diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b5f87d256..1ca8484cd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -68,54 +68,30 @@ package-helm: only: - tags - /^version/.*$/ -# package-3.5: -# before_script: -# - apt update -# - apt install -y build-essential debhelper devscripts equivs python3 python3-pip -# - cp debian/control-3.5 debian/control -# - mk-build-deps debian/control -# - apt install ./*build-deps*deb -f -y -# - "python3 -m pip install -U virtualenv" -# - "virtualenv env" -# - "source env/bin/activate" -# - "pip3 install -U -r requirements.txt -r requirements-dev.txt" -# image: debian -# script: -# - debuild -us -uc -# - cp ../passbook*.deb . -# - python manage.py nexus_upload -# artifacts: -# paths: -# - passbook-python3.5*deb -# expire_in: 2 days -# stage: build -# only: -# - tags -# - /^debian/.*$/ -# package-3.6: -# before_script: -# - apt update -# - apt install -y build-essential debhelper devscripts equivs python3 python3-pip -# - cp debian/control-3.6 debian/control -# - mk-build-deps debian/control -# - apt install ./*build-deps*deb -f -y -# - "python3 -m pip install -U virtualenv" -# - "virtualenv env" -# - "source env/bin/activate" -# - "pip3 install -U -r requirements.txt -r requirements-dev.txt" -# image: debian:buster -# script: -# - debuild -us -uc -# - cp ../passbook*.deb . -# - python manage.py nexus_upload -# artifacts: -# paths: -# - passbook-python3.6*deb -# expire_in: 2 days -# stage: build -# only: -# - tags -# - /^debian/.*$r +package-debian: + before_script: + - apt update + - apt install -y --no-install-recommends build-essential debhelper devscripts equivs python3 python3-dev python3-pip libsasl2-dev libldap2-dev + - mk-build-deps debian/control + - apt install ./*build-deps*deb -f -y + - python3 -m pip install -U virtualenv pip + - python3 -m venv env + - source env/bin/activate + - pip install -U -r requirements-dev.txt + - pip install --no-binary psycopg2 psycopg2 + image: ubuntu:18.04 + script: + - debuild -us -uc + - cp ../passbook*.deb . + - ./manage.py nexus_upload --method post --url $NEXUS_URL --auth $NEXUS_AUTH --repo apt passbook*deb + artifacts: + paths: + - passbook*deb + expire_in: 2 days + stage: build + only: + - tags + - /^version/.*$/ # docs: # stage: docs diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..1caa35172 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +passbook (0.1.3) stable; urgency=medium + + * initial debian package release + + -- Jens Langhammer Wed, 06 Mar 2019 18:22:41 +0000 diff --git a/debian/compat b/debian/compat new file mode 100644 index 000000000..f599e28b8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/config b/debian/config new file mode 100644 index 000000000..4ccc05ade --- /dev/null +++ b/debian/config @@ -0,0 +1,20 @@ +#!/bin/sh +# config maintainer script for passbook +set -e + +# source debconf stuff +. /usr/share/debconf/confmodule + +dbc_first_version=1.0.0 +dbc_dbuser=passbook +dbc_dbname=passbook + +# source dbconfig-common shell library, and call the hook function +if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/config.pgsql + dbc_go passbook "$@" +fi + +#DEBHELPER# + +exit 0 diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..79f149f37 --- /dev/null +++ b/debian/control @@ -0,0 +1,14 @@ +Source: passbook +Section: admin +Priority: optional +Maintainer: BeryJu.org +Uploaders: Jens Langhammer , BeryJu.org +Build-Depends: debhelper (>= 10), dh-systemd (>= 1.5), dh-exec, wget, dh-exec, python3 (>= 3.5) | python3.6 | python3.7 +Standards-Version: 3.9.6 + +Package: passbook +Architecture: all +Recommends: mysql-server, redis-server +Pre-Depends: adduser, libldap2-dev, libsasl2-dev +Depends: python3 (>= 3.5) | python3.6 | python3.7, python3-pip, dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends} +Description: Authentication Provider/Proxy supporting protocols like SAML, OAuth, LDAP and more. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..750b5c794 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,22 @@ +MIT License + +Copyright (c) 2019 BeryJu.org + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 000000000..487ad2f16 --- /dev/null +++ b/debian/dirs @@ -0,0 +1,4 @@ +etc/passbook/ +etc/passbook/config.d/ +var/log/passbook/ +usr/share/passbook/ diff --git a/debian/etc/passbook/config.yml b/debian/etc/passbook/config.yml new file mode 100644 index 000000000..6535b3bdb --- /dev/null +++ b/debian/etc/passbook/config.yml @@ -0,0 +1,44 @@ +debug: false +http: + host: 0.0.0.0 + port: 8000 +secret_key_file: /etc/passbook/secret_key +log: + level: + console: INFO + file: DEBUG + file: /var/log/passbook/passbook.log +# Error reporting, disabled by default +# error_report_enabled: true + +# Set this to the server's external address. +# This is used to generate external URLs +external_url: http://image.example.com + +# This dictates how the Path is generated +# can be either of: +# - view_sha512_short +# - view_md5 +# - view_sha256 +# - view_sha512 +default_return_view: view_sha256 + +# Set this to true if you only want to use external authentication +external_auth_only: false + +# If this is true, images are automatically claimed if the windows user exists +# in django +auto_claim_enabled: true + +# LDAP Authentication +# ldap: +# enabled: false +# server: +# uri: 'ldap://dc1.example.com' +# tls: false +# bind: +# dn: '' +# password: '' +# search_base: '' +# filter: '(sAMAccountName=%(user)s)' +# require_group: '' diff --git a/debian/files b/debian/files new file mode 100644 index 000000000..256132ddd --- /dev/null +++ b/debian/files @@ -0,0 +1,2 @@ +passbook-dbgsym_0.1.3_amd64.ddeb debug optional +passbook_0.1.3_amd64.deb admin optional diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 000000000..9eeba0449 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[buildpackage] +export-dir=../build-area diff --git a/debian/install b/debian/install new file mode 100644 index 000000000..8d3485ae2 --- /dev/null +++ b/debian/install @@ -0,0 +1,8 @@ +passbook /usr/share/passbook/ +static /usr/share/passbook/ +manage.py /usr/share/passbook/ +passbook.sh /usr/share/passbook/ +vendor /usr/share/passbook/ + +debian/etc/passbook /etc/ +debian/templates/database.yml /usr/share/passbook/ diff --git a/debian/links b/debian/links new file mode 100644 index 000000000..e69de29bb diff --git a/debian/passbook-worker.service b/debian/passbook-worker.service new file mode 100644 index 000000000..2c5f9e568 --- /dev/null +++ b/debian/passbook-worker.service @@ -0,0 +1,14 @@ +[Unit] +Description=passbook - Authentication Provider/Proxy (Background worker) +After=network.target +Requires=network.target + +[Service] +User=passbook +Group=passbook +WorkingDirectory=/usr/share/passbook +Type=simple +ExecStart=/usr/share/passbook/passbook.sh worker + +[Install] +WantedBy=multi-user.target diff --git a/debian/passbook.postrm.debhelper b/debian/passbook.postrm.debhelper new file mode 100644 index 000000000..500916c20 --- /dev/null +++ b/debian/passbook.postrm.debhelper @@ -0,0 +1,6 @@ +# Automatically added by dh_installdebconf/11.1.6ubuntu2 +if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_purge +fi +# End automatically added section diff --git a/debian/passbook.service b/debian/passbook.service new file mode 100644 index 000000000..bb4d59c63 --- /dev/null +++ b/debian/passbook.service @@ -0,0 +1,14 @@ +[Unit] +Description=passbook - Authentication Provider/Proxy +After=network.target +Requires=network.target + +[Service] +User=passbook +Group=passbook +WorkingDirectory=/usr/share/passbook +Type=simple +ExecStart=/usr/share/passbook/passbook.sh web + +[Install] +WantedBy=multi-user.target diff --git a/debian/passbook.substvars b/debian/passbook.substvars new file mode 100644 index 000000000..03c3a8dbf --- /dev/null +++ b/debian/passbook.substvars @@ -0,0 +1,3 @@ +misc:Depends=debconf (>= 0.5) | debconf-2.0 +shlibs:Depends=libc6 (>= 2.4), passbook +misc:Pre-Depends= diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 000000000..0bdd0aea0 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +. /usr/share/debconf/confmodule +. /usr/share/dbconfig-common/dpkg/postinst.pgsql + +# you can set the default database encoding to something else +dbc_pgsql_createdb_encoding="UTF8" +dbc_generate_include=template:/etc/passbook/config.d/database.yml +dbc_generate_include_args="-o template_infile=/usr/share/passbook/database.yml" +dbc_go passbook "$@" + +if [ -z "`getent group passbook`" ]; then + addgroup --quiet --system passbook +fi +if [ -z "`getent passwd passbook`" ]; then + echo " * Creating user and group passbook..." + adduser --quiet --system --home /usr/share/passbook --shell /bin/false --ingroup passbook --disabled-password --disabled-login --gecos "passbook User" passbook >> /var/log/passbook/passbook.log 2>&1 +fi +echo " * Updating binary packages (psycopg2)" +python3 -m pip install --target=/usr/share/passbook/vendor/ --no-cache-dir --upgrade --force-reinstall psycopg2 >> /var/log/passbook/passbook.log 2>&1 +if [ ! -f '/etc/passbook/secret_key' ]; then + echo " * Generating Secret Key" + python3 -c 'import random; result = "".join([random.choice("abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)") for i in range(50)]); print(result)' > /etc/passbook/secret_key 2> /dev/null +fi +chown -R passbook: /usr/share/passbook/ +chown -R passbook: /etc/passbook/ +chown -R passbook: /var/log/passbook/ +chmod 440 /etc/passbook/secret_key +echo " * Running Database Migration" +/usr/share/passbook/passbook.sh migrate +echo " * A superuser can be created with this command '/usr/share/passbook/passbook.sh createsuperuser'" +echo " * You should probably also adjust your settings in '/etc/passbook/config.yml'" + +#DEBHELPER# diff --git a/debian/postrm b/debian/postrm new file mode 100644 index 000000000..abfa631b8 --- /dev/null +++ b/debian/postrm @@ -0,0 +1,24 @@ +#!/bin/sh + +set -e + +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule +fi +if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then + . /usr/share/dbconfig-common/dpkg/postrm.pgsql + dbc_go passbook "$@" +fi + + +if [ "$1" = "purge" ]; then + if which ucf >/dev/null 2>&1; then + ucf --purge /etc/passbook/config.d/database.yml + ucfr --purge passbook /etc/passbook/config.d/database.yml + fi + rm -rf /etc/passbook/ + rm -rf /usr/share/passbook/ +fi + +#DEBHELPER# + diff --git a/debian/prerm b/debian/prerm new file mode 100644 index 000000000..5383d20d0 --- /dev/null +++ b/debian/prerm @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule +. /usr/share/dbconfig-common/dpkg/prerm.pgsql +dbc_go passbook "$@" + +#DEBHELPER# + diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..df1396673 --- /dev/null +++ b/debian/rules @@ -0,0 +1,26 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +# export DH_VERBOSE=1 + +%: + dh $@ --with=systemd + +build-arch: + python3 -m pip install --target=vendor/ -r requirements.txt + +override_dh_strip: + dh_strip --exclude=psycopg2 + +override_dh_shlibdeps: + dh_shlibdeps --exclude=psycopg2 + +override_dh_installinit: + dh_installinit --name=passbook + dh_installinit --name=passbook-worker + dh_systemd_enable --name=passbook + dh_systemd_enable --name=passbook-worker + dh_systemd_start + +# override_dh_usrlocal to do nothing +override_dh_usrlocal: diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 000000000..89ae9db8f --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/debian/templates/database.yml b/debian/templates/database.yml new file mode 100644 index 000000000..0c4a4a825 --- /dev/null +++ b/debian/templates/database.yml @@ -0,0 +1,8 @@ +databases: + default: + engine: django.db.backends.postgresql + name: _DBC_DBNAME_ + user: _DBC_DBUSER_ + password: _DBC_DBPASS_ + host: _DBC_DBSERVER_ + port: _DBC_DBPORT_ diff --git a/passbook.sh b/passbook.sh new file mode 100755 index 000000000..f47983674 --- /dev/null +++ b/passbook.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Check if this file is a symlink, if so, read real base dir +BASE_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]})) + +cd $BASE_DIR +PYTHONPATH="${BASE_DIR}/vendor/" python3 manage.py $@