aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog8
-rw-r--r--debian/dev0
-rw-r--r--debian/freeipa-helper+devuan.dsc (renamed from debian/freeipa-helper_devuan.dsc)4
-rwxr-xr-xdebian/make-dsc-for-obs.sh10
-rwxr-xr-xdebian/rules6
-rw-r--r--src/Makefile5
-rwxr-xr-xsrc/usr/sbin/freeipa-helper-post-install7
-rw-r--r--src/usr/share/freeipa-helper/sssd.conf.in36
8 files changed, 71 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog
index 54d2d86..e845b95 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+freeipa-helper (0.0.2-1+devuan) obs; urgency=medium
+
+ * Fix post-install needs to chmod 0600 sssd.conf
+ [#1](https://gitlab.com/bgstack15/freeipa-helper/-/issues/1)
+ * Add sssd.conf template
+
+ -- Ben Stack <bgstack15@gmail.com> Mon, 23 Mar 2020 16:25:09 -0400
+
freeipa-helper (0.0.1-1+devuan) obs; urgency=low
* Initial release.
diff --git a/debian/dev b/debian/dev
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/debian/dev
diff --git a/debian/freeipa-helper_devuan.dsc b/debian/freeipa-helper+devuan.dsc
index 0b8e86b..521b32f 100644
--- a/debian/freeipa-helper_devuan.dsc
+++ b/debian/freeipa-helper+devuan.dsc
@@ -2,7 +2,7 @@ Format: 3.0 (quilt)
Source: freeipa-helper
Binary: freeipa-helper
Architecture: all
-Version: 0.0.1-1+devuan
+Version: 0.0.2-1+devuan
Maintainer: Ben Stack <bgstack15@gmail.com>
Homepage: https://gitlab.com/bgstack15/freeipa-helper
Standards-Version: 4.1.4
@@ -11,4 +11,4 @@ Package-List:
freeipa-helper deb net optional arch=all
Files:
00000000000000000000000000000000 1 freeipa-helper.orig.tar.gz
- 00000000000000000000000000000000 1 freeipa-helper_devuan.debian.tar.xz
+ 00000000000000000000000000000000 1 freeipa-helper+devuan.debian.tar.xz
diff --git a/debian/make-dsc-for-obs.sh b/debian/make-dsc-for-obs.sh
new file mode 100755
index 0000000..da1c0b7
--- /dev/null
+++ b/debian/make-dsc-for-obs.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Goal: convert the fresh dsc file to a generic one for obs that omits version and checksum info on filenames
+# Use in debian/rules:
+# APPNAME=name-of-binary-package
+# override_dh_auto_build:
+# dh_auto_build
+# sh debian/make-dsc-for-obs.sh
+tf="../$( find .. -maxdepth 1 -name "${APPNAME}_*dsc" -printf '%T@ %f\n' | sort | tail -n1 | awk '{print $NF}' )"
+of="debian/$( basename "$( readlink -f "${tf}" )" | sed -r -e 's/_[0-9_\.]+[0-9_](-[0-9])?//;' )"
+awk 'BEGIN{a=0} a > 0 {$2="1";gsub(/_[0-9_\.]+[0-9_](-[0-9])?/,"");} /^Files/{a=1} {print}' "${tf}" | sed -r -e '/Checksums-.{0,8}:\s*$/,/^Files/{/Files/!{d};}' -e '/^Files/,${s/^ ?[^\s]{32}/ 00000000000000000000000000000000/;};' > "${of}"
diff --git a/debian/rules b/debian/rules
index 8e199c0..9f2ca42 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,11 +4,15 @@
#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic
#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
-APPNAME=freeipa-helper
+export APPNAME=freeipa-helper
%:
dh $@ --sourcedirectory=src
+override_dh_auto_build:
+ dh_auto_build
+ sh debian/make-dsc-for-obs.sh
+
override_dh_auto_install:
