Description of problem: | $ rpm -qlpv /tmp/freeradius-2.0.2-2.fc9.i386.rpm | drwxr-x--- 2 mockbuilradiusd 0 Mar 18 18:17 /etc/raddb | drwxr-x--- 2 mockbuilradiusd 0 Mar 18 18:17 /etc/raddb/certs | ... This can become a security problem when 'mockbuild' user exists in the system. It is caused by | %attr(640,-,radiusd) ~ like tags. Version-Release number of selected component (if applicable): freeradius-2.0.2-2
Thank you Enrico for reporting this, I'll fix it immediately. The new 2.x version of FreeRADIUS had a lot of changes and although I "ported" the spec file to upgrade to the new version I never had a chance to actually test the result and carefully go over it, something I wanted to do before building it into rawhide. In the interim someone else did build it into rawhide which I was surprised by. So, I'm wondering, have you exercised the package and if so do you have any other feedback?
I like the new packaging concept as it helps to slim down dependencies. After first installation (of only the base package), I got an error due to a missing database (mysql???) configuration file which is included by the default configuration but shipped in a subpackage. Then, I dislike the 'Requires: net-snmp net-snmp-utils' because it adds an heavy dependency tree (perl). Some other notes: * '%files utils' is missing %defattr() * are all the explicit | Requires: krb5-libs | Requires: python-libs | Requires: perl-libs really needed? Usually, they are deprecated as rpm generates them automatically. * are | Requires: mysql | Requires: openldap really needed? These packages contain management utilities for the databases, but freeradius needs only the libs (afais) * to prevent version mix between the various subpackages, I would add some explicit | Requires: %name-libs = %version-%release to (all?) subpackages. * I would write | BuildRequires: /usr/bin/perlcc instead of | BuildRequires: perl-devel to make it build both on e.g. RHEL5 and F8+ * CVS tree needs some cleanup of old patches
*** Bug 442696 has been marked as a duplicate of this bug. ***
I incorporated several of your suggestions, thank you. At the same time the package was upgraded to the current 2.0.3 upstream. MySQL, Postgresql, & LDAP were further factored out in the dialup-admin package.
*** Bug 446597 has been marked as a duplicate of this bug. ***
freeradius-2.0.3-2.fc9 has been submitted as an update for Fedora 9
freeradius-2.0.3-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
I would say that the problem still persist - only slightly changed. Please reopen. [root@localhost ~]# rpm -ihv freeradius-2.0.3-3.fc9.i386.rpm Preparing... ########################################### [100%] 1:freeradius warning: group radiusd does not exist - using root ... warning: user radiusd does not exist - using root warning: group radiusd does not exist - using root /bin/chown: invalid user: `radiusd.radiusd' I can see that preinstall says to create the radiusd user and group, and if it worked I assume that the problem would be solved. If the user and group exists before installing then it will succeed. User creation in preinstall has been totally muted with "> /dev/null 2>&1 || :", so I can't see how/why it failed - or if it was run at all. I would say that user creation shouldn't be muted; I wan't to know when something goes wrong. And useradd is quiet on success. The packaging guidelines might however say something different... Another explanation could be that rpm for some reason doesn't run the preinstall script...