[ARVADOS] updated: 1.3.0-2716-g5b991f4a5

Git user git at public.arvados.org
Tue Jun 23 04:56:54 UTC 2020 

Summary of changes:
 build/run-build-packages-one-target.sh |  2 ++
 build/run-build-packages.sh            |  2 ++
 build/run-library.sh                   | 26 +++++++++++++++++++++++++-
 lib/pam/docker_test.go                 |  2 ++
 lib/pam/pam_arvados.go                 | 23 +++++++++++++++++++++--
 5 files changed, 52 insertions(+), 3 deletions(-)

       via  5b991f4a5ebf70a1d80dd0a2c1c802a2e05bca79 (commit)
       via  fc55c79534f539010af1326ab46d250f7f84758e (commit)
      from  a35ec27b40ce3ca0797cdcd8e0a79b2b8896af47 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 5b991f4a5ebf70a1d80dd0a2c1c802a2e05bca79
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Tue Jun 23 00:55:47 2020 -0400

    15348: Add debug flag & installation note.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/lib/pam/docker_test.go b/lib/pam/docker_test.go
index 455d26441..196a45244 100644
--- a/lib/pam/docker_test.go
+++ b/lib/pam/docker_test.go
@@ -119,6 +119,7 @@ func (s *DockerSuite) runTestClient(c *check.C, args ...string) (stdout, stderr
 func (s *DockerSuite) TestSuccess(c *check.C) {
 	stdout, stderr, err := s.runTestClient(c, "try", "active", arvadostest.ActiveTokenV2)
 	c.Check(err, check.IsNil)
+	c.Logf("%s", stderr.String())
 	c.Check(stdout.String(), check.Equals, "")
 	c.Check(stderr.String(), check.Matches, `(?ms).*authentication succeeded.*`)
 }
@@ -136,6 +137,7 @@ func (s *DockerSuite) TestFailure(c *check.C) {
 	} {
 		c.Logf("trial: %s", trial.label)
 		stdout, stderr, err := s.runTestClient(c, "try", trial.username, trial.token)
+		c.Logf("%s", stderr.String())
 		c.Check(err, check.NotNil)
 		c.Check(stdout.String(), check.Equals, "")
 		c.Check(stderr.String(), check.Matches, `(?ms).*authentication failed.*`)
diff --git a/lib/pam/pam_arvados.go b/lib/pam/pam_arvados.go
index ddca355b8..48e0f5048 100644
--- a/lib/pam/pam_arvados.go
+++ b/lib/pam/pam_arvados.go
@@ -2,6 +2,23 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
+// To enable, add an entry in /etc/pam.d/common-auth where pam_unix.so
+// would normally be. Examples:
+//
+// auth [success=1 default=ignore] /usr/lib/pam_arvados.so zzzzz.arvadosapi.com vmhostname.example
+// auth [success=1 default=ignore] /usr/lib/pam_arvados.so zzzzz.arvadosapi.com vmhostname.example insecure debug
+//
+// Replace zzzzz.arvadosapi.com with your controller host or
+// host:port.
+//
+// Replace vmhostname.example with the VM's name as it appears in the
+// Arvados virtual_machine object.
+//
+// Use "insecure" if your API server certificate does not pass name
+// verification.
+//
+// Use "debug" to enable debug log messages.
+
 package main
 
 import (
@@ -65,7 +82,7 @@ func pam_sm_authenticate(pamh *C.pam_handle_t, flags, cArgc C.int, cArgv **C.cha
 	return C.PAM_SUCCESS
 }
 
-func authenticate(logger logrus.FieldLogger, username, token string, argv []string) error {
+func authenticate(logger *logrus.Logger, username, token string, argv []string) error {
 	hostname := ""
 	apiHost := ""
 	insecure := false
@@ -76,6 +93,8 @@ func authenticate(logger logrus.FieldLogger, username, token string, argv []stri
 			hostname = arg
 		} else if arg == "insecure" {
 			insecure = true
+		} else if arg == "debug" {
+			logger.SetLevel(logrus.DebugLevel)
 		} else {
 			logger.Warnf("unkown option: %s\n", arg)
 		}
@@ -117,7 +136,7 @@ func authenticate(logger logrus.FieldLogger, username, token string, argv []stri
 	}
 	var links arvados.LinkList
 	err = arv.RequestAndDecodeContext(ctx, &links, "GET", "arvados/v1/links", nil, arvados.ListOptions{
-		Limit: 10000,
+		Limit: 1,
 		Filters: []arvados.Filter{
 			{"link_class", "=", "permission"},
 			{"name", "=", "can_login"},

commit fc55c79534f539010af1326ab46d250f7f84758e
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Tue Jun 23 00:40:14 2020 -0400

    15348: Add libpam-arvados-experimental package.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/build/run-build-packages-one-target.sh b/build/run-build-packages-one-target.sh
index 1a845d200..f96fb7589 100755
--- a/build/run-build-packages-one-target.sh
+++ b/build/run-build-packages-one-target.sh
@@ -208,6 +208,8 @@ if test -z "$packages" ; then
         keepstore
         keep-web
         libarvados-perl
+        libpam-arvados
+        libpam-arvados-experimental
         python-arvados-fuse
         python-arvados-python-client
         python-arvados-cwl-runner"
diff --git a/build/run-build-packages.sh b/build/run-build-packages.sh
index 3ba1dcc05..1834998f7 100755
--- a/build/run-build-packages.sh
+++ b/build/run-build-packages.sh
@@ -318,6 +318,8 @@ package_go_binary tools/keep-rsync keep-rsync \
     "Copy all data from one set of Keep servers to another"
 package_go_binary tools/keep-exercise keep-exercise \
     "Performance testing tool for Arvados Keep"
+package_go_so lib/pam arvados_pam.so libpam-arvados-experimental \
+    "Arvados PAM authentication module (experimental)"
 
 # The Python SDK - Should be built first because it's needed by others
 fpm_build_virtualenv "arvados-python-client" "sdk/python"
diff --git a/build/run-library.sh b/build/run-library.sh
index b75b6cca7..ca909d3dc 100755
--- a/build/run-library.sh
+++ b/build/run-library.sh
@@ -146,7 +146,7 @@ calculate_go_package_version() {
   __returnvar="$version"
 }
 
-# Usage: package_go_binary services/foo arvados-foo "Compute foo to arbitrary precision"
+# Usage: package_go_binary services/foo arvados-foo "Compute foo to arbitrary precision" [apache-2.0.txt]
 package_go_binary() {
     local src_path="$1"; shift
     local prog="$1"; shift
@@ -188,6 +188,30 @@ package_go_binary() {
     fpm_build "$GOPATH/bin/${basename}=/usr/bin/${prog}" "${prog}" dir "${go_package_version}" "--url=https://arvados.org" "--license=GNU Affero General Public License, version 3.0" "--description=${description}" "${switches[@]}"
 }
 
+# Usage: package_go_so lib/foo arvados_foo.so arvados-foo "Arvados foo library"
+package_go_so() {
+    local src_path="$1"; shift
+    local sofile="$1"; shift
+    local pkg="$1"; shift
+    local description="$1"; shift
+
+    debug_echo "package_go_so $src_path as $pkg"
+
+    calculate_go_package_version go_package_version $src_path
+    cd $WORKSPACE/packages/$TARGET
+    test_package_presence $pkg $go_package_version go || return 1
+    cd $WORKSPACE/$src_path
+    go build -buildmode=c-shared -o ${GOPATH}/bin/${sofile}
+    cd $WORKSPACE/packages/$TARGET
+    local -a fpmargs=(
+        "--url=https://arvados.org"
+        "--license=Apache License, Version 2.0"
+        "--description=${description}"
+        "$WORKSPACE/apache-2.0.txt=/usr/share/doc/$pkg/apache-2.0.txt"
+    )
+    fpm_build "$GOPATH/bin/${sofile}=/usr/lib/${sofile}" "${pkg}" dir "${go_package_version}" "${fpmargs[@]}"
+}
+
 default_iteration() {
     if [[ -n "$ARVADOS_BUILDING_VERSION" ]]; then
         echo "$ARVADOS_BUILDING_ITERATION"

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list