dh_auto_install -- prefix=/usr DEFAULTDIR='$$(DESTDIR)/etc/default'
diff --git a/src/Makefile b/src/Makefile
index c48eefa..a328501 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -13,7 +13,7 @@
# Dependencies:
APPNAME = freeipa-helper
-APPVERSION = 0.0.1
+APPVERSION = 0.0.2
SRCDIR = $(CURDIR)
prefix = /usr
SYSCONFDIR = $(DESTDIR)/etc
@@ -56,8 +56,9 @@ deplist_opts:
install:
@${echobin} Installing files to ${DESTDIR}
- ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1}
+ ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1} ${APPDIR}
${installbin} -m 0755 -t ${SBINDIR} ${SRCDIR}/usr/sbin/*
+ ${installbin} -m 0644 -t ${APPDIR} ${SRCDIR}/usr/share/${APPNAME}/*
test -L ${BINDIR1}/systemctl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR1}/systemctl
test -L ${BINDIR}/hostnamectl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/hostnamectl
test -L ${BINDIR}/systemd-detect-virt || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/systemd-detect-virt
diff --git a/src/usr/sbin/freeipa-helper-post-install b/src/usr/sbin/freeipa-helper-post-install
index e9b61b2..8baa604 100755
--- a/src/usr/sbin/freeipa-helper-post-install
+++ b/src/usr/sbin/freeipa-helper-post-install
@@ -7,10 +7,12 @@
# Purpose: Turn my configs into a one-liner
# History:
# 2020-03-11 contents ripped entirely from devuan.txt
+# 2020-03-23 add sssd.conf templating
# Usage:
# sudo freeipa-helper-post-install
# References:
# /mnt/public/Support/Platforms/devuan/devuan.txt
+# almost-bashism for templating from file https://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash/60820800#60820800
# Improve:
# Dependencies:
# raw: /usr/share/bgconf/confs/kerberos/kerberos.sh
@@ -22,5 +24,10 @@ tf=/etc/pam.d/common-session ; ! grep -q 'mkhomedir' "${tf}" && { thisline="$((
# set dns_canonicalize_hostname = true
sudo updateval -a /etc/krb5.conf -s '[libdefaults]' '^(\s*dns_canonicalize_hostname\s*=\s*).*' ' dns_canonicalize_hostname = true'
test -e /usr/share/bgconf/confs/kerberos/kerberos.sh && sudo sh /usr/share/bgconf/confs/kerberos/kerberos.sh
+eval "cat <<EOF >/etc/sssd/sssd.conf
+$( cat /usr/share/freeipa-helper/sssd.conf.in )
+EOF
+"
+chmod 0600 /etc/sssd/sssd.conf
service sssd stop ; service sssd start
service ssh stop ; service ssh start
diff --git a/src/usr/share/freeipa-helper/sssd.conf.in b/src/usr/share/freeipa-helper/sssd.conf.in
new file mode 100644
index 0000000..2ab626f
--- /dev/null
+++ b/src/usr/share/freeipa-helper/sssd.conf.in
@@ -0,0 +1,36 @@
+[domain/$( hostname --domain )]
+
+debug_level = 1
+id_provider = ipa
+ipa_server = _srv_, $( hostname --domain )
+ipa_domain = $( hostname --domain )
+ipa_hostname = $( hostname --fqdn )
+auth_provider = ipa
+chpass_provider = ipa
+access_provider = ipa
+cache_credentials = True
+ldap_tls_cacert = /etc/ipa/ca.crt
+krb5_store_password_if_offline = True
+[sssd]
+services = nss, pam, ssh, sudo
+
+domains = $( hostname --domain )
+[nss]
+homedir_substring = /home
+
+[pam]
+
+[sudo]
+
+[autofs]
+
+[ssh]
+
+[pac]
+
+[ifp]
+
+[secrets]
+
+[session_recording]
+
bgstack15