-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
🔖 release v0.6.1 - deb/rpm binary packages
- Loading branch information
Showing
10 changed files
with
150 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
target/ | ||
.config.toml |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
[package] | ||
name = "aeneid" | ||
version = "0.6.0" | ||
version = "0.6.1" | ||
authors = ["Nikhil Jha <[email protected]>"] | ||
edition = "2018" | ||
description = "use GitHub as a free, zero-ops Identity Provider" | ||
|
@@ -11,7 +11,30 @@ license = "GPL-3.0-only" | |
keywords = ["github", "openssh"] | ||
categories = ["authentication"] | ||
|
||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html | ||
[package.metadata.deb] | ||
maintainer = "Nikhil Jha <[email protected]>" | ||
copyright = "2021, Nikhil Jha <[email protected]>" | ||
extended-description = """\ | ||
Use GitHub as a free, zero-ops Identity Provider \ | ||
by using github authorized_keys for your sshd.""" | ||
maintainer-scripts = "pkg/deb/" | ||
conf-files = ["etc/aeneid/config.toml"] | ||
assets = [ | ||
["target/release/aeneid", "usr/bin/", "755"], | ||
["README.md", "usr/share/doc/aeneid/README", "644"], | ||
["src/config.toml", "etc/aeneid/config.toml", "700"], | ||
] | ||
|
||
[package.metadata.rpm] | ||
package = "aeneid" | ||
config = "pkg/rpm" | ||
files = {"../../src/config.toml" = {path = "/etc/aeneid/config.toml"}} | ||
|
||
[package.metadata.rpm.cargo] | ||
buildflags = ["--release"] | ||
|
||
[package.metadata.rpm.targets] | ||
aeneid = { path = "/usr/bin/aeneid" } | ||
|
||
[dependencies] | ||
reqwest = { version = "0.11.4", features = ["blocking", "json", "rustls-tls"], default-features = false } | ||
|
@@ -20,3 +43,4 @@ regex = "1.4.5" | |
toml = "0.5.8" | ||
serde_derive = "1.0.127" | ||
serde = "1.0.127" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
FROM rust:1.54-slim | ||
WORKDIR . | ||
|
||
debian: | ||
RUN apt-get update | ||
RUN apt-get install -y gnulib | ||
RUN cargo install cargo-deb | ||
COPY Cargo.toml ./ | ||
COPY Cargo.lock ./ | ||
COPY src src | ||
COPY pkg pkg | ||
COPY README.md README.md | ||
RUN cargo deb | ||
SAVE ARTIFACT /target/debian /debian AS LOCAL target/debian | ||
|
||
rpm: | ||
RUN apt-get update | ||
RUN apt-get install -y rpm | ||
RUN cargo install --git https://github.com/iqlusioninc/cargo-rpm | ||
COPY Cargo.toml ./ | ||
COPY Cargo.lock ./ | ||
COPY src src | ||
COPY pkg pkg | ||
COPY README.md README.md | ||
RUN cargo rpm build | ||
SAVE ARTIFACT /target/release/rpmbuild /rpm AS LOCAL target/release/rpmbuild |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,13 +15,19 @@ GitHub's "teams" feature is basically a free, zero-ops [IdP](https://en.wikipedi | |
|
||
Install aeneid with your usual package manager. If that's not possible, you can use cargo. | ||
|
||
**cargo** (not recommended, see FAQ): `cargo install aeneid && cp $(whereis aeneid | cut -f 2 -d " ") /usr/local/bin && cargo uninstall aeneid && sudo /usr/local/bin/aeneid --init init` | ||
**deb** (Debian, Ubuntu, etc): [download from GitHub releases](https://github.com/nikhiljha/aeneid/releases) then `dpkg -i /path/to/aeneid.deb` | ||
|
||
**rpm** (Fedora, RHEL, etc): [download from GitHub releases](https://github.com/nikhiljha/aeneid/releases) then `rpm -i /path/to/aeneid.rpm` | ||
|
||
**nix** (NixOS, etc): coming soon (TM)... | ||
|
||
**cargo** (not recommended, see FAQ): `cargo install aeneid && cp $(whereis aeneid | cut -f 2 -d " ") /usr/local/bin && cargo uninstall aeneid && sudo /usr/local/bin/aeneid --init` | ||
|
||
## Configuration | ||
|
||
**Automatic Configuration** | ||
|
||
If you used one of the commands in the installation section, everything should be automatically configured. Just add credentials to `/etc/aeneid/config.toml`. | ||
If you used one of the commands in the installation section, everything should be automatically configured. Just add credentials (and/or overrides) to `/etc/aeneid/config.toml`, and then run `sudo aeneid --init` to automatically configure your sshd. If you'd rather manually configure your sshd, see the paragraph about sshd in the manual configuration section. | ||
|
||
**Manual Configuration** | ||
|
||
|
@@ -33,11 +39,12 @@ You'll also need to set `AuthorizedKeysCommand /path/to/bin/aeneid` and `Authori | |
|
||
## Usage | ||
|
||
If your GitHub username starts with a number, prefix your username with an `_` to login. Otherwise, your username is your GitHub username. See the `unix_to_github` function in `main.rs` for more information. | ||
If you specified a unix username in `overrides`, use that username. If you're using GitHub teams, and your username starts with a number, prefix your username with an `_` to login. Otherwise, your username is your GitHub username. See the `unix_to_github` function in `main.rs` for more information. | ||
|
||
Automatically creating users is currently unsupported, you'll need to create the corresponding user manually before logging in (`adduser username`). | ||
Automatically creating users is currently unsupported, you'll need to create the corresponding user manually before first login (`adduser username`). | ||
|
||
```bash | ||
$ # make sure ssh is setup with your GitHub keys, then... | ||
$ ssh [email protected] # that's it | ||
``` | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
# the presence of this file will break aeneid --init |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# adapted from PostgreSQL postgresql-common.postinst | ||
if [ "$1" = configure ]; then | ||
# Make sure the administrative user exists | ||
if ! getent passwd aeneid > /dev/null; then | ||
adduser --system $quiet --home /etc/aeneid --no-create-home \ | ||
--shell /bin/bash --group --gecos "aeneid user" aeneid | ||
fi | ||
# if the user was created manually, make sure the group is there as well | ||
if ! getent group aeneid > /dev/null; then | ||
addgroup --system $quiet aeneid | ||
fi | ||
# make sure aeneid is in the aeneid group | ||
if ! id -Gn aeneid | grep -qw aeneid; then | ||
adduser $quiet aeneid aeneid | ||
fi | ||
|
||
# check validity of aeneid user and group | ||
if [ "`id -u aeneid`" -eq 0 ]; then | ||
echo "The aeneid system user must not have uid 0 (root). | ||
Please fix this and reinstall this package." >&2 | ||
exit 1 | ||
fi | ||
if [ "`id -g aeneid`" -eq 0 ]; then | ||
echo "The aeneid system user must not have root as primary group. | ||
Please fix this and reinstall this package." >&2 | ||
exit 1 | ||
fi | ||
|
||
# ensure config directory ownership | ||
mkdir -p /etc/aeneid | ||
su -s /bin/sh aeneid -c "test -O /etc/aeneid && | ||
test -G /etc/aeneid" || \ | ||
chown -R aeneid:aeneid /etc/aeneid | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
%define __spec_install_post %{nil} | ||
%define __os_install_post %{_dbpath}/brp-compress | ||
%define debug_package %{nil} | ||
|
||
Name: aeneid | ||
Summary: use GitHub as a free, zero-ops Identity Provider | ||
Version: @@VERSION@@ | ||
Release: @@RELEASE@@%{?dist} | ||
License: GPLv3 | ||
Group: Applications/System | ||
Source0: %{name}-%{version}.tar.gz | ||
URL: https://nikhiljha.com/projects/ | ||
|
||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root | ||
|
||
%description | ||
%{summary} | ||
|
||
%prep | ||
%setup -q | ||
|
||
%install | ||
rm -rf %{buildroot} | ||
mkdir -p %{buildroot} | ||
cp -a * %{buildroot} | ||
|
||
%clean | ||
rm -rf %{buildroot} | ||
|
||
%files | ||
%defattr(-,root,root,-) | ||
%{_bindir}/* | ||
%config(noreplace) %{_sysconfdir}/aeneid/config.toml | ||
|
||
%post | ||
# create aeneid user | ||
groupadd -r aeneid >/dev/null 2>&1 || : | ||
useradd -M -n -g aeneid -r -d /etc/aeneid -s /bin/bash \ | ||
-c "aeneid user" aeneid >/dev/null 2>&1 || : | ||
# create directories so aeneid can store caches and read config files | ||
install -d -o aeneid -g aeneid /etc/aeneid | ||
chown -R aeneid:aeneid /etc/aeneid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,8 +12,12 @@ fn main() { | |
.version(env!("CARGO_PKG_VERSION")) | ||
.author("Nikhil Jha <[email protected]>") | ||
.about("authenticate SSH users with their GitHub authorized_keys") | ||
.arg("-i, --init 'initialize aeneid'") | ||
.arg("<username> 'a unix username'") | ||
.arg("-i, --init 'Initializes aeneid'") | ||
.arg(clap::Arg::new("username") | ||
.conflicts_with("init") | ||
.required(true) | ||
.about("a unix username") | ||
) | ||
.get_matches(); | ||
|
||
if args.is_present("init") { | ||
|