Merge branch 'fix/make-ourselves-at-home-in-new-repo' into 'master'

Fix: Make ourselves at home in new repo

See merge request dev/linotp/linotp-adminclient-cli!1

Author: Anselm Lingnau

.gitlab-ci.yml

@@ -0,0 +1,11 @@
+include:
+  - ci/gitbox-ci.yml
+
+build:jessie:
+    extends: .build-jessie
+
+build:stretch:
+    extends: .build-stretch
+
+build:buster:
+    extends: .build-buster

DESCRIPTION

@@ -0,0 +1,59 @@
+# LinOTP Command-Line Administration Client
+
+LinOTP - the Open Source solution for multi-factor authentication
+
+Copyright © 2010-2019 KeyIdentity GmbH  
+Coypright © 2019- arxes-tolina GmbH
+
+## About LinOTP
+
+LinOTP is truly open in two ways. Its modules and components are
+licensed under the AGPLv3 and give you a complete working open-source
+solution for strong multi-factor authentication.
+
+But LinOTP also uses an open and modular architecture. LinOTP aims not
+to lock you into any particular authentication method or protocol or
+user information storage.
+
+LinOTP accommodates many different OTP algorithms using a modular
+approach. This includes the OATH standards such as HMAC (RFC 4226) and
+time-based HMAC. But LinOTP's design makes it easy to create your own
+tokens with different algorithms, including challenge-response tokens,
+tokens based on QR codes, and tokens based on push-type messages.
+
+Other components like the LinOTP authentication modules or the LinOTP
+administration clients make it easy to integrate strong multi-factor
+authentication into your environment.
+
+This package contains the LinOTP Command-Line Administration Client,
+which lets you manage a LinOTP server from the command line. It is
+supremely uninteresting unless you have a LinOTP server running on
+your network.
+
+**IMPORTANT:** This program has been around for a while and hasn't
+been looked at a lot in recent days. Stuff may work but then again it
+may not. USE AT YOUR OWN RISK.
+
+## Installation
+
+1. Installation from PyPI: Use the
+   ```terminal
+   $ pip install LinOTPAdminClientCLI
+   ```
+   command.
+
+2. Installation from source: Download the source code from
+   https://github.com/linotp-adminclient-cli and, in the top-level
+   directory of the source code distribution, say
+   ```
+   $ python setup.py install
+   ```
+   (You may wish to do this in a virtualenv.)
+
+## Usage
+
+Refer to the man page, linotpadm(1), or try
+```
+$ linotpadm     # no arguments
+```
+

README.md

@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# Copy distribution packages from $DIST to $DIST-golden.
+# This usually happens when the commit in question has a `release/*` tag,
+# but it is the caller's responsibility to ensure this. It will be of no
+# conceivable interest to you whatsoever unless you're doing official
+# LinOTP development.
+#
+# This command is called with the desired base distribution (e.g., `buster`)
+# and the names of one or more *.changes files – usually produced as Gitlab
+# CI/CD artifacts – as parameters.
+# We get the actual distribution and package names from the changes file.
+
+WANTED_DIST=$1
+GOLDEN_DIST=$1-golden
+shift
+
+declare -a PKGS	 # List of packages to be copied
+for chf do
+    PKG=$(sed -ne '/^Binary:/{s/^.*: //p;q}' $chf)         # Find package name
+    DIST=$(sed -ne '/^Distribution:/{s/^.*: //p;q}' $chf)  # Find distribution name
+    if [ -z "$DIST" ]; then
+        echo >&2 "E:Couldn't find 'Distribution:' line in $chf, skipping"
+        continue
+    elif [ -z "$PKG" ]; then
+        echo >&2 "E:Couldn't find 'Binary:' line in $chf, skipping"
+        continue
+    fi
+    echo >&2 "I:Considering $PKG ($chf)"
+    if [ "$DIST" != "$WANTED_DIST" ]; then
+        echo >&2 "W:$PKG's distribution is $DIST, not $WANTED_DIST, skipping"
+        continue
+    fi
+    PKGS+=($PKG)
+done
+
+if [ "${#PKGS[*]}" -gt 0 ]; then # Do we have work to do?
+    echo >&2 "I:Copying ${PKGS[@]} to ${GOLDEN_DIST}"
+    ssh dists@$DEV_REPO_HOST reprepro copy ${GOLDEN_DIST} ${WANTED_DIST} ${PKGS[@]}
+    EXITCODE=$?
+    echo >&2 "I:Done"
+else
+    echo >&2 "I:Nothing to do"
+    EXITCODE=0
+fi
+
+exit $EXITCODE

README.txt

@@ -0,0 +1,121 @@
+variables:
+  DEV_REPO_URL: http://avocado.corp.lsexperts.de/deb-repo
+  LANG: C.UTF-8
+  EMAIL: "KeyIdentity GmbH <[email protected]>"
+  # Merges/tags to this branch trigger uploads
+  GITBOX_CI_UPLOAD_BRANCHES: '/^(branch-v|master)/'
+  # Tags to these release branches trigger golden-repo uploads
+  GITBOX_CI_RELEASE_TAGS: '/^release/'
+  GITBOX_CI_GOLDEN_RELEASES: '/^buster$/'
+
+workflow:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'schedule' # Execute nightly jobs
+    - if: $CI_MERGE_REQUEST_ID              # Execute jobs in MR context
+    - if: '$CI_COMMIT_BRANCH =~ $GITBOX_CI_UPLOAD_BRANCHES'
+                                            # Execute jobs when new commit is pushed to upload branch
+
+stages:
+  - build
+  - deploy
+  - upload-debian-packages
+  - copy-to-golden
+
+.build-debs:
+  stage: build
+  image: debian:${DEBIAN_RELEASE_NAME}
+  script:
+    - apt-get update
+    - apt-get install --yes --no-install-recommends devscripts build-essential equivs git-buildpackage lsb-release libdistro-info-perl
+    - ci/update-debian-changelog
+    - mk-build-deps --install --remove --tool "apt-get --yes --no-install-recommends" debian/control
+    - gbp buildpackage --git-ignore-new --git-ignore-branch -uc -us
+    - mkdir -p artifacts
+    - dcmd mv ../*.changes ../*.build artifacts/
+  artifacts:
+    paths:
+      - artifacts/*
+
+.build-jessie:
+  extends: .build-debs
+  allow_failure: true
+  variables:
+    DEBIAN_RELEASE_NAME: jessie
+
+.build-stretch:
+  extends: .build-debs
+  variables:
+    DEBIAN_RELEASE_NAME: stretch
+
+.build-buster:
+  extends: .build-debs
+  variables:
+    DEBIAN_RELEASE_NAME: buster
+
+# Upload deb packages to development repository.
+# We use scp to upload all the files to an incoming directory.
+
+.before_upload: &before_upload
+  before_script:
+    # Ensure required variables have been set
+    - test -n "${DEV_REPO_HOST}"
+    - test -n "${DEV_REPO_KNOWN_HOSTS}"
+    - test -n "${DEV_REPO_SSH_SUBMIT_KEY}"
+    # Install dependencies
+    - apt-get update && apt-get install --yes --no-install-recommends devscripts openssh-client
+    # Configure ssh
+    - eval $(ssh-agent -s)
+    - echo "$DEV_REPO_SSH_SUBMIT_KEY" | tr -d '\r' | ssh-add - >/dev/null
+    - mkdir --mode 700 -p ~/.ssh
+    - echo "CheckHostIP no" >>~/.ssh/config
+    - echo "$DEV_REPO_KNOWN_HOSTS" >~/.ssh/known_hosts
+    - chmod 644 ~/.ssh/known_hosts
+
+upload-debs:
+  stage: upload-debian-packages
+  image: debian:latest
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'schedule'
+      when: never               # Nightly jobs do not upload
+    - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH =~ $GITBOX_CI_UPLOAD_BRANCHES'
+      when: always              # Auto-upload if merged to upload branch
+    - if: $CI_COMMIT_TAG
+      when: always              # Auto-upload if tagged
+    - when: manual              # Otherwise allow manual upload from branch
+      allow_failure: true
+  <<: *before_upload
+  script:
+    - find artifacts/* -ls
+    # scp all files referenced by the changes files to the repository
+    - dcmd scp artifacts/*.changes dists@$DEV_REPO_HOST:deb-repo/incoming
+
+# Copy packages to golden repo if they have a `release` tag.
+# Note that this must come after `upload-debs`
+
+.copy-to-golden:
+  stage: copy-to-golden
+  image: debian:latest
+  rules:
+    - if: '$CI_COMMIT_TAG && $CI_COMMIT_TAG =~ $GITBOX_CI_RELEASE_TAGS && $DEBIAN_RELEASE_NAME =~ $GITBOX_CI_GOLDEN_RELEASES'
+      when: always
+    - when: manual
+      allow_failure: true
+  <<: *before_upload
+  script:
+    - ci/copy-to-golden "$DEBIAN_RELEASE_NAME" artifacts/*.changes
+
+.golden-jessie:
+  extends: .copy-to-golden
+  allow_failure: true
+  variables:
+    DEBIAN_RELEASE_NAME: jessie
+
+.golden-stretch:
+  extends: .copy-to-golden
+  variables:
+    DEBIAN_RELEASE_NAME: stretch
+
+.golden-buster:
+  extends: .copy-to-golden
+  variables:
+    DEBIAN_RELEASE_NAME: buster

Readme.rst

@@ -0,0 +1,89 @@
+#!/bin/sh
+
+# This script ensures that the package version is appropriate
+# for the distribution that we are building for.
+#
+# = Snapshot builds =
+# We use git-buildpackage's dch subcommand to generate a changelog
+# containing git commit information. While not as good as a hand
+# edited changelog, it contains enough information to help testers
+# understand which changes are contained in the package.
+#
+# We use gbp-dch to set a version number based on the commit date
+# and git commit id.
+#
+# = Building from tags =
+# If we are building for a tag, we generate final release packages:
+#   * Leave the changelog entries as they are
+#   * If a backport, generate a backport changelog entry
+#
+# = Distribution flag =
+# In all cases, we want to make sure that the distribution name
+# is set. This is to ensure that reprepro assigns the package to
+# the correct distribution. We determine the distribution
+# using lsb_release.
+
+if [ -n "$1" ]
+then
+    # The debian directory is in another directory
+    DEBIAN_DIR="$1"
+    if [ ! -d "$DEBIAN_DIR" ]
+    then
+	echo >&2 Directory \"$DEBIAN_DIR\" not found
+	exit 1
+    fi
+    GBP_SINCE_PARAM="-s $(git rev-list --max-count=1 HEAD -- "$DEBIAN_DIR"/debian/changelog)"
+    export GIT_DIR="$(realpath .git)"
+    cd "$DEBIAN_DIR"
+else
+    DEBIAN_DIR=
+    GBP_SINCE_PARAM="--auto"
+fi
+
+# Determine the release name and number that we are building for
+DEBIAN_RELEASE_NAME="$(lsb_release --codename --short)"
+
+# Ensure generated changelog entries have the same
+export DEBEMAIL="$(dpkg-parsechangelog --show-field Maintainer)"
+
+# To ensure package version numbers for backports follow in the
+# correct order, we treat stable/oldstable as a backport build
+if [ "$DEBIAN_RELEASE_NAME" = "bullseye" ]
+then
+    BPO_FLAG=
+else
+    BPO_FLAG=--bpo
+fi
+
+# Are we building a snapshot or tag?
+if [ -z "${CI_COMMIT_TAG}" ]
+then
+    # Snapshot build
+
+    # Install git-buildpackage
+    which gbp || apt-get install --yes --no-install-recommends git-buildpackage
+
+    COMMIT_TS="$(git show --no-patch --pretty=format:%ct HEAD)"
+    COMMIT_DATE="$(date --date="@${COMMIT_TS}" +%Y%m%d%H%M)"
+    CURRENT_VERSION="$(dpkg-parsechangelog --show-field Version)"
+    SINCE_HASH="$(git rev-list --max-count=1 HEAD -- linotpd/src/debian/changelog)"
+
+    gbp dch $GBP_SINCE_PARAM --snapshot --snapshot-number="${COMMIT_DATE}" --no-multimaint --ignore-branch $BPO_FLAG
+else
+    # Tagged build
+
+    # Only create a changelog entry if we are creating a backport version
+    if [ -n "$BPO_FLAG" ]
+    then
+	dch --bpo "Autobuilt by CI"
+    fi
+fi
+
+# In order to upload to our internal archive, we need to set the distribution to
+# correct destination distribution
+CURRENT_DISTRIBUTION="$(dpkg-parsechangelog --show-field Distribution)"
+sed -i "1s/ ${CURRENT_DISTRIBUTION}\(; urgency=\)/ ${DEBIAN_RELEASE_NAME}\1/" debian/changelog
+
+# Show the results
+dpkg-parsechangelog
+

ci/copy-to-golden

@@ -72,7 +72,7 @@
 
 def usage():
     print("usage: %s --url=<url> --admin=<adminusername> --cert=<cert> --key=<rsakey> --command=<command> --version" % sys.argv[0])
-    print(""""  --url/-U     : The base url of the LinOTP server. Something like
+    print("""  --url/-U     : The base url of the LinOTP server. Something like
                  http://localhost:5000 or https://linotp:443
   --admin/-a   : If the admin interface of the LinOTP service requires authentication
                  you need to pass the username and will be asked for the password.

ci/gitbox-ci.yml

@@ -342,7 +342,7 @@ def connect(self, path, param, data={}, json_format=True):
 
             p = None
             if req_params:
-                p = urllib.parse.urlencode(req_params)
+                p = urllib.parse.urlencode(req_params).encode("utf-8")
 
             req_url = self.protocol + '://' + self.url + path
             f = urllib.request.urlopen(urllib.request.Request(req_url, p))