[ARVADOS] updated: 1.3.0-2763-g183f8c6fe
Git user
git at public.arvados.org
Thu Jul 2 14:48:52 UTC 2020
Summary of changes:
apps/workbench/Gemfile.lock | 2 +-
... test-package-python3-arvados-python-client.sh} | 4 +-
...=> test-package-python3-python-arvados-fuse.sh} | 0
...ge-rh-python36-python-arvados-python-client.sh} | 4 +-
build/run-build-packages-one-target.sh | 2 +-
build/run-build-packages.sh | 7 +-
build/run-library.sh | 10 +-
doc/_config.yml | 4 +-
doc/admin/link-accounts.html.textile.liquid | 48 ++++++
doc/api/methods/users.html.textile.liquid | 18 ++
.../install-shell-server.html.textile.liquid | 2 +-
doc/install/install-webshell.html.textile.liquid | 183 +++++++++++++++++++++
doc/user/reference/api-tokens.html.textile.liquid | 2 +-
docker/jobs/Dockerfile | 4 +-
docker/jobs/apt.arvados.org-dev.list | 2 +-
docker/jobs/apt.arvados.org-stable.list | 2 +-
docker/jobs/apt.arvados.org-testing.list | 2 +-
lib/config/config.default.yml | 7 +
lib/config/export.go | 1 +
lib/config/generated_config.go | 7 +
lib/controller/federation.go | 4 +-
lib/controller/federation/federation_test.go | 2 +-
lib/controller/federation_test.go | 1 +
lib/controller/handler.go | 18 +-
lib/controller/handler_test.go | 1 +
lib/controller/localdb/db.go | 116 +++++++++++++
lib/controller/localdb/db_test.go | 98 +++++++++++
lib/controller/localdb/docker_test.go | 68 ++++++++
lib/controller/localdb/login.go | 40 ++++-
lib/controller/localdb/login_ldap_docker_test.go | 10 +-
lib/controller/localdb/login_ldap_docker_test.sh | 5 +
lib/controller/localdb/login_ldap_test.go | 25 ++-
lib/controller/localdb/login_oidc_test.go | 1 -
lib/controller/proxy.go | 4 +-
lib/controller/router/router.go | 108 ++++++------
lib/controller/router/router_test.go | 6 +-
lib/pam/README | 18 ++
lib/pam/docker_test.go | 56 +++++--
.../arv-mount => lib/pam/fpm-info.sh | 2 +-
lib/pam/pam-configs-arvados | 19 +++
lib/pam/pam_arvados.go | 11 +-
lib/recovercollection/cmd.go | 8 +-
sdk/cwl/arvados_cwl/runner.py | 44 ++++-
sdk/cwl/tests/arvados-tests.yml | 9 +-
sdk/cwl/tests/wf-defaults/default-dir4.cwl | 2 +-
.../{default-dir4.cwl => default-dir8.cwl} | 4 +-
sdk/cwl/tests/wf-defaults/wf4.cwl | 2 +-
sdk/cwl/tests/wf-defaults/{wf4.cwl => wf8.cwl} | 4 +-
sdk/go/arvados/client.go | 70 +++++---
sdk/go/arvados/config.go | 1 +
sdk/go/arvados/keep_service.go | 14 +-
sdk/go/arvados/keep_service_test.go | 3 +-
services/api/Gemfile.lock | 2 +-
services/api/lib/fix_roles_projects.rb | 21 ++-
services/api/test/fixtures/links.yml | 14 ++
services/api/test/unit/group_test.rb | 11 ++
services/fuse/fpm-info.sh | 2 +-
services/keep-balance/balance.go | 45 +++--
services/keep-balance/collection.go | 5 +-
services/keep-balance/collection_test.go | 3 +-
services/keep-balance/keep_service.go | 13 +-
61 files changed, 1012 insertions(+), 189 deletions(-)
copy build/package-testing/{test-package-python27-python-arvados-python-client.sh => test-package-python3-arvados-python-client.sh} (57%)
copy build/package-testing/{test-package-python-arvados-fuse.sh => test-package-python3-python-arvados-fuse.sh} (100%)
copy build/package-testing/{test-package-python27-python-arvados-python-client.sh => test-package-rh-python36-python-arvados-python-client.sh} (55%)
create mode 100644 doc/admin/link-accounts.html.textile.liquid
create mode 100644 doc/install/install-webshell.html.textile.liquid
create mode 100644 lib/controller/localdb/db.go
create mode 100644 lib/controller/localdb/db_test.go
create mode 100644 lib/controller/localdb/docker_test.go
create mode 100644 lib/pam/README
copy sdk/cli/test/binstub_arv-mount/arv-mount => lib/pam/fpm-info.sh (76%)
mode change 100755 => 100644
create mode 100644 lib/pam/pam-configs-arvados
copy sdk/cwl/tests/wf-defaults/{default-dir4.cwl => default-dir8.cwl} (87%)
copy sdk/cwl/tests/wf-defaults/{wf4.cwl => wf8.cwl} (86%)
via 183f8c6feeb8d3adbf36a1a4adf122607fb55617 (commit)
via 61d58bb6d4687c0794137700df1ba6aca418a191 (commit)
via e66f567ca467f2dfa576983c503deb98fd35028e (commit)
via 741b677dc5e85f60bc03ef130873e49ac0b75766 (commit)
via 85709a9266b0b70038c8c41a1e109670e1c47cd4 (commit)
via 0999dbe4a8bb91e316dd09ff25a00fcf20309ee4 (commit)
via 0dfee4fdb4671b398c63a7861bf9af1cd1b4794a (commit)
via c2ad835ffbc40e7e061526df7f9b9f6e0c1a83d3 (commit)
via dddfa30b07b2584353df378528f84945faa3ad7f (commit)
via 1dd02237ea4d135154743a1bf1d886949be2c5dd (commit)
via ff22ba71afe839832943099cc1fe273197c45ec7 (commit)
via 34316951a4e4f8439940a7eda5f1b044565f072b (commit)
via f95ac4c11b99daea342be0fba98e66c92d70e54c (commit)
via fe3fc9b1fab74cc494677ede67c8fa7444608364 (commit)
via f344802c8ec0d1e56151d69a25fa16da35788800 (commit)
via 8921a4561cf42d0d44a3676683a9be2b851aad2e (commit)
via 7a2b8cbedd6f97a044c10784a66e2e75f9010cb8 (commit)
via 24f90113a4e701f725229814ce5a36197306d059 (commit)
via 352b09c94caa1cf92972d28f7820276ed0ac84e4 (commit)
via c213ed2822ce1053e9c2f518a57c0126a912083e (commit)
via aeef1b8d7a84047ff93b04afc64ff78e511e21f8 (commit)
via 2c5417221843491727e4e5505012fc115e3bc7b0 (commit)
via 93ef09e180de95718ce7d7db2a4a200539ca4368 (commit)
via cd9f489c71df2b09f5908398c0881e10ad294357 (commit)
via 488ab33f71ffb8d84395c4a749d7be4002a894ff (commit)
via 7ff8f285eb1ff374091e2d8e8e23f36d8b15a775 (commit)
via ded127155c07b22f460bd3ae6cdd943d7f930e38 (commit)
via bda96db7a411b1a16d6111c46f9732379c8c8426 (commit)
via 8a2cfa63d23bc54ae1298f3bdb3c1aaf7c978ef1 (commit)
via 72bac44ada0faa8bf039fb0ffea0f069d7c59310 (commit)
via 233335acf0dcbdc96f9653c0a9b3040d93707ec6 (commit)
via cd3966ee048de85447418f00869eec59b38fd7b2 (commit)
via 32f0ac87cddf0ad953eae8c25d8761b83b038a36 (commit)
via 798129804332041aaf8213b96e5675048bce43f8 (commit)
via 3a6559843024bda72c9a7b0baed3578d8698223d (commit)
via e37223349bd391fdd66bf5d256329e3f6ad70879 (commit)
via 3703e7f4603d7bd2af696f1e1fd39bbf9ee06ae5 (commit)
via 405b13d50e203958968427a2642bc18026a0c227 (commit)
via b96d5caa0056472fe67b82bd5305448d85c7d0cd (commit)
via 3e9830b79c4c43f428b032d33f071434cae454dd (commit)
via fd080b34a321cbd6593d69f427b9eaeab890712f (commit)
via 0d90de4cf2fe4846f0a4ca321e2704e93bdbf80c (commit)
via 2bc1a7a89597ab02aaeef84b82fdc51f8e375b79 (commit)
via 42dc22d84081091e9bb4c1d42ecc0e69ff7bc67a (commit)
from ce3903121eb9645e99f6f6846de421b9af1bb23f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 183f8c6feeb8d3adbf36a1a4adf122607fb55617
Author: Tom Clegg <tom at tomclegg.ca>
Date: Thu Jul 2 10:48:15 2020 -0400
15348: Look up hostname if not provided in config args.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/pam/README b/lib/pam/README
index 243a179e6..aafff23a8 100644
--- a/lib/pam/README
+++ b/lib/pam/README
@@ -1 +1,18 @@
For configuration advice, please refer to https://doc.arvados.org/install/install-webshell.html
+
+Usage (in pam config):
+
+ pam_arvados.so arvados_api_host [my_vm_host_name] ["insecure"] ["debug"]
+
+pam_arvados.so passes authentication if (according to
+arvados_api_host) the supplied PAM token belongs to an Arvados user
+who is allowed to log in to my_vm_host_name with the supplied PAM
+username.
+
+If my_vm_host_name is omitted or "-", the current hostname is used.
+
+"insecure" -- continue even if the TLS certificate presented by
+arvados_api_host fails verification.
+
+"debug" -- enable debug-level log messages in syslog and (when not in
+"silent" mode) on the calling application's stderr.
diff --git a/lib/pam/docker_test.go b/lib/pam/docker_test.go
index 5b1755496..fa16b313b 100644
--- a/lib/pam/docker_test.go
+++ b/lib/pam/docker_test.go
@@ -60,7 +60,6 @@ func (s *DockerSuite) SetUpSuite(c *check.C) {
}
s.proxysrv = &http.Server{Handler: proxy}
go s.proxysrv.ServeTLS(ln, "../../services/api/tmp/self-signed.pem", "../../services/api/tmp/self-signed.key")
- proxyhost := ln.Addr().String()
// Build a pam module to install & configure in the docker
// container.
@@ -70,20 +69,6 @@ func (s *DockerSuite) SetUpSuite(c *check.C) {
err = cmd.Run()
c.Assert(err, check.IsNil)
- // Write a PAM config file that uses our proxy as
- // ARVADOS_API_HOST.
- confdata := fmt.Sprintf(`Name: Arvados authentication
-Default: yes
-Priority: 256
-Auth-Type: Primary
-Auth:
- [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure
-Auth-Initial:
- [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure
-`, proxyhost, proxyhost)
- err = ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755)
- c.Assert(err, check.IsNil)
-
// Build the testclient program that will (from inside the
// docker container) configure the system to use the above PAM
// config, and then try authentication.
@@ -103,9 +88,28 @@ func (s *DockerSuite) TearDownSuite(c *check.C) {
}
}
+func (s *DockerSuite) SetUpTest(c *check.C) {
+ // Write a PAM config file that uses our proxy as
+ // ARVADOS_API_HOST.
