summaryrefslogtreecommitdiffstats
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/replace-radsecret.patch38
-rw-r--r--debian/patches/series1
2 files changed, 39 insertions, 0 deletions
diff --git a/debian/patches/replace-radsecret.patch b/debian/patches/replace-radsecret.patch
new file mode 100644
index 0000000..616f6ea
--- /dev/null
+++ b/debian/patches/replace-radsecret.patch
@@ -0,0 +1,38 @@
+Description: replace radsecret with a Bash variant
+ This avoids adding two perl dependencies which are in Universe, and trigger a
+ component mismatch in Ubuntu.
+ .
+ This patch is 3 changes put together:
+ https://github.com/FreeRADIUS/freeradius-server/commit/b77c4e295a55451efea4ff44029a2551c855386c
+ https://github.com/FreeRADIUS/freeradius-server/commit/3d568a74ed566089062ecca635bf0e89a1895346
+ And replacing random with urandom as commented in https://github.com/FreeRADIUS/freeradius-server/pull/5375#issuecomment-2233818142
+ .
+ Discussion in https://github.com/FreeRADIUS/freeradius-server/pull/5375
+Origin: upstream, https://github.com/FreeRADIUS/freeradius-server/commit/b77c4e295a55451efea4ff44029a2551c855386c and others, see description
+Bug-Debian: https://bugs.debian.org/1076458
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/2073269
+Last-Update: 2024-07-17
+
+Index: freeradius/src/main/radsecret
+===================================================================
+--- freeradius.orig/src/main/radsecret 2024-07-17 14:41:42.151818906 -0300
++++ freeradius/src/main/radsecret 2024-07-17 14:42:04.490103653 -0300
+@@ -1,7 +1,14 @@
+-#!/usr/bin/env perl
++#!/bin/sh
+ #
+ # A tool which generates strong shared secrets.
+ #
+-use Convert::Base32;
+-use Crypt::URandom();
+-print join('-', unpack("(A4)*", lc encode_base32(Crypt::URandom::urandom(12)))), "\n";
++openssl rand -base64 12 2>/dev/null && exit 0
++
++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 2>/dev/null) && exit 0
++
++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base32 2>/dev/null) && exit 0
++
++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | hexdump -ve '/1 "%02x"';echo) && exit 0
++
++echo "Failed finding 'openssl', 'base64', 'base32', or 'hexdump' tools".
++exit 1
diff --git a/debian/patches/series b/debian/patches/series
index 5dfbaa2..b367578 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ debian-local/0010-version.c-disable-openssl-version-check.patch
dont-install-tests.diff
snakeoil-certs.diff
fix-parallel-build.patch
+replace-radsecret.patch