CyberNinjas / pam_aad

Azure Active Directory PAM Module
GNU General Public License v3.0
54 stars 19 forks source link

Distro-specific packaging #32

Open Jnchi opened 5 years ago

Jnchi commented 5 years ago
Jnchi commented 5 years ago

RPM for RHEL-based distributions

%global debug_package ${nil}

Name:           aad-auth
Version:        0.0.1
Release:        0
Summary:        Bundles pam_aad, libnss_aad and dependencies

Group:          System Environment/Base
License:        GPLv3+
URL:            https://github.com/CyberNinjas
Source0:        aad-auth-0.0.1.tar.gz

BuildArch: x86_64
Requires: jansson libcurl libuuid openssl
Provides: libcjson libjwt libsds libsodium

%description
See Package Summary.

%prep
%setup -qD
%build
%install
install -m 0755 -d $RPM_BUILD_ROOT/etc
install -m 0755 -d $RPM_BUILD_ROOT/lib64
install -m 0755 -d $RPM_BUILD_ROOT/lib64/security
install -m 0755 libcjson.so.1.7.10 $RPM_BUILD_ROOT/lib64/libcjson.so.1.7.10
install -m 0755 libjwt.so.0.5.1 $RPM_BUILD_ROOT/lib64/libjwt.so.0.5.1
install -m 0755 libsds.so.2.0.0 $RPM_BUILD_ROOT/lib64/libsds.so.2.0.0
install -m 0755 libsodium.so.23.2.0 $RPM_BUILD_ROOT/lib64/libsodium.so.23.2.0
install -m 0644 pam_aad.conf $RPM_BUILD_ROOT/etc/pam_aad.conf
install -m 0755 pam_aad.so $RPM_BUILD_ROOT/lib64/security/pam_aad.so
install -m 0644 libnss-aad.conf $RPM_BUILD_ROOT/etc/libnss-aad.conf
install -m 0755 libnss_aad.so.2 $RPM_BUILD_ROOT/lib64/libnss_aad.so.2

%post
ln -s /lib64/libcjson.so.1.7.10 /lib64/libcjson.so
ln -s /lib64/libcjson.so.1.7.10 /lib64/libcjson.so.1
ln -s /lib64/libjwt.so.0.5.1 /lib64/libjwt.so
ln -s /lib64/libjwt.so.0.5.1 /lib64/libjwt.so.0
ln -s /lib64/libsds.so.2.0.0 /lib64/libsds.so
ln -s /lib64/libsds.so.2.0.0 /lib64/libsds.so.2
ln -s /lib64/libsodium.so.23.2.0 /lib64/libsodium.so
ln -s /lib64/libsodium.so.23.2.0 /lib64/libsodium.so.23

%files
/lib64/libcjson.so.1.7.10
/lib64/libjwt.so.0.5.1
/lib64/libsds.so.2.0.0
/lib64/libsodium.so.23.2.0
/etc/pam_aad.conf
/lib64/security/pam_aad.so
/etc/libnss-aad.conf
/lib64/libnss_aad.so.2

%changelog
* Mon Apr 22 2019 Lucas Ramage 0.0.1
  - Initial rpm release

See: https://tecadmin.net/create-rpm-of-your-own-script-in-centosredhat

Jnchi commented 5 years ago
docker run -it debian:9.7 /bin/bash
root@0fbfda795408:/# echo "deb https://dl.bintray.com/jnchi/aad unstable main" | tee -a /etc/apt/sources.list.d/aad.list
deb https://dl.bintray.com/jnchi/aad unstable main
root@0fbfda795408:/# apt update && apt install -y libnss-aad libpam-aad
Get:1 http://security-cdn.debian.org/debian-security stretch/updates InRelease [94.3 kB]
Get:2 http://security-cdn.debian.org/debian-security stretch/updates/main amd64 Packages [487 kB]
Ign:3 http://cdn-fastly.deb.debian.org/debian stretch InRelease
Get:4 http://cdn-fastly.deb.debian.org/debian stretch-updates InRelease [91.0 kB]
Get:5 http://cdn-fastly.deb.debian.org/debian stretch Release [118 kB]
Get:6 http://cdn-fastly.deb.debian.org/debian stretch Release.gpg [2434 B]
Get:7 http://cdn-fastly.deb.debian.org/debian stretch-updates/main amd64 Packages [31.7 kB]
Get:8 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 Packages [7082 kB]
Fetched 7907 kB in 35s (224 kB/s)
Reading package lists... Done
E: The method driver /usr/lib/apt/methods/https could not be found.
N: Is the package apt-transport-https installed?
E: Failed to fetch https://dl.bintray.com/jnchi/aad/dists/unstable/InRelease
E: Some index files failed to download. They have been ignored, or old ones used instead.
apt install -y apt-transport-https
Jnchi commented 5 years ago
apt update
Hit:1 http://security-cdn.debian.org/debian-security stretch/updates InRelease
Ign:2 http://cdn-fastly.deb.debian.org/debian stretch InRelease
Ign:5 https://dl.bintray.com/jnchi/aad unstable InRelease
Hit:3 http://cdn-fastly.deb.debian.org/debian stretch-updates InRelease
Hit:4 http://cdn-fastly.deb.debian.org/debian stretch Release
Get:6 https://dl.bintray.com/jnchi/aad unstable Release [1844 B]
Ign:8 https://dl.bintray.com/jnchi/aad unstable Release.gpg
Reading package lists... Done
E: The repository 'https://dl.bintray.com/jnchi/aad unstable Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Be sure to enable GPG signing with bintray keys in repository settings.

Even with signing enabled, it is still failing. 🤔

Jnchi commented 5 years ago

See also: jnchi/puppet-aad

Jnchi commented 5 years ago

Packages over HTTP instead of HTTPS?

https://security.stackexchange.com/questions/165205/ubuntu-how-do-i-download-ppa-software-over-https

Jnchi commented 5 years ago
apt install libnss-aad libpam-aad
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libnss-aad : Depends: libcjson1 (>= 1.7.5) but it is not installable
              Depends: libcurl4 (>= 7.16.2) but it is not installable
              Depends: libsds2.0.0 but it is not installable
              Depends: libsodium23 (>= 0.6.0) but it is not installable
 libpam-aad : Depends: libcurl4 (>= 7.16.2) but it is not installable
              Depends: libjwt0 (>= 1.9.0) but it is not installable
              Depends: libsds2.0.0 but it is not installable
E: Unable to correct problems, you have held broken packages.

Enable unstable repository:

echo "deb http://http.us.debian.org/debian sid main" >> /etc/apt/sources.list
oxr463 commented 4 years ago

See also: https://honk.sigxcpu.org/projects/git-buildpackage/manual-html