mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 21:11:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #592 from flatcar-linux/marga-kinvolk/gce-image

Browse Source 
Improve Flatcar behavior on GCE when using oslogin
This commit is contained in:
Marga Manterola 2020-09-22 14:41:51 +02:00 committed by GitHub
commit 084608643c
8 changed files with 35 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin vendored
View File

@ -27,3 +27,4 @@ ln -f -s '/usr/share/google-oslogin/pam_sshd' '/etc/pam.d/sshd'
ln -f -s '/usr/share/google-oslogin/nsswitch.conf' '/etc/nsswitch.conf'
ln -f -s '/usr/share/google-oslogin/sshd_config' '/etc/ssh/sshd_config'
ln -f -s '/usr/share/google-oslogin/oslogin-sudoers' '/etc/sudoers.d/oslogin-sudoers'
ln -f -s '/usr/share/google-oslogin/group.conf' '/etc/security/group.conf'

2
sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/files/google-cloud-sdk.sh vendored
View File

@ -1,3 +1,5 @@
#!/bin/sh
alias gcloud="(docker images google/cloud-sdk || docker pull google/cloud-sdk) > /dev/null;docker run -ti --rm --net=host -v $HOME/.config:/root/.config -v /var/run/docker.sock:/var/run/docker.sock google/cloud-sdk gcloud"
alias gsutil="(docker images google/cloud-sdk || docker pull google/cloud-sdk) > /dev/null;docker run -ti --rm --net=host -v $HOME/.config:/root/.config google/cloud-sdk gsutil"
alias python="(docker images python:2-slim || docker pull python:2-slim) > /dev/null;docker run -ti --rm --net=host -v $HOME/.config:/root/.config -v "$PWD":/usr/src/pyapp -w /usr/src/pyapp python:2-slim python"
alias python3="(docker images python:3-slim || docker pull python:3-slim) > /dev/null;docker run -ti --rm --net=host -v $HOME/.config:/root/.config -v "$PWD":/usr/src/pyapp -w /usr/src/pyapp python:3-slim python"

2
sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/Manifest vendored
View File

@ -1 +1 @@
DIST 20180611.tar.gz 143678 SHA256 f71bdc6d01cff014bb4d066096be9a6e067fd3028c730cc4c9557001ec99ab6e SHA512 9e94cdda66f9b45dbb0ade25ce2dabbcc38c96b7c6f94a09bfef80f1611e7fe0233578ccc55f76530dca16f4ee261a22c05ae12b76ce527734be50b856caca3e WHIRLPOOL f37f980686924003570567e77ec1b740a7ce538a03917d01757f2599a595c17f8babd32184ca26b6075df14de1e5da2876f5eb3111141d442c1571e043350b8d
DIST 20200910.00.tar.gz 42599 BLAKE2B 6c2917f03277834e54050e5bf94943dc311c70e3150247b91cee5835b09fb197686788373ab8cdff4f3f8e4baa85dd515bcb22a99530475bd7c3991d1d272ece SHA512 575813becdd7046b9c5813f33aad440737df6d0fa1d9345f8f4340fda4bc348b27860231ed163196cf06609fd3311fe2bbf45486c260c45a0a38795a95f09834

16
sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/0001-pam_module-use-var-lib-instead-of-var.patch vendored
View File

@ -4,14 +4,14 @@ Date: Fri, 6 Jul 2018 15:54:40 -0700
Subject: [PATCH] pam_module: use /var/lib/ instead of /var
---
google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc | 2 +-
google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc | 2 +-
guest-oslogin/src/pam/pam_oslogin_admin.cc | 2 +-
guest-oslogin/src/pam/pam_oslogin_login.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc b/google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc
diff --git a/guest-oslogin/src/pam/pam_oslogin_admin.cc b/guest-oslogin/src/pam/pam_oslogin_admin.cc
index 04d0808..376916e 100644
--- a/google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc
+++ b/google_compute_engine_oslogin/pam_module/pam_oslogin_admin.cc
--- a/guest-oslogin/src/pam/pam_oslogin_admin.cc
+++ b/guest-oslogin/src/pam/pam_oslogin_admin.cc
@@ -36,7 +36,7 @@ using oslogin_utils::ParseJsonToEmail;
using oslogin_utils::UrlEncode;
using oslogin_utils::kMetadataServerUrl;
@ -21,10 +21,10 @@ index 04d0808..376916e 100644
extern "C" {
diff --git a/google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc b/google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc
diff --git a/guest-oslogin/src/pam/pam_oslogin_login.cc b/guest-oslogin/src/pam/pam_oslogin_login.cc
index 9e708f4..428600b 100644
--- a/google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc
+++ b/google_compute_engine_oslogin/pam_module/pam_oslogin_login.cc
--- a/guest-oslogin/src/pam/pam_oslogin_login.cc
+++ b/guest-oslogin/src/pam/pam_oslogin_login.cc
@@ -36,7 +36,7 @@ using oslogin_utils::ParseJsonToEmail;
using oslogin_utils::UrlEncode;
using oslogin_utils::kMetadataServerUrl;

2
sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/group.conf vendored Normal file
View File

@ -0,0 +1,2 @@
# Instruct oslogin to add the docker group to user that login via ssh
sshd;*;*;Al0000-2400;docker

2
sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/nsswitch.conf vendored
View File

@ -2,7 +2,7 @@
# Keep this in sync with nsswitch.conf from coreos/baselayout
passwd: files usrfiles sss systemd cache_oslogin oslogin
shadow: files usrfiles sss
group: files usrfiles sss systemd
group: files usrfiles sss systemd cache_oslogin oslogin
hosts: files usrfiles dns myhostname
networks: files usrfiles dns

11
sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/pam_sshd vendored
View File

@ -1,9 +1,12 @@
# Needed for oslogin support (needs to be prepended)
auth [default=ignore] pam_group.so
auth [success=done perm_denied=die default=ignore] pam_oslogin_login.so
account [success=ok default=ignore] pam_oslogin_admin.so
account [success=ok ignore=ignore default=die] pam_oslogin_login.so
session [success=ok default=ignore] pam_mkhomedir.so
# Keep this file in sync with the net-misc/openssh/files/sshd.pam_include.2
auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login
# Needed for oslogin support
account requisite pam_oslogin_login.so
account optional pam_oslogin_admin.so
session optional pam_mkhomedir.so

22
sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20180611.ebuild → sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00.ebuild vendored
View File

@ -4,8 +4,8 @@
EAPI=6
DESCRIPTION="Components to support Google Cloud OS Login. This contains bits that belong in USR"
HOMEPAGE="https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_oslogin"
SRC_URI="https://github.com/GoogleCloudPlatform/compute-image-packages/archive/${PV}.tar.gz"
HOMEPAGE="https://github.com/GoogleCloudPlatform/guest-oslogin"
SRC_URI="https://github.com/GoogleCloudPlatform/guest-oslogin/archive/${PV}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
@ -22,7 +22,7 @@ DEPEND="
RDEPEND="${DEPEND}"
S=${WORKDIR}/compute-image-packages-${PV}/google_compute_engine_oslogin
S=${WORKDIR}/guest-oslogin-${PV}/
src_prepare() {
eapply -p2 "$FILESDIR/0001-pam_module-use-var-lib-instead-of-var.patch"
@ -30,18 +30,21 @@ src_prepare() {
}
src_compile() {
emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" JSON_INCLUDE_PATH="${ROOT%/}/usr/include/json-c"
emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" \
VERSION=${PV} \
JSON_INCLUDE_PATH="${ROOT%/}/usr/include/json-c"
}
src_install() {
dolib.so libnss_cache_google-compute-engine-oslogin-1.3.0.so
dolib.so libnss_google-compute-engine-oslogin-1.3.0.so
dolib.so src/libnss_cache_oslogin-${PV}.so
dolib.so src/libnss_oslogin-${PV}.so
exeinto /usr/libexec
doexe google_authorized_keys
doexe src/google_authorized_keys
doexe src/google_oslogin_nss_cache
dopammod pam_oslogin_admin.so
dopammod pam_oslogin_login.so
dopammod src/pam_oslogin_admin.so
dopammod src/pam_oslogin_login.so
# config files the base Ignition config will create links to
insinto /usr/share/google-oslogin
@ -49,4 +52,5 @@ src_install() {
doins "${FILESDIR}/nsswitch.conf"
doins "${FILESDIR}/pam_sshd"
doins "${FILESDIR}/oslogin-sudoers"
doins "${FILESDIR}/group.conf"
}