diff --git a/create-munge-key b/create-munge-key new file mode 100644 index 0000000000000000000000000000000000000000..07dddd407bfe3c050ff5d956f18db3cd774c3dfe --- /dev/null +++ b/create-munge-key @@ -0,0 +1,73 @@ +#! /bin/sh +# Generates a random key for munged +# +# (C) 2007 Gennaro Oliva +# You may freely distribute this file under the terms of the GNU General +# Public License, version 2 or later. + +#Setting default random file +randomfile=/dev/urandom + +#Usage message +usage="Try \`$0 -h' for more information." + +#Help message +needhelp() { +echo Usage: create-munge-key [OPTION]... +echo Generates a random key for munged +echo List of options +echo " -f force overwriting existing old key" +echo " -r specify /dev/random as random file for key generation" +echo " default is /dev/urandom" +echo " -h display this help and exit" +} + +#Parsing command line options +while getopts "hrf" options; do + case $options in + r ) randomfile=/dev/random;; + f ) force=yes;; + h ) needhelp + exit 0;; + \? ) echo $usage + exit 1;; + * ) echo $usage + exit 1;; + esac +done + +if [ `id -u` != 0 ] ; then + echo "Please run create-munge-key as root." + exit 1 +fi + + +#Checking random file presence +if [ ! -e $randomfile ] ; then + echo $0: cannot find random file $randomfile + exit 1 +fi + +#Checking if the user want to overwrite existing key file +if [ "$force" != "yes" ] && [ -e /etc/munge/munge.key ] ; then + echo The munge key /etc/munge/munge.key already exists + echo -n "Do you want to overwrite it? (y/N) " + read ans + if [ "$ans" != "y" -a "$ans" != "Y" ] ; then + exit 0 + fi +fi + +#Generating the key file and change owner and permissions +if [ "$randomfile" = "/dev/random" ] ; then + echo Please type on the keyboard, echo move your mouse, + echo utilize the disks. This gives the random number generator + echo a better chance to gain enough entropy. +fi +echo -n "Generating a pseudo-random key using $randomfile " +dd if=$randomfile bs=1 count=1024 > /etc/munge/munge.key \ + 2>/dev/null +chown munge:munge /etc/munge/munge.key +chmod 0400 /etc/munge/munge.key +echo completed. +exit 0 diff --git a/munge.logrotate b/munge.logrotate new file mode 100644 index 0000000000000000000000000000000000000000..8a928402163e54b3e2c60a0a0ee841ba775805fa --- /dev/null +++ b/munge.logrotate @@ -0,0 +1,5 @@ +/var/log/munge/munged.log { + missingok + notifempty + copytruncate +} diff --git a/munge.spec b/munge.spec index 801b5a40d4428180b4e76c2bd82187898ad64fe5..4e1c233a8f6eae7de411518c986c6aef9d557d93 100644 --- a/munge.spec +++ b/munge.spec @@ -1,71 +1,65 @@ -Name: munge -Version: 0.5.13 -Release: 3 -Summary: MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating credentials. - -License: GPLv3+ and LGPLv3+ -URL: https://dun.github.io/munge/ -Source0: https://github.com/dun/munge/releases/download/munge-%{version}/munge-%{version}.tar.xz - -BuildRequires: gcc systemd-units zlib-devel bzip2-devel libgcrypt-devel - -Provides: munge-libs = %{version}-%{release} -Obsoletes: munge-libs < %{version}-%{release} -Requires(pre): shadow-utils -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd - +Name: munge +Version: 0.5.13 +Release: 1 +Summary: Enables uid & gid authentication across a host cluster +License: GPLv3+ and LGPLv3+ +URL: https://dun.github.io/munge/ +Source0: https://github.com/dun/munge/releases/download/munge-%{version}/munge-%{version}.tar.xz +Source1: create-munge-key +Source2: munge.logrotate +BuildRequires: gcc systemd-units zlib-devel bzip2-devel libgcrypt-devel +Requires: munge-libs = %{version}-%{release} +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd %description MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating credentials. It is designed to be highly scalable for use -in an HPC cluster environment. It allows a process to authenticate the UID and -GID of another local or remote process within a group of hosts having common -users and groups. These hosts form a security realm that is defined by a shared -cryptographic key. Clients within this security realm can create and validate -credentials without the use of root privileges, reserved ports, or -platform-specific methods. +in an HPC cluster environment. +It allows a process to authenticate the UID and GID of another local or +remote process within a group of hosts having common users and groups. +These hosts form a security realm that is defined by a shared cryptographic +key. Clients within this security realm can create and validate credentials +without the use of root privileges, reserved ports, or platform-specific +methods. %package devel -Summary: Development tools for MUNGE -Requires: munge = %{version}-%{release} - +Summary: Development files for uid * gid authentication across a host cluster +Requires: munge-libs%{?_isa} = %{version}-%{release} %description devel -Library files and header files for MUNGE development. +Header files for developing using MUNGE. -%package help -Summary: Helpful information for MUNGE - -%description help -Documents and other helpful information for MUNGE. +%package libs +Summary: Runtime libs for uid * gid authentication across a host cluster +%description libs +Runtime libraries for using MUNGE. %prep %setup -q +cp -p %{SOURCE1} create-munge-key +cp -p %{SOURCE2} munge.logrotate %build %configure --disable-static --with-crypto-lib=libgcrypt -# Get rid of some rpaths for /usr/sbin sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool -%make_build +make %{?_smp_mflags} %install - -%make_install - +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} +install -p -m 755 create-munge-key %{buildroot}/%{_sbindir}/create-munge-key +install -p -D -m 644 munge.logrotate %{buildroot}/%{_sysconfdir}/logrotate.d/munge rm %{buildroot}/%{_sysconfdir}/sysconfig/munge rm %{buildroot}/%{_initddir}/munge - rm %{buildroot}/%{_libdir}/libmunge.la - chmod 700 %{buildroot}%{_var}/lib/munge %{buildroot}%{_var}/log/munge chmod 700 %{buildroot}%{_sysconfdir}/munge - touch %{buildroot}%{_var}/run/munge/munged.pid -%postun +%postun %systemd_postun_with_restart munge.service -/sbin/ldconfig %preun %systemd_preun munge.service @@ -79,39 +73,56 @@ exit 0 %post %systemd_post munge.service -/sbin/ldconfig +%ldconfig_scriptlets libs %files %{_bindir}/munge %{_bindir}/remunge %{_bindir}/unmunge %{_sbindir}/munged +%{_sbindir}/create-munge-key +%{_mandir}/man1/munge.1.gz +%{_mandir}/man1/remunge.1.gz +%{_mandir}/man1/unmunge.1.gz +%{_mandir}/man7/munge.7.gz +%{_mandir}/man8/munged.8.gz %{_unitdir}/munge.service - %attr(0700,munge,munge) %dir %{_var}/log/munge %attr(0700,munge,munge) %dir %{_sysconfdir}/munge %attr(0755,munge,munge) %dir %{_var}/run/munge/ %attr(0644,munge,munge) %ghost %{_var}/run/munge/munged.pid %attr(0700,munge,munge) %dir %{_var}/lib/munge - %config(noreplace) %{_tmpfilesdir}/munge.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/munge +%doc AUTHORS +%doc JARGON META NEWS QUICKSTART README +%doc doc +%files libs %{_libdir}/libmunge.so.2 %{_libdir}/libmunge.so.2.0.0 -%doc AUTHORS JARGON COPYING COPYING.LESSER +%doc COPYING COPYING.LESSER %files devel %{_includedir}/munge.h %{_libdir}/libmunge.so %{_libdir}/pkgconfig/munge.pc - -%files help -%{_mandir}/man1/*.1.gz -%{_mandir}/man7/munge.7.gz -%{_mandir}/man8/munged.8.gz -%{_mandir}/man3/*.3.gz -%doc META NEWS QUICKSTART README doc +%{_mandir}/man3/munge.3.gz +%{_mandir}/man3/munge_ctx.3.gz +%{_mandir}/man3/munge_ctx_copy.3.gz +%{_mandir}/man3/munge_ctx_create.3.gz +%{_mandir}/man3/munge_ctx_destroy.3.gz +%{_mandir}/man3/munge_ctx_get.3.gz +%{_mandir}/man3/munge_ctx_set.3.gz +%{_mandir}/man3/munge_ctx_strerror.3.gz +%{_mandir}/man3/munge_decode.3.gz +%{_mandir}/man3/munge_encode.3.gz +%{_mandir}/man3/munge_enum.3.gz +%{_mandir}/man3/munge_enum_int_to_str.3.gz +%{_mandir}/man3/munge_enum_is_valid.3.gz +%{_mandir}/man3/munge_enum_str_to_int.3.gz +%{_mandir}/man3/munge_strerror.3.gz %changelog -* Mon Mar 09 2020 Jiang Kai - 0.5.13-3 -- Package init +* Mon Sep 7 2020 luoshengwei - 0.5.13-1 +- package init diff --git a/munge.yaml b/munge.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4bdc9a928ca0424aebc17351ec4a36e1b5fbdfdd --- /dev/null +++ b/munge.yaml @@ -0,0 +1,4 @@ +version_control: github +src_repo: dun/munge +tag_prefix: "munge-" +separator: "."