Code Review / pti / rtp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
pam-config: add pam_deny module for password
[pti/rtp.git] / meta-stx / recipes-core / stx-config-files / config-files_1.0.0.bb
diff --git a/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb b/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb
index da6e623..82d1092 100644 (file)
--- a/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb
+++ b/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb
@@ -49,9 +49,10 @@ SRC_URI = " \
        file://util-linux-pam-postlogin.patch \
        file://syslog-ng-config-parse-err.patch \
        file://syslog-ng-config-systemd-service.patch \
-       file://syslog-ng-conf-fix-the-source.patch \
        file://syslog-ng-conf-replace-match-with-message.patch \
        file://lighttpd-init-script-chroot.patch \
+       file://nfsserver-remvoe-the-f-option-for-rpc.mountd.patch \
+       file://nfsserver.service-add-dependency-on-rpcbind.service.patch \
        "
 
 do_configure () {
@@ -69,7 +70,6 @@ do_install () {
                tar -c $f -f - | tar -C ${D}/${datadir}/starlingx/config-files -xf -;
        done
        find ${D}/${datadir}/starlingx/config-files -name centos -exec rm -rf {} +
-       rm -rf ${D}/${datadir}/starlingx/config-files/centos-release-config 
        chown -R root:root ${D}/${datadir}/starlingx/config-files/
 
        # For io-scheduler-config
@@ -80,6 +80,7 @@ do_install () {
 
 PACKAGES ?= ""
 PACKAGES += "audit-config"
+PACKAGES += "centos-release-config"
 PACKAGES += "dhclient-config"
 PACKAGES += "dnsmasq-config"
 PACKAGES += "docker-config"
@@ -111,6 +112,7 @@ PACKAGES += "util-linux-config"
 
 FILES_${PN} = ""
 FILES_audit-config = "${datadir}/starlingx/config-files/audit-config/"
+FILES_centos-release-config = "${datadir}/starlingx/config-files/centos-release-config/"
 FILES_dhclient-config = "${datadir}/starlingx/config-files/dhcp-config/"
 FILES_dnsmasq-config = "${datadir}/starlingx/config-files/dnsmasq-config/"
 FILES_docker-config = "${datadir}/starlingx/config-files/docker-config/"
@@ -146,7 +148,7 @@ RDEPENDS_audit-config += " \
        audit-python \
        "
 RDEPENDS_dhclient-config += "dhcp-client"
-RDEPENDS_dnsmasq-config += ""
+RDEPENDS_dnsmasq-config += "dnsmasq"
 RDEPENDS_docker-config += "docker-ce logrotate "
 RDEPENDS_initscripts-config += "initscripts"
 RDEPENDS_filesystem-scripts += ""
@@ -250,6 +252,13 @@ pkg_postinst_ontarget_audit-config() {
        chmod 640 ${sysconfdir}/audisp/plugins.d/syslog.conf
 }
 
+pkg_postinst_centos-release-config() {
+        sed 's/@PLATFORM_RELEASE@/${ORAN_REL}/' $D${datadir}/starlingx/config-files/centos-release-config/files/issue >> $D${sysconfdir}/issue
+        sed 's/@PLATFORM_RELEASE@/${ORAN_REL}/' $D${datadir}/starlingx/config-files/centos-release-config/files/issue.net >> $D${sysconfdir}/issue.net
+        chmod 644 $D${sysconfdir}/issue
+        chmod 644 $D${sysconfdir}/issue.net
+}
+
 pkg_postinst_ontarget_dhclient-config() {
        SRCPATH=${datadir}/starlingx/config-files/dhcp-config/files
        install -m 0755 -p ${SRCPATH}/dhclient-enter-hooks ${sysconfdir}/dhcp/dhclient-enter-hooks
@@ -432,36 +441,39 @@ pkg_postinst_ontarget_net-snmp-config() {
 }
 
 
-pkg_postinst_ontarget_nfs-utils-config() {
+pkg_postinst_nfs-utils-config() {
 #      %description
 #      package customized configuration and service files of nfs-utils to system folder.
 
 
-       SRCPATH=${datadir}/starlingx/config-files/nfs-utils-config/files
+       SRCPATH=$D${datadir}/starlingx/config-files/nfs-utils-config/files
        
 
-       install -m 755 -p -D ${SRCPATH}/nfscommon               ${sysconfdir}/init.d
-       install -m 644 -p -D ${SRCPATH}/nfscommon.service       ${systemd_system_unitdir}/
-       install -m 755 -p -D ${SRCPATH}/nfsserver               ${sysconfdir}/init.d
-       install -m 644 -p -D ${SRCPATH}/nfsserver.service       ${systemd_system_unitdir}
-       install -m 644 -p -D ${SRCPATH}/nfsmount.conf           ${datadir}/starlingx/stx.nfsmount.conf
+       install -m 755 -p -D ${SRCPATH}/nfscommon               $D${sysconfdir}/init.d
+       install -m 644 -p -D ${SRCPATH}/nfscommon.service       $D${systemd_system_unitdir}/
+       install -m 755 -p -D ${SRCPATH}/nfsserver               $D${sysconfdir}/init.d
+       install -m 644 -p -D ${SRCPATH}/nfsserver.service       $D${systemd_system_unitdir}
+       install -m 644 -p -D ${SRCPATH}/nfsmount.conf           $D${datadir}/starlingx/stx.nfsmount.conf
        
