From b416aca8deefdcd52b899fdbf402920c90d74491 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 20:23:48 +0100 Subject: [PATCH 01/28] pam/generate: Explicitly generate internal proto It's a dependency of the module code so it should be generated first --- pam/generate.go | 2 ++ pam/generate_debug.go | 2 ++ 2 files changed, 4 insertions(+) diff --git a/pam/generate.go b/pam/generate.go index 732204012..5e2ef7e19 100644 --- a/pam/generate.go +++ b/pam/generate.go @@ -1,5 +1,7 @@ //go:build generate && !pam_debug +//go:generate go generate -C internal/proto + //go:generate ./generate.sh -tags "!pam_binary_cli && !pam_debug" package main diff --git a/pam/generate_debug.go b/pam/generate_debug.go index 059925c71..e90d02fc0 100644 --- a/pam/generate_debug.go +++ b/pam/generate_debug.go @@ -1,5 +1,7 @@ //go:build generate && pam_debug +//go:generate go generate -C internal/proto + //go:generate env CFLAGS=-g3 CGO_CFLAGS=-g3 ./generate.sh -tags "!pam_binary_cli && pam_debug" -build-tags pam_gdm_debug -output pam_module_debug.go package main From 46f17ff35a4884c7ce41efd2f09277750f4f6e2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 14:24:09 +0100 Subject: [PATCH 02/28] pam/generate.sh: Compute project root path correctly It has to work even if the script is called directly, not just from `go generate` --- pam/generate.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pam/generate.sh b/pam/generate.sh index 24c5ead51..d0bc64033 100755 --- a/pam/generate.sh +++ b/pam/generate.sh @@ -2,10 +2,13 @@ set -euo pipefail -PROJECT_ROOT=$PWD/.. +SCRIPT_PATH=$(dirname "$0") +PROJECT_ROOT=$(realpath "$SCRIPT_PATH")/.. module_libname=pam_authd.so loader_libname=pam_go_loader.so +cd "$SCRIPT_PATH" + if [ -d "$PROJECT_ROOT"/vendor ]; then echo Vendored dependencies detected, not re-generating pam_module.go else From 5642bead7e45a4728e3e9971fb97af2efa4cdee4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 21:37:11 +0100 Subject: [PATCH 03/28] pam: Fix generation of module at bootstrap If we generate the module without any generated file around we fail, to ensure this works we need to also run again the generation process but skipping what we've done already. --- pam/generate.go | 2 +- pam/generate.sh | 1 + pam/generate_debug.go | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pam/generate.go b/pam/generate.go index 5e2ef7e19..3e3e26f07 100644 --- a/pam/generate.go +++ b/pam/generate.go @@ -1,4 +1,4 @@ -//go:build generate && !pam_debug +//go:build generate && !pam_module_generation && !pam_debug //go:generate go generate -C internal/proto diff --git a/pam/generate.sh b/pam/generate.sh index d0bc64033..535423235 100755 --- a/pam/generate.sh +++ b/pam/generate.sh @@ -15,6 +15,7 @@ else go run github.com/msteinert/pam/v2/cmd/pam-moduler \ -libname "$module_libname" -type pamModule \ "${@}" + go generate -x -tags pam_module_generation fi cc_args=() diff --git a/pam/generate_debug.go b/pam/generate_debug.go index e90d02fc0..b775a98b7 100644 --- a/pam/generate_debug.go +++ b/pam/generate_debug.go @@ -1,4 +1,4 @@ -//go:build generate && pam_debug +//go:build generate && !pam_module_generation && pam_debug //go:generate go generate -C internal/proto From 4a98eca00a606075ce84bb470fce04e10683d0b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Wed, 21 Feb 2024 04:44:36 +0100 Subject: [PATCH 04/28] db_test: Ignore permission test when building the package We may run as root when building inside schroot, so ignore in such case. --- debian/rules | 4 ++++ internal/users/cache/db_test.go | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/debian/rules b/debian/rules index e7159765f..1a9997604 100755 --- a/debian/rules +++ b/debian/rules @@ -33,6 +33,10 @@ export AUTHD_PAM_MODULES_PATH = /usr/lib/$(DEB_TARGET_GNU_TYPE)/security # they need external commands (e.g. `vhs`) that are not available in the build environment. export AUTHD_SKIP_EXTERNAL_DEPENDENT_TESTS=1 +# Skip some tests that fail when running as root as it may happen when building the packages +# in sbuild or similar environments. +export AUTHD_SKIP_ROOT_TESTS := 1 + %: dh $@ --buildsystem=golang --with=golang,apport diff --git a/internal/users/cache/db_test.go b/internal/users/cache/db_test.go index 86ee93907..76caa3998 100644 --- a/internal/users/cache/db_test.go +++ b/internal/users/cache/db_test.go @@ -60,6 +60,14 @@ func TestNew(t *testing.T) { if tc.perm != nil { err := os.Chmod(dbDestPath, *tc.perm) require.NoError(t, err, "Setup: could not change mode of database file") + + if *tc.perm == perm0644 { + currentUser, err := user.Current() + require.NoError(t, err) + if os.Getenv("AUTHD_SKIP_ROOT_TESTS") != "" && currentUser.Username == "root" { + t.Skip("Can't