commit 1bae16bc73199036d3acee33a424d9b5fafe983650e33373710619c0f7613291 Author: Dominique Leuenberger Date: Wed Oct 7 12:16:33 2020 +0000 Accepting request 837240 from network Correct license line base on legal team input OBS-URL: https://build.opensuse.org/request/show/837240 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kanidm?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..be07712 --- /dev/null +++ b/_service @@ -0,0 +1,25 @@ + + + https://github.com/kanidm/kanidm.git + @PARENT_TAG@~git@TAG_OFFSET@.%h + git + + v1.1.0-alpha + v* + v(\d+\.\d+\.\d+)-alpha + \1~alpha + enable + wbrown@suse.de + + + + *.tar + xz + + + kanidm + xz + + + + diff --git a/cargo_config b/cargo_config new file mode 100644 index 0000000..454fa76 --- /dev/null +++ b/cargo_config @@ -0,0 +1,10 @@ +[source.crates-io] +replace-with = "vendored-sources" + +[source."https://github.com/csnewman/libnss-rs.git"] +git = "https://github.com/csnewman/libnss-rs.git" +rev = "eab2d93d2438652773699b0807d558ce75b1e748" +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "vendor" \ No newline at end of file diff --git a/kanidm-unixd.service b/kanidm-unixd.service new file mode 100644 index 0000000..79b1f18 --- /dev/null +++ b/kanidm-unixd.service @@ -0,0 +1,18 @@ +# You should not need to edit this file. Instead, use a drop-in file as described in: +# /usr/lib/systemd/system/kanidm_unixd.service.d/custom.conf + +[Unit] +Description=Kanidm Local Client Resolver +After=chronyd.service ntpd.service network-online.target + +[Service] +DynamicUser=yes +UMask=0027 +CacheDirectory=kanidm-unixd +RuntimeDirectory=kanidm-unixd +Type=simple +ExecStart=/usr/sbin/kanidm_unixd + +[Install] +WantedBy=multi-user.target + diff --git a/kanidm-v1.1.0alpha~git0.c8ac497.tar.xz b/kanidm-v1.1.0alpha~git0.c8ac497.tar.xz new file mode 100644 index 0000000..abc64df --- /dev/null +++ b/kanidm-v1.1.0alpha~git0.c8ac497.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2bd98d65a783ec72f25578e98dec4d43c14514fb7e6bec4229130e9bcbd48957 +size 30054264 diff --git a/kanidm.changes b/kanidm.changes new file mode 100644 index 0000000..c0911da --- /dev/null +++ b/kanidm.changes @@ -0,0 +1,9 @@ +------------------------------------------------------------------- +Wed Sep 23 01:17:22 UTC 2020 - William Brown + +- Correct missing license details + +------------------------------------------------------------------- +Mon Aug 3 00:38:29 UTC 2020 - William Brown + +- Initial Commit diff --git a/kanidm.spec b/kanidm.spec new file mode 100644 index 0000000..5a95eb4 --- /dev/null +++ b/kanidm.spec @@ -0,0 +1,181 @@ +# +# spec file for package kanidm +# +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +# Solid source of inspiration. +# https://build.opensuse.org/package/view_file/home:luke_nukem:rust_apps/nushell/nushell.spec?expand=1 + +%global rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2 + +Name: kanidm +Version: v1.1.0alpha~git0.c8ac497 +Release: 0 +Summary: Kanidm identity project +License: MPL-2.0 AND Apache-2.0 AND MIT AND ISC AND OpenSSL AND APSL-2.0 +Url: https://github.com/Firstyear/kanidm +Source: kanidm-%{version}.tar.xz +Source1: vendor.tar.xz +Source2: cargo_config +Source10: kanidmd.service +Source11: kanidm-unixd.service +Source12: server.toml + +ExcludeArch: %ix86 + +BuildRequires: cargo +BuildRequires: rust >= 1.39.0 +BuildRequires: rust-std-static +BuildRequires: lld +# BuildRequires: pkgconfig(openssl) +# BuildRequires: sqlite-devel +BuildRequires: pam-devel + +Requires: %{name}-clients +Requires: %{name}-server +Requires: %{name}-unixd-clients + +# Are openssl and sqlite implied as requires from this? + +%description +An identity management platform written in rust that supports RADIUS, SSH Key management +and more. + +%package clients +Summary: Client tools for interacting with Kanidm +License: MPL-2.0 + +%description clients +Client utilities for interactive with kanidm + +%package server +Summary: Kanidm server and related tools +License: MPL-2.0 +Requires: %{name}-clients +# Requires: libsqlite3-0 + +%description server +Server for kanidm + +%package unixd-clients +Summary: Client nsswitch/pam/ssh integration for consuming kanidm +License: MPL-2.0 +Requires: %{name}-clients +Requires: pam +# Requires: libsqlite3-0 + +%description unixd-clients +A localhost resolver and libraries that allow a system to resolve posix +identities to a kanidm instance. + + +%define configdir %{_sysconfdir}/%{name} + +%prep +%setup -q +%setup -qa1 +mkdir .cargo +cp %{SOURCE2} .cargo/config +# Remove exec bits to prevent an issue in fedora shebang checking +find vendor -type f -name \*.rs -exec chmod -x '{}' \; + +%build +export RUSTFLAGS="%{rustflags}" +# Allow building on older compliers with deps that have newer features. +# export RUSTC_BOOTSTRAP=1 +cargo build --offline --release + +%install +install -D -d -m 0755 %{buildroot}%{configdir} +install -D -d -m 0755 %{buildroot}%{_unitdir} +install -D -d -m 0755 %{buildroot}%{_sbindir} +install -D -d -m 0755 %{buildroot}%{_bindir} +install -D -d -m 0755 %{buildroot}%{_libdir} +install -D -d -m 0755 %{buildroot}/%_lib/security + +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm %{buildroot}%{_bindir}/kanidm +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_badlist_preprocess %{buildroot}%{_bindir}/kanidm_badlist_preprocess +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_cache_clear %{buildroot}%{_sbindir}/kanidm_cache_clear +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_cache_invalidate %{buildroot}%{_sbindir}/kanidm_cache_invalidate +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_ssh_authorizedkeys %{buildroot}%{_sbindir}/kanidm_ssh_authorizedkeys +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_ssh_authorizedkeys_direct %{buildroot}%{_sbindir}/kanidm_ssh_authorizedkeys_direct +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_unixd %{buildroot}%{_sbindir}/kanidm_unixd +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_unixd_status %{buildroot}%{_bindir}/kanidm_unixd_status +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidmd %{buildroot}%{_sbindir}/kanidmd +install -m 0644 %{_builddir}/%{name}-%{version}/target/release/libnss_kanidm.so %{buildroot}%{_libdir}/libnss_kanidm.so.2 +install -m 0644 %{_builddir}/%{name}-%{version}/target/release/libpam_kanidm.so %{buildroot}/%_lib/security/pam_kanidm.so + +install -m 0644 %{SOURCE10} %{buildroot}%{_unitdir}/kanidmd.service +install -m 0644 %{SOURCE11} %{buildroot}%{_unitdir}/kanidm-unixd.service +install -m 0640 %{SOURCE12} %{buildroot}%{configdir}/server.toml + +# Example of how to install examples later. +# install -D -m 0755 examples %{buildroot}%{_datadir}/kandim/examples + +%pre server +%service_add_pre kanidmd.service + +%post server +%service_add_post kanidmd.service + +%preun server +%service_del_preun kanidmd.service + +%postun server +%service_del_postun kanidmd.service + +%pre unixd-clients +%service_add_pre kanidm-unixd.service + +%post unixd-clients +%service_add_post kanidm-unixd.service + +%preun unixd-clients +%service_del_preun kanidm-unixd.service + +%postun unixd-clients +%service_del_postun kanidm-unixd.service + +%files +%defattr(-,root,root) +# %{_datadir}/kandim/examples +%exclude /usr/.crates.toml + +%files clients +%defattr(-,root,root) +%dir %{configdir} +%{_bindir}/kanidm + +%files server +%{_bindir}/kanidm_badlist_preprocess +%{_sbindir}/kanidmd +%{_unitdir}/kanidmd.service +%dir %{configdir} +%config(noreplace) %{configdir}/server.toml + +%files unixd-clients +%{_libdir}/libnss_kanidm.so.2 +/%_lib/security/pam_kanidm.so +%{_sbindir}/kanidm_cache_clear +%{_sbindir}/kanidm_cache_invalidate +%{_sbindir}/kanidm_ssh_authorizedkeys +%{_sbindir}/kanidm_ssh_authorizedkeys_direct +%{_sbindir}/kanidm_unixd +%{_bindir}/kanidm_unixd_status +%{_unitdir}/kanidm-unixd.service + +%changelog + + diff --git a/kanidmd.service b/kanidmd.service new file mode 100644 index 0000000..f747799 --- /dev/null +++ b/kanidmd.service @@ -0,0 +1,17 @@ +# You should not need to edit this file. Instead, use a drop-in file as described in: +# /usr/lib/systemd/system/kanidmd.service.d/custom.conf + +[Unit] +Description=Kanidm Identity Server +After=chronyd.service ntpd.service network-online.target +Before=radiusd.service + +[Service] +Type=simple +DynamicUser=yes +UMask=0027 +StateDirectory=kanidmd +ExecStart=/usr/sbin/kanidmd server -c /etc/kanidm/server.toml + +[Install] +WantedBy=multi-user.target diff --git a/server.toml b/server.toml new file mode 100644 index 0000000..7b99f5e --- /dev/null +++ b/server.toml @@ -0,0 +1,7 @@ +bindaddress = "127.0.0.1:8443" +# ldapbindaddress = "127.0.0.1:3636" +db_path = "/var/lib/kanidmd/kanidm.db" +# tls_ca = "/var/lib/kanidmd/ca.pem" +# tls_cert = "/var/lib/kanidmd/cert.pem" +# tls_key = "/var/lib/kanidmd/key.pem" +# log_level = " diff --git a/vendor.tar.xz b/vendor.tar.xz new file mode 100644 index 0000000..bc5a2a5 --- /dev/null +++ b/vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:34211423de725bcd3329b84e02642dbf9bc229c15ca971b614c9c057a21a8816 +size 26096900