From 03645c8bf2e747e8f76679c1eb031e4d86d4e035 Mon Sep 17 00:00:00 2001
From: Jinna Kiisuo <jinnak@nocturnal.fi>
Date: Tue, 15 Oct 2024 05:27:48 +0300
Subject: [PATCH] Improve deb packaging, add aarch64 (#3083)
* feat: Rebuild the deb packaging flow
fix: Add more sudo, GHA likes sudo
fix: Give build_debs.sh only the triplet argument
fix: Work around more GHA weirdness in apt sources
Drop crossbuild as it was only used by debian packaging
docs: Update book and other docs for packaging flow
feat: package kanidm_tools aka kanidm cli
docs: Update packaging docs for latest process and clarity
fix: use full triple in sdynlib variants
fix: Correct kanidm.pam asset placement
fix: Give pam & nss modules a description so the debs get it
fix: Work around wonky libssl3 naming in Ubuntu 24.04
fix: Place kanidm bin correctly :3
feat: Pin all blame on @yaleman :3
WIP: Swap out the submodule reference. Still not the final one though.
refactor: Switch kanidm-pam & kanidm-nss to mandatory deps
While in theory unixd will start and run without them, it also won't do
anything useful.
fix: explicit depends for nss & pam libs without versions
We build the debs on the ubuntu24.04 GHA runner so automatic pins
versions that are too new for 22.04. Ideally we'd run cargo-deb also on
the target images but that'll have to be a future improvement.
* refactor: Switch nss_kanidm & pam_kanidm package naming closer to debian guidance
* feat: Attempt enabling unixd by default with secure defaults
* fix: Relax config permissions so the kanidm user can read
Also, update postinst config instructions
---
.github/workflows/debian_package_kanidm.yml | 85 ----------
.gitmodules | 3 +
book/src/integrations/pam_and_nsswitch.md | 4 +-
book/src/packaging/debian_ubuntu_packaging.md | 110 +++++++++----
book/src/packaging/ppa_packages.md | 15 +-
examples/kanidm-safe-default | 7 +
examples/unixd-safe-default | 17 ++
platform/crossbuild/README.md | 39 -----
platform/crossbuild/build.sh | 49 ------
platform/crossbuild/ubuntu-20.04/Cross.toml | 18 ---
platform/crossbuild/ubuntu-20.04/Dockerfile | 14 --
platform/crossbuild/ubuntu-22.04/Cross.toml | 17 --
platform/crossbuild/ubuntu-22.04/Dockerfile | 14 --
platform/debian/Makefile | 27 ----
platform/debian/README.md | 2 +
platform/debian/build_kanidm.sh | 149 ------------------
platform/debian/interactive_entrypoint.sh | 19 ---
platform/debian/kanidm-unixd/control | 14 --
platform/debian/kanidm-unixd/rules | 105 ------------
platform/debian/kanidm/control | 14 --
platform/debian/kanidm/rules | 54 -------
platform/debian/kanidm_ppa_automation | 1 +
platform/debian/kanidmd/control | 14 --
platform/debian/kanidmd/postinst | 34 ----
platform/debian/kanidmd/rules | 73 ---------
platform/debian/packaging/compat | 1 -
platform/debian/packaging/copyright | 8 -
platform/debian/packaging/postrm.ex | 24 ---
platform/debian/packaging/preinst | 36 -----
platform/debian/packaging/prerm.ex | 28 ----
platform/debian/packaging/source/format | 1 -
platform/debian/packaging/templates/changelog | 5 -
platform/debian/packaging/watch.ex | 38 -----
platform/debian/simple_pkg.sh | 79 ----------
platform/debian/ubuntu_docker_builder.sh | 26 ---
scripts/install_ubuntu_dependencies.sh | 27 +++-
.../daemon/debian/daemon.kanidmd.service | 0
tools/cli/Cargo.toml | 15 ++
.../kanidm => tools/cli/debian}/postinst | 0
unix_integration/nss_kanidm/Cargo.toml | 23 +++
unix_integration/pam_kanidm/Cargo.toml | 26 +++
.../pam_kanidm/debian}/kanidm.pam | 0
unix_integration/resolver/Cargo.toml | 32 ++++
...kanidm_unix_int.kanidm-unixd-tasks.service | 0
.../kanidm_unix_int.kanidm-unixd.service | 0
.../resolver/debian}/postinst | 14 +-
.../resolver/debian}/prerm | 2 +
47 files changed, 244 insertions(+), 1039 deletions(-)
delete mode 100644 .github/workflows/debian_package_kanidm.yml
create mode 100644 .gitmodules
create mode 100644 examples/kanidm-safe-default
create mode 100644 examples/unixd-safe-default
delete mode 100644 platform/crossbuild/README.md
delete mode 100755 platform/crossbuild/build.sh
delete mode 100644 platform/crossbuild/ubuntu-20.04/Cross.toml
delete mode 100644 platform/crossbuild/ubuntu-20.04/Dockerfile
delete mode 100644 platform/crossbuild/ubuntu-22.04/Cross.toml
delete mode 100644 platform/crossbuild/ubuntu-22.04/Dockerfile
delete mode 100644 platform/debian/Makefile
create mode 100644 platform/debian/README.md
delete mode 100755 platform/debian/build_kanidm.sh
delete mode 100755 platform/debian/interactive_entrypoint.sh
delete mode 100644 platform/debian/kanidm-unixd/control
delete mode 100755 platform/debian/kanidm-unixd/rules
delete mode 100644 platform/debian/kanidm/control
delete mode 100755 platform/debian/kanidm/rules
create mode 160000 platform/debian/kanidm_ppa_automation
delete mode 100644 platform/debian/kanidmd/control
delete mode 100644 platform/debian/kanidmd/postinst
delete mode 100755 platform/debian/kanidmd/rules
delete mode 100644 platform/debian/packaging/compat
delete mode 100644 platform/debian/packaging/copyright
delete mode 100644 platform/debian/packaging/postrm.ex
delete mode 100755 platform/debian/packaging/preinst
delete mode 100755 platform/debian/packaging/prerm.ex
delete mode 100644 platform/debian/packaging/source/format
delete mode 100644 platform/debian/packaging/templates/changelog
delete mode 100644 platform/debian/packaging/watch.ex
delete mode 100755 platform/debian/simple_pkg.sh
delete mode 100755 platform/debian/ubuntu_docker_builder.sh
rename platform/debian/systemd/kanidmd.service => server/daemon/debian/daemon.kanidmd.service (100%)
rename {platform/debian/kanidm => tools/cli/debian}/postinst (100%)
rename {platform/debian/kanidm-unixd => unix_integration/pam_kanidm/debian}/kanidm.pam (100%)
rename platform/debian/systemd/kanidm-unixd-tasks.service => unix_integration/resolver/debian/kanidm_unix_int.kanidm-unixd-tasks.service (100%)
rename platform/debian/systemd/kanidm-unixd.service => unix_integration/resolver/debian/kanidm_unix_int.kanidm-unixd.service (100%)
rename {platform/debian/kanidm-unixd => unix_integration/resolver/debian}/postinst (50%)
rename {platform/debian/kanidm-unixd => unix_integration/resolver/debian}/prerm (85%)
diff --git a/.github/workflows/debian_package_kanidm.yml b/.github/workflows/debian_package_kanidm.yml
deleted file mode 100644
index f19abbbfd..000000000
--- a/.github/workflows/debian_package_kanidm.yml
+++ /dev/null
@@ -1,85 +0,0 @@
----
-name: "Build Deb Packages"
-
-"on":
- push:
- pull_request:
-
-env:
- SCCACHE_GHA_ENABLED: "true"
- RUSTC_WRAPPER: "sccache"
-
-concurrency:
- group: ${{ github.workflow }}-${{ github.ref }}
- cancel-in-progress: true
-jobs:
- build-deb-package:
- name: Build deb packages
- strategy:
- matrix:
- image:
- - name: ubuntu
- version: 22.04
- - name: debian
- version: 12
- fail-fast: false
- runs-on: ubuntu-latest
- container:
- image: "${{ matrix.image.name }}:${{ matrix.image.version }}"
- env:
- DEBIAN_FRONTEND: noninteractive
- steps:
- - name: Checkout
- uses: actions/checkout@v4
- - name: install curl
- run: |
- apt-get update && apt-get install -y curl
- - name: Setup sccache
- uses: mozilla-actions/sccache-action@v0.0.6
- with:
- version: "v0.4.2"
- - name: Install Rust
- uses: dtolnay/rust-toolchain@stable
- - name: Install dependencies
- run: |
- scripts/install_ubuntu_dependencies.sh
- - name: Install wasm-pack
- run: cargo install wasm-pack
- - name: Build packages (kanidm-unixd)
- run: make -f platform/debian/Makefile debs/kanidm-unixd
- - name: Build packages (kanidm)
- run: make -f platform/debian/Makefile debs/kanidm
-
- - name: Upload debs
- uses: actions/upload-artifact@v4
- with:
- name: "${{ matrix.image.name }}${{ matrix.image.version }}"
- path: |
- target/*.deb
- upload-to-releases:
- permissions:
- # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
- contents: write # allows the action to create a release
-
- name: Upload to releases
- needs: build-deb-package
- runs-on: ubuntu-latest
- steps:
- - name: Download previously built debs
- uses: actions/download-artifact@v4
- with:
- path: debs
- merge-multiple: true
- - name: List packages
- run: |
- find $(pwd) -name '*.deb'
- # TODO: This action is old and falling apart and will soon stop working.