do permission checks as root") + } + } } c, err := cache.New(cacheDir) @@ -452,6 +460,11 @@ func TestClear(t *testing.T) { require.NoError(t, os.Remove(c.DbPath()), "Setup: should be able to remove database file") } if tc.readOnlyDir { + currentUser, err := user.Current() + require.NoError(t, err) + if os.Getenv("AUTHD_SKIP_ROOT_TESTS") != "" && currentUser.Username == "root" { + t.Skip("Can't do permission checks as root") + } testutils.MakeReadOnly(t, filepath.Dir(c.DbPath())) } From f496fa4e33bd37f8ec5484c0dfde06b90ebbb2b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 16:39:37 +0100 Subject: [PATCH 05/28] internal/daemon: Add generation script for generating grpctestservice So that running `go generate ./...` will also recreate this file --- internal/daemon/testdata/grpctestservice/generate.go | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 internal/daemon/testdata/grpctestservice/generate.go diff --git a/internal/daemon/testdata/grpctestservice/generate.go b/internal/daemon/testdata/grpctestservice/generate.go new file mode 100644 index 000000000..164a92dd0 --- /dev/null +++ b/internal/daemon/testdata/grpctestservice/generate.go @@ -0,0 +1,6 @@ +//go:build generate + +//go:generate ../../../../tools/generate-proto.sh --with-grpc grpctestservice.proto + +// Package grpctestservice contains the autogenerated GRPC API. +package grpctestservice From ee563aa56ccaddc793fc78dc942f968fc0ba23d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Wed, 21 Feb 2024 06:45:10 +0100 Subject: [PATCH 06/28] systemd: Fix path of the authd daemon This works for now as /sbin is linked to /usr/sbin but let's set it correctly --- systemd/authd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/authd.service b/systemd/authd.service index 7c1c8078e..2b87e2a35 100644 --- a/systemd/authd.service +++ b/systemd/authd.service @@ -6,7 +6,7 @@ PartOf=authd.socket [Service] Type=notify -ExecStart=/sbin/authd +ExecStart=/usr/sbin/authd # Some daemon restrictions LockPersonality=yes From f65c9b812a2af20191e7b8eb67171f3d5fd51514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 15:14:03 +0100 Subject: [PATCH 07/28] debian/control: Do not install dbus if tests are disabled If building with `DEB_BUILD_OPTIONS=nocheck`, we don't need to run dbus-daemon at all, so mark it as such. --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 697e6c03f..516afbe4f 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: admin Priority: optional Maintainer: Ubuntu Developers Build-Depends: debhelper-compat (= 13), - dbus, + dbus , dh-apport, dh-cargo, dh-golang, From 8b2b502085fba799c1f54a78dc1503846efa3691 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 14:14:03 +0100 Subject: [PATCH 08/28] tools/generate-proto.sh: Ignore calls during package building --- tools/generate-proto.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/generate-proto.sh b/tools/generate-proto.sh index 809c09346..8f19a73b4 100755 --- a/tools/generate-proto.sh +++ b/tools/generate-proto.sh @@ -2,6 +2,11 @@ set -euo pipefail +if [ -v DEB_HOST_GNU_TYPE ]; then + echo "Proto files should not be regenerated during package building" + exit 0 +fi + # TODO: Watch https://github.com/protocolbuffers/protobuf for any changes on the # experimental status of optional fields, previously described on: # https://github.com/protocolbuffers/protobuf/blob/main/docs/implementing_proto3_presence.md. From b37306a6379235366b9b89ff4ba3810dd2b17b62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Tue, 12 Dec 2023 19:03:18 +0100 Subject: [PATCH 09/28] debian/rules: Use dh-golang features to generate our targets --- debian/control | 1 + debian/rules | 25 +++++++++++++++++++------ 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/debian/control b/debian/control index 516afbe4f..275daa124 100644 --- a/debian/control +++ b/debian/control @@ -7,6 +7,7 @@ Build-Depends: debhelper-compat (= 13), dh-apport, dh-cargo, dh-golang, + dctrl-tools, golang-go (>= 2:1.21~), jq, libc6-dev (>= 2.35), diff --git a/debian/rules b/debian/rules index 1a9997604..4cd7680be 100755 --- a/debian/rules +++ b/debian/rules @@ -1,8 +1,10 @@ #!/usr/bin/make -f #export DH_VERBOSE = 1 -export GOCACHE := $(shell mktemp -d /tmp/gocache-XXXX) -export GOFLAGS := -ldflags=-X=github.com/ubuntu/authd/internal/consts.Version=$(shell dpkg-parsechangelog -S Version) --mod=vendor -buildmode=pie +# The package name for authd, used only locally to avoid repetitions +AUTHD_GO_PACKAGE := $(shell grep-dctrl -s XS-Go-Import-Path -n - ./debian/control) + +export GOFLAGS := -ldflags=-X=$(AUTHD_GO_PACKAGE)/internal/consts.Version=$(shell dpkg-parsechangelog -S Version) --mod=vendor -buildmode=pie export DEB_BUILD_MAINT_OPTIONS := optimize=-lto @@ -37,6 +39,12 @@ export AUTHD_SKIP_EXTERNAL_DEPENDENT_TESTS=1 # in sbuild or similar environments. export AUTHD_SKIP_ROOT_TESTS := 1 +# Defines the targets to be built as part of dh_auto_build +export DH_GOLANG_BUILDPKG := $(AUTHD_GO_PACKAGE)/... \ + $(NULL) + +BUILDDIR := $(CURDIR)/obj-$(DEB_HOST_GNU_TYPE) + %: dh $@ --buildsystem=golang --with=golang,apport @@ -62,13 +70,13 @@ override_dh_auto_configure: override_dh_auto_build: # Build PAM library & Go loader - go generate -x ./pam + DH_GOLANG_GO_GENERATE=1 dh_auto_build -- $(AUTHD_GO_PACKAGE)/pam # Build the NSS library $(CARGO) build --release # Build the daemon - DH_GOLANG_BUILDPKG=github.com/ubuntu/authd/cmd/authd dh_auto_build + dh_auto_build -- $(AUTHD_GO_PACKAGE)/cmd/authd override_dh_auto_test: # We need to specify these Rust related variables to the Go tests in order to build the NSS lib @@ -79,6 +87,9 @@ override_dh_auto_test: override_dh_auto_install: dh_auto_install -- --no-source + # Ignore pam dummy binary + rm debian/authd/usr/bin/pam + # Install daemon in /sbin mv debian/authd/usr/bin/ debian/authd/usr/sbin @@ -86,8 +97,10 @@ override_dh_auto_install: install -Dm644 debian/pam-configs/authd debian/authd/usr/share/pam-configs/authd # Install PAM - install -Dm644 pam/go-loader/pam_go_loader.so debian/authd/$(AUTHD_PAM_MODULES_PATH)/pam_go_loader.so - install -Dm644 pam/pam_authd.so debian/authd/$(AUTHD_PAM_MODULES_PATH)/pam_authd.so + install -m644 $(BUILDDIR)/src/$(AUTHD_GO_PACKAGE)/pam/go-loader/pam_go_loader.so \ + -Dt debian/authd/$(AUTHD_PAM_MODULES_PATH) + install -m644 $(BUILDDIR)/src/$(AUTHD_GO_PACKAGE)/pam/pam_authd.so \ + -Dt debian/authd/$(AUTHD_PAM_MODULES_PATH) # Install NSS # In Rust, HOST actually refers to the build target (see README.Debian in rustc) From 4a649bfe9a71d8e6756152ae1ca946137fce1f4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 15:28:42 +0100 Subject: [PATCH 10/28] debian/rules: Install files without repeating their name Install can be used as an advanced "mv" that makes directories too, so do it so that we don't have to repeat the file names on target. --- debian/rules | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index 4cd7680be..4d2297d61 100755 --- a/debian/rules +++ b/debian/rules @@ -94,7 +94,8 @@ override_dh_auto_install: mv debian/authd/usr/bin/ debian/authd/usr/sbin # Install PAM module configuration - install -Dm644 debian/pam-configs/authd debian/authd/usr/share/pam-configs/authd + install -m644 debian/pam-configs/authd \ + -Dt debian/authd/usr/share/pam-configs # Install PAM install -m644 $(BUILDDIR)/src/$(AUTHD_GO_PACKAGE)/pam/go-loader/pam_go_loader.so \ @@ -104,7 +105,8 @@ override_dh_auto_install: # Install NSS # In Rust, HOST actually refers to the build target (see README.Debian in rustc) - install -Dm644 target/$(DEB_HOST_RUST_TYPE)/release/libnss_authd.so debian/authd/usr/lib/$(DEB_TARGET_GNU_TYPE)/libnss_authd.so.2 + install -m644 target/$(DEB_HOST_RUST_TYPE)/release/libnss_authd.so \ + debian/authd/usr/lib/$(DEB_TARGET_GNU_TYPE)/libnss_authd.so.2 # Install systemd units mkdir -p debian/authd/lib/systemd/system From d08a62898fd5e04f64fbc83f05d9212116f70cf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 17:22:12 +0100 Subject: [PATCH 11/28] tools: Add pam moduler to vendor it --- tools/go.mod | 3 +++ tools/go.sum | 2 ++ tools/tools.go | 1 + 3 files changed, 6 insertions(+) diff --git a/tools/go.mod b/tools/go.mod index cc9def6f5..56b5bc151 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -6,6 +6,7 @@ toolchain go1.21.6 require ( github.com/golangci/golangci-lint v1.56.1 + github.com/msteinert/pam/v2 v2.0.0-00010101000000-000000000000 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 google.golang.org/protobuf v1.32.0 ) @@ -194,3 +195,5 @@ require ( mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect mvdan.cc/unparam v0.0.0-20240104100049-c549a3470d14 // indirect ) + +replace github.com/msteinert/pam/v2 => github.com/3v1n0/go-pam/v2 v2.0.0-20240218173232-e182844e4e11 diff --git a/tools/go.sum b/tools/go.sum index 96b1f6164..912ac5358 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -35,6 +35,8 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/3v1n0/go-pam/v2 v2.0.0-20240218173232-e182844e4e11 h1:zGS1p61QyPZKDpk53NMEy50eNhLB3GILQQf6LnEWgr4= +github.com/3v1n0/go-pam/v2 v2.0.0-20240218173232-e182844e4e11/go.mod h1:KT28NNIcDFf3PcBmNI2mIGO4zZJ+9RSs/At2PB3IDVc= github.com/4meepo/tagalign v1.3.3 h1:ZsOxcwGD/jP4U/aw7qeWu58i7dwYemfy5Y+IF1ACoNw= github.com/4meepo/tagalign v1.3.3/go.mod h1:Q9c1rYMZJc9dPRkbQPpcBNCLEmY2njbAsXhQOZFE2dE= github.com/Abirdcfly/dupword v0.0.13 h1:SMS17YXypwP000fA7Lr+kfyBQyW14tTT+nRv9ASwUUo= diff --git a/tools/tools.go b/tools/tools.go index eccc8dc30..45f6626bd 100644 --- a/tools/tools.go +++ b/tools/tools.go @@ -4,6 +4,7 @@ package tools import ( _ "github.com/golangci/golangci-lint/cmd/golangci-lint" + _ "github.com/msteinert/pam/v2/cmd/pam-moduler" _ "google.golang.org/grpc/cmd/protoc-gen-go-grpc" _ "google.golang.org/protobuf/cmd/protoc-gen-go" ) From 429baeada93991881eedd5f62ba8bd5c52faaaa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 13:15:53 +0100 Subject: [PATCH 12/28] debian/source/options: Exclude rust .a files from source --- debian/source/options | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 debian/source/options diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 000000000..846fc0090 --- /dev/null +++ b/debian/source/options @@ -0,0 +1,8 @@ +tar-ignore = */.git* +tar-ignore = */.go* +tar-ignore = */.editor* +tar-ignore = */.mailmap +tar-ignore = */.vscode +tar-ignore = *.so +tar-ignore = *.o +tar-ignore = vendor_rust/*.a From 759452d253b0094829394f532a4d3225a27b1a3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 22:11:08 +0100 Subject: [PATCH 13/28] debian/control: Do not add an empty paragraph on description --- debian/control | 1 - 1 file changed, 1 deletion(-) diff --git a/debian/control b/debian/control index 275daa124..92fdcc93d 100644 --- a/debian/control +++ b/debian/control @@ -22,7 +22,6 @@ Vcs-Browser: https://github.com/ubuntu/authd Vcs-Git: https://github.com/ubuntu/authd.git Rules-Requires-Root: no Description: Authentication daemon for cloud-based identity provider - . Authd is a versatile authentication service designed to seamlessly integrate with cloud identity providers like OpenID Connect and Entra ID. It offers a secure interface for system authentication, supporting cloud-based identity From 9325b385a726866198ed0b19944bf6f4dac80cef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 22:43:27 +0100 Subject: [PATCH 14/28] pam/generate.sh: Ignore shellcheck warning with reasoning --- pam/generate.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pam/generate.sh b/pam/generate.sh index 535423235..4b28b5db9 100755 --- a/pam/generate.sh +++ b/pam/generate.sh @@ -23,6 +23,8 @@ if [ -v AUTHD_PAM_MODULES_PATH ]; then cc_args+=(-DAUTHD_PAM_MODULES_PATH=\""${AUTHD_PAM_MODULES_PATH}"\") fi +# shellcheck disable=SC2086 +# we do want to do word splitting on flags ${CC:-cc} -o go-loader/"$loader_libname" \ go-loader/module.c ${CFLAGS:-} -Wl,--as-needed -Wl,--allow-shlib-undefined \ -shared -fPIC -Wl,--unresolved-symbols=report-all \ From 2a6fe1fb75ee5b15086e92054d2958d64015d7a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 23:05:47 +0100 Subject: [PATCH 15/28] nss: Explicitly set rustix as a dependency using libc This is something we were forcing at package build level only but it's better to do it all the times --- Cargo.lock | 1 + debian/rules | 1 - nss/Cargo.toml | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index 90c6cb1fb..486be53a7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -597,6 +597,7 @@ dependencies = [ "log", "paste", "prost", + "rustix", "simple_logger", "sysinfo", "syslog", diff --git a/debian/rules b/debian/rules index 4d2297d61..ccfe72d39 100755 --- a/debian/rules +++ b/debian/rules @@ -65,7 +65,6 @@ override_dh_auto_configure: [ ! -e $(DH_CARGO_VENDORED_SOURCES) ] || $(DH_CARGO_VENDORED_SOURCES) DEB_CARGO_CRATE=nss_$(shell dpkg-parsechangelog --show-field Version) \ - RUSTFLAGS="--cfg=rustix_use_libc" \ $(CARGO) prepare-debian $(CARGO_VENDOR_DIR) override_dh_auto_build: diff --git a/nss/Cargo.toml b/nss/Cargo.toml index f6d34bd90..f91521f19 100644 --- a/nss/Cargo.toml +++ b/nss/Cargo.toml @@ -22,6 +22,7 @@ libc = "0.2.152" paste = "1.0.14" tonic = "0.11.0" prost = "0.12.3" +rustix = { version = "0.38.31", features = ["use-libc"] } tokio = { version = "1.35.1", features = ["macros", "rt-multi-thread"] } tower = "0.4.13" log = "0.4.20" From d9361a23d98a08f9e4cae65219a400c696c4ada0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 23:11:17 +0100 Subject: [PATCH 16/28] debian/vendor-rust: Use a temporary CARGO_HOME unless specified We should not depend on developers environment when building a pacakge so use a temporary CARGO_HOME, unless a different one is specified --- debian/vendor-rust.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/debian/vendor-rust.sh b/debian/vendor-rust.sh index 28262bf1d..779edbfe6 100755 --- a/debian/vendor-rust.sh +++ b/debian/vendor-rust.sh @@ -1,10 +1,14 @@ #!/bin/sh set -eu +CARGO_HOME=${DEB_CARGO_HOME:-$(mktemp --tmpdir -d -t "cargo-home-XXXXXX")} +export CARGO_HOME +trap 'rm -rf "$CARGO_HOME"' EXIT INT HUP + # Some crates are shipped with .a files, which get removed by the helpers during the package build as a safety measure. # This results in cargo failing to compile, since the files (which are listed in the checksums) are not there anymore. # For those crates, we need to replace their checksum with a more general one that only lists the crate checksum, instead of each file. -CARGO_HOME=${HOME}/.cargo ${CARGO} vendor "${CARGO_VENDOR_DIR}" +${CARGO} vendor "${CARGO_VENDOR_DIR}" [ ! -e "${DH_CARGO_VENDORED_SOURCES}" ] || ${DH_CARGO_VENDORED_SOURCES} [ -e /usr/bin/jq ] || (echo "jq is required to run this script. Try installing it with 'sudo apt install jq'" && exit 1) From 11d408a944ba4bdf122b0a938ef925cf3b8018cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 23:12:21 +0100 Subject: [PATCH 17/28] debian/rules: Rely more on dh-cargo for buildling the NSS library --- debian/rules | 33 +++++++++++++-------------------- debian/vendor-rust.sh | 2 +- 2 files changed, 14 insertions(+), 21 deletions(-) diff --git a/debian/rules b/debian/rules index ccfe72d39..7f57569ab 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,8 @@ #!/usr/bin/make -f #export DH_VERBOSE = 1 +include /usr/share/rustc/architecture.mk + # The package name for authd, used only locally to avoid repetitions AUTHD_GO_PACKAGE := $(shell grep-dctrl -s XS-Go-Import-Path -n - ./debian/control) @@ -14,15 +16,12 @@ export DPKG_GENSYMBOLS_CHECK_LEVEL := 4 # Copy in build directory all content to embed export DH_GOLANG_INSTALL_ALL := 1 -# The following definitions are necessary because of the manual steps -# we need to do to work around some issues with either dh-cargo, -# the wrapper, or cargo -include /usr/share/rustc/architecture.mk -CARGO := /usr/share/cargo/bin/cargo +# Use the debian cargo wrapper +export CARGO_PATH := /usr/share/cargo/bin/cargo # Needed for Rust vendored sources tracking -DH_CARGO_VENDORED_SOURCES := /usr/share/cargo/bin/dh-cargo-vendored-sources -export CARGO_VENDOR_DIR = vendor_rust +export DH_CARGO_VENDORED_SOURCES := /usr/share/cargo/bin/dh-cargo-vendored-sources +export CARGO_VENDOR_DIR := $(CURDIR)/vendor_rust # Needed for Rust configure/build/test stages export DEB_HOST_GNU_TYPE DEB_HOST_RUST_TYPE @@ -56,33 +55,27 @@ override_dh_auto_clean: [ -d vendor/ ] || go mod vendor # Vendor Rust dependencies when building the source package - [ -d vendor_rust/ ] || \ - CARGO=$(CARGO) DH_CARGO_VENDORED_SOURCES=$(DH_CARGO_VENDORED_SOURCES) \ - CARGO_VENDOR_DIR=$(CARGO_VENDOR_DIR) debian/vendor-rust.sh + [ -d vendor_rust/ ] || debian/vendor-rust.sh + + # Cleanup empty cargo-checksum + rm -f debian/cargo-checksum.json override_dh_auto_configure: dh_auto_configure - [ ! -e $(DH_CARGO_VENDORED_SOURCES) ] || $(DH_CARGO_VENDORED_SOURCES) - DEB_CARGO_CRATE=nss_$(shell dpkg-parsechangelog --show-field Version) \ - $(CARGO) prepare-debian $(CARGO_VENDOR_DIR) + touch debian/cargo-checksum.json + dh_auto_configure --buildsystem=cargo override_dh_auto_build: # Build PAM library & Go loader DH_GOLANG_GO_GENERATE=1 dh_auto_build -- $(AUTHD_GO_PACKAGE)/pam # Build the NSS library - $(CARGO) build --release + $(CARGO_PATH) build --release # Build the daemon dh_auto_build -- $(AUTHD_GO_PACKAGE)/cmd/authd -override_dh_auto_test: - # We need to specify these Rust related variables to the Go tests in order to build the NSS lib - # with the cargo wrapper in the integration tests in order to force cargo to use vendored deps - # instead of querying crates.io for them. - CARGO_PATH=$(CARGO) dh_auto_test - override_dh_auto_install: dh_auto_install -- --no-source diff --git a/debian/vendor-rust.sh b/debian/vendor-rust.sh index 779edbfe6..d273a375c 100755 --- a/debian/vendor-rust.sh +++ b/debian/vendor-rust.sh @@ -8,7 +8,7 @@ trap 'rm -rf "$CARGO_HOME"' EXIT INT HUP # Some crates are shipped with .a files, which get removed by the helpers during the package build as a safety measure. # This results in cargo failing to compile, since the files (which are listed in the checksums) are not there anymore. # For those crates, we need to replace their checksum with a more general one that only lists the crate checksum, instead of each file. -${CARGO} vendor "${CARGO_VENDOR_DIR}" +${CARGO_PATH} vendor "${CARGO_VENDOR_DIR}" [ ! -e "${DH_CARGO_VENDORED_SOURCES}" ] || ${DH_CARGO_VENDORED_SOURCES} [ -e /usr/bin/jq ] || (echo "jq is required to run this script. Try installing it with 'sudo apt install jq'" && exit 1) From 87066ea9f3573ae291421ebfea95ef9bb6c12b53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 00:29:23 +0100 Subject: [PATCH 18/28] debian/docs: Expose the Cargo.locks file in docs This is what dh-cargo does by default, so follow it --- debian/docs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/docs b/debian/docs index 103c946db..667a60181 100644 --- a/debian/docs +++ b/debian/docs @@ -1,2 +1,4 @@ # Vendored dependency contains an Apache NOTICE vendor/gopkg.in/yaml.v3/NOTICE +# Vendored rust dependencies +Cargo.lock From d8c49d8fff55000a4686a5bab9bbb211cbc92016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 00:34:38 +0100 Subject: [PATCH 19/28] debian: Fill the built using information for rust --- debian/control | 4 +++- debian/rules | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 92fdcc93d..a423eff9f 100644 --- a/debian/control +++ b/debian/control @@ -31,7 +31,9 @@ Description: Authentication daemon for cloud-based identity provider Package: authd Architecture: any -Built-Using: ${misc:Built-Using}, +Built-Using: ${misc:Built-Using}, ${cargo:Built-Using} +Static-Built-Using: ${misc:Static-Built-Using}, ${cargo:Static-Built-Using}, +X-Cargo-Built-Using: ${cargo:X-Cargo-Built-Using}, Depends: ${shlibs:Depends}, ${misc:Depends}, Description: ${source:Synopsis} diff --git a/debian/rules b/debian/rules index 7f57569ab..aaa948bd7 100755 --- a/debian/rules +++ b/debian/rules @@ -82,6 +82,9 @@ override_dh_auto_install: # Ignore pam dummy binary rm debian/authd/usr/bin/pam + # Fills the built-using variables for rust + /usr/share/cargo/bin/dh-cargo-built-using authd + # Install daemon in /sbin mv debian/authd/usr/bin/ debian/authd/usr/sbin From a240959077276b6588e1592ad8774262dc37f25f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 22 Feb 2024 22:10:24 +0100 Subject: [PATCH 20/28] debian/control: Depend on pkgconf not on legacy pkg-config The latter was the legacy name --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index a423eff9f..170126286 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,7 @@ Build-Depends: debhelper-compat (= 13), jq, libc6-dev (>= 2.35), libpam0g-dev, - pkg-config, + pkgconf, protobuf-compiler, Standards-Version: 4.6.2 XS-Go-Import-Path: github.com/ubuntu/authd From be209794b0601baa8e76eac5ae4929aea33450ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 00:47:01 +0100 Subject: [PATCH 21/28] debian/copyright: Remove superflous patterns --- debian/copyright | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/debian/copyright b/debian/copyright index f00880c66..7b116b3ac 100644 --- a/debian/copyright +++ b/debian/copyright @@ -321,10 +321,6 @@ Files: vendor_rust/errno/* Copyright: 2014 Chris Wong License: MIT -Files: vendor_rust/errno-dragonfly/* -Copyright: 2017 Michael Neumann -License: MIT - Files: vendor_rust/error-chain/* Copyright: 2017 The Error-Chain Project Developers License: MIT @@ -384,10 +380,6 @@ Files: vendor_rust/hyper-timeout/* Copyright: 2016 The weldr Project Developers License: MIT -Files: vendor_rust/is-terminal/* -Copyright: 2015-2019 Doug Tangren -License: MIT - Files: vendor_rust/matchit/* Copyright: 2022 Ibraheem Ahmed License: MIT @@ -425,10 +417,6 @@ Files: vendor_rust/rand/* Copyright: 2018 Developers of the Rand project / 2014 The Rust Project Developers License: MIT -Files: vendor_rust/redox_syscall/* -Copyright: 2017 Redox OS Developers -License: MIT - Files: vendor_rust/simple_logger/* Copyright: 2015-2021 Sam Clements License: MIT From e9abc721a8fb85d1cc791ae70f23f9eaa2a37d67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 00:57:08 +0100 Subject: [PATCH 22/28] debian/rules: Install systemd units under /usr Installing outside /usr is something that debian is deprecating --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index aaa948bd7..7e46d3542 100755 --- a/debian/rules +++ b/debian/rules @@ -105,7 +105,7 @@ override_dh_auto_install: # Install systemd units mkdir -p debian/authd/lib/systemd/system - install -m644 systemd/* debian/authd/lib/systemd/system/ + install -m644 systemd/* debian/authd/usr/lib/systemd/system/ # Install gdm-PAM config file dh_installpam -pauthd --name=gdm-authd From b8e04ebadbee24442baebe28fccfd5be4bf63f0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 00:57:47 +0100 Subject: [PATCH 23/28] debian: Use install file to install artifacts It allows more fine-grained control on what goes in the install path and avoids missing files --- debian/control | 1 + debian/install | 17 +++++++++++++++++ debian/not-installed | 1 + debian/rules | 32 +++++--------------------------- 4 files changed, 24 insertions(+), 27 deletions(-) create mode 100755 debian/install create mode 100644 debian/not-installed diff --git a/debian/control b/debian/control index 170126286..a60a9e2a6 100644 --- a/debian/control +++ b/debian/control @@ -6,6 +6,7 @@ Build-Depends: debhelper-compat (= 13), dbus , dh-apport, dh-cargo, + dh-exec, dh-golang, dctrl-tools, golang-go (>= 2:1.21~), diff --git a/debian/install b/debian/install new file mode 100755 index 000000000..e9e96b409 --- /dev/null +++ b/debian/install @@ -0,0 +1,17 @@ +#!/usr/bin/dh-exec + +# Install daemon in /sbin +usr/bin/authd /usr/sbin/ + +# pam-auth-update files +debian/pam-configs/* /usr/share/pam-configs + +# PAM libraries +${env:BUILT_PAM_LIBS_PATH}/pam_authd.so ${env:AUTHD_PAM_MODULES_PATH} +${env:BUILT_PAM_LIBS_PATH}/go-loader/pam_go_loader.so ${env:AUTHD_PAM_MODULES_PATH} + +# Install NSS library with right soname +target/${DEB_HOST_RUST_TYPE}/release/libnss_authd.so => /usr/lib/${DEB_TARGET_GNU_TYPE}/libnss_authd.so.2 + +# Install systemd units +systemd/authd.* /usr/lib/systemd/system/ diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 000000000..6158144b6 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1 @@ +usr/bin/pam diff --git a/debian/rules b/debian/rules index 7e46d3542..482220538 100755 --- a/debian/rules +++ b/debian/rules @@ -44,8 +44,11 @@ export DH_GOLANG_BUILDPKG := $(AUTHD_GO_PACKAGE)/... \ BUILDDIR := $(CURDIR)/obj-$(DEB_HOST_GNU_TYPE) +export BUILT_PAM_LIBS_PATH := obj-$(DEB_HOST_GNU_TYPE)/src/$(AUTHD_GO_PACKAGE)/pam + %: - dh $@ --buildsystem=golang --with=golang,apport + # --without=single-binary can be removed with dh 15. + dh $@ --buildsystem=golang --with=golang,apport --without=single-binary override_dh_auto_clean: dh_auto_clean @@ -77,35 +80,10 @@ override_dh_auto_build: dh_auto_build -- $(AUTHD_GO_PACKAGE)/cmd/authd override_dh_auto_install: - dh_auto_install -- --no-source - - # Ignore pam dummy binary - rm debian/authd/usr/bin/pam + dh_auto_install --destdir=debian/tmp -- --no-source # Fills the built-using variables for rust /usr/share/cargo/bin/dh-cargo-built-using authd - # Install daemon in /sbin - mv debian/authd/usr/bin/ debian/authd/usr/sbin - - # Install PAM module configuration - install -m644 debian/pam-configs/authd \ - -Dt debian/authd/usr/share/pam-configs - - # Install PAM - install -m644 $(BUILDDIR)/src/$(AUTHD_GO_PACKAGE)/pam/go-loader/pam_go_loader.so \ - -Dt debian/authd/$(AUTHD_PAM_MODULES_PATH) - install -m644 $(BUILDDIR)/src/$(AUTHD_GO_PACKAGE)/pam/pam_authd.so \ - -Dt debian/authd/$(AUTHD_PAM_MODULES_PATH) - - # Install NSS - # In Rust, HOST actually refers to the build target (see README.Debian in rustc) - install -m644 target/$(DEB_HOST_RUST_TYPE)/release/libnss_authd.so \ - debian/authd/usr/lib/$(DEB_TARGET_GNU_TYPE)/libnss_authd.so.2 - - # Install systemd units - mkdir -p debian/authd/lib/systemd/system - install -m644 systemd/* debian/authd/usr/lib/systemd/system/ - # Install gdm-PAM config file dh_installpam -pauthd --name=gdm-authd From 7fa55860d27b7e9ce1a6dd49114f76cc073116ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 15:12:20 +0100 Subject: [PATCH 24/28] debian: Use dh-systemd to install systemd services It handles upgrades and removal properly, keeping track of the service state. --- {systemd => debian}/authd.service | 0 {systemd => debian}/authd.socket | 0 debian/install | 3 --- 3 files changed, 3 deletions(-) rename {systemd => debian}/authd.service (100%) rename {systemd => debian}/authd.socket (100%) diff --git a/systemd/authd.service b/debian/authd.service similarity index 100% rename from systemd/authd.service rename to debian/authd.service diff --git a/systemd/authd.socket b/debian/authd.socket similarity index 100% rename from systemd/authd.socket rename to debian/authd.socket diff --git a/debian/install b/debian/install index e9e96b409..1125ea40e 100755 --- a/debian/install +++ b/debian/install @@ -12,6 +12,3 @@ ${env:BUILT_PAM_LIBS_PATH}/go-loader/pam_go_loader.so ${env:AUTHD_PAM_MODULES_PA # Install NSS library with right soname target/${DEB_HOST_RUST_TYPE}/release/libnss_authd.so => /usr/lib/${DEB_TARGET_GNU_TYPE}/libnss_authd.so.2 - -# Install systemd units -systemd/authd.* /usr/lib/systemd/system/ From 9aae433e1d6cf3c597569d92615bbbb2613c2a77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 11:57:41 +0100 Subject: [PATCH 25/28] debian/tests: Use a script to launch autopkgtests It makes things easier to catch and at the same time we can enforce more things such as disable internet access and force using local go toolchain --- debian/tests/control | 3 ++- debian/tests/run-tests.sh | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100755 debian/tests/run-tests.sh diff --git a/debian/tests/control b/debian/tests/control index b2bf325c6..07a0fcc3c 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,3 +1,4 @@ -Test-Command: AUTHD_SKIP_EXTERNAL_DEPENDENT_TESTS=1 go test -v -mod=vendor ./... +Test-Command: debian/tests/run-tests.sh +Features: test-name=go_tests Restrictions: allow-stderr Depends: @builddeps@ diff --git a/debian/tests/run-tests.sh b/debian/tests/run-tests.sh new file mode 100755 index 000000000..10bdda5fa --- /dev/null +++ b/debian/tests/run-tests.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -exuo pipefail + +export AUTHD_SKIP_EXTERNAL_DEPENDENT_TESTS=1 +export GOPROXY=off +export GOTOOLCHAIN=local + +go test -v ./... From f59f9ea2dd8497847281a0e88c8f8e730bbfd7d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Fri, 23 Feb 2024 02:00:31 +0100 Subject: [PATCH 26/28] systemd, debian: Install authd in /usr/libexec authd is not a program that is meant to be ran by user, so there's no point for it being in PATH, as it's systemd running it. So move it where most daemons stay these daysystemd, debian: Install authd in /usr/libexec authd is not a program that is meant to be ran by user, so there's no point for it being in PATH, as it's systemd running it. So move it where most daemons stay these days --- debian/authd.service | 2 +- debian/install | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/authd.service b/debian/authd.service index 2b87e2a35..f3ae33c02 100644 --- a/debian/authd.service +++ b/debian/authd.service @@ -6,7 +6,7 @@ PartOf=authd.socket [Service] Type=notify -ExecStart=/usr/sbin/authd +ExecStart=/usr/libexec/authd # Some daemon restrictions LockPersonality=yes diff --git a/debian/install b/debian/install index 1125ea40e..2d5b5fd4e 100755 --- a/debian/install +++ b/debian/install @@ -1,7 +1,7 @@ #!/usr/bin/dh-exec -# Install daemon in /sbin -usr/bin/authd /usr/sbin/ +# Install daemon +usr/bin/authd /usr/libexec # pam-auth-update files debian/pam-configs/* /usr/share/pam-configs From bea5daacc368701d491fb391e536976a69d04271 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Mon, 26 Feb 2024 14:37:00 +0100 Subject: [PATCH 27/28] debian/rules: Explicitly set GOTOOLCHAIN=local This is something that also dh-golang does but for some reason it's not picked up during build and so we may fail if bumping the toolchain --- debian/rules | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/debian/rules b/debian/rules index 482220538..a7a105a90 100755 --- a/debian/rules +++ b/debian/rules @@ -16,6 +16,10 @@ export DPKG_GENSYMBOLS_CHECK_LEVEL := 4 # Copy in build directory all content to embed export DH_GOLANG_INSTALL_ALL := 1 +# We want to take whatever ubuntu propose to us (as it won’t download a newer version), +# as long as it matches the go.mod go stenza which is the language requirement. +export GOTOOLCHAIN := local + # Use the debian cargo wrapper export CARGO_PATH := /usr/share/cargo/bin/cargo From 87985bd43df0ff10a0ff3ad4487a70f61d3bb3e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Mon, 26 Feb 2024 16:30:27 +0100 Subject: [PATCH 28/28] debian/rules: Do not hardcode the authd daemons path --- debian/{authd.service => authd.service.in} | 2 +- debian/install | 2 +- debian/rules | 10 ++++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) rename debian/{authd.service => authd.service.in} (95%) diff --git a/debian/authd.service b/debian/authd.service.in similarity index 95% rename from debian/authd.service rename to debian/authd.service.in index f3ae33c02..94030a892 100644 --- a/debian/authd.service +++ b/debian/authd.service.in @@ -6,7 +6,7 @@ PartOf=authd.socket [Service] Type=notify -ExecStart=/usr/libexec/authd +ExecStart=@AUTHD_DAEMONS_PATH@/authd # Some daemon restrictions LockPersonality=yes diff --git a/debian/install b/debian/install index 2d5b5fd4e..180aa90b8 100755 --- a/debian/install +++ b/debian/install @@ -1,7 +1,7 @@ #!/usr/bin/dh-exec # Install daemon -usr/bin/authd /usr/libexec +usr/bin/authd ${env:AUTHD_DAEMONS_PATH} # pam-auth-update files debian/pam-configs/* /usr/share/pam-configs diff --git a/debian/rules b/debian/rules index a7a105a90..3002aea43 100755 --- a/debian/rules +++ b/debian/rules @@ -34,6 +34,9 @@ export CARGO_HOME = $(CURDIR)/debian/cargo_home # Needed by the pam module loader export AUTHD_PAM_MODULES_PATH = /usr/lib/$(DEB_TARGET_GNU_TYPE)/security +# Used not to hardcore the daemons paths +export AUTHD_DAEMONS_PATH := /usr/libexec + # Skip some tests that rely on external dependencies when building package: # they need external commands (e.g. `vhs`) that are not available in the build environment. export AUTHD_SKIP_EXTERNAL_DEPENDENT_TESTS=1 @@ -67,12 +70,19 @@ override_dh_auto_clean: # Cleanup empty cargo-checksum rm -f debian/cargo-checksum.json + # Cleanup generated service files + rm -f debian/*.service + override_dh_auto_configure: dh_auto_configure touch debian/cargo-checksum.json dh_auto_configure --buildsystem=cargo + for i in debian/*.service.in; do \ + sed s,@AUTHD_DAEMONS_PATH@,$(AUTHD_DAEMONS_PATH),g $$i > $${i%.*}; \ + done + override_dh_auto_build: # Build PAM library & Go loader DH_GOLANG_GO_GENERATE=1 dh_auto_build -- $(AUTHD_GO_PACKAGE)/pam