commit a981f0614b6913a56f091b35f6a216aea9be36f111ff1179e0f2f43078feca9e Author: Adrian Schröter Date: Fri May 3 13:12:00 2024 +0200 Sync from SUSE:SLFO:Main google-guest-oslogin revision 47b49fa0be80cb35ff056ff245f6b6a7 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/google-guest-oslogin-20231116.00.tar.gz b/google-guest-oslogin-20231116.00.tar.gz new file mode 100644 index 0000000..0f2e914 --- /dev/null +++ b/google-guest-oslogin-20231116.00.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5bbb736d434ee73bd9c348bb0c2430f37474f83fbe39940d3de403342863991a +size 57944 diff --git a/google-guest-oslogin.changes b/google-guest-oslogin.changes new file mode 100644 index 0000000..c50ef91 --- /dev/null +++ b/google-guest-oslogin.changes @@ -0,0 +1,212 @@ +------------------------------------------------------------------- +Thu Jan 4 11:56:22 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 20231116.00 + * build: Fix DESTDIR concatenation (#124) +- from version 20231113.00 + * build: Fix clang build (#122) +- from version 20231103.00 + * Update owners (#121) + +------------------------------------------------------------------- +Thu Nov 2 09:47:31 UTC 2023 - John Paul Adrian Glaubitz + +- Update to version 20231101.00 (bsc#1216548, bsc#1216750) + * Fix HTTP calls retry logic (#117) + +------------------------------------------------------------------- +Thu Oct 19 12:40:54 UTC 2023 - John Paul Adrian Glaubitz + +- Update to version 20231004 + * packaging: Make the dependency explicit (#120) + +------------------------------------------------------------------- +Sun Oct 1 08:31:23 UTC 2023 - Dirk Müller + +- update to 20230926.00: + * fix suse build + * selinux: fix selinux build (#114) + * test: align CXX Flags + * sshca: Make the implementation more C++ like + * sshca: Add a SysLog wrapper + * oslogin_utils: introduce AuthorizeUser() API + * sshca: move it out of pam dir + * pam: start disabling the use of oslogin_sshca + * sshca: consider sshca API to assume a cert only + * authorized principals: introduce the new command + * authorize keys: update to use new APIs + * pam modules: remove pam_*_admin and update pam_*_login + * cache_refresh: should be catching by reference. + +------------------------------------------------------------------- +Thu Aug 31 11:46:10 UTC 2023 - John Paul Adrian Glaubitz + +- Update to version 20230823.00 + * selinux: Add sshd_key_t type enforcement to trusted user ca (#113) +- from version 20230822.00 + * sshca: Add tests with fingerprint and multiple extensions (#111) +- from version 20230821.01 + * sshca: Support method token and handle multi line (#109) +- from version 20230821.00 + * Update owners (#110) + +------------------------------------------------------------------- +Tue Aug 15 13:53:44 UTC 2023 - John Paul Adrian Glaubitz + +- Update to version 20230808.00 + * byoid: extract and apply the ca fingerprint to policy call (#106) + +------------------------------------------------------------------- +Tue May 9 08:10:07 UTC 2023 - John Paul Adrian Glaubitz + +- Update to version 20230502.00 + * Improve the URL in 2fa prompt (#104) +- from version 20230406.02 + * Check open files (#101) +- from version 20230406.01 + * Initialize variables (#100) + * Fix formatting (#102) +- from version 20230406.00 + * PAM cleanup: remove duplicates (#97) +- from version 20230405.00 + * NSS cleanup (#98) +- from version 20230403.01 + * Cleanup Makefiles (#95) +- from version 20230403.00 + * Add anandadalton to the owners list (#96) + +------------------------------------------------------------------- +Tue Feb 28 11:36:07 UTC 2023 - John Paul Adrian Glaubitz + +- Update to version 20230217.00 + * Update OWNERS (#91) +- from version 20230202.00 + * Update owners file (#89) + +------------------------------------------------------------------- +Wed Aug 3 10:25:32 UTC 2022 - John Paul Adrian Glaubitz + +- Update to version 20220721.00 (bsc#1202100, bsc#1202101) + * prune outdated info from readme (#86) +- from version 20220714.00 + * strip json-c version symbol (#84) +- from version 20220622.00 + * pam login: split conditions for logging (#83) + +------------------------------------------------------------------- +Wed May 4 19:37:21 UTC 2022 - Robert Schweikert + +- use pam_moduledir (boo#1191036) + * Support UsrMerge project + +------------------------------------------------------------------- +Thu Apr 14 11:12:56 UTC 2022 - John Paul Adrian Glaubitz + +- Update to version 20220411.00 + * pam login: split conditions for logging (#83) + +------------------------------------------------------------------- +Tue Feb 8 15:47:52 UTC 2022 - John Paul Adrian Glaubitz + +- Update to version 20220205.00 (bsc#1195437, bsc#1195438) + * Fix build for EL9. (#82) +- from version 20211213.00 + * Reauth error (#81) +- Rename Source0 field to Source +- Update URL in Source field to point to upstream tarball + +------------------------------------------------------------------- +Fri Oct 22 11:20:01 UTC 2021 - John Paul Adrian Glaubitz + +- Update to version 20211013.00 (bsc#1193257, bsc#1193258) + * remove deprecated binary (#79) +- from version 20211001.00 + * no message if no groups (#78) +- from version 20210907.00 + * use sigaction for signals (#76) +- from version 20210906.00 + * include cstdlib for exit (#75) + * catch SIGPIPE in authorized_keys (#73) +- from version 20210805.00 + * fix double free in ParseJsonToKey (#70) +- from version 20210804.00 + * fix packaging for authorized_keys_sk (#68) + * add authorized_keys_sk (#66) +- Add google_authorized_keys_sk to %files section +- Remove google_oslogin_control from %files section + +------------------------------------------------------------------- +Wed Aug 4 07:35:45 UTC 2021 - John Paul Adrian Glaubitz + +- Update to version 20210728.00 (bsc#1188992, bsc#1189041) + * JSON object cleanup (#65) + +------------------------------------------------------------------- +Mon Jul 19 12:28:53 UTC 2021 - John Paul Adrian Glaubitz + +- Update to version 20210707.00 + * throw exceptions in cache_refresh (#64) +- from version 20210702.00 + * Use IP address for calling the metadata server. (#63) + +------------------------------------------------------------------- +Wed Jun 23 11:34:01 UTC 2021 - John Paul Adrian Glaubitz + +- Update to version 20210618.00 + * flush each group member write (#62) + +------------------------------------------------------------------- +Tue May 11 08:22:46 UTC 2021 - John Paul Adrian Glaubitz + +- Update to version 20210429.00 (bsc#1185848, bsc#1185849) + * correct pagetoken in groupsforuser (#59) + * resolve self groups last (#58) + * support empty groups (#57) + * no paginating to find groups (#56) + * clear users vector (#55) + * correct usage of pagetoken (#54) + +------------------------------------------------------------------- +Wed Mar 31 12:57:04 UTC 2021 - John Paul Adrian Glaubitz + +- Update to version 20210316.00 (bsc#1183414, bsc#1183415) + * call correct function in pwenthelper (#53) + +------------------------------------------------------------------- +Tue Jan 12 10:43:53 UTC 2021 - John Paul Adrian Glaubitz + +- Update to version 20210108.00 + * Update logic in the cache_refresh binary (#52) + * remove old unused workflow files (#49) + +------------------------------------------------------------------- +Thu Oct 8 09:24:32 UTC 2020 - John Paul Adrian Glaubitz + +- Update to version 20200925.00 (bsc#1179031, bsc#1179032) + * add getpwnam,getpwuid,getgrnam,getgrgid (#42) + * Change requires to not require the python library for policycoreutils. (#44) + * add dial and recvline (#41) + * PR feedback + * new client component and tests + +------------------------------------------------------------------- +Tue Aug 25 15:27:35 UTC 2020 - John Paul Adrian Glaubitz + +- Update to version 20200819.00 (bsc#1175740, bsc#1175741) + * deny non-2fa users (#37) + * use asterisks instead (#39) + * set passwords to ! (#38) + * correct index 0 bug (#36) + * Support security key generated OTP challenges. (#35) + +------------------------------------------------------------------- +Fri Jul 24 13:40:56 UTC 2020 - Robert Schweikert + +- No post action for ssh + +------------------------------------------------------------------- +Wed Jul 22 10:57:18 UTC 2020 - John Paul Adrian Glaubitz + +- Initial build (bsc#1174304, bsc#1174306, jsc#ECO-2099, jsc#PM-1945) + + Version 20200507.00 + + Replaces google-compute-engine-oslogin package diff --git a/google-guest-oslogin.spec b/google-guest-oslogin.spec new file mode 100644 index 0000000..d5cc925 --- /dev/null +++ b/google-guest-oslogin.spec @@ -0,0 +1,93 @@ +# +# spec file for package google-guest-oslogin +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{!?_pam_moduledir: %define _pam_moduledir %{_pamdir}} + +Name: google-guest-oslogin +Version: 20231116.00 +Release: 0 +Summary: Google Cloud Guest OS Login +License: Apache-2.0 +Group: System/Daemons +URL: https://github.com/GoogleCloudPlatform/guest-oslogin +Source: %{url}/archive/%{version}/%{name}-%{version}.tar.gz +Requires: openssh +Requires: pam +Requires(post): glibc +%if 0%{?suse_version} && 0%{?suse_version} <= 1315 +BuildRequires: boost-devel +%endif +BuildRequires: gcc-c++ +BuildRequires: libcurl-devel +BuildRequires: libjson-c-devel +BuildRequires: make +BuildRequires: pam-devel +BuildRequires: systemd-rpm-macros +Requires: google-guest-configs +Provides: google-compute-engine-oslogin = %{version} +Obsoletes: google-compute-engine-oslogin < %{version} +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +Google Cloud Guest OS Login + +%prep +%setup -q -n guest-oslogin-%{version} + +%build +%if 0%{?suse_version} && 0%{?suse_version} > 1315 +make %{?_smp_mflags} VERSION=%{version} +%else +make %{?_smp_mflags} LDLIBS='-lcurl -ljson-c -lboost_regex' VERSION=%{version} +%endif + +%install +make install DESTDIR=%{buildroot} LIBDIR=/%{_libdir} PAMDIR=%{_pam_moduledir} SYSTEMDDIR=%{_unitdir} PRESETDIR=%{_presetdir} VERSION=%{version} +mkdir -p %{buildroot}%{_sbindir} +for srv_name in %{buildroot}%{_unitdir}/*.service; do rc_name=$(basename -s '.service' $srv_name); ln -s service %{buildroot}%{_sbindir}/rc$rc_name; done + +%pre +%service_add_pre google-oslogin-cache.service + +%preun +%service_del_preun google-oslogin-cache.service + +%post +/sbin/ldconfig +%service_add_post google-oslogin-cache.service + +%postun +/sbin/ldconfig +%service_del_postun google-oslogin-cache.service + +%files +%defattr(0644,root,root,0755) +%doc README.md +%license LICENSE +%attr(0755,root,root) %{_bindir}/google_authorized_keys +%attr(0755,root,root) %{_bindir}/google_authorized_keys_sk +%attr(0755,root,root) %{_bindir}/google_oslogin_nss_cache +%{_mandir}/man8/* +%{_libdir}/libnss* +%{_pam_moduledir}/* +%{_presetdir}/* +%{_bindir}/google_authorized_principals +%{_sbindir}/* +%{_unitdir}/* + +%changelog