1 # Copyright 1999-2020 Gentoo Authors
2 # Distributed under the terms of the GNU General Public License v2
6 PYTHON_COMPAT=( python{2_7,3_{6,7}} )
7 inherit autotools pam python-single-r1 systemd user
9 MY_P="${PN}-server-${PV}"
11 DESCRIPTION="Highly configurable free RADIUS server"
13 ftp://ftp.freeradius.org/pub/radius/${MY_P}.tar.gz
14 ftp://ftp.freeradius.org/pub/radius/old/${MY_P}.tar.gz
16 HOMEPAGE="http://www.freeradius.org/"
18 KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86"
23 debug firebird iodbc kerberos ldap libressl memcached mysql odbc oracle pam
24 pcap postgres python readline rest samba sqlite ssl redis
26 RESTRICT="test firebird? ( bindist )"
28 # NOTE: Temporary freeradius doesn't support linking with mariadb client
29 # libs also if code is compliant, will be available in the next release.
30 # (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)
31 RDEPEND="!net-dialup/cistronradius
36 python? ( ${PYTHON_DEPS} )
37 readline? ( sys-libs/readline:0= )
38 pcap? ( net-libs/libpcap )
39 memcached? ( dev-libs/libmemcached )
40 mysql? ( dev-db/mysql-connector-c )
41 postgres? ( dev-db/postgresql:= )
42 firebird? ( dev-db/firebird )
44 rest? ( dev-libs/json-c:= )
45 samba? ( net-fs/samba )
46 redis? ( dev-libs/hiredis:= )
48 !libressl? ( dev-libs/openssl:0=[-bindist] )
49 libressl? ( dev-libs/libressl:0= )
51 ldap? ( net-nds/openldap )
52 kerberos? ( virtual/krb5 )
53 sqlite? ( dev-db/sqlite:3 )
54 odbc? ( dev-db/unixODBC )
55 iodbc? ( dev-db/libiodbc )
56 oracle? ( dev-db/oracle-instantclient-basic )"
59 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
61 S="${WORKDIR}/${MY_P}"
64 "${FILESDIR}"/${P}-libressl.patch
65 "${FILESDIR}"/${P}-systemd-service.patch
70 enewuser radius -1 -1 /var/log/radius radius
73 python-single-r1_pkg_setup
74 export PYTHONBIN="${EPYTHON}"
79 # most of the configuration options do not appear as ./configure
80 # switches. Instead it identifies the directories that are available
81 # and run through them. These might check for the presence of
82 # various libraries, in which case they are not built. To avoid
83 # automagic dependencies, we just remove all the modules that we're
84 # not interested in using.
86 use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
87 use ldap || { rm -r src/modules/rlm_ldap || die ; }
88 use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
89 use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
90 use pam || { rm -r src/modules/rlm_pam || die ; }
91 use python || { rm -r src/modules/rlm_python || die ; }
92 use rest || { rm -r src/modules/rlm_rest || die ; }
93 use redis || { rm -r src/modules/rlm_redis{,who} || die ; }
94 # can't just nuke rlm_mschap because many modules rely on smbdes.h
95 use samba || { rm -r src/modules/rlm_mschap/{configure,*.mk} || die ; }
96 # Do not install ruby rlm module, bug #483108
97 rm -r src/modules/rlm_ruby || die
99 # these are all things we don't have in portage/I don't want to deal
101 rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library
102 rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2
103 rm -r src/modules/rlm_opendirectory || die # requires some membership.h
104 rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
106 # sql drivers that are not part of experimental are loaded from a
107 # file, so we have to remove them from the file itself when we
111 local driver=rlm_sql_${2:-${flag}}
113 if ! use ${flag}; then
114 rm -r src/modules/rlm_sql/drivers/${driver} || die
115 sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
120 -e 's:^#\tuser = :\tuser = :g' \
121 -e 's:^#\tgroup = :\tgroup = :g' \
122 -e 's:/var/run/radiusd:/run/radiusd:g' \
123 -e '/^run_dir/s:${localstatedir}::g' \
124 raddb/radiusd.conf.in || die
127 # build shared libraries using jlibtool --shared
129 -e '/$(LIBTOOL)/s|--quiet ||g' \
130 -e 's:--mode=\(compile\|link\):& --shared:g' \
134 -e 's|--silent ||g' \
135 -e 's:--mode=\(compile\|link\):& --shared:g' \
136 scripts/libtool.mk || die
138 # crude measure to stop jlibtool from running ranlib and ar
140 -e '/LIBRARIAN/s|".*"|"true"|g' \
141 -e '/RANLIB/s|".*"|"true"|g' \
142 scripts/jlibtool.c || die
145 usesqldriver postgres postgresql
146 usesqldriver firebird
148 usesqldriver odbc unixodbc
158 # do not try to enable static with static-libs; upstream is a
159 # massacre of libtool best practices so you also have to make sure
160 # to --enable-shared explicitly.
164 --disable-ltdl-install
165 --with-system-libtool
166 --with-system-libltdl
170 --with-iodbc-include-dir=/usr/include/iodbc
171 --with-experimental-modules
172 --with-docdir=/usr/share/doc/${PF}
173 --with-logdir=/var/log/radius
174 $(use_enable debug developer)
175 $(use_with ldap edir)
176 $(use_with ssl openssl)
179 if has_version app-crypt/heimdal; then
180 myeconfargs+=( --enable-heimdal-krb5 )
183 use readline || export ac_cv_lib_readline=no
184 use pcap || export ac_cv_lib_pcap_pcap_open_live=no
186 econf "${myeconfargs[@]}"
190 # verbose, do not generate certificates
193 LOCAL_CERT_PRODUCTS=''
198 diropts -m0750 -o root -g radius
200 diropts -m0750 -o radius -g radius
201 dodir /var/log/radius
202 keepdir /var/log/radius/radacct
205 # verbose, do not install certificates
206 # Parallel install fails (#509498)
209 LOCAL_CERT_PRODUCTS='' \
213 fowners -R root:radius /etc/raddb
214 fowners -R radius:radius /var/log/radius
216 pamd_mimic_system radiusd auth account password session
220 rm "${ED}/usr/sbin/rc.radiusd" || die
222 newinitd "${FILESDIR}/radius.init-r3" radiusd
223 newconfd "${FILESDIR}/radius.conf-r4" radiusd
225 systemd_newtmpfilesd "${FILESDIR}"/freeradius.tmpfiles freeradius.conf
226 systemd_dounit "${S}"/debian/freeradius.service
228 find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
233 cd "${ROOT}"/etc/raddb/certs || die
234 ./bootstrap || die "Error while running ./bootstrap script."
235 fowners -R root:radius "${ROOT}"/etc/raddb/certs
240 if ! has_version ${CATEGORY}/${PN} && use ssl; then
241 elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
242 elog "to start the radiusd service."