From d580021c7e1fa844eeebb64924cfb03ba02d0e56 Mon Sep 17 00:00:00 2001 From: Joerg Deckert Date: Sat, 15 Feb 2020 18:08:26 +0100 Subject: [PATCH] privacyidea: hardcoded user ids, using the new makefile --- privacyidea/Makefile | 21 ++++++++++----------- privacyidea/{ => base}/00-eth0.network | 0 privacyidea/{ => base}/firstboot.start | 0 privacyidea/{ => base}/timesyncd.conf | 0 privacyidea/base/tmux.conf | 3 +++ privacyidea/kernel.config | 8 ++++---- privacyidea/privacyidea.cfg | 2 ++ privacyidea/world | 1 + 8 files changed, 20 insertions(+), 15 deletions(-) rename privacyidea/{ => base}/00-eth0.network (100%) rename privacyidea/{ => base}/firstboot.start (100%) rename privacyidea/{ => base}/timesyncd.conf (100%) create mode 100644 privacyidea/base/tmux.conf diff --git a/privacyidea/Makefile b/privacyidea/Makefile index 58d7c22..51ad8e2 100644 --- a/privacyidea/Makefile +++ b/privacyidea/Makefile @@ -1,4 +1,8 @@ preinstall: + # hardcoded users and groups + $(inroot) useradd --system --comment="created from appliance building - zabbix user" --home-dir="/var/lib/zabbix/home" --shell="/sbin/nologin" --no-create-home --uid 600 --user-group zabbix + $(inroot) useradd --system --comment="created from appliance building - freeradius user" --home-dir="/var/log/radius" --shell="/sbin/nologin" --no-create-home --uid 604 --user-group radius + $(inroot) useradd --system --comment="created from appliance building - privacyidea user" --home-dir="/var/lib/privacyidea/home" --shell="/sbin/nologin" --no-create-home --uid 605 --user-group privacyidea # switch to hardened, build hardened toolchain, rebuild everything mkdir -p $(CHROOT)/etc/portage/profile echo "-hardened" >> $(CHROOT)/etc/portage/profile/use.mask @@ -8,25 +12,20 @@ preinstall: $(inroot) $(EMERGE) $(USEPKG) --emptytree @world $(inroot) bash -c 'yes YES | etc-update --automode -9' - # Unitas-Portage-Overlay einbinden - $(inroot) $(EMERGE) -n $(USEPKG) app-portage/layman - sed -i 's/check_official : Yes/check_official : No/' $(CHROOT)/etc/layman/layman.cfg - wget -P $(CHROOT)/etc/layman/overlays http://dev.unitas-network.de/raw/Gentoo/Unitas.git/master/unitas-overlays.xml - $(inroot) layman -l | grep -q unitas || $(inroot) layman -La unitas - -postinstall: timesyncd.conf firstboot.start +postinstall: base/timesyncd.conf base/firstboot.start # Konfigurationen anpassen - cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf + cp base/timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf mkdir -p $(CHROOT)/etc/local.d - cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start + cp base/firstboot.start $(CHROOT)/etc/local.d/firstboot.start touch $(CHROOT)/firstboot sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers - $(inroot) useradd -m -G users,wheel -s /bin/bash admin + $(inroot) useradd -m -G users,wheel -s /bin/bash --comment="virtual appliance admin" --uid 2000 admin $(inroot) passwd -d admin; $(inroot) passwd -e admin $(inroot) systemctl enable tmux@root.service + cp base/tmux.conf $(CHROOT)/root/.tmux.conf # Beispiel feste IP-Adresse - cp 00-eth0.network $(CHROOT)/00-eth0.network.example + cp base/00-eth0.network $(CHROOT)/00-eth0.network.example # MariaDB-Konfiguration ($$, weil make ein $ entfernt) sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4\ncollation-server = utf8mb4_general_ci\ntransaction_isolation = READ-COMMITTED\nbinlog_format = ROW\nexpire_logs_days = 3/" $(CHROOT)/etc/mysql/my.cnf diff --git a/privacyidea/00-eth0.network b/privacyidea/base/00-eth0.network similarity index 100% rename from privacyidea/00-eth0.network rename to privacyidea/base/00-eth0.network diff --git a/privacyidea/firstboot.start b/privacyidea/base/firstboot.start similarity index 100% rename from privacyidea/firstboot.start rename to privacyidea/base/firstboot.start diff --git a/privacyidea/timesyncd.conf b/privacyidea/base/timesyncd.conf similarity index 100% rename from privacyidea/timesyncd.conf rename to privacyidea/base/timesyncd.conf diff --git a/privacyidea/base/tmux.conf b/privacyidea/base/tmux.conf new file mode 100644 index 0000000..58a02ef --- /dev/null +++ b/privacyidea/base/tmux.conf @@ -0,0 +1,3 @@ +set -g mouse on +set-option -g set-titles on +set-option -g set-titles-string "#S / #T" diff --git a/privacyidea/kernel.config b/privacyidea/kernel.config index 9ce0f66..5da9c5f 100644 --- a/privacyidea/kernel.config +++ b/privacyidea/kernel.config @@ -4,7 +4,7 @@ # # -# Compiler: gcc (Gentoo Hardened 9.2.0-r2 p3) 9.2.0 +# Compiler: gcc (Gentoo 9.2.0-r2 p3) 9.2.0 # CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=90200 @@ -1161,7 +1161,7 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 CONFIG_XEN_BLKDEV_FRONTEND=y # CONFIG_XEN_BLKDEV_BACKEND is not set CONFIG_VIRTIO_BLK=y -# CONFIG_VIRTIO_BLK_SCSI is not set +CONFIG_VIRTIO_BLK_SCSI=y # CONFIG_BLK_DEV_RBD is not set # CONFIG_BLK_DEV_RSXX is not set @@ -1804,14 +1804,14 @@ CONFIG_HVC_DRIVER=y CONFIG_HVC_IRQ=y CONFIG_HVC_XEN=y CONFIG_HVC_XEN_FRONTEND=y -# CONFIG_VIRTIO_CONSOLE is not set +CONFIG_VIRTIO_CONSOLE=y # CONFIG_IPMI_HANDLER is not set CONFIG_HW_RANDOM=y # CONFIG_HW_RANDOM_TIMERIOMEM is not set CONFIG_HW_RANDOM_INTEL=y # CONFIG_HW_RANDOM_AMD is not set # CONFIG_HW_RANDOM_VIA is not set -CONFIG_HW_RANDOM_VIRTIO=y +# CONFIG_HW_RANDOM_VIRTIO is not set # CONFIG_NVRAM is not set # CONFIG_APPLICOM is not set # CONFIG_MWAVE is not set diff --git a/privacyidea/privacyidea.cfg b/privacyidea/privacyidea.cfg index 1eb96de..19c49d1 100644 --- a/privacyidea/privacyidea.cfg +++ b/privacyidea/privacyidea.cfg @@ -16,3 +16,5 @@ KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config ENABLE_SSHD = YES TIMEZONE=Europe/Berlin LOCALE=de_DE.utf8 +REPO_NAMES = unitas +REPO_URI_unitas = https://dev.unitas-network.de/r/Gentoo/Unitas.git diff --git a/privacyidea/world b/privacyidea/world index 6e92b03..950a739 100644 --- a/privacyidea/world +++ b/privacyidea/world @@ -1,6 +1,7 @@ app-admin/logrotate app-admin/sudo app-emulation/open-vm-tools +app-emulation/qemu-guest-agent app-misc/mc app-misc/tmuxservice net-analyzer/zabbix