appliances/privacyidea/Makefile

92 lines
5.0 KiB
Makefile
Raw Normal View History

2021-04-13 19:07:06 +02:00
PIUSER = $(CHROOT)/var/tmp/piuser
2022-01-19 13:14:45 +01:00
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
2021-04-13 19:07:06 +02:00
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
apache_conf = $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf.orig
pi_log = $(CHROOT)/var/log/privacyidea/privacyidea.log
radius_dict = $(CHROOT)/etc/raddb/dictionary.orig
radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea
radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea
systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer
cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/
cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
$(PIUSER):
-RUN useradd --system --comment="created from appliance building - privacyidea user" --home-dir="/var/lib/privacyidea/home" --shell="/sbin/nologin" --no-create-home --uid 605 --user-group privacyidea
touch $(PIUSER)
$(02firstboot): appliance/02firstboot.start
mkdir -p $(CHROOT)/etc/local.d
cp $< $@
touch $(CHROOT)/02firstboot
$(cert-renew.sh): appliance/cert-renew.sh
mkdir -p $(CHROOT)/etc/ssl
cp $< $@
$(apache_conf): $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
sed -i 's:APACHE2_OPTS=\":APACHE2_OPTS=\"-D WSGI :' $(CHROOT)/etc/conf.d/apache2
mv $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf $(apache_conf)
# vor </VirtualHost> Zeilen einfügen:
sed '/<\/VirtualHost>/Q' $(apache_conf) >$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " <Directory />" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " Require all granted" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " Options FollowSymLinks" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " AllowOverride None" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " </Directory>" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " WSGIProcessGroup privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " WSGIPassAuthorization On" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
grep -A 9999 '<\/VirtualHost>' $(apache_conf) >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
touch $(apache_conf)
$(pi_log):
touch $(CHROOT)/var/log/privacyidea/privacyidea.log
RUN chown privacyidea:root /var/log/privacyidea/privacyidea.log
$(radius_dict): $(CHROOT)/etc/privacyidea/dictionary
if ! test -e $(radius_dict); \
then mv $(CHROOT)/etc/raddb/dictionary $(radius_dict); \
fi
cp -f $(CHROOT)/etc/privacyidea/dictionary $(CHROOT)/etc/raddb/dictionary
RUN chown root:radius /etc/raddb/dictionary
chmod 640 $(CHROOT)/etc/raddb/dictionary
touch $(radius_dict)
$(radius_module): $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea
cp $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea $(CHROOT)/etc/raddb/mods-available/perl-privacyidea
rm $(CHROOT)/etc/raddb/mods-enabled/eap
ln -s ../mods-available/perl-privacyidea $(radius_module)
$(radius_site): $(CHROOT)/etc/privacyidea/freeradius3/privacyidea
cp $(CHROOT)/etc/privacyidea/freeradius3/privacyidea $(CHROOT)/etc/raddb/sites-available/privacyidea
RUN chown root:radius /etc/raddb/sites-available/privacyidea
chmod 640 $(CHROOT)/etc/raddb/sites-available/privacyidea
rm $(CHROOT)/etc/raddb/sites-enabled/*
ln -s ../sites-available/privacyidea $(radius_site)
$(CHROOT)/var/lib/mysql: mariadb/my.cnf.root
# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf
chmod 0600 $(CHROOT)/root/.my.cnf
rm -rf $(CHROOT)/var/lib/mysql/*
RUN bash -c 'yes gentoo | emerge --config dev-db/mariadb'
preinstall: $(PIUSER)
postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql