PIUSER = $(CHROOT)/var/tmp/piuser 02firstboot = $(CHROOT)/etc/local.d/02firstboot.start cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh apache_conf = $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf.orig pi_log = $(CHROOT)/var/log/privacyidea/privacyidea.log radius_dict = $(CHROOT)/etc/raddb/dictionary.orig radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/ cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/ $(PIUSER): -RUN useradd --system --comment="created from appliance building - privacyidea user" --home-dir="/var/lib/privacyidea/home" --shell="/sbin/nologin" --no-create-home --uid 605 --user-group privacyidea touch $(PIUSER) $(02firstboot): appliance/02firstboot.start mkdir -p $(CHROOT)/etc/local.d cp $< $@ touch $(CHROOT)/02firstboot $(cert-renew.sh): appliance/cert-renew.sh mkdir -p $(CHROOT)/etc/ssl cp $< $@ $(apache_conf): $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf sed -i 's:APACHE2_OPTS=\":APACHE2_OPTS=\"-D WSGI :' $(CHROOT)/etc/conf.d/apache2 mv $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf $(apache_conf) # vor Zeilen einfügen: sed '/<\/VirtualHost>/Q' $(apache_conf) >$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo " " >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo " Require all granted" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo " Options FollowSymLinks" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo " AllowOverride None" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo " " >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo " WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo " WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo " WSGIProcessGroup privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo " WSGIPassAuthorization On" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf grep -A 9999 '<\/VirtualHost>' $(apache_conf) >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf touch $(apache_conf) $(pi_log): touch $(CHROOT)/var/log/privacyidea/privacyidea.log RUN chown privacyidea:root /var/log/privacyidea/privacyidea.log $(radius_dict): $(CHROOT)/etc/privacyidea/dictionary if ! test -e $(radius_dict); \ then mv $(CHROOT)/etc/raddb/dictionary $(radius_dict); \ fi cp -f $(CHROOT)/etc/privacyidea/dictionary $(CHROOT)/etc/raddb/dictionary RUN chown root:radius /etc/raddb/dictionary chmod 640 $(CHROOT)/etc/raddb/dictionary touch $(radius_dict) $(radius_module): $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea cp $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea $(CHROOT)/etc/raddb/mods-available/perl-privacyidea rm $(CHROOT)/etc/raddb/mods-enabled/eap ln -s ../mods-available/perl-privacyidea $(radius_module) $(radius_site): $(CHROOT)/etc/privacyidea/freeradius3/privacyidea cp $(CHROOT)/etc/privacyidea/freeradius3/privacyidea $(CHROOT)/etc/raddb/sites-available/privacyidea RUN chown root:radius /etc/raddb/sites-available/privacyidea chmod 640 $(CHROOT)/etc/raddb/sites-available/privacyidea rm $(CHROOT)/etc/raddb/sites-enabled/* ln -s ../sites-available/privacyidea $(radius_site) $(CHROOT)/var/lib/mysql: mariadb/my.cnf.root # MariaDB-Konfiguration ($$, weil make ein $ entfernt) sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf chmod 0600 $(CHROOT)/root/.my.cnf rm -rf $(CHROOT)/var/lib/mysql/* RUN bash -c 'yes gentoo | emerge --config dev-db/mariadb' preinstall: $(PIUSER) postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql