diff options
-rw-r--r-- | recipes-security/freediameter/files/freeDiameter.conf | 250 | ||||
-rw-r--r-- | recipes-security/freediameter/files/init | 160 | ||||
-rw-r--r-- | recipes-security/freediameter/files/no_test_run.patch | 12 | ||||
-rw-r--r-- | recipes-security/freediameter/freediameter_1.2.1.bb | 71 |
4 files changed, 493 insertions, 0 deletions
diff --git a/recipes-security/freediameter/files/freeDiameter.conf b/recipes-security/freediameter/files/freeDiameter.conf new file mode 100644 index 0000000..7b56d74 --- /dev/null +++ b/recipes-security/freediameter/files/freeDiameter.conf | |||
@@ -0,0 +1,250 @@ | |||
1 | # This is a sample configuration file for freeDiameter daemon. | ||
2 | |||
3 | # Most of the options can be omitted, as they default to reasonable values. | ||
4 | # Only TLS-related options must be configured properly in usual setups. | ||
5 | |||
6 | # It is possible to use "include" keyword to import additional files | ||
7 | # e.g.: include "/etc/freeDiameter.d/*.conf" | ||
8 | # This is exactly equivalent as copy & paste the content of the included file(s) | ||
9 | # where the "include" keyword is found. | ||
10 | |||
11 | |||
12 | ############################################################## | ||
13 | ## Peer identity and realm | ||
14 | |||
15 | # The Diameter Identity of this daemon. | ||
16 | # This must be a valid FQDN that resolves to the local host. | ||
17 | # Default: hostname's FQDN | ||
18 | #Identity = "aaa.koganei.freediameter.net"; | ||
19 | |||
20 | # The Diameter Realm of this daemon. | ||
21 | # Default: the domain part of Identity (after the first dot). | ||
22 | #Realm = "koganei.freediameter.net"; | ||
23 | |||
24 | ############################################################## | ||
25 | ## Transport protocol configuration | ||
26 | |||
27 | # The port this peer is listening on for incoming connections (TCP and SCTP). | ||
28 | # Default: 3868. Use 0 to disable. | ||
29 | #Port = 3868; | ||
30 | |||
31 | # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). | ||
32 | # See TLS_old_method for more information about TLS flavours. | ||
33 | # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. | ||
34 | # Default: 5868. Use 0 to disable. | ||
35 | #SecPort = 5868; | ||
36 | |||
37 | # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed | ||
38 | # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the | ||
39 | # CER/CEA exchange on a dedicated secure port. | ||
40 | # This parameter only affects outgoing connections. | ||
41 | # The setting can be also defined per-peer (see Peers configuration section). | ||
42 | # Default: use RFC6733 method with separate port for TLS. | ||
43 | #TLS_old_method; | ||
44 | |||
45 | # Disable use of TCP protocol (only listen and connect over SCTP) | ||
46 | # Default : TCP enabled | ||
47 | #No_TCP; | ||
48 | |||
49 | # Disable use of SCTP protocol (only listen and connect over TCP) | ||
50 | # Default : SCTP enabled | ||
51 | #No_SCTP; | ||
52 | # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. | ||
53 | |||
54 | # Prefer TCP instead of SCTP for establishing new connections. | ||
55 | # This setting may be overwritten per peer in peer configuration blocs. | ||
56 | # Default : SCTP is attempted first. | ||
57 | #Prefer_TCP; | ||
58 | |||
59 | # Default number of streams per SCTP associations. | ||
60 | # This setting may be overwritten per peer basis. | ||
61 | # Default : 30 streams | ||
62 | #SCTP_streams = 30; | ||
63 | |||
64 | ############################################################## | ||
65 | ## Endpoint configuration | ||
66 | |||
67 | # Disable use of IP addresses (only IPv6) | ||
68 | # Default : IP enabled | ||
69 | #No_IP; | ||
70 | |||
71 | # Disable use of IPv6 addresses (only IP) | ||
72 | # Default : IPv6 enabled | ||
73 | #No_IPv6; | ||
74 | |||
