va-privacyidea/Makefile

90 lines
4.9 KiB
Makefile
Raw Normal View History

2023-02-24 18:58:36 +01:00
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
apache_conf = $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf.orig
pi_log = $(CHROOT)/var/log/privacyidea/privacyidea.log
radius_dict = $(CHROOT)/etc/raddb/dictionary.orig
radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea
radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea
systemd-units: appliance/pi-maint.service appliance/pi-maint.timer appliance/cert-renew.service appliance/cert-renew.timer
cp appliance/pi-maint.service appliance/pi-maint.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
logrotate: appliance/logrotate-freeradius appliance/logrotate-privacyidea
cp appliance/logrotate-freeradius $(CHROOT)/etc/logrotate.d/freeradius
cp appliance/logrotate-privacyidea $(CHROOT)/etc/logrotate.d/privacyidea
2023-02-24 18:58:36 +01:00
$(02firstboot): appliance/02firstboot.start
mkdir -p $(CHROOT)/etc/local.d
cp $< $@
touch $(CHROOT)/02firstboot
$(cert-renew.sh): appliance/cert-renew.sh
mkdir -p $(CHROOT)/etc/ssl
cp $< $@
$(apache_conf): $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
sed -i 's:APACHE2_OPTS=\":APACHE2_OPTS=\"-D WSGI :' $(CHROOT)/etc/conf.d/apache2
mv $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf $(apache_conf)
# vor </VirtualHost> Zeilen einfügen:
sed '/<\/VirtualHost>/Q' $(apache_conf) >$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " <Directory />" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " Require all granted" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " Options FollowSymLinks" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " AllowOverride None" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " </Directory>" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " WSGIProcessGroup privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo " WSGIPassAuthorization On" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
grep -A 9999 '<\/VirtualHost>' $(apache_conf) >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
touch $(apache_conf)
$(pi_log):
touch $(CHROOT)/var/log/privacyidea/privacyidea.log
RUN chown privacyidea:root /var/log/privacyidea/privacyidea.log
$(radius_dict): $(CHROOT)/etc/privacyidea/dictionary
if ! test -e $(radius_dict); \
then mv $(CHROOT)/etc/raddb/dictionary $(radius_dict); \
fi
cp -f $(CHROOT)/etc/privacyidea/dictionary $(CHROOT)/etc/raddb/dictionary
RUN chown root:radius /etc/raddb/dictionary
chmod 640 $(CHROOT)/etc/raddb/dictionary
touch $(radius_dict)
$(radius_module): $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea
cp $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea $(CHROOT)/etc/raddb/mods-available/perl-privacyidea
rm $(CHROOT)/etc/raddb/mods-enabled/eap
ln -s ../mods-available/perl-privacyidea $(radius_module)
$(radius_site): $(CHROOT)/etc/privacyidea/freeradius3/privacyidea
cp $(CHROOT)/etc/privacyidea/freeradius3/privacyidea $(CHROOT)/etc/raddb/sites-available/privacyidea
RUN chown root:radius /etc/raddb/sites-available/privacyidea
chmod 640 $(CHROOT)/etc/raddb/sites-available/privacyidea
rm $(CHROOT)/etc/raddb/sites-enabled/*
ln -s ../sites-available/privacyidea $(radius_site)
$(CHROOT)/var/lib/mysql: mariadb/my.cnf.root
# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf
chmod 0600 $(CHROOT)/root/.my.cnf
rm -rf $(CHROOT)/var/lib/mysql/*
RUN bash -c 'yes gentoo | emerge --config dev-db/mariadb'
preinstall:
postinstall: systemd-units logrotate $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql