Date: Sun, 10 Aug 2014 23:27:34 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r364582 - in head/net: . google-daemon google-daemon/files Message-ID: <53e7ffe7.2e06.6baf6b58@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Sun Aug 10 23:27:34 2014 New Revision: 364582 URL: http://svnweb.freebsd.org/changeset/ports/364582 QAT: https://qat.redports.org/buildarchive/r364582/ Log: net/google-daemon: add net/google-daemon, user daemon for Google Compute Engine Google daemon runs in the background and provides the following services: - Creates new accounts based on the instance metadata. - Configures ssh to accept the accounts' public keys from the instance metadata. Added: head/net/google-daemon/ head/net/google-daemon/Makefile (contents, props changed) head/net/google-daemon/distinfo (contents, props changed) head/net/google-daemon/files/ head/net/google-daemon/files/google-accounts-manager.in (contents, props changed) head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts.py (contents, props changed) head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts_manager.py (contents, props changed) head/net/google-daemon/files/patch-usr__share__google__google_daemon__utils.py (contents, props changed) head/net/google-daemon/pkg-descr (contents, props changed) head/net/google-daemon/pkg-plist (contents, props changed) Modified: head/net/Makefile Modified: head/net/Makefile ============================================================================== --- head/net/Makefile Sun Aug 10 22:41:40 2014 (r364581) +++ head/net/Makefile Sun Aug 10 23:27:34 2014 (r364582) @@ -167,6 +167,7 @@ SUBDIR += gogoc SUBDIR += googlecl SUBDIR += google-cloud-sdk + SUBDIR += google-daemon SUBDIR += gopher SUBDIR += gotthard SUBDIR += gpxe Added: head/net/google-daemon/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/google-daemon/Makefile Sun Aug 10 23:27:34 2014 (r364582) @@ -0,0 +1,43 @@ +# Created by: Steve Wills <swills@freebsd.org> +# $FreeBSD$ + +PORTNAME= google-daemon +PORTVERSION= 1.1.5 +CATEGORIES= net +MASTER_SITES= https://github.com/GoogleCloudPlatform/compute-image-packages/archive/${PORTVERSION}.tar.gz?dummy=/ + +MAINTAINER= swills@freebsd.org +COMMENT= Google daemon for use with Google Cloud Compute Engine + +BUILD_DEPENDS= python:${PORTSDIR}/lang/python +RUN_DEPENDS= python:${PORTSDIR}/lang/python \ + sudo:${PORTSDIR}/security/sudo + +USES= python shebangfix +USE_RC_SUBR= google-accounts-manager +WRKSRC= ${WRKDIR}/compute-image-packages-${PORTVERSION}/${PORTNAME} + +SHEBANG_FILES= usr/share/google/google_daemon/accounts.py \ + usr/share/google/google_daemon/accounts_manager.py \ + usr/share/google/google_daemon/accounts_manager_daemon.py \ + usr/share/google/google_daemon/address_manager.py \ + usr/share/google/google_daemon/desired_accounts.py \ + usr/share/google/google_daemon/manage_accounts.py \ + usr/share/google/google_daemon/manage_addresses.py \ + usr/share/google/google_daemon/utils.py + +post-patch: + @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \ + ${WRKSRC}/usr/share/google/google_daemon/accounts.py \ + ${WRKSRC}/usr/share/google/google_daemon/accounts_manager.py \ + ${WRKSRC}/usr/share/google/google_daemon/utils.py + @${RM} ${WRKSRC}/usr/share/google/google_daemon/*.bak \ + ${WRKSRC}/usr/share/google/google_daemon/*.orig + +do-build: + ${PYTHON_CMD} -m compileall ${WRKSRC}/usr/share/google/google_daemon + +do-install: + cd ${WRKSRC}/usr/share ; ${COPYTREE_BIN} google ${STAGEDIR}${PREFIX}/share + +.include <bsd.port.mk> Added: head/net/google-daemon/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/google-daemon/distinfo Sun Aug 10 23:27:34 2014 (r364582) @@ -0,0 +1,2 @@ +SHA256 (google-daemon-1.1.5.tar.gz) = 98462e45e53839a93c935f78b4475e7668043c5ac51f5c36e1fe31760cb9d0a1 +SIZE (google-daemon-1.1.5.tar.gz) = 68438 Added: head/net/google-daemon/files/google-accounts-manager.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/google-daemon/files/google-accounts-manager.in Sun Aug 10 23:27:34 2014 (r364582) @@ -0,0 +1,27 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: google-accounts-manager +# BEFORE: LOGIN +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable google-accounts-manager: +# +# google_accounts_manager_enable="YES" +# + +. /etc/rc.subr + +name="google_accounts_manager" +rcvar="google_accounts_manager_enable" + +command_interpreter="%%PREFIX%%/bin/python" +command=%%PREFIX%%/share/google/google_daemon/manage_accounts.py +pidfile=/var/run/manage_accounts.pid +command_args=--daemon + +google_accounts_manager_enable=${google_accounts_manager_enable:-"NO"} + +load_rc_config "${name}" +run_rc_command "$1" Added: head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts.py ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts.py Sun Aug 10 23:27:34 2014 (r364582) @@ -0,0 +1,99 @@ +--- ./usr/share/google/google_daemon/accounts.py.orig 2014-08-10 19:54:08.843933565 +0000 ++++ ./usr/share/google/google_daemon/accounts.py 2014-08-10 19:54:08.848933327 +0000 +@@ -20,7 +20,7 @@ + SSH public key which should be allowed to log in to that account. + + If the account does not already exist on the system, it is created and added +-to /etc/sudoers to allow that account to administer the machine without needing ++to %%PREFIX%%/etc/sudoers to allow that account to administer the machine without needing + a password. + """ + +@@ -139,42 +139,42 @@ + return False + + def LockSudoers(self): +- """Create an advisory lock on /etc/sudoers.tmp. ++ """Create an advisory lock on %%PREFIX%%/etc/sudoers.tmp. + + Returns: + True if successful, False if not. + """ + try: +- f = self.os.open('/etc/sudoers.tmp', os.O_EXCL|os.O_CREAT) ++ f = self.os.open('%%PREFIX%%/etc/sudoers.tmp', os.O_EXCL|os.O_CREAT) + self.os.close(f) + return True + except OSError as e: + if e.errno == errno.EEXIST: +- logging.warning('/etc/sudoers.tmp lock file already exists') ++ logging.warning('%%PREFIX%%/etc/sudoers.tmp lock file already exists') + else: +- logging.warning('Could not create /etc/sudoers.tmp lock file: %s', e) ++ logging.warning('Could not create %%PREFIX%%/etc/sudoers.tmp lock file: %s', e) + return False + + def UnlockSudoers(self): +- """Remove the advisory lock on /etc/sudoers.tmp.""" ++ """Remove the advisory lock on %%PREFIX%%/etc/sudoers.tmp.""" + try: +- self.os.unlink('/etc/sudoers.tmp') ++ self.os.unlink('%%PREFIX%%/etc/sudoers.tmp') + return True + except OSError as e: + if e.errno == errno.ENOENT: + return True +- logging.warning('Could not remove /etc/sudoers.tmp: %s', e) ++ logging.warning('Could not remove %%PREFIX%%/etc/sudoers.tmp: %s', e) + return False + + def MakeUserSudoer(self, user): + """Add user to the sudoers file.""" + # If the user has no sudoers file, don't add an entry. +- if not self.os.path.isfile('/etc/sudoers'): +- logging.info('Did not grant admin access to %s. /etc/sudoers not found.', ++ if not self.os.path.isfile('%%PREFIX%%/etc/sudoers'): ++ logging.info('Did not grant admin access to %s. %%PREFIX%%/etc/sudoers not found.', + user) + return + +- with self.system.OpenFile('/etc/sudoers', 'r') as sudoer_f: ++ with self.system.OpenFile('%%PREFIX%%/etc/sudoers', 'r') as sudoer_f: + sudoer_lines = sudoer_f.readlines() + + if IsUserSudoerInLines(user, sudoer_lines): +@@ -184,13 +184,13 @@ + + # Lock sudoers. + if not self.LockSudoers(): +- logging.warning('Did not grant admin access to %s. /etc/sudoers locked.', ++ logging.warning('Did not grant admin access to %s. %%PREFIX%%/etc/sudoers locked.', + user) + return + + try: + # First read in the sudoers file (this time under the lock). +- with self.system.OpenFile('/etc/sudoers', 'r') as sudoer_f: ++ with self.system.OpenFile('%%PREFIX%%/etc/sudoers', 'r') as sudoer_f: + sudoer_lines = sudoer_f.readlines() + + if IsUserSudoerInLines(user, sudoer_lines): +@@ -213,15 +213,15 @@ + 'Did not grant admin access to %s. Sudoers was invalid.', user) + return + +- self.os.chmod('/etc/sudoers', 0640) +- with self.system.OpenFile('/etc/sudoers', 'w') as sudoer_f: ++ self.os.chmod('%%PREFIX%%/etc/sudoers', 0640) ++ with self.system.OpenFile('%%PREFIX%%/etc/sudoers', 'w') as sudoer_f: + sudoer_f.writelines(sudoer_lines) + # Make sure we're still 0640. + self.os.fchmod(sudoer_f.fileno(), stat.S_IWUSR | 0640) + try: + self.os.fchmod(sudoer_f.fileno(), 0440) + except (IOError, OSError) as e: +- logging.warning('Could not restore perms to /etc/sudoers: %s', e) ++ logging.warning('Could not restore perms to %%PREFIX%%/etc/sudoers: %s', e) + finally: + # Clean up the temp file. + try: Added: head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts_manager.py ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts_manager.py Sun Aug 10 23:27:34 2014 (r364582) @@ -0,0 +1,27 @@ +--- ./usr/share/google/google_daemon/accounts_manager.py.orig 2014-08-10 19:54:20.429932607 +0000 ++++ ./usr/share/google/google_daemon/accounts_manager.py 2014-08-10 19:55:06.794964428 +0000 +@@ -1,3 +1,4 @@ ++#!