VA
/
appliances-old
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

privacyIDEA: use gentoo kernel (hardened is unsupported), updates

This commit is contained in:
Joerg Deckert 2018-09-16 10:00:30 +02:00
parent d00aa2ecc5
commit 90f9133630
8 changed files with 530 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
privacyidea/Makefile
View File

@ -5,7 +5,6 @@ preinstall:
$(inroot) $(EMERGE) $(USEPKG) --oneshot gcc
$(inroot) $(EMERGE) $(USEPKG) --oneshot binutils virtual/libc
-$(gcc_config)
## $(inroot) $(EMERGE) --depclean --with-bdeps=n
$(inroot) $(EMERGE) $(USEPKG) --emptytree @world
$(inroot) bash -c 'yes YES | etc-update --automode -9'
@ -15,11 +14,10 @@ preinstall:
wget -P $(CHROOT)/etc/layman/overlays http://dev.unitas-network.de/raw/Gentoo/Unitas.git/master/unitas-overlays.xml
$(inroot) layman -l | grep -q unitas || $(inroot) layman -La unitas
postinstall: timesyncd.conf installgrub.sh grub.shell firstboot.start
postinstall: timesyncd.conf firstboot.start
# Konfigurationen anpassen
cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
cp installgrub.sh $(CHROOT)/installgrub.sh
cp grub.shell $(CHROOT)/grub.shell
mkdir -p $(CHROOT)/etc/local.d
cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start
touch $(CHROOT)/firstboot
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers

766
privacyidea/kernel.config
View File

File diff suppressed because it is too large Load Diff

5
privacyidea/make.conf
View File

@ -1,6 +1,7 @@
CFLAGS="-O2 -pipe"
CXXFLAGS="-O2 -pipe"
USE="hardened justify pax_kernel pie ssp urandom xattr xtpax -fortran -jit -orc -pch -pic -prelink -profile -tcc"
USE="hardened justify pie ssp urandom xattr -fortran -jit -orc -pch -pic -prelink -profile -tcc"
MAKEOPTS="-j5"
PYTHON_TARGETS="python2_7"
# privacyIDEA/wsgi braucht Python2.7, Python3.5 ist default im aktuellen stage3
PYTHON_TARGETS="python2_7 python3_5"
PYTHON_SINGLE_TARGET="python2_7"

22
privacyidea/mariadb/my.cnf
View File

@ -8,34 +8,38 @@ port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
character-sets-dir=/usr/share/mysql/charsets
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqladmin]
character-sets-dir=/usr/share/mysql/charsets
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqlcheck]
character-sets-dir=/usr/share/mysql/charsets
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqldump]
character-sets-dir=/usr/share/mysql/charsets
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqlimport]
character-sets-dir=/usr/share/mysql/charsets
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqlshow]
character-sets-dir=/usr/share/mysql/charsets
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[myisamchk]
character-sets-dir=/usr/share/mysql/charsets
character-sets-dir=/usr/share/mariadb/charsets
[myisampack]
character-sets-dir=/usr/share/mysql/charsets
character-sets-dir=/usr/share/mariadb/charsets
# use [safe_mysqld] with mysql-3
[mysqld_safe]
err-log = /var/log/mysql/mysql.err
# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
[mysqld]
@ -56,7 +60,7 @@ net_buffer_length = 16K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
lc_messages_dir = /usr/share/mysql
lc_messages_dir = /usr/share/mariadb
#Set this to your desired error message language
lc_messages = en_US

14
privacyidea/package.keywords
View File

@ -1,12 +1,10 @@
# base
app-admin/paxtest ~amd64 ~x86
# base (xml-security-c for open-vm-tools)
app-emulation/open-vm-tools ~amd64 ~x86
dev-libs/xml-security-c ~amd64 ~x86
sys-auth/pam_ssh_agent_auth ~amd64 ~x86
sys-kernel/gentoo-sources ~amd64 ~x86
sys-kernel/hardened-sources ~amd64 ~x86
#MariaDB mit SystemD-Support
dev-db/mariadb ~amd64 ~x86
###MariaDB mit SystemD-Support
##dev-db/mariadb ~amd64 ~x86
# privacyIDEA
dev-python/responses
@ -24,5 +22,5 @@ dev-python/pytest-cov
# grunt, wird nur zur privacyIDEA-Translation benötigt
dev-nodejs/*
# FreeRADIUS mit systemd-Support
net-dialup/freeradius
### FreeRADIUS mit systemd-Support
##net-dialup/freeradius

5
privacyidea/package.use
View File

@ -4,7 +4,8 @@ app-editors/nano ncurses
app-emulation/open-vm-tools pic -modules
app-misc/mc -slang
dev-lang/python ssl threads xml
dev-libs/libpcre cxx
dev-libs/libpcre cxx jit
dev-libs/libpcre2 jit
dev-util/pkgconfig internal-glib
net-misc/openssh ssl
net-misc/wget ssl
@ -15,7 +16,7 @@ sys-apps/portage ipc
sys-auth/pambase nullok sha512
sys-devel/gcc cxx nptl
sys-kernel/gentoo-sources symlink
sys-kernel/hardened-sources symlink
x11-libs/libdrm video_cards_vmware
# Monitoring
net-analyzer/zabbix agent

2
privacyidea/privacyidea.cfg
View File

@ -11,7 +11,7 @@
##SOFTWARE = 1
##PKGLIST = 0
##RSYNC_MIRROR = rsync://rsync15.de.gentoo.org/gentoo/
KERNEL_PKG = hardened-sources
##KERNEL_PKG = gentoo-sources
KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config
ENABLE_SSHD = YES
TIMEZONE=Europe/Berlin

4
privacyidea/world
View File

@ -1,13 +1,9 @@
app-admin/logrotate
app-admin/paxtest
app-admin/sudo
app-emulation/open-vm-tools
app-misc/mc
app-misc/screenservice
net-analyzer/zabbix
sys-apps/elfix
sys-apps/gradm
sys-apps/paxctl
sys-auth/pam_ssh_agent_auth
sys-power/acpid
dev-db/mariadb