75 | # Specify local addresses the server must bind to | ||
76 | # Default : listen on all addresses available. | ||
77 | #ListenOn = "202.249.37.5"; | ||
78 | #ListenOn = "2001:200:903:2::202:1"; | ||
79 | #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; | ||
80 | |||
81 | |||
82 | ############################################################## | ||
83 | ## Server configuration | ||
84 | |||
85 | # How many Diameter peers are allowed to be connecting at the same time ? | ||
86 | # This parameter limits the number of incoming connections from the time | ||
87 | # the connection is accepted until the first CER is received. | ||
88 | # Default: 5 unidentified clients in paralel. | ||
89 | #ThreadsPerServer = 5; | ||
90 | |||
91 | ############################################################## | ||
92 | ## TLS Configuration | ||
93 | |||
94 | # TLS is managed by the GNUTLS library in the freeDiameter daemon. | ||
95 | # You may find more information about parameters and special behaviors | ||
96 | # in the relevant documentation. | ||
97 | # http://www.gnu.org/software/gnutls/manual/ | ||
98 | |||
99 | # Credentials of the local peer | ||
100 | # The X509 certificate and private key file to use for the local peer. | ||
101 | # The files must contain PKCS-1 encoded RSA key, in PEM format. | ||
102 | # (These parameters are passed to gnutls_certificate_set_x509_key_file function) | ||
103 | # Default : NO DEFAULT | ||
104 | #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>"; | ||
105 | #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; | ||
106 | |||
107 | # Certificate authority / trust anchors | ||
108 | # The file containing the list of trusted Certificate Authorities (PEM list) | ||
109 | # (This parameter is passed to gnutls_certificate_set_x509_trust_file function) | ||
110 | # The directive can appear several times to specify several files. | ||
111 | # Default : GNUTLS default behavior | ||
112 | #TLS_CA = "<file.PEM>"; | ||
113 | |||
114 | # Certificate Revocation List file | ||
115 | # The information about revoked certificates. | ||
116 | # The file contains a list of trusted CRLs in PEM format. They should have been verified before. | ||
117 | # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) | ||
118 | # Note: openssl CRL format might have interoperability issue with GNUTLS format. | ||
119 | # Default : GNUTLS default behavior | ||
120 | #TLS_CRL = "<file.PEM>"; | ||
121 | |||
122 | # GNU TLS Priority string | ||
123 | # This string allows to configure the behavior of GNUTLS key exchanges | ||
124 | # algorithms. See gnutls_priority_init function documentation for information. | ||
125 | # You should also refer to the Diameter required TLS support here: | ||
126 | # http://tools.ietf.org/html/rfc6733#section-13.1 | ||
127 | # Default : "NORMAL" | ||
128 | # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; | ||
129 | #TLS_Prio = "NORMAL"; | ||
130 | |||
131 | # Diffie-Hellman parameters size | ||
132 | # Set the number of bits for generated DH parameters | ||
133 | # Valid value should be 768, 1024, 2048, 3072 or 4096. | ||
134 | # (This parameter is passed to gnutls_dh_params_generate2 function, | ||
135 | # it usually should match RSA key size) | ||
136 | # Default : 1024 | ||
137 | #TLS_DH_Bits = 1024; | ||
138 | |||
139 | # Alternatively, you can specify a file to load the PKCS#3 encoded | ||
140 | # DH parameters directly from. This accelerates the daemon start | ||
141 | # but is slightly less secure. If this file is provided, the | ||
142 | # TLS_DH_Bits parameters has no effect. | ||
143 | # Default : no default. | ||
144 | #TLS_DH_File = "<file.PEM>"; | ||
145 | |||
146 | |||
147 | ############################################################## | ||
148 | ## Timers configuration | ||
149 | |||
150 | # The Tc timer of this peer. | ||
151 | # It is the delay before a new attempt is made to reconnect a disconnected peer. | ||
152 | # The value is expressed in seconds. The recommended value is 30 seconds. | ||
153 | # Default: 30 | ||
154 | #TcTimer = 30; | ||
155 | |||
156 | # The Tw timer of this peer. | ||
157 | # It is the delay before a watchdog message is sent, as described in RFC 3539. | ||
158 | # The value is expressed in seconds. The default value is 30 seconds. Value must | ||
159 | # be greater or equal to 6 seconds. See details in the RFC. | ||
160 | # Default: 30 | ||
161 | #TwTimer = 30; | ||
162 | |||
163 | ############################################################## | ||
164 | ## Applications configuration | ||
165 | |||
166 | # Disable the relaying of Diameter messages? | ||
167 | # For messages not handled locally, the default behavior is to forward the | ||
168 | # message to another peer if any is available, according to the routing | ||
169 | # algorithms. In addition the "0xffffff" application is advertised in CER/CEA | ||
170 | # exchanges. | ||
171 | # Default: Relaying is enabled. | ||
172 | #NoRelay; | ||
173 | |||
174 | # Number of server threads that can handle incoming messages at the same time. | ||
175 | # Default: 4 | ||
176 | #AppServThreads = 4; | ||
177 | |||
178 | # Other applications are configured by loaded extensions. | ||
179 | |||
180 | ############################################################## | ||
181 | ## Extensions configuration | ||
182 | |||
183 | # The freeDiameter framework merely provides support for | ||
184 | # Diameter Base Protocol. The specific application behaviors, | ||
185 | # as well as advanced functions, are provided | ||
186 | # by loadable extensions (plug-ins). | ||
187 | # These extensions may in addition receive the name of a | ||
188 | # configuration file, the format of which is extension-specific. | ||
189 | # | ||
190 | # Format: | ||
191 | #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; | ||
192 | # | ||
193 | # Examples: | ||
194 | #LoadExtension = "extensions/sample.fdx"; | ||
195 | #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; | ||
196 | |||
197 | # Extensions are named as follow: | ||
198 | # dict_* for extensions that add content to the dictionary definitions. | ||
199 | # dbg_* for extensions useful only to retrieve more information on the framework execution. | ||
200 | # acl_* : Access control list, to control which peers are allowed to connect. | ||
201 | # rt_* : routing extensions that impact how messages are forwarded to other peers. | ||
202 | # app_* : applications, these extensions usually register callbacks to handle specific messages. | ||
203 | # test_* : dummy extensions that are useful only in testing environments. | ||
204 | |||
205 | |||
206 | # The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some | ||
207 | # information about some events. This extension does not actually use a configuration file | ||
208 | # but receives directly a parameter in the string passed to the extension. Here are some examples: | ||
209 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. | ||
210 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. | ||
211 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. | ||
212 | # The four digits respectively control: connections, routing decisions, sent/received messages, errors. | ||
213 | # The values for each digit are: | ||
214 | # 0 - default - keep the default behavior | ||
215 | # 1 - quiet - remove any specific log | ||
216 | # 2 - compact - display only a summary of the information | ||
217 | # 4 - full - display the complete information on a single long line | ||
218 | # 8 - tree - display the complete information in an easier to read format spanning several lines. | ||
219 | |||
220 | |||
221 | ############################################################## | ||
222 | ## Peers configuration | ||
223 | |||
224 | # The local server listens for incoming connections. By default, | ||
225 | # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). | ||
226 | # | ||
227 | # In addition to incoming connections, the local peer can | ||
228 | # be configured to establish and maintain connections to some | ||
229 | # Diameter nodes and allow connections from these nodes. | ||
230 | # This is achieved with the ConnectPeer directive described below. | ||
231 | # | ||
232 | # Note that the configured Diameter Identity MUST match | ||
233 | # the information received inside CEA, or the connection will be aborted. | ||
234 | # | ||
235 | # Format: | ||
236 | #ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; | ||
237 | # Parameters that can be specified in the peer's parameter list: | ||
238 | # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; | ||
239 | # No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). | ||
240 | # Port = 5868; # The port to connect to | ||
241 | # TcTimer = 30; | ||
242 | # TwTimer = 30; | ||
243 | # ConnectTo = "202.249.37.5"; | ||
244 | # ConnectTo = "2001:200:903:2::202:1"; | ||
245 | # TLS_Prio = "NORMAL"; | ||
246 | # Realm = "realm.net"; # Reject the peer if it does not advertise this realm. | ||
247 | # Examples: | ||
248 | #ConnectPeer = "aaa.wide.ad.jp"; | ||
249 | #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; | ||
250 | ############################################################## | ||
diff --git a/recipes-security/freediameter/files/init b/recipes-security/freediameter/files/init new file mode 100644 index 0000000..7b2a31a --- /dev/null +++ b/recipes-security/freediameter/files/init | |||
@@ -0,0 +1,160 @@ | |||
1 | #! /bin/sh | ||
2 | |||
3 | ### BEGIN INIT INFO | ||
4 | # Provides: freediameter | ||
5 | # Default-Start: 2 3 4 5 | ||
6 | # Default-Stop: 0 1 6 | ||
7 | # Required-Start: $remote_fs $syslog | ||
8 | # Required-Stop: $remote_fs $syslog | ||
9 | # Short-Description: Start freeDiameter daemon at boot time | ||
10 | # Description: Start the freeDiameter daemon at boot time. | ||
11 | # freeDiameter is an extensible implementation of the Diameter protocol, | ||
12 | # designed for Authentication, Authorization and Accounting. Diameter is | ||
13 | # an evolution of the RADIUS protocol. | ||
14 | ### END INIT INFO# | ||
15 | |||
16 | DAEMON=/usr/bin/freeDiameterd | ||
17 | CONF=/etc/freeDiameter/freeDiameter.conf | ||
18 | NAME=freediameter | ||
19 | DESC="freeDiameter daemon" | ||
20 | |||
21 | test -x $DAEMON || exit 0 | ||
22 | |||
23 | LOGDIR=/var/log/freediameter | ||
24 | PIDFILE=/var/run/$NAME.pid | ||
25 | DODTIME=30 # Time to wait for the server to die, in seconds | ||
26 | # The value is high because we wait for STA answers | ||
27 | # before disconnecting the peers. | ||
28 | |||
29 | # Include freediameter defaults if available | ||
30 | if [ -f /etc/default/freediameter ] ; then | ||
31 | . /etc/default/freediameter | ||
32 | fi | ||
33 | |||
34 | test x"" != x$DAEMON_OPTS || test -f $CONF || exit 0 | ||
35 | |||
36 | set -e | ||
37 | |||
38 | running_pid() | ||
39 | { | ||
40 | # Check if a given process pid's cmdline matches a given name | ||
41 | pid=$1 | ||
42 | name=$2 | ||
43 | [ -z "$pid" ] && return 1 | ||
44 | [ ! -d /proc/$pid ] && return 1 | ||
45 | cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` | ||
46 | # Is this the expected child? | ||
47 | [ "$cmd" != "$name" ] && return 1 | ||
48 | return 0 | ||
49 | } | ||
50 | |||
51 | running() | ||
52 | { | ||
53 | # Check if the process is running looking at /proc | ||
54 | # (works for all users) | ||
55 | |||
56 | # No pidfile, probably no daemon present | ||
57 | [ ! -f "$PIDFILE" ] && return 1 | ||