- # Context: https://github.com/marvinpinto/action-automatic-releases/pull/2
- - uses: "marvinpinto/action-automatic-releases@latest"
- with:
- repo_token: "${{ secrets.GITHUB_TOKEN }}"
- automatic_release_tag: "debs"
- prerelease: true
- title: ".deb Packages"
- files: "debs/*.deb"
- if: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 000000000..137eadc65
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "platform/debian/kanidm_ppa_automation"]
+ path = platform/debian/kanidm_ppa_automation
+ url = https://github.com/kanidm/kanidm_ppa_automation
diff --git a/book/src/integrations/pam_and_nsswitch.md b/book/src/integrations/pam_and_nsswitch.md
index 70c68e66e..59a27d9fe 100644
--- a/book/src/integrations/pam_and_nsswitch.md
+++ b/book/src/integrations/pam_and_nsswitch.md
@@ -151,6 +151,4 @@ Documentation examples for the following Linux distributions are available:
- [SUSE / OpenSUSE](pam_and_nsswitch/suse.md)
- [Fedora](pam_and_nsswitch/fedora.md)
-- Debian / Ubuntu - when one generates packages
- [from the repository tools](https://github.com/kanidm/kanidm/tree/master/platform/debian),
- configuration is modified on install.
+- Debian / Ubuntu - Installed with the packages from [kanidm/kanidm_ppa](https://kanidm.github.io/kanidm_ppa/).
diff --git a/book/src/packaging/debian_ubuntu_packaging.md b/book/src/packaging/debian_ubuntu_packaging.md
index fdeb53f6c..b5ef68203 100644
--- a/book/src/packaging/debian_ubuntu_packaging.md
+++ b/book/src/packaging/debian_ubuntu_packaging.md
@@ -2,40 +2,86 @@
## Building packages
-This happens in Docker currently, and here's some instructions for doing it for Ubuntu:
+- Debian packaging is complex enough that it lives in a separate repository:
+[kanidm/kanidm_ppa_automation](https://github.com/kanidm/kanidm_ppa_automation).
+- While official packages are available at https://kanidm.github.io/kanidm_ppa/ these instructions will guide you
+through replicating the same process locally, using [cross](https://github.com/cross-rs/cross) & Docker to isolate the build process
+from your normal computer and allow building packages for multiple architectures.
+- While the examples below will use `aarch64-unknown-linux-gnu` aka `arm64`,
+the same process works for `x86_64-unknown-linux-gnu` aka `amd64` as well.
-1. Start in the root directory of the repository.
-2. Run `./platform/debian/ubuntu_docker_builder.sh` This'll start a container, mounting the
- repository in `~/kanidm/` and installing dependencies via
- `./scripts/install_ubuntu_dependencies.sh`.
-3. Building packages uses make, get a list by running `make -f ./platform/debian/Makefile help`
-4. So if you wanted to build the package for the Kanidm CLI, run
- `make -f ./platform/debian/Makefile debs/kanidm`.
-5. The package will be copied into the `target` directory of the repository on the docker host - not
- just in the container.
+1. Start in the root directory of the main [kanidm/kanidm](https://github.com/kanidm/kanidm) repository.
+1. Install cross:
+ ```shell
+ cargo install cross
+ ```
+1. Pull in the separate deb packaging submodule:
+ ```shell
+ git submodule update platform/debian/kanidm_ppa_automation
+ ```
+1. Launch your desired crossbuild target. Do note the script assumes you use rustup!
+ ```shell
+ # See valid targets:
+ platform/debian/kanidm_ppa_automation/scripts/crossbuild.sh
+ # Launch a target:
+ platform/debian/kanidm_ppa_automation/scripts/crossbuild.sh debian-12-aarch64-unknown-linux-gnu
+ # You can also specify multiple targets within the same distribution:
+ platform/debian/kanidm_ppa_automation/scripts/crossbuild.sh debian-12-{aarch64,x86_64}-unknown-linux-gnu
+ ```
+1. Go get a drink of your choice while the build completes.
+1. Create a sacrificial deb builder container to avoid changing your own system:
+ ```shell
+ docker run --rm -it -e CI=true \
+ --mount "type=bind,src=$PWD,target=/src" \
+ --workdir /src \
+ rust:bookworm
+ ```
+1. In the container install dependencies with:
+ ```shell
+ # The parameter given is which additional target debian architecture to enable (amd64, arm64, etc.)
+ # If your native platform is amd64, running with arm64 is enough to cover both archs.
+ platform/debian/kanidm_ppa_automation/scripts/install_ci_build_dependencies.sh arm64
+ ```
+1. In the container launch the deb build:
+ ```shell
+ platform/debian/kanidm_ppa_automation/scripts/build_debs.sh aarch64-unknown-linux-gnu
+ # Again, multiple targets also work:
+ platform/debian/kanidm_ppa_automation/scripts/build_debs.sh {aarch64,x86_64}-unknown-linux-gnu
+ ```
+1. You can now exit the container, the package paths displayed at the end under `target` will
+ persist.
-## Adding a package
+## Adding or amending a deb package
+The rough overview of steps is:
+1. Add cargo-deb specific metadata to the rust package and any static assets. Submit your changes as
+ a PR.
+2. Add build instructions to the separate packaging repo. Submit your changes as a PR.
+3. Go back to the main repo to update the packaging submodule reference to aid running manual dev
+ builds of the new package.
-There's a set of default configuration files in `packaging/`; if you want to add a package
-definition, add a folder with the package name and then files in there will be copied over the top
-of the ones from `packaging/` on build.
+In theory steps 1 & 3 could be done in one PR, but this way is simpler.
-You'll need two custom files at minimum:
+### Configuration in the main repo
+- The repo is: [kanidm/kanidm](https://github.com/kanidm/kanidm)
+- Packages are primarily based on their package specific `Cargo.toml` definition read by `cargo-deb`. For
+an example, see `unix_integration/resolver/Cargo.toml`
+- A package specific `debian` folder is used for static assets. See: `unix_integration/resolver/debian` for an example.
+- The debian folder may house needed `postinst`, `prerm` etc hook definitions. They must include the `#DEBHELPER#` comment after any custom actions.
+- The package debian folder is also used for any systemd unit files. The file naming pattern is very specific, refer to `cargo-deb` documentation for details.
-- `control` - a file containing information about the package.
-- `rules` - a makefile doing all the build steps.
-
-There's a lot of other files that can go into a .deb, some handy ones are:
-
-| Filename | What it does |
-| -------- | ------------------------------------------------------------------------ |
-| preinst | Runs before installation occurs |
-| postrm | Runs after removal happens |
-| prerm | Runs before removal happens - handy to shut down services. |
-| postinst | Runs after installation occurs - we're using that to show notes to users |
-
-## Some Debian packaging links
-
-- [DH reference](https://www.debian.org/doc/manuals/maint-guide/dreq.en.html) - Explains what needs
- to be done for packaging (mostly).
-- [Reference for what goes in control files](https://www.debian.org/doc/debian-policy/ch-controlfields)
+### Configuration in the kanidm_ppa_automation repo
+- The repo is: [kanidm/kanidm_ppa_automation](https://github.com/kanidm/kanidm_ppa_automation)
+- Changes are needed if a new binary and/or package is added, or if build time dependencies change.
+- Amend `scripts/crossbuild.sh` build rules to include new binaries or packages with shared
+libraries. Search for the lines starting with `cross build`.
+- Add any new build time system dependencies to `scripts/install_ci_build_dependencies.sh`, be aware
+ of any difference in package names between Debian & Ubuntu.
+- Add any new packages to `scripts/build_debs.sh`, search for the line starting with `for package in`.
+- Finally, once your changes have been approved go back to the main `kanidm/kanidm` repo and update the submodule reference and PR the reference update. This is not needed for official builds but helps anyone doing dev builds themselves:
+ ```shell
+ cd platform/debian/kanidm_ppa_automation
+ git pull
+ cd -
+ git add platform/debian/kanidm_ppa_automation
+ git commit -m "Update kanidm_ppa_automation reference to latest"
+ ```
diff --git a/book/src/packaging/ppa_packages.md b/book/src/packaging/ppa_packages.md
index 02e72eaf4..16a7d37cf 100644
--- a/book/src/packaging/ppa_packages.md
+++ b/book/src/packaging/ppa_packages.md
@@ -1,11 +1,12 @@
# PPA Packages
-This pulls the packages from the Kanidm
-[debs releases](https://github.com/kanidm/kanidm/releases/tag/debs) and makes a package archive for
-“nightly” packages. Packages are distributed for the latest LTS versions, Ubuntu 22.04 & Debian 12.
+- This builds packages from the [main Kanidm repository](https://github.com/kanidm/kanidm) and makes a package archive for “nightly” packages.
+Stable packages are intended to be introduced soon which will require repeating updated instructions
+here.
+- Packages are distributed for the latest LTS versions, Ubuntu 22.04 & Debian 12.
-Please note that while the commands below should also work on other Ubuntu-based distributions, we
-cannot ensure their compatibility with PPA. Pop OS, for example, would require an altered setup in
+- Please note that while the commands below should also work on other Ubuntu-based distributions, we
+cannot ensure their compatibility. Pop OS, for example, would require an altered setup in
line with their [instructions](https://support.system76.com/articles/ppa-third-party/).
## Adding it to your system
@@ -46,8 +47,8 @@ sudo apt update
## Listing Packages
-Use `apt-cache` to list the packages available:
+Use `apt search` to list the packages available:
```bash
-apt-cache search kanidm
+apt search kanidm
```
diff --git a/examples/kanidm-safe-default b/examples/kanidm-safe-default
new file mode 100644
index 000000000..9a06b5c14
--- /dev/null
+++ b/examples/kanidm-safe-default
@@ -0,0 +1,7 @@
+## Kanidm minimal Service Configuration - /etc/kanidm/config
+# For a full example and documentation, see /usr/share/kanidm/kanidm
+# or `example/kanidm` in the source repository.
+
+# Replace this with your kanidmd URI and uncomment the line
+#uri = "https://idm.example.com"
+verify_ca = true
diff --git a/examples/unixd-safe-default b/examples/unixd-safe-default
new file mode 100644
index 000000000..b231f4cd1
--- /dev/null
+++ b/examples/unixd-safe-default
@@ -0,0 +1,17 @@
+## Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
+# For a full example and documentation, see /usr/share/kanidm-unixd/unixd
+# or `example/unixd` in the source repository.
+
+version = '2'
+
+# default_shell = "/bin/sh"
+
+# home_attr = "uuid"
+# home_alias = "spn"
+# use_etc_skel = false
+
+
+# Defines a set of POSIX groups where membership of any of these groups
+# will be allowed to login via PAM.
+# Replace your group below and uncomment this line:
+#pam_allowed_login_groups = ["your_posix_login_group"]
diff --git a/platform/crossbuild/README.md b/platform/crossbuild/README.md
deleted file mode 100644
index 4be5da457..000000000
--- a/platform/crossbuild/README.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# Cross-building things using cargo cross
-
-Here be dragons.
-
-1. Get a drink. You'l need it.
-2. Install [cargo-cross](https://github.com/cross-rs/cross)
-3. Drink the drink.
-
-## Building Ubuntu 20.04 things
-
-Make sure you're including `--release` because reasons.
-
-```shell
-CROSS_CONFIG=platform/crossbuild/ubuntu-20.04/Cross.toml \
- cross build --target aarch64-unknown-linux-gnu \
- --bin kanidm_unixd \
- --bin kanidm_unixd_tasks \
- --bin kanidm_ssh_authorizedkeys \
- --bin kanidm-unix \
- --release
-```
-
-Things will end up in `./target/aarch64-unknown-linux-gnu/release/`
-
-## Building Ubuntu 22.04 things
-
-Make sure you're including `--release` because reasons.
-
-```shell
-CROSS_CONFIG=platform/crossbuild/ubuntu-22.04/Cross.toml \
- cross build --target aarch64-unknown-linux-gnu \
- --bin kanidm_unixd \
- --bin kanidm_unixd_tasks \
- --bin kanidm_ssh_authorizedkeys \
- --bin kanidm-unix \
- --release
-```
-
-Things will end up in `./target/aarch64-unknown-linux-gnu/release/`
diff --git a/platform/crossbuild/build.sh b/platform/crossbuild/build.sh
deleted file mode 100755
index 38f686fb8..000000000
--- a/platform/crossbuild/build.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ -z "$1" ]; then
- echo "Usage: $0 target_os"
- if [ -d ./platform ]; then
- echo "Options:"
- find platform/crossbuild -type d -maxdepth 1 -mindepth 1 | awk -F'/' '{print $NF}' | sort
- fi
- exit 1
-fi
-
-if [ ! -d "platform/crossbuild/$1" ]; then
- echo "Could not find platform/crossbuild/$1"
- exit 1
-fi
-
-TARGET_DIR="./target/$1"
-
-echo "Recreating then building to ${TARGET_DIR}"
-rm -rf "${TARGET_DIR}"
-mkdir -p "${TARGET_DIR}"
-
-CROSS_CONFIG="platform/crossbuild/${1}/Cross.toml" \
- cross build --target aarch64-unknown-linux-gnu \
- --bin kanidm_unixd \
- --bin kanidm_unixd_tasks \
- --bin kanidm_ssh_authorizedkeys \
- --bin kanidm-unix \
- --release
-CROSS_CONFIG="platform/crossbuild/${1}/Cross.toml" \
- cross build --target aarch64-unknown-linux-gnu \
- -p pam_kanidm \
- -p nss_kanidm \
- --release
-
-find "./target/aarch64-unknown-linux-gnu/release/" -maxdepth 1 \
- -type f -not -name '*.d' \
- -name 'kanidm*' \
- -exec mv "{}" "${TARGET_DIR}/" \;
-
-find "./target/aarch64-unknown-linux-gnu/release/" -maxdepth 1 \
- -name '*kanidm*.so' \
- -exec mv "{}" "${TARGET_DIR}/" \;
-# find "${TARGET_DIR}" -name '*.d' -delete
-
-echo "Contents of ${TARGET_DIR}"
-find "${TARGET_DIR}" -type f
diff --git a/platform/crossbuild/ubuntu-20.04/Cross.toml b/platform/crossbuild/ubuntu-20.04/Cross.toml
deleted file mode 100644
index b0e37ef65..000000000
--- a/platform/crossbuild/ubuntu-20.04/Cross.toml
+++ /dev/null
@@ -1,18 +0,0 @@
-[build.env]
-
-
-[target.aarch64-unknown-linux-gnu]
-dockerfile = "platform/crossbuild/ubuntu-20.04/Dockerfile"
-pre-build = [
- "TZ=UTC ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone",
-
- "apt-get update && apt-get install --assume-yes libssl-dev build-essential",
-
- # "sed 's/^deb http/deb [arch=amd64] http/' -i '/etc/apt/sources.list'",
- # "echo 'deb [arch=arm64] http://au.archive.ubuntu.com/pub/ubuntu/ports jammy main restricted universe multiverse' >> /etc/apt/sources.list",
- # "echo 'deb [arch=arm64] http://au.archive.ubuntu.com/pub/ubuntu/ports jammy-updates main restricted universe multiverse' >> /etc/apt/sources.list",
- # "echo 'deb [arch=arm64] http://au.archive.ubuntu.com/pub/ubuntu/ports jammy-backports main restricted universe multiverse' >> /etc/apt/sources.list",do
-
- "dpkg --add-architecture $CROSS_DEB_ARCH",
- "apt-get update && apt-get install --assume-yes libssl-dev:$CROSS_DEB_ARCH libpam0g-dev:$CROSS_DEB_ARCH libudev-dev:$CROSS_DEB_ARCH pkg-config:$CROSS_DEB_ARCH",
-]
diff --git a/platform/crossbuild/ubuntu-20.04/Dockerfile b/platform/crossbuild/ubuntu-20.04/Dockerfile
deleted file mode 100644
index f70d7910d..000000000
--- a/platform/crossbuild/ubuntu-20.04/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-FROM ubuntu:20.04
-ARG DEBIAN_FRONTEND=noninteractive
-
-RUN apt-get update && apt-get install --assume-yes --no-install-recommends \
- g++-aarch64-linux-gnu \
- libc6-dev-arm64-cross
-
-ENV CROSS_TOOLCHAIN_PREFIX=aarch64-linux-gnu-
-ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER="$CROSS_TOOLCHAIN_PREFIX"gcc \
- AR_aarch64_unknown_linux_gnu="$CROSS_TOOLCHAIN_PREFIX"ar \
- CC_aarch64_unknown_linux_gnu="$CROSS_TOOLCHAIN_PREFIX"gcc \
- CXX_aarch64_unknown_linux_gnu="$CROSS_TOOLCHAIN_PREFIX"g++ \
- RUST_TEST_THREADS=1 \
- PKG_CONFIG_PATH="/usr/lib/aarch64-linux-gnu/pkgconfig/:${PKG_CONFIG_PATH}"
\ No newline at end of file
diff --git a/platform/crossbuild/ubuntu-22.04/Cross.toml b/platform/crossbuild/ubuntu-22.04/Cross.toml
deleted file mode 100644
index 8fa52cbab..000000000
--- a/platform/crossbuild/ubuntu-22.04/Cross.toml
+++ /dev/null
@@ -1,17 +0,0 @@
-[build.env]
-
-[target.aarch64-unknown-linux-gnu]
-dockerfile = "platform/crossbuild/ubuntu-22.04/Dockerfile"
-pre-build = [
- "TZ=UTC ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone",
-
- "apt-get update && apt-get install --assume-yes rsync libssl-dev build-essential",
-
- "sed 's/^deb http/deb [arch=amd64] http/' -i '/etc/apt/sources.list'",
- "echo 'deb [arch=arm64] http://au.archive.ubuntu.com/pub/ubuntu/ports jammy main restricted universe multiverse' >> /etc/apt/sources.list",
- "echo 'deb [arch=arm64] http://au.archive.ubuntu.com/pub/ubuntu/ports jammy-updates main restricted universe multiverse' >> /etc/apt/sources.list",
- "echo 'deb [arch=arm64] http://au.archive.ubuntu.com/pub/ubuntu/ports jammy-backports main restricted universe multiverse' >> /etc/apt/sources.list",
-
- "dpkg --add-architecture $CROSS_DEB_ARCH",
- "apt-get update && apt-get install --assume-yes libssl-dev:$CROSS_DEB_ARCH libpam0g-dev:$CROSS_DEB_ARCH libudev-dev:$CROSS_DEB_ARCH pkg-config:$CROSS_DEB_ARCH",
-]
diff --git a/platform/crossbuild/ubuntu-22.04/Dockerfile b/platform/crossbuild/ubuntu-22.04/Dockerfile
deleted file mode 100644
index a8079f894..000000000
--- a/platform/crossbuild/ubuntu-22.04/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-FROM ubuntu:22.04
-ARG DEBIAN_FRONTEND=noninteractive
-
-RUN apt-get update && apt-get install --assume-yes --no-install-recommends \
- g++-aarch64-linux-gnu \
- libc6-dev-arm64-cross
-
-ENV CROSS_TOOLCHAIN_PREFIX=aarch64-linux-gnu-
-ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER="$CROSS_TOOLCHAIN_PREFIX"gcc \
- AR_aarch64_unknown_linux_gnu="$CROSS_TOOLCHAIN_PREFIX"ar \
- CC_aarch64_unknown_linux_gnu="$CROSS_TOOLCHAIN_PREFIX"gcc \
- CXX_aarch64_unknown_linux_gnu="$CROSS_TOOLCHAIN_PREFIX"g++ \
- RUST_TEST_THREADS=1 \
- PKG_CONFIG_PATH="/usr/lib/aarch64-linux-gnu/pkgconfig/:${PKG_CONFIG_PATH}"
\ No newline at end of file
diff --git a/platform/debian/Makefile b/platform/debian/Makefile
deleted file mode 100644
index f124b5964..000000000
--- a/platform/debian/Makefile
+++ /dev/null
@@ -1,27 +0,0 @@
-ARCH ?= $(shell dpkg --print-architecture)
-
-
-.DEFAULT: help
-
-.PHONY: help
-help:
- @fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##/\n\t/'
-
-.PHONY: debs/kanidm
-debs/kanidm: ## Build the Kanidm CLI package - make sure you set the environment variable KANIDM_BUILD_PROFILE
-debs/kanidm:
- ARCH=$(ARCH) bash ./platform/debian/build_kanidm.sh kanidm
-
-.PHONY: debs/kanidmd
-debs/kanidmd: ## Build the Kanidmd package - make sure you set the environment variable KANIDM_BUILD_PROFILE
-debs/kanidmd:
- ARCH=$(ARCH) bash ./platform/debian/build_kanidm.sh kanidmd
-
-.PHONY: debs/kanidm-unixd
-debs/kanidm-unixd: ## Build the Kanidm UNIX tools package (PAM/NSS, unixd and related tools) - make sure you set the environment variable KANIDM_BUILD_PROFILE
-debs/kanidm-unixd:
- ARCH=$(ARCH) bash ./platform/debian/build_kanidm.sh kanidm-unixd
-
-.PHONY: debs/all
-debs/all: ## Build all the .deb packages - make sure you set the environment variable KANIDM_BUILD_PROFILE
-debs/all: debs/kanidmd debs/kanidm debs/kanidm-unixd
diff --git a/platform/debian/README.md b/platform/debian/README.md
new file mode 100644
index 000000000..d4c2678cc
--- /dev/null
+++ b/platform/debian/README.md
@@ -0,0 +1,2 @@
+Debian packaging has moved to its own repo, see https://github.com/kanidm/kanidm_ppa_automation.
+The separate repo is however included here as a git submodule to facilitate ad-hoc dev builds. See the relevant [Kanidm Book chapter](https://kanidm.github.io/kanidm/stable/packaging/debian_ubuntu_packaging.html) for more detailed instructions.
diff --git a/platform/debian/build_kanidm.sh b/platform/debian/build_kanidm.sh
deleted file mode 100755
index 8e0ae9d4c..000000000
--- a/platform/debian/build_kanidm.sh
+++ /dev/null
@@ -1,149 +0,0 @@
-#!/usr/bin/bash
-
-# you can skip the dependency install by setting the env var SKIP_DEPS=1
-
-set -e
-
-if [ -z "${ARCH}" ]; then
- ARCH="$(dpkg --print-architecture)"
-fi
-
-if [[ "${ARCH}" != "$(dpkg --print-architecture)" ]]; then
- echo "${ARCH} != $(dpkg --print-architecture), cross-compiling!"
- export PKG_CONFIG_ALLOW_CROSS=1
-else
- echo "Building for ${ARCH}"
-fi
-
-
-if [ -z "$1" ]; then
- PACKAGE="kanidm"
-else
- PACKAGE="$1"
-fi
-
-if [ ! -d "./platform/debian/${PACKAGE}" ]; then
- echo "Can't find packaging files for ${PACKAGE}"
- exit 1
-fi
-
-echo "Building ${PACKAGE}"
-
-
-SOURCE_DIR="$(cargo metadata --format-version 1 | jq -r .workspace_root)"
-
-echo "Source dir ${SOURCE_DIR}"
-
-if [ ! -d "${SOURCE_DIR}" ]; then
- echo "Can't find source dir ${SOURCE_DIR}!"
- exit 1
-fi
-
-BUILD_DIR="$(mktemp -d)"
-
-if [ -z "${SKIP_DEPS}" ]; then
- PACKAGING=1 ./scripts/install_ubuntu_dependencies.sh
-else
- echo "SKIP_DEPS configured, skipping install of rust and packages"
-fi
-
-if [ -f "${HOME}/.cargo/env" ]; then
- # shellcheck disable=SC1091
- source "${HOME}/.cargo/env"
-else
- echo "Couldn't find cargo env in ${HOME}/.cargo/env that seems weird?"
-fi
-
-# if we can't find cargo then need to update the path
-if [ "$(which cargo | wc -l)" -eq 0 ]; then
- if echo "$PATH" | grep -q '.cargo/bin'; then
- echo "Updating path to include local cargo dir"
- export PATH="$HOME/.cargo/bin:$PATH"
- if [ "$(which cargo | wc -l)" -eq 0 ]; then
- echo "Still couldn't find cargo, bailing!"
- exit 1
- fi
- fi
-fi
-
-# this assumes the versions are in lock-step, which is fine at the moment.
-# Debian is picky about dashes in version strings, so a bit of conversion
-# is needed for the first one to prevent interference.
-KANIDM_VERSION="$(grep -ioE 'version.*' Cargo.toml | head -n1 | awk '{print $NF}' | tr -d '"' | sed -e 's/-/~/')"
-
-# if we're in a github action, then it's easy to get the commit
-if [ -n "${GITHUB_SHA}" ]; then
- GIT_HEAD="${GITHUB_SHA}"
-else
- GIT_HEAD="$(git rev-parse HEAD)"
-fi
-
-# we only want the short commit
-GIT_COMMIT="${GIT_HEAD:0:7}"
-DATESTR="$(date +%Y%m%d%H%M)"
-
-
-# Due to previous version schemes we need to increment epoch above the default 0,
-# to supercede old versions before the change.
-EPOCH=1
-
-# GitHub Actions forces NTFS compatibility which disallows colons in filenames
-# ergo, we do not include the epoch in the filename.
-FILENAME="${KANIDM_VERSION}~${DATESTR}+${GIT_COMMIT}"
-PACKAGE_VERSION="${EPOCH}:${FILENAME}"
-
-echo "Deb package Version: ${PACKAGE_VERSION}"
-
-echo "Updating package dir"
-rm -rf "${BUILD_DIR:?}/*"
-
-echo "Copying source files from ${SOURCE_DIR} to ${BUILD_DIR}"
-rsync -a \
- --exclude target \
- "${SOURCE_DIR}/" \
- "${BUILD_DIR}/"
-
-echo "Copying the debian-specific build files"
-cd "${BUILD_DIR}"
-pwd
-ls -la
-rm -rf debian && mkdir -p debian
-cp -R platform/debian/packaging/* debian/
-
-if [ -d "platform/debian/${PACKAGE}/" ]; then
- echo "Copying debian-specific files for ${PACKAGE}"
- # shellcheck disable=SC2086
- cp platform/debian/${PACKAGE}/* debian/
-else
- echo "No package-specific files were found"
-fi
-
-echo "Setting permissions on debian scripts"
-find "./debian/" -name 'pre*' -ls -exec chmod 755 "{}" \;
-find "./debian/" -name 'rules' -ls -exec chmod 755 "{}" \;
-
-
-echo "Updating changelog"
-
-sed -E \
- "s/#DATE#/$(date -R)/" \
- platform/debian/packaging/templates/changelog | \
- sed -E "s/#VERSION#/${PACKAGE_VERSION}/" | \
- sed -E "s/#GIT_COMMIT#/${GIT_COMMIT}/" | \
- sed -E "s/#PACKAGE#/${PACKAGE}/" > debian/changelog
-
-echo "Running clean"
-# debian/rules clean
-
-echo "Running build"
-debian/rules build
-
-echo "Packaging ${PACKAGE}"
-fakeroot debian/rules binary
-
-echo "Moving debs to target/"
-mkdir -p "${SOURCE_DIR}/target/"
-find ../ -maxdepth 1 -name '*.deb' -exec mv "{}" "${SOURCE_DIR}/target/" \;
-
-echo "Done, packages:"
-find "${SOURCE_DIR}/target/" -maxdepth 1 -name '*.deb'
diff --git a/platform/debian/interactive_entrypoint.sh b/platform/debian/interactive_entrypoint.sh
deleted file mode 100755
index 595b9f643..000000000
--- a/platform/debian/interactive_entrypoint.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-if [ -z "${TZ}" ]; then
- export TZ="UTC"
-fi
-
-ln -snf "/usr/share/zoneinfo/$TZ" "/etc/localtime" && echo "$TZ" > /etc/timezone
-
-# Install dependencies, for example make!
-scripts/install_ubuntu_dependencies.sh
-
-# Make git happy
-git config --global --add safe.directory /root/kanidm
-
-echo "To launch a deb build, try:"
-echo "make -f ./platform/debian/Makefile debs/kanidm"
-
-# Launch shell
-exec /bin/bash "$@"
diff --git a/platform/debian/kanidm-unixd/control b/platform/debian/kanidm-unixd/control
deleted file mode 100644
index 0f5683375..000000000
--- a/platform/debian/kanidm-unixd/control
+++ /dev/null
@@ -1,14 +0,0 @@
-Source: kanidm-unixd
-Section: admin
-Priority: optional
-Maintainer: James Hodgkinson <james@terminaloutcomes.com>
-Build-Depends: debhelper (>=10), libpam0g-dev, libudev-dev, libssl-dev, pkg-config, cargo, make
-Standards-Version: 4.6.0
-Homepage: https://kanidm.com
-Vcs-Git: https://github.com/kanidm/kanidm/
-Rules-Requires-Root: no
-
-Package: kanidm-unixd
-Architecture: any
-Depends: tpm-udev
-Description: Kanidm Unix Tools
diff --git a/platform/debian/kanidm-unixd/rules b/platform/debian/kanidm-unixd/rules
deleted file mode 100755
index ea9177b91..000000000
--- a/platform/debian/kanidm-unixd/rules
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/usr/bin/make -f
-# See debhelper(7) (uncomment to enable)
-include /usr/share/dpkg/architecture.mk
-# be REALLY noisy
-export DH_VERBOSE=1
-export DH_OPTIONS=-v
-
-export DEB_BUILD_OPTIONS=noautodbgsym
-PACKAGE=kanidm-unixd
-PKGDIR=debian/${PACKAGE}
-BINDIR=${PKGDIR}/usr/sbin/
-LIBDIR=${PKGDIR}/lib/${DEB_HOST_MULTIARCH}
-SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
-PAMDIR=${PKGDIR}/usr/share/pam-configs/
-DISTRIBUTOR_ID=$(shell lsb_release -is)
-DISTRIBUTOR_RELEASE=$(shell lsb_release -rs)
-DISTRIBUTOR=$(DISTRIBUTOR_ID)_$(DISTRIBUTOR_RELEASE)
-
-# GitHub enforces NTFS compatible filenames for artifacts so we need to drop the EPOCH field
-DEB_VERSION_FULL=$(shell dpkg-parsechangelog --show-field Version | sed -E 's/^[0-9]+://')
-
-%:
- dh $@ --with systemd
-
-override_dh_auto_clean:
-
-override_dh_autoreconf:
-
-override_dh_auto_build:
- # this runs "make -- release/${PACKAGE} release/kanidm-ssh"
- KANIDM_BUILD_PROFILE=release_linux dh_auto_build -- release/${PACKAGE} release/kanidm-ssh
-
-override_dh_auto_test:
-override_dh_shlibdeps:
-override_dh_strip:
-
-# Do the systemd things
-override_dh_installinit:
- install -g root -o root \
- platform/debian/systemd/${PACKAGE}.service \
- debian/
- dh_systemd_enable -p${PACKAGE} --name=${PACKAGE} ${PACKAGE}.service
- dh_installinit -p${PACKAGE} --no-start --noscripts
- dh_systemd_start -p${PACKAGE} --no-restart-on-upgrade
-
- install -g root -o root \
- platform/debian/systemd/${PACKAGE}-tasks.service \
- debian/
- dh_systemd_enable -p${PACKAGE} --name=${PACKAGE}-tasks ${PACKAGE}-tasks.service
- dh_installinit -p${PACKAGE} --name=${PACKAGE}-tasks --no-start --noscripts
- dh_systemd_start -p${PACKAGE} --name=${PACKAGE}-tasks --no-restart-on-upgrade
-
-override_dh_systemd_start:
- echo "Not running dh_systemd_start"
-
-override_dh_auto_install:
- mkdir -p ${BINDIR}
- mkdir -p ${PAMDIR}
- mkdir -p ${LIBDIR}/security
- install \
- -g root -o root \
- target/release/kanidm_ssh_authorizedkeys \
- ${BINDIR}
- install \
- -g root -o root \
- target/release/kanidm_ssh_authorizedkeys_direct \
- ${BINDIR}
- install \
- -g root -o root \
- target/release/kanidm_unixd \
- ${BINDIR}
- install \
- -g root -o root \
- target/release/kanidm-unix \
- ${BINDIR}
- install \
- -g root -o root \
- target/release/kanidm_unixd_tasks \
- ${BINDIR}
- install \
- -g root -o root \
- target/release/libpam_kanidm.so \
- ${LIBDIR}/security/pam_kanidm.so
- install \
- -g root -o root \
- target/release/libnss_kanidm.so \
- ${LIBDIR}/libnss_kanidm.so.2
- install \
- -g root -o root -m 644 \
- debian/kanidm.pam \
- ${PAMDIR}/kanidm
-
-override_dh_installexamples:
- mkdir -p ${SHARED_DIR}
- install -D \
- -g root -o root \
- examples/kanidm \
- ${SHARED_DIR}/
- install -D \
- -g root -o root \
- examples/unixd \
- ${SHARED_DIR}/
-
-override_dh_builddeb:
- dh_builddeb --filename ${PACKAGE}_${DISTRIBUTOR}_${DEB_VERSION_FULL}_${DEB_HOST_GNU_CPU}.deb
diff --git a/platform/debian/kanidm/control b/platform/debian/kanidm/control
deleted file mode 100644
index f1e404466..000000000
--- a/platform/debian/kanidm/control
+++ /dev/null
@@ -1,14 +0,0 @@
-Source: kanidm
-Section: admin
-Priority: optional
-Maintainer: James Hodgkinson <james@terminaloutcomes.com>
-Build-Depends: debhelper (>=10), libpam0g-dev, libudev-dev, libssl-dev, pkg-config, cargo, make
-Standards-Version: 4.6.0
-Homepage: https://kanidm.com
-Vcs-Git: https://github.com/kanidm/kanidm/
-Rules-Requires-Root: no
-
-Package: kanidm
-Architecture: any
-Depends:
-Description: Kanidm CLI Tooling
diff --git a/platform/debian/kanidm/rules b/platform/debian/kanidm/rules
deleted file mode 100755
index 50e4bca2f..000000000
--- a/platform/debian/kanidm/rules
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/usr/bin/make -f
-# See debhelper(7) (uncomment to enable)
-
-include /usr/share/dpkg/architecture.mk
-# be REALLY noisy
-export DH_VERBOSE=1
-export DH_OPTIONS=-v
-
-export DEB_BUILD_OPTIONS=noautodbgsym
-PACKAGE=kanidm
-PKGDIR=debian/${PACKAGE}
-BINDIR=${PKGDIR}/usr/bin/
-SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
-DISTRIBUTOR_ID=$(shell lsb_release -is)
-DISTRIBUTOR_RELEASE=$(shell lsb_release -rs)
-DISTRIBUTOR=$(DISTRIBUTOR_ID)_$(DISTRIBUTOR_RELEASE)
-
-#GitHub enforces NTFS compatible filenames for artifacts so we need to drop the EPOCH field
-DEB_VERSION_FULL=$(shell dpkg-parsechangelog --show-field Version | sed -E 's/^[0-9]+://')
-
-%:
- dh $@
-
-override_dh_auto_clean:
-
-override_dh_auto_configure:
-
-override_dh_auto_build:
- KANIDM_BUILD_PROFILE=release_linux dh_auto_build -- release/${PACKAGE}
-
-override_dh_auto_test:
-override_dh_shlibdeps:
-override_dh_strip:
-
-override_dh_auto_install:
- mkdir -p ${BINDIR}
- install -D \
- -g root \
- -o root \
- --mode 755 \
- target/release/kanidm \
- ${BINDIR}
-
-override_dh_installexamples:
- mkdir -p ${SHARED_DIR}
- install -D \
- -g root \
- -o root \
- --mode 644 \
- examples/config \
- ${SHARED_DIR}/kanidm
-
-override_dh_builddeb:
- dh_builddeb --filename ${PACKAGE}_${DISTRIBUTOR}_${DEB_VERSION_FULL}_${DEB_HOST_GNU_CPU}.deb
diff --git a/platform/debian/kanidm_ppa_automation b/platform/debian/kanidm_ppa_automation
new file mode 160000
index 000000000..942c7b69c
--- /dev/null
+++ b/platform/debian/kanidm_ppa_automation
@@ -0,0 +1 @@
+Subproject commit 942c7b69ca807cc38186b63ab02a391bac9eac7e
diff --git a/platform/debian/kanidmd/control b/platform/debian/kanidmd/control
deleted file mode 100644
index e8c004abc..000000000
--- a/platform/debian/kanidmd/control
+++ /dev/null
@@ -1,14 +0,0 @@
-Source: kanidmd
-Section: admin
-Priority: optional
-Maintainer: James Hodgkinson <james@terminaloutcomes.com>
-Build-Depends: debhelper (>=10), libpam0g-dev, libudev-dev, libssl-dev, pkg-config, cargo, make
-Standards-Version: 4.6.0
-Homepage: https://kanidm.com
-Vcs-Git: https://github.com/kanidm/kanidm/
-Rules-Requires-Root: no
-
-Package: kanidmd
-Architecture: any
-Depends:
-Description: Kanidm Daemon
diff --git a/platform/debian/kanidmd/postinst b/platform/debian/kanidmd/postinst
deleted file mode 100644
index 7874e6c4d..000000000
--- a/platform/debian/kanidmd/postinst
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-# postinst script for kanidmd
-#
-# see: dh_installdeb(1)
-
-set -e
-
-
-case "$1" in
- configure)
- if [ ! -f /etc/kanidm/config ]; then
- echo "============================="
- echo "Thanks for installing Kanidm!"
- echo "============================="
- echo "Please ensure you create a configuration file at /etc/kanidm/server.toml"
- echo "An example is in /usr/share/kanidmd/"
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/platform/debian/kanidmd/rules b/platform/debian/kanidmd/rules
deleted file mode 100755
index e5dbf938a..000000000
--- a/platform/debian/kanidmd/rules
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/usr/bin/make -f
-# See debhelper(7) (uncomment to enable)
-
-include /usr/share/dpkg/architecture.mk
-# be REALLY noisy
-export DH_VERBOSE=1
-export DH_OPTIONS=-v
-
-export DEB_BUILD_OPTIONS=noautodbgsym
-
-export DEB_BUILD_OPTIONS=noautodbgsym
-PACKAGE=kanidmd
-PKGDIR=debian/${PACKAGE}
-BINDIR=${PKGDIR}/usr/sbin/
-SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
-DISTRIBUTOR_ID=$(shell lsb_release -is)
-DISTRIBUTOR_RELEASE=$(shell lsb_release -rs)
-DISTRIBUTOR=$(DISTRIBUTOR_ID)_$(DISTRIBUTOR_RELEASE)
-
-#GitHub enforces NTFS compatible filenames for artifacts so we need to drop the EPOCH field
-DEB_VERSION_FULL=$(shell dpkg-parsechangelog --show-field Version | sed -E 's/^[0-9]+://')
-
-%:
- dh $@ --with systemd
-
-override_dh_auto_clean:
-# cargo clean
-
-override_dh_autoreconf:
-
-override_dh_auto_build:
- KANIDM_BUILD_PROFILE=release_linux dh_auto_build -- release/${PACKAGE}
-
-override_dh_auto_test:
-override_dh_shlibdeps:
-override_dh_strip:
-
-
-# Do the systemd things
-override_dh_installinit:
- install -g root -o root \
- platform/debian/systemd/${PACKAGE}.service \
- debian/
- dh_systemd_enable -p${PACKAGE} --name=${PACKAGE} ${PACKAGE}.service
- dh_installinit -p${PACKAGE} --no-start --noscripts
- dh_systemd_start -p${PACKAGE} --no-restart-on-upgrade
-
-override_dh_systemd_start:
- echo "Not running dh_systemd_start"
-
-override_dh_auto_install:
- mkdir -p ${BINDIR}
- install \
- -g root -o root \
- target/release/kanidmd \
- ${BINDIR}
- mkdir -p ${PKGDIR}/usr/share/kanidm/ui/
- cp -R server/web_ui/pkg ${PKGDIR}/usr/share/kanidm/ui/
-
-override_dh_installexamples:
- mkdir -p ${SHARED_DIR}
- install -D \
- -g root -o root \
- examples/kanidm \
- ${SHARED_DIR}/
- install -D \
- -g root -o root \
- --mode=644 \
- examples/server.toml \
- ${SHARED_DIR}/
-
-override_dh_builddeb:
- dh_builddeb --filename ${PACKAGE}_${DISTRIBUTOR}_${DEB_VERSION_FULL}_${DEB_HOST_GNU_CPU}.deb
diff --git a/platform/debian/packaging/compat b/platform/debian/packaging/compat
deleted file mode 100644
index 9a037142a..000000000
--- a/platform/debian/packaging/compat
+++ /dev/null
@@ -1 +0,0 @@
-10
\ No newline at end of file
diff --git a/platform/debian/packaging/copyright b/platform/debian/packaging/copyright
deleted file mode 100644
index 2eecd9ef9..000000000
--- a/platform/debian/packaging/copyright
+++ /dev/null
@@ -1,8 +0,0 @@
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: kanidm
-Upstream-Contact: James Hodgkinson <james@terminaloutcomes.com>
-Source: https://github.com/kanidm/kanidm
-
-Files: *
-Copyright: 2018- William Brown <william@blackhats.net.au>
-License: Mozilla Public License Version 2.0
diff --git a/platform/debian/packaging/postrm.ex b/platform/debian/packaging/postrm.ex
deleted file mode 100644
index c80e5a6bb..000000000
--- a/platform/debian/packaging/postrm.ex
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-# postrm script for kanidm
-# rename this to remove the .ex to make it usable.
-#
-# see: dh_installdeb(1)
-
-set -e
-
-case "$1" in
- purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/platform/debian/packaging/preinst b/platform/debian/packaging/preinst
deleted file mode 100755
index 83366ff27..000000000
--- a/platform/debian/packaging/preinst
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-# preinst script for kanidm-1.1.0-alpha.8-202207110454
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <new-preinst> `install'
-# * <new-preinst> `install' <old-version>
-# * <new-preinst> `upgrade' <old-version>
-# * <old-preinst> `abort-upgrade' <new-version>
-# for details, see https://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- install|upgrade)
- mkdir -p /etc/kanidm/
- ;;
-
- abort-upgrade)
- ;;
-
- *)
- echo "preinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/platform/debian/packaging/prerm.ex b/platform/debian/packaging/prerm.ex
deleted file mode 100755
index e859e23b5..000000000
--- a/platform/debian/packaging/prerm.ex
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-# prerm script for kanidm
-# rename this to remove the .ex to make it usable.
-#
-# see: dh_installdeb(1)
-
-set -e
-
-
-case "$1" in
- remove|upgrade|deconfigure)
- ;;
-
- failed-upgrade)
- ;;
-
- *)
- echo "prerm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/platform/debian/packaging/source/format b/platform/debian/packaging/source/format
deleted file mode 100644
index 163aaf8d8..000000000
--- a/platform/debian/packaging/source/format
+++ /dev/null
@@ -1 +0,0 @@
-3.0 (quilt)
diff --git a/platform/debian/packaging/templates/changelog b/platform/debian/packaging/templates/changelog
deleted file mode 100644
index 825555f32..000000000
--- a/platform/debian/packaging/templates/changelog
+++ /dev/null
@@ -1,5 +0,0 @@
-#PACKAGE# (#VERSION#) UNRELEASED; urgency=medium
-
- * Updated to git commit #GIT_COMMIT#
-
- -- James <james@terminaloutcomes.com> #DATE#
diff --git a/platform/debian/packaging/watch.ex b/platform/debian/packaging/watch.ex
deleted file mode 100644
index 10814f858..000000000
--- a/platform/debian/packaging/watch.ex
+++ /dev/null
@@ -1,38 +0,0 @@
-# Example watch control file for uscan
-# Rename this file to "watch" and then you can run the "uscan" command
-# to check for upstream updates and more.
-# See uscan(1) for format
-
-# Compulsory line, this is a version 4 file
-version=4
-
-# PGP signature mangle, so foo.tar.gz has foo.tar.gz.sig
-#opts="pgpsigurlmangle=s%$%.sig%"
-
-# HTTP site (basic)
-#http://example.com/downloads.html \
-# files/kanidm-1.1.0-alpha.8-202207110454-([\d\.]+)\.tar\.gz debian uupdate
-
-# Uncomment to examine an FTP server
-#ftp://ftp.example.com/pub/kanidm-1.1.0-alpha.8-202207110454-(.*)\.tar\.gz debian uupdate
-
-# SourceForge hosted projects
-# http://sf.net/kanidm-1.1.0-alpha.8-202207110454/ kanidm-1.1.0-alpha.8-202207110454-(.*)\.tar\.gz debian uupdate
-
-# GitHub hosted projects
-#opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%<project>-$1.tar.gz%" \
-# https://github.com/<user>/kanidm-1.1.0-alpha.8-202207110454/tags \
-# (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
-
-# PyPI
-# https://pypi.debian.net/kanidm-1.1.0-alpha.8-202207110454/kanidm-1.1.0-alpha.8-202207110454-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
-
-# Direct Git
-# opts="mode=git" http://git.example.com/kanidm-1.1.0-alpha.8-202207110454.git \
-# refs/tags/v([\d\.]+) debian uupdate
-
-
-
-
-# Uncomment to find new files on GooglePages
-# http://example.googlepages.com/foo.html kanidm-1.1.0-alpha.8-202207110454-(.*)\.tar\.gz
diff --git a/platform/debian/simple_pkg.sh b/platform/debian/simple_pkg.sh
deleted file mode 100755
index cc7430e35..000000000
--- a/platform/debian/simple_pkg.sh
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/bin/env bash
-
-set -xe
-
-## NOTE this is based on the Arch Linux PKGBUILD. It combines kanidm_tools, unixd and ssh
-# as well as the systemd services. This is a simple alternative for building a tarball for
-# use on debian based systems (tested on ubuntu 22.04).
