Bug#797181: freeradius: packaging 3.0.x
Thanks for the report! On Wed, Oct 26, 2016 at 10:24 AM, Markus Wigge wrote: > Hi, > > first of all: thanks for your great work. > > Now the feedback: > I built the freeradius 3.0.12 packages for jessie on my own based on > your experimental sources. > Over all that worked fine but I needed the debhelper bpo-version. > > The configuration looks unfamiliar but that is I suppose normal for a > major release change and it is well documented upstream. > Yes, the /usr/share/doc/freeradius/NEWS.Debian.gz file contains the appropriate pointers. > > What I am still urgently missing is a working reference documentation on > how to use ntlm_auth with freeradius. > > The samba folks changed the winbindd_privileged socket to 750 so > changing the group on the folder does not change a lot as the group is > not allowed to write to the socket. > > My current solution is an additional sudoers entry like this: > ~# cat /etc/sudoers.d/freerad > > # allow freeradius to access private winbind socket > freerad ALL=(root) NOPASSWD: /usr/bin/ntlm_auth > > And then I prepend "sudo" within the mschap module to the ntlm call. > > Tell me if you prefer other solutions like SUID/SGID bits or something. > Changing the socket permissions dose not work as they are restored on a > winbindd restart. > > But freeradius is not the only software depending on ntlm_auth, so this > should be documented somewhere popular. > Sorry, I have no clue about NTLM. Someone else will need to assist with that. > > The LDAP-Group problems I encountered using 2.x releases are gone so > far, so that I need to stick with 3.x for productional use. > > So from my point: Thumbs up for 3.x packages please try to get them into > the official jessie-backports, I'd be glad. > > Regards, > Markus > -- Best regards, Michael
Bug#797181: freeradius: packaging 3.0.x
Hi, first of all: thanks for your great work. Now the feedback: I built the freeradius 3.0.12 packages for jessie on my own based on your experimental sources. Over all that worked fine but I needed the debhelper bpo-version. The configuration looks unfamiliar but that is I suppose normal for a major release change and it is well documented upstream. What I am still urgently missing is a working reference documentation on how to use ntlm_auth with freeradius. The samba folks changed the winbindd_privileged socket to 750 so changing the group on the folder does not change a lot as the group is not allowed to write to the socket. My current solution is an additional sudoers entry like this: ~# cat /etc/sudoers.d/freerad # allow freeradius to access private winbind socket freerad ALL=(root) NOPASSWD: /usr/bin/ntlm_auth And then I prepend "sudo" within the mschap module to the ntlm call. Tell me if you prefer other solutions like SUID/SGID bits or something. Changing the socket permissions dose not work as they are restored on a winbindd restart. But freeradius is not the only software depending on ntlm_auth, so this should be documented somewhere popular. The LDAP-Group problems I encountered using 2.x releases are gone so far, so that I need to stick with 3.x for productional use. So from my point: Thumbs up for 3.x packages please try to get them into the official jessie-backports, I'd be glad. Regards, Markus
Bug#797181: freeradius: packaging 3.0.x
Hi, Michael Stapelberg writes: > shot and let me know how the package works for you. Any feedback > (whether it’s about success or issues) is welcome. > > I’ll upload to unstable once I got enough success messages. So far, I have gotten 0 success messages and only QA-related error messages. If you care about having FreeRADIUS in Debian, please install the package from experimental and let me know whether it’s working for you. Thanks. -- Best regards, Michael
Bug#797181: freeradius: packaging 3.0.x
Superb! Thanks for your work on this! Christopher On 25 September 2016 at 01:54, Michael Stapelberg wrote: > Hi, > > I’m about to upload FreeRADIUS 3.0.11+dfsg-1 to experimental. Once it > clears NEW (because of the additional binary packages), please give it a > shot and let me know how the package works for you. Any feedback > (whether it’s about success or issues) is welcome. > > I’ll upload to unstable once I got enough success messages. > > Also thanks everyone for the upstream contributions to the debian > packaging. Any further improvements to the package are very welcome, > please submit your patches to the Debian bug tracker. > > PS: If you’re super-eager to check out the package even before it clears > NEW, feel free to build it yourself: > https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/ > > -- > Best regards, > Michael > > -- > To unsubscribe, send mail to 797181-unsubscr...@bugs.debian.org. >
Bug#797181: freeradius: packaging 3.0.x
Hi, I’m about to upload FreeRADIUS 3.0.11+dfsg-1 to experimental. Once it clears NEW (because of the additional binary packages), please give it a shot and let me know how the package works for you. Any feedback (whether it’s about success or issues) is welcome. I’ll upload to unstable once I got enough success messages. Also thanks everyone for the upstream contributions to the debian packaging. Any further improvements to the package are very welcome, please submit your patches to the Debian bug tracker. PS: If you’re super-eager to check out the package even before it clears NEW, feel free to build it yourself: https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/ -- Best regards, Michael
Bug#797181: freeradius: packaging 3.0.x
Dear Wichert, Not that I'm aware of. If you're happy to use a third party repository, you might be interested to know that Inverse Inc. have FreeRADIUS binary packages for Jessie in their repository: http://packetfence.org/downloads/PacketFence/debian/pool/jessie/f/freeradius/ Christopher
Bug#797181: freeradius: packaging 3.0.x
I did start composing a complete DEP-5 debian/copyright file, but it's a big job (grep -r -i copyright | wc -l suggests that there's over 1400 occurrences of the work 'copyright' in the project) so I put it to one side in favour of converting the existing debian/copyright file into a machine readable format (with a comment to say that it's not comprehensive). I could carry on building up that file, but as I'm neither a Debian Maintainer or Developer, I don't know if there's value in me doing that? Christopher On 24 September 2015 at 15:15, Sam Hartman wrote: > > "Mathieu" == Mathieu Simon writes: > > Mathieu> On Wed, 23 Sep 2015 18:04:42 -0400 Sam Hartman < > hartm...@debian.org> wrote: > >> control: tags -1 help > >> > >> The help I would really need is a copyright audit from a debian > >> developer. > >> > >> I don't have time for that myself in the near future. > >> > >> Yes, to be useful it really does need to be from an uploading > >> debian developer.:-( > Mathieu> Skimming through the bug report, I'm maybe missing the > Mathieu> point why a copyright audit is needed from a Debian dev? > > Two reasons. > First, the debian/copyright in the current freeradius packaging is kind > of crufty. > Second, there has been a lot of churn between 2.x and 3.x. > > One of the few parts of uploading a new package to Debian that has to be > handled by a developer--not by a maintainer--is handling of the DFSG > evaluation and license compatibility. > The developer constructs debian/copyright and then the ftpmaster team > reviews debian/copyright against every file in the package. > So, you get at least two people looking very carefully about whether > Debian can legally distribute the package and about whether the package > meets the requirements of the DFSG. > > I think there's been enough time and enough change in Debian's thinking > that we should do a full round of that for FreeRADIUS 3 even if we don't > change the package name. > > I wouldn't personally feel comfortable signing the upload without this. > If there's some other DD who believes that less is required (and if that > DD can convince ftpmaster to go along) I will not stand in the way. > > --Sam > > -- > To unsubscribe, send mail to 797181-unsubscr...@bugs.debian.org. >
Bug#797181: freeradius: packaging 3.0.x
> "Mathieu" == Mathieu Simon writes: Mathieu> On Wed, 23 Sep 2015 18:04:42 -0400 Sam Hartman wrote: >> control: tags -1 help >> >> The help I would really need is a copyright audit from a debian >> developer. >> >> I don't have time for that myself in the near future. >> >> Yes, to be useful it really does need to be from an uploading >> debian developer.:-( Mathieu> Skimming through the bug report, I'm maybe missing the Mathieu> point why a copyright audit is needed from a Debian dev? Two reasons. First, the debian/copyright in the current freeradius packaging is kind of crufty. Second, there has been a lot of churn between 2.x and 3.x. One of the few parts of uploading a new package to Debian that has to be handled by a developer--not by a maintainer--is handling of the DFSG evaluation and license compatibility. The developer constructs debian/copyright and then the ftpmaster team reviews debian/copyright against every file in the package. So, you get at least two people looking very carefully about whether Debian can legally distribute the package and about whether the package meets the requirements of the DFSG. I think there's been enough time and enough change in Debian's thinking that we should do a full round of that for FreeRADIUS 3 even if we don't change the package name. I wouldn't personally feel comfortable signing the upload without this. If there's some other DD who believes that less is required (and if that DD can convince ftpmaster to go along) I will not stand in the way. --Sam
Bug#797181: freeradius: packaging 3.0.x
On Wed, 23 Sep 2015 18:04:42 -0400 Sam Hartman wrote: > control: tags -1 help > > The help I would really need is a copyright audit from a debian > developer. > > I don't have time for that myself in the near future. > > Yes, to be useful it really does need to be from an uploading debian > developer.:-( Skimming through the bug report, I'm maybe missing the point why a copyright audit is needed from a Debian dev? Thanks, also to Christopher Hoskin for the pull requests upstream. (Who have been accepted from what I see, great) -- Mathieu
Bug#797181: freeradius: packaging 3.0.x
control: tags -1 help The help I would really need is a copyright audit from a debian developer. I don't have time for that myself in the near future. Yes, to be useful it really does need to be from an uploading debian developer.:-(
Bug#797181: freeradius: packaging 3.0.x
If it's of help, I've submitted some pull requests upstream to improve their debian folder: https://github.com/FreeRADIUS/freeradius-server/pulls?q=is%3Apr+author%3Amans0954 #1256 is probably the most critical, although that only affects a couple of the optional packages. The rest are mostly about reducing the number of lintian warnings. The HEAD of the v3.1.x branch now builds and installs on Jessie. I didn't see any systemd warnings, and the daemon runs for me. I haven't tried any testing beyond that yet though. I'm assuming that one of the existing maintainers/uploaders will be packaging v3 in due course? Christopher
Bug#797181: freeradius: packaging 3.0.x
Version: 2.2.5+dfsg-0.2 Severity: important >From http://freeradius.org/download.html : 2.2.x Series - EOL The 2.2.x release series is now End Of Life. Only security fixes will be applied to 2.2.x. Users of 2.2.x are encouraged to migrate to the latest 3.0.x series release. 3.0.9+ should also add proper TLS 1.2 support, while current 2.2.5 only supports TLS 1.0: https://community.jisc.ac.uk/groups/eduroam/article/tls-12-and-updated-radius-requirements
Bug#797181: freeradius: packaging 3.0.x
Package: freeradius Version: 3.0.8+git+nmu1 Severity: wishlist Dear Maintainer, please provide a 3.x version if possible - upstream http://freeradius.org/download.html states 3.0.x as stable and 2.x as EOL. Upstream tarball contains a debian builddir, which allows building on jessie. Installation of the generated packages fails partly with some systemd related messages. Will provide more information if needed. Thanks, greetings Hermann -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/16 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages freeradius depends on: ii adduser3.113+nmu3 ii freeradius-common 3.0.8+git+nmu1 ii freeradius-config 3.0.8+git+nmu1 ii libc6 2.19-18 ii libcap21:2.24-8 ii libcurl3-gnutls7.38.0-4+deb8u2 ii libfreeradius3 3.0.8+git+nmu1 ii libgdbm3 1.8.3-13.1 ii libjson-c2 0.11-4 ii libpam0g 1.1.8-3.1 ii libpcre3 2:8.35-3.3 ii libperl5.205.20.2-3+deb8u1 ii libpython2.7 2.7.9-2 ii libreadline6 6.3-8+b3 ii libsqlite3-0 3.8.7.1-1+deb8u1 ii libssl1.0.01.0.1k-3+deb8u1 ii libtalloc2 2.1.1-2 ii libyubikey01.12-2 ii lsb-base 4.1+Debian13+nmu1 ii ssl-cert 1.0.35 Versions of packages freeradius recommends: pn freeradius-utils Versions of packages freeradius suggests: pn freeradius-krb5 ih freeradius-ldap3.0.8+git+nmu1 pn freeradius-mysql pn freeradius-postgresql -- no debconf information