Wont Run on Ubuntu 24.04 (Cargo version, incompatibility)

[barkermn01]

Firstly let me say this looks like an awesome tool and i would love to have it deployed, but as it stands i can't get it to work.

So I'm having a few problem getting this to work on Ubuntu but i don't think this is actually locked to a Ubuntu issue i think it will effect a lot of distros.

So i got it built like this:

sudo -i

apt update
apt upgrade -y
apt install -y git build-essential libpam0g-dev libudev-dev libssl-dev tpm-udev libtss2-dev libcap-dev libtalloc-dev libtevent-dev libldb-dev libdhash-dev libkrb5-dev libpcre2-dev libclang-18-dev autoconf gettext libsqlite3-dev libdbus-1-dev pkg-config make
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

exit # this is needed to reset the environment to have cargo available
sudo -i

git clone https://github.com/himmelblau-idm/himmelblau.git
cd himmelblau
make

mkdir /usr/lib64/security/
ln -s /root/himmelblau/target/debug/libpam_himmelblau.so /usr/lib64/security/pam_himmelblau.so
ln -s /root/himmelblau/target/debug/libnss_himmelblau.so /usr/lib64/libnss_himmelblau.so.2

mkdir /etc/himmelblau/
cp src/config/himmelblau.conf.example /etc/himmelblau/himmelblau.conf

i had to change the ap install command because Ubuntu repo's are using an outdated version of rust (less than 1.79), so i changed the app to not install cargo and instead i use the sh.rustup.rs method. the problem is this does not install globally and looking at https://github.com/rust-lang/rustup/issues/313 it appears it's not going to anytime soon.

this cerates a problem in that you can not use cargo via sudo, so forced to use root, there is a problem with this though himmelblaud refuses to run as root

warning: `kanidm_utils_users` (lib) generated 1 warning
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.66s
     Running `target/debug/himmelblaud -d -c ./src/config/himmelblau.conf.example`
00000000-0000-0000-0000-000000000000 ERROR    🚨 [error]: Refusing to run - this process must not operate as root.

So as it stands currently there is no way to get this working on any distro that had not built a package managed version of rust that is upto date. since rustup don't to maintain there own package manager repositories that could do this stuck in a catch 22 of need to use sudo to run, can't use sudo because cargo is not bound to a path in the $PATH for all users.

[dmulder]

You don't need cargo to run himmelblaud. It's a binary. The reason there is a root restriction is because you're supposed to run it as a different user (either create a user like himmelblaud or use dynamic users). On openSUSE I've configured it to use dynamic users, see platform/opensuse/himmelblaud.service.

I think your confusion relates to the development instructions in the README. You can run himmelblaud via cargo run, but when you run cargo build, you get binary artifacts in ./target/debug (or ./target/release).

Perhaps I should add a make install command to alleviate this confusion.

Also, FYI, you can ignore the root restriction by passing -r to himmelbluad.

[dmulder]

Until we have installable packages for the majority of distributions, the installation is going to be confusing I'm afraid.

[dmulder]

Also, FYI, don't build the main branch. It's a development branch and is currently broken (the dbus service needs work). Use the stable-0.5.x branch. This is the latest stable version.

[barkermn01]

I was building the main branch as i was just following the debug instructions in the README and trying to run via Cargo to check each step of the way. Since I’m planning to deploy in a live company environment, I wanted to run it in debug mode to ensure everything is working correctly.

Additionally, it would be helpful to update the README for the packages for Ubuntu. The package libcland-dev is not valid i used libclang-18-dev, and other tools are needed. Specifically, cargo should not be installed via apt.

Running the debug process is crucial as part of my suite of testing to demonstrate to my Director that this approach is effective for harmonizing servers on both Windows and Linux using PAM via EntraID Groups.

I also agree that a make install would simplify the process for other users or companies that don’t have to go through multiple boards (I have 2 companies under different cyber security legislature) when deploying this setup. 😄

Also a make development might be useful to setup to setup the debug / build version if people need to test it after all this is primarily an business tool.

[dmulder]

I've created Ubuntu packages to simplify this: https://github.com/himmelblau-idm/himmelblau/releases/tag/0.5.3 This was @run-stop's idea.