From 9f7dd5e00b2461dd77548708ded062694efd7f38 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 12 Feb 2020 03:03:50 +0000 Subject: [PATCH 1/3] changes for IdP 4.0 --- configBuilder.sh | 376 ++++++----------------------------------------- 1 file changed, 42 insertions(+), 334 deletions(-) diff --git a/configBuilder.sh b/configBuilder.sh index 854e95e..5989d1e 100755 --- a/configBuilder.sh +++ b/configBuilder.sh @@ -7,18 +7,15 @@ cd /scriptrun # script config items -SHB_CFG_URL=https://github.internet2.edu/docker/shib-idp-conftree/archive/3.4-InCommon.zip +SHB_CFG_URL=https://github.internet2.edu/docker/shib-idp-conftree/archive/4.0-InCommon.zip TOM_CFG_URL=https://github.internet2.edu/docker/shib-idp-tomcat-config/archive/master.zip -TMP_DIR_S=/tmp/3.4-InCommon +TMP_DIR_S=/tmp/4.0-InCommon TMP_DIR_T=/tmp/tomcfg TMP_DIR_D=/tmp/buildfiles -#LINUX_BUILD_FILES_URL=https://github.internet2.edu/docker/shib-idp/archive/master.zip -#WINDOWS_BUILD_FILES_URL=https://github.internet2.edu/docker/ShibbIdP_noVM_Windows/archive/master.zip # default directories TOMCFG=config/tomcat -#TOMLOG=logs/tomcat TOMCERT=credentials/tomcat TOMWWWROOT=wwwroot SHBCFG=config/shib-idp/conf @@ -27,7 +24,6 @@ SHBVIEWS=config/shib-idp/views SHBEDWAPP=config/shib-idp/edit-webapp SHBMSGS=config/shib-idp/messages SHBMD=config/shib-idp/metadata -#SHBLOG=logs/shib-idp # logs LOGFILE=${PWD}/setup.log @@ -45,66 +41,21 @@ TIER_TESTBED=None BURNMOUNT=None USESECRETS=None - ################################## ### ensure directory structure ### ################################## mkdir -p config/tomcat -#mkdir -p logs/tomcat mkdir -p credentials/tomcat mkdir -p wwwroot mkdir -p config/shib-idp/conf mkdir -p credentials/shib-idp -mkdir -p config/shib-idp/views -mkdir -p config/shib-idp/edit-webapp -mkdir -p config/shib-idp/messages mkdir -p config/shib-idp/metadata -#mkdir -p logs/shib-idp - - -########################################################### -### grab the docker build files, depending on OS choice ### -########################################################### -## first, check for wget -#command -v wget >/dev/null 2>&1 || { echo >&2 "ERROR: wget is required, but doesn't appear to be installed. Aborting..."; exit 1; } -# -# -#case "$BUILD_ENV" in -#LINUX | linux) -# echo "Getting build files for a Linux container" -# wget -q -O ${TMP_DIR_D}.zip ${LINUX_BUILD_FILES_URL} > /dev/null -# unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1 -# cp -rf ${TMP_DIR_D}/shib-idp-master/* /output -# ;; -#WINDOWS | windows) -# echo "Getting build files for a Windows container" -# wget -q -O ${TMP_DIR_D}.zip ${WINDOWS_BUILD_FILES_URL} > /dev/null -# unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1 -# cp -rf ${TMP_DIR_D}/ShibbIdP_noVM_Windows-master/* /output -# ;; -#*) -# echo "Environment variable BUILD_ENV was not found or had an incorrect value (only LINUX|WINDOWS is supported). Terminating." -# exit 1 -# ;; -#esac -# -#rm -f /output/configBuilder.sh > /dev/null 2>&1 -#rm -f /output/setup.log > /dev/null 2>&1 -#rm -f /output/README.md > /dev/null 2>&1 -#rm -rf /output/shib-idp-master/* -# -##grab copy of Dockerfile in working dir -#cp -f /output/Dockerfile . -############################################################## - ############################################################## ### download default/TIER config for both shibb and tomcat ### ############################################################## # echo "Downloading TIER default configs" -#wget -q -O ${TMP_DIR_S}.zip ${SHB_CFG_URL} > /dev/null -#wget -q -O ${TMP_DIR_T}.zip ${TOM_CFG_URL} > /dev/null curl -kLo ${TMP_DIR_S}.zip ${SHB_CFG_URL} > /dev/null curl -kLo ${TMP_DIR_T}.zip ${TOM_CFG_URL} > /dev/null @@ -115,15 +66,17 @@ curl -kLo ${TMP_DIR_T}.zip ${TOM_CFG_URL} > /dev/null unzip -o -d ${TMP_DIR_S} ${TMP_DIR_S}.zip > /dev/null 2>&1 unzip -o -d ${TMP_DIR_T} ${TMP_DIR_T}.zip > /dev/null 2>&1 + ################################################################################ ### cp relevant folders from expanded zip to appropriate locations at $PWD/* ### ################################################################################ -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.4-InCommon/conf/* ${SHBCFG} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.4-InCommon/views/* ${SHBVIEWS} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.4-InCommon/edit-webapp/* ${SHBEDWAPP} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.4-InCommon/messages/* ${SHBMSGS} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.4-InCommon/metadata/* ${SHBMD} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.4-InCommon/credentials/* ${SHBCREDS} +# +cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/idp.properties ${SHBCFG} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/ldap.properties ${SHBCFG} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/metadata-providers.xml ${SHBCFG} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/attribute-resolver.xml ${SHBCFG} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/attribute-filter.xml ${SHBCFG} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/credentials/inc-md-cert-mdq.pem ${SHBCREDS} cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/conf/* ${TOMCFG} cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/wwwroot/* ${TOMWWWROOT} @@ -131,45 +84,6 @@ cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/wwwroot/* ${TOMWWWROOT} ##################################################### ### ask setup questions to aid in config building ### ##################################################### -# -# Get Oracle license agreement from the user -# -#echo "" -#echo "The Shibboleth IdP requires that you use Oracle Java. The Docker container " -#echo "should be configured to download it for you as part of the Docker image build " -#echo "process, but, before we proceed, you must agree to the Oracle Binary Code " -#echo "License Agreement for Java SE (\"Oracle License\"). Please review:" -#echo "" -#echo " http://www.oracle.com/technetwork/java/javase/terms/license/index.html" -#echo "" -#echo "By agreeing to the Oracle License, you acknowledge that Internet2 is not" -#echo "distributing the Java software and, to the extent an issue arises" -#echo "related to your use of Oracle Java in the TIER software package, you and" -#echo "Internet2 agree to hold each other harmless from any third party claims." -#echo ""${PWD} -# -#while [ ${ORACLE_JAVA_APPROVAL} == "None" ]; do -# echo -n "Do you agree to the terms of the Oracle license [Yes/No]? " -# read response -# case $response in -# Yes) -# ORACLE_JAVA_APPROVAL=$response -# ;; -# No) -# ORACLE_JAVA_APPROVAL=$response -# ;; -# *) -# echo "Please respond with Yes or No" -# esac -#done -#if [ ${ORACLE_JAVA_APPROVAL} != "Yes" ]; then -# echo "" -# echo "In order to use this implementation of the Shibboleth IdP, you must" -# echo "use Oracle Java and thus agree to the terms of the Oracle license." -# exit 0 -#fi - - # # Get the FQDN of the server # @@ -275,7 +189,6 @@ while [ ${LDAPBASEDN} == "None" ]; do ;; esac done -#echo "LDAP Base DN is: $LDAPBASEDN" # # Get the LDAP DN for this deployment @@ -302,7 +215,6 @@ while [ ${LDAPDN} == "None" ]; do ;; esac done -#echo "LDAP DN is: $LDAPDN" # # Get the LDAP PWD for this deployment @@ -331,50 +243,11 @@ while [ ${LDAPPWD} == "None" ]; do done -####################### -## ask about secrets ## -####################### -cat << EOF - - -*********************************************************************************** -*********************************************************************************** - ==> The next question deals with the use of 'secrets' in your container. - -Secrets are files that contain senstivie information such as passwords or keys. The following files are considered 'secrets': -idp.properties -ldap.properties -attribute-resolver.xml -attribute-filter.xml -relying-party.xml -metadata-providers.xml -idp-signing.key -idp-signing.crt -idp-encryption.key -idp-encryption.crt -sealer.jks -sealer.kver -keystore.jks (Tomcat SSL) - -If you answer yes/y to this question, the files listed above will be removed from the directories containing the other configuration files (intended to be burned into the container), and placed into a folder named 'SECRETS'. You can then use these files with your container orchestration system to overlay the relevant files in your running containers. - -If you answer no/n to this question, your configuration (intended to be burned into the container) will contain all config files, including those with sensitive information. -EOF -while [ ${USESECRETS} == "None" ]; do - echo -n "Would you like to isolate "secrets" from your generated Shibb IdP configuration? " - read yesno - case $yesno in - Yes|yes|Y|y) - USESECRETS=YES - BURNMOUNT=hybrid - ;; - No|no|N|n) - USESECRETS=NO - BURNMOUNT=burn - ;; - esac -done - +####################################### +## support for secrets is deprecated ## +####################################### +USESECRETS=NO +BURNMOUNT=burn ############################################################ @@ -499,11 +372,9 @@ if test \! -f ${IDP_PROP}.dist; then cp ${IDP_PROP} ${IDP_PROP}.dist fi -sed "s/example.org\/idp\/shibboleth/${FQDN}\/idp\/shibboleth/" ${IDP_PROP}.dist > ${IDP_PROP}.tmp -sed "s/=example.org/=${SCOPE}/" ${IDP_PROP}.tmp > ${IDP_PROP}.tmp2 -sed "s#Password=changeit#Password=${SEALERPWD}#" ${IDP_PROP}.tmp2 > ${IDP_PROP} +sed "s/idp.example.org\/idp\/shibboleth/${FQDN}\/idp\/shibboleth/" ${IDP_PROP}.dist > ${IDP_PROP}.tmp +sed "s/=example.org/=${SCOPE}/" ${IDP_PROP}.tmp > ${IDP_PROP} rm -f ${IDP_PROP}.tmp -rm -f ${IDP_PROP}.tmp2 # # set ldap URL, baseDN, svcDN, pwd in ldap.properties @@ -513,64 +384,36 @@ if test \! -f ${LDAP_PROP}.dist; then fi sed "s/#idp.authn.LDAP.authenticator/idp.authn.LDAP.authenticator/" ${LDAP_PROP}.dist > ${LDAP_PROP}.tmp -sed "s/=anonSearchAuthenticator/=bindSearchAuthenticator/" ${LDAP_PROP}.tmp > ${LDAP_PROP}.tmp2 +sed "s/= anonSearchAuthenticator/= bindSearchAuthenticator/" ${LDAP_PROP}.tmp > ${LDAP_PROP}.tmp2 sed "s#ldap://localhost:10389#${LDAPURL}#" ${LDAP_PROP}.tmp2 > ${LDAP_PROP}.tmp3 sed "s#uid=myservice,ou=system#${LDAPDN}#" ${LDAP_PROP}.tmp3 > ${LDAP_PROP}.tmp4 -sed "s#myServicePassword#${LDAPPWD}#" ${LDAP_PROP}.tmp4 > ${LDAP_PROP}.tmp5 -sed "s#ou=people,dc=example,dc=org#${LDAPBASEDN}#" ${LDAP_PROP}.tmp5 > ${LDAP_PROP} - +sed "s#ou=people,dc=example,dc=org#${LDAPBASEDN}#" ${LDAP_PROP}.tmp4 > ${LDAP_PROP} rm -f ${LDAP_PROP}.tmp rm -f ${LDAP_PROP}.tmp2 rm -f ${LDAP_PROP}.tmp3 rm -f ${LDAP_PROP}.tmp4 -rm -f ${LDAP_PROP}.tmp5 -# adjust Dockerfile for java and for a burned-in config, if needed -# -#java first -#if test \! -f Dockerfile.dist; then -# cp Dockerfile Dockerfile.dist -#fi -#cat < docker_edit.sed -#s/^# ENV /ENV / -#s/^# RUN /RUN / -#s/^# yum/ yum/ -#s/^# rm/ rm/ -#s/^# alternatives/ alternatives/ -#s/^# http/ http/ -#s/^# \&\&/ \&\&/ -#EOF -#rm -f Dockerfile -#sed -f docker_edit.sed Dockerfile.dist > Dockerfile -#rm -f docker_edit.sed - -#if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then -# echo "Configuring Docker for burned-in/hybrid configuration." -# -# mv -f Dockerfile Dockerfile.setup -# cat < docker_edit.sed -#s/^## ADD /ADD / -#/^VOLUME/,+10 s/^/#/ -#EOF -# rm -f Dockerfile -# sed -f docker_edit.sed Dockerfile.setup > Dockerfile -# rm -f Dockerfile.setup -# rm -f docker_edit.sed -# -#fi -#if [ ${USESECRETS} == "YES" ] && [ ${BUILD_ENV} == "WINDOWS" ]; then -# echo "Configuring Dockerfile for use of secrets in a Windows container." -# -# mv -f Dockerfile Dockerfile.setup -# cat < docker_edit.sed -#s/^#!# RUN /RUN / -#EOF -# rm -f Dockerfile -# sed -f docker_edit.sed Dockerfile.setup > Dockerfile -# rm -f Dockerfile.setup -# rm -f docker_edit.sed -#fi +################################# +## generate secrets.properties ## +################################# +cat > ./${SHBCREDS}/secrets.properties << EOF +# This is a reserved spot for most properties containing passwords or other secrets. +# Created by install at $(date) + +# Access to internal AES encryption key +idp.sealer.storePassword = ${SEALERPWD} +idp.sealer.keyPassword = ${SEALERPWD} + +# Default access to LDAP authn and attribute stores. +idp.authn.LDAP.bindDNCredential = ${LDAPPWD} +idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined} + +# Salt used to generate persistent/pairwise IDs, must be kept secret +#idp.persistentId.salt = changethistosomethingrandom + +EOF + # configure SSL keystore password in tomcat's config file: # conf/tomcat/server.xml replace: keystorePass="password" @@ -603,32 +446,6 @@ esac # if the user chose to use secrets, then generate a directory containing the config with secrets removed -if [ ${USESECRETS} == "YES" ]; then - echo "" - echo "Creating sanitized config for use with secrets..." - echo "" - destPath=${PWD} - mkdir -p ${destPath}/SECRETS - -# move secrets - mv -f $destPath/config/shib-idp/conf/idp.properties $destPath/SECRETS/idp.properties > /dev/null - mv -f $destPath/config/shib-idp/conf/ldap.properties $destPath/SECRETS/ldap.properties > /dev/null - mv -f $destPath/credentials/shib-idp/sealer.jks $destPath/SECRETS/sealer.jks > /dev/null - mv -f $destPath/credentials/shib-idp/sealer.kver $destPath/SECRETS/sealer.kver > /dev/null - mv -f $destPath/credentials/shib-idp/idp-signing.key $destPath/SECRETS/idp-signing.key > /dev/null - mv -f $destPath/credentials/shib-idp/idp-signing.crt $destPath/SECRETS/idp-signing.crt > /dev/null - mv -f $destPath/credentials/shib-idp/idp-encryption.key $destPath/SECRETS/idp-encryption.key > /dev/null - mv -f $destPath/credentials/shib-idp/idp-encryption.crt $destPath/SECRETS/idp-encryption.crt > /dev/null - mv -f $destPath/credentials/tomcat/keystore.jks $destPath/SECRETS/keystore.jks > /dev/null - mv -f $destPath/config/shib-idp/conf/relying-party.xml $destPath/SECRETS/relying-party.xml > /dev/null - mv -f $destPath/config/shib-idp/conf/attribute-filter.xml $destPath/SECRETS/attribute-filter.xml > /dev/null - mv -f $destPath/config/shib-idp/conf/attribute-resolver.xml $destPath/SECRETS/attribute-resolver.xml > /dev/null - mv -f $destPath/config/shib-idp/conf/metadata-providers.xml $destPath/SECRETS/metadata-providers.xml > /dev/null - - echo "" - echo "Your 'secrets' were removed from the main config and stored in the 'SECRETS' directory" - echo "" -fi #copy files directly instead of zipping mkdir -p /output-tmp @@ -639,20 +456,6 @@ cp -Rf /output-tmp/* /output rm -rf /output-tmp/* rmdir /output-tmp - -#echo "" -#echo "Archiving generated config..." -#echo "" -##ensure zip -#command -v zip >/dev/null 2>&1 || { echo >&2 "ERROR: zip is required, but doesn't appear to be installed. Aborting..."; exit 1; } -#FILENAME=./shib-idp-config_`date +%m%d%Y-%H%M%S`.zip -#zip -r ${FILENAME} ./* > /dev/null - -#special for the special-purpose container -#cp ${FILENAME} /output -#zip -d /output/${FILENAME:2} "configBuilder.sh" -#zip -d /output/${FILENAME:2} "Dockerfile" -#zip -d /output/${FILENAME:2} "setup.log" echo "wrote config to output location (typically PWD)"... @@ -662,92 +465,9 @@ echo "wrote config to output location (typically PWD)"... ### notify user of next steps (docker build and docker run commands, based on burn/mount and chosen directory locations) ### ############################################################################################################################ echo "" -echo "Your initial configuration has been successfully setup." -echo "" -echo "" -if [ ${BURNMOUNT} == "burn" ]; then - echo "Since you have elected to use a completely burned-in config, the steps for " - echo " you to build and run a TIER Shibboleth-IdP container are below." - echo "1. BUILD" - echo " It will be necessary to specify where to find your config at build-time, " - echo " so that it can be copied into the container." - echo "" - echo " If you are using the default config locations (used/created by the ConfigBuilder service), then the following command would be correct:" - echo " docker build --rm -t my/shibb-idp-tier ." - echo "" - echo " If you have an existing config or otherwise need to supply non-default paths for your config bits, " - echo " that can be done by overriding the default values in the build command like this " - echo " (the values below are all the default values - modify as appropriate):" - echo "" - echo " docker build --rm -t my/shibb-idp-tier --build-arg TOMCFG=config/tomcat \\ - --build-arg TOMLOG=logs/tomcat \\ - --build-arg TOMCERT=credentials/tomcat \\ - --build-arg TOMWWWROOT=wwwroot \\ - --build-arg SHBCFG=config/shib-idp/conf \\ - --build-arg SHBCREDS=credentials/shib-idp \\ - --build-arg SHBVIEWS=config/shib-idp/views \\ - --build-arg SHBEDWAPP=config/shib-idp/edit-webapp \\ - --build-arg SHBMSGS=config/shib-idp/messages \\ - --build-arg SHBMD=config/shib-idp/metadata \\ - --build-arg SHBLOG=logs/shib-idp ." - echo "" - echo "" - echo "2. RUN" - echo "" - echo " docker run -d --name shib-idp -p 443:443 my/shibb-idp-tier" -elif [ ${BURNMOUNT} == "hybrid" ]; then - echo "Since you have elected to use a hybrid config (with secrets), the steps for " - echo " you to build and run a TIER Shibboleth-IdP container are below." - echo "1. BUILD" - echo " It will be necessary to specify where to find your config at build-time, but with a hybrid config, " - echo " you'll want to point it to a set of config files that have no \"secrets\"" - echo "" - echo "To do this, point an environment variable at the alternate location (created by this script):" - echo " export ALTCFG=ConfigNoSecrets" - echo "" - echo " docker build --rm -t my/shibb-idp-tier --build-arg TOMCFG=${ALTCFG}/config/tomcat \\ - --build-arg TOMLOG=${ALTCFG}/logs/tomcat \\ - --build-arg TOMCERT=${ALTCFG}/credentials/tomcat \\ - --build-arg TOMWWWROOT=${ALTCFG}/wwwroot \\ - --build-arg SHBCFG=${ALTCFG}/config/shib-idp/conf \\ - --build-arg SHBCREDS=${ALTCFG}/credentials/shib-idp \\ - --build-arg SHBVIEWS=${ALTCFG}/config/shib-idp/views \\ - --build-arg SHBEDWAPP=${ALTCFG}/config/shib-idp/edit-webapp \\ - --build-arg SHBMSGS=${ALTCFG}/config/shib-idp/messages \\ - --build-arg SHBMD=${ALTCFG}/config/shib-idp/metadata \\ - --build-arg SHBLOG=${ALTCFG}/logs/shib-idp ." - echo "" - echo "Next, you would create the appropriate secrets/overlays in your container orchestration system and run the container. See documentation wiki for more info." - echo "" -else - echo "Since you have elected to use a mounted config, the steps for " - echo " you to build and run a TIER Shibboleth-IdP container are below." - echo "BUILD" - echo " You can build an image for a mounted config quite simply using a command like this:" - echo " (optionally substitute any tag name (after -t) that is appropriate) " - echo "" - echo " docker build --rm -t my/shibb-idp-tier ." - echo "" - echo "" - echo "RUN" - echo " For a mounted config, you will need to supply your config locations at run-time, like this (assuming the default locations for the local config)." - echo "" - echo " docker run -d --name shib-test1 -p 443:443 -v ${PWD}/${TOMCFG}:/usr/local/tomcat/conf \\ - -v ${PWD}/${TOMWWWROOT}:/usr/local/tomcat/webapps/ROOT \\ - -v ${PWD}/${TOMLOG}:/usr/local/tomcat/logs \\ - -v ${PWD}/${TOMCERT}:/opt/certs \\ - -v ${PWD}/${SHBCFG}:/opt/shibboleth-idp/conf \\ - -v ${PWD}/${SHBCREDS}:/opt/shibboleth-idp/credentials \\ - -v ${PWD}/${SHBVIEWS}:/opt/shibboleth-idpviews \\ - -v ${PWD}/${SHBEDWAPP}:/opt/shibboleth-idp/edit-webapp \\ - -v ${PWD}/${SHBMSGS}:/opt/shibboleth-idp/messages \\ - -v ${PWD}/${SHBMD}:/opt/shibboleth-idp/metadata \\ - -v ${PWD}/${SHBLOG}:/opt/shibboleth-idp/logs \\ - my/shibb-idp-tier" - - -fi - +echo "Your initial configuration has been successfully built." +echo "" +echo "" ################################# @@ -761,19 +481,7 @@ rm -f ${TMP_DIR_T}.zip rm -rf ${TMP_DIR_T}/* rmdir ${TMP_DIR_T} -#rm -f ${TMP_DIR_D}.zip -#rm -rf ${TMP_DIR_D}/* -#rmdir ${TMP_DIR_D} - - -#copy config to output directory -#cp -rfn config/. /output/config/ -#cp -rfn logs/. /output/logs/ -#cp -rfn credentials/. /output/credentials/ -#cp -rfn wwwroot/. /output/wwwroot/ # -#echo config saved to ${FILENAME:2} echo config saved to configured local directory -#sleep 3 echo "" echo "" From f27bf4763a6d0b0c0051669a58e9a576bcb15a60 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 12 Feb 2020 05:42:53 +0000 Subject: [PATCH 2/3] minor cleanup --- Dockerfile.template | 6 +++--- Dockerfile.windows.template | 6 +++--- common.bash | 2 +- configBuilder.sh | 2 -- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/Dockerfile.template b/Dockerfile.template index d851db6..c5f74ab 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -17,9 +17,9 @@ ADD ${TOMCERT} /opt/certs ADD ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT ADD ${SHBCFG} /opt/shibboleth-idp/conf ADD ${SHBCREDS} /opt/shibboleth-idp/credentials -ADD ${SHBVIEWS} /opt/shibboleth-idp/views -ADD ${SHBEDWAPP} /opt/shibboleth-idp/edit-webapp -ADD ${SHBMSGS} /opt/shibboleth-idp/messages +#ADD ${SHBVIEWS} /opt/shibboleth-idp/views +#ADD ${SHBEDWAPP} /opt/shibboleth-idp/edit-webapp +#ADD ${SHBMSGS} /opt/shibboleth-idp/messages ADD ${SHBMD} /opt/shibboleth-idp/metadata diff --git a/Dockerfile.windows.template b/Dockerfile.windows.template index 7efa140..304ad32 100644 --- a/Dockerfile.windows.template +++ b/Dockerfile.windows.template @@ -18,9 +18,9 @@ ADD $TOMCERT c:\\opt\\certs ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials -ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views -ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp -ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages +#ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views +#ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp +#ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata # Uncomment if using secrets; removes existing files from the container so that secrets can propagate (issue with Windows containers) diff --git a/common.bash b/common.bash index 314d47a..9b82abc 100644 --- a/common.bash +++ b/common.bash @@ -2,4 +2,4 @@ registry="docker.io" maintainer="tier" basename="shibbidp_configbuilder_container" imagename="shibbidp_configbuilder_container" -version="0.4" +version="0.5" diff --git a/configBuilder.sh b/configBuilder.sh index 5989d1e..c37feb3 100755 --- a/configBuilder.sh +++ b/configBuilder.sh @@ -445,8 +445,6 @@ WINDOWS | windows) esac -# if the user chose to use secrets, then generate a directory containing the config with secrets removed - #copy files directly instead of zipping mkdir -p /output-tmp cp -R ./* /output-tmp From 0ceabba987ab6393cda942b72391651d72c49d76 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 12 Feb 2020 21:43:13 +0000 Subject: [PATCH 3/3] bugfix --- configBuilder.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/configBuilder.sh b/configBuilder.sh index c37feb3..1627a72 100755 --- a/configBuilder.sh +++ b/configBuilder.sh @@ -77,6 +77,7 @@ cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/metadata-providers.xml $ cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/attribute-resolver.xml ${SHBCFG} cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/conf/attribute-filter.xml ${SHBCFG} cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/credentials/inc-md-cert-mdq.pem ${SHBCREDS} +cp -rf ${TMP_DIR_S}/shib-idp-conftree-4.0-InCommon/credentials/sealer.kver ${SHBCREDS} cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/conf/* ${TOMCFG} cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/wwwroot/* ${TOMWWWROOT} @@ -123,17 +124,18 @@ echo "" echo "We will use the information you enter here to configure your IdP." echo "" while [ ${SCOPE} == "None" ]; do - echo -n "Enter the Scope for your IdP: " + echo -n "Enter the Scope for your IdP [`expr "$FQDN" | cut -f2- -d.`]: " read response - if [ ${#response} -lt 5 ]; then + TMPSCOPE=${response:-`expr "$FQDN" | cut -f2- -d.`} + if [ ${#TMPSCOPE} -lt 5 ]; then echo "Remember, you need domain - domain.edu or similar" continue fi - echo -n "You entered: ${response} Is this correct [Yes/No]? " + echo -n "You entered: ${TMPSCOPE} Is this correct [Yes/No]? " read yesno case $yesno in Yes|yes|Y|y) - SCOPE=$response + SCOPE=$TMPSCOPE ;; esac done