svn commit: r364582 - in head/net: . google-daemon google-daemon/files
Steve Wills
swills at FreeBSD.org
Sun Aug 10 23:27:36 UTC 2014
Author: swills
Date: Sun Aug 10 23:27:34 2014
New Revision: 364582
URL: http://svnweb.freebsd.org/changeset/ports/364582
QAT: https://qat.redports.org/buildarchive/r364582/
Log:
net/google-daemon: add net/google-daemon, user daemon for Google Compute Engine
Google daemon runs in the background and provides the following services:
- Creates new accounts based on the instance metadata.
- Configures ssh to accept the accounts' public keys from the instance metadata.
Added:
head/net/google-daemon/
head/net/google-daemon/Makefile (contents, props changed)
head/net/google-daemon/distinfo (contents, props changed)
head/net/google-daemon/files/
head/net/google-daemon/files/google-accounts-manager.in (contents, props changed)
head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts.py (contents, props changed)
head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts_manager.py (contents, props changed)
head/net/google-daemon/files/patch-usr__share__google__google_daemon__utils.py (contents, props changed)
head/net/google-daemon/pkg-descr (contents, props changed)
head/net/google-daemon/pkg-plist (contents, props changed)
Modified:
head/net/Makefile
Modified: head/net/Makefile
==============================================================================
--- head/net/Makefile Sun Aug 10 22:41:40 2014 (r364581)
+++ head/net/Makefile Sun Aug 10 23:27:34 2014 (r364582)
@@ -167,6 +167,7 @@
SUBDIR += gogoc
SUBDIR += googlecl
SUBDIR += google-cloud-sdk
+ SUBDIR += google-daemon
SUBDIR += gopher
SUBDIR += gotthard
SUBDIR += gpxe
Added: head/net/google-daemon/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/google-daemon/Makefile Sun Aug 10 23:27:34 2014 (r364582)
@@ -0,0 +1,43 @@
+# Created by: Steve Wills <swills at freebsd.org>
+# $FreeBSD$
+
+PORTNAME= google-daemon
+PORTVERSION= 1.1.5
+CATEGORIES= net
+MASTER_SITES= https://github.com/GoogleCloudPlatform/compute-image-packages/archive/${PORTVERSION}.tar.gz?dummy=/
+
+MAINTAINER= swills at freebsd.org
+COMMENT= Google daemon for use with Google Cloud Compute Engine
+
+BUILD_DEPENDS= python:${PORTSDIR}/lang/python
+RUN_DEPENDS= python:${PORTSDIR}/lang/python \
+ sudo:${PORTSDIR}/security/sudo
+
+USES= python shebangfix
+USE_RC_SUBR= google-accounts-manager
+WRKSRC= ${WRKDIR}/compute-image-packages-${PORTVERSION}/${PORTNAME}
+
+SHEBANG_FILES= usr/share/google/google_daemon/accounts.py \
+ usr/share/google/google_daemon/accounts_manager.py \
+ usr/share/google/google_daemon/accounts_manager_daemon.py \
+ usr/share/google/google_daemon/address_manager.py \
+ usr/share/google/google_daemon/desired_accounts.py \
+ usr/share/google/google_daemon/manage_accounts.py \
+ usr/share/google/google_daemon/manage_addresses.py \
+ usr/share/google/google_daemon/utils.py
+
+post-patch:
+ @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \
+ ${WRKSRC}/usr/share/google/google_daemon/accounts.py \
+ ${WRKSRC}/usr/share/google/google_daemon/accounts_manager.py \
+ ${WRKSRC}/usr/share/google/google_daemon/utils.py
+ @${RM} ${WRKSRC}/usr/share/google/google_daemon/*.bak \
+ ${WRKSRC}/usr/share/google/google_daemon/*.orig
+
+do-build:
+ ${PYTHON_CMD} -m compileall ${WRKSRC}/usr/share/google/google_daemon
+
+do-install:
+ cd ${WRKSRC}/usr/share ; ${COPYTREE_BIN} google ${STAGEDIR}${PREFIX}/share
+
+.include <bsd.port.mk>
Added: head/net/google-daemon/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/google-daemon/distinfo Sun Aug 10 23:27:34 2014 (r364582)
@@ -0,0 +1,2 @@
+SHA256 (google-daemon-1.1.5.tar.gz) = 98462e45e53839a93c935f78b4475e7668043c5ac51f5c36e1fe31760cb9d0a1
+SIZE (google-daemon-1.1.5.tar.gz) = 68438
Added: head/net/google-daemon/files/google-accounts-manager.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/google-daemon/files/google-accounts-manager.in Sun Aug 10 23:27:34 2014 (r364582)
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: google-accounts-manager
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following line to /etc/rc.conf to enable google-accounts-manager:
+#
+# google_accounts_manager_enable="YES"
+#
+
+. /etc/rc.subr
+
+name="google_accounts_manager"
+rcvar="google_accounts_manager_enable"
+
+command_interpreter="%%PREFIX%%/bin/python"
+command=%%PREFIX%%/share/google/google_daemon/manage_accounts.py
+pidfile=/var/run/manage_accounts.pid
+command_args=--daemon
+
+google_accounts_manager_enable=${google_accounts_manager_enable:-"NO"}
+
+load_rc_config "${name}"
+run_rc_command "$1"
Added: head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts.py
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts.py Sun Aug 10 23:27:34 2014 (r364582)
@@ -0,0 +1,99 @@
+--- ./usr/share/google/google_daemon/accounts.py.orig 2014-08-10 19:54:08.843933565 +0000
++++ ./usr/share/google/google_daemon/accounts.py 2014-08-10 19:54:08.848933327 +0000
+@@ -20,7 +20,7 @@
+ SSH public key which should be allowed to log in to that account.
+
+ If the account does not already exist on the system, it is created and added
+-to /etc/sudoers to allow that account to administer the machine without needing
++to %%PREFIX%%/etc/sudoers to allow that account to administer the machine without needing
+ a password.
+ """
+
+@@ -139,42 +139,42 @@
+ return False
+
+ def LockSudoers(self):
+- """Create an advisory lock on /etc/sudoers.tmp.
++ """Create an advisory lock on %%PREFIX%%/etc/sudoers.tmp.
+
+ Returns:
+ True if successful, False if not.
+ """
+ try:
+- f = self.os.open('/etc/sudoers.tmp', os.O_EXCL|os.O_CREAT)
++ f = self.os.open('%%PREFIX%%/etc/sudoers.tmp', os.O_EXCL|os.O_CREAT)
+ self.os.close(f)
+ return True
+ except OSError as e:
+ if e.errno == errno.EEXIST:
+- logging.warning('/etc/sudoers.tmp lock file already exists')
++ logging.warning('%%PREFIX%%/etc/sudoers.tmp lock file already exists')
+ else:
+- logging.warning('Could not create /etc/sudoers.tmp lock file: %s', e)
++ logging.warning('Could not create %%PREFIX%%/etc/sudoers.tmp lock file: %s', e)
+ return False
+
+ def UnlockSudoers(self):
+- """Remove the advisory lock on /etc/sudoers.tmp."""
++ """Remove the advisory lock on %%PREFIX%%/etc/sudoers.tmp."""
+ try:
+- self.os.unlink('/etc/sudoers.tmp')
++ self.os.unlink('%%PREFIX%%/etc/sudoers.tmp')
+ return True
+ except OSError as e:
+ if e.errno == errno.ENOENT:
+ return True
+- logging.warning('Could not remove /etc/sudoers.tmp: %s', e)
++ logging.warning('Could not remove %%PREFIX%%/etc/sudoers.tmp: %s', e)
+ return False
+
+ def MakeUserSudoer(self, user):
+ """Add user to the sudoers file."""
+ # If the user has no sudoers file, don't add an entry.
+- if not self.os.path.isfile('/etc/sudoers'):
+- logging.info('Did not grant admin access to %s. /etc/sudoers not found.',
++ if not self.os.path.isfile('%%PREFIX%%/etc/sudoers'):
++ logging.info('Did not grant admin access to %s. %%PREFIX%%/etc/sudoers not found.',
+ user)
+ return
+
+- with self.system.OpenFile('/etc/sudoers', 'r') as sudoer_f:
++ with self.system.OpenFile('%%PREFIX%%/etc/sudoers', 'r') as sudoer_f:
+ sudoer_lines = sudoer_f.readlines()
+
+ if IsUserSudoerInLines(user, sudoer_lines):
+@@ -184,13 +184,13 @@
+
+ # Lock sudoers.
+ if not self.LockSudoers():
+- logging.warning('Did not grant admin access to %s. /etc/sudoers locked.',
++ logging.warning('Did not grant admin access to %s. %%PREFIX%%/etc/sudoers locked.',
+ user)
+ return
+
+ try:
+ # First read in the sudoers file (this time under the lock).
+- with self.system.OpenFile('/etc/sudoers', 'r') as sudoer_f:
++ with self.system.OpenFile('%%PREFIX%%/etc/sudoers', 'r') as sudoer_f:
+ sudoer_lines = sudoer_f.readlines()
+
+ if IsUserSudoerInLines(user, sudoer_lines):
+@@ -213,15 +213,15 @@
+ 'Did not grant admin access to %s. Sudoers was invalid.', user)
+ return
+
+- self.os.chmod('/etc/sudoers', 0640)
+- with self.system.OpenFile('/etc/sudoers', 'w') as sudoer_f:
++ self.os.chmod('%%PREFIX%%/etc/sudoers', 0640)
++ with self.system.OpenFile('%%PREFIX%%/etc/sudoers', 'w') as sudoer_f:
+ sudoer_f.writelines(sudoer_lines)
+ # Make sure we're still 0640.
+ self.os.fchmod(sudoer_f.fileno(), stat.S_IWUSR | 0640)
+ try:
+ self.os.fchmod(sudoer_f.fileno(), 0440)
+ except (IOError, OSError) as e:
+- logging.warning('Could not restore perms to /etc/sudoers: %s', e)
++ logging.warning('Could not restore perms to %%PREFIX%%/etc/sudoers: %s', e)
+ finally:
+ # Clean up the temp file.
+ try:
Added: head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts_manager.py
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/google-daemon/files/patch-usr__share__google__google_daemon__accounts_manager.py Sun Aug 10 23:27:34 2014 (r364582)
@@ -0,0 +1,27 @@
+--- ./usr/share/google/google_daemon/accounts_manager.py.orig 2014-08-10 19:54:20.429932607 +0000
++++ ./usr/share/google/google_daemon/accounts_manager.py 2014-08-10 19:55:06.794964428 +0000
+@@ -1,3 +1,4 @@
++#!%%PREFIX%%/bin/python
+ # Copyright 2013 Google Inc. All Rights Reserved.
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+@@ -20,7 +21,7 @@
+ import pwd
+ import time
+
+-LOCKFILE = '/var/lock/manage-accounts.lock'
++LOCKFILE = '/var/run/manage-accounts.lock'
+
+
+ class AccountsManager(object):
+@@ -95,8 +96,8 @@
+ def RegenerateKeysAndUpdateAccounts(self):
+ """Regenerate the keys and update accounts as needed."""
+ logging.debug('RegenerateKeysAndUpdateAccounts')
+- if self.system.IsExecutable('/usr/share/google/first-boot'):
+- self.system.RunCommand('/usr/share/google/first-boot')
++ if self.system.IsExecutable('%%PREFIX%%/share/google/first-boot'):
++ self.system.RunCommand('%%PREFIX%%/share/google/first-boot')
+
+ self.lock_file.RunExclusively(self.lock_fname, self.UpdateAccounts)
+
Added: head/net/google-daemon/files/patch-usr__share__google__google_daemon__utils.py
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/google-daemon/files/patch-usr__share__google__google_daemon__utils.py Sun Aug 10 23:27:34 2014 (r364582)
@@ -0,0 +1,35 @@
+--- ./usr/share/google/google_daemon/utils.py.orig 2014-08-10 19:54:08.845935081 +0000
++++ ./usr/share/google/google_daemon/utils.py 2014-08-10 19:54:08.851934272 +0000
+@@ -69,30 +69,14 @@
+ def UserAdd(self, user, groups):
+ logging.info('Creating account %s', user)
+
+- # We must set the crypto passwd via useradd to '*' to make ssh work
+- # on Linux systems without PAM.
+- #
+- # Unfortunately, there is no spec that I can find that defines how
+- # this stuff is used and from the manpage of shadow it says that "!"
+- # or "*" or any other invalid crypt can be used.
+- #
+- # ssh just takes it upon itself to use "!" as its locked account token:
+- # https://github.com/openssh/openssh-portable/blob/master/configure.ac#L705
+- #
+- # If '!' token is used then it simply denies logins:
+- # https://github.com/openssh/openssh-portable/blob/master/auth.c#L151
+- #
+- # To solve the issue make the passwd '*' which is also recognized as
+- # locked but doesn't prevent ssh logins.
+ result = self.RunCommand([
+- '/usr/sbin/useradd', user, '-m', '-s', '/bin/bash', '-p', '*', '-G',
+- ','.join(groups)])
++ 'pw', 'useradd', user, '-G', ','.join(groups)])
+ if self.RunCommandFailed(result, 'Could not create user %s', user):
+ return False
+ return True
+
+ def IsValidSudoersFile(self, filename):
+- result = self.RunCommand(['/usr/sbin/visudo', '-c', '-f', filename])
++ result = self.RunCommand(['%%PREFIX%%/sbin/visudo', '-c', '-f', filename])
+ if result[0] != 0:
+ with self.system.OpenFile(filename, 'r') as f:
+ contents = f.read()
Added: head/net/google-daemon/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/google-daemon/pkg-descr Sun Aug 10 23:27:34 2014 (r364582)
@@ -0,0 +1,7 @@
+Google daemon runs in the background and provides the following services:
+
+- Creates new accounts based on the instance metadata.
+- Configures ssh to accept the accounts' public keys from the instance
+ metadata.
+
+WWW: https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google-daemon
Added: head/net/google-daemon/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/google-daemon/pkg-plist Sun Aug 10 23:27:34 2014 (r364582)
@@ -0,0 +1,18 @@
+share/google/google_daemon/accounts.py
+share/google/google_daemon/accounts.pyc
+share/google/google_daemon/accounts_manager.py
+share/google/google_daemon/accounts_manager.pyc
+share/google/google_daemon/accounts_manager_daemon.py
+share/google/google_daemon/accounts_manager_daemon.pyc
+share/google/google_daemon/address_manager.py
+share/google/google_daemon/address_manager.pyc
+share/google/google_daemon/desired_accounts.py
+share/google/google_daemon/desired_accounts.pyc
+share/google/google_daemon/manage_accounts.py
+share/google/google_daemon/manage_accounts.pyc
+share/google/google_daemon/manage_addresses.py
+share/google/google_daemon/manage_addresses.pyc
+share/google/google_daemon/utils.py
+share/google/google_daemon/utils.pyc
+ at dirrmtry share/google/google_daemon
+ at dirrmtry share/google
More information about the svn-ports-head
mailing list