From 21c2411cf57229ebbe3cabc8a171da5ecdd2ed07 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sat, 29 Jul 2023 18:23:28 +0200 Subject: [PATCH] Add packaging via goreleaser --- .goreleaser.yml | 57 ++++++++++++++++++++++++++ changelog.md | 10 +++++ debian/postinst | 68 +++++++++++++++++++++++++++++++ docs/cacert-oidc-demo-app.service | 13 ++++++ docs/demo-app.toml | 17 ++++++++ 5 files changed, 165 insertions(+) create mode 100644 .goreleaser.yml create mode 100644 changelog.md create mode 100755 debian/postinst create mode 100644 docs/cacert-oidc-demo-app.service create mode 100644 docs/demo-app.toml diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..a038e64 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,57 @@ +--- +project_name: cacert-oidc-demo-app +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy +builds: + - id: linux-amd64 + main: ./cmd/app + binary: cacert-oidc-demo-app + env: + - CGO_ENABLED=0 + goos: + - linux + goarch: + - amd64 +archives: + - id: cacert-oidc-demo-app + builds: + - linux-amd64 +checksum: + name_template: 'checksums.txt' +snapshot: + name_template: "{{ .Tag }}-next" +changelog: + sort: asc + filters: + exclude: + - '^docs:' + - '^test:' +nfpms: + - + package_name: cacert-oidc-demo-app + file_name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Arch }}" + maintainer: Jan Dittberner + homepage: https://code.cacert.org/cacert/oidc-demo-app + description: |- + OpenID Connect demo application in Go + license: Apache 2.0 + formats: + - deb + priority: optional + bindir: /usr/bin + contents: + - src: README.md + dst: /usr/share/doc/cacert-oidc-demo-app/README.md + - src: changelog.md + dst: /usr/share/doc/cacert-oidc-demo-app/changelog.md + - src: docs/demo-app.toml + dst: /usr/share/doc/cacert-oidc-idp/examples/demo-app.toml + - src: docs/cacert-oidc-demo-app.service + dst: /lib/systemd/system/cacert-oidc-demo-app.service + scripts: + postinstall: ./debian/postinst +gitea_urls: + api: https://code.cacert.org/api/v1/ + download: https://code.cacert.org diff --git a/changelog.md b/changelog.md new file mode 100644 index 0000000..94d7279 --- /dev/null +++ b/changelog.md @@ -0,0 +1,10 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## Unreleased +### Changed +- initial release diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..a033673 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,68 @@ +#!/bin/dash + +set -e + +case "$1" in + configure) + [ -f "/etc/default/cacert-oidc-demo-app" ] && . /etc/default/cacert-oidc-demo-app + + [ -z "$OIDC_DEMO_APP_HOME" ] && OIDC_DEMO_APP_HOME=/var/lib/oidc-demo-app + [ -z "$OIDC_DEMO_APP_USER" ] && OIDC_DEMO_APP_USER=cacert-demo + [ -z "$OIDC_DEMO_APP_NAME" ] && OIDC_DEMO_APP_NAME="CAcert OIDC Demo" + [ -z "$OIDC_DEMO_APP_GROUP" ] && OIDC_DEMO_APP_GROUP=cacert-demo + + # create user to avoid running cacert-oidc-demo-app as root + # 1. create group if not existing + if ! getent group | grep -q "^$OIDC_DEMO_APP_GROUP" ; then + echo -n "Adding group $OIDC_DEMO_APP_GROUP.." + addgroup --quiet --system $OIDC_DEMO_APP_GROUP 2>/dev/null || true + echo "..done" + fi + # 2. create homedir if not existing + test -d "$OIDC_DEMO_APP_HOME" || mkdir "$OIDC_DEMO_APP_HOME" + # 3. create user if not existing + if ! getent passwd | grep -q "^$OIDC_DEMO_APP_USER"; then + echo -n "Adding system user $OIDC_DEMO_APP_USER.." + adduser --quiet \ + --system \ + --ingroup $OIDC_DEMO_APP_GROUP \ + --no-create-home \ + --disabled-password \ + $OIDC_DEMO_APP_USER 2>/dev/null || true + echo "..done" + fi + # 4. adjust passwd entry + usermod -c "$OIDC_DEMO_APP_NAME" \ + -d $OIDC_DEMO_APP_HOME \ + -g $OIDC_DEMO_APP_GROUP \ + $OIDC_DEMO_APP_USER || true + # 5. adjust file and directory permissions + if ! dpkg-statoverride --list $OIDC_DEMO_APP_HOME >/dev/null + then + chown -R $OIDC_DEMO_APP_USER:adm $OIDC_DEMO_APP_HOME + chmod u=rwx,g=rxs,o= $OIDC_DEMO_APP_HOME + fi + ;; +esac + +UNIT="cacert-oidc-demo-app.service" + +case "$1" in + 'configure' | 'abort-upgrade' | 'abort-deconfigure' | 'abort-remove') + # systemctl daemon-reload + # systemctl --global enable $UNIT + # This will only remove masks created by d-s-h on package removal. + deb-systemd-helper unmask $UNIT >/dev/null || true + + # was-enabled defaults to true, so new installations run enable. + if deb-systemd-helper --quiet was-enabled $UNIT ; then + # Enables the unit on first installation, creates new + # symlinks on upgrades if the unit file has changed. + deb-systemd-helper enable $UNIT >/dev/null || true + else + # Update the statefile to add new symlinks (if any), which need to be + # cleaned up on purge. Also remove old symlinks. + deb-systemd-helper update-state $UNIT >/dev/null || true + fi + ;; +esac \ No newline at end of file diff --git a/docs/cacert-oidc-demo-app.service b/docs/cacert-oidc-demo-app.service new file mode 100644 index 0000000..cf0a122 --- /dev/null +++ b/docs/cacert-oidc-demo-app.service @@ -0,0 +1,13 @@ +[Unit] +Description=CAcert OpenID Connect demo application + +[Service] +AmbientCapabilities=CAP_NET_BIND_SERVICE +ExecCondition=/bin/sh -c 'test -f /etc/cacert-oidc-demo-app/demo-app.toml' +ExecStart=/usr/bin/cacert-oidc-demo-app --conf /etc/cacert-oidc-demo-app/demo-app.toml +StateDirectory=cacert-oidc-demo-app +User=cacert-demo +Group=cacert-demo + +[Install] +WantedBy=multi-user.target diff --git a/docs/demo-app.toml b/docs/demo-app.toml new file mode 100644 index 0000000..fcd5555 --- /dev/null +++ b/docs/demo-app.toml @@ -0,0 +1,17 @@ +[oidc] +client-id = "" +client-secret = "" +server = "https://authserver.cacert.org/" + +[session] +auth-key = "<64-byte-base64-random-key>" +enc-key = "<32-byte-base64-random-key>" +path = "/var/lib/cacert-oidc-demo-app/sessions" + +[server] +key = "/etc/ssl/private/app.cacert.localhost-key.pem" +certificate = "/etc/ssl/public/app.cacert.localhost.pem" + +[log] +# default log level is info +level = "warn"