58 | # Obtain the pid and check it against the binary name | ||
59 | pid=`cat $PIDFILE` | ||
60 | running_pid $pid $DAEMON || return 1 | ||
61 | return 0 | ||
62 | } | ||
63 | |||
64 | force_stop() { | ||
65 | # Forcefully kill the process | ||
66 | [ ! -f "$PIDFILE" ] && return | ||
67 | if running ; then | ||
68 | kill -15 $pid | ||
69 | # Is it really dead? | ||
70 | [ -n "$DODTIME" ] && sleep "$DODTIME"s | ||
71 | if running ; then | ||
72 | kill -9 $pid | ||
73 | [ -n "$DODTIME" ] && sleep "$DODTIME"s | ||
74 | if running ; then | ||
75 | echo "Cannot kill $LABEL (pid=$pid)!" | ||
76 | exit 1 | ||
77 | fi | ||
78 | fi | ||
79 | fi | ||
80 | rm -f $PIDFILE | ||
81 | return 0 | ||
82 | } | ||
83 | |||
84 | case "$1" in | ||
85 | start) | ||
86 | echo -n "Starting $DESC: " | ||
87 | start-stop-daemon --start --quiet --pidfile $PIDFILE \ | ||
88 | --exec $DAEMON -- $DAEMON_OPTS | ||
89 | if running ; then | ||
90 | echo "$NAME." | ||
91 | else | ||
92 | echo " ERROR." | ||
93 | fi | ||
94 | ;; | ||
95 | stop) | ||
96 | echo -n "Stopping $DESC: " | ||
97 | start-stop-daemon --stop --quiet --pidfile $PIDFILE \ | ||
98 | --exec $DAEMON | ||
99 | echo "$NAME." | ||
100 | ;; | ||
101 | force-stop) | ||
102 | echo -n "Forcefully stopping $DESC: " | ||
103 | force_stop | ||
104 | if ! running ; then | ||
105 | echo "$NAME." | ||
106 | else | ||
107 | echo " ERROR." | ||
108 | fi | ||
109 | ;; | ||
110 | #reload) | ||
111 | # | ||
112 | # If the daemon can reload its config files on the fly | ||
113 | # for example by sending it SIGHUP, do it here. | ||
114 | # | ||
115 | # If the daemon responds to changes in its config file | ||
116 | # directly anyway, make this a do-nothing entry. | ||
117 | # | ||
118 | # echo "Reloading $DESC configuration files." | ||
119 | # start-stop-daemon --stop --signal 1 --quiet --pidfile \ | ||
120 | # /var/run/$NAME.pid --exec $DAEMON | ||
121 | #;; | ||
122 | force-reload) | ||
123 | # | ||
124 | # If the "reload" option is implemented, move the "force-reload" | ||
125 | # option to the "reload" entry above. If not, "force-reload" is | ||
126 | # just the same as "restart" except that it does nothing if the | ||
127 | # daemon isn't already running. | ||
128 | # check wether $DAEMON is running. If so, restart | ||
129 | start-stop-daemon --stop --test --quiet --pidfile \ | ||
130 | /var/run/$NAME.pid --exec $DAEMON \ | ||
131 | && $0 restart \ | ||
132 | || exit 0 | ||
133 | ;; | ||
134 | restart) | ||
135 | echo -n "Restarting $DESC: " | ||
136 | start-stop-daemon --stop --quiet --pidfile \ | ||
137 | /var/run/$NAME.pid --exec $DAEMON | ||
138 | [ -n "$DODTIME" ] && sleep $DODTIME | ||
139 | start-stop-daemon --start --quiet --pidfile \ | ||
140 | /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS | ||
141 | echo "$NAME." | ||
142 | ;; | ||
143 | status) | ||
144 | echo -n "$LABEL is " | ||
145 | if running ; then | ||
146 | echo "running" | ||
147 | else | ||
148 | echo " not running." | ||
149 | exit 1 | ||
150 | fi | ||
151 | ;; | ||
152 | *) | ||
153 | N=/etc/init.d/$NAME | ||
154 | # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 | ||
155 | echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2 | ||
156 | exit 1 | ||
157 | ;; | ||
158 | esac | ||
159 | |||
160 | exit 0 | ||
diff --git a/recipes-security/freediameter/files/no_test_run.patch b/recipes-security/freediameter/files/no_test_run.patch new file mode 100644 index 0000000..8b5aa64 --- /dev/null +++ b/recipes-security/freediameter/files/no_test_run.patch | |||
@@ -0,0 +1,12 @@ | |||
1 | Index: freeDiameter-8662db9f6105/tests/CMakeLists.txt | ||
2 | =================================================================== | ||
3 | --- freeDiameter-8662db9f6105.orig/tests/CMakeLists.txt | ||
4 | +++ freeDiameter-8662db9f6105/tests/CMakeLists.txt | ||
5 | @@ -107,7 +107,6 @@ ENDIF(BUILD_APP_ACCT OR ALL_EXTENSIONS) | ||
