mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

.deb packaging config and scripting (#920)

Browse source 
* working on debian builds again
* github actions tweaks
* fixed a ref in the build script
* updating makefile targets to include build profile env
* updates to docs and makefiles
This commit is contained in:
James Hodgkinson 2022-07-20 17:21:40 +10:00 committed by GitHub
parent 49fe0249b0
commit b249747e55
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
41 changed files with 1015 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/clippy.yml vendored
View file

@ -18,7 +18,8 @@ jobs:
libpam0g-dev \
libudev-dev \
libssl-dev \
libsqlite3-dev
libsqlite3-dev \
pkg-config
- name: Install Rust
uses: actions-rs/toolchain@v1

41
.github/workflows/debian_package_kanidm.yml vendored Normal file
View file

@ -0,0 +1,41 @@
---
name: "Build Debian Packages"
# yamllint disable-line rule:truthy
on:
push:
pull_request:
jobs:
build-deb-package:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Update package manager
run: sudo apt-get update
- name: Install dependencies
run: |
sudo apt-get install -y \
libpam0g-dev \
libudev-dev \
libssl-dev \
libsqlite3-dev \
pkg-config \
make
- uses: jetli/wasm-pack-action@v0.3.0
with:
# Optional version of wasm-pack to install(eg. 'v0.9.1', 'latest')
version: 'latest'
- name: "Doing the package build"
run: |
make -f platform/debian/Makefile debs/all
- uses: "marvinpinto/action-automatic-releases@latest"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
automatic_release_tag: "latest"
prerelease: true
title: "Ubuntu Packages (20.04)"
files: target/*.deb
if: ${{ github.ref == 'refs/heads/master' }}

10
.github/workflows/docker_build_kanidm.yml vendored
View file

@ -14,14 +14,6 @@ name: Container - Kanidm
jobs:
kanidm_build:
runs-on: ubuntu-latest
continue-on-error: true # yolo
strategy:
fail-fast: false
matrix:
target:
- linux/arm64
- linux/amd64
if: github.event_name == 'push'
steps:
- uses: actions/checkout@v3
- name: Set up QEMU
@ -40,7 +32,7 @@ jobs:
uses: docker/build-push-action@v3
with:
push: ${{ github.ref == 'refs/heads/master' }}
platforms: ${{matrix.target}}
platforms: "linux/amd64"
# https://github.com/docker/build-push-action/issues/254
tags: ghcr.io/kanidm/kanidm:devel
build-args: |

10
.github/workflows/docker_build_kanidmd.yml vendored
View file

@ -14,14 +14,6 @@ name: Container - Kanidmd
jobs:
kanidmd_build:
runs-on: ubuntu-latest
continue-on-error: true # yolo
strategy:
fail-fast: false
matrix:
target:
# - linux/arm64
- linux/amd64
if: github.event_name == 'push'
steps:
- uses: actions/checkout@v3
- name: Set up QEMU
@ -40,7 +32,7 @@ jobs:
uses: docker/build-push-action@v3
with:
push: ${{ github.ref == 'refs/heads/master' }}
platforms: ${{matrix.target}}
platforms: linux/amd64
tags: ghcr.io/kanidm/kanidmd:devel
build-args: |
"KANIDM_BUILD_OPTIONS=-j1"

8
.github/workflows/docker_build_radiusd.yml vendored
View file

@ -14,12 +14,6 @@ name: Container - Radiusd
jobs:
radius_build:
runs-on: ubuntu-latest
strategy:
matrix:
target:
- linux/arm64
- linux/amd64
if: github.event_name == 'push'
steps:
- uses: actions/checkout@v3
- name: Set up QEMU
@ -38,7 +32,7 @@ jobs:
uses: docker/build-push-action@v3
with:
push: ${{ github.ref == 'refs/heads/master' }}
platforms: ${{matrix.target}}
platforms: linux/arm64,linux/amd64
# https://github.com/docker/build-push-action/issues/254
tags: ghcr.io/kanidm/radius:devel
context: .

20
DEVELOPER_README.md
View file

@ -19,6 +19,19 @@ A list of links to the library documentation is at
The MSRV is specified in the package `Cargo.toml` files.
### Build Profiles
Setting different developer profiles while building is done by setting the
environment
variable `KANIDM_BUILD_PROFILE` to one of the bare filename of the TOML files in
`/profiles`.
For example, this will set the CPU flags to "none" and the location for the Web UI files to `/usr/share/kanidm/ui/pkg`:
```shell
KANIDM_BUILD_PROFILE=release_suse_generic cargo build --release --bin kanidmd
```
### Dependencies
#### MacOS
@ -209,13 +222,6 @@ To build for release, run `build_wasm_release.sh`.
The "developer" profile for kanidmd will automatically use the pkg output in this folder.
Setting different developer profiles while building is done by setting the
environment
variable KANIDM_BUILD_PROFILE to one of the bare filename of the TOML files in
`/profiles`.
For example: `KANIDM_BUILD_PROFILE=release_suse_generic cargo build --release --bin kanidmd`
### Build a Kanidm Container
Build a container with the current branch using:

84
Makefile
View file

@ -1,4 +1,4 @@
.PHONY: help build/kanidmd build/radiusd test/kanidmd push/kanidmd push/radiusd vendor-prep doc install-tools prep vendor book clean_book test/pykanidm/pytest test/pykanidm/mypy test/pykanidm/pylint docs/pykanidm/build docs/pykanidm/serve
.PHONY: help build/kanidmd build/radiusd test/kanidmd push/kanidmd push/radiusd vendor-prep doc install-tools prep vendor book clean_book test/pykanidm/pytest test/pykanidm/mypy test/pykanidm/pylint docs/pykanidm/build docs/pykanidm/serve release/kanidm release/kanidmd release/kanidm-unixd debs/all debs/kanidm debs/kanidmd debs/kandim-ssh debs/kandim-unixd
IMAGE_BASE ?= kanidm
IMAGE_VERSION ?= devel
@ -75,6 +75,8 @@ test/radiusd: ## Run a test radius server
test/radiusd: build/radiusd test/radiusd
test:
cargo test
vendor:
cargo vendor
@ -82,33 +84,6 @@ vendor:
vendor-prep: vendor
tar -cJf vendor.tar.xz vendor
doc: ## Build the rust documentation locally
doc:
cargo doc --document-private-items
book:
cargo doc --no-deps
mdbook build kanidm_book
mv ./kanidm_book/book/ ./docs/
mkdir -p ./docs/rustdoc/${BOOK_VERSION}
mv ./target/doc/* ./docs/rustdoc/${BOOK_VERSION}/
book_versioned:
echo "Book version: ${BOOK_VERSION}"
rm -rf ./target/doc
git switch -c "${BOOK_VERSION}"
git pull origin "${BOOK_VERSION}"
cargo doc --no-deps --quiet
mdbook build kanidm_book
mkdir -p ./docs
mv ./kanidm_book/book/ ./docs/${BOOK_VERSION}/
mkdir -p ./docs/${BOOK_VERSION}/rustdoc/
mv ./target/doc/* ./docs/${BOOK_VERSION}/rustdoc/
git switch master
clean_book:
rm -rf ./docs
install-tools: ## install tools in local environment
install-tools:
cd kanidm_tools && cargo install --path . --force
@ -136,6 +111,35 @@ test/pykanidm/mypy:
test/pykanidm: ## run the test suite (mypy/pylint/pytest) for the kanidm python module
test/pykanidm: test/pykanidm/pytest test/pykanidm/mypy test/pykanidm/pylint
########################################################################
doc: ## Build the rust documentation locally
doc:
cargo doc --document-private-items
book:
cargo doc --no-deps
mdbook build kanidm_book
mv ./kanidm_book/book/ ./docs/
mkdir -p ./docs/rustdoc/${BOOK_VERSION}
mv ./target/doc/* ./docs/rustdoc/${BOOK_VERSION}/
book_versioned:
echo "Book version: ${BOOK_VERSION}"
rm -rf ./target/doc
git switch -c "${BOOK_VERSION}"
git pull origin "${BOOK_VERSION}"
cargo doc --no-deps --quiet
mdbook build kanidm_book
mkdir -p ./docs
mv ./kanidm_book/book/ ./docs/${BOOK_VERSION}/
mkdir -p ./docs/${BOOK_VERSION}/rustdoc/
mv ./target/doc/* ./docs/${BOOK_VERSION}/rustdoc/
git switch master
clean_book:
rm -rf ./docs
docs/pykanidm/build: ## Build the mkdocs
docs/pykanidm/build:
cd pykanidm && \
@ -147,3 +151,27 @@ docs/pykanidm/serve:
cd pykanidm && \
poetry install && \
poetry run mkdocs serve
########################################################################
release/kanidm: ## Build the Kanidm CLI - ensure you include the environment variable KANIDM_BUILD_PROFILE
cargo build -p kanidm_tools --bin kanidm --release
release/kanidmd: ## Build the Kanidm daemon - ensure you include the environment variable KANIDM_BUILD_PROFILE
cargo build -p daemon --bin kanidmd --release
release/kanidm-ssh: ## Build the Kanidm SSH tools - ensure you include the environment variable KANIDM_BUILD_PROFILE
cargo build --release \
--bin kanidm_ssh_authorizedkeys \
--bin kanidm_ssh_authorizedkeys_direct
release/kanidm-unixd: ## Build the Kanidm UNIX tools - ensure you include the environment variable KANIDM_BUILD_PROFILE
release/kanidm-unixd:
cargo build -p pam_kanidm --release
cargo build -p nss_kanidm --release
cargo build --release \
--bin kanidm_unixd \
--bin kanidm_unixd_status \
--bin kanidm_unixd_tasks \
--bin kanidm_cache_clear \
--bin kanidm_cache_invalidate

2
insecure_generate_tls.sh
View file

@ -1,5 +1,7 @@
#!/bin/sh
set -e
# you can set the hostname if you want, but it'll default to localhost
if [ -z "$CERT_HOSTNAME" ]; then
CERT_HOSTNAME="localhost"

5
kanidm_book/src/SUMMARY.md
View file

@ -35,3 +35,8 @@
# Integration Examples
- [Kubernetes Ingress](examples/k8s_ingress_example.md)
# Packaging
- [Packaging](packaging.md)
- [Debian/Ubuntu](packaging_debs.md)

16
kanidm_book/src/packaging.md Normal file
View file

@ -0,0 +1,16 @@
# Packaging
Packages are known to exist for the following distributions:
- [Arch Linux](https://aur.archlinux.org/packages?O=0&K=kanidm)
- [OpenSUSE](https://software.opensuse.org/search?baseproject=ALL&q=kanidm)
- [NixOS](https://search.nixos.org/packages?sort=relevance&type=packages&query=kanidm)
To ease packaging for your distribution, the `Makefile` has targets for sets of binary outputs.
| Target | Description |
| --- | --- |
| `release/kanidm` | Kanidm's CLI |
| `release/kanidmd` | The server daemon |
| `release/kanidm-ssh` | SSH-related utilities |
| `release/kanidm-unixd` | UNIX tools, PAM/NSS modules |

51
kanidm_book/src/packaging_debs.md Normal file
View file

@ -0,0 +1,51 @@
# Debian / Ubuntu Packaging
## Building packages
This happens in Docker currently, and here's some instructions for doing it for Ubuntu:
1. Start in the root directory of the repository.
2. Run `./platform/debian/ubuntu_docker_builder.sh` This'll start a container, mounting the repository in `~/kanidm/`.
3. Install the required dependencies by running `./platform/debian/install_deps.sh`.
4. Building packages uses make, get a list by running `make -f ./platform/debian/Makefile help`
```
➜ make -f platform/debian/Makefile help
debs/kanidm:
build a .deb for the Kanidm CLI
debs/kanidmd:
build a .deb for the Kanidm daemon
debs/kanidm-ssh:
build a .deb for the Kanidm SSH tools
debs/kanidm-unixd:
build a .deb for the Kanidm UNIX tools (PAM/NSS, unixd and related tools)
debs/all:
build all the debs
```
5. So if you wanted to build the package for the Kanidm CLI, run `make -f ./platform/debian/Makefile debs/kanidm`.
6. The package will be copied into the `target` directory of the repository on the docker host - not just in the container.
## Adding a package
There's a set of default configuration files in `packaging/`; if you want to add a package definition, add a folder with the package name and then files in there will be copied over the top of the ones from `packaging/` on build.
You'll need two custom files at minimum:
- `control` - a file containing information about the package.
- `rules` - a makefile doing all the build steps.
There's a lot of other files that can go into a .deb, some handy ones are:
| Filename | What it does |
| --- | --- |
| preinst | Runs before installation occurs |
| postrm | Runs after removal happens |
| prerm | Runs before removal happens - handy to shut down services. |
| postinst | Runs after installation occurs - we're using that to show notes to users |
## Some Debian packaging links
* [DH reference](https://www.debian.org/doc/manuals/maint-guide/dreq.en.html) - Explains what needs to be done for packaging (mostly).
* [Reference for what goes in control files](https://www.debian.org/doc/debian-policy/ch-controlfields)

2
kanidmd_web_ui/pkg/kanidmd_web_ui.d.ts vendored
View file

@ -12,7 +12,7 @@ export interface InitOutput {
readonly __wbindgen_malloc: (a: number) => number;
readonly __wbindgen_realloc: (a: number, b: number, c: number) => number;
readonly __wbindgen_export_2: WebAssembly.Table;
readonly _dyn_core__ops__function__Fn__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h8142cf0979e67d24: (a: number, b: number, c: number) => void;
readonly _dyn_core__ops__function__Fn__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hc0b84f4ddf4a8fd2: (a: number, b: number, c: number) => void;
readonly _dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hfed1f3471f1b926f: (a: number, b: number, c: number) => void;
readonly _dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h3b7aa7dd2123cac1: (a: number, b: number, c: number) => void;
readonly __wbindgen_add_to_stack_pointer: (a: number) => number;

92
kanidmd_web_ui/pkg/kanidmd_web_ui.js
View file

@ -2,9 +2,13 @@ import { modal_hide_by_id } from '/pkg/wasmloader.js';
let wasm;
const cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
const heap = new Array(32).fill(undefined);
cachedTextDecoder.decode();
heap.push(undefined, null, true, false);
function getObject(idx) { return heap[idx]; }
let WASM_VECTOR_LEN = 0;
let cachedUint8Memory0;
function getUint8Memory0() {
@ -14,31 +18,6 @@ function getUint8Memory0() {
return cachedUint8Memory0;
}
function getStringFromWasm0(ptr, len) {
return cachedTextDecoder.decode(getUint8Memory0().subarray(ptr, ptr + len));
}
const heap = new Array(32).fill(undefined);
heap.push(undefined, null, true, false);
let heap_next = heap.length;
function addHeapObject(obj) {
if (heap_next === heap.length) heap.push(heap.length + 1);
const idx = heap_next;
heap_next = heap[idx];
if (typeof(heap_next) !== 'number') throw new Error('corrupt heap');
heap[idx] = obj;
return idx;
}
function getObject(idx) { return heap[idx]; }
let WASM_VECTOR_LEN = 0;
const cachedTextEncoder = new TextEncoder('utf-8');
const encodeString = (typeof cachedTextEncoder.encodeInto === 'function'
@ -94,10 +73,6 @@ function passStringToWasm0(arg, malloc, realloc) {
return ptr;
}
function isLikeNone(x) {
return x === undefined || x === null;
}
let cachedInt32Memory0;
function getInt32Memory0() {
if (cachedInt32Memory0.byteLength === 0) {
@ -106,6 +81,31 @@ function getInt32Memory0() {
return cachedInt32Memory0;
}
const cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
cachedTextDecoder.decode();
function getStringFromWasm0(ptr, len) {
return cachedTextDecoder.decode(getUint8Memory0().subarray(ptr, ptr + len));
}
let heap_next = heap.length;
function addHeapObject(obj) {
if (heap_next === heap.length) heap.push(heap.length + 1);
const idx = heap_next;
heap_next = heap[idx];
if (typeof(heap_next) !== 'number') throw new Error('corrupt heap');
heap[idx] = obj;
return idx;
}
function isLikeNone(x) {
return x === undefined || x === null;
}
function _assertBoolean(n) {
if (typeof(n) !== 'boolean') {
throw new Error('expected a boolean argument');
@ -241,7 +241,7 @@ function logError(f, args) {
function __wbg_adapter_30(arg0, arg1, arg2) {
_assertNum(arg0);
_assertNum(arg1);
wasm._dyn_core__ops__function__Fn__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h8142cf0979e67d24(arg0, arg1, addHeapObject(arg2));
wasm._dyn_core__ops__function__Fn__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hc0b84f4ddf4a8fd2(arg0, arg1, addHeapObject(arg2));
}
function makeMutClosure(arg0, arg1, dtor, f) {
@ -367,6 +367,14 @@ async function load(module, imports) {
function getImports() {
const imports = {};
imports.wbg = {};
imports.wbg.__wbindgen_json_serialize = function(arg0, arg1) {
const obj = getObject(arg1);
const ret = JSON.stringify(obj === undefined ? null : obj);
const ptr0 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len0 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len0;
getInt32Memory0()[arg0 / 4 + 0] = ptr0;
};
imports.wbg.__wbindgen_string_new = function(arg0, arg1) {
const ret = getStringFromWasm0(arg0, arg1);
return addHeapObject(ret);
@ -386,14 +394,6 @@ function getImports() {
imports.wbg.__wbg_modalhidebyid_b9efcd5f48cb1c79 = function() { return logError(function (arg0, arg1) {
modal_hide_by_id(getStringFromWasm0(arg0, arg1));
}, arguments) };
imports.wbg.__wbindgen_json_serialize = function(arg0, arg1) {
const obj = getObject(arg1);
const ret = JSON.stringify(obj === undefined ? null : obj);
const ptr0 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len0 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len0;
getInt32Memory0()[arg0 / 4 + 0] = ptr0;
};
imports.wbg.__wbindgen_json_parse = function(arg0, arg1) {
const ret = JSON.parse(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret);
@ -871,16 +871,16 @@ function getImports() {
const ret = wasm.memory;
return addHeapObject(ret);
};
imports.wbg.__wbindgen_closure_wrapper19372 = function() { return logError(function (arg0, arg1, arg2) {
const ret = makeClosure(arg0, arg1, 1308, __wbg_adapter_30);
imports.wbg.__wbindgen_closure_wrapper19416 = function() { return logError(function (arg0, arg1, arg2) {
const ret = makeClosure(arg0, arg1, 1344, __wbg_adapter_30);
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbindgen_closure_wrapper23302 = function() { return logError(function (arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 1333, __wbg_adapter_33);
imports.wbg.__wbindgen_closure_wrapper23348 = function() { return logError(function (arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 1370, __wbg_adapter_33);
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbindgen_closure_wrapper23903 = function() { return logError(function (arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 1359, __wbg_adapter_36);
imports.wbg.__wbindgen_closure_wrapper23799 = function() { return logError(function (arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 1396, __wbg_adapter_36);
return addHeapObject(ret);
}, arguments) };

BIN
kanidmd_web_ui/pkg/kanidmd_web_ui_bg.wasm
View file

Binary file not shown.

2
kanidmd_web_ui/pkg/kanidmd_web_ui_bg.wasm.d.ts vendored
View file

@ -5,7 +5,7 @@ export function run_app(a: number): void;
export function __wbindgen_malloc(a: number): number;
export function __wbindgen_realloc(a: number, b: number, c: number): number;
export const __wbindgen_export_2: WebAssembly.Table;
export function _dyn_core__ops__function__Fn__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h8142cf0979e67d24(a: number, b: number, c: number): void;
export function _dyn_core__ops__function__Fn__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hc0b84f4ddf4a8fd2(a: number, b: number, c: number): void;
export function _dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hfed1f3471f1b926f(a: number, b: number, c: number): void;
export function _dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h3b7aa7dd2123cac1(a: number, b: number, c: number): void;
export function __wbindgen_add_to_stack_pointer(a: number): number;

2
kanidmd_web_ui/src/login.rs
View file

@ -775,7 +775,7 @@ impl Component for LoginApp {
<center>
<img src="/pkg/img/logo-square.svg" alt="Kanidm" class="kanidm_logo"/>
// TODO: replace this with a call to domain info
<h3>{ "Kanidm idm.example.com" } </h3>
<h3>{ "Kanidm" }</h3>
</center>
{ self.view_state(ctx) }
</main>

29
platform/debian/Makefile Normal file
View file

@ -0,0 +1,29 @@
.DEFAULT: help
.PHONY: help
help:
@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##/\n\t/'
.PHONY: debs/kanidm
debs/kanidm: ## Build the Kanidm CLI package - make sure you set the environment variable KANIDM_BUILD_PROFILE
debs/kanidm:
./platform/debian/build_kanidm.sh kanidm
.PHONY: debs/kanidmd
debs/kanidmd: ## Build the Kanidmd package - make sure you set the environment variable KANIDM_BUILD_PROFILE
debs/kanidmd:
./platform/debian/build_kanidm.sh kanidmd
.PHONY: debs/kanidm-ssh
debs/kanidm-ssh: ## Bbuild the Kanidm SSH package - make sure you set the environment variable KANIDM_BUILD_PROFILE
debs/kanidm-ssh:
./platform/debian/build_kanidm.sh kanidm-ssh
.PHONY: debs/kanidm-unixd
debs/kanidm-unixd: ## Build the Kanidm UNIX tools package (PAM/NSS, unixd and related tools) - make sure you set the environment variable KANIDM_BUILD_PROFILE
debs/kanidm-unixd:
./platform/debian/build_kanidm.sh kanidm-unixd
.PHONY: debs/all
debs/all: ## Build all the .deb packages - make sure you set the environment variable KANIDM_BUILD_PROFILE
debs/all: debs/kanidmd debs/kanidm debs/kanidm-ssh debs/kanidm-unixd

116
platform/debian/build_kanidm.sh Executable file
View file

@ -0,0 +1,116 @@
#!/usr/bin/bash
# you can skip the dependency install by setting the env var SKIP_DEPS=1
set -e
if [ -z "$1" ]; then
PACKAGE="kanidm"
else
PACKAGE="$1"
fi
if [ ! -d "./platform/debian/${PACKAGE}" ]; then
echo "Can't find packaging files for ${PACKAGE}"
exit 1
fi
echo "Building ${PACKAGE}"
if [ -n "${GITHUB_WORKSPACE}" ]; then
SOURCE_DIR="${GITHUB_WORKSPACE}"
else
SOURCE_DIR="${HOME}/kanidm"
fi
BUILD_DIR="$HOME/build"
if [ -z "${SKIP_DEPS}" ]; then
if [ "$(whoami)" != "root" ]; then
sudo ./platform/debian/install_deps.sh
else
./platform/debian/install_deps.sh
fi
else
echo "SKIP_DEPS configured, skipping install of rust and packages"
fi
#shellcheck disable=SC1091
source "$HOME/.cargo/env"
# if we can't find cargo then need to update the path
if [ "$(which cargo | wc -l)" -eq 0 ]; then
if echo "$PATH" | grep -q '.cargo/bin'; then
echo "Updating path to include local cargo dir"
export PATH="$HOME/.cargo/bin:$PATH"
fi
fi
# this assumes the versions are in lock-step, which is fine at the moment.s
KANIDM_VERSION="$(grep -ioE 'version.*' kanidm_tools/Cargo.toml | head -n1 | awk '{print $NF}' | tr -d '"')"
# if we're in a github action, then it's easy to get the commit
if [ -n "${GITHUB_SHA}" ]; then
GIT_HEAD="${GITHUB_SHA}"
else
GIT_HEAD="$(git rev-parse HEAD)"
fi
# we only want the short commit
GIT_COMMIT="${GIT_HEAD:0:7}"
DATESTR="$(date +%Y%m%d%H%M)"
PACKAGE_VERSION="${KANIDM_VERSION}-${DATESTR}${GIT_COMMIT}"
echo "Package Version: ${PACKAGE_VERSION}"
echo "Updating package dir"
rm -rf "${BUILD_DIR:?}/*"
echo "Copying source files to ${BUILD_DIR}"
rsync -a \
--exclude target \
"${SOURCE_DIR}" \
"${BUILD_DIR}/"
echo "Copying the debian-specific build files"
cd "${BUILD_DIR}/kanidm"
rm -rf debian && mkdir -p debian
cp -R platform/debian/packaging/* debian/
if [ -d "platform/debian/${PACKAGE}/" ]; then
echo "Copying debian-specific files for ${PACKAGE}"
# shellcheck disable=SC2086
cp platform/debian/${PACKAGE}/* debian/
else
echo "No package-specific files were found"
fi
echo "Setting permissions on debian scripts"
find "./debian/" -name 'pre*' -ls -exec chmod 755 "{}" \;
find "./debian/" -name 'rules' -ls -exec chmod 755 "{}" \;
echo "Updating changelog"
sed -E \
"s/#DATE#/$(date -R)/" \
platform/debian/packaging/templates/changelog | \
sed -E "s/#VERSION#/${PACKAGE_VERSION}/" | \
sed -E "s/#GIT_COMMIT#/${GIT_COMMIT}/" | \
sed -E "s/#PACKAGE#/${PACKAGE}/" > debian/changelog
echo "Running clean"
# debian/rules clean
echo "Running build"
debian/rules build
echo "Packaging ${PACKAGE}"
fakeroot debian/rules binary
echo "Moving debs to target/"
mkdir -p "${SOURCE_DIR}/target/"
find ../ -maxdepth 1 -name '*.deb' -exec mv "{}" "${SOURCE_DIR}/target/" \;
echo "Done, packages:"
find "${SOURCE_DIR}/target/" -maxdepth 1 -name '*.deb'

21
platform/debian/fix_wasm_opt.sh Executable file
View file

@ -0,0 +1,21 @@
#!/bin/bash
# This is a hack to work around the fact that wasm-opt isn't available on
# Linux + aarch64
if [ "$(uname -m)" = "aarch64" ] && [ "$(uname -s)" = "Linux" ]; then
echo "#####################################"
echo " WASM-OPT NOT AVAILABLE"
echo ""
echo " Large WASM ahead."
echo "#####################################"
if [ "$(grep -oE 'wasm-opt.*' kanidmd_web_ui/Cargo.toml | awk '{print $NF}')" != "false" ]; then
echo "Updating kanidmd_web_ui/Cargo.toml to disable wasm-opt"
cat >> kanidmd_web_ui/Cargo.toml <<-EOM
[package.metadata.wasm-pack.profile.release]
wasm-opt = false
EOM
fi
fi

67
platform/debian/install_deps.sh Executable file
View file

@ -0,0 +1,67 @@
#!/usr/bin/env bash
set -e
echo "Updating local packages"
if [ "$(whoami)" == "root" ]; then
apt-get update
else
sudo apt-get update
fi
echo "Installing build dependencies"
if [ "$(whoami)" == "root" ]; then
apt-get install -y \
libpam0g-dev \
libudev-dev \
libssl-dev \
libsqlite3-dev \
pkg-config \
make \
devscripts \
fakeroot \
dh-make \
debmake
else
sudo apt-get install -y \
libpam0g-dev \
libudev-dev \
libssl-dev \
libsqlite3-dev \
pkg-config \
make \
devscripts \
fakeroot \
dh-make \
debmake
fi
if [ -f "$HOME/.cargo/env" ]; then
# shellcheck disable=SC1091
source "$HOME/.cargo/env"
fi
if [ "$(which cargo | wc -l)" -ne 1 ]; then
echo "Installing rust"
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > "$TMPDIR/rustup.sh"
chmod +x "${TMPDIR}/rustup.sh"
"${TMPDIR}/rustup.sh" -y
echo "Done installing rust!"
else
echo "rust already installed!"
fi
if [ "$1" == "kanidmd" ] && [ "$(which wasm-pack | wc -l)" -eq 0 ]; then
echo "Installing wasm-pack"
echo "Downloading script to ~/install-wasm-pack"
curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf > "${HOME}/install-wasm-pack"
chmod +x "${HOME}/install-wasm-pack"
if [ "$(whoami)" == "root" ]; then
"${HOME}/install-wasm-pack"
else
sudo "${HOME}/install-wasm-pack"
fi
rm "${HOME}/install-wasm-pack"
else
echo "wasm-pack already installed"
fi

14
platform/debian/kanidm-ssh/control Normal file
View file

@ -0,0 +1,14 @@
Source: kanidm-ssh
Section: admin
Priority: optional
Maintainer: James Hodgkinson <james@terminaloutcomes.com>
Build-Depends: debhelper (>=10), libpam0g-dev, libudev-dev, libssl-dev, libsqlite3-dev, pkg-config, cargo, make
Standards-Version: 4.6.0
Homepage: https://kanidm.com
Vcs-Git: https://github.com/kanidm/kanidm/
Rules-Requires-Root: no
Package: kanidm-ssh
Architecture: any
Depends:
Description: Kanidm Unix Tools

34
platform/debian/kanidm-ssh/postinst Normal file
View file

@ -0,0 +1,34 @@
#!/bin/sh
# postinst script for kanidm-ssh
#
# see: dh_installdeb(1)
set -e
case "$1" in
configure)
if [ ! -f /etc/kanidm/config ]; then
echo "============================="
echo "Thanks for installing Kanidm!"
echo "============================="
echo "Please ensure you create a configuration file at /etc/kanidm/config"
echo "An example is in /usr/share/kanidm-ssh/"
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

44
platform/debian/kanidm-ssh/rules Executable file
View file

@ -0,0 +1,44 @@
#!/usr/bin/make -f
# See debhelper(7) (uncomment to enable)
# be REALLY noisy
export DH_VERBOSE=1
export DH_OPTIONS=-v
export DEB_BUILD_OPTIONS=noautodbgsym
PACKAGE=kanidm-ssh
PKGDIR=debian/${PACKAGE}
BINDIR=${PKGDIR}/usr/sbin/
SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
%:
dh $@
override_dh_auto_clean:
override_dh_autoreconf:
override_dh_auto_build:
KANIDM_BUILD_PROFILE=release_suse_generic dh_auto_build -- release/${PACKAGE}
override_dh_auto_test:
override_dh_shlibdeps:
override_dh_strip:
override_dh_auto_install:
mkdir -p ${BINDIR}
install \
-g root -o root \
target/release/kanidm_ssh_authorizedkeys \
${BINDIR}
install \
-g root -o root \
target/release/kanidm_ssh_authorizedkeys_direct \
${BINDIR}
override_dh_installexamples:
mkdir -p ${SHARED_DIR}
install -D \
-g root -o root \
examples/kanidm \
${SHARED_DIR}/

14
platform/debian/kanidm-unixd/control Normal file
View file

@ -0,0 +1,14 @@
Source: kanidm-unixd
Section: admin
Priority: optional
Maintainer: James Hodgkinson <james@terminaloutcomes.com>
Build-Depends: debhelper (>=10), libpam0g-dev, libudev-dev, libssl-dev, libsqlite3-dev, pkg-config, cargo, make
Standards-Version: 4.6.0
Homepage: https://kanidm.com
Vcs-Git: https://github.com/kanidm/kanidm/
Rules-Requires-Root: no
Package: kanidm-unixd
Architecture: any
Depends:
Description: Kanidm Unix Tools

34
platform/debian/kanidm-unixd/postinst Normal file
View file

@ -0,0 +1,34 @@
#!/bin/sh
# postinst script for kanidm-unixd
#
# see: dh_installdeb(1)
set -e
case "$1" in
configure)
if [ ! -f /etc/kanidm/config ]; then
echo "============================="
echo "Thanks for installing Kanidm!"
echo "============================="
echo "Please ensure you create a configuration file at /etc/kanidm/config"
echo "An example is in /usr/share/kanidm-unixd/"
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

57
platform/debian/kanidm-unixd/rules Executable file
View file

@ -0,0 +1,57 @@
#!/usr/bin/make -f
# See debhelper(7) (uncomment to enable)
# be REALLY noisy
export DH_VERBOSE=1
export DH_OPTIONS=-v
export DEB_BUILD_OPTIONS=noautodbgsym
PACKAGE=kanidm-unixd
PKGDIR=debian/${PACKAGE}
BINDIR=${PKGDIR}/usr/sbin/
SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
%:
dh $@
override_dh_auto_clean:
override_dh_autoreconf:
override_dh_auto_build:
KANIDM_BUILD_PROFILE=release_suse_generic dh_auto_build -- release/${PACKAGE}
override_dh_auto_test:
override_dh_shlibdeps:
override_dh_strip:
override_dh_auto_install:
mkdir -p ${BINDIR}
install \
-g root -o root \
target/release/kanidm_unixd \
${BINDIR}
install \
-g root -o root \
target/release/kanidm_unixd_status \
${BINDIR}
install \
-g root -o root \
target/release/kanidm_unixd_tasks \
${BINDIR}
install \
-g root -o root \
target/release/kanidm_cache_clear \
${BINDIR}
install \
-g root -o root \
target/release/kanidm_cache_invalidate \
${BINDIR}
override_dh_installexamples:
mkdir -p ${SHARED_DIR}
install -D \
-g root -o root \
examples/kanidm \
${SHARED_DIR}/

14
platform/debian/kanidm/control Normal file
View file

@ -0,0 +1,14 @@
Source: kanidm
Section: admin
Priority: optional
Maintainer: James Hodgkinson <james@terminaloutcomes.com>
Build-Depends: debhelper (>=10), libpam0g-dev, libudev-dev, libssl-dev, libsqlite3-dev, pkg-config, cargo, make
Standards-Version: 4.6.0
Homepage: https://kanidm.com
Vcs-Git: https://github.com/kanidm/kanidm/
Rules-Requires-Root: no
Package: kanidm
Architecture: any
Depends:
Description: Kanidm CLI Tooling

32
platform/debian/kanidm/postinst Normal file
View file

@ -0,0 +1,32 @@
#!/bin/sh
# postinst script for kanidm
#
# see: dh_installdeb(1)
set -e
case "$1" in
configure)
if [ ! -f /etc/kanidm/config ]; then
echo "============================="
echo "Thanks for installing Kanidm!"
echo "============================="
echo "Please ensure you create a configuration file at /etc/kanidm/config or ~/.config/kanidm. An example file is located in /usr/share/kanidm/"
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

44
platform/debian/kanidm/rules Executable file
View file

@ -0,0 +1,44 @@
#!/usr/bin/make -f
# See debhelper(7) (uncomment to enable)
# be REALLY noisy
export DH_VERBOSE=1
export DH_OPTIONS=-v
export DEB_BUILD_OPTIONS=noautodbgsym
PACKAGE=kanidm
PKGDIR=debian/${PACKAGE}
BINDIR=${PKGDIR}/usr/bin/
SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
%:
dh $@
override_dh_auto_clean:
override_dh_auto_configure:
override_dh_auto_build:
KANIDM_BUILD_PROFILE=release_suse_generic dh_auto_build -- release/${PACKAGE}
override_dh_auto_test:
override_dh_shlibdeps:
override_dh_strip:
override_dh_auto_install:
mkdir -p ${BINDIR}
install -D \
-g root \
-o root \
--mode 755 \
target/release/kanidm \
${BINDIR}
override_dh_installexamples:
mkdir -p ${SHARED_DIR}
install -D \
-g root \
-o root \
--mode 644 \
examples/config \
${SHARED_DIR}/kanidm

14
platform/debian/kanidmd/control Normal file
View file

@ -0,0 +1,14 @@
Source: kanidmd
Section: admin
Priority: optional
Maintainer: James Hodgkinson <james@terminaloutcomes.com>
Build-Depends: debhelper (>=10), libpam0g-dev, libudev-dev, libssl-dev, libsqlite3-dev, pkg-config, cargo, make
Standards-Version: 4.6.0
Homepage: https://kanidm.com
Vcs-Git: https://github.com/kanidm/kanidm/
Rules-Requires-Root: no
Package: kanidmd
Architecture: any
Depends:
Description: Kanidm Daemon

34
platform/debian/kanidmd/postinst Normal file
View file

@ -0,0 +1,34 @@
#!/bin/sh
# postinst script for kanidmd
#
# see: dh_installdeb(1)
set -e
case "$1" in
configure)
if [ ! -f /etc/kanidm/config ]; then
echo "============================="
echo "Thanks for installing Kanidm!"
echo "============================="
echo "Please ensure you create a configuration file at /etc/kanidm/server.toml"
echo "An example is in /usr/share/kanidmd/"
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

