From owner-svn-ports-head@freebsd.org  Mon Jan 22 00:14:30 2018
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E0FBDEC389C;
 Mon, 22 Jan 2018 00:14:30 +0000 (UTC)
 (envelope-from ultima@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A9C1E82D35;
 Mon, 22 Jan 2018 00:14:30 +0000 (UTC)
 (envelope-from ultima@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E63BF12CE5;
 Mon, 22 Jan 2018 00:14:29 +0000 (UTC)
 (envelope-from ultima@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w0M0ET2F020576;
 Mon, 22 Jan 2018 00:14:29 GMT (envelope-from ultima@FreeBSD.org)
Received: (from ultima@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w0M0ESgt020564;
 Mon, 22 Jan 2018 00:14:28 GMT (envelope-from ultima@FreeBSD.org)
Message-Id: <201801220014.w0M0ESgt020564@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ultima set sender to
 ultima@FreeBSD.org using -f
From: Richard Gallamore <ultima@FreeBSD.org>
Date: Mon, 22 Jan 2018 00:14:28 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r459632 - in head/sysutils: .
 google-compute-engine-oslogin google-compute-engine-oslogin/files
X-SVN-Group: ports-head
X-SVN-Commit-Author: ultima
X-SVN-Commit-Paths: in head/sysutils: . google-compute-engine-oslogin
 google-compute-engine-oslogin/files
X-SVN-Commit-Revision: 459632
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jan 2018 00:14:31 -0000

Author: ultima
Date: Mon Jan 22 00:14:28 2018
New Revision: 459632
URL: https://svnweb.freebsd.org/changeset/ports/459632

Log:
  This package enables Google Cloud OS Login features on Google Compute Engine
  instances.
  The OS Login package has the following components:
  
  - Authorized Keys Command to fetch SSH keys from the user's OS Login profile and
  make them available to sshd.
  - NSS Module provides support for making OS Login user and group information
  available to the system, using NSS (Name Service Switch) functionality.
  - PAM Module provides authorization and authentication support allowing the
  system to use data stored in Google Cloud IAM permissions to control both, the
  ability to log into an instance, and to perform operations as root (sudo).
  - Utils provides common code to support the components listed above.
  
  In addition to the main components, there are also utilities for packaging and
  installing these components:
  
  - bin contains a shell script for (de)activating the package components.
  
  WWW: https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_oslogin
  
  PR:		225014
  Submitted by:	Helen Koike (maintainer)
  Reviewed by:	mat
  Differential Revision:	https://reviews.freebsd.org/D13811

Added:
  head/sysutils/google-compute-engine-oslogin/
  head/sysutils/google-compute-engine-oslogin/Makefile   (contents, props changed)
  head/sysutils/google-compute-engine-oslogin/distinfo   (contents, props changed)
  head/sysutils/google-compute-engine-oslogin/files/
  head/sysutils/google-compute-engine-oslogin/files/patch-Makefile   (contents, props changed)
  head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control   (contents, props changed)
  head/sysutils/google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc   (contents, props changed)
  head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc   (contents, props changed)
  head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc   (contents, props changed)
  head/sysutils/google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc   (contents, props changed)
  head/sysutils/google-compute-engine-oslogin/pkg-descr   (contents, props changed)
  head/sysutils/google-compute-engine-oslogin/pkg-plist   (contents, props changed)
Modified:
  head/sysutils/Makefile

Modified: head/sysutils/Makefile
==============================================================================
--- head/sysutils/Makefile	Sun Jan 21 22:50:56 2018	(r459631)
+++ head/sysutils/Makefile	Mon Jan 22 00:14:28 2018	(r459632)
@@ -419,6 +419,7 @@
     SUBDIR += gnome-system-monitor
     SUBDIR += gnome_subr
     SUBDIR += goaccess
+    SUBDIR += google-compute-engine-oslogin
     SUBDIR += goss
     SUBDIR += gpart
     SUBDIR += gpte

Added: head/sysutils/google-compute-engine-oslogin/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/Makefile	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,46 @@
+# $FreeBSD$
+
+PORTNAME=	google-compute-engine-oslogin
+DISTVERSION=	1.1.2
+CATEGORIES=	sysutils
+
+MAINTAINER=	helen.koike@collabora.com
+COMMENT=	OS Login Guest Environment for Google Compute Engine
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/../LICENSE
+
+LIB_DEPENDS=	libcurl.so:ftp/curl \
+		libjson-c.so:devel/json-c
+RUN_DEPENDS=	gsed:textproc/gsed \
+		${LOCALBASE}/lib/pam_mkhomedir.so:security/pam_mkhomedir
+
+USES=		gmake
+USE_LDCONFIG=	yes
+USE_GCC=	any
+USE_GITHUB=	yes
+GH_ACCOUNT=	GoogleCloudPlatform
+GH_PROJECT=	compute-image-packages
+GH_TAGNAME=	20171213
+MAKE_ARGS=	JSON_INCLUDE_PATH=${LOCALBASE}/include/json-c \
+		BIN_INSTALL_PATH=/bin \
+		PAM_INSTALL_PATH=/lib \
+		AUTHKEYS_INSTALL_PATH=/bin \
+		NSS_LIBRARY_SONAME=nss_oslogin.so.1
+
+WRKSRC_SUBDIR=	google_compute_engine_oslogin
+
+PLIST_SUB=	DISTVERSION=${DISTVERSION}
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|/etc/sudoers.d|${PREFIX}/etc/sudoers.d|g ; \
+		s|/usr/bin|${PREFIX}/bin|g' ${WRKSRC}/bin/google_oslogin_control
+
+post-install:
+	${LN} -sf libnss_${PORTNAME}-${DISTVERSION}.so ${STAGEDIR}${PREFIX}/lib/nss_oslogin.so.1
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/google_authorized_keys \
+		${STAGEDIR}${PREFIX}/lib/libnss_google-compute-engine-oslogin-${DISTVERSION}.so \
+		${STAGEDIR}${PREFIX}/lib/pam_oslogin_admin.so \
+		${STAGEDIR}${PREFIX}/lib/pam_oslogin_login.so
+
+.include <bsd.port.mk>

Added: head/sysutils/google-compute-engine-oslogin/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/distinfo	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1514471176
+SHA256 (GoogleCloudPlatform-compute-image-packages-1.1.2-20171213_GH0.tar.gz) = 483d97c6d64cd7d9002247db63af8cb591e526a09ce52fd8d545c66da3ebb181
+SIZE (GoogleCloudPlatform-compute-image-packages-1.1.2-20171213_GH0.tar.gz) = 131055

Added: head/sysutils/google-compute-engine-oslogin/files/patch-Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/files/patch-Makefile	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,11 @@
+--- Makefile.orig	2017-12-13 23:47:59 UTC
++++ Makefile
+@@ -15,7 +15,7 @@ AUTHKEYS_INSTALL_PATH = /usr/bin
+ JSON_INCLUDE_PATH = /usr/include/json-c
+ INCLUDE_FLAGS = -I$(JSON_INCLUDE_PATH)
+ 
+-CXX = g++
++CXX ?= g++
+ CXXFLAGS += -fPIC# -Wall
+ PAMFLAGS = $(LDFLAGS) $(INCLUDE_FLAGS) -shared
+ NSSFLAGS = $(LDFLAGS) $(INCLUDE_FLAGS) -shared -Wl,-soname,$(NSS_LIBRARY_SONAME)

Added: head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,51 @@
+--- bin/google_oslogin_control.orig	2017-12-13 23:47:59 UTC
++++ bin/google_oslogin_control
+@@ -65,29 +65,31 @@ overwrite_file() {
+ 
+ remove_from_config() {
+   config=$1
+-  sed -i "/${added_comment}/,+1d" ${config}.new
++  gsed -i "/${added_comment}/,+1d" ${config}.new
+ }
+ 
+ remove_from_nss_config() {
+-  sed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new
++  gsed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new
+ }
+ 
+ add_to_sshd_config() {
+   remove_from_config ${sshd_config}
+-  sed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new
+-  sed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new
++  gsed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new
++  gsed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new
+ }
+ 
+ add_to_nss_config() {
+   remove_from_nss_config
+-  sed -i '/^passwd:/ s/$/ oslogin/' ${nss_config}.new
++  gsed -i '/^passwd:/ s/$/ oslogin/' ${nss_config}.new
++  # Replace compat by files (as compat cannot be used with other sources)
++  gsed -i '/^passwd:/ s/compat/files/' ${nss_config}.new
+ }
+ 
+ add_to_pam_config() {
+   remove_from_config ${pam_config}
+-  sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new
+-  sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new
+-  sed -i "/pam_loginuid.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new
++  gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new
++  gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new
++  gsed -i "/session.*pam_permit.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new
+ }
+ 
+ restart_service() {
+@@ -100,7 +102,7 @@ restart_service() {
+     fi
+   fi
+   if which service > /dev/null 2>&1; then
+-    if service --status-all | grep -Fq ${service}; then
++    if service -e | grep -Fq ${service}; then
+       echo "Restarting ${service}."
+       service ${service} restart
+       return $?

Added: head/sysutils/google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,38 @@
+--- nss_module/nss_oslogin.cc.orig	2017-12-13 23:47:59 UTC
++++ nss_module/nss_oslogin.cc
+@@ -16,6 +16,7 @@
+ #include <errno.h>
+ #include <grp.h>
+ #include <nss.h>
++#include <nsswitch.h>
+ #include <pthread.h>
+ #include <pwd.h>
+ #include <sys/types.h>
+@@ -150,4 +151,27 @@ int _nss_oslogin_getpwent_r(struct passw
+   }
+   return NSS_STATUS_SUCCESS;
+ }
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
++
++static ns_mtab methods[] = {
++    { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, (void*)_nss_oslogin_getpwnam_r },
++    { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, (void*)_nss_oslogin_getpwuid_r },
++    { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, (void*)_nss_oslogin_getpwent_r },
++    { NSDB_PASSWD, "endpwent",   __nss_compat_endpwent,   (void*)_nss_oslogin_endpwent },
++    { NSDB_PASSWD, "setpwent",   __nss_compat_setpwent,   (void*)_nss_oslogin_setpwent },
++};
++
++ns_mtab *
++nss_module_register (const char *name, unsigned int *size,
++                     nss_module_unregister_fn *unregister)
++{
++    *size = sizeof (methods) / sizeof (methods[0]);
++    *unregister = NULL;
++    return (methods);
++}
+ }  // extern "C"

Added: head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,28 @@
+--- pam_module/pam_oslogin_admin.cc.orig	2017-12-13 23:47:59 UTC
++++ pam_module/pam_oslogin_admin.cc
+@@ -14,7 +14,6 @@
+ 
+ #define PAM_SM_ACCOUNT
+ #include <security/pam_appl.h>
+-#include <security/pam_ext.h>
+ #include <security/pam_modules.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+@@ -47,7 +46,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+   int pam_result = PAM_SUCCESS;
+   const char *user_name;
+   if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {
+-    pam_syslog(pamh, LOG_INFO, "Could not get pam user.");
++    syslog(LOG_INFO, "Could not get pam user.");
+     return pam_result;
+   }
+   string str_user_name(user_name);
+@@ -77,7 +76,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+   if (HttpGet(url.str(), &response, &http_code) && http_code == 200 &&
+       ParseJsonToAuthorizeResponse(response)) {
+     if (!file_exists) {
+-      pam_syslog(pamh, LOG_INFO,
++      syslog(LOG_INFO,
+                  "Granting sudo permissions to organization user %s.",
+                  user_name);
+       std::ofstream sudoers_file;

Added: head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,37 @@
+--- pam_module/pam_oslogin_login.cc.orig	2017-12-13 23:47:59 UTC
++++ pam_module/pam_oslogin_login.cc
+@@ -14,7 +14,6 @@
+ 
+ #define PAM_SM_ACCOUNT
+ #include <security/pam_appl.h>
+-#include <security/pam_ext.h>
+ #include <security/pam_modules.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+@@ -45,7 +44,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+   int pam_result = PAM_PERM_DENIED;
+   const char *user_name;
+   if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {
+-    pam_syslog(pamh, LOG_INFO, "Could not get pam user.");
++    syslog(LOG_INFO, "Could not get pam user.");
+     return pam_result;
+   }
+   string str_user_name(user_name);
+@@ -88,7 +87,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+       chown(users_filename.c_str(), 0, 0);
+       chmod(users_filename.c_str(), S_IRUSR | S_IWUSR | S_IRGRP);
+     }
+-    pam_syslog(pamh, LOG_INFO,
++    syslog(LOG_INFO,
+                "Granting login permission for organization user %s.",
+                user_name);
+     pam_result = PAM_SUCCESS;
+@@ -96,7 +95,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+     if (file_exists) {
+       remove(users_filename.c_str());
+     }
+-    pam_syslog(pamh, LOG_INFO,
++    syslog(LOG_INFO,
+                "Denying login permission for organization user %s.", user_name);
+ 
+     pam_result = PAM_PERM_DENIED;

Added: head/sysutils/google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,18 @@
+--- utils/oslogin_utils.cc.orig	2017-12-13 23:47:59 UTC
++++ utils/oslogin_utils.cc
+@@ -218,7 +218,14 @@ bool ValidatePasswd(struct passwd* resul
+     }
+   }
+   if (strlen(result->pw_shell) == 0) {
+-    if (!buf->AppendString("/bin/bash", &result->pw_shell, errnop)) {
++    if (!buf->AppendString("/bin/sh", &result->pw_shell, errnop)) {
++      return false;
++    }
++  }
++
++  // If shell is set to /bin/bash, fallback to /bin/sh
++  if (strcmp(result->pw_shell, "/bin/bash") == 0 ) {
++    if (!buf->AppendString("/bin/sh", &result->pw_shell, errnop)) {
+       return false;
+     }
+   }

Added: head/sysutils/google-compute-engine-oslogin/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/pkg-descr	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,19 @@
+This package enables Google Cloud OS Login features on Google Compute Engine
+instances.
+The OS Login package has the following components:
+
+- Authorized Keys Command to fetch SSH keys from the user's OS Login profile and
+make them available to sshd.
+- NSS Module provides support for making OS Login user and group information
+available to the system, using NSS (Name Service Switch) functionality.
+- PAM Module provides authorization and authentication support allowing the
+system to use data stored in Google Cloud IAM permissions to control both, the
+ability to log into an instance, and to perform operations as root (sudo).
+- Utils provides common code to support the components listed above.
+
+In addition to the main components, there are also utilities for packaging and
+installing these components:
+
+- bin contains a shell script for (de)activating the package components.
+
+WWW: https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_oslogin

Added: head/sysutils/google-compute-engine-oslogin/pkg-plist
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/google-compute-engine-oslogin/pkg-plist	Mon Jan 22 00:14:28 2018	(r459632)
@@ -0,0 +1,6 @@
+bin/google_authorized_keys
+bin/google_oslogin_control
+lib/libnss_google-compute-engine-oslogin-%%DISTVERSION%%.so
+lib/nss_oslogin.so.1
+lib/pam_oslogin_admin.so
+lib/pam_oslogin_login.so