
+ if has_version app-crypt/heimdal; then
+ myeconfargs+=( --enable-heimdal-krb5 )
+ fi
+
+ if use python ; then
+ myeconfargs+=(
+ --with-rlm-python3-bin=${EPYTHON}
+ --with-rlm-python3-config-bin=${EPYTHON}-config
+ )
+ fi
+
+ use readline || export ac_cv_lib_readline=no
+ use pcap || export ac_cv_lib_pcap_pcap_open_live=no
+
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ # verbose, do not generate certificates
+ emake \
+ Q='' ECHO=true \
+ LOCAL_CERT_PRODUCTS=''
+}
+
+src_install() {
+ dodir /etc
+ diropts -m0750 -o root -g radius
+ dodir /etc/raddb
+ diropts -m0750 -o radius -g radius
+ dodir /var/log/radius
+ keepdir /var/log/radius/radacct
+ diropts
+
+ # verbose, do not install certificates
+ # Parallel install fails (#509498)
+ emake -j1 \
+ Q='' ECHO=true \
+ LOCAL_CERT_PRODUCTS='' \
+ R="${D}" \
+ install
+
+ if use pam; then
+ pamd_mimic_system radiusd auth account password session
+ fi
+
+ # fix #711756
+ fowners -R radius:radius /etc/raddb
+ fowners -R radius:radius /var/log/radius
+
+ dodoc CREDITS
+
+ rm "${ED}/usr/sbin/rc.radiusd" || die
+
+ newinitd "${FILESDIR}/radius.init-r4" radiusd
+ newconfd "${FILESDIR}/radius.conf-r6" radiusd
+
+ if ! use systemd ; then
+ # If systemd builtin is not enabled we need use Type=Simple
+ # as systemd .service
+ sed -i -e 's:^Type=.*::g' \
+ -e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \
+ "${S}"/debian/freeradius.service
+ fi
+ systemd_dounit "${S}"/debian/freeradius.service
+
+ find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
+}
+
+pkg_config() {
+ if use ssl; then
+ cd "${ROOT}"/etc/raddb/certs || die
+ ./bootstrap || die "Error while running ./bootstrap script."
+ chown root:radius "${ROOT}"/etc/raddb/certs || die
+ chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die
+ chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die
+ fi
+}
+
+pkg_preinst() {
+ if ! has_version ${CATEGORY}/${PN} && use ssl; then
+ elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
+ elog "to start the radiusd service."
+ fi
+}
diff --git a/net-dialup/freeradius/metadata.xml b/net-dialup/freeradius/metadata.xml
index 6d8b1cc..2ae2372 100644
--- a/net-dialup/freeradius/metadata.xml
+++ b/net-dialup/freeradius/metadata.xml
@@ -1,14 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
- <maintainer type="person">
- <email>geaaru@gmail.com</email>
- <name>Daniele Rondina</name>
- </maintainer>
- <maintainer type="project">
- <email>proxy-maint@gentoo.org</email>
- <name>Proxy Maintainers</name>
- </maintainer>
+ <!-- maintainer-needed -->
<use>
<flag name="memcached">
Include <pkg>dev-libs/libmemcached</pkg> in caching drivers