VA
/
appliances-old
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

privacyIDEA: use gentoo kernel (hardened is unsupported), updates

This commit is contained in:
Joerg Deckert 2018-09-16 10:00:30 +02:00
parent d00aa2ecc5
commit 90f9133630
8 changed files with 530 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
privacyidea/Makefile
View File

@ -5,7 +5,6 @@ preinstall:
$(inroot) $(EMERGE) $(USEPKG) --oneshot gcc $(inroot) $(EMERGE) $(USEPKG) --oneshot gcc
$(inroot) $(EMERGE) $(USEPKG) --oneshot binutils virtual/libc $(inroot) $(EMERGE) $(USEPKG) --oneshot binutils virtual/libc
-$(gcc_config) -$(gcc_config)
## $(inroot) $(EMERGE) --depclean --with-bdeps=n
$(inroot) $(EMERGE) $(USEPKG) --emptytree @world $(inroot) $(EMERGE) $(USEPKG) --emptytree @world
$(inroot) bash -c 'yes YES | etc-update --automode -9' $(inroot) bash -c 'yes YES | etc-update --automode -9'
@ -15,11 +14,10 @@ preinstall:
wget -P $(CHROOT)/etc/layman/overlays http://dev.unitas-network.de/raw/Gentoo/Unitas.git/master/unitas-overlays.xml wget -P $(CHROOT)/etc/layman/overlays http://dev.unitas-network.de/raw/Gentoo/Unitas.git/master/unitas-overlays.xml
$(inroot) layman -l | grep -q unitas || $(inroot) layman -La unitas $(inroot) layman -l | grep -q unitas || $(inroot) layman -La unitas
postinstall: timesyncd.conf installgrub.sh grub.shell firstboot.start postinstall: timesyncd.conf firstboot.start
# Konfigurationen anpassen # Konfigurationen anpassen
cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
cp installgrub.sh $(CHROOT)/installgrub.sh mkdir -p $(CHROOT)/etc/local.d
cp grub.shell $(CHROOT)/grub.shell
cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start
touch $(CHROOT)/firstboot touch $(CHROOT)/firstboot
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers

766
privacyidea/kernel.config
View File

File diff suppressed because it is too large Load Diff

5
privacyidea/make.conf
View File

@ -1,6 +1,7 @@
CFLAGS="-O2 -pipe" CFLAGS="-O2 -pipe"
CXXFLAGS="-O2 -pipe" CXXFLAGS="-O2 -pipe"
USE="hardened justify pax_kernel pie ssp urandom xattr xtpax -fortran -jit -orc -pch -pic -prelink -profile -tcc" USE="hardened justify pie ssp urandom xattr -fortran -jit -orc -pch -pic -prelink -profile -tcc"
MAKEOPTS="-j5" MAKEOPTS="-j5"
PYTHON_TARGETS="python2_7" # privacyIDEA/wsgi braucht Python2.7, Python3.5 ist default im aktuellen stage3
PYTHON_TARGETS="python2_7 python3_5"
PYTHON_SINGLE_TARGET="python2_7" PYTHON_SINGLE_TARGET="python2_7"

22
privacyidea/mariadb/my.cnf
View File

@ -8,34 +8,38 @@ port = 3306
socket = /var/run/mysqld/mysqld.sock socket = /var/run/mysqld/mysqld.sock
[mysql] [mysql]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqladmin] [mysqladmin]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqlcheck] [mysqlcheck]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqldump] [mysqldump]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqlimport] [mysqlimport]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqlshow] [mysqlshow]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[myisamchk] [myisamchk]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
[myisampack] [myisampack]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
# use [safe_mysqld] with mysql-3
[mysqld_safe]
err-log = /var/log/mysql/mysql.err
# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations # add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
[mysqld] [mysqld]
@ -56,7 +60,7 @@ net_buffer_length = 16K
read_buffer_size = 256K read_buffer_size = 256K
read_rnd_buffer_size = 512K read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M myisam_sort_buffer_size = 8M
lc_messages_dir = /usr/share/mysql lc_messages_dir = /usr/share/mariadb
#Set this to your desired error message language #Set this to your desired error message language
lc_messages = en_US lc_messages = en_US