-       cp -f ${datadir}/starlingx/stx.nfsmount.conf ${sysconfdir}/nfsmount.conf
-       chmod 644 ${sysconfdir}/nfsmount.conf
+       cp -f $D${datadir}/starlingx/stx.nfsmount.conf $D${sysconfdir}/nfsmount.conf
+       chmod 644 $D${sysconfdir}/nfsmount.conf
 
-       # STX - disable these service files as rpc-statd is started by nfscommon
-       /bin/systemctl disable rpc-statd.service
-       /bin/systemctl disable rpc-statd-notify.service
-       /bin/systemctl disable nfs-lock.service
-       /bin/systemctl disable nfslock.service 
-
-       /bin/systemctl enable nfscommon.service  >/dev/null 2>&1 || :
-       /bin/systemctl enable nfsserver.service  >/dev/null 2>&1 || :
+       # enable nfs services by default
+       OPTS=""
+       if [ -n "$D" ]; then
+               OPTS="--root=$D"
+       fi
+       if [ -z "$D" ]; then
+               systemctl daemon-reload
+       fi
 
-       # For now skiping the preun rule
-       #/bin/systemctl disable nfscommon.service >/dev/null 2>&1 || :
-       #/bin/systemctl disable nfsserver.service >/dev/null 2>&1 || :
+       systemctl $OPTS enable nfscommon.service
+       systemctl $OPTS enable nfsserver.service
 
+       if [ -z "$D" ]; then
+               systemctl --no-block restart nfscommon.service
+               systemctl --no-block restart nfsserver.service
+       fi
 }
 
 pkg_postinst_ontarget_ntp-config() {
@@ -499,27 +511,43 @@ pkg_postinst_ontarget_openldap-config() {
        chmod 644 ${systemd_system_unitdir}/slapd
 }
 
-pkg_postinst_ontarget_openssh-config() {
+pkg_postinst_openssh-config() {
 #      %description
 #      package StarlingX configuration files of openssh to system folder.
 
 
-       SRCPATH=${datadir}/starlingx/config-files/openssh-config/files
+       SRCPATH=$D${datadir}/starlingx/config-files/openssh-config/files
 
-       install -m 644 ${SRCPATH}/sshd.service  ${sysconfdir}/systemd/system/sshd.service
-       install -m 644 ${SRCPATH}/ssh_config    ${datadir}/starlingx/ssh_config
-       install -m 600 ${SRCPATH}/sshd_config   ${datadir}/starlingx/sshd_config
+       install -m 644 ${SRCPATH}/sshd.service  $D${sysconfdir}/systemd/system/sshd.service
+       install -m 644 ${SRCPATH}/ssh_config    $D${datadir}/starlingx/ssh_config
+       install -m 600 ${SRCPATH}/sshd_config   $D${datadir}/starlingx/sshd_config
 
        # remove the unsupported and deprecated options
        sed -i -e 's/^\(GSSAPIAuthentication.*\)/#\1/' \
               -e 's/^\(GSSAPICleanupCredentials.*\)/#\1/' \
               -e 's/^\(UsePrivilegeSeparation.*\)/#\1/' \
-              ${datadir}/starlingx/sshd_config
+              $D${datadir}/starlingx/sshd_config
 
-       sed -i -e 's/\(GSSAPIAuthentication yes\)/#\1/' ${datadir}/starlingx/ssh_config
+       sed -i -e 's/\(GSSAPIAuthentication yes\)/#\1/' $D${datadir}/starlingx/ssh_config
        
-       cp -f ${datadir}/starlingx/ssh_config  ${sysconfdir}/ssh/ssh_config
-       cp -f ${datadir}/starlingx/sshd_config ${sysconfdir}/ssh/sshd_config
+       cp -f $D${datadir}/starlingx/ssh_config  $D${sysconfdir}/ssh/ssh_config
+       cp -f $D${datadir}/starlingx/sshd_config $D${sysconfdir}/ssh/sshd_config
+
+       # enable sshd service by default
+       OPTS=""
+       if [ -n "$D" ]; then
+               OPTS="--root=$D"
+       fi
+       if [ -z "$D" ]; then
+               systemctl daemon-reload
+       fi
+
+       systemctl $OPTS enable sshd.service
+
+       if [ -z "$D" ]; then
+               systemctl --no-block restart sshd.service
+       fi
+
 }
 
 pkg_postinst_ontarget_openvswitch-config() {
@@ -552,6 +580,9 @@ pkg_postinst_ontarget_pam-config() {
        
        cp -f ${datadir}/starlingx/stx.system-auth ${sysconfdir}/pam.d/system-auth
        cp -f ${datadir}/starlingx/sshd.pam    ${sysconfdir}/pam.d/sshd
+
+       sed -i -e '/password .*pam_ldap.so/,/session .*revoke/ s/^$/password required pam_deny.so\n/g' \
+               ${sysconfdir}/pam.d/system-auth
 }
 
 pkg_postinst_ontarget_rabbitmq-server-config() {
@@ -663,15 +694,6 @@ pkg_postinst_syslog-ng-config() {
        if [ -z "$D" ]; then
                systemctl --no-block restart syslog-ng.service
        fi
-
-# TODO
-#preun:
-#      %systemd_preun syslog-ng.service 
-#postun:
-#      ldconfig
-#      %systemd_postun_with_restart syslog-ng.service 
-#      systemctl daemon-reload 2>&1 || :
-#      systemctl try-restart 
 }
 
 pkg_postinst_ontarget_systemd-config() {
Performance Tuned Infrastructure