53
platform/debian/kanidmd/rules Executable file
View file

@ -0,0 +1,53 @@
#!/usr/bin/make -f
# See debhelper(7) (uncomment to enable)
# be REALLY noisy
export DH_VERBOSE=1
export DH_OPTIONS=-v
export DEB_BUILD_OPTIONS=noautodbgsym
export DEB_BUILD_OPTIONS=noautodbgsym
PACKAGE=kanidmd
PKGDIR=debian/${PACKAGE}
BINDIR=${PKGDIR}/usr/sbin/
SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
%:
dh $@
override_dh_auto_clean:
# cargo clean
override_dh_autoreconf:
override_dh_auto_build:
KANIDM_BUILD_PROFILE=release_suse_generic dh_auto_build -- release/${PACKAGE}
./platform/debian/fix_wasm_opt.sh
cargo install wasm-pack --force
cd kanidmd_web_ui && ./build_wasm.sh
override_dh_auto_test:
override_dh_shlibdeps:
override_dh_strip:
override_dh_auto_install:
mkdir -p ${BINDIR}
install \
-g root -o root \
target/release/kanidmd \
${BINDIR}
mkdir -p ${PKGDIR}/usr/share/kanidm/ui/
cp -R kanidmd_web_ui/pkg ${PKGDIR}/usr/share/kanidm/ui/
override_dh_installexamples:
mkdir -p ${SHARED_DIR}
install -D \
-g root -o root \
examples/kanidm \
${SHARED_DIR}/
install -D \
-g root -o root \
--mode=644 \
examples/server.toml \
${SHARED_DIR}/

1
platform/debian/packaging/compat Normal file
View file

@ -0,0 +1 @@
10

8
platform/debian/packaging/copyright Normal file
View file

@ -0,0 +1,8 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: kanidm
Upstream-Contact: James Hodgkinson <james@terminaloutcomes.com>
Source: https://github.com/kanidm/kanidm
Files: *
Copyright: 2018- William Brown <william@blackhats.net.au>
License: Mozilla Public License Version 2.0

24
platform/debian/packaging/postrm.ex Normal file
View file

@ -0,0 +1,24 @@
#!/bin/sh
# postrm script for kanidm
# rename this to remove the .ex to make it usable.
#
# see: dh_installdeb(1)
set -e
case "$1" in
purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

36
platform/debian/packaging/preinst Executable file
View file

@ -0,0 +1,36 @@
#!/bin/sh
# preinst script for kanidm-1.1.0-alpha.8-202207110454
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <new-preinst> `install'
# * <new-preinst> `install' <old-version>
# * <new-preinst> `upgrade' <old-version>
# * <old-preinst> `abort-upgrade' <new-version>
# for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
install|upgrade)
mkdir -p /etc/kanidm/
;;
abort-upgrade)
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

28
platform/debian/packaging/prerm.ex Executable file
View file

@ -0,0 +1,28 @@
#!/bin/sh
# prerm script for kanidm
# rename this to remove the .ex to make it usable.
#
# see: dh_installdeb(1)
set -e
case "$1" in
remove|upgrade|deconfigure)
;;
failed-upgrade)
;;
*)
echo "prerm called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

1
platform/debian/packaging/source/format Normal file
View file

@ -0,0 +1 @@
3.0 (quilt)

5
platform/debian/packaging/templates/changelog Normal file
View file

@ -0,0 +1,5 @@
#PACKAGE# (#VERSION#) UNRELEASED; urgency=medium
* Updated to git commit #GIT_COMMIT#
-- James <james@terminaloutcomes.com> #DATE#

38
platform/debian/packaging/watch.ex Normal file
View file

@ -0,0 +1,38 @@
# Example watch control file for uscan
# Rename this file to "watch" and then you can run the "uscan" command
# to check for upstream updates and more.
# See uscan(1) for format
# Compulsory line, this is a version 4 file
version=4
# PGP signature mangle, so foo.tar.gz has foo.tar.gz.sig
#opts="pgpsigurlmangle=s%$%.sig%"
# HTTP site (basic)
#http://example.com/downloads.html \
# files/kanidm-1.1.0-alpha.8-202207110454-([\d\.]+)\.tar\.gz debian uupdate
# Uncomment to examine an FTP server
#ftp://ftp.example.com/pub/kanidm-1.1.0-alpha.8-202207110454-(.*)\.tar\.gz debian uupdate
# SourceForge hosted projects
# http://sf.net/kanidm-1.1.0-alpha.8-202207110454/ kanidm-1.1.0-alpha.8-202207110454-(.*)\.tar\.gz debian uupdate
# GitHub hosted projects
#opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%<project>-$1.tar.gz%" \
# https://github.com/<user>/kanidm-1.1.0-alpha.8-202207110454/tags \
# (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
# PyPI
# https://pypi.debian.net/kanidm-1.1.0-alpha.8-202207110454/kanidm-1.1.0-alpha.8-202207110454-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
# Direct Git
# opts="mode=git" http://git.example.com/kanidm-1.1.0-alpha.8-202207110454.git \
# refs/tags/v([\d\.]+) debian uupdate
# Uncomment to find new files on GooglePages
# http://example.googlepages.com/foo.html kanidm-1.1.0-alpha.8-202207110454-(.*)\.tar\.gz

15
platform/debian/ubuntu_docker_builder.sh Executable file
View file

@ -0,0 +1,15 @@
#!/usr/bin/env bash
# Starts a ubuntu docker container with the source code mounted
if [ "$(basename "$(pwd)")" != "kanidm" ]; then
echo "Please run this from the root dir of the repo"
exit 1
fi
echo "Starting base ubuntu container"
echo "Repository is in ~/kanidm/"
docker run --rm -it \
-v "$(pwd):/root/kanidm/" \
--workdir "/root/kanidm/" \
ubuntu:latest "$@"