+ proxyhost := s.proxyln.Addr().String()
+ confdata := fmt.Sprintf(`Name: Arvados authentication
+Default: yes
+Priority: 256
+Auth-Type: Primary
+Auth:
+ [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure
+Auth-Initial:
+ [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure
+`, proxyhost, proxyhost)
+ err := ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755)
+ c.Assert(err, check.IsNil)
+}
+
func (s *DockerSuite) runTestClient(c *check.C, args ...string) (stdout, stderr *bytes.Buffer, err error) {
+
cmd := exec.Command("docker", append([]string{
"run", "--rm",
+ "--hostname", "testvm2.shell",
"--add-host", "zzzzz.arvadosapi.com:" + s.hostip,
"-v", s.tmpdir + "/pam_arvados.so:/usr/lib/pam_arvados.so:ro",
"-v", s.tmpdir + "/conffile:/usr/share/pam-configs/arvados:ro",
@@ -147,3 +151,23 @@ func (s *DockerSuite) TestFailure(c *check.C) {
c.Check(stderr.String(), check.Matches, `(?ms).*authentication failed.*`)
}
}
+
+func (s *DockerSuite) TestDefaultHostname(c *check.C) {
+ confdata := fmt.Sprintf(`Name: Arvados authentication
+Default: yes
+Priority: 256
+Auth-Type: Primary
+Auth:
+ [success=end default=ignore] /usr/lib/pam_arvados.so %s - insecure debug
+Auth-Initial:
+ [success=end default=ignore] /usr/lib/pam_arvados.so %s - insecure debug
+`, s.proxyln.Addr().String(), s.proxyln.Addr().String())
+ err := ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755)
+ c.Assert(err, check.IsNil)
+
+ stdout, stderr, err := s.runTestClient(c, "try", "active", arvadostest.ActiveTokenV2)
+ c.Check(err, check.IsNil)
+ c.Logf("%s", stderr.String())
+ c.Check(stdout.String(), check.Equals, "")
+ c.Check(stderr.String(), check.Matches, `(?ms).*authentication succeeded.*`)
+}
diff --git a/lib/pam/pam_arvados.go b/lib/pam/pam_arvados.go
index 389033ba9..34b908053 100644
--- a/lib/pam/pam_arvados.go
+++ b/lib/pam/pam_arvados.go
@@ -24,6 +24,7 @@ package main
import (
"io/ioutil"
"log/syslog"
+ "os"
"context"
"errors"
@@ -104,8 +105,16 @@ func authenticate(logger *logrus.Logger, username, token string, argv []string)
logger.Warnf("unkown option: %s\n", arg)
}
}
+ if hostname == "" || hostname == "-" {
+ h, err := os.Hostname()
+ if err != nil {
+ logger.WithError(err).Warnf("cannot get hostname -- try using an explicit hostname in pam config")
+ return fmt.Errorf("cannot get hostname: %w", err)
+ }
+ hostname = h
+ }
logger.Debugf("username=%q arvados_api_host=%q hostname=%q insecure=%t", username, apiHost, hostname, insecure)
- if apiHost == "" || hostname == "" {
+ if apiHost == "" {
logger.Warnf("cannot authenticate: config error: arvados_api_host and hostname must be non-empty")
return errors.New("config error")
}
commit 61d58bb6d4687c0794137700df1ba6aca418a191
Author: Tom Clegg <tom at tomclegg.ca>
Date: Wed Jul 1 15:28:47 2020 -0400
15348: Add README to libpam-arvados-go package.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/build/run-library.sh b/build/run-library.sh
index 1971a33d0..69e752f51 100755
--- a/build/run-library.sh
+++ b/build/run-library.sh
@@ -212,6 +212,9 @@ package_go_so() {
if [[ -e "$WORKSPACE/$src_path/pam-configs-arvados" ]]; then
fpmargs+=("$WORKSPACE/$src_path/pam-configs-arvados=/usr/share/pam-configs/arvados-go")
fi
+ if [[ -e "$WORKSPACE/$src_path/README" ]]; then
+ fpmargs+=("$WORKSPACE/$src_path/README=/usr/share/doc/$pkg/README")
+ fi
fpm_build "$GOPATH/bin/${sofile}=/usr/lib/${sofile}" "${pkg}" dir "${go_package_version}" "${fpmargs[@]}"
}
diff --git a/lib/pam/README b/lib/pam/README
new file mode 100644
index 000000000..243a179e6
--- /dev/null
+++ b/lib/pam/README
@@ -0,0 +1 @@
+For configuration advice, please refer to https://doc.arvados.org/install/install-webshell.html
commit e66f567ca467f2dfa576983c503deb98fd35028e
Author: Tom Clegg <tom at tomclegg.ca>
Date: Wed Jul 1 15:05:28 2020 -0400
15348: Update webshell install docs to use new pam package.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/doc/install/install-webshell.html.textile.liquid b/doc/install/install-webshell.html.textile.liquid
index 4040fcf54..ae6a8d210 100644
--- a/doc/install/install-webshell.html.textile.liquid
+++ b/doc/install/install-webshell.html.textile.liquid
@@ -99,7 +99,7 @@ Note that the location line in the nginx config matches your shell node hostname
For additional shell nodes with @shell-in-a-box@, add @location@ and @upstream@ sections as needed.
-{% assign arvados_component = 'shellinabox libpam-arvados' %}
+{% assign arvados_component = 'shellinabox libpam-arvados-go' %}
{% include 'install_packages' %}
@@ -149,9 +149,8 @@ h2(#config-pam). Configure pam
Use a text editor to create a new file @/etc/pam.d/shellinabox@ with the following configuration. Options that need attention are marked in <span class="userinput">red</span>.
<notextile><pre>
-# This example is a stock debian "login" file with libpam_arvados
-# replacing pam_unix, and the "noprompt" option in use. It can be
-# installed as /etc/pam.d/shellinabox .
+# This example is a stock debian "login" file with pam_arvados
+# replacing pam_unix. It can be installed as /etc/pam.d/shellinabox .
auth optional pam_faildelay.so delay=3000000
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
@@ -160,7 +159,7 @@ session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
-auth [success=1 default=ignore] pam_python.so /usr/lib/security/libpam_arvados.py <span class="userinput">ClusterID.example.com</span> <span class="userinput">shell.ClusterID.example.com</span> noprompt
+auth [success=1 default=ignore] /usr/lib/pam_arvados.so <span class="userinput">ClusterID.example.com</span> <span class="userinput">shell.ClusterID.example.com</span>
auth requisite pam_deny.so
auth required pam_permit.so
commit 741b677dc5e85f60bc03ef130873e49ac0b75766
Merge: 85709a926 dddfa30b0
Author: Tom Clegg <tom at tomclegg.ca>
Date: Wed Jul 1 15:01:38 2020 -0400
15348: Merge branch 'master'
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
commit 85709a9266b0b70038c8c41a1e109670e1c47cd4
Author: Tom Clegg <tom at tomclegg.ca>
Date: Wed Jul 1 14:49:49 2020 -0400
15348: Rename libpam-arvados-experimental -> libpam-arvados-go.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/build/run-build-packages-one-target.sh b/build/run-build-packages-one-target.sh
index f96fb7589..f8816dbe4 100755
--- a/build/run-build-packages-one-target.sh
+++ b/build/run-build-packages-one-target.sh
@@ -209,7 +209,7 @@ if test -z "$packages" ; then
keep-web
libarvados-perl
libpam-arvados
- libpam-arvados-experimental
+ libpam-arvados-go
python-arvados-fuse
python-arvados-python-client
python-arvados-cwl-runner"
diff --git a/build/run-build-packages.sh b/build/run-build-packages.sh
index b5b7f2555..1f855a773 100755
--- a/build/run-build-packages.sh
+++ b/build/run-build-packages.sh
@@ -318,8 +318,8 @@ package_go_binary tools/keep-rsync keep-rsync \
"Copy all data from one set of Keep servers to another"
package_go_binary tools/keep-exercise keep-exercise \
"Performance testing tool for Arvados Keep"
-package_go_so lib/pam pam_arvados.so libpam-arvados-experimental \
- "Arvados PAM authentication module (experimental)"
+package_go_so lib/pam pam_arvados.so libpam-arvados-go \
+ "Arvados PAM authentication module"
# The Python SDK - Should be built first because it's needed by others
fpm_build_virtualenv "arvados-python-client" "sdk/python"
commit 0999dbe4a8bb91e316dd09ff25a00fcf20309ee4
Author: Tom Clegg <tom at tomclegg.ca>
Date: Wed Jul 1 14:48:29 2020 -0400
15348: Use normal (packaged) path in docker test case.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/pam/docker_test.go b/lib/pam/docker_test.go
