Merge pull request #299 from himmelblau-idm/stable-0.7.x_backports2

Backports to stable

Author: dmulder

Cargo.toml

@@ -14,11 +14,12 @@ members = [
 	"src/file_permissions",
 	"src/broker",
 	"src/sshd-config",
+	"src/sso",
 ]
 resolver = "2"
 
 [workspace.package]
-version = "0.7.3"
+version = "0.7.4"
 authors = [
     "David Mulder <[email protected]>"
 ]

Makefile

@@ -69,7 +69,7 @@ deb:
 rpm:
 	mkdir -p ./packaging/
 	git submodule init; git submodule update
-	for v in rocky8 rocky9 tumbleweed; do \
+	for v in rocky8 rocky9 sle15sp6 tumbleweed rawhide fedora41; do \
 		echo "Building $$v RPM packages"; \
 		$(DOCKER) build -t himmelblau-$$v-build -f images/rpm/Dockerfile.$$v .; \
 		$(DOCKER) run --rm -it -v ./:/himmelblau himmelblau-$$v-build; \

images/rpm/Dockerfile.fedora41

@@ -0,0 +1,40 @@
+# Use the official Fedora 41 image as the base
+FROM fedora:41
+
+# Update the package list and install essential build dependencies
+RUN dnf -y update && \
+    dnf -y install \
+    wget \
+    git \
+    gcc \
+    gcc-c++ \
+    make \
+    openssl-devel \
+    dbus-devel \
+    libtool \
+    pkg-config \
+    autoconf \
+    pam-devel \
+    systemd-devel \
+    krb5-devel \
+    pcre2-devel \
+    clang \
+    gettext \
+    sqlite-devel \
+    utf8proc-devel \
+    cargo && \
+    dnf clean all
+
+# Set environment for Rust
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+VOLUME /himmelblau
+
+# Change directory to the repository
+WORKDIR /himmelblau
+
+# Install the cargo-deb tool
+RUN cargo install cargo-generate-rpm
+
+# Build the project and create the RPM package
+CMD cargo clean && cargo build --release && strip -s target/release/*.so && strip -s target/release/aad-tool && strip -s target/release/himmelblaud && strip -s target/release/himmelblaud_tasks && strip -s target/release/broker && cargo generate-rpm -p src/daemon && cargo generate-rpm -p src/nss && cargo generate-rpm -p src/pam && cargo generate-rpm -p src/sshd-config && cargo generate-rpm -p src/sso

images/rpm/Dockerfile.rawhide

@@ -0,0 +1,40 @@
+# Use the official Fedora Rawhide image as the base
+FROM fedora:rawhide
+
+# Update the package list and install essential build dependencies
+RUN dnf -y update && \
+    dnf -y install \
+    wget \
+    git \
+    gcc \
+    gcc-c++ \
+    make \
+    openssl-devel \
+    dbus-devel \
+    libtool \
+    pkg-config \
+    autoconf \
+    pam-devel \
+    systemd-devel \
+    krb5-devel \
+    pcre2-devel \
+    clang \
+    gettext \
+    sqlite-devel \
+    utf8proc-devel \
+    cargo && \
+    dnf clean all
+
+# Set environment for Rust
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+VOLUME /himmelblau
+
+# Change directory to the repository
+WORKDIR /himmelblau
+
+# Install the cargo-deb tool
+RUN cargo install cargo-generate-rpm
+
+# Build the project and create the RPM package
+CMD cargo clean && cargo build --release && strip -s target/release/*.so && strip -s target/release/aad-tool && strip -s target/release/himmelblaud && strip -s target/release/himmelblaud_tasks && strip -s target/release/broker && cargo generate-rpm -p src/daemon && cargo generate-rpm -p src/nss && cargo generate-rpm -p src/pam && cargo generate-rpm -p src/sshd-config && cargo generate-rpm -p src/sso

images/rpm/Dockerfile.rocky8

@@ -4,12 +4,18 @@ FROM rockylinux:8
 # Set environment variables for non-interactive installs
 ENV YUM_VERSION=8
 
-# Install epel-release (Extra Packages for Enterprise Linux) for utf8proc-devel
-#RUN yum update -y && yum install -y epel-release
+# Install utf8proc-devel, which has invalid characters in the filename,
+# breaking yum search.
+RUN yum update -y && dnf install -y 'dnf-command(config-manager)' wget \
+    && dnf config-manager --set-enabled powertools \
+    && yum update -y \
+    && VERSION_ID=$(grep "^VERSION_ID=" /etc/os-release | cut -d '"' -f 2) \
+    && URL="http://downloads.rockylinux.org/pub/rocky/${VERSION_ID}/PowerTools/x86_64/os/Packages/u/" \
+    && wget -r -l1 -nd -np -A "utf8proc-devel-*.x86_64.rpm" "$URL" \
+    && yum install -y ./utf8proc-devel-*.x86_64.rpm
 
 # Install essential build dependencies
 RUN yum update -y && yum install -y \
-    wget \
     git \
     gcc \
     gcc-c++ \
@@ -29,16 +35,6 @@ RUN yum update -y && yum install -y \
     sqlite-devel \
     && yum clean all
 
-# Fetch the utf8proc sources, since EL8 doesn't package this
-RUN VERSION=2.6.1; \
-    echo "Installing utf8proc version: $VERSION"; \
-    wget https://github.com/JuliaStrings/utf8proc/archive/refs/tags/v$VERSION.tar.gz -O utf8proc-$VERSION.tar.gz; \
-    mkdir -p utf8proc-rocky8 && \
-    tar -xvf utf8proc-$VERSION.tar.gz -C utf8proc-rocky8 --strip-components=1 && \
-    cd utf8proc-rocky8 && \
-    make && \
-    make install
-
 # Install Rust (latest stable)
 RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
 
@@ -54,4 +50,4 @@ WORKDIR /himmelblau
 RUN cargo install cargo-generate-rpm
 
 # Build the project and create the .deb package
-CMD cargo clean && cargo build --release && strip -s target/release/*.so && strip -s target/release/aad-tool && strip -s target/release/himmelblaud && strip -s target/release/himmelblaud_tasks && strip -s target/release/broker && cargo generate-rpm -p src/daemon && cargo generate-rpm -p src/nss && cargo generate-rpm -p src/pam && cargo generate-rpm -p src/sshd-config
+CMD cargo clean && cargo build --release && strip -s target/release/*.so && strip -s target/release/aad-tool && strip -s target/release/himmelblaud && strip -s target/release/himmelblaud_tasks && strip -s target/release/broker && cargo generate-rpm -p src/daemon && cargo generate-rpm -p src/nss && cargo generate-rpm -p src/pam && cargo generate-rpm -p src/sshd-config && cargo generate-rpm -p src/sso

images/rpm/Dockerfile.rocky9

@@ -4,12 +4,12 @@ FROM rockylinux:9
 # Set environment variables for non-interactive installs
 ENV YUM_VERSION=8
 
-# Install epel-release (Extra Packages for Enterprise Linux) for utf8proc-devel
-#RUN yum update -y && yum install -y epel-release
+# Enable CRB, for utf8proc-devel
+RUN yum update -y && dnf install -y 'dnf-command(config-manager)' \
+    && dnf config-manager --set-enabled crb
 
 # Install essential build dependencies
 RUN yum update -y && yum install -y \
-    wget \
     git \
     gcc \
     gcc-c++ \
@@ -27,24 +27,9 @@ RUN yum update -y && yum install -y \
     clang \
     gettext \
     sqlite-devel \
-    utf8proc \
+    utf8proc-devel \
     && yum clean all
 
-# Fetch the utf8proc sources, since EL9 doesn't package the headers
-RUN if ! rpm -q utf8proc; then \
-        echo "utf8proc is not installed."; \
-        exit 1; \
-    else \
-        VERSION=$(rpm -q --queryformat '%{VERSION}' utf8proc); \
-        echo "Installed utf8proc version: $VERSION"; \
-        wget https://github.com/JuliaStrings/utf8proc/archive/refs/tags/v$VERSION.tar.gz -O utf8proc-$VERSION.tar.gz; \
-    fi && \
-    mkdir -p utf8proc-rocky9 && \
-    tar -xvf utf8proc-$VERSION.tar.gz -C utf8proc-rocky9 --strip-components=1 && \
-    cd utf8proc-rocky9 && \
-    make && \
-    make install
-
 # Install Rust (latest stable)
 RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
 
@@ -60,4 +45,4 @@ WORKDIR /himmelblau
 RUN cargo install cargo-generate-rpm
 
 # Build the project and create the .deb package
-CMD cargo clean && cargo build --release && strip -s target/release/*.so && strip -s target/release/aad-tool && strip -s target/release/himmelblaud && strip -s target/release/himmelblaud_tasks && strip -s target/release/broker && cargo generate-rpm -p src/daemon && cargo generate-rpm -p src/nss && cargo generate-rpm -p src/pam && cargo generate-rpm -p src/sshd-config
+CMD cargo clean && cargo build --release && strip -s target/release/*.so && strip -s target/release/aad-tool && strip -s target/release/himmelblaud && strip -s target/release/himmelblaud_tasks && strip -s target/release/broker && cargo generate-rpm -p src/daemon && cargo generate-rpm -p src/nss && cargo generate-rpm -p src/pam && cargo generate-rpm -p src/sshd-config && cargo generate-rpm -p src/sso

images/rpm/Dockerfile.sle15sp6

@@ -0,0 +1,41 @@
+# Use the official openSUSE Leap 15.6 image as the base
+FROM opensuse/leap:15.6
+
+# Update the package list and install essential build dependencies
+RUN zypper --non-interactive refresh && zypper --non-interactive update && \
+    zypper --non-interactive install --no-recommends \
+    wget \
+    git \
+    gcc \
+    gcc-c++ \
+    make \
+    libopenssl-3-devel \
+    dbus-1-devel \
+    libtool \
+    pkg-config \
+    autoconf \
+    pam-devel \
+    systemd-devel \
+    libcap-progs \
+    krb5-devel \
+    pcre2-devel \
+    clang \
+    gettext-tools \
+    sqlite3-devel \
+    utf8proc-devel \
+    cargo \
+    && zypper clean --all
+
+# Set environment for Rust
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+VOLUME /himmelblau
+
+# Change directory to the repository
+WORKDIR /himmelblau
+
+# Install the cargo-deb tool
+RUN cargo install cargo-generate-rpm
+
+# Build the project and create the RPM package
+CMD cargo clean && cargo build --release && strip -s target/release/*.so && strip -s target/release/aad-tool && strip -s target/release/himmelblaud && strip -s target/release/himmelblaud_tasks && strip -s target/release/broker && cargo generate-rpm -p src/daemon && cargo generate-rpm -p src/nss && cargo generate-rpm -p src/pam && cargo generate-rpm -p src/sshd-config && cargo generate-rpm -p src/sso

images/rpm/Dockerfile.tumbleweed

@@ -38,4 +38,4 @@ WORKDIR /himmelblau
 RUN cargo install cargo-generate-rpm
 
 # Build the project and create the RPM package
-CMD cargo clean && cargo build --release && strip -s target/release/*.so && strip -s target/release/aad-tool && strip -s target/release/himmelblaud && strip -s target/release/himmelblaud_tasks && strip -s target/release/broker && cargo generate-rpm -p src/daemon && cargo generate-rpm -p src/nss && cargo generate-rpm -p src/pam && cargo generate-rpm -p src/sshd-config
+CMD cargo clean && cargo build --release && strip -s target/release/*.so && strip -s target/release/aad-tool && strip -s target/release/himmelblaud && strip -s target/release/himmelblaud_tasks && strip -s target/release/broker && cargo generate-rpm -p src/daemon && cargo generate-rpm -p src/nss && cargo generate-rpm -p src/pam && cargo generate-rpm -p src/sshd-config && cargo generate-rpm -p src/sso

images/ubuntu/Dockerfile.22.04

@@ -49,4 +49,4 @@ WORKDIR /himmelblau
 RUN cargo install cargo-deb
 
 # Build the project and create the .deb package
-CMD cargo clean && cargo deb --deb-revision=ubuntu22.04 -p himmelblaud && cargo deb --deb-revision=ubuntu22.04 -p nss_himmelblau && cargo deb --deb-revision=ubuntu22.04 -p pam_himmelblau && cargo deb --deb-revision=ubuntu22.04 -p sshd-config
+CMD cargo clean && cargo deb --deb-revision=ubuntu22.04 -p himmelblaud && cargo deb --deb-revision=ubuntu22.04 -p nss_himmelblau && cargo deb --deb-revision=ubuntu22.04 -p pam_himmelblau && cargo deb --deb-revision=ubuntu22.04 -p sshd-config && cargo deb --deb-revision=ubuntu22.04 -p sso

images/ubuntu/Dockerfile.24.04

@@ -49,4 +49,4 @@ WORKDIR /himmelblau
 RUN cargo install cargo-deb
 
 # Build the project and create the .deb package
-CMD cargo clean && cargo deb --deb-revision=ubuntu24.04 -p himmelblaud && cargo deb --deb-revision=ubuntu24.04 -p nss_himmelblau && cargo deb --deb-revision=ubuntu24.04 -p pam_himmelblau && cargo deb --deb-revision=ubuntu24.04 -p sshd-config
+CMD cargo clean && cargo deb --deb-revision=ubuntu24.04 -p himmelblaud && cargo deb --deb-revision=ubuntu24.04 -p nss_himmelblau && cargo deb --deb-revision=ubuntu24.04 -p pam_himmelblau && cargo deb --deb-revision=ubuntu24.04 -p sshd-config && cargo deb --deb-revision=ubuntu24.04 -p sso

src/sso/Cargo.toml

@@ -0,0 +1,40 @@
+[package]
+name = "sso"
+description = "Entra ID SSO via Himmelblau Identity Broker"
+version.workspace = true
+authors.workspace = true
+rust-version.workspace = true
+edition.workspace = true
+license.workspace = true
+homepage.workspace = true
+repository.workspace = true
+
+[package.metadata.deb]
+name = "himmelblau-sso"
+depends = ["python3-pydbus"]
+assets = [
+  ["src/linux-entra-sso.py", "usr/bin/linux-entra-sso", "755"],
+  ["src/firefox/linux_entra_sso.json", "usr/lib/mozilla/native-messaging-hosts/", "644"],
+  ["src/firefox/policies.json", "etc/firefox/policies/", "644"],
+  ["src/chrome/linux_entra_sso.json", "etc/opt/chrome/native-messaging-hosts/", "644"],
+  ["src/chrome/linux_entra_sso.json", "etc/chromium/native-messaging-hosts/", "644"],
+  ["src/chrome/extension.json", "usr/share/google-chrome/extensions/jlnfnnolkbjieggibinobhkjdfbpcohn.json", "644"],
+  ["src/chrome/policies.json", "etc/opt/chrome/policies/managed/himmelblau.json", "644"],
+  ["src/chrome/policies.json", "etc/chromium/policies/managed/himmelblau.json", "644"],
+]
+
+[package.metadata.generate-rpm]
+name = "himmelblau-sso"
+assets = [
+  { source = "src/linux-entra-sso.py", dest = "/usr/bin/linux-entra-sso", mode = "755" },
+  { source = "src/firefox/linux_entra_sso.json", dest = "/usr/lib64/mozilla/native-messaging-hosts/", mode = "644" },
+  { source = "src/firefox/policies.json", dest = "/etc/firefox/policies/", mode = "644" },
+  { source = "src/chrome/linux_entra_sso.json", dest = "/etc/opt/chrome/native-messaging-hosts/", mode = "644" },
+  { source = "src/chrome/linux_entra_sso.json", dest = "/etc/chromium/native-messaging-hosts/", mode = "644" },
+  { source = "src/chrome/extension.json", dest = "/usr/share/google-chrome/extensions/jlnfnnolkbjieggibinobhkjdfbpcohn.json", mode = "644" },
+  { source = "src/chrome/policies.json", dest = "/etc/opt/chrome/policies/managed/himmelblau.json", mode = "644" },
+  { source = "src/chrome/policies.json", dest = "/etc/chromium/policies/managed/himmelblau.json", mode = "644" },
+]
+
+[package.metadata.generate-rpm.requires]
+python3-pydbus = "*"