improve-for-first-release #1
8 changed files with 150 additions and 5 deletions
5
.gitignore
vendored
5
.gitignore
vendored
|
@ -1,9 +1,10 @@
|
||||||
*.pem
|
*.pem
|
||||||
.idea/
|
.idea/
|
||||||
/cacert-idp
|
/cacert-idp
|
||||||
|
/dist/
|
||||||
|
/idp.toml
|
||||||
/static
|
/static
|
||||||
/ui/css/
|
/ui/css/
|
||||||
/ui/images/
|
/ui/images/
|
||||||
/ui/js/
|
/ui/js/
|
||||||
certs/
|
certs/
|
||||||
idp.toml
|
|
57
.goreleaser.yml
Normal file
57
.goreleaser.yml
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
---
|
||||||
|
project_name: cacert-oidc-idp
|
||||||
|
before:
|
||||||
|
hooks:
|
||||||
|
# You may remove this if you don't use go modules.
|
||||||
|
- go mod tidy
|
||||||
|
builds:
|
||||||
|
- id: linux-amd64
|
||||||
|
main: ./cmd/idp
|
||||||
|
binary: cacert-idp
|
||||||
|
env:
|
||||||
|
- CGO_ENABLED=0
|
||||||
|
goos:
|
||||||
|
- linux
|
||||||
|
goarch:
|
||||||
|
- amd64
|
||||||
|
archives:
|
||||||
|
- id: cacert-oidc-idp
|
||||||
|
builds:
|
||||||
|
- linux-amd64
|
||||||
|
checksum:
|
||||||
|
name_template: 'checksums.txt'
|
||||||
|
snapshot:
|
||||||
|
name_template: "{{ .Tag }}-next"
|
||||||
|
changelog:
|
||||||
|
sort: asc
|
||||||
|
filters:
|
||||||
|
exclude:
|
||||||
|
- '^docs:'
|
||||||
|
- '^test:'
|
||||||
|
nfpms:
|
||||||
|
-
|
||||||
|
package_name: cacert-oidc-idp
|
||||||
|
file_name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Arch }}"
|
||||||
|
maintainer: Jan Dittberner <jandd@cacert.org>
|
||||||
|
homepage: https://code.cacert.org/cacert/oidc_idp
|
||||||
|
description: |-
|
||||||
|
OpenID Connect IDP for the ORY Hydra authorization API server in Go
|
||||||
|
license: Apache 2.0
|
||||||
|
formats:
|
||||||
|
- deb
|
||||||
|
priority: optional
|
||||||
|
bindir: /usr/bin
|
||||||
|
contents:
|
||||||
|
- src: README.md
|
||||||
|
dst: /usr/share/doc/cacert-oidc-idp/README.md
|
||||||
|
- src: changelog.md
|
||||||
|
dst: /usr/share/doc/cacert-oidc-idp/changelog.md
|
||||||
|
- src: docs/idp.toml
|
||||||
|
dst: /usr/share/doc/cacert-oidc-idp/examples/idp.toml
|
||||||
|
- src: docs/cacert-oidc-idp.service
|
||||||
|
dst: /lib/systemd/system/cacert-oidc-idp.service
|
||||||
|
scripts:
|
||||||
|
postinstall: ./debian/postinst
|
||||||
|
gitea_urls:
|
||||||
|
api: https://code.cacert.org/api/v1/
|
||||||
|
download: https://code.cacert.org
|
5
Makefile
5
Makefile
|
@ -1,4 +1,4 @@
|
||||||
GOFILES = $(wildcard */*.go)
|
GOFILES = $(shell find -type f -name '*.go')
|
||||||
TEMPLATES = $(wildcard ui/templates/*.gohtml)
|
TEMPLATES = $(wildcard ui/templates/*.gohtml)
|
||||||
TRANSLATIONS = $(wildcard translations/active.*.toml)
|
TRANSLATIONS = $(wildcard translations/active.*.toml)
|
||||||
RESOURCES = ui/css ui/images ui/js
|
RESOURCES = ui/css ui/images ui/js
|
||||||
|
@ -30,10 +30,9 @@ lint: $(GOFILES)
|
||||||
golangci-lint run --verbose
|
golangci-lint run --verbose
|
||||||
|
|
||||||
cacert-idp: go.sum $(GOFILES) $(TEMPLATES) translations $(RESOURCES)
|
cacert-idp: go.sum $(GOFILES) $(TEMPLATES) translations $(RESOURCES)
|
||||||
CGO_ENABLED=0 go build -o $@ ./cmd/idp.go
|
CGO_ENABLED=0 go build -o $@ ./cmd/idp
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -rf cacert-idp ui/css ui/js ui/images
|
rm -rf cacert-idp ui/css ui/js ui/images
|
||||||
|
|
||||||
.PHONY: all translations clean lint
|
.PHONY: all translations clean lint
|
||||||
|
|
||||||
|
|
10
changelog.md
Normal file
10
changelog.md
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# Changelog
|
||||||
|
|
||||||
|
All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||||
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
## Unreleased
|
||||||
|
### Changed
|
||||||
|
- initial release
|
46
debian/postinst
vendored
Executable file
46
debian/postinst
vendored
Executable file
|
@ -0,0 +1,46 @@
|
||||||
|
#!/bin/dash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
configure)
|
||||||
|
[ -f "/etc/default/cacert-oidc-idp" ] && . /etc/default/cacert-oidc-idp
|
||||||
|
|
||||||
|
[ -z "$OIDC_IDP_HOME" ] && OIDC_IDP_HOME=/var/lib/oidc-idp
|
||||||
|
[ -z "$OIDC_IDP_USER" ] && OIDC_IDP_USER=cacert-oidc-idp
|
||||||
|
[ -z "$OIDC_IDP_NAME" ] && OIDC_IDP_NAME="CAcert OIDC IDP"
|
||||||
|
[ -z "$OIDC_IDP_GROUP" ] && OIDC_IDP_GROUP=cacert-oidc-idp
|
||||||
|
|
||||||
|
# create user to avoid running cacert-oidc-idp as root
|
||||||
|
# 1. create group if not existing
|
||||||
|
if ! getent group | grep -q "^$OIDC_IDP_GROUP" ; then
|
||||||
|
echo -n "Adding group $OIDC_IDP_GROUP.."
|
||||||
|
addgroup --quiet --system $OIDC_IDP_GROUP 2>/dev/null || true
|
||||||
|
echo "..done"
|
||||||
|
fi
|
||||||
|
# 2. create homedir if not existing
|
||||||
|
test -d "$OIDC_IDP_HOME" || mkdir "$OIDC_IDP_HOME"
|
||||||
|
# 3. create user if not existing
|
||||||
|
if ! getent passwd | grep -q "^$OIDC_IDP_USER"; then
|
||||||
|
echo -n "Adding system user $OIDC_IDP_USER.."
|
||||||
|
adduser --quiet \
|
||||||
|
--system \
|
||||||
|
--ingroup $OIDC_IDP_GROUP \
|
||||||
|
--no-create-home \
|
||||||
|
--disabled-password \
|
||||||
|
$OIDC_IDP_USER 2>/dev/null || true
|
||||||
|
echo "..done"
|
||||||
|
fi
|
||||||
|
# 4. adjust passwd entry
|
||||||
|
usermod -c "$OIDC_IDP_NAME" \
|
||||||
|
-d $OIDC_IDP_HOME \
|
||||||
|
-g $OIDC_IDP_GROUP \
|
||||||
|
$OIDC_IDP_USER || true
|
||||||
|
# 5. adjust file and directory permissions
|
||||||
|
if ! dpkg-statoverride --list $OIDC_IDP_HOME >/dev/null
|
||||||
|
then
|
||||||
|
chown -R $OIDC_IDP_USER:adm $OIDC_IDP_HOME
|
||||||
|
chmod u=rwx,g=rxs,o= $OIDC_IDP_HOME
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
13
docs/cacert-oidc-idp.service
Normal file
13
docs/cacert-oidc-idp.service
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
[Unit]
|
||||||
|
Description=CAcert OpenID Connect Identity Provider for ORY Hydra
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
ExecCondition=/bin/sh -c 'test -f /etc/cacert-oidc-idp/idp.toml'
|
||||||
|
ExecStart=/usr/bin/cacert-oidc-idp --config /etc/cacert-oidc-idp/idp.toml'
|
||||||
|
StateDirectory=cacert-oidc-idp
|
||||||
|
User=cacert-oidc-idp
|
||||||
|
Group=cacert-oidc-idp
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
19
docs/idp.toml
Normal file
19
docs/idp.toml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
[security]
|
||||||
|
# random key for CSRF protection, must be 32 bytes, generate with openssl rand -base64 32
|
||||||
|
csrf.key = "32-byte-long-random-base64-encoded-key"
|
||||||
|
# CA certificates that are accepted to sign client certificates
|
||||||
|
client.ca-file = "client.cas.pem"
|
||||||
|
|
||||||
|
[server]
|
||||||
|
# server IP address
|
||||||
|
name = "127.0.0.1"
|
||||||
|
# server port
|
||||||
|
port = 3443
|
||||||
|
# server TLS X.509 certificate in PEM format
|
||||||
|
certificate = "server.crt.pem"
|
||||||
|
# private key for TLS
|
||||||
|
key = "server.key.pem"
|
||||||
|
|
||||||
|
[admin]
|
||||||
|
# URL to ORY Hydra admin endpoint URL
|
||||||
|
url = "https://hydra:4445"
|
Loading…
Reference in a new issue