index eb139f145..5b1755496 100644
--- a/lib/pam/docker_test.go
+++ b/lib/pam/docker_test.go
@@ -77,9 +77,9 @@ Default: yes
Priority: 256
Auth-Type: Primary
Auth:
- [success=end default=ignore] /usr/lib/security/pam_arvados.so %s testvm2.shell insecure
+ [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure
Auth-Initial:
- [success=end default=ignore] /usr/lib/security/pam_arvados.so %s testvm2.shell insecure
+ [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure
`, proxyhost, proxyhost)
err = ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755)
c.Assert(err, check.IsNil)
@@ -107,7 +107,7 @@ func (s *DockerSuite) runTestClient(c *check.C, args ...string) (stdout, stderr
cmd := exec.Command("docker", append([]string{
"run", "--rm",
"--add-host", "zzzzz.arvadosapi.com:" + s.hostip,
- "-v", s.tmpdir + "/pam_arvados.so:/usr/lib/security/pam_arvados.so:ro",
+ "-v", s.tmpdir + "/pam_arvados.so:/usr/lib/pam_arvados.so:ro",
"-v", s.tmpdir + "/conffile:/usr/share/pam-configs/arvados:ro",
"-v", s.tmpdir + "/testclient:/testclient:ro",
"debian:buster",
commit 0dfee4fdb4671b398c63a7861bf9af1cd1b4794a
Author: Tom Clegg <tom at tomclegg.ca>
Date: Wed Jul 1 14:46:02 2020 -0400
15348: Add config example to libpam-arvados package.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/build/run-library.sh b/build/run-library.sh
index ca909d3dc..e14458ad9 100755
--- a/build/run-library.sh
+++ b/build/run-library.sh
@@ -209,6 +209,9 @@ package_go_so() {
"--description=${description}"
"$WORKSPACE/apache-2.0.txt=/usr/share/doc/$pkg/apache-2.0.txt"
)
+ if [[ -e "$WORKSPACE/$src_path/pam-configs-arvados" ]]; then
+ fpmargs+=("$WORKSPACE/$src_path/pam-configs-arvados=/usr/share/pam-configs/arvados-go")
+ fi
fpm_build "$GOPATH/bin/${sofile}=/usr/lib/${sofile}" "${pkg}" dir "${go_package_version}" "${fpmargs[@]}"
}
diff --git a/lib/pam/pam-configs-arvados b/lib/pam/pam-configs-arvados
new file mode 100644
index 000000000..37ed4b86a
--- /dev/null
+++ b/lib/pam/pam-configs-arvados
@@ -0,0 +1,19 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# This file is packaged as /usr/share/pam-configs/arvados-go; see build/run-library.sh
+
+# 1. Run `pam-auth-update` and choose Arvados authentication
+# 2. In /etc/pam.d/common-auth, change "api.example" to your ARVADOS_API_HOST
+# 3. In /etc/pam.d/common-auth, change "shell.example" to this host's hostname
+# (as it appears in the Arvados virtual_machines list)
+
+Name: Arvados authentication
+Default: yes
+Priority: 256
+Auth-Type: Primary
+Auth:
+ [success=end default=ignore] /usr/lib/pam_arvados.so api.example shell.example
+Auth-Initial:
+ [success=end default=ignore] /usr/lib/pam_arvados.so api.example shell.example
commit c2ad835ffbc40e7e061526df7f9b9f6e0c1a83d3
Author: Tom Clegg <tom at tomclegg.ca>
Date: Wed Jul 1 14:23:54 2020 -0400
15348: Add ca-certificates as pam package dependency.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/pam/fpm-info.sh b/lib/pam/fpm-info.sh
new file mode 100644
index 000000000..3366b8e79
--- /dev/null
+++ b/lib/pam/fpm-info.sh
@@ -0,0 +1,5 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+fpm_depends+=(ca-certificates)
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list