-
-pushd "$( dirname -- "$0"; )/../../"
-
-pkgdir=$(realpath kanidm_simple_pkg)
-rm -rf "$pkgdir"
-mkdir -p "$pkgdir"
-
-# build the project
-make release/kanidm release/kanidm-unixd release/kanidm-ssh
-
-# enable the following block to include deployment specific configuration files
-if [ "${INCLUDE_CONFIG}" -eq 1 ]; then
- mkdir -p deployment-config
-
- # Customize the following heredocs according to the deployment
- cat << EOF > deployment-config/config
-uri = "https://idm.example.com"
-verify_ca = true
-verify_hostnames = true
-EOF
-
- cat << EOF > deployment-config/unixd
-pam_allowed_login_groups = [""]
-EOF
-
- install -Dm644 deployment-config/config "${pkgdir}/etc/kanidm/config"
- install -Dm644 deployment-config/unixd "${pkgdir}/etc/kanidm/unixd"
-
-fi
-
-# This is for allowing login via PAM. It needs to be enabled using `pam-auth-update`
-install -Dm644 platform/debian/kanidm-unixd/kanidm-unixd.pam "${pkgdir}/usr/share/pam-configs/kanidm-unixd"
-
-# Install kanidm cli
-install -Dm755 target/release/kanidm "${pkgdir}/usr/local/sbin/kanidm"
-install -Dm644 target/release/build/completions/_kanidm "${pkgdir}/usr/share/zsh/site-functions/_kanidm"
-install -Dm644 target/release/build/completions/kanidm.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm.sh"
-
-# Install systemd service files
-install -Dm644 examples/systemd/kanidm-unixd.service "${pkgdir}/usr/lib/systemd/system/kanidm-unixd.service"
-install -Dm644 examples/systemd/kanidm-unixd-tasks.service "${pkgdir}/usr/lib/systemd/system/kanidm-unixd-tasks.service"
-
-# NB., the debian style lib dir and security dir
-install -Dm755 target/release/libnss_kanidm.so "${pkgdir}/usr/lib/x86_64-linux-gnu/libnss_kanidm.so.2"
-install -Dm755 target/release/libpam_kanidm.so "${pkgdir}/usr/lib/x86_64-linux-gnu/security/pam_kanidm.so"
-
-# install kanidm unix utilities
-install -Dm755 target/release/kanidm_ssh_authorizedkeys "${pkgdir}/usr/local/sbin/kanidm_ssh_authorizedkeys"
-install -Dm755 target/release/kanidm_ssh_authorizedkeys_direct "${pkgdir}/usr/local/sbin/kanidm_ssh_authorizedkeys_direct"
-install -Dm755 target/release/kanidm_unixd "${pkgdir}/usr/local/sbin/kanidm_unixd"
-install -Dm755 target/release/kanidm-unix "${pkgdir}/usr/local/sbin/kanidm-unix"
-install -Dm755 target/release/kanidm_unixd_tasks "${pkgdir}/usr/local/sbin/kanidm_unixd_tasks"
-
-# Install Bash and ZSH completions
-install -Dm644 target/release/build/completions/_kanidm_ssh_authorizedkeys_direct "${pkgdir}/usr/share/zsh/site-functions/_kanidm_ssh_authorizedkeys_direct"
-install -Dm644 target/release/build/completions/_kanidm_cache_clear "${pkgdir}/usr/share/zsh/site-functions/_kanidm_cache_clear"
-install -Dm644 target/release/build/completions/_kanidm_cache_invalidate "${pkgdir}/usr/share/zsh/site-functions/_kanidm_cache_invalidate"
-install -Dm644 target/release/build/completions/_kanidm_ssh_authorizedkeys "${pkgdir}/usr/share/zsh/site-functions/_kanidm_ssh_authorizedkeys"
-
-install -Dm644 target/release/build/completions/kanidm_ssh_authorizedkeys_direct.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_ssh_authorizedkeys_direct.sh"
-install -Dm644 target/release/build/completions/kanidm_cache_clear.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_cache_clear.sh"
-install -Dm644 target/release/build/completions/kanidm_cache_invalidate.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_cache_invalidate.sh"
-install -Dm644 target/release/build/completions/kanidm_ssh_authorizedkeys.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_ssh_authorizedkeys.sh"
-
-tar cvzf "kanidm-client-tools.tar.gz" -C "$pkgdir" .
-
-# extract the package in root, enable and run the systemd services and then setup nsswitch according to the docs
-# and run pam-auth-update. You may also want to setup the ssh config. It's wise to leave a root console open until
-# you've confirmed pam-auth-update worked so you don't lock yourself out.
-
-popd
-
diff --git a/platform/debian/ubuntu_docker_builder.sh b/platform/debian/ubuntu_docker_builder.sh
deleted file mode 100755
index 5a9876285..000000000
--- a/platform/debian/ubuntu_docker_builder.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-
-# Starts a ubuntu docker container with the source code mounted
-
-if [ -z "${KANIDM_CONTAINER}" ]; then
- KANIDM_CONTAINER="ubuntu:latest"
-fi
-
-if [ "$(basename "$(pwd)")" != "kanidm" ]; then
- echo "Please run this from the root dir of the repo"
- exit 1
-fi
-
-echo "Starting base ubuntu container"
-echo "Repository is in ~/kanidm/"
-
-# shellcheck disable=SC2068
-# shellcheck disable=SC2086
-docker run --rm -it $KANIDM_BUILDER_OPTIONS \
- -e "INSTALL_RUST=1" \
- -e "PACKAGING=1" \
- -e "TZ=UTC" \
- -v "$(pwd):/root/kanidm/" \
- --workdir "/root/kanidm/" \
- --entrypoint "/root/kanidm/platform/debian/interactive_entrypoint.sh" \
- "${KANIDM_CONTAINER}" $@
diff --git a/scripts/install_ubuntu_dependencies.sh b/scripts/install_ubuntu_dependencies.sh
index 5cb8f72c3..385f70b8e 100755
--- a/scripts/install_ubuntu_dependencies.sh
+++ b/scripts/install_ubuntu_dependencies.sh
@@ -27,11 +27,22 @@ if [ -z "${PACKAGING}" ]; then
fi
if [ "${PACKAGING}" -eq 1 ]; then
+ # Install packages needed for cargo-deb to build healthy debs for any supported target
+ # This works in Debian, but not in Ubuntu because they do multiarch weird.
+ # It would be too invasive to config a daily driver Ubuntu install for multiarch,
+ # so instead we don't, and just warn.
+ source /etc/os-release
+ if [[ "$ID" == "ubuntu" ]]; then
+ 2>&1 echo "You're running Ubuntu, so we're skipping enabling multiarch for you because it would be too invasive. You won't be able to build valid debs for other than your native architecture."
${SUDOCMD} apt-get install -y \
- devscripts \
- fakeroot \
- dh-make \
- debmake
+ libpam0g \
+ libssl3
+ elif [[ "$ID" == "debian" ]]; then
+ ${SUDOCMD} dpkg --add-architecture arm64 && ${SUDOCMD} apt-get update
+ ${SUDOCMD} apt-get install -y \
+ libpam0g:{amd64,arm64} \
+ libssl3:{amd64,arm64}
+ fi
export INSTALL_RUST=1
fi
@@ -68,6 +79,14 @@ if [ $ERROR -eq 0 ] && [ -z "$(which wasm-bindgen)" ]; then
echo "You don't have wasm-bindgen installed! Installing it now..."
cargo install -f wasm-bindgen-cli
fi
+if [ $ERROR -eq 0 ] && [ -z "$(which cross)" ]; then
+ echo "You don't have cross installed! Installing it now..."
+ cargo install -f cross
+fi
+if [ $ERROR -eq 0 ] && [ -z "$(which cargo-deb)" ]; then
+ echo "You don't have cargo-deb installed! Installing it now..."
