move the several @exec-add lines to a script for first-run.

run cert bootstrap there, this is complicated enough to configure it's best if things match upstream's documentation as closely as possible. prompted by a mail from Julien Dhaille
2019-03-14 01:33:14 +00:00 · 2019-03-14 01:33:14 +00:00 · 7bcccd8f2d
commit 7bcccd8f2d
parent 0e3d74508c
3 changed files with 42 additions and 9 deletions
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.35 2019/02/28 18:46:49 sthen Exp $
+# $OpenBSD: Makefile,v 1.36 2019/03/14 01:33:14 sthen Exp $

 PORTROACH=	limit:^3\.

@ -12,6 +12,7 @@ COMMENT-pgsql=	freeradius pgsql rlm addon
 COMMENT-python=	freeradius python rlm addon

 V=		3.0.18
+REVISION-main=	0
 DISTNAME=	freeradius-server-$V
 EXTRACT_SUFX=	.tar.bz2

@ -184,5 +185,7 @@ post-install:
 	rm ${PREFIX}/lib/freeradius/*.*a
 	rm -r ${PREFIX}/share/examples/freeradius/mods-config/sql/*/oracle
 	chmod -R u+rwX,og+rX ${PREFIX}/share/examples/freeradius/
+	${SUBST_CMD} -c -m 555 ${FILESDIR}/freeradius-enable.sh \
+	    ${PREFIX}/share/freeradius/freeradius-enable.sh

 .include <bsd.port.mk>
--- a/net/freeradius3/files/freeradius-enable.sh
+++ b/net/freeradius3/files/freeradius-enable.sh
@ -0,0 +1,26 @@
+#!/bin/ksh
+
+if [[ $1 != firstrun ]]; then
+  echo This script is intended for calling by pkg_add during initial
+  echo installation to setup the default configuration. It is not meant
+  echo to be run manually.
+  exit 1
+fi
+
+# if any of these exist, we are already configured and should bail out
+if [[ -e ${FREERADIUS_ETC}/hints || -e ${FREERADIUS_ETC}/huntgroups || \
+	-e ${FREERADIUS_ETC}/users || -e ${FREERADIUS_ETC}/certs/server.pem || \
+	-d ${FREERADIUS_ETC}/mods-enabled || -d ${FREERADIUS_ETC}/sites-enabled ]]; then
+  exit 0
+fi
+
+echo '===>  Copying initial configuration'
+ln -s mods-config/preprocess/hints ${FREERADIUS_ETC}/hints
+ln -s mods-config/preprocess/huntgroups ${FREERADIUS_ETC}/huntgroups
+ln -s mods-config/files/authorize ${FREERADIUS_ETC}/users
+cp -R ${PREFIX}/share/examples/freeradius/mods-enabled ${FREERADIUS_ETC}/
+cp -R ${PREFIX}/share/examples/freeradius/sites-enabled ${FREERADIUS_ETC}/
+echo '===>  Generating self-signed keys, this will take a few minutes'
+su -l -s /bin/sh _freeradius -c 'umask 007; ${FREERADIUS_ETC}/certs/bootstrap > /dev/null'
+echo '===>  Please note: to avoid conflicting with radiusd in base,'
+echo "      for debug mode use the full path: ${PREFIX}/sbin/radiusd -X"
--- a/net/freeradius3/pkg/PLIST-main
+++ b/net/freeradius3/pkg/PLIST-main
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST-main,v 1.11 2019/02/28 18:46:49 sthen Exp $
+@comment $OpenBSD: PLIST-main,v 1.12 2019/03/14 01:33:14 sthen Exp $
@option is-branch
@conflict freeradius-*
@conflict radiusd-cistron-*
@ -344,15 +344,21 @@ share/examples/freeradius/
@mode
 share/examples/freeradius/README.rst
 share/examples/freeradius/certs/
-@mode 750
+@mode 700
+@owner _freeradius
+@group wheel
@sample ${FREERADIUS_ETC}/certs/
+@owner
+@group _freeradius
@mode
 share/examples/freeradius/certs/Makefile
@sample ${FREERADIUS_ETC}/certs/Makefile
 share/examples/freeradius/certs/README
@sample ${FREERADIUS_ETC}/certs/README
 share/examples/freeradius/certs/bootstrap
+@mode 555
@sample ${FREERADIUS_ETC}/certs/bootstrap
+@mode
 share/examples/freeradius/certs/ca.cnf
@sample ${FREERADIUS_ETC}/certs/ca.cnf
 share/examples/freeradius/certs/client.cnf
@ -931,12 +937,10 @@ share/freeradius/dictionary.yubico
 share/freeradius/dictionary.zeus
 share/freeradius/dictionary.zte
 share/freeradius/dictionary.zyxel
+@mode 555
+share/freeradius/freeradius-enable.sh
+@mode
@owner _freeradius
@sample /var/log/radius/
@sample /var/log/radius/radacct/
-@exec-add [[ -e ${FREERADIUS_ETC}/hints ]] || ln -s mods-config/preprocess/hints ${FREERADIUS_ETC}/hints
-@exec-add [[ -e ${FREERADIUS_ETC}/huntgroups ]] || ln -s mods-config/preprocess/huntgroups ${FREERADIUS_ETC}/huntgroups
-@exec-add [[ -e ${FREERADIUS_ETC}/users ]] || ln -s mods-config/files/authorize ${FREERADIUS_ETC}/users
-@comment .... copy in the default symlinks at installation time
-@exec-add [[ -d ${FREERADIUS_ETC}/mods-enabled ]] || cp -R %D/share/examples/freeradius/mods-enabled ${FREERADIUS_ETC}/
-@exec-add [[ -d ${FREERADIUS_ETC}/sites-enabled ]] || cp -R %D/share/examples/freeradius/sites-enabled ${FREERADIUS_ETC}/
+@exec-add %D/share/freeradius/freeradius-enable.sh firstrun