1 # Copyright 1999-2016 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
6 PYTHON_COMPAT=( python2_7 )
7 inherit autotools eutils pam python-any-r1 systemd user
9 MY_P="${PN}-server-${PV}"
11 DESCRIPTION="Highly configurable free RADIUS server"
13 ftp://ftp.freeradius.org/pub/radius/${MY_P}.tar.gz
14 ftp://ftp.freeradius.org/pub/radius/old/${MY_P}.tar.gz
16 HOMEPAGE="http://www.freeradius.org/"
18 KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
23 debug firebird iodbc kerberos ldap mysql odbc oracle pam pcap
24 postgres python readline sqlite ssl
26 RESTRICT="test firebird? ( bindist )"
28 RDEPEND="!net-dialup/cistronradius
34 python? ( ${PYTHON_DEPS} )
35 readline? ( sys-libs/readline:0= )
36 pcap? ( net-libs/libpcap )
37 mysql? ( virtual/mysql )
38 postgres? ( dev-db/postgresql:= )
39 firebird? ( dev-db/firebird )
41 ssl? ( dev-libs/openssl:0= )
42 ldap? ( net-nds/openldap )
43 kerberos? ( virtual/krb5 )
44 sqlite? ( dev-db/sqlite:3 )
45 odbc? ( dev-db/unixODBC )
46 iodbc? ( dev-db/libiodbc )
47 oracle? ( dev-db/oracle-instantclient-basic )"
50 S="${WORKDIR}/${MY_P}"
54 enewuser radius -1 -1 /var/log/radius radius
56 python-any-r1_pkg_setup
57 export PYTHONBIN="${EPYTHON}"
61 # most of the configuration options do not appear as ./configure
62 # switches. Instead it identifies the directories that are available
63 # and run through them. These might check for the presence of
64 # various libraries, in which case they are not built. To avoid
65 # automagic dependencies, we just remove all the modules that we're
66 # not interested in using.
68 use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
69 use ldap || { rm -r src/modules/rlm_ldap || die ; }
70 use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
71 use pam || { rm -r src/modules/rlm_pam || die ; }
72 use python || { rm -r src/modules/rlm_python || die ; }
73 # Do not install ruby rlm module, bug #483108
74 rm -r src/modules/rlm_ruby || die
76 # these are all things we don't have in portage/I don't want to deal
78 rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library
79 rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2
80 rm -r src/modules/rlm_opendirectory || die # requires some membership.h
81 rm -r src/modules/rlm_redis{,who} || die # requires redis
82 rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
84 # sql drivers that are not part of experimental are loaded from a
85 # file, so we have to remove them from the file itself when we
89 local driver=rlm_sql_${2:-${flag}}
91 if ! use ${flag}; then
92 rm -r src/modules/rlm_sql/drivers/${driver} || die
93 sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
98 -e 's:^#\tuser = :\tuser = :g' \
99 -e 's:^#\tgroup = :\tgroup = :g' \
100 -e 's:/var/run/radiusd:/run/radiusd:g' \
101 -e '/^run_dir/s:${localstatedir}::g' \
102 raddb/radiusd.conf.in || die
105 # build shared libraries using jlibtool --shared
107 -e '/$(LIBTOOL)/s|--quiet ||g' \
108 -e 's:--mode=\(compile\|link\):& --shared:g' \
112 -e 's|--silent ||g' \
113 -e 's:--mode=\(compile\|link\):& --shared:g' \
114 scripts/libtool.mk || die
116 # crude measure to stop jlibtool from running ranlib and ar
118 -e '/LIBRARIAN/s|".*"|"true"|g' \
119 -e '/RANLIB/s|".*"|"true"|g' \
120 scripts/jlibtool.c || die
123 usesqldriver postgres postgresql
124 usesqldriver firebird
126 usesqldriver odbc unixodbc
137 if has_version app-crypt/heimdal; then
138 myconf+=( --enable-heimdal-krb5 )
141 use readline || export ac_cv_lib_readline=no
142 use pcap || export ac_cv_lib_pcap_pcap_open_live=no
144 # do not try to enable static with static-libs; upstream is a
145 # massacre of libtool best practices so you also have to make sure
146 # to --enable-shared explicitly.
150 --disable-ltdl-install \
151 --with-system-libtool \
152 --with-system-libltdl \
153 --with-ascend-binary \
156 --with-iodbc-include-dir=/usr/include/iodbc \
157 --with-experimental-modules \
158 --with-docdir=/usr/share/doc/${PF} \
159 --with-logdir=/var/log/radius \
160 $(use_enable debug developer) \
161 $(use_with ldap edir) \
162 $(use_with ssl openssl) \
167 # verbose, do not generate certificates
170 LOCAL_CERT_PRODUCTS=''
175 diropts -m0750 -o root -g radius
177 diropts -m0750 -o radius -g radius
178 dodir /var/log/radius
179 keepdir /var/log/radius/radacct
182 # verbose, do not install certificates
185 LOCAL_CERT_PRODUCTS='' \
189 fowners -R root:radius /etc/raddb
191 pamd_mimic_system radiusd auth account password session
195 rm "${D}/usr/sbin/rc.radiusd" || die
197 newinitd "${FILESDIR}/radius.init-r3" radiusd
198 newconfd "${FILESDIR}/radius.conf-r4" radiusd
200 systemd_newtmpfilesd "${FILESDIR}"/freeradius.tmpfiles freeradius.conf
201 systemd_dounit "${FILESDIR}"/freeradius.service
208 cd "${ROOT}"/etc/raddb/certs
211 chown -R root:radius "${ROOT}"/etc/raddb/certs
216 if ! has_version ${CATEGORY}/${PN} && use ssl; then
217 elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
218 elog "to start the radiusd service."