14
privacyidea/package.keywords
View File

@ -1,12 +1,10 @@
# base # base (xml-security-c for open-vm-tools)
app-admin/paxtest ~amd64 ~x86
app-emulation/open-vm-tools ~amd64 ~x86 app-emulation/open-vm-tools ~amd64 ~x86
dev-libs/xml-security-c ~amd64 ~x86
sys-auth/pam_ssh_agent_auth ~amd64 ~x86 sys-auth/pam_ssh_agent_auth ~amd64 ~x86
sys-kernel/gentoo-sources ~amd64 ~x86
sys-kernel/hardened-sources ~amd64 ~x86
#MariaDB mit SystemD-Support ###MariaDB mit SystemD-Support
dev-db/mariadb ~amd64 ~x86 ##dev-db/mariadb ~amd64 ~x86
# privacyIDEA # privacyIDEA
dev-python/responses dev-python/responses
@ -24,5 +22,5 @@ dev-python/pytest-cov
# grunt, wird nur zur privacyIDEA-Translation benötigt # grunt, wird nur zur privacyIDEA-Translation benötigt
dev-nodejs/* dev-nodejs/*
# FreeRADIUS mit systemd-Support ### FreeRADIUS mit systemd-Support
net-dialup/freeradius ##net-dialup/freeradius

5
privacyidea/package.use
View File

@ -4,7 +4,8 @@ app-editors/nano ncurses
app-emulation/open-vm-tools pic -modules app-emulation/open-vm-tools pic -modules
app-misc/mc -slang app-misc/mc -slang
dev-lang/python ssl threads xml dev-lang/python ssl threads xml
dev-libs/libpcre cxx dev-libs/libpcre cxx jit
dev-libs/libpcre2 jit
dev-util/pkgconfig internal-glib dev-util/pkgconfig internal-glib
net-misc/openssh ssl net-misc/openssh ssl
net-misc/wget ssl net-misc/wget ssl
@ -15,7 +16,7 @@ sys-apps/portage ipc
sys-auth/pambase nullok sha512 sys-auth/pambase nullok sha512
sys-devel/gcc cxx nptl sys-devel/gcc cxx nptl
sys-kernel/gentoo-sources symlink sys-kernel/gentoo-sources symlink
sys-kernel/hardened-sources symlink x11-libs/libdrm video_cards_vmware
# Monitoring # Monitoring
net-analyzer/zabbix agent net-analyzer/zabbix agent

2
privacyidea/privacyidea.cfg
View File

@ -11,7 +11,7 @@
##SOFTWARE = 1 ##SOFTWARE = 1
##PKGLIST = 0 ##PKGLIST = 0
##RSYNC_MIRROR = rsync://rsync15.de.gentoo.org/gentoo/ ##RSYNC_MIRROR = rsync://rsync15.de.gentoo.org/gentoo/
KERNEL_PKG = hardened-sources ##KERNEL_PKG = gentoo-sources
KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config
ENABLE_SSHD = YES ENABLE_SSHD = YES
TIMEZONE=Europe/Berlin TIMEZONE=Europe/Berlin

4
privacyidea/world
View File

@ -1,13 +1,9 @@
app-admin/logrotate app-admin/logrotate
app-admin/paxtest
app-admin/sudo app-admin/sudo
app-emulation/open-vm-tools app-emulation/open-vm-tools
app-misc/mc app-misc/mc
app-misc/screenservice app-misc/screenservice
net-analyzer/zabbix net-analyzer/zabbix
sys-apps/elfix
sys-apps/gradm
sys-apps/paxctl
sys-auth/pam_ssh_agent_auth sys-auth/pam_ssh_agent_auth
sys-power/acpid sys-power/acpid
dev-db/mariadb dev-db/mariadb