+ cargo install -f cargo-deb
+fi
if [ $ERROR -eq 1 ]; then
diff --git a/platform/debian/systemd/kanidmd.service b/server/daemon/debian/daemon.kanidmd.service
similarity index 100%
rename from platform/debian/systemd/kanidmd.service
rename to server/daemon/debian/daemon.kanidmd.service
diff --git a/tools/cli/Cargo.toml b/tools/cli/Cargo.toml
index c69789108..2bbb5b229 100644
--- a/tools/cli/Cargo.toml
+++ b/tools/cli/Cargo.toml
@@ -77,3 +77,18 @@ features = ["win10"]
[target."cfg(not(any(target_os = \"windows\")))".dependencies.webauthn-authenticator-rs]
workspace = true
features = ["u2fhid"]
+
+## Debian packaging
+[package.metadata.deb]
+name = "kanidm"
+maintainer = "James Hodgkinson <james@terminaloutcomes.com>"
+# Can't use $auto depends because the name of libssl3 varies by distro and version
+depends = ["libc6", "libudev1", "libssl3 | libssl3t64"]
+section = "admin"
+priority = "optional"
+changelog = "../../target/debian/changelog" # Generated by packaging scripts
+assets = [
+ [ "target/release/kanidm", "usr/bin/", "755" ],
+ [ "../../examples/config", "usr/share/kanidm/", "444" ],
+]
+maintainer-scripts = "debian/"
diff --git a/platform/debian/kanidm/postinst b/tools/cli/debian/postinst
similarity index 100%
rename from platform/debian/kanidm/postinst
rename to tools/cli/debian/postinst
diff --git a/unix_integration/nss_kanidm/Cargo.toml b/unix_integration/nss_kanidm/Cargo.toml
index a452b3236..0f145d3fb 100644
--- a/unix_integration/nss_kanidm/Cargo.toml
+++ b/unix_integration/nss_kanidm/Cargo.toml
@@ -1,5 +1,6 @@
[package]
name = "nss_kanidm"
+description = "Kanidm NSS module"
version = { workspace = true }
authors = { workspace = true }
@@ -23,3 +24,25 @@ libc = { workspace = true }
paste = { workspace = true }
lazy_static = { workspace = true }
+## Debian packaging
+# The base metadata does **not** work to build a functioning package!
+# A target specific variant must be used to get the right multiarch path.
+[package.metadata.deb]
+name = "libnss-kanidm"
+maintainer = "James Hodgkinson <james@terminaloutcomes.com>"
+depends = ""
+section = "network"
+priority = "optional"
+assets = [
+ # Empty on purpose
+]
+
+[package.metadata.deb.variants.aarch64-unknown-linux-gnu]
+merge-assets.append = [
+ [ "target/release/libnss_kanidm.so", "usr/lib/aarch64-linux-gnu/libnss_kanidm.so.2", "644"],
+]
+
+[package.metadata.deb.variants.x86_64-unknown-linux-gnu]
+merge-assets.append = [
+ [ "target/release/libnss_kanidm.so", "usr/lib/x86_64-linux-gnu/libnss_kanidm.so.2", "644"],
+]
diff --git a/unix_integration/pam_kanidm/Cargo.toml b/unix_integration/pam_kanidm/Cargo.toml
index bd0b6d6a2..9d32d528d 100644
--- a/unix_integration/pam_kanidm/Cargo.toml
+++ b/unix_integration/pam_kanidm/Cargo.toml
@@ -1,5 +1,6 @@
[package]
name = "pam_kanidm"
+description = "Kanidm PAM module"
links = "pam"
version = { workspace = true }
@@ -23,3 +24,28 @@ tracing = { workspace = true }
[build-dependencies]
pkg-config = { workspace = true }
+
+## Debian packaging
+# The base metadata does **not** work to build a functioning package!
+# A target specific variant must be used to get the right multiarch path.
+[package.metadata.deb]
+name = "libpam-kanidm"
+maintainer = "James Hodgkinson <james@terminaloutcomes.com>"
+depends = ["libc6", "libpam0g"]
+section = "network"
+priority = "optional"
+assets = [
+ # Empty on purpose
+]
+
+[package.metadata.deb.variants.aarch64-unknown-linux-gnu]
+merge-assets.append = [
+ [ "target/release/libpam_kanidm.so", "usr/lib/aarch64-linux-gnu/security/pam_kanidm.so", "644"],
+ [ "debian/kanidm.pam", "usr/share/pam-configs/kanidm", "644"],
+]
+
+[package.metadata.deb.variants.x86_64-unknown-linux-gnu]
+merge-assets.append = [
+ [ "target/release/libpam_kanidm.so", "usr/lib/x86_64-linux-gnu/security/pam_kanidm.so", "644"],
+ [ "debian/kanidm.pam", "usr/share/pam-configs/kanidm", "644"],
+]
diff --git a/platform/debian/kanidm-unixd/kanidm.pam b/unix_integration/pam_kanidm/debian/kanidm.pam
similarity index 100%
rename from platform/debian/kanidm-unixd/kanidm.pam
rename to unix_integration/pam_kanidm/debian/kanidm.pam
diff --git a/unix_integration/resolver/Cargo.toml b/unix_integration/resolver/Cargo.toml
index f4f9c8e2a..75e7b2df9 100644
--- a/unix_integration/resolver/Cargo.toml
+++ b/unix_integration/resolver/Cargo.toml
@@ -110,3 +110,35 @@ kanidmd_testkit = { workspace = true }
clap = { workspace = true, features = ["derive"] }
clap_complete = { workspace = true }
kanidm_build_profiles = { workspace = true }
+
+## Debian packaging
+# We only package unixd itself here as shared libraries must be packaged separarately due to multiarch rules.
+[package.metadata.deb]
+name = "kanidm-unixd"
+maintainer = "James Hodgkinson <james@terminaloutcomes.com>"
+# Can't use $auto depends because the name of libssl3 varies by distro and version
+depends = [
+ "libc6",
+ "tpm-udev",
+ "libssl3 | libssl3t64",
+ "libpam-kanidm",
+ "libnss-kanidm"
+]
+section = "network"
+priority = "optional"
+changelog = "../../target/debian/changelog" # Generated by platform/debian/build_debs.sh
+assets = [
+ [ "target/release/kanidm_ssh_authorizedkeys", "usr/sbin/", "755" ],
+ [ "target/release/kanidm_unixd_tasks", "usr/sbin/", "755" ],
+ [ "target/release/kanidm_unixd", "usr/sbin/", "755" ],
+ [ "target/release/kanidm-unix", "usr/sbin/", "755" ],
+ [ "../../examples/unixd-safe-default", "etc/kanidm/unixd", "644" ],
+ [ "../../examples/kanidm-safe-default", "etc/kanidm/config", "644" ],
+ [ "../../examples/kanidm", "usr/share/kanidm-unixd/", "444" ],
+ [ "../../examples/unixd", "usr/share/kanidm-unixd/", "444" ],
+]
+maintainer-scripts = "debian/"
+systemd-units = [
+ { unit-name = "kanidm-unixd", enable = true},
+ { unit-name = "kanidm-unixd-tasks", enable = true},
+]
diff --git a/platform/debian/systemd/kanidm-unixd-tasks.service b/unix_integration/resolver/debian/kanidm_unix_int.kanidm-unixd-tasks.service
similarity index 100%
rename from platform/debian/systemd/kanidm-unixd-tasks.service
rename to unix_integration/resolver/debian/kanidm_unix_int.kanidm-unixd-tasks.service
diff --git a/platform/debian/systemd/kanidm-unixd.service b/unix_integration/resolver/debian/kanidm_unix_int.kanidm-unixd.service
similarity index 100%
rename from platform/debian/systemd/kanidm-unixd.service
rename to unix_integration/resolver/debian/kanidm_unix_int.kanidm-unixd.service
diff --git a/platform/debian/kanidm-unixd/postinst b/unix_integration/resolver/debian/postinst
similarity index 50%
rename from platform/debian/kanidm-unixd/postinst
rename to unix_integration/resolver/debian/postinst
index ddd9c2d2a..cc7c10be6 100644
--- a/platform/debian/kanidm-unixd/postinst
+++ b/unix_integration/resolver/debian/postinst
@@ -9,14 +9,12 @@ set -e
case "$1" in
configure)
pam-auth-update --package
- if [ ! -f /etc/kanidm/config ]; then
- echo "============================="
- echo "Thanks for installing Kanidm!"
- echo "============================="
- echo "Please ensure you create configuration files at /etc/kanidm/unixd and /etc/kanidm/config"
- echo "Examples are in /usr/share/kanidm-unixd/"
- echo "To configure nsswitch, please follow instructions in https://kanidm.github.io/kanidm/master/integrations/pam_and_nsswitch.html"
- fi
+ echo "============================="
+ echo "Thanks for installing Kanidm!"
+ echo "============================="
+ echo "Please ensure you modify the configuration files at /etc/kanidm/unixd and /etc/kanidm/config"
+ echo "Full examples are in /usr/share/kanidm-unixd/"
+ echo "To configure nsswitch, please follow instructions in https://kanidm.github.io/kanidm/master/integrations/pam_and_nsswitch.html"
;;
abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/platform/debian/kanidm-unixd/prerm b/unix_integration/resolver/debian/prerm
similarity index 85%
rename from platform/debian/kanidm-unixd/prerm
rename to unix_integration/resolver/debian/prerm
index 40f7ccf10..e6eed62c1 100644
--- a/platform/debian/kanidm-unixd/prerm
+++ b/unix_integration/resolver/debian/prerm
@@ -1,3 +1,5 @@
if [ "$1" = remove ]; then
pam-auth-update --package --remove kanidm
fi
+
+#DEBHELPER#