From a3e27219edd1c77fe9831d4eac1d7310f8afdd06 Mon Sep 17 00:00:00 2001 From: B Stack Date: Mon, 23 Mar 2020 17:01:45 -0400 Subject: fix sssd.conf and improve packaging fix #1 post-install needs to chmod 0600 sssd.conf add sssd.conf.in template add make-dsc-for-obs script bump version to 0.0.2 --- debian/changelog | 8 +++++++ debian/dev | 0 debian/freeipa-helper+devuan.dsc | 14 ++++++++++++ debian/freeipa-helper_devuan.dsc | 14 ------------ debian/make-dsc-for-obs.sh | 10 +++++++++ debian/rules | 6 +++++- src/Makefile | 5 +++-- src/usr/sbin/freeipa-helper-post-install | 7 ++++++ src/usr/share/freeipa-helper/sssd.conf.in | 36 +++++++++++++++++++++++++++++++ 9 files changed, 83 insertions(+), 17 deletions(-) create mode 100644 debian/dev create mode 100644 debian/freeipa-helper+devuan.dsc delete mode 100644 debian/freeipa-helper_devuan.dsc create mode 100755 debian/make-dsc-for-obs.sh create mode 100644 src/usr/share/freeipa-helper/sssd.conf.in diff --git a/debian/changelog b/debian/changelog index 54d2d86..e845b95 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +freeipa-helper (0.0.2-1+devuan) obs; urgency=medium + + * Fix post-install needs to chmod 0600 sssd.conf + [#1](https://gitlab.com/bgstack15/freeipa-helper/-/issues/1) + * Add sssd.conf template + + -- Ben Stack Mon, 23 Mar 2020 16:25:09 -0400 + freeipa-helper (0.0.1-1+devuan) obs; urgency=low * Initial release. diff --git a/debian/dev b/debian/dev new file mode 100644 index 0000000..e69de29 diff --git a/debian/freeipa-helper+devuan.dsc b/debian/freeipa-helper+devuan.dsc new file mode 100644 index 0000000..521b32f --- /dev/null +++ b/debian/freeipa-helper+devuan.dsc @@ -0,0 +1,14 @@ +Format: 3.0 (quilt) +Source: freeipa-helper +Binary: freeipa-helper +Architecture: all +Version: 0.0.2-1+devuan +Maintainer: Ben Stack +Homepage: https://gitlab.com/bgstack15/freeipa-helper +Standards-Version: 4.1.4 +Build-Depends: debhelper (>= 12~) +Package-List: + freeipa-helper deb net optional arch=all +Files: + 00000000000000000000000000000000 1 freeipa-helper.orig.tar.gz + 00000000000000000000000000000000 1 freeipa-helper+devuan.debian.tar.xz diff --git a/debian/freeipa-helper_devuan.dsc b/debian/freeipa-helper_devuan.dsc deleted file mode 100644 index 0b8e86b..0000000 --- a/debian/freeipa-helper_devuan.dsc +++ /dev/null @@ -1,14 +0,0 @@ -Format: 3.0 (quilt) -Source: freeipa-helper -Binary: freeipa-helper -Architecture: all -Version: 0.0.1-1+devuan -Maintainer: Ben Stack -Homepage: https://gitlab.com/bgstack15/freeipa-helper -Standards-Version: 4.1.4 -Build-Depends: debhelper (>= 12~) -Package-List: - freeipa-helper deb net optional arch=all -Files: - 00000000000000000000000000000000 1 freeipa-helper.orig.tar.gz - 00000000000000000000000000000000 1 freeipa-helper_devuan.debian.tar.xz diff --git a/debian/make-dsc-for-obs.sh b/debian/make-dsc-for-obs.sh new file mode 100755 index 0000000..da1c0b7 --- /dev/null +++ b/debian/make-dsc-for-obs.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# Goal: convert the fresh dsc file to a generic one for obs that omits version and checksum info on filenames +# Use in debian/rules: +# APPNAME=name-of-binary-package +# override_dh_auto_build: +# dh_auto_build +# sh debian/make-dsc-for-obs.sh +tf="../$( find .. -maxdepth 1 -name "${APPNAME}_*dsc" -printf '%T@ %f\n' | sort | tail -n1 | awk '{print $NF}' )" +of="debian/$( basename "$( readlink -f "${tf}" )" | sed -r -e 's/_[0-9_\.]+[0-9_](-[0-9])?//;' )" +awk 'BEGIN{a=0} a > 0 {$2="1";gsub(/_[0-9_\.]+[0-9_](-[0-9])?/,"");} /^Files/{a=1} {print}' "${tf}" | sed -r -e '/Checksums-.{0,8}:\s*$/,/^Files/{/Files/!{d};}' -e '/^Files/,${s/^ ?[^\s]{32}/ 00000000000000000000000000000000/;};' > "${of}" diff --git a/debian/rules b/debian/rules index 8e199c0..9f2ca42 100755 --- a/debian/rules +++ b/debian/rules @@ -4,11 +4,15 @@ #export DEB_BUILD_MAINT_OPTIONS = hardening=+all #export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic #export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -APPNAME=freeipa-helper +export APPNAME=freeipa-helper %: dh $@ --sourcedirectory=src +override_dh_auto_build: + dh_auto_build + sh debian/make-dsc-for-obs.sh + override_dh_auto_install: dh_auto_install -- prefix=/usr DEFAULTDIR='$$(DESTDIR)/etc/default' diff --git a/src/Makefile b/src/Makefile index c48eefa..a328501 100644 --- a/src/Makefile +++ b/src/Makefile @@ -13,7 +13,7 @@ # Dependencies: APPNAME = freeipa-helper -APPVERSION = 0.0.1 +APPVERSION = 0.0.2 SRCDIR = $(CURDIR) prefix = /usr SYSCONFDIR = $(DESTDIR)/etc @@ -56,8 +56,9 @@ deplist_opts: install: @${echobin} Installing files to ${DESTDIR} - ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1} + ${installbin} -d ${SBINDIR} ${DOCDIR} ${BINDIR} ${BINDIR1} ${APPDIR} ${installbin} -m 0755 -t ${SBINDIR} ${SRCDIR}/usr/sbin/* + ${installbin} -m 0644 -t ${APPDIR} ${SRCDIR}/usr/share/${APPNAME}/* test -L ${BINDIR1}/systemctl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR1}/systemctl test -L ${BINDIR}/hostnamectl || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/hostnamectl test -L ${BINDIR}/systemd-detect-virt || ${lnbin} -s ${SBINDIR}/systemctl ${BINDIR}/systemd-detect-virt diff --git a/src/usr/sbin/freeipa-helper-post-install b/src/usr/sbin/freeipa-helper-post-install index e9b61b2..8baa604 100755 --- a/src/usr/sbin/freeipa-helper-post-install +++ b/src/usr/sbin/freeipa-helper-post-install @@ -7,10 +7,12 @@ # Purpose: Turn my configs into a one-liner # History: # 2020-03-11 contents ripped entirely from devuan.txt +# 2020-03-23 add sssd.conf templating # Usage: # sudo freeipa-helper-post-install # References: # /mnt/public/Support/Platforms/devuan/devuan.txt +# almost-bashism for templating from file https://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash/60820800#60820800 # Improve: # Dependencies: # raw: /usr/share/bgconf/confs/kerberos/kerberos.sh @@ -22,5 +24,10 @@ tf=/etc/pam.d/common-session ; ! grep -q 'mkhomedir' "${tf}" && { thisline="$(( # set dns_canonicalize_hostname = true sudo updateval -a /etc/krb5.conf -s '[libdefaults]' '^(\s*dns_canonicalize_hostname\s*=\s*).*' ' dns_canonicalize_hostname = true' test -e /usr/share/bgconf/confs/kerberos/kerberos.sh && sudo sh /usr/share/bgconf/confs/kerberos/kerberos.sh +eval "cat </etc/sssd/sssd.conf +$( cat /usr/share/freeipa-helper/sssd.conf.in ) +EOF +" +chmod 0600 /etc/sssd/sssd.conf service sssd stop ; service sssd start service ssh stop ; service ssh start diff --git a/src/usr/share/freeipa-helper/sssd.conf.in b/src/usr/share/freeipa-helper/sssd.conf.in new file mode 100644 index 0000000..2ab626f --- /dev/null +++ b/src/usr/share/freeipa-helper/sssd.conf.in @@ -0,0 +1,36 @@ +[domain/$( hostname --domain )] + +debug_level = 1 +id_provider = ipa +ipa_server = _srv_, $( hostname --domain ) +ipa_domain = $( hostname --domain ) +ipa_hostname = $( hostname --fqdn ) +auth_provider = ipa +chpass_provider = ipa +access_provider = ipa +cache_credentials = True +ldap_tls_cacert = /etc/ipa/ca.crt +krb5_store_password_if_offline = True +[sssd] +services = nss, pam, ssh, sudo + +domains = $( hostname --domain ) +[nss] +homedir_substring = /home + +[pam] + +[sudo] + +[autofs] + +[ssh] + +[pac] + +[ifp] + +[secrets] + +[session_recording] + -- cgit