On Wed, Oct 14, 2009 at 07:07:59PM +0100, Alan Buxey wrote: > Hi, Hello Alan, thanks for the response.
> > > I have a question regarding bootstrapping default certificates using > > bootstrap script in raddb/certs directory. > > Ideally once you've used the bootstrap you would remove the script that > makes them from the eap.conf and then thats done. > > even better, you dont use the boostrap script at all and instead install > a proper CA, server.crt file etc > > the boostrap is really only there to get a test server up and running > quickly - you wouldnt want a snakeoil and very low timescale certificate > to be used in production :-) I completely agree with you. However, there is still an issue that bootstrap script does IMHO something different than what is described in the README. To be more specific: I work on packaging freeradius server RPM. The README explictly states that "This bootstrap script SHOULD be run on installation of any pre-built binary package for your OS." I understand that it should be ran automatically in the %post section, like in the suse spec file included in the tarball. This leads to two problems: - if the user runs bootstrap script manually after installation, the certificates get corrupted - if the user performs upgrade of the package, the certificates get corrupted - this is worse than the first problem, since the user might already have his 'production' certificates installed. So I suggest either to 1) do not recommend running the bootstrap script automatically and force the user to run it manually or 2) fix the bootstrap script and/or Makefile to do nothing if the required files already exist. -- Best regards / s pozdravem Petr Uzel, openSUSE Boosters Team ----------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: pu...@suse.cz Lihovarská 1060/12 http://www.suse.cz 190 00 Prague 9, CR
pgpZUGX0BQGOp.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html