diff options
| -rw-r--r-- | 70_ipasam_cron | 3 | ||||
| -rw-r--r-- | README.md | 51 | ||||
| -rw-r--r-- | copr.example | 9 | ||||
| -rw-r--r-- | ipasam.example | 9 | ||||
| -rw-r--r-- | ipasam.spec | 54 | ||||
| -rwxr-xr-x | update-ipasam-rpm.sh | 59 |
6 files changed, 185 insertions, 0 deletions
diff --git a/70_ipasam_cron b/70_ipasam_cron new file mode 100644 index 0000000..59c1105 --- /dev/null +++ b/70_ipasam_cron @@ -0,0 +1,3 @@ +# File: /etc/cron.d/70_ipasam_cron +# Project: update-ipasam-rpm +00 03 * * * copruser /bin/sh /home/copruser/bin/update-ipasam-rpm.sh 1>/dev/null 2>&1 diff --git a/README.md b/README.md new file mode 100644 index 0000000..61e23c7 --- /dev/null +++ b/README.md @@ -0,0 +1,51 @@ +# Readme for update-ipasam-rpm + +## Overview +Update-ipasam-rpm is a project that facilitates building a custom rpm with just the one file that samba needs to authenticate users to ipa. + +## Update-ipasam-rpm upstream +[This repository](https://gitlab.com/bgstack15/ipasam/) is upstream. This is original work. + +## Reason for existing +The proper `ipa-server-trust-ad` rpm has a large number of dependencies which are not necessary merely when using samba with ipa user authentication, so this project copies that file out and builds a small rpm just for the one file. This makes my samba file server need fewer packages installed. + +## Alternatives +Install `ipa-server-trust-ad` with all of its dependencies, which is way more than I want to use when I just need ipasam.so. + +## Dependencies +For any rpm-based system, but primarily AlmaLinux 8, the server that runs the cron job needs a few things: + +* Http/s access to a package mirror +* Https access to [copr](https://copr.fedorainfracloud.org/) to initiate builds +* Https access to [gitlab](https://gitlab.com/bgstack15/ipasam/) to pull ipasam.spec template +* Packages: `copr-cli`, `rpmbuild` +* Unprivileged user, shown in this documentation as username `copruser` + +The copr api can be used with a copr user with a generated api key ([Reference 1](https://copr.fedorainfracloud.org/api/)). + +## Files in the project + +* `~copruser/.config/copr` +* `~copruser/.config/ipasam` +* `~copruser/bin/update-ipasam-rpm.sh` +* `/etc/cron/70_ipasam_cron` +* `~copruser/.cache/ipasam.spec` (generated by modifying spec from this repo) +* `~copruser/.cache/ipa-server-trust-ad.ver` (generated) +* `~copruser/rpmbuild/SRPMS/iapsam*.srpm` (generated) + +## Usage + +* Create user `copruser` or other unprivileged user as desired. +* Deploy the non-generated files from this repository to the above locations and inspect the config files. +* Prepare a user on the [copr](https://copr.fedorainfracloud.org/) and generate an api key and place in file `~copruser/.config/copr`. +* Run the command manually to see it operate. + + ~/bin/update-ipasam-rpm.sh + +* Visit your copr project to see the ipasam rpm that you built! + +## Differences from upstream +N/A + +## References +1. [COPR API introduction](https://copr.fedorainfracloud.org/api/) diff --git a/copr.example b/copr.example new file mode 100644 index 0000000..3159ee5 --- /dev/null +++ b/copr.example @@ -0,0 +1,9 @@ +# File: ~copruser/.config/copr +# Project: update-ipasam-rpm +[copr-cli] +login = ligoajgowkjoglwigj3r +username = yourcoprusername +token = bojwioqk2baondkrpowiwknaktokit +copr_url = https://copr.fedorainfracloud.org +# expiration date: 2022-11-01 +# https://copr.fedorainfracloud.org/api/ diff --git a/ipasam.example b/ipasam.example new file mode 100644 index 0000000..cf54e5c --- /dev/null +++ b/ipasam.example @@ -0,0 +1,9 @@ +# File: ~copruser/.config/ipasam +# Project: update-ipasam-rpm +# Usage: dot-sourced by update-ipasam-rpm.sh +# Path to web directory that contains ipa-server-trust-ad rpm files. Have to do it this way because ipa-server-trust-ad package is in different dnf module than what this server uses so it is not visible from dnf. +mirror_path="http://www.example.com/mirror/almalinux/8/AppStream/x86_64/os/Packages/" +# Url of ipasam.spec template file +spec_url="https://gitlab.com/bgstack15/ipasam/-/raw/master/ipasam.spec" +# COPR project name, under your username +coprrepo=stackrpms diff --git a/ipasam.spec b/ipasam.spec new file mode 100644 index 0000000..2fe9951 --- /dev/null +++ b/ipasam.spec @@ -0,0 +1,54 @@ +# Project: update-ipasam-rpm +%define upstream ipa-server-trust-ad +%define samso %( rpm -ql %{upstream} 2>/dev/null | grep ipasam ) +# For the srpm generation on a local machine, ipasam.so is absent +# but that is OK because we will build the real ipasam package +# in copr. +%if "%{samso}" == "" +%define samso /usr/lib64/samba/pdb/ipasam.so +%define error1 1 +%endif +%define samsodir %( dirname %{samso} ) +%define samver %( rpm -q --qf '%%{version}' %{upstream} ) +%define samrel %( rpm -q --qf '%%{release}' %{upstream} ) +Name: ipasam +Version: %{samver} +Release: %{samrel} +Summary: Just the ipasam.so file +Provides: %{upstream} +Conflicts: %{upstream} + +License: GPL 3.0 +URL: https://gitlab.com/bgstack15/ipasam/ +#Source0: ipasam.spec + +BuildRequires: %{upstream} +#Requires: + +%description +To use samba with ipa user resolution, you need ipasam.so +which normally comes from %{upstream} but that has many +extraneous dependencies. Samba needs only the ipasam.so +file, so this package has just that file. + +%prep +%if 0%{?error1} +echo "Info: ipasam.so is absent. This is normal only for the local system srpm preparation." 1>&2 +echo "The file needs to exist for copr builds." 1>&2 +%endif +: + +%build +: + +%install +%{__install} --directory -m0755 %{buildroot}%{samsodir} +%{__install} -m0755 %{samso} %{buildroot}%{samso} + +%files +%{samso} +%doc + +%changelog +* Thu May 05 2022 B. Stack <bgstack15@gmail.com> - %{samver} +- Initial release diff --git a/update-ipasam-rpm.sh b/update-ipasam-rpm.sh new file mode 100755 index 0000000..b292d72 --- /dev/null +++ b/update-ipasam-rpm.sh @@ -0,0 +1,59 @@ +#!/bin/sh +# File: update-ipasam-rpm.sh +# Location: https://gitlab.com/bgstack15/stackrpms/ +# Author: bgstack15 +# Startdate: 2022-05-05 10:09 +# SPDX-License-Identifier: GPL-3.0 +# Title: Update ipasam rpm +# Project: update-ipasam-rpm +# Purpose: Build new ipasam package when ipa-server-trust-ad increments +# History: +# Usage: +# on AlmaLinux 8 system (storage3) in cron. +# Dependencies: +# file ~/.config/copr with contents described from https://copr.fedorainfracloud.org/api/ +# plecho from bgscripts +# Multiple variables in ~/.config/ipasam: mirror_path and spec_url + +test -e ~/.config/ipasam && . ~/.config/ipasam +test -z "${old_ver_file}" && old_ver_file=~/.cache/ipa-server-trust-ad.ver +old_ver_fd="$( dirname "${old_ver_file}" )" +# Path to web directory that contains ipa-server-trust-ad rpm files. Have to do it this way because ipa-server-trust-ad package is in different dnf module than what this server uses so it is not visible from dnf. +test -z "${mirror_path}" && mirror_path="http://www.example.com/mirror/almalinux/8/AppStream/x86_64/os/Packages/" +test -z "${spec_url}" && spec_url="https://gitlab.com/bgstack15/stackrpms/-/raw/ipasam-bump/ipasam/ipasam.spec" +test -z "${logfile}" && logfile=~/log/copr-ipasam.log +test -z "${coprrepo}" && coprrepo=stackrpms +logfd="$( dirname "${logfile}" )" + +test ! -d "${logfd}" && mkdir -p "${logfd}" +{ + # compare old to new version + # get old version + old_ver="$( cat "${old_ver_file}" 2>/dev/null )" + # get newest version available + page="$( curl "${mirror_path}" --silent )" + latest_file="$( echo "${page}" | awk -F'>' '/ipa-server-trust-ad/{print $2}' | awk -F'"' '{print $2}' | sort --version-sort | tail -n1 )" + # Awk $5 because package name takes first four columns when splitting with dash + latest_ver="$( echo "${latest_file}" | awk -F'-' 'BEGIN{OFS="-"} {print $5}' )" + latest_rel="$( echo "${latest_file}" | awk -F'-' '{print $6}' | awk -F'.' '{print $1}' )" + echo "${latest_ver}-${latest_rel}" + new_ver="${latest_ver}-${latest_rel}" + # if not the same, do stuff + if test "${new_ver}" != "${old_ver}" ; + then + echo "Need to do stuff, because new ${new_ver} != ${old_ver}" + cd ~/.cache # use cache directory + rm ipasam.spec ; wget "${spec_url}" + sed -i -r ipasam.spec \ + -e "/%define samver\>/s/%\(.*$/${latest_ver}/;" \ + -e "/%define samrel\>/s/%\(.*$/${latest_rel}/;" + rpmbuild --nodeps -bs ipasam.spec && { + copr build --exclude-chroot 'epel-6-i386' --exclude-chroot 'epel-6-x86_64' --exclude-chroot 'fedora-34-i386' --exclude-chroot 'fedora-35-i386' --exclude-chroot 'fedora-36-i386' --exclude-chroot 'fedora-rawhide-i386' --nowait "${coprrepo}" ~/rpmbuild/SRPMS/ipasam-${new_ver}.src.rpm + test ! -d "${old_ver_fd}" && mkdir p "${old_ver_fd}" + echo "${new_ver}" > "${old_ver_file}" + rm ~/.cache/ipasam.spec + } + else + echo "Current version already: ${new_ver}" + fi +} 2>&1 | /usr/bin/plecho | tee -a "${logfile}" |