Freeradius bootstrap overwrite my certs

Rafael Leiva-Ochoa <spawn@xxxxxxxxxxx> · Tue, 30 Apr 2019 15:21:16 -0700

Hi Everyone, 
     I recently upgraded to Freeradius 3.0.19-1 and I noticed after I restarted the service I was getting the following errors:

Apr 29 22:01:29 freeradius systemd[1]: Starting FreeRADIUS high performance RADIUS server....
Apr 29 22:01:30 freeradius sh[1970]: make: *** No rule to make target 'server.cnf', needed by 'passwords.mk'.  Stop.
Apr 29 22:01:30 freeradius systemd[1]: radiusd.service: Control process exited, code=exited status=2
Apr 29 22:01:30 freeradius systemd[1]: radiusd.service: Failed with result 'exit-code'.
Apr 29 22:01:30 freeradius systemd[1]: Failed to start FreeRADIUS high performance RADIUS server..
Apr 29 22:01:30 freeradius audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=radiusd comm="systemd
" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

I got it from Fedora 28 Repo: freeradius-3.0.19-1.fc28.armv7hl. After a lot of digging, I found that a "bootstrap" script on the /etc/raddb/certs/ directory was being called on the /usr/lib/systemd/system/radiusd.service. This script overwrote my current certificate files. I had to comment out the ExecStartPre=/bin/sh /etc/raddb/certs/bootstrap to fix the problem. I am not sure if anyone else encountered this problem before. 

Here is what I have on my /usr/lib/systemd/system/radiusd.service script for systemd

[Unit]
Description=FreeRADIUS high performance RADIUS server.
After=syslog.target network-online.target ipa.service dirsrv.target krb5kdc.service

[Service]
Type=forking
PIDFile=/var/run/radiusd/radiusd.pid
ExecStartPre=-/bin/chown -R radiusd.radiusd /var/run/radiusd
#ExecStartPre=/bin/sh /etc/raddb/certs/bootstrap
ExecStartPre=/bin/chgrp -R radiusd /etc/raddb/certs/
ExecStartPre=/usr/sbin/radiusd -C
ExecStart=/usr/sbin/radiusd -d /etc/raddb
ExecReload=/usr/sbin/radiusd -C
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Is this being addressed on future releases?

Thanks,

Rafael
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx