92 lines
5.0 KiB
Makefile
92 lines
5.0 KiB
Makefile
PIUSER = $(CHROOT)/var/tmp/piuser
|
|
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
|
|
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
|
|
apache_conf = $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf.orig
|
|
pi_log = $(CHROOT)/var/log/privacyidea/privacyidea.log
|
|
radius_dict = $(CHROOT)/etc/raddb/dictionary.orig
|
|
radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea
|
|
radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea
|
|
|
|
systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer
|
|
cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/
|
|
cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
|
|
|
|
$(PIUSER):
|
|
-RUN useradd --system --comment="created from appliance building - privacyidea user" --home-dir="/var/lib/privacyidea/home" --shell="/sbin/nologin" --no-create-home --uid 605 --user-group privacyidea
|
|
touch $(PIUSER)
|
|
|
|
$(02firstboot): appliance/02firstboot.start
|
|
mkdir -p $(CHROOT)/etc/local.d
|
|
cp $< $@
|
|
touch $(CHROOT)/02firstboot
|
|
|
|
$(cert-renew.sh): appliance/cert-renew.sh
|
|
mkdir -p $(CHROOT)/etc/ssl
|
|
cp $< $@
|
|
|
|
$(apache_conf): $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
sed -i 's:APACHE2_OPTS=\":APACHE2_OPTS=\"-D WSGI :' $(CHROOT)/etc/conf.d/apache2
|
|
|
|
mv $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf $(apache_conf)
|
|
# vor </VirtualHost> Zeilen einfügen:
|
|
sed '/<\/VirtualHost>/Q' $(apache_conf) >$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo " <Directory />" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo " Require all granted" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo " Options FollowSymLinks" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo " AllowOverride None" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo " </Directory>" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo " WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo " WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo " WSGIProcessGroup privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo " WSGIPassAuthorization On" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
grep -A 9999 '<\/VirtualHost>' $(apache_conf) >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
|
|
|
|
touch $(apache_conf)
|
|
|
|
$(pi_log):
|
|
touch $(CHROOT)/var/log/privacyidea/privacyidea.log
|
|
RUN chown privacyidea:root /var/log/privacyidea/privacyidea.log
|
|
|
|
$(radius_dict): $(CHROOT)/etc/privacyidea/dictionary
|
|
if ! test -e $(radius_dict); \
|
|
then mv $(CHROOT)/etc/raddb/dictionary $(radius_dict); \
|
|
fi
|
|
cp -f $(CHROOT)/etc/privacyidea/dictionary $(CHROOT)/etc/raddb/dictionary
|
|
RUN chown root:radius /etc/raddb/dictionary
|
|
chmod 640 $(CHROOT)/etc/raddb/dictionary
|
|
touch $(radius_dict)
|
|
|
|
$(radius_module): $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea
|
|
cp $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea $(CHROOT)/etc/raddb/mods-available/perl-privacyidea
|
|
rm $(CHROOT)/etc/raddb/mods-enabled/eap
|
|
ln -s ../mods-available/perl-privacyidea $(radius_module)
|
|
|
|
$(radius_site): $(CHROOT)/etc/privacyidea/freeradius3/privacyidea
|
|
cp $(CHROOT)/etc/privacyidea/freeradius3/privacyidea $(CHROOT)/etc/raddb/sites-available/privacyidea
|
|
RUN chown root:radius /etc/raddb/sites-available/privacyidea
|
|
chmod 640 $(CHROOT)/etc/raddb/sites-available/privacyidea
|
|
rm $(CHROOT)/etc/raddb/sites-enabled/*
|
|
ln -s ../sites-available/privacyidea $(radius_site)
|
|
|
|
$(CHROOT)/var/lib/mysql: mariadb/my.cnf.root
|
|
# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
|
|
sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
|
echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
|
echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
|
echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
|
echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
|
echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
|
echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
|
echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
|
|
cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf
|
|
chmod 0600 $(CHROOT)/root/.my.cnf
|
|
rm -rf $(CHROOT)/var/lib/mysql/*
|
|
RUN bash -c 'yes gentoo | emerge --config dev-db/mariadb'
|
|
|
|
|
|
preinstall: $(PIUSER)
|
|
|
|
postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql
|