%%PREFIX%%/bin/python + # Copyright 2013 Google Inc. All Rights Reserved. + # + # Licensed under the Apache License, Version 2.0 (the "License"); +@@ -20,7 +21,7 @@ + import pwd + import time + +-LOCKFILE = '/var/lock/manage-accounts.lock' ++LOCKFILE = '/var/run/manage-accounts.lock' + + + class AccountsManager(object): +@@ -95,8 +96,8 @@ + def RegenerateKeysAndUpdateAccounts(self): + """Regenerate the keys and update accounts as needed.""" + logging.debug('RegenerateKeysAndUpdateAccounts') +- if self.system.IsExecutable('/usr/share/google/first-boot'): +- self.system.RunCommand('/usr/share/google/first-boot') ++ if self.system.IsExecutable('%%PREFIX%%/share/google/first-boot'): ++ self.system.RunCommand('%%PREFIX%%/share/google/first-boot') + + self.lock_file.RunExclusively(self.lock_fname, self.UpdateAccounts) + Added: head/net/google-daemon/files/patch-usr__share__google__google_daemon__utils.py ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/google-daemon/files/patch-usr__share__google__google_daemon__utils.py Sun Aug 10 23:27:34 2014 (r364582) @@ -0,0 +1,35 @@ +--- ./usr/share/google/google_daemon/utils.py.orig 2014-08-10 19:54:08.845935081 +0000 ++++ ./usr/share/google/google_daemon/utils.py 2014-08-10 19:54:08.851934272 +0000 +@@ -69,30 +69,14 @@ + def UserAdd(self, user, groups): + logging.info('Creating account %s', user) + +- # We must set the crypto passwd via useradd to '*' to make ssh work +- # on Linux systems without PAM. +- # +- # Unfortunately, there is no spec that I can find that defines how +- # this stuff is used and from the manpage of shadow it says that "!" +- # or "*" or any other invalid crypt can be used. +- # +- # ssh just takes it upon itself to use "!" as its locked account token: +- # https://github.com/openssh/openssh-portable/blob/master/configure.ac#L705 +- # +- # If '!' token is used then it simply denies logins: +- # https://github.com/openssh/openssh-portable/blob/master/auth.c#L151 +- # +- # To solve the issue make the passwd '*' which is also recognized as +- # locked but doesn't prevent ssh logins. + result = self.RunCommand([ +- '/usr/sbin/useradd', user, '-m', '-s', '/bin/bash', '-p', '*', '-G', +- ','.join(groups)]) ++ 'pw', 'useradd', user, '-G', ','.join(groups)]) + if self.RunCommandFailed(result, 'Could not create user %s', user): + return False + return True + + def IsValidSudoersFile(self, filename): +- result = self.RunCommand(['/usr/sbin/visudo', '-c', '-f', filename]) ++ result = self.RunCommand(['%%PREFIX%%/sbin/visudo', '-c', '-f', filename]) + if result[0] != 0: + with self.system.OpenFile(filename, 'r') as f: + contents = f.read() Added: head/net/google-daemon/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/google-daemon/pkg-descr Sun Aug 10 23:27:34 2014 (r364582) @@ -0,0 +1,7 @@ +Google daemon runs in the background and provides the following services: + +- Creates new accounts based on the instance metadata. +- Configures ssh to accept the accounts' public keys from the instance + metadata. + +WWW: https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google-daemon Added: head/net/google-daemon/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/google-daemon/pkg-plist Sun Aug 10 23:27:34 2014 (r364582) @@ -0,0 +1,18 @@ +share/google/google_daemon/accounts.py +share/google/google_daemon/accounts.pyc +share/google/google_daemon/accounts_manager.py +share/google/google_daemon/accounts_manager.pyc +share/google/google_daemon/accounts_manager_daemon.py +share/google/google_daemon/accounts_manager_daemon.pyc +share/google/google_daemon/address_manager.py +share/google/google_daemon/address_manager.pyc +share/google/google_daemon/desired_accounts.py +share/google/google_daemon/desired_accounts.pyc +share/google/google_daemon/manage_accounts.py +share/google/google_daemon/manage_accounts.pyc +share/google/google_daemon/manage_addresses.py +share/google/google_daemon/manage_addresses.pyc +share/google/google_daemon/utils.py +share/google/google_daemon/utils.pyc +@dirrmtry share/google/google_daemon +@dirrmtry share/google
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53e7ffe7.2e06.6baf6b58>