diff options
-rw-r--r-- | debian/changelog | 8 | ||||
-rw-r--r-- | debian/dev | 0 | ||||
-rw-r--r-- | debian/freeipa-helper+devuan.dsc (renamed from debian/freeipa-helper_devuan.dsc) | 4 | ||||
-rwxr-xr-x | debian/make-dsc-for-obs.sh | 10 | ||||
-rwxr-xr-x | debian/rules | 6 | ||||
-rw-r--r-- | src/Makefile | 5 | ||||
-rwxr-xr-x | src/usr/sbin/freeipa-helper-post-install | 7 | ||||
-rw-r--r-- | src/usr/share/freeipa-helper/sssd.conf.in | 36 |
8 files changed, 71 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog index 54d2d86..e845b95 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +freeipa-helper (0.0.2-1+devuan) obs; urgency=medium + + * Fix post-install needs to chmod 0600 sssd.conf + [#1](https://gitlab.com/bgstack15/freeipa-helper/-/issues/1) + * Add sssd.conf template + + -- Ben Stack <bgstack15@gmail.com> Mon, 23 Mar 2020 16:25:09 -0400 + freeipa-helper (0.0.1-1+devuan) obs; urgency=low * Initial release. diff --git a/debian/dev b/debian/dev new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/debian/dev diff --git a/debian/freeipa-helper_devuan.dsc b/debian/freeipa-helper+devuan.dsc index 0b8e86b..521b32f 100644 --- a/debian/freeipa-helper_devuan.dsc +++ b/debian/freeipa-helper+devuan.dsc @@ -2,7 +2,7 @@ Format: 3.0 (quilt) Source: freeipa-helper Binary: freeipa-helper Architecture: all -Version: 0.0.1-1+devuan +Version: 0.0.2-1+devuan Maintainer: Ben Stack <bgstack15@gmail.com> Homepage: https://gitlab.com/bgstack15/freeipa-helper Standards-Version: 4.1.4 @@ -11,4 +11,4 @@ Package-List: freeipa-helper deb net optional arch=all Files: 00000000000000000000000000000000 1 freeipa-helper.orig.tar.gz - 00000000000000000000000000000000 1 freeipa-helper_devuan.debian.tar.xz + 00000000000000000000000000000000 1 freeipa-helper+devuan.debian.tar.xz diff --git a/debian/make-dsc-for-obs.sh b/debian/make-dsc-for-obs.sh new file mode 100755 index 0000000..da1c0b7 --- /dev/null +++ b/debian/make-dsc-for-obs.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# Goal: convert the fresh dsc file to a generic one for obs that omits version and checksum info on filenames +# Use in debian/rules: +# APPNAME=name-of-binary-package +# override_dh_auto_build: +# dh_auto_build +# sh debian/make-dsc-for-obs.sh +tf="../$( find .. -maxdepth 1 -name "${APPNAME}_*dsc" -printf '%T@ %f\n' | sort | tail -n1 | awk '{print $NF}' )" +of="debian/$( basename "$( readlink -f "${tf}" )" | sed -r -e 's/_[0-9_\.]+[0-9_](-[0-9])?//;' )" +awk 'BEGIN{a=0} a > 0 {$2="1";gsub(/_[0-9_\.]+[0-9_](-[0-9])?/,"");} /^Files/{a=1} {print}' "${tf}" | sed -r -e '/Checksums-.{0,8}:\s*$/,/^Files/{/Files/!{d};}' -e '/^Files/,${s/^ ?[^\s]{32}/ 00000000000000000000000000000000/;};' > "${of}" diff --git a/debian/rules b/debian/rules index 8e199c0..9f2ca42 100755 --- a/debian/rules +++ b/debian/rules @@ -4,11 +4,15 @@ #export DEB_BUILD_MAINT_OPTIONS = hardening=+all #export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic #export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -APPNAME=freeipa-helper +export APPNAME=freeipa-helper %: dh $@ --sourcedirectory=src +override_dh_auto_build: + dh_auto_build + sh debian/make-dsc-for-obs.sh + override_dh_auto_install: dh_auto_install -- prefix=/usr DEFAULTDIR='$$(DESTDIR)/etc/default' diff --git a/src/Makefile b/src/Makefile index c48eefa..a328501 100644 --- a/src/Makefile +++ b/src/Makefile @@ -13,7 +13,7 @@ # Dependencies: APPNAME = freeipa-helper -APPVERSION = 0.0.1 +APPVERSION = 0.0.2 SRCDIR = $(CURDIR) prefix = /usr SYSCONFDIR = $(DESTDIR)/etc @@ -56,8 +56,9 @@ deplist_opts: install: @${echobin} Installing files to ${DESTDIR} - ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1} + ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1} ${APPDIR} ${installbin} -m 0755 -t ${SBINDIR} ${SRCDIR}/usr/sbin/* + ${installbin} -m 0644 -t ${APPDIR} ${SRCDIR}/usr/share/${APPNAME}/* test -L ${BINDIR1}/systemctl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR1}/systemctl test -L ${BINDIR}/hostnamectl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/hostnamectl test -L ${BINDIR}/systemd-detect-virt || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/systemd-detect-virt diff --git a/src/usr/sbin/freeipa-helper-post-install b/src/usr/sbin/freeipa-helper-post-install index e9b61b2..8baa604 100755 --- a/src/usr/sbin/freeipa-helper-post-install +++ b/src/usr/sbin/freeipa-helper-post-install @@ -7,10 +7,12 @@ # Purpose: Turn my configs into a one-liner # History: # 2020-03-11 contents ripped entirely from devuan.txt +# 2020-03-23 add sssd.conf templating # Usage: # sudo freeipa-helper-post-install # References: # /mnt/public/Support/Platforms/devuan/devuan.txt +# almost-bashism for templating from file https://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash/60820800#60820800 # Improve: # Dependencies: # raw: /usr/share/bgconf/confs/kerberos/kerberos.sh @@ -22,5 +24,10 @@ tf=/etc/pam.d/common-session ; ! grep -q 'mkhomedir' "${tf}" && { thisline="$(( # set dns_canonicalize_hostname = true sudo updateval -a /etc/krb5.conf -s '[libdefaults]' '^(\s*dns_canonicalize_hostname\s*=\s*).*' ' dns_canonicalize_hostname = true' test -e /usr/share/bgconf/confs/kerberos/kerberos.sh && sudo sh /usr/share/bgconf/confs/kerberos/kerberos.sh +eval "cat <<EOF >/etc/sssd/sssd.conf +$( cat /usr/share/freeipa-helper/sssd.conf.in ) +EOF +" +chmod 0600 /etc/sssd/sssd.conf service sssd stop ; service sssd start service ssh stop ; service ssh start diff --git a/src/usr/share/freeipa-helper/sssd.conf.in b/src/usr/share/freeipa-helper/sssd.conf.in new file mode 100644 index 0000000..2ab626f --- /dev/null +++ b/src/usr/share/freeipa-helper/sssd.conf.in @@ -0,0 +1,36 @@ +[domain/$( hostname --domain )] + +debug_level = 1 +id_provider = ipa +ipa_server = _srv_, $( hostname --domain ) +ipa_domain = $( hostname --domain ) +ipa_hostname = $( hostname --fqdn ) +auth_provider = ipa +chpass_provider = ipa +access_provider = ipa +cache_credentials = True +ldap_tls_cacert = /etc/ipa/ca.crt +krb5_store_password_if_offline = True +[sssd] +services = nss, pam, ssh, sudo + +domains = $( hostname --domain ) +[nss] +homedir_substring = /home + +[pam] + +[sudo] + +[autofs] + +[ssh] + +[pac] + +[ifp] + +[secrets] + +[session_recording] + |