mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 20:47:01 +01:00
0c6ea6ea75
This allows building the stable 1.3.3 on the new packaging infra * feat: Rebuild the deb packaging flow fix: Add more sudo, GHA likes sudo fix: Give build_debs.sh only the triplet argument fix: Work around more GHA weirdness in apt sources Drop crossbuild as it was only used by debian packaging docs: Update book and other docs for packaging flow feat: package kanidm_tools aka kanidm cli docs: Update packaging docs for latest process and clarity fix: use full triple in sdynlib variants fix: Correct kanidm.pam asset placement fix: Give pam & nss modules a description so the debs get it fix: Work around wonky libssl3 naming in Ubuntu 24.04 fix: Place kanidm bin correctly :3 feat: Pin all blame on @yaleman :3 WIP: Swap out the submodule reference. Still not the final one though. refactor: Switch kanidm-pam & kanidm-nss to mandatory deps While in theory unixd will start and run without them, it also won't do anything useful. fix: explicit depends for nss & pam libs without versions We build the debs on the ubuntu24.04 GHA runner so automatic pins versions that are too new for 22.04. Ideally we'd run cargo-deb also on the target images but that'll have to be a future improvement. * refactor: Switch nss_kanidm & pam_kanidm package naming closer to debian guidance * feat: Attempt enabling unixd by default with secure defaults * fix: Relax config permissions so the kanidm user can read Also, update postinst config instructions
143 lines
4 KiB
TOML
143 lines
4 KiB
TOML
[package]
|
|
name = "kanidm_unix_int"
|
|
description = "Kanidm Unix Integration Clients"
|
|
documentation = "https://docs.rs/kanidm/latest/kanidm/"
|
|
|
|
version = { workspace = true }
|
|
authors = { workspace = true }
|
|
rust-version = { workspace = true }
|
|
edition = { workspace = true }
|
|
license = { workspace = true }
|
|
homepage = { workspace = true }
|
|
repository = { workspace = true }
|
|
|
|
[features]
|
|
default = ["unix"]
|
|
unix = []
|
|
selinux = ["dep:selinux"]
|
|
tpm = ["kanidm-hsm-crypto/tpm"]
|
|
|
|
[[bin]]
|
|
name = "kanidm_unixd"
|
|
path = "src/bin/kanidm_unixd.rs"
|
|
required-features = ["unix"]
|
|
test = true
|
|
doctest = false
|
|
|
|
[[bin]]
|
|
name = "kanidm_unixd_tasks"
|
|
path = "src/bin/kanidm_unixd_tasks.rs"
|
|
required-features = ["unix"]
|
|
test = true
|
|
doctest = false
|
|
|
|
[[bin]]
|
|
name = "kanidm_ssh_authorizedkeys"
|
|
path = "src/bin/kanidm_ssh_authorizedkeys.rs"
|
|
required-features = ["unix"]
|
|
test = true
|
|
doctest = false
|
|
|
|
[[bin]]
|
|
name = "kanidm-unix"
|
|
path = "src/bin/kanidm-unix.rs"
|
|
required-features = ["unix"]
|
|
test = true
|
|
doctest = false
|
|
|
|
[lib]
|
|
name = "kanidm_unix_resolver"
|
|
path = "src/lib.rs"
|
|
test = true
|
|
doctest = false
|
|
|
|
[dependencies]
|
|
async-trait.workspace = true
|
|
# base64urlsafedata = { workspace = true }
|
|
bytes = { workspace = true }
|
|
clap = { workspace = true, features = ["derive", "env"] }
|
|
# csv = { workspace = true }
|
|
futures = { workspace = true }
|
|
hashbrown = { workspace = true }
|
|
libc = { workspace = true }
|
|
# libsqlite3-sys = { workspace = true }
|
|
lru = { workspace = true }
|
|
kanidm_client = { workspace = true }
|
|
kanidm_proto = { workspace = true }
|
|
kanidm-hsm-crypto = { workspace = true }
|
|
kanidm_lib_crypto = { workspace = true }
|
|
kanidm_lib_file_permissions = { workspace = true }
|
|
kanidm_unix_common = { workspace = true }
|
|
notify-debouncer-full = { workspace = true }
|
|
rpassword = { workspace = true }
|
|
rusqlite = { workspace = true }
|
|
selinux = { workspace = true, optional = true }
|
|
serde = { workspace = true, features = ["derive"] }
|
|
serde_json = { workspace = true }
|
|
sketching = { workspace = true }
|
|
toml = { workspace = true }
|
|
tokio = { workspace = true, features = [
|
|
"rt",
|
|
"fs",
|
|
"macros",
|
|
"sync",
|
|
"time",
|
|
"net",
|
|
"io-util",
|
|
] }
|
|
tokio-util = { workspace = true, features = ["codec"] }
|
|
tracing = { workspace = true }
|
|
uuid = { workspace = true }
|
|
walkdir = { workspace = true }
|
|
|
|
[target.'cfg(target_os = "linux")'.dependencies]
|
|
sd-notify.workspace = true
|
|
prctl.workspace = true
|
|
|
|
[target.'cfg(not(target_family = "windows"))'.dependencies]
|
|
kanidm_utils_users = { workspace = true }
|
|
|
|
[target.'cfg(not(target_os = "illumos"))'.dependencies]
|
|
mimalloc = { workspace = true }
|
|
|
|
[dev-dependencies]
|
|
kanidmd_core = { workspace = true }
|
|
kanidmd_testkit = { workspace = true }
|
|
|
|
[build-dependencies]
|
|
clap = { workspace = true, features = ["derive"] }
|
|
clap_complete = { workspace = true }
|
|
kanidm_build_profiles = { workspace = true }
|
|
|
|
## Debian packaging
|
|
# We only package unixd itself here as shared libraries must be packaged separarately due to multiarch rules.
|
|
[package.metadata.deb]
|
|
name = "kanidm-unixd"
|
|
maintainer = "James Hodgkinson <james@terminaloutcomes.com>"
|
|
# Can't use $auto depends because the name of libssl3 varies by distro and version
|
|
depends = [
|
|
"libc6",
|
|
"tpm-udev",
|
|
"libssl3 | libssl3t64",
|
|
"libpam-kanidm",
|
|
"libnss-kanidm"
|
|
]
|
|
section = "network"
|
|
priority = "optional"
|
|
changelog = "../../target/debian/changelog" # Generated by platform/debian/build_debs.sh
|
|
assets = [
|
|
[ "target/release/kanidm_ssh_authorizedkeys", "usr/sbin/", "755" ],
|
|
[ "target/release/kanidm_unixd_tasks", "usr/sbin/", "755" ],
|
|
[ "target/release/kanidm_unixd", "usr/sbin/", "755" ],
|
|
[ "target/release/kanidm-unix", "usr/sbin/", "755" ],
|
|
[ "../../examples/unixd-safe-default", "etc/kanidm/unixd", "644" ],
|
|
[ "../../examples/kanidm-safe-default", "etc/kanidm/config", "644" ],
|
|
[ "../../examples/kanidm", "usr/share/kanidm-unixd/", "444" ],
|
|
[ "../../examples/unixd", "usr/share/kanidm-unixd/", "444" ],
|
|
]
|
|
maintainer-scripts = "debian/"
|
|
systemd-units = [
|
|
{ unit-name = "kanidm-unixd", enable = true},
|
|
{ unit-name = "kanidm-unixd-tasks", enable = true},
|
|
]
|