From d23144bf7c1577b8a7da0cd5596a86fed514ee95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Wed, 21 Feb 2024 06:39:29 +0100 Subject: [PATCH 01/12] examplebroker: Fix installation path for config file --- examplebroker/ExampleBroker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examplebroker/ExampleBroker b/examplebroker/ExampleBroker index 7db07d6506..4c494d004e 100644 --- a/examplebroker/ExampleBroker +++ b/examplebroker/ExampleBroker @@ -1,4 +1,4 @@ -# Add this to /etc/authd/broker.d to configure the ExampleBroker +# Add this to /etc/authd/brokers.d to configure the ExampleBroker [authd] name = ExampleBroker brand_icon = /usr/share/backgrounds/warty-final-ubuntu.png From e8ba3753508861a3d595a7da87537c3401801728 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Wed, 21 Feb 2024 06:39:08 +0100 Subject: [PATCH 02/12] examplebroker: Rename config and interface files to match actual name --- ...uth.ExampleBroker.conf => com.ubuntu.authd.ExampleBroker.conf} | 0 ....auth.ExampleBroker.xml => com.ubuntu.authd.ExampleBroker.xml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename examplebroker/{com.ubuntu.auth.ExampleBroker.conf => com.ubuntu.authd.ExampleBroker.conf} (100%) rename examplebroker/{com.ubuntu.auth.ExampleBroker.xml => com.ubuntu.authd.ExampleBroker.xml} (100%) diff --git a/examplebroker/com.ubuntu.auth.ExampleBroker.conf b/examplebroker/com.ubuntu.authd.ExampleBroker.conf similarity index 100% rename from examplebroker/com.ubuntu.auth.ExampleBroker.conf rename to examplebroker/com.ubuntu.authd.ExampleBroker.conf diff --git a/examplebroker/com.ubuntu.auth.ExampleBroker.xml b/examplebroker/com.ubuntu.authd.ExampleBroker.xml similarity index 100% rename from examplebroker/com.ubuntu.auth.ExampleBroker.xml rename to examplebroker/com.ubuntu.authd.ExampleBroker.xml From 3d18c2caf1d7c47aa4a8c80c6401eddd96ba30e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Wed, 21 Feb 2024 06:42:49 +0100 Subject: [PATCH 03/12] examplebroker: Add standalone example broker implementation --- examplebroker/examplebroker-bin/main.go | 28 +++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 examplebroker/examplebroker-bin/main.go diff --git a/examplebroker/examplebroker-bin/main.go b/examplebroker/examplebroker-bin/main.go new file mode 100644 index 0000000000..52f2aa1b7f --- /dev/null +++ b/examplebroker/examplebroker-bin/main.go @@ -0,0 +1,28 @@ +//go:build with_standalone_examplebroker + +package main + +import ( + "context" + "log" + "os" + + "github.com/ubuntu/authd/examplebroker" +) + +func main() { + // Create the directory for the broker configuration files. + cfgPath, err := os.MkdirTemp(os.TempDir(), "standalonebroker.d") + if err != nil { + log.Fatal(err) + } + defer os.RemoveAll(cfgPath) + + conn, err := examplebroker.StartBus(cfgPath) + if err != nil { + log.Fatal("Error starting standalone broker:", err) + } + defer conn.Close() + + <-context.Background().Done() +} From 50a09cdff36add7a6bcfcc67cc4f64c805e81164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Wed, 21 Feb 2024 06:46:24 +0100 Subject: [PATCH 04/12] systemd: Add examplebroker service file --- debian/authd-example-broker.service | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 debian/authd-example-broker.service diff --git a/debian/authd-example-broker.service b/debian/authd-example-broker.service new file mode 100644 index 0000000000..3315be2985 --- /dev/null +++ b/debian/authd-example-broker.service @@ -0,0 +1,20 @@ +[Unit] +Description=Authd Example Broker +After=authd.service +Requires=authd.service + +[Service] +Type=dbus +BusName=com.ubuntu.authd.ExampleBroker +ExecStart=/usr/libexec/authd-examplebroker +Restart=on-failure + +# Some daemon restrictions +ProtectSystem=strict +ProtectControlGroups=true +ProtectHome=true +ProtectKernelModules=true +PrivateTmp=true +RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK +MemoryDenyWriteExecute=true +RestrictRealtime=true From 3783a16eb160d7f6d7162fb788ba7c3fc4b2276d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Wed, 21 Feb 2024 07:17:17 +0100 Subject: [PATCH 05/12] examplebroker: Add default dbus service config --- examplebroker/com.ubuntu.authd.ExampleBroker.service | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 examplebroker/com.ubuntu.authd.ExampleBroker.service diff --git a/examplebroker/com.ubuntu.authd.ExampleBroker.service b/examplebroker/com.ubuntu.authd.ExampleBroker.service new file mode 100644 index 0000000000..8684d4736d --- /dev/null +++ b/examplebroker/com.ubuntu.authd.ExampleBroker.service @@ -0,0 +1,5 @@ +[D-BUS Service] +Name=com.ubuntu.authd.ExampleBroker +Exec=/bin/false +User=root +SystemdService=authd-example-broker.service From b3f64c5b867c65e2e6fe49a87873be0cba240a9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 02:13:08 +0100 Subject: [PATCH 06/12] debian: Add authd-example-broker package In order to do integration tests, autopkgtests or manual tests we may need to have a simple broker installed. So expose the example broker as a separate binary pacakge so that we can easily install it when required. --- debian/authd-example-broker.install | 7 +++++++ ...broker.service => authd-example-broker.service.in} | 2 +- debian/control | 11 +++++++++++ debian/rules | 9 +++++++-- 4 files changed, 26 insertions(+), 3 deletions(-) create mode 100755 debian/authd-example-broker.install rename debian/{authd-example-broker.service => authd-example-broker.service.in} (88%) diff --git a/debian/authd-example-broker.install b/debian/authd-example-broker.install new file mode 100755 index 0000000000..92838f42d6 --- /dev/null +++ b/debian/authd-example-broker.install @@ -0,0 +1,7 @@ +#!/usr/bin/dh-exec + +usr/bin/examplebroker-bin => ${AUTHD_DAEMONS_PATH}/authd-examplebroker + +examplebroker/com.ubuntu.authd.ExampleBroker.conf /usr/share/dbus-1/system.d +examplebroker/ExampleBroker /etc/authd/brokers.d +examplebroker/com.ubuntu.authd.ExampleBroker.service /usr/share/dbus-1/system-services diff --git a/debian/authd-example-broker.service b/debian/authd-example-broker.service.in similarity index 88% rename from debian/authd-example-broker.service rename to debian/authd-example-broker.service.in index 3315be2985..d1c2af4bec 100644 --- a/debian/authd-example-broker.service +++ b/debian/authd-example-broker.service.in @@ -6,7 +6,7 @@ Requires=authd.service [Service] Type=dbus BusName=com.ubuntu.authd.ExampleBroker -ExecStart=/usr/libexec/authd-examplebroker +ExecStart=@AUTHD_DAEMONS_PATH@/authd-examplebroker Restart=on-failure # Some daemon restrictions diff --git a/debian/control b/debian/control index 4c18714cf6..99a8d7fb65 100644 --- a/debian/control +++ b/debian/control @@ -41,3 +41,14 @@ Description: ${source:Synopsis} . This package contains the authentication daemon together with the PAM & NSS modules. + +Package: authd-example-broker +Recommends: authd +Architecture: any +Built-Using: ${misc:Built-Using}, +Depends: ${shlibs:Depends}, + ${misc:Depends}, +Description: ${source:Synopsis} - Example broker + ${source:Extended-Description} + . + This package contains an example broker for testing and autopkgtests purposes. diff --git a/debian/rules b/debian/rules index 3002aea430..83c45a56a2 100755 --- a/debian/rules +++ b/debian/rules @@ -49,10 +49,10 @@ export AUTHD_SKIP_ROOT_TESTS := 1 export DH_GOLANG_BUILDPKG := $(AUTHD_GO_PACKAGE)/... \ $(NULL) -BUILDDIR := $(CURDIR)/obj-$(DEB_HOST_GNU_TYPE) - export BUILT_PAM_LIBS_PATH := obj-$(DEB_HOST_GNU_TYPE)/src/$(AUTHD_GO_PACKAGE)/pam +EXAMPLE_BROKER_BUILD_TAG := with_standalone_examplebroker + %: # --without=single-binary can be removed with dh 15. dh $@ --buildsystem=golang --with=golang,apport --without=single-binary @@ -93,6 +93,11 @@ override_dh_auto_build: # Build the daemon dh_auto_build -- $(AUTHD_GO_PACKAGE)/cmd/authd + # Build the example broker because otherwise it's not + # part of the normal install. + dh_auto_build -- -tags $(EXAMPLE_BROKER_BUILD_TAG) \ + $(AUTHD_GO_PACKAGE)/examplebroker/examplebroker-bin + override_dh_auto_install: dh_auto_install --destdir=debian/tmp -- --no-source From e03ab22f56afc66b62d303a0d810a24cc57cc027 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 14:46:39 +0100 Subject: [PATCH 07/12] debian: Move authd debhelper files to authd package namespace Using default names would make those files to use the first package, but let's be cleaner. --- debian/{apport => authd.apport} | 0 debian/{docs => authd.docs} | 0 debian/{install => authd.install} | 0 debian/{lintian-overrides => authd.lintian-overrides} | 0 debian/{postinst => authd.postinst} | 0 debian/{postrm => authd.postrm} | 0 debian/{prerm => authd.prerm} | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename debian/{apport => authd.apport} (100%) rename debian/{docs => authd.docs} (100%) rename debian/{install => authd.install} (100%) rename debian/{lintian-overrides => authd.lintian-overrides} (100%) rename debian/{postinst => authd.postinst} (100%) rename debian/{postrm => authd.postrm} (100%) rename debian/{prerm => authd.prerm} (100%) diff --git a/debian/apport b/debian/authd.apport similarity index 100% rename from debian/apport rename to debian/authd.apport diff --git a/debian/docs b/debian/authd.docs similarity index 100% rename from debian/docs rename to debian/authd.docs diff --git a/debian/install b/debian/authd.install similarity index 100% rename from debian/install rename to debian/authd.install diff --git a/debian/lintian-overrides b/debian/authd.lintian-overrides similarity index 100% rename from debian/lintian-overrides rename to debian/authd.lintian-overrides diff --git a/debian/postinst b/debian/authd.postinst similarity index 100% rename from debian/postinst rename to debian/authd.postinst diff --git a/debian/postrm b/debian/authd.postrm similarity index 100% rename from debian/postrm rename to debian/authd.postrm diff --git a/debian/prerm b/debian/authd.prerm similarity index 100% rename from debian/prerm rename to debian/authd.prerm From 6165cb3cac597c0cd915068b36df1a184edea4fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 16:10:46 +0100 Subject: [PATCH 08/12] debian/rules: Disable (and mask) the authd-example-broker service by default --- debian/authd-example-broker.postinst | 11 +++++++++++ debian/rules | 7 +++++++ 2 files changed, 18 insertions(+) create mode 100644 debian/authd-example-broker.postinst diff --git a/debian/authd-example-broker.postinst b/debian/authd-example-broker.postinst new file mode 100644 index 0000000000..60950588f7 --- /dev/null +++ b/debian/authd-example-broker.postinst @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +# Mask the service by default, unless it was previuously enabled. +if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/system ] && [ "$1" = configure ]; then + if [ -z "$2" ] || ! deb-systemd-helper was‐enabled; then + deb-systemd-helper mask 'authd-example-broker.service' + fi +fi diff --git a/debian/rules b/debian/rules index 83c45a56a2..54544ed286 100755 --- a/debian/rules +++ b/debian/rules @@ -106,3 +106,10 @@ override_dh_auto_install: # Install gdm-PAM config file dh_installpam -pauthd --name=gdm-authd + +override_dh_installsystemd: + dh_installsystemd -pauthd + dh_installsystemd -pauthd-example-broker \ + --no-enable \ + --no-start \ + $(NULL) From ef849e9a62524b73bdc82a345bdb652bec111cb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Mon, 26 Feb 2024 16:20:41 +0100 Subject: [PATCH 09/12] debian: Do not install example-broker systemd service or config file These are now installed as examples and can be manually added to the proper locations for testing purposes --- debian/authd-example-broker.examples | 2 ++ debian/authd-example-broker.install | 1 - debian/authd-example-broker.postinst | 11 ----------- debian/rules | 5 +---- 4 files changed, 3 insertions(+), 16 deletions(-) create mode 100644 debian/authd-example-broker.examples delete mode 100644 debian/authd-example-broker.postinst diff --git a/debian/authd-example-broker.examples b/debian/authd-example-broker.examples new file mode 100644 index 0000000000..21463bfefd --- /dev/null +++ b/debian/authd-example-broker.examples @@ -0,0 +1,2 @@ +examplebroker/ExampleBroker +debian/authd-example-broker.service diff --git a/debian/authd-example-broker.install b/debian/authd-example-broker.install index 92838f42d6..1d9782b82a 100755 --- a/debian/authd-example-broker.install +++ b/debian/authd-example-broker.install @@ -3,5 +3,4 @@ usr/bin/examplebroker-bin => ${AUTHD_DAEMONS_PATH}/authd-examplebroker examplebroker/com.ubuntu.authd.ExampleBroker.conf /usr/share/dbus-1/system.d -examplebroker/ExampleBroker /etc/authd/brokers.d examplebroker/com.ubuntu.authd.ExampleBroker.service /usr/share/dbus-1/system-services diff --git a/debian/authd-example-broker.postinst b/debian/authd-example-broker.postinst deleted file mode 100644 index 60950588f7..0000000000 --- a/debian/authd-example-broker.postinst +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -set -e - -#DEBHELPER# - -# Mask the service by default, unless it was previuously enabled. -if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/system ] && [ "$1" = configure ]; then - if [ -z "$2" ] || ! deb-systemd-helper was‐enabled; then - deb-systemd-helper mask 'authd-example-broker.service' - fi -fi diff --git a/debian/rules b/debian/rules index 54544ed286..aa137fdae6 100755 --- a/debian/rules +++ b/debian/rules @@ -108,8 +108,5 @@ override_dh_auto_install: dh_installpam -pauthd --name=gdm-authd override_dh_installsystemd: + # Install example-broker service file only by default dh_installsystemd -pauthd - dh_installsystemd -pauthd-example-broker \ - --no-enable \ - --no-start \ - $(NULL) From b90d0b227a86eaaecc400697558841aaa54320ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Mon, 26 Feb 2024 18:47:03 +0100 Subject: [PATCH 10/12] examplebroker/ExampleBroker: Rename it in examplebroker/ExampleBroker.conf Helps: #219 --- debian/authd-example-broker.examples | 2 +- examplebroker/{ExampleBroker => ExampleBroker.conf} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename examplebroker/{ExampleBroker => ExampleBroker.conf} (100%) diff --git a/debian/authd-example-broker.examples b/debian/authd-example-broker.examples index 21463bfefd..413772cdd8 100644 --- a/debian/authd-example-broker.examples +++ b/debian/authd-example-broker.examples @@ -1,2 +1,2 @@ -examplebroker/ExampleBroker +examplebroker/ExampleBroker.conf debian/authd-example-broker.service diff --git a/examplebroker/ExampleBroker b/examplebroker/ExampleBroker.conf similarity index 100% rename from examplebroker/ExampleBroker rename to examplebroker/ExampleBroker.conf From d3d658192740e4aa970f2d752bb9c9cf0f3e166d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Mon, 26 Feb 2024 18:49:41 +0100 Subject: [PATCH 11/12] debian/authd-example-broker.examples: Add simple broker installer script --- debian/authd-example-broker.examples | 1 + debian/authd-example-broker.installer.sh | 45 ++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100755 debian/authd-example-broker.installer.sh diff --git a/debian/authd-example-broker.examples b/debian/authd-example-broker.examples index 413772cdd8..ed62a0e05d 100644 --- a/debian/authd-example-broker.examples +++ b/debian/authd-example-broker.examples @@ -1,2 +1,3 @@ examplebroker/ExampleBroker.conf debian/authd-example-broker.service +debian/authd-example-broker.installer.sh diff --git a/debian/authd-example-broker.installer.sh b/debian/authd-example-broker.installer.sh new file mode 100755 index 0000000000..37e99956f9 --- /dev/null +++ b/debian/authd-example-broker.installer.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +set -eu + +usage() { + echo "$0 [install | uninstall | help]" +} + +if [ -z "$0" ]; then + usage + exit 1 +fi + +if [ "$(id -u)" != 0 ]; then + echo "Need to run as root" + exit +fi + +SYSTEMD_SERVICE=authd-example-broker.service +CONFIG_FILE=ExampleBroker.conf + +if [ "$1" = "install" ]; then + install -m644 \ + /usr/share/doc/authd-example-broker/examples/"${CONFIG_FILE}" \ + -Dt /etc/authd/brokers.d + + install -m644 \ + /usr/share/doc/authd-example-broker/examples/"${SYSTEMD_SERVICE}" \ + -Dt /usr/lib/systemd/system + + systemctl daemon-reload +elif [ "$1" = "uninstall" ]; then + rm -fv /etc/authd/brokers.d/"${CONFIG_FILE}" + rmdir -v /etc/authd/brokers.d 2>/dev/null || true + rm -fv /usr/lib/systemd/system/"${SYSTEMD_SERVICE}" + + systemctl daemon-reload +elif [ "$1" = "help" ]; then + usage + exit 0 +else + echo "unknown command '$1'" + usage + exit 1 +fi From 10b16e8deb48f51a98aa32e223caa19d1faca700 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Tue, 5 Mar 2024 12:14:12 +0100 Subject: [PATCH 12/12] debian: do Use ${env:...} syntax for installing with rename This wasn't supported by older dh-exec but it is now, so let's use it to be more consistent with other files --- debian/authd-example-broker.install | 2 +- debian/authd.install | 2 +- debian/control | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/authd-example-broker.install b/debian/authd-example-broker.install index 1d9782b82a..0f36ccc399 100755 --- a/debian/authd-example-broker.install +++ b/debian/authd-example-broker.install @@ -1,6 +1,6 @@ #!/usr/bin/dh-exec -usr/bin/examplebroker-bin => ${AUTHD_DAEMONS_PATH}/authd-examplebroker +usr/bin/examplebroker-bin => ${env:AUTHD_DAEMONS_PATH}/authd-examplebroker examplebroker/com.ubuntu.authd.ExampleBroker.conf /usr/share/dbus-1/system.d examplebroker/com.ubuntu.authd.ExampleBroker.service /usr/share/dbus-1/system-services diff --git a/debian/authd.install b/debian/authd.install index 180aa90b86..cb97181145 100755 --- a/debian/authd.install +++ b/debian/authd.install @@ -11,4 +11,4 @@ ${env:BUILT_PAM_LIBS_PATH}/pam_authd.so ${env:AUTHD_PAM_MODULES_PATH} ${env:BUILT_PAM_LIBS_PATH}/go-loader/pam_go_loader.so ${env:AUTHD_PAM_MODULES_PATH} # Install NSS library with right soname -target/${DEB_HOST_RUST_TYPE}/release/libnss_authd.so => /usr/lib/${DEB_TARGET_GNU_TYPE}/libnss_authd.so.2 +target/${env:DEB_HOST_RUST_TYPE}/release/libnss_authd.so => /usr/lib/${env:DEB_TARGET_GNU_TYPE}/libnss_authd.so.2 diff --git a/debian/control b/debian/control index 99a8d7fb65..fd0e005e37 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: debhelper-compat (= 13), dbus , dh-apport, dh-cargo, - dh-exec, + dh-exec (>= 0.29), dh-golang, dctrl-tools, golang-go (>= 2:1.22~),