Add nginx, make more modular

packages.yml

@@ -3,6 +3,16 @@ maintainer:
   mail: admin@fsmpi.rwth-aachen.de
 packages:
   - name: adcli
-    patch_dir: patches/adcli
     version: 0.8.2-1.1-fsmpi
     changelog: Apply the unreleased upstream-patches, fixing RT#100
+    additional_content:
+      - patch_dir: patches/adcli
+        target_dir: debian
+  - name: nginx
+    patch_dir: patches/nginx
+    changelog: Add libnginx-mod-http-shibboleth
+    additional_content:
+      - git_url: "https://github.com/nginx-shib/nginx-http-shibboleth.git"
+        target_dir: debian/modules
+      - target_dir: debian
+        patch_dir: patches/nginx

patches/nginx/00-add-module.patch

+diff -Naur debian/control debian/control
+--- debian/control	2018-03-26 20:56:56.476543112 +0200
++++ debian/control	2018-03-26 21:01:51.812104005 +0200
+@@ -71,6 +71,7 @@
+ Package: nginx-full
+ Architecture: any
+ Depends: libnginx-mod-http-auth-pam (= ${binary:Version}),
++         libnginx-mod-http-shibboleth (= ${binary:Version}),
+          libnginx-mod-http-dav-ext (= ${binary:Version}),
+          libnginx-mod-http-echo (= ${binary:Version}),
+          libnginx-mod-http-geoip (= ${binary:Version}),
+@@ -142,6 +143,7 @@
+ Architecture: any
+ Priority: extra
+ Depends: libnginx-mod-http-auth-pam (= ${binary:Version}),
++         libnginx-mod-http-shibboleth (= ${binary:Version}),
+          libnginx-mod-http-cache-purge (= ${binary:Version}),
+          libnginx-mod-http-dav-ext (= ${binary:Version}),
+          libnginx-mod-http-echo (= ${binary:Version}),
+@@ -259,6 +261,20 @@
+  The module uses PAM as a backend for simple http authentication. It
+  also allows setting the pam service name to allow more fine grained control.
+ 
++Package: libnginx-mod-http-shibboleth
++Architecture: any
++Depends: ${misc:Depends}, ${shlibs:Depends}
++Description: Shibboleth authentication module for Nginx
++ The nginx_http_shibboleth module enables authentication using Shibboleth.
++ .
++ This module allows Nginx to work with Shibboleth, by way of Shibboleth's
++ FastCGI authorizer. This module requires specific configuration in order
++ to work correctly, as well as Shibboleth's FastCGI authorizer application
++ available on the system. It aims to be similar to parts of Apache's
++ mod_shib, though Shibboleth authorisation and authentication settings
++ are configured via shibboleth2.xml rather than in the web server
++ configuration.
++
+ Package: libnginx-mod-http-lua
+ Architecture: any
+ Depends: libnginx-mod-http-ndk (= ${binary:Version}),
+diff -Naur debian/libnginx-mod.conf/mod-http-shibboleth.conf debian/libnginx-mod.conf/mod-http-shibboleth.conf
+--- debian/libnginx-mod.conf/mod-http-shibboleth.conf	1970-01-01 01:00:00.000000000 +0100
++++ debian/libnginx-mod.conf/mod-http-shibboleth.conf	2018-03-26 21:04:54.131246344 +0200
+@@ -0,0 +1 @@
++load_module modules/ngx_http_shibboleth_module.so;
+diff -Naur debian/rules debian/rules
+--- debian/rules	2018-03-26 20:56:56.604548119 +0200
++++ debian/rules	2018-03-26 21:03:00.054777450 +0200
+@@ -13,6 +13,7 @@
+ FLAVOURS := full light extras
+ DYN_MODS := \
+ 	http-auth-pam \
++	http-shibboleth \
+ 	http-cache-purge \
+ 	http-dav-ext \
+ 	http-echo \
+@@ -103,6 +104,7 @@
+ 			--with-mail=dynamic \
+ 			--with-mail_ssl_module \
+ 			--add-dynamic-module=$(MODULESDIR)/nginx-auth-pam \
++			--add-dynamic-module=$(MODULESDIR)/nginx-http-shibboleth \
+ 			--add-dynamic-module=$(MODULESDIR)/nginx-dav-ext-module \
+ 			--add-dynamic-module=$(MODULESDIR)/nginx-echo \
+ 			--add-dynamic-module=$(MODULESDIR)/nginx-upstream-fair \
+@@ -128,6 +130,7 @@
+ 			--with-stream_ssl_module \
+ 			--add-dynamic-module=$(MODULESDIR)/headers-more-nginx-module \
+ 			--add-dynamic-module=$(MODULESDIR)/nginx-auth-pam \
++			--add-dynamic-module=$(MODULESDIR)/nginx-http-shibboleth \
+ 			--add-dynamic-module=$(MODULESDIR)/nginx-cache-purge \
+ 			--add-dynamic-module=$(MODULESDIR)/nginx-dav-ext-module \
+ 			--add-dynamic-module=$(MODULESDIR)/nginx-development-kit \

scripts/build.py

@@ -36,8 +36,14 @@ def run_checked(command, **kwargs):
         raise
 
 
+def apply_patches(abs_patch_dir):
+    for patch in sorted(os.listdir(abs_patch_dir)):
+        patch_file = os.path.join(abs_patch_dir, patch)
+        run_checked(["quilt", "import", patch_file])
+
+
 def build_package(repo_dir, package_dir, name,
-        patch_dir=None, version=None, changelog=None):
+        patch_dir=None, version=None, changelog=None, additional_content=None):
     with tempfile.TemporaryDirectory(dir=os.path.abspath(".")) as tempdir:
         os.chdir(tempdir)
         result = run_checked(["apt-get", "source", name])
@@ -57,13 +63,20 @@ def build_package(repo_dir, package_dir, name,
                 "Extracted package {} is not expected package {}".format(
                     pkg_name, name))
 
-        debian_workdir = os.path.join(tempdir, pkg_dir, "debian")
-        os.chdir(debian_workdir)
-        if patch_dir is not None:
-            abs_patch_dir = os.path.join(repo_dir, patch_dir)
-            for patch in sorted(os.listdir(abs_patch_dir)):
-                patch_file = os.path.join(abs_patch_dir, patch)
-                run_checked(["quilt", "import", patch_file])
+        workdir = os.path.join(tempdir, pkg_dir)
+        os.chdir(workdir)
+
+        if additional_content is not None:
+            os.chdir(workdir)
+            for content in additional_content:
+                os.chdir(additional_content["target_dir"])
+                if "patch_dir" in content:
+                    abs_patch_dir = os.path.join(
+                        repo_dir, content["patch_dir"])
+                    apply_patches(abs_patch_dir)
+                elif "git_url" in content:
+                    run_checked(["git", "clone", content["git_url"]])
+
 
         command = ["debchange", "--preserve"]
         if version is None:
@@ -113,6 +126,7 @@ def main():
         build_package(repo_dir=repo_dir, package_dir=package_dir, **package)
         os.chdir(repo_dir)
 
+    print(os.listdir(package_dir))
 
 if __name__ == "__main__":
     main()