From 601c0804998f2e478e42fe5a0008df18b73d3b8b Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Wed, 21 Apr 2021 17:40:24 +0800
Subject: freeradius: check existence of openssl's commands in bootstrap

It calls openssl's commands 'dhparam' and 'pkcs12' in script bootstrap.
These commands are configurable based on configure options 'no-dh' and
'no-des', and may not be provided by openssl. So check existence of
these commands. If not, abort running of script bootstrap.

1. https://github.com/openssl/openssl/blob/master/apps/build.info#L37
2. https://github.com/openssl/openssl/blob/master/apps/build.info#L22

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c8ceefc5c3fa5ce87f0e1b0a8f5bb06b259d1e76)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../check-openssl-cmds-in-script-bootstrap.patch   | 38 ++++++++++++++++++++++
 .../freeradius/freeradius_3.0.21.bb                |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/freeradius/files/check-openssl-cmds-in-script-bootstrap.patch

(limited to 'meta-networking')

diff --git a/meta-networking/recipes-connectivity/freeradius/files/check-openssl-cmds-in-script-bootstrap.patch b/meta-networking/recipes-connectivity/freeradius/files/check-openssl-cmds-in-script-bootstrap.patch
new file mode 100644
index 0000000000..fcadae93a0
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/check-openssl-cmds-in-script-bootstrap.patch
@@ -0,0 +1,38 @@
+bootstrap: check commands of openssl exist
+
+It calls openssl commands dhparam and pkcs12 in script bootstrap. These
+commands are configurable based on configure options 'no-dh' and
+'no-des', and may not be provided by openssl. So check existence of
+these commands. If not, abort running of script bootstrap.
+
+1. https://github.com/openssl/openssl/blob/master/apps/build.info#L37
+2. https://github.com/openssl/openssl/blob/master/apps/build.info#L22
+
+Upstream-Status: Denied [https://github.com/FreeRADIUS/freeradius-server/pull/4059]
+				 The maintainer commented in the pull that the script could
+				 be run on a host which provides these openssl commands.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ raddb/certs/bootstrap | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
+index 0f719aafd4..17feddbeeb 100755
+--- a/raddb/certs/bootstrap
++++ b/raddb/certs/bootstrap
+@@ -13,6 +13,14 @@
+ umask 027
+ cd `dirname $0`
+ 
++#  check commands of openssl exist
++for cmd in dhparam pkcs12; do
++	if ! openssl ${cmd} -help >/dev/null 2>&1; then
++		echo "Error: command ${cmd} is not supported by openssl."
++		exit 1
++	fi
++done
++
+ make -h > /dev/null 2>&1
+ 
+ #
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
index 864a4e9447..a6df2aeb03 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
@@ -31,6 +31,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0
     file://0001-workaround-error-with-autoconf-2.7.patch \
     file://radiusd.service \
     file://radiusd-volatiles.conf \
+    file://check-openssl-cmds-in-script-bootstrap.patch \
 "
 
 SRCREV = "af428abda249b2279ba0582180985a9f6f4a144a"
-- 
cgit 1.2.3-korg