6 | FOREACH( TEST ${TEST_LIST} ) | ||
7 | ADD_EXECUTABLE(${TEST} ${TEST}.c tests.h ${${TEST}_ADDITIONAL}) | ||
8 | TARGET_LINK_LIBRARIES(${TEST} libfdproto libfdcore ${GNUTLS_LIBRARIES} ${GCRYPT_LIBRARY} ${${TEST}_ADDITIONAL_LIB}) | ||
9 | - ADD_TEST(${TEST} ${EXECUTABLE_OUTPUT_PATH}/${TEST} ${TEST_ARGUMENTS}) | ||
10 | ENDFOREACH( TEST ) | ||
11 | |||
12 | |||
diff --git a/recipes-security/freediameter/freediameter_1.2.1.bb b/recipes-security/freediameter/freediameter_1.2.1.bb new file mode 100644 index 0000000..a6083a8 --- /dev/null +++ b/recipes-security/freediameter/freediameter_1.2.1.bb | |||
@@ -0,0 +1,71 @@ | |||
1 | # copyright 2017 Armin Kuster <akuster808@gmail.com> | ||
2 | # | ||
3 | |||
4 | SUMARRY = "freeDiameter is a implementation of the Diameter protocol specified in RFC3588. Diameter is a protocol for carrying Authentication, Authorization and Accounting information." | ||
5 | |||
6 | HOMEPAGE = "http://www.freediameter.net/trac/" | ||
7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=892b2ed6ae815488a08416ff7ee74a35" | ||
8 | LICENSE = "BSD" | ||
9 | |||
10 | DEPENDS = "lksctp-tools libidn gnutls libgcrypt bison flex" | ||
11 | |||
12 | HG_SRCREV = "8662db9f6105" | ||
13 | SRC_URI = " \ | ||
14 | http://www.freediameter.net/hg/freeDiameter/archive/${HG_SRCREV}.tar.bz2 \ | ||
15 | file://init \ | ||
16 | file://freeDiameter.conf \ | ||
17 | file://no_test_run.patch" | ||
18 | |||
19 | SRC_URI[md5sum] = "2fbf09aa1e0eba9ae0b5f1ab05a6d462" | ||
20 | SRC_URI[sha256sum] = "061d9b0d860605f0838c0ab312c3719f45b215bf5e212ad2b45a59d036b670b7" | ||
21 | |||
22 | S = "${WORKDIR}/freeDiameter-${HG_SRCREV}" | ||
23 | |||
24 | inherit cmake pkgconfig update-rc.d | ||
25 | |||
26 | CONFFILES_${PN} = "${sysconfdir}/freediameter.conf" | ||
27 | |||
28 | EXTRA_OECMAKE += "-DDEFAULT_CONF_PATH:PATH=${sysconfdir}/freeDiameter" | ||
29 | |||
30 | FD_KEY ?="${PN}.key" | ||
31 | FD_PEM ?= "${PN}.pem" | ||
32 | FD_CA ?= "${PN}.pem" | ||
33 | FD_DH_PEM ?= "${PN}-dh.pem" | ||
34 | FD_HOSTNAME ?= "${MACHINE}" | ||
35 | FD_REALM ?= "openembedded.org" | ||
36 | |||
37 | do_install_append () { | ||
38 | install -d ${D}${sysconfdir}/freeDiameter | ||
39 | install ${WORKDIR}/freeDiameter.conf ${D}${sysconfdir}/freeDiameter/freeDiameter.conf | ||
40 | |||
41 | cat >> ${D}${sysconfdir}/freeDiameter/freeDiameter.conf <<EOF | ||
42 | ## OE specific ## | ||
43 | #Identity="${FD_HOSTNAME}"; | ||
44 | Identity = "${FD_HOSTNAME}.${FD_REALM}"; | ||
45 | Realm = "${FD_REALM}"; | ||
46 | Port = 30868; | ||
47 | SecPort = 30869; | ||
48 | TLS_Cred = "/etc/freeDiameter/${FD_PEM}" , "/etc/freeDiameter/${FD_KEY}"; | ||
49 | TLS_CA = "/etc/freeDiameter/${FD_CA}"; | ||
50 | TLS_DH_File = "/etc/freeDiameter/${FD_DH_PEM}"; | ||
51 | EOF | ||
52 | install -d ${D}${sysconfdir}/init.d/ | ||
53 | install ${WORKDIR}/init ${D}${sysconfdir}/init.d/freediameter | ||
54 | } | ||
55 | |||
56 | do_install_append () { | ||
57 | # create self cert | ||
58 | openssl req -x509 -config ${STAGING_DIR_NATIVE}/etc/ssl/openssl.cnf -newkey rsa:4096 -sha256 -nodes -out ${D}${sysconfdir}/freeDiameter/${FD_PEM} -keyout ${D}${sysconfdir}/freeDiameter/${FD_KEY} -days 3650 -subj '/CN=${FD_HOSTNAME}.${FD_REALM}' | ||
59 | openssl dhparam -out ${D}${sysconfdir}/freeDiameter/${FD_DH_PEM} 1024 | ||
60 | } | ||
61 | |||
62 | PACKAGES += "${PN}-extensions" | ||
63 | FILES_${PN}-extensions = "${nonarch_libdir}/freeDiameter/*.fdx" | ||
64 | |||
65 | INITSCRIPT_PACKAGES = "${PN}" | ||
66 | INITSCRIPT_NAME_${PN} = "freediameter" | ||
67 | INITSCRIPT_PARAMS_${PN} = "defaults 80" | ||
68 | |||
69 | RDEPENDS_${PN} = "openssl openssl-conf openssl-engines" | ||
70 | RDEPENDS_${PN} += "kernel-module-tipc kernel-module-sctp" | ||
71 | RDEPENDS_${PN} += "kernel-module-udp-tunnel kernel-module-ipip" | ||