diff options
Diffstat (limited to 'debian/patches/replace-radsecret.patch')
-rw-r--r-- | debian/patches/replace-radsecret.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/debian/patches/replace-radsecret.patch b/debian/patches/replace-radsecret.patch new file mode 100644 index 0000000..616f6ea --- /dev/null +++ b/debian/patches/replace-radsecret.patch @@ -0,0 +1,38 @@ +Description: replace radsecret with a Bash variant + This avoids adding two perl dependencies which are in Universe, and trigger a + component mismatch in Ubuntu. + . + This patch is 3 changes put together: + https://github.com/FreeRADIUS/freeradius-server/commit/b77c4e295a55451efea4ff44029a2551c855386c + https://github.com/FreeRADIUS/freeradius-server/commit/3d568a74ed566089062ecca635bf0e89a1895346 + And replacing random with urandom as commented in https://github.com/FreeRADIUS/freeradius-server/pull/5375#issuecomment-2233818142 + . + Discussion in https://github.com/FreeRADIUS/freeradius-server/pull/5375 +Origin: upstream, https://github.com/FreeRADIUS/freeradius-server/commit/b77c4e295a55451efea4ff44029a2551c855386c and others, see description +Bug-Debian: https://bugs.debian.org/1076458 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/2073269 +Last-Update: 2024-07-17 + +Index: freeradius/src/main/radsecret +=================================================================== +--- freeradius.orig/src/main/radsecret 2024-07-17 14:41:42.151818906 -0300 ++++ freeradius/src/main/radsecret 2024-07-17 14:42:04.490103653 -0300 +@@ -1,7 +1,14 @@ +-#!/usr/bin/env perl ++#!/bin/sh + # + # A tool which generates strong shared secrets. + # +-use Convert::Base32; +-use Crypt::URandom(); +-print join('-', unpack("(A4)*", lc encode_base32(Crypt::URandom::urandom(12)))), "\n"; ++openssl rand -base64 12 2>/dev/null && exit 0 ++ ++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 2>/dev/null) && exit 0 ++ ++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base32 2>/dev/null) && exit 0 ++ ++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | hexdump -ve '/1 "%02x"';echo) && exit 0 ++ ++echo "Failed finding 'openssl', 'base64', 'base32', or 'hexdump' tools". ++exit 1 |