Commit 455ab207 authored by Robin Sonnabend's avatar Robin Sonnabend

Add nginx, make more modular

parent 0d7179f6
Pipeline #573 failed with stage
in 5 minutes and 8 seconds
......@@ -3,6 +3,16 @@ maintainer:
mail: admin@fsmpi.rwth-aachen.de
packages:
- name: adcli
patch_dir: patches/adcli
version: 0.8.2-1.1-fsmpi
changelog: Apply the unreleased upstream-patches, fixing RT#100
additional_content:
- patch_dir: patches/adcli
target_dir: debian
- name: nginx
patch_dir: patches/nginx
changelog: Add libnginx-mod-http-shibboleth
additional_content:
- git_url: "https://github.com/nginx-shib/nginx-http-shibboleth.git"
target_dir: debian/modules
- target_dir: debian
patch_dir: patches/nginx
diff -Naur debian/control debian/control
--- debian/control 2018-03-26 20:56:56.476543112 +0200
+++ debian/control 2018-03-26 21:01:51.812104005 +0200
@@ -71,6 +71,7 @@
Package: nginx-full
Architecture: any
Depends: libnginx-mod-http-auth-pam (= ${binary:Version}),
+ libnginx-mod-http-shibboleth (= ${binary:Version}),
libnginx-mod-http-dav-ext (= ${binary:Version}),
libnginx-mod-http-echo (= ${binary:Version}),
libnginx-mod-http-geoip (= ${binary:Version}),
@@ -142,6 +143,7 @@
Architecture: any
Priority: extra
Depends: libnginx-mod-http-auth-pam (= ${binary:Version}),
+ libnginx-mod-http-shibboleth (= ${binary:Version}),
libnginx-mod-http-cache-purge (= ${binary:Version}),
libnginx-mod-http-dav-ext (= ${binary:Version}),
libnginx-mod-http-echo (= ${binary:Version}),
@@ -259,6 +261,20 @@
The module uses PAM as a backend for simple http authentication. It
also allows setting the pam service name to allow more fine grained control.
+Package: libnginx-mod-http-shibboleth
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: Shibboleth authentication module for Nginx
+ The nginx_http_shibboleth module enables authentication using Shibboleth.
+ .
+ This module allows Nginx to work with Shibboleth, by way of Shibboleth's
+ FastCGI authorizer. This module requires specific configuration in order
+ to work correctly, as well as Shibboleth's FastCGI authorizer application
+ available on the system. It aims to be similar to parts of Apache's
+ mod_shib, though Shibboleth authorisation and authentication settings
+ are configured via shibboleth2.xml rather than in the web server
+ configuration.
+
Package: libnginx-mod-http-lua
Architecture: any
Depends: libnginx-mod-http-ndk (= ${binary:Version}),
diff -Naur debian/libnginx-mod.conf/mod-http-shibboleth.conf debian/libnginx-mod.conf/mod-http-shibboleth.conf
--- debian/libnginx-mod.conf/mod-http-shibboleth.conf 1970-01-01 01:00:00.000000000 +0100
+++ debian/libnginx-mod.conf/mod-http-shibboleth.conf 2018-03-26 21:04:54.131246344 +0200
@@ -0,0 +1 @@
+load_module modules/ngx_http_shibboleth_module.so;
diff -Naur debian/rules debian/rules
--- debian/rules 2018-03-26 20:56:56.604548119 +0200
+++ debian/rules 2018-03-26 21:03:00.054777450 +0200
@@ -13,6 +13,7 @@
FLAVOURS := full light extras
DYN_MODS := \
http-auth-pam \
+ http-shibboleth \
http-cache-purge \
http-dav-ext \
http-echo \
@@ -103,6 +104,7 @@
--with-mail=dynamic \
--with-mail_ssl_module \
--add-dynamic-module=$(MODULESDIR)/nginx-auth-pam \
+ --add-dynamic-module=$(MODULESDIR)/nginx-http-shibboleth \
--add-dynamic-module=$(MODULESDIR)/nginx-dav-ext-module \
--add-dynamic-module=$(MODULESDIR)/nginx-echo \
--add-dynamic-module=$(MODULESDIR)/nginx-upstream-fair \
@@ -128,6 +130,7 @@
--with-stream_ssl_module \
--add-dynamic-module=$(MODULESDIR)/headers-more-nginx-module \
--add-dynamic-module=$(MODULESDIR)/nginx-auth-pam \
+ --add-dynamic-module=$(MODULESDIR)/nginx-http-shibboleth \
--add-dynamic-module=$(MODULESDIR)/nginx-cache-purge \
--add-dynamic-module=$(MODULESDIR)/nginx-dav-ext-module \
--add-dynamic-module=$(MODULESDIR)/nginx-development-kit \
......@@ -34,10 +34,16 @@ def run_checked(command, **kwargs):
print(error.stdout)
print(error.stderr)
raise
def apply_patches(abs_patch_dir):
for patch in sorted(os.listdir(abs_patch_dir)):
patch_file = os.path.join(abs_patch_dir, patch)
run_checked(["quilt", "import", patch_file])
def build_package(repo_dir, package_dir, name,
patch_dir=None, version=None, changelog=None):
patch_dir=None, version=None, changelog=None, additional_content=None):
with tempfile.TemporaryDirectory(dir=os.path.abspath(".")) as tempdir:
os.chdir(tempdir)
result = run_checked(["apt-get", "source", name])
......@@ -57,13 +63,20 @@ def build_package(repo_dir, package_dir, name,
"Extracted package {} is not expected package {}".format(
pkg_name, name))
debian_workdir = os.path.join(tempdir, pkg_dir, "debian")
os.chdir(debian_workdir)
if patch_dir is not None:
abs_patch_dir = os.path.join(repo_dir, patch_dir)
for patch in sorted(os.listdir(abs_patch_dir)):
patch_file = os.path.join(abs_patch_dir, patch)
run_checked(["quilt", "import", patch_file])
workdir = os.path.join(tempdir, pkg_dir)
os.chdir(workdir)
if additional_content is not None:
os.chdir(workdir)
for content in additional_content:
os.chdir(additional_content["target_dir"])
if "patch_dir" in content:
abs_patch_dir = os.path.join(
repo_dir, content["patch_dir"])
apply_patches(abs_patch_dir)
elif "git_url" in content:
run_checked(["git", "clone", content["git_url"]])
command = ["debchange", "--preserve"]
if version is None:
......@@ -113,6 +126,7 @@ def main():
build_package(repo_dir=repo_dir, package_dir=package_dir, **package)
os.chdir(repo_dir)
print(os.listdir(package_dir))
if __name__ == "__main__":
main()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment