Dir refactor (#788)

* Directory layout changes * New Makefiles * Update import paths * Add gtest build * Update references in README * Address PR feedback
author: Liam Hopkins <liamh@google.com> 2019-06-11 13:57:48 -0700
committer: GitHub <noreply@github.com> 2019-06-11 13:57:48 -0700
commit: e7cc083cfaace84516d9d5fb99881a154850d638 (patch)
tree: 5c66dee4c4e4606e4516a344b8a93f5534202266 /packages/google-compute-engine-oslogin
parent: e7442e62d2f9aa4f1b841a588fc89ebd1d6e8a58 (diff)
download: google-compute-image-packages-e7cc083cfaace84516d9d5fb99881a154850d638.tar.gz
25 files changed, 229 insertions, 201 deletions
diff --git a/packages/google-compute-engine-oslogin/Makefile b/packages/google-compute-engine-oslogin/Makefile
index 67400cd..b22c16f 100644
--- a/packages/google-compute-engine-oslogin/Makefile
+++ b/packages/google-compute-engine-oslogin/Makefile
@@ -1,89 +1,19 @@
-SHELL = /bin/sh
+all install :
+	$(MAKE) -C src $@
 
-VERSION = 1.5.3
-
-CPPFLAGS = -I/usr/include/json-c
-CXXFLAGS = -fPIC -Wall -g
-CFLAGS = $(CXXFLAGS) -Wstrict-prototypes
-
-LDFLAGS = -shared -Wl,-soname,$(SONAME)
-LDLIBS = -lcurl -ljson-c
-PAMLIBS = -lpam $(LDLIBS)
-
-# Paths which should be overrideable.
-
-PREFIX = /usr
-LIBDIR = $(PREFIX)/lib
-BINDIR = $(PREFIX)/bin
-PAMDIR = $(LIBDIR)/security
-MANDIR = /usr/share/man
-
-NSS_OSLOGIN_SONAME       = libnss_oslogin.so.2
-NSS_CACHE_OSLOGIN_SONAME = libnss_cache_oslogin.so.2
-
-NSS_OSLOGIN              = nss_module/libnss_oslogin-$(VERSION).so
-NSS_CACHE_OSLOGIN        = nss_module/libnss_cache_oslogin-$(VERSION).so
-
-PAM_LOGIN                = pam_module/pam_oslogin_login.so
-PAM_ADMIN                = pam_module/pam_oslogin_admin.so
-
-BINARIES = google_oslogin_nss_cache google_authorized_keys bin/google_oslogin_control
-
-all : $(NSS_OSLOGIN) $(NSS_CACHE_OSLOGIN) $(PAM_LOGIN) $(PAM_ADMIN) $(BINARIES)
+tests :
+	$(MAKE) -C test $@
 
 clean :
-	rm -f */*.o */*.so google_oslogin_nss_cache google_authorized_keys
-
-.PHONY : all clean install
-
-# NSS modules.
-
-$(NSS_OSLOGIN) : SONAME = $(NSS_OSLOGIN_SONAME)
-$(NSS_OSLOGIN) : nss_module/nss_oslogin.o utils/oslogin_utils.o
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) $^ -o $@ $(LDLIBS)
-
-$(NSS_CACHE_OSLOGIN) : SONAME = $(NSS_CACHE_OSLOGIN_SONAME)
-$(NSS_CACHE_OSLOGIN) : nss_module/nss_cache_oslogin.o nss_module/compat/getpwent_r.o utils/oslogin_utils.o
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) $^ -o $@ $(LDLIBS)
-
-# PAM modules
-
-$(PAM_LOGIN) : pam_module/pam_oslogin_login.o utils/oslogin_utils.o
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) -shared $^ -o $@ $(PAMLIBS)
-
-$(PAM_ADMIN) : pam_module/pam_oslogin_admin.o utils/oslogin_utils.o
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) -shared $^ -o $@ $(PAMLIBS)
-
-# Utilities.
-
-google_authorized_keys : authorized_keys/authorized_keys.o utils/oslogin_utils.o
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $^ -o $@ $(LDLIBS)
-
-google_oslogin_nss_cache: nss_cache/nss_cache.o utils/oslogin_utils.o
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $^ -o $@ $(LDLIBS)
+	$(MAKE) -C src clean
+	$(MAKE) -C test clean
 
-# Define these to add dependency on header files.
+prowbuild : debian_deps all
 
-utils/oslogin_utils.o : utils/oslogin_utils.cc utils/oslogin_utils.h
+prowtest : debian_deps tests
 
-nss_module/nss_cache_oslogin.o : nss_module/nss_cache_oslogin.c nss_module/nss_cache_oslogin.h
+debian_deps :
+	sudo apt-get -y install g++ libcurl4-openssl-dev libjson-c-dev libpam-dev \
+		googletest && touch $@
 
-install: all
-	install -d $(DESTDIR)$(LIBDIR)
-	install -d $(DESTDIR)$(PAMDIR)
-	install -d $(DESTDIR)$(BINDIR)
-	install -d $(DESTDIR)$(MANDIR)/man8
-	install -m 0644 -t $(DESTDIR)$(LIBDIR) $(NSS_OSLOGIN) $(NSS_CACHE_OSLOGIN)
-	install -m 0644 -t $(DESTDIR)$(PAMDIR) $(PAM_ADMIN) $(PAM_LOGIN)
-	install -m 0755 -t $(DESTDIR)$(BINDIR) $(BINARIES)
-	install -m 0644 -t $(DESTDIR)$(MANDIR)/man8 nss_module/nss-oslogin.8 nss_module/nss-cache-oslogin.8
-	gzip -9 $(DESTDIR)$(MANDIR)/man8/nss-oslogin.8
-	gzip -9 $(DESTDIR)$(MANDIR)/man8/nss-cache-oslogin.8
-	ln -sf nss-oslogin.8.gz               $(DESTDIR)$(MANDIR)/man8/$(NSS_OSLOGIN_SONAME).8.gz
-	ln -sf nss-cache-oslogin.8.gz         $(DESTDIR)$(MANDIR)/man8/$(NSS_CACHE_OSLOGIN_SONAME).8.gz
-	ln -sf $(notdir $(NSS_OSLOGIN))       $(DESTDIR)$(LIBDIR)/$(NSS_OSLOGIN_SONAME)
-	ln -sf $(notdir $(NSS_CACHE_OSLOGIN)) $(DESTDIR)$(LIBDIR)/$(NSS_CACHE_OSLOGIN_SONAME)
-ifdef INSTALL_SELINUX
-	install -d $(DESTDIR)/usr/share/selinux/packages
-	install -m 0644 -t $(DESTDIR)/usr/share/selinux/packages policy/oslogin.pp
-endif
+.PHONY : all clean install prowbuild prowtest
diff --git a/packages/google-compute-engine-oslogin/README.md b/packages/google-compute-engine-oslogin/README.md
index 6f967c5..4acc31e 100644
--- a/packages/google-compute-engine-oslogin/README.md
+++ b/packages/google-compute-engine-oslogin/README.md
@@ -1,76 +1,73 @@
 ## OS Login Guest Environment for Google Compute Engine
 
-This package enables Google Cloud OS Login features on Google Compute Engine
-instances.
+This repository contains the system components responsible for providing Google
+Cloud OS Login features on Google Compute Engine instances.
 
 **Table of Contents**
 
 * [Overview](#overview)
 * [Components](#components)
     * [Authorized Keys Command](#authorized-keys-command)
-    * [NSS Module](#nss-module)
-    * [PAM Module](#pam-module)
-    * [Utils](#utils)
-* [Utility Directories](#utility-directories)
-    * [bin](#bin)
-    * [packaging](#packaging)
-    * [policy](#policy)
+    * [NSS Modules](#nss-modules)
+    * [PAM Modules](#pam-modules)
+* [Utilities](#Utilities)
+    * [Control Script](#control-script)
+    * [SELinux Policy](#selinux-policy)
 * [Source Packages](#source-packages)
     * [DEB](#deb)
     * [RPM](#rpm)
-* [Version Updates](#version-updates)
 
 ## Overview
 
-The OS Login package has the following components:
+The OS Login Guest Environment consists of the following main components:
 
-*   **Authorized Keys Command** to fetch SSH keys from the user's OS Login
-    profile and make them available to sshd.
-*   **NSS Module** provides support for making OS Login user and group
+*   **Authorized Keys Command** which provides SSH keys from the user's OS Login
+    profile to sshd for authenticating users at login.
+*   **NSS Modules** which provide support for making OS Login user and group
     information available to the system, using NSS (Name Service Switch)
     functionality.
-*   **PAM Module** provides authorization and authentication support allowing
-    the system to use data stored in Google Cloud IAM permissions to control
-    both, the ability to log into an instance, and to perform operations as root
-    (sudo).
-*   **Utils** provides common code to support the components listed above.
-
-In addition to the main components, there are also utilities for packaging and
-installing these components:
-
-*   **bin** contains a shell script for activating/deactivating the package
-    components.
-*   **packaging** contains files used to generate `.deb` and `.rpm` packages for
-    the OS Login components.
-*   **policy** contains SELinux "type enforcement" files for configuring SELinux
-    on CentOS/RHEL systems.
+*   **PAM Modules** which provide authorization (and authentication if
+    two-factor support is enabled) support allowing the system to use Google
+    Cloud IAM permissions to control the ability to log into an instance or to
+    perform operations as root (via `sudo`).
+
+In addition to the main components, there are also the following utilities:
+
+*   **google_oslogin_control** is a shell script for activating/deactivating the
+    OS Login components.
+*   **google_oslogin_nss_cache** is a utility for updating the local user and
+    group cache.
+*   **selinux** contains SELinux policy definition files and a compiled policy
+    package for configuring SELinux to support OS Login.
+
+The **packaging** directory also contains files used to generate `.deb` and
+`.rpm` packages for the OS Login components.
 
 ## Components
 
 #### Authorized Keys Command
 
 The `google_authorized_keys` binary is designed to be used with the sshd
-[AuthorizedKeysCommand](https://linux.die.net/man/5/sshd_config) option in
-`sshd_config`. It does the following:
+`AuthorizedKeysCommand` option in [sshd_config(5)](https://linux.die.net/man/5/sshd_config).
+It does the following:
 
-*   Reads the user's profile information from the metadata server.
+*   Reads the user's profile information from the metadata server:
     ```
     http://metadata.google.internal/computeMetadata/v1/oslogin/users?username=<username>
     ```
-*   Checks to make sure that the user is authorized to log in.
+*   Checks to make sure that the user is authorized to log in:
     ```
     http://metadata.google.internal/computeMetadata/v1/oslogin/authorize?email=<user_email>&policy=login
     ```
 *   If the check is successful, returns the SSH keys associated with the user
-    for use by sshd.
+    for use by sshd. Otherwise, exits with an error code.
 
-#### NSS Module
+#### NSS Modules
 
-The `nss_oslogin` module is built and installed in the appropriate `lib`
-directory as a shared object with the name `libnss_oslogin.so.2`. The module is
-then activated by an `oslogin` entry in `/etc/nsswitch.conf`. The NSS module
-supports looking up `passwd` entries from the metadata server via
-`getent passwd`.
+`libnss_oslogin.so` and `libnss_cache_oslogin.so` are NSS service modules which
+make OS Login users and groups available for use on the local system. The module
+is activated by adding `oslogin` and `cache_oslogin` entries for services in
+[nsswitch.conf(5)](https://linux.die.net/man/5/nsswitch.conf).
 
 *   To return a list of all users, the NSS module queries:
     ```
@@ -78,47 +75,59 @@ supports looking up `passwd` entries from the metadata server via
     ```
 *   To look up a user by username, the NSS module queries:
     ```
-    http://metadata.google.internal/computeMetadata/v1/oslogin/users?username=<username
+    http://metadata.google.internal/computeMetadata/v1/oslogin/users?username=<username>
     ```
 *   To look up a user by UID, the NSS module queries:
     ```
     http://metadata.google.internal/computeMetadata/v1/oslogin/users?uid=<uid>
     ```
 
-#### PAM Module
+#### PAM Modules
 
-The `pam_module` directory contains two modules used by Linux PAM (Pluggable
-Authentication Modules).
+`pam_oslogin_login.so` is a PAM module which determines whether a given user is
+allowed to SSH into an instance.
 
-The first module, `pam_oslogin_login.so`, determines whether a given user is
-allowed to SSH into an instance. It is activated by adding an
-`account requisite` line to the PAM sshd config file and does the following:
+It is activated by adding an entry for the account group to the PAM service
+config for sshd as:
+   ```
+   account requisite pam_oslogin_login.so
+   ```
 
-*   Retrieves the user's profile information from the metadata server.
+This module:
+
+*   Retrieves the user's profile information from the metadata server:
     ```
     http://metadata.google.internal/computeMetadata/v1/oslogin/users?username=<username>
     ```
-*   If the user has OS Login profile information (as opposed to a local user
-    account), confirms whether the user has permissions to SSH into the
-    instance.
+*   If the user does not have OS Login profile information it is passed on to
+    the system authentication modules to be processed as a local user.
+*   Otherwise, the module confirms whether the user has permissions to SSH into
+    the instance:
     ```
     http://metadata.google.internal/computeMetadata/v1/oslogin/authorize?email=<user_email>&policy=login
     ```
-*   If the user is a local user account or is authorized, PAM returns a success
-    message and SSH can proceed. Otherwise, PAM returns a denied message and the
-    SSH check will fail.
+*   If the user is authorized, PAM returns a success message and SSH can
+    proceed. Otherwise, PAM returns a denied message and the SSH check will
+    fail.
+
+`pam_oslogin_admin.so` is a PAM module which determines whether a given user
+should have admin (sudo) permissions on the instance.
 
-The second module, `pam_oslogin_admin.so`, determines whether a given user
-should have admin (sudo) permissions on the instance. It is activated by adding
-an `account optional` line to the PAM sshd config file and does the following:
+It is activated by adding an entry for the `account` group to the PAM service
+config for sshd config as:
+   ```
+   account optional pam_oslogin_admin.so
+   ```
+
+This module:
 
 *   Retrieves the user's profile information from the metadata server.
     ```
     http://metadata.google.internal/computeMetadata/v1/oslogin/users?username=<username>
     ```
-*   If the user is a local user account, the module exits with success.
-*   If the user is an OS Login user, the module perform an authorization check
-    to determine if the user has admin permissions.
+*   If the user is not an OS Login user (a local user account), the module
+    returns success.
+*   Otherwise, the module determines if the user has admin permissions:
     ```
     http://metadata.google.internal/computeMetadata/v1/oslogin/authorize?email=<user_email>&policy=adminLogin
     ```
@@ -127,49 +136,40 @@ an `account optional` line to the PAM sshd config file and does the following:
 *   If the authorization check fails for admin permissions, the file is removed
     from `/var/google-sudoers.d/` if it exists.
 
-#### Utils
-
-`oslogin_utils` contains common functions for making HTTP calls,
-interacting with the metadata server, and for parsing JSON objects.
+## Utilities
 
-## Utility Directories
+#### Control Script
 
-#### bin
-
-The `bin` directory contains a shell script called `google_oslogin_control` that
-activates or deactivates the OS Login features. It is called in the pre and post
-install scripts in the `.deb` and `.rpm` packages. The control file performs the
-following tasks:
+The `google_oslogin_control` shell script activates or deactivates the OS Login
+features. It is invoked by the google accounts daemon. The control file performs
+the following tasks:
 
 *   Adds (or removes) AuthorizedKeysCommand and AuthorizedKeysCommandUser lines
     to (from) `sshd_config` and restarts sshd.
-*   Adds (or removes) `oslogin` to (from) `nsswitch.conf`.
+*   Adds (or removes) `oslogin` and `cache_oslogin` to (from) `nsswitch.conf`.
 *   Adds (or removes) the `account` entries to (from) the PAM sshd config. Also
     adds (or removes) the `pam_mkhomedir.so` module to automatically create the
     home directory for an OS Login user.
 *   Creates (or deletes) the `/var/google-sudoers.d/` directory, and a file
     called `google-oslogin` in `/etc/sudoers.d/` that includes the directory.
 
-#### packaging
-
-The `packaging` directory contains files for creating `.deb` and `.rpm`
-packages. See [Source Packages](#source-packages) for details.
+#### SELinux Policy
 
-#### policy
-
-The `policy` directory contains `.te` (type enforcement) files used by SELinux
-to give the OS Login features the appropriate SELinux permissions. These are
-compiled using `checkmodule` and `semodule_package` to create an `oslogin.pp`
-that is intstalled in the appropriate SELinux directory.
+The `selinux` directory contains `.te` (type enforcement) and `.fc` (file
+context) files used by SELinux to give the OS Login features the appropriate
+SELinux permissions. These are compiled using `checkmodule` and
+`semodule_package` to create an policy package `oslogin.pp`.
 
 ## Source Packages
 
 There is currently support for creating packages for the following distros:
-*   Debian 8
+
 *   Debian 9
 *   CentOS/RHEL 6
 *   CentOS/RHEL 7
 
+Files for these packages are in the `packaging/` directory.
+
 #### DEB
 
 _Note: the `packaging/setup_deb.sh` script performs these steps, but is not
@@ -188,9 +188,7 @@ production quality._
     directory, excluding the `packaging` directory (where M.M.R is the version
     number).
 1.  In a separate directory, extract the `.orig.tar.gz` file and copy the
-    appropriate `debian` directory into the top level. (e.g. When working on
-    Debian 8, copy the `debian8` directory to a directory named `debian` within
-    the code directory.)
+    `debian` directory into the top level.
 1.  To build the package, run the command
     ```
     debuild -us -uc
diff --git a/packages/google-compute-engine-oslogin/bin/google_oslogin_control b/packages/google-compute-engine-oslogin/google_oslogin_control
index 3690564..3690564 100644
--- a/packages/google-compute-engine-oslogin/bin/google_oslogin_control
+++ b/packages/google-compute-engine-oslogin/google_oslogin_control
diff --git a/packages/google-compute-engine-oslogin/nss_module/nss-cache-oslogin.8 b/packages/google-compute-engine-oslogin/man/nss-cache-oslogin.8
index aaf4f8e..aaf4f8e 100644
--- a/packages/google-compute-engine-oslogin/nss_module/nss-cache-oslogin.8
+++ b/packages/google-compute-engine-oslogin/man/nss-cache-oslogin.8
diff --git a/packages/google-compute-engine-oslogin/nss_module/nss-oslogin.8 b/packages/google-compute-engine-oslogin/man/nss-oslogin.8
index 3f4c763..3f4c763 100644
--- a/packages/google-compute-engine-oslogin/nss_module/nss-oslogin.8
+++ b/packages/google-compute-engine-oslogin/man/nss-oslogin.8
diff --git a/packages/google-compute-engine-oslogin/policy/Makefile b/packages/google-compute-engine-oslogin/selinux/Makefile
index c858c9d..c858c9d 100644
--- a/packages/google-compute-engine-oslogin/policy/Makefile
+++ b/packages/google-compute-engine-oslogin/selinux/Makefile
diff --git a/packages/google-compute-engine-oslogin/policy/README.md b/packages/google-compute-engine-oslogin/selinux/README.md
index b2cc5a9..b2cc5a9 100644
--- a/packages/google-compute-engine-oslogin/policy/README.md
+++ b/packages/google-compute-engine-oslogin/selinux/README.md
diff --git a/packages/google-compute-engine-oslogin/policy/oslogin.fc b/packages/google-compute-engine-oslogin/selinux/oslogin.fc
index 3e70358..3e70358 100644
--- a/packages/google-compute-engine-oslogin/policy/oslogin.fc
+++ b/packages/google-compute-engine-oslogin/selinux/oslogin.fc
diff --git a/packages/google-compute-engine-oslogin/policy/oslogin.pp b/packages/google-compute-engine-oslogin/selinux/oslogin.pp
index 6ec6ed0..6ec6ed0 100644
--- a/packages/google-compute-engine-oslogin/policy/oslogin.pp
+++ b/packages/google-compute-engine-oslogin/selinux/oslogin.pp
diff --git a/packages/google-compute-engine-oslogin/policy/oslogin.te b/packages/google-compute-engine-oslogin/selinux/oslogin.te
index 381f769..381f769 100644
--- a/packages/google-compute-engine-oslogin/policy/oslogin.te
+++ b/packages/google-compute-engine-oslogin/selinux/oslogin.te
diff --git a/packages/google-compute-engine-oslogin/src/Makefile b/packages/google-compute-engine-oslogin/src/Makefile
new file mode 100644
index 0000000..46f93e9
--- /dev/null
+++ b/packages/google-compute-engine-oslogin/src/Makefile
@@ -0,0 +1,85 @@
+SHELL = /bin/sh
+TOPDIR = $(realpath ..)
+
+VERSION = 1.5.3
+
+CPPFLAGS = -Iinclude -I/usr/include/json-c
+CXXFLAGS = -fPIC -Wall -g
+CFLAGS = $(CXXFLAGS) -Wstrict-prototypes
+
+LDFLAGS = -shared -Wl,-soname,$(SONAME)
+LDLIBS = -lcurl -ljson-c
+PAMLIBS = -lpam $(LDLIBS)
+
+# Paths which should be overrideable.
+
+PREFIX = /usr
+LIBDIR = $(PREFIX)/lib
+BINDIR = $(PREFIX)/bin
+PAMDIR = $(LIBDIR)/security
+MANDIR = /usr/share/man
+
+NSS_OSLOGIN_SONAME       = libnss_oslogin.so.2
+NSS_CACHE_OSLOGIN_SONAME = libnss_cache_oslogin.so.2
+
+NSS_OSLOGIN              = libnss_oslogin-$(VERSION).so
+NSS_CACHE_OSLOGIN        = libnss_cache_oslogin-$(VERSION).so
+
+PAM_LOGIN                = pam_oslogin_login.so
+PAM_ADMIN                = pam_oslogin_admin.so
+
+BINARIES = google_oslogin_nss_cache google_authorized_keys
+
+all : $(NSS_OSLOGIN) $(NSS_CACHE_OSLOGIN) $(PAM_LOGIN) $(PAM_ADMIN) $(BINARIES)
+
+clean :
+	rm -f $(BINARIES)
+	find . -type f \( -iname '*.o' -o -iname '*.so' \) -delete
+
+.PHONY : all clean install
+
+# NSS modules.
+
+$(NSS_OSLOGIN) : SONAME = $(NSS_OSLOGIN_SONAME)
+$(NSS_OSLOGIN) : nss/nss_oslogin.o utils.o
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) $^ -o $@ $(LDLIBS)
+
+$(NSS_CACHE_OSLOGIN) : SONAME = $(NSS_CACHE_OSLOGIN_SONAME)
+$(NSS_CACHE_OSLOGIN) : nss/nss_cache_oslogin.o nss/compat/getpwent_r.o utils.o
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) $^ -o $@ $(LDLIBS)
+
+# PAM modules
+
+$(PAM_LOGIN) : pam/pam_oslogin_login.o utils.o
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) -shared $^ -o $@ $(PAMLIBS)
+
+$(PAM_ADMIN) : pam/pam_oslogin_admin.o utils.o
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) -shared $^ -o $@ $(PAMLIBS)
+
+# Utilities.
+
+google_authorized_keys : authorized_keys/authorized_keys.o utils.o
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $^ -o $@ $(LDLIBS)
+
+google_oslogin_nss_cache: cache_refresh/cache_refresh.o utils.o
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $^ -o $@ $(LDLIBS)
+
+install: all
+	install -d $(DESTDIR)$(LIBDIR)
+	install -d $(DESTDIR)$(PAMDIR)
+	install -d $(DESTDIR)$(BINDIR)
+	install -d $(DESTDIR)$(MANDIR)/man8
+	install -m 0644 -t $(DESTDIR)$(LIBDIR) $(NSS_OSLOGIN) $(NSS_CACHE_OSLOGIN)
+	ln -sf $(NSS_OSLOGIN)         $(DESTDIR)$(LIBDIR)/$(NSS_OSLOGIN_SONAME)
+	ln -sf $(NSS_CACHE_OSLOGIN)   $(DESTDIR)$(LIBDIR)/$(NSS_CACHE_OSLOGIN_SONAME)
+	install -m 0644 -t $(DESTDIR)$(PAMDIR) $(PAM_ADMIN) $(PAM_LOGIN)
+	install -m 0755 -t $(DESTDIR)$(BINDIR) $(BINARIES) $(TOPDIR)/google_oslogin_control
+	install -m 0644 -t $(DESTDIR)$(MANDIR)/man8 $(TOPDIR)/man/nss-oslogin.8 $(TOPDIR)/man/nss-cache-oslogin.8
+	gzip -9 $(DESTDIR)$(MANDIR)/man8/nss-oslogin.8
+	gzip -9 $(DESTDIR)$(MANDIR)/man8/nss-cache-oslogin.8
+	ln -sf nss-oslogin.8.gz       $(DESTDIR)$(MANDIR)/man8/$(NSS_OSLOGIN_SONAME).8.gz
+	ln -sf nss-cache-oslogin.8.gz $(DESTDIR)$(MANDIR)/man8/$(NSS_CACHE_OSLOGIN_SONAME).8.gz
+ifdef INSTALL_SELINUX
+	install -d $(DESTDIR)/usr/share/selinux/packages
+	install -m 0644 -t $(DESTDIR)/usr/share/selinux/packages $(TOPDIR)/selinux/oslogin.pp
+endif
diff --git a/packages/google-compute-engine-oslogin/authorized_keys/authorized_keys.cc b/packages/google-compute-engine-oslogin/src/authorized_keys/authorized_keys.cc
index 24d1b26..3eda59c 100644
--- a/packages/google-compute-engine-oslogin/authorized_keys/authorized_keys.cc
+++ b/packages/google-compute-engine-oslogin/src/authorized_keys/authorized_keys.cc
@@ -16,7 +16,7 @@
 #include <sstream>
 #include <string>
 
-#include "../utils/oslogin_utils.h"
+#include <oslogin_utils.h>
 
 using std::cout;
 using std::endl;
diff --git a/packages/google-compute-engine-oslogin/nss_cache/nss_cache.cc b/packages/google-compute-engine-oslogin/src/cache_refresh/cache_refresh.cc
index 79e1c8f..bc4a10c 100644
--- a/packages/google-compute-engine-oslogin/nss_cache/nss_cache.cc
+++ b/packages/google-compute-engine-oslogin/src/cache_refresh/cache_refresh.cc
@@ -23,8 +23,8 @@
 
 #include <fstream>
 
-#include "../compat.h"
-#include "../utils/oslogin_utils.h"
+#include <compat.h>
+#include <oslogin_utils.h>
 
 
 using oslogin_utils::BufferManager;
diff --git a/packages/google-compute-engine-oslogin/compat.h b/packages/google-compute-engine-oslogin/src/include/compat.h
index 84a1a6f..84a1a6f 100644
--- a/packages/google-compute-engine-oslogin/compat.h
+++ b/packages/google-compute-engine-oslogin/src/include/compat.h
diff --git a/packages/google-compute-engine-oslogin/nss_module/nss_cache_oslogin.h b/packages/google-compute-engine-oslogin/src/include/nss_cache_oslogin.h
index 25c7274..25c7274 100644
--- a/packages/google-compute-engine-oslogin/nss_module/nss_cache_oslogin.h
+++ b/packages/google-compute-engine-oslogin/src/include/nss_cache_oslogin.h
diff --git a/packages/google-compute-engine-oslogin/utils/oslogin_utils.h b/packages/google-compute-engine-oslogin/src/include/oslogin_utils.h
index 6cd2024..6cd2024 100644
--- a/packages/google-compute-engine-oslogin/utils/oslogin_utils.h
+++ b/packages/google-compute-engine-oslogin/src/include/oslogin_utils.h
diff --git a/packages/google-compute-engine-oslogin/nss_module/compat/getpwent_r.c b/packages/google-compute-engine-oslogin/src/nss/compat/getpwent_r.c
index b1be6fc..b1be6fc 100644
--- a/packages/google-compute-engine-oslogin/nss_module/compat/getpwent_r.c
+++ b/packages/google-compute-engine-oslogin/src/nss/compat/getpwent_r.c
diff --git a/packages/google-compute-engine-oslogin/nss_module/nss_cache_oslogin.c b/packages/google-compute-engine-oslogin/src/nss/nss_cache_oslogin.c
index 28f0e0d..ed66a9a 100644
--- a/packages/google-compute-engine-oslogin/nss_module/nss_cache_oslogin.c
+++ b/packages/google-compute-engine-oslogin/src/nss/nss_cache_oslogin.c
@@ -14,8 +14,8 @@
 
 // An NSS module which adds supports for file /etc/oslogin_passwd.cache
 
-#include "nss_cache_oslogin.h"
-#include "../compat.h"
+#include <nss_cache_oslogin.h>
+#include <compat.h>
 
 #include <sys/mman.h>
 
diff --git a/packages/google-compute-engine-oslogin/nss_module/nss_oslogin.cc b/packages/google-compute-engine-oslogin/src/nss/nss_oslogin.cc
index 01ca25a..2f6245a 100644
--- a/packages/google-compute-engine-oslogin/nss_module/nss_oslogin.cc
+++ b/packages/google-compute-engine-oslogin/src/nss/nss_oslogin.cc
@@ -26,8 +26,8 @@
 #include <sstream>
 #include <string>
 
-#include "../compat.h"
-#include "../utils/oslogin_utils.h"
+#include <compat.h>
+#include <oslogin_utils.h>
 
 using std::string;
 
diff --git a/packages/google-compute-engine-oslogin/pam_module/pam_oslogin_admin.cc b/packages/google-compute-engine-oslogin/src/pam/pam_oslogin_admin.cc
index d711d80..27abe53 100644
--- a/packages/google-compute-engine-oslogin/pam_module/pam_oslogin_admin.cc
+++ b/packages/google-compute-engine-oslogin/src/pam/pam_oslogin_admin.cc
@@ -25,8 +25,8 @@
 #include <sstream>
 #include <string>
 
-#include "../compat.h"
-#include "../utils/oslogin_utils.h"
+#include <compat.h>
+#include <oslogin_utils.h>
 
 using std::string;
 
diff --git a/packages/google-compute-engine-oslogin/pam_module/pam_oslogin_login.cc b/packages/google-compute-engine-oslogin/src/pam/pam_oslogin_login.cc
index 0c31aa8..8ddec7b 100644
--- a/packages/google-compute-engine-oslogin/pam_module/pam_oslogin_login.cc
+++ b/packages/google-compute-engine-oslogin/src/pam/pam_oslogin_login.cc
@@ -26,8 +26,8 @@
 #include <string>
 #include <map>
 
-#include "../compat.h"
-#include "../utils/oslogin_utils.h"
+#include <compat.h>
+#include <oslogin_utils.h>
 
 using oslogin_utils::ContinueSession;
 using oslogin_utils::GetUser;
diff --git a/packages/google-compute-engine-oslogin/utils/oslogin_utils.cc b/packages/google-compute-engine-oslogin/src/utils.cc
index 0ec4c8b..95f6c0b 100644
--- a/packages/google-compute-engine-oslogin/utils/oslogin_utils.cc
+++ b/packages/google-compute-engine-oslogin/src/utils.cc
@@ -34,8 +34,8 @@
 #define Regex boost
 #endif
 
-#include "oslogin_utils.h"
-#include "../compat.h"
+#include <oslogin_utils.h>
+#include <compat.h>
 
 using std::string;
 
diff --git a/packages/google-compute-engine-oslogin/test/Makefile b/packages/google-compute-engine-oslogin/test/Makefile
new file mode 100644
index 0000000..83d23fd
--- /dev/null
+++ b/packages/google-compute-engine-oslogin/test/Makefile
@@ -0,0 +1,34 @@
+TOPDIR = $(realpath ..)
+
+CPPFLAGS += -I$(TOPDIR)/src/include -I/usr/include/json-c
+CXXFLAGS += -g -Wall -Wextra -std=c++11
+LDLIBS = -lcurl -ljson-c -lpthread
+
+all : test_runner non_network_tests
+
+clean :
+	rm -f test_runner *.o
+
+gtest-all.o : $(GTEST_DIR)/src/gtest-all.cc
+	$(CXX) $(CXXFLAGS) -isystem $(GTEST)/include -I$(GTEST) $(CPPFLAGS) -c $^
+
+test_runner : oslogin_utils_test.o $(TOPDIR)/src/utils.o gtest-all.o
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $^ -o $@ $(LDLIBS)
+
+non_network_tests : test_runner
+	./test_runner --gtest_filter=*-FindGroupTest.*:GetUsersForGroupTest.*
+
+network_tests : test_runner ping reset
+	./test_runner --gtest_filter=FindGroupTest.*:GetUsersForGroupTest.*
+
+# run as $ make tests GTESTARGS="--gtest_filter=FindGroupTest.*"
+tests : test_runner
+	./test_runner ${GTESTARGS}
+
+ping :
+	nc -vzw2 metadata.google.internal 80 >/dev/null 2>&1
+
+reset :
+	curl -Ss http://metadata.google.internal/reset >/dev/null 2>&1
+
+.PHONY : all clean tests ping reset gtest prowtest
diff --git a/packages/google-compute-engine-oslogin/utils/oslogin_utils_test.cc b/packages/google-compute-engine-oslogin/test/oslogin_utils_test.cc
index ecc4c11..657b4e1 100644
--- a/packages/google-compute-engine-oslogin/utils/oslogin_utils_test.cc
+++ b/packages/google-compute-engine-oslogin/test/oslogin_utils_test.cc
@@ -13,7 +13,7 @@
 // limitations under the License.
 
 // Requires libgtest-dev and gtest compiled and installed.
-#include "oslogin_utils.h"
+#include <oslogin_utils.h>
 
 #include <errno.h>
 #include <gtest/gtest.h>
diff --git a/packages/google-compute-engine-oslogin/utils/run_tests.sh b/packages/google-compute-engine-oslogin/utils/run_tests.sh
deleted file mode 100755
index 83adcdc..0000000
--- a/packages/google-compute-engine-oslogin/utils/run_tests.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-# Copyright 2017 Google Inc. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Unit tests require gtest to be installed.
-g++ -o test_runner oslogin_utils_test.cc oslogin_utils.cc -I/usr/include/json-c -lcurl -ljson-c -lgtest -lpthread
-./test_runner
-rm ./test_runner
author	Liam Hopkins <liamh@google.com>	2019-06-11 13:57:48 -0700
committer	GitHub <noreply@github.com>	2019-06-11 13:57:48 -0700
commit	e7cc083cfaace84516d9d5fb99881a154850d638 (patch)
tree	5c66dee4c4e4606e4516a344b8a93f5534202266 /packages/google-compute-engine-oslogin
parent	e7442e62d2f9aa4f1b841a588fc89ebd1d6e8a58 (diff)
download	google-compute-image-packages-e7cc083cfaace84516d9d5fb99881a154850d638.tar.gz