freeradius: fix the occasional verification failure

Fixes: # cd /etc/raddb/certs # ./bootstrap [snip] chmod g+r ca.key openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever' chmod g+r server.pem C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org error 7 at 0 depth lookup: certificate signature failure 140066667427072:error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus:../openssl-1.1.1g/crypto/rsa/rsa_ossl.c:553: 140066667427072:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../openssl-1.1.1g/crypto/asn1/a_verify.c:170: error server.pem: verification failed make: *** [Makefile:107: server.vrfy] Error 2 It seems the ca.pem mismatchs server.pem which results in failing to execute "openssl verify -CAfile ca.pem server.pem", so add the logic to check the file to avoid inconsistency. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Mingli Yu <mingli.yu@windriver.com> 2020-08-05 15:45:50 +0800
committer: Khem Raj <raj.khem@gmail.com> 2020-08-05 10:02:11 -0700
commit: 52f5141109fae5f49c5a7334e9ded2b028e16cf6 (patch)
tree: 03dc451b9536fcf030ee79723d979147875641cf
parent: 532038dfbce07ccc141dccde891e1040005c7eb0 (diff)
download: meta-openembedded-52f5141109fae5f49c5a7334e9ded2b028e16cf6.tar.gz
2 files changed, 136 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch
new file mode 100644
index 0000000000..dce0427e1a
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch
@@ -0,0 +1,135 @@
+From 3eda5d35fbaf66ed6bdc86ada4320a0a18681b7e Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Wed, 5 Aug 2020 07:23:11 +0000
+Subject: [PATCH] raddb/certs/Makefile: fix the occasional verification failure
+Fixes:
+  # cd /etc/raddb/certs
+  # ./bootstrap
+[snip]
+chmod g+r ca.key
+openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever'
+chmod g+r server.pem
+C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org
+error 7 at 0 depth lookup: certificate signature failure
+140066667427072:error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus:../openssl-1.1.1g/crypto/rsa/rsa_ossl.c:553:
+140066667427072:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../openssl-1.1.1g/crypto/asn1/a_verify.c:170:
+error server.pem: verification failed
+make: *** [Makefile:107: server.vrfy] Error 2
+It seems the ca.pem mismatchs server.pem which results in failing to
+execute "openssl verify -CAfile ca.pem server.pem", so add to check
+the file to avoid inconsistency.
+Upstream-Status: Pending
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ raddb/certs/Makefile | 30 +++++++++++++++---------------
+ 1 file changed, 15 insertions(+), 15 deletions(-)
+diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
+index 77eec9baa1..3dcb63fe71 100644
+--- a/raddb/certs/Makefile
+++ b/raddb/certs/Makefile
+@@ -59,7 +59,7 @@ passwords.mk: server.cnf ca.cnf client.cnf inner-server.cnf
+ #
+ ######################################################################
+ dh:
+-       $(OPENSSL) dhparam -out dh -2 $(DH_KEY_SIZE)
+       @[ -f dh ] || $(OPENSSL) dhparam -out dh -2 $(DH_KEY_SIZE)
+ 
+ ######################################################################
+ #
+@@ -69,17 +69,17 @@ dh:
+ ca.key ca.pem: ca.cnf
+        @[ -f index.txt ] || $(MAKE) index.txt
+        @[ -f serial ] || $(MAKE) serial
+-       $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
+       @[ -f ca.pem ] || $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
+                -days $(CA_DEFAULT_DAYS) -config ./ca.cnf \
+                -passin pass:$(PASSWORD_CA) -passout pass:$(PASSWORD_CA)
+        chmod g+r ca.key
+ 
+ ca.der: ca.pem
+-       $(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der
+       @[ -f ca.der ] || $(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der
+ 
+ ca.crl: ca.pem
+-       $(OPENSSL) ca -gencrl -keyfile ca.key -cert ca.pem -config ./ca.cnf -out ca-crl.pem -key $(PASSWORD_CA)
+-       $(OPENSSL) crl -in ca-crl.pem -outform der -out ca.crl
+       @[ -f ca-crl.pem ] || $(OPENSSL) ca -gencrl -keyfile ca.key -cert ca.pem -config ./ca.cnf -out ca-crl.pem -key $(PASSWORD_CA)
+       @[ -f ca.crl ] || $(OPENSSL) crl -in ca-crl.pem -outform der -out ca.crl
+        rm ca-crl.pem
+ 
+ ######################################################################
+@@ -88,18 +88,18 @@ ca.crl: ca.pem
+ #
+ ######################################################################
+ server.csr server.key: server.cnf
+-       $(OPENSSL) req -new  -out server.csr -keyout server.key -config ./server.cnf
+       @[ -f server.csr ] || $(OPENSSL) req -new  -out server.csr -keyout server.key -config ./server.cnf
+        chmod g+r server.key
+ 
+ server.crt: server.csr ca.key ca.pem
+        @[ -f server.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr  -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf
+ 
+ server.p12: server.crt
+-       $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12  -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
+       @[ -f server.p12 ] || $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12  -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
+        chmod g+r server.p12
+ 
+ server.pem: server.p12
+-       $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
+       @[ -f server.pem ] || $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
+        chmod g+r server.pem
+ 
+ .PHONY: server.vrfy
+@@ -113,18 +113,18 @@ server.vrfy: ca.pem
+ #
+ ######################################################################
+ client.csr client.key: client.cnf
+-       $(OPENSSL) req -new  -out client.csr -keyout client.key -config ./client.cnf
+       @[ -f client.csr ] || $(OPENSSL) req -new  -out client.csr -keyout client.key -config ./client.cnf
+        chmod g+r client.key
+ 
+ client.crt: client.csr ca.pem ca.key
+        @[ -f client.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr  -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
+ 
+ client.p12: client.crt
+-       $(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12  -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
+       @[ -f client.p12 ] || $(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12  -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
+        chmod g+r client.p12
+ 
+ client.pem: client.p12
+-       $(OPENSSL) pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
+       @[ -f client.pem ] || $(OPENSSL) pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
+        chmod g+r client.pem
+        cp client.pem $(USER_NAME).pem
+ 
+@@ -139,18 +139,18 @@ client.vrfy: ca.pem client.pem
+ #
+ ######################################################################
+ inner-server.csr inner-server.key: inner-server.cnf
+-       $(OPENSSL) req -new  -out inner-server.csr -keyout inner-server.key -config ./inner-server.cnf
+       @[ -f inner-server.csr] || $(OPENSSL) req -new  -out inner-server.csr -keyout inner-server.key -config ./inner-server.cnf
+        chmod g+r inner-server.key
+ 
+ inner-server.crt: inner-server.csr ca.key ca.pem
+-       $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in inner-server.csr  -key $(PASSWORD_CA) -out inner-server.crt -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf
+       @[ -f inner-server.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in inner-server.csr  -key $(PASSWORD_CA) -out inner-server.crt -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf
+ 
+ inner-server.p12: inner-server.crt
+-       $(OPENSSL) pkcs12 -export -in inner-server.crt -inkey inner-server.key -out inner-server.p12  -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
+       @[ -f inner-server.p12 ] || $(OPENSSL) pkcs12 -export -in inner-server.crt -inkey inner-server.key -out inner-server.p12  -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
+        chmod g+r inner-server.p12
+ 
+ inner-server.pem: inner-server.p12
+-       $(OPENSSL) pkcs12 -in inner-server.p12 -out inner-server.pem -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
+       @[ -f inner-server.pem ] || $(OPENSSL) pkcs12 -in inner-server.p12 -out inner-server.pem -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
+        chmod g+r inner-server.pem
+ 
+ .PHONY: inner-server.vrfy
+-- 
+2.26.2
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb
index d2046d72eb..2c39c4c443 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb
@@ -28,6 +28,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0
    file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \
    file://0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch \
    file://0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch \
+    file://0001-raddb-certs-Makefile-fix-the-occasional-verification.patch \
    file://radiusd.service \
    file://radiusd-volatiles.conf \
 "
author	Mingli Yu <mingli.yu@windriver.com>	2020-08-05 15:45:50 +0800
committer	Khem Raj <raj.khem@gmail.com>	2020-08-05 10:02:11 -0700
commit	52f5141109fae5f49c5a7334e9ded2b028e16cf6 (patch)
tree	03dc451b9536fcf030ee79723d979147875641cf
parent	532038dfbce07ccc141dccde891e1040005c7eb0 (diff)
download	meta-openembedded-52f5141109fae5f49c5a7334e9ded2b028e16cf6.tar.gz

diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch new file mode 100644 index 0000000000..dce0427e1a --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch
@@ -0,0 +1,135 @@
		1	From 3eda5d35fbaf66ed6bdc86ada4320a0a18681b7e Mon Sep 17 00:00:00 2001
		2	From: Mingli Yu <mingli.yu@windriver.com>
		3	Date: Wed, 5 Aug 2020 07:23:11 +0000
		4	Subject: [PATCH] raddb/certs/Makefile: fix the occasional verification failure
		5
		6	Fixes:
		7	# cd /etc/raddb/certs
		8	# ./bootstrap
		9	[snip]
		10	chmod g+r ca.key
		11	openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever'
		12	chmod g+r server.pem
		13	C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org
		14	error 7 at 0 depth lookup: certificate signature failure
		15	140066667427072:error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus:../openssl-1.1.1g/crypto/rsa/rsa_ossl.c:553:
		16	140066667427072:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../openssl-1.1.1g/crypto/asn1/a_verify.c:170:
		17	error server.pem: verification failed
		18	make: *** [Makefile:107: server.vrfy] Error 2
		19
		20	It seems the ca.pem mismatchs server.pem which results in failing to
		21	execute "openssl verify -CAfile ca.pem server.pem", so add to check
		22	the file to avoid inconsistency.
		23
		24	Upstream-Status: Pending
		25
		26	Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
		27	---
		28	raddb/certs/Makefile \| 30 +++++++++++++++---------------
		29	1 file changed, 15 insertions(+), 15 deletions(-)
		30
		31	diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
		32	index 77eec9baa1..3dcb63fe71 100644
		33	--- a/raddb/certs/Makefile
		34	+++ b/raddb/certs/Makefile
		35	@@ -59,7 +59,7 @@ passwords.mk: server.cnf ca.cnf client.cnf inner-server.cnf
		36	#
		37	######################################################################
		38	dh:
		39	- $(OPENSSL) dhparam -out dh -2 $(DH_KEY_SIZE)
		40	+ @[ -f dh ] \|\| $(OPENSSL) dhparam -out dh -2 $(DH_KEY_SIZE)
		41
		42	######################################################################
		43	#
		44	@@ -69,17 +69,17 @@ dh:
		45	ca.key ca.pem: ca.cnf
		46	@[ -f index.txt ] \|\| $(MAKE) index.txt
		47	@[ -f serial ] \|\| $(MAKE) serial
		48	- $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
		49	+ @[ -f ca.pem ] \|\| $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
		50	-days $(CA_DEFAULT_DAYS) -config ./ca.cnf \
		51	-passin pass:$(PASSWORD_CA) -passout pass:$(PASSWORD_CA)
		52	chmod g+r ca.key
		53
		54	ca.der: ca.pem
		55	- $(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der
		56	+ @[ -f ca.der ] \|\| $(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der
		57
		58	ca.crl: ca.pem
		59	- $(OPENSSL) ca -gencrl -keyfile ca.key -cert ca.pem -config ./ca.cnf -out ca-crl.pem -key $(PASSWORD_CA)
		60	- $(OPENSSL) crl -in ca-crl.pem -outform der -out ca.crl
		61	+ @[ -f ca-crl.pem ] \|\| $(OPENSSL) ca -gencrl -keyfile ca.key -cert ca.pem -config ./ca.cnf -out ca-crl.pem -key $(PASSWORD_CA)
		62	+ @[ -f ca.crl ] \|\| $(OPENSSL) crl -in ca-crl.pem -outform der -out ca.crl
		63	rm ca-crl.pem
		64
		65	######################################################################
		66	@@ -88,18 +88,18 @@ ca.crl: ca.pem
		67	#
		68	######################################################################
		69	server.csr server.key: server.cnf
		70	- $(OPENSSL) req -new -out server.csr -keyout server.key -config ./server.cnf
		71	+ @[ -f server.csr ] \|\| $(OPENSSL) req -new -out server.csr -keyout server.key -config ./server.cnf
		72	chmod g+r server.key
		73
		74	server.crt: server.csr ca.key ca.pem
		75	@[ -f server.crt ] \|\| $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf
		76
		77	server.p12: server.crt
		78	- $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
		79	+ @[ -f server.p12 ] \|\| $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
		80	chmod g+r server.p12
		81
		82	server.pem: server.p12
		83	- $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
		84	+ @[ -f server.pem ] \|\| $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
		85	chmod g+r server.pem
		86
		87	.PHONY: server.vrfy
		88	@@ -113,18 +113,18 @@ server.vrfy: ca.pem
		89	#
		90	######################################################################
		91	client.csr client.key: client.cnf
		92	- $(OPENSSL) req -new -out client.csr -keyout client.key -config ./client.cnf
		93	+ @[ -f client.csr ] \|\| $(OPENSSL) req -new -out client.csr -keyout client.key -config ./client.cnf
		94	chmod g+r client.key
		95
		96	client.crt: client.csr ca.pem ca.key
		97	@[ -f client.crt ] \|\| $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
		98
		99	client.p12: client.crt
		100	- $(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
		101	+ @[ -f client.p12 ] \|\| $(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
		102	chmod g+r client.p12
		103
		104	client.pem: client.p12
		105	- $(OPENSSL) pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
		106	+ @[ -f client.pem ] \|\| $(OPENSSL) pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
		107	chmod g+r client.pem
		108	cp client.pem $(USER_NAME).pem
		109
		110	@@ -139,18 +139,18 @@ client.vrfy: ca.pem client.pem
		111	#
		112	######################################################################
		113	inner-server.csr inner-server.key: inner-server.cnf
		114	- $(OPENSSL) req -new -out inner-server.csr -keyout inner-server.key -config ./inner-server.cnf
		115	+ @[ -f inner-server.csr] \|\| $(OPENSSL) req -new -out inner-server.csr -keyout inner-server.key -config ./inner-server.cnf
		116	chmod g+r inner-server.key
		117
		118	inner-server.crt: inner-server.csr ca.key ca.pem
		119	- $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in inner-server.csr -key $(PASSWORD_CA) -out inner-server.crt -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf
		120	+ @[ -f inner-server.crt ] \|\| $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in inner-server.csr -key $(PASSWORD_CA) -out inner-server.crt -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf
		121
		122	inner-server.p12: inner-server.crt
		123	- $(OPENSSL) pkcs12 -export -in inner-server.crt -inkey inner-server.key -out inner-server.p12 -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
		124	+ @[ -f inner-server.p12 ] \|\| $(OPENSSL) pkcs12 -export -in inner-server.crt -inkey inner-server.key -out inner-server.p12 -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
		125	chmod g+r inner-server.p12
		126
		127	inner-server.pem: inner-server.p12
		128	- $(OPENSSL) pkcs12 -in inner-server.p12 -out inner-server.pem -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
		129	+ @[ -f inner-server.pem ] \|\| $(OPENSSL) pkcs12 -in inner-server.p12 -out inner-server.pem -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
		130	chmod g+r inner-server.pem
		131
		132	.PHONY: inner-server.vrfy
		133	--
		134	2.26.2
		135


diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb index d2046d72eb..2c39c4c443 100644 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb
@@ -28,6 +28,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0
28	file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \	28	file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \
29	file://0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch \	29	file://0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch \
30	file://0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch \	30	file://0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch \
		31	file://0001-raddb-certs-Makefile-fix-the-occasional-verification.patch \
31	file://radiusd.service \	32	file://radiusd.service \
32	file://radiusd-volatiles.conf \	33	file://radiusd-volatiles.conf \
33	"	34	"