From 47f59a5bad636ff35c2ffd0a94b8ad234f471652 Mon Sep 17 00:00:00 2001
From: "B. Stack" <bgstack15@gmail.com>
Date: Fri, 6 May 2022 09:59:41 -0400
Subject: initial commit

---
 70_ipasam_cron       |  3 +++
 README.md            | 51 +++++++++++++++++++++++++++++++++++++++++++++
 copr.example         |  9 ++++++++
 ipasam.example       |  9 ++++++++
 ipasam.spec          | 54 +++++++++++++++++++++++++++++++++++++++++++++++
 update-ipasam-rpm.sh | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 185 insertions(+)
 create mode 100644 70_ipasam_cron
 create mode 100644 README.md
 create mode 100644 copr.example
 create mode 100644 ipasam.example
 create mode 100644 ipasam.spec
 create mode 100755 update-ipasam-rpm.sh

diff --git a/70_ipasam_cron b/70_ipasam_cron
new file mode 100644
index 0000000..59c1105
--- /dev/null
+++ b/70_ipasam_cron
@@ -0,0 +1,3 @@
+# File: /etc/cron.d/70_ipasam_cron
+# Project: update-ipasam-rpm
+00 03 * * *  copruser  /bin/sh /home/copruser/bin/update-ipasam-rpm.sh 1>/dev/null 2>&1
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..61e23c7
--- /dev/null
+++ b/README.md
@@ -0,0 +1,51 @@
+# Readme for update-ipasam-rpm
+
+## Overview
+Update-ipasam-rpm is a project that facilitates building a custom rpm with just the one file that samba needs to authenticate users to ipa.
+
+## Update-ipasam-rpm upstream
+[This repository](https://gitlab.com/bgstack15/ipasam/) is upstream. This is original work.
+
+## Reason for existing
+The proper `ipa-server-trust-ad` rpm has a large number of dependencies which are not necessary merely when using samba with ipa user authentication, so this project copies that file out and builds a small rpm just for the one file. This makes my samba file server need fewer packages installed.
+
+## Alternatives
+Install `ipa-server-trust-ad` with all of its dependencies, which is way more than I want to use when I just need ipasam.so.
+
+## Dependencies
+For any rpm-based system, but primarily AlmaLinux 8, the server that runs the cron job needs a few things:
+
+* Http/s access to a package mirror
+* Https access to [copr](https://copr.fedorainfracloud.org/) to initiate builds
+* Https access to [gitlab](https://gitlab.com/bgstack15/ipasam/) to pull ipasam.spec template
+* Packages: `copr-cli`, `rpmbuild`
+* Unprivileged user, shown in this documentation as username `copruser`
+
+The copr api can be used with a copr user with a generated api key ([Reference 1](https://copr.fedorainfracloud.org/api/)).
+
+## Files in the project
+
+* `~copruser/.config/copr`
+* `~copruser/.config/ipasam`
+* `~copruser/bin/update-ipasam-rpm.sh`
+* `/etc/cron/70_ipasam_cron`
+* `~copruser/.cache/ipasam.spec` (generated by modifying spec from this repo)
+* `~copruser/.cache/ipa-server-trust-ad.ver` (generated)
+* `~copruser/rpmbuild/SRPMS/iapsam*.srpm` (generated)
+
+## Usage
+
+* Create user `copruser` or other unprivileged user as desired. 
+* Deploy the non-generated files from this repository to the above locations and inspect the config files.
+* Prepare a user on the [copr](https://copr.fedorainfracloud.org/) and generate an api key and place in file `~copruser/.config/copr`. 
+* Run the command manually to see it operate.
+
+    ~/bin/update-ipasam-rpm.sh
+
+* Visit your copr project to see the ipasam rpm that you built!
+
+## Differences from upstream
+N/A
+
+## References
+1. [COPR API introduction](https://copr.fedorainfracloud.org/api/)
diff --git a/copr.example b/copr.example
new file mode 100644
index 0000000..3159ee5
--- /dev/null
+++ b/copr.example
@@ -0,0 +1,9 @@
+# File: ~copruser/.config/copr
+# Project: update-ipasam-rpm
+[copr-cli]
+login = ligoajgowkjoglwigj3r
+username = yourcoprusername
+token = bojwioqk2baondkrpowiwknaktokit
+copr_url = https://copr.fedorainfracloud.org
+# expiration date: 2022-11-01
+# https://copr.fedorainfracloud.org/api/
diff --git a/ipasam.example b/ipasam.example
new file mode 100644
index 0000000..cf54e5c
--- /dev/null
+++ b/ipasam.example
@@ -0,0 +1,9 @@
+# File: ~copruser/.config/ipasam
+# Project: update-ipasam-rpm
+# Usage: dot-sourced by update-ipasam-rpm.sh
+# Path to web directory that contains ipa-server-trust-ad rpm files. Have to do it this way because ipa-server-trust-ad package is in different dnf module than what this server uses so it is not visible from dnf.
+mirror_path="http://www.example.com/mirror/almalinux/8/AppStream/x86_64/os/Packages/"
+# Url of ipasam.spec template file
+spec_url="https://gitlab.com/bgstack15/ipasam/-/raw/master/ipasam.spec"
+# COPR project name, under your username
+coprrepo=stackrpms
diff --git a/ipasam.spec b/ipasam.spec
new file mode 100644
index 0000000..2fe9951
--- /dev/null
+++ b/ipasam.spec
@@ -0,0 +1,54 @@
+# Project: update-ipasam-rpm
+%define upstream ipa-server-trust-ad
+%define samso %( rpm -ql %{upstream} 2>/dev/null | grep ipasam )
+# For the srpm generation on a local machine, ipasam.so is absent
+# but that is OK because we will build the real ipasam package
+# in copr.
+%if "%{samso}" == ""
+%define samso /usr/lib64/samba/pdb/ipasam.so
+%define error1 1
+%endif
+%define samsodir %( dirname %{samso} )
+%define samver %( rpm -q --qf '%%{version}' %{upstream} )
+%define samrel %( rpm -q --qf '%%{release}' %{upstream} )
+Name:		ipasam
+Version:	%{samver}
+Release:	%{samrel}
+Summary:	Just the ipasam.so file
+Provides: %{upstream}
+Conflicts: %{upstream}
+
+License:	GPL 3.0
+URL:		https://gitlab.com/bgstack15/ipasam/
+#Source0:	ipasam.spec
+
+BuildRequires:	%{upstream}
+#Requires:	
+
+%description
+To use samba with ipa user resolution, you need ipasam.so
+which normally comes from %{upstream} but that has many
+extraneous dependencies. Samba needs only the ipasam.so
+file, so this package has just that file.
+
+%prep
+%if 0%{?error1}
+echo "Info: ipasam.so is absent. This is normal only for the local system srpm preparation." 1>&2
+echo "The file needs to exist for copr builds." 1>&2
+%endif
+:
+
+%build
+:
+
+%install
+%{__install} --directory -m0755 %{buildroot}%{samsodir}
+%{__install} -m0755 %{samso} %{buildroot}%{samso}
+
+%files
+%{samso}
+%doc
+
+%changelog
+* Thu May 05 2022 B. Stack <bgstack15@gmail.com> - %{samver}
+- Initial release
diff --git a/update-ipasam-rpm.sh b/update-ipasam-rpm.sh
new file mode 100755
index 0000000..b292d72
--- /dev/null
+++ b/update-ipasam-rpm.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+# File: update-ipasam-rpm.sh
+# Location: https://gitlab.com/bgstack15/stackrpms/
+# Author: bgstack15
+# Startdate: 2022-05-05 10:09
+# SPDX-License-Identifier: GPL-3.0
+# Title: Update ipasam rpm
+# Project: update-ipasam-rpm
+# Purpose: Build new ipasam package when ipa-server-trust-ad increments
+# History:
+# Usage:
+#    on AlmaLinux 8 system (storage3) in cron.
+# Dependencies:
+#    file ~/.config/copr with contents described from https://copr.fedorainfracloud.org/api/
+#    plecho from bgscripts
+#    Multiple variables in ~/.config/ipasam: mirror_path and spec_url
+
+test -e ~/.config/ipasam && . ~/.config/ipasam
+test -z "${old_ver_file}" && old_ver_file=~/.cache/ipa-server-trust-ad.ver
+old_ver_fd="$( dirname "${old_ver_file}" )"
+# Path to web directory that contains ipa-server-trust-ad rpm files. Have to do it this way because ipa-server-trust-ad package is in different dnf module than what this server uses so it is not visible from dnf.
+test -z "${mirror_path}" && mirror_path="http://www.example.com/mirror/almalinux/8/AppStream/x86_64/os/Packages/"
+test -z "${spec_url}" && spec_url="https://gitlab.com/bgstack15/stackrpms/-/raw/ipasam-bump/ipasam/ipasam.spec"
+test -z "${logfile}" && logfile=~/log/copr-ipasam.log
+test -z "${coprrepo}" && coprrepo=stackrpms
+logfd="$( dirname "${logfile}" )"
+
+test ! -d "${logfd}" && mkdir -p "${logfd}"
+{
+   # compare old to new version
+   # get old version
+   old_ver="$( cat "${old_ver_file}" 2>/dev/null )"
+   # get newest version available
+   page="$( curl "${mirror_path}" --silent )"
+   latest_file="$( echo "${page}" | awk -F'>' '/ipa-server-trust-ad/{print $2}' | awk -F'"' '{print $2}' | sort --version-sort | tail -n1 )"
+   # Awk $5 because package name takes first four columns when splitting with dash
+   latest_ver="$( echo "${latest_file}" | awk -F'-' 'BEGIN{OFS="-"} {print $5}' )"
+   latest_rel="$( echo "${latest_file}" | awk -F'-' '{print $6}' | awk -F'.' '{print $1}' )"
+   echo "${latest_ver}-${latest_rel}"
+   new_ver="${latest_ver}-${latest_rel}"
+   # if not the same, do stuff
+   if test "${new_ver}" != "${old_ver}" ;
+   then
+      echo "Need to do stuff, because new ${new_ver} != ${old_ver}"
+      cd ~/.cache # use cache directory
+      rm ipasam.spec ; wget "${spec_url}"
+      sed -i -r ipasam.spec \
+         -e "/%define samver\>/s/%\(.*$/${latest_ver}/;" \
+         -e "/%define samrel\>/s/%\(.*$/${latest_rel}/;"
+      rpmbuild --nodeps -bs ipasam.spec && {
+         copr build --exclude-chroot 'epel-6-i386' --exclude-chroot 'epel-6-x86_64' --exclude-chroot 'fedora-34-i386' --exclude-chroot 'fedora-35-i386' --exclude-chroot 'fedora-36-i386' --exclude-chroot 'fedora-rawhide-i386' --nowait "${coprrepo}" ~/rpmbuild/SRPMS/ipasam-${new_ver}.src.rpm
+         test ! -d "${old_ver_fd}" && mkdir p "${old_ver_fd}"
+         echo "${new_ver}" > "${old_ver_file}"
+         rm ~/.cache/ipasam.spec
+      }
+   else
+      echo "Current version already: ${new_ver}"
+   fi
+} 2>&1 | /usr/bin/plecho | tee -a "${logfile}"
-- 
cgit