Paquet WAPT tis-keycloak-server 21.1.1-9 debian

tis-keycloak-server

21.1.1-9

Keycloak est un logiciel à code source ouvert permettant d'instaurer une méthode d'authentification unique à travers la gestion par identité et par accès.

1764 téléchargements

Télécharger
Voir le résultat de la construction Voir l'analyse de VirusTotal

Description

package : tis-keycloak-server
name : Keycloak Server
version : 21.1.1-9
categories : Security, System and network
maintainer : Kevin Guerineau,WAPT Team,Tranquil IT
installed_size :
editor : JBoss Red Hat
licence : Apache 2.0
signature_date : 2023-06-18T13:00:14.866734
size : 175.48 Mo
locale : all
target_os : debian_based
impacted_process : keycloak
architecture : all
Page d'accueil : https://www.keycloak.org/

control


package           : tis-keycloak-server
version           : 21.1.1-9
architecture      : all
section           : base
priority          : optional
name              : Keycloak Server
categories        : Security, System and network
maintainer        : Kevin Guerineau,WAPT Team,Tranquil IT
description       : Keycloak is an open-source software package that enables a single authentication method to be introduced through identity and access management.
depends           : 
conflicts         : 
maturity          : PROD
locale            : all
target_os         : debian_based
min_wapt_version  : 2.2
sources           : 
installed_size    : 
impacted_process  : keycloak
description_fr    : Keycloak est un logiciel à code source ouvert permettant d'instaurer une méthode d'authentification unique à travers la gestion par identité et par accès.
description_pl    : Keycloak to pakiet oprogramowania typu open-source, który umożliwia wprowadzenie pojedynczej metody uwierzytelniania poprzez zarządzanie tożsamością i dostępem.
description_de    : Keycloak ist eine quelloffene Software, mit der Sie eine Single-Sign-On-Methode durch Identitäts- und Zugriffsverwaltung einführen können.
description_es    : Keycloak es un paquete de software de código abierto que permite introducir un único método de autenticación mediante la gestión de identidades y accesos.
description_pt    : O Keycloak é um pacote de software de código aberto que permite a introdução de um único método de autenticação através da gestão da identidade e do acesso.
description_it    : Keycloak è un pacchetto software open-source che consente di introdurre un unico metodo di autenticazione attraverso la gestione delle identità e degli accessi.
description_nl    : Keycloak is een open-source softwarepakket waarmee één authenticatiemethode kan worden ingevoerd via identiteits- en toegangsbeheer.
description_ru    : Keycloak - это пакет программного обеспечения с открытым исходным кодом, который позволяет внедрить единый метод аутентификации в рамках управления идентификацией и доступом.
audit_schedule    : 
editor            : JBoss Red Hat
keywords          : 
licence           : Apache 2.0
homepage          : https://www.keycloak.org/
package_uuid      : 38bbd4ea-be55-40a4-af08-cec3178afa49
valid_from        : 
valid_until       : 
forced_install_on : 
changelog         : 
min_os_version    : 11
max_os_version    : 
icon_sha256sum    : f844ec0989ea764ddcbb17e3e0ea7c15aa95e53d6e47d1c4950a1742a15707f5
signer            : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature         : bdwcFlo3DWDgToOgNpSswHljrprPnWPgsR5cpLWFf99axUBIm4f3lrnn83XdYodGZZQue8CQtWyp+GoWSk9Y4xdpb9ncvw0NIqannWBATt4vsFMu1Ln8p3x3rx9HyWJH2PkchstC4sidK0inxICnD4WOVKM4akqGAiBDaRBGQJ/GbEbHygkQ7HkjL3ffTXV7KlomyNVZ62qJQvG4LFrFldszfWqRf+ZlgsUm3pDRlFawWffjQNTplftU1dv63HCem/BtFpB1Kb/rsSGNfTPwDkzk3dgVq6cWPqL6XMNO4o6VAHviNW93HnVnzbQnhfiZc7/75zx1v+Mj1xqERHyjoA==
signature_date    : 2023-06-18T13:00:14.866734
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes

Setup.py


# -*- coding: utf-8 -*-
from setuphelpers import *
import string
import random
import jinja2

from waptcrypto import SSLCertificate, SSLPrivateKey

kc_url = 'https://keycloak.domain.com' # Values : URL String  
kc_health = True # Values : True / False
kc_metrics = False # Values : True / False
use_apache2 = True # Values : True / False

generate_ssl_cert = True # Values : True / False. Use False if you use commercial, Let's Encrypt or your PKI certificate.
# In this case, please configure "ssl_certificate_path" and "ssl_key_path".
ssl_certificate_path = None # Set None if generate_ssl_cert = True
ssl_key_path = None # Set None if generate_ssl_cert = True

keycloak_installdir = makepath('/opt','keycloak')
keycloak_installdir_bck = makepath('/opt','keycloak.bck')
keytabfile_path = makepath(keycloak_installdir,'conf','http-krb5.keytab')
keytabfile_path_bck = makepath(keycloak_installdir_bck,'conf','http-krb5.keytab')
keycloak_a2site = makepath('/etc','apache2','sites-available','keycloak.conf')


def systemd_enable_start_service(servicename):
    return run('LANG=C systemctl enable --now %s' % (servicename))


def install():

    print('If upgrade, stop keycloak service')
    try:
        systemd_stop_service('keycloak.service')
        first_install = False
    except:
        print("It's the first install")
        first_install = True

    print('Install requirements')
    install_apt('openjdk-17-jdk')
    install_apt('postgresql')

    if not first_install:
        print('Create backup of old installation.')
        copytree2(keycloak_installdir,keycloak_installdir_bck)
        remove_tree(keycloak_installdir)

    mkdirs(keycloak_installdir)

    print('Extract archive')
    version = control.version.split('-')[0]
    run(f'tar xzf keycloak-{version}.tar.gz -C {keycloak_installdir}')
    # Patch to use keycloak folder without version number in directory name.
    copytree2(makepath(keycloak_installdir,f'keycloak-{version}'),keycloak_installdir)
    remove_tree(makepath(keycloak_installdir,f'keycloak-{version}'))

    if first_install:
        print('Create group and user')
        run('groupadd -r keycloak')
        run(f'useradd -r -g keycloak -d {keycloak_installdir} -s /sbin/nologin keycloak')

        print('Create Postgresql user and database')
        run('sudo -u postgres psql -c "create database keycloak with encoding \'UTF8\';" ')

        database_password = ''.join(random.choices(string.ascii_uppercase + string.digits, k = 15))
        run(f""" sudo -u postgres psql -c "create user keycloak with password '{database_password}';" """)

        print('Create service')
        service = f"""[Unit]
Description=Keycloak Service
After=network.target syslog.target postgresql.target

[Service]
User=keycloak
Group=keycloak
ExecStart={keycloak_installdir}/bin/kc.sh start
SuccessExitStatus=0 143
WorkingDirectory={keycloak_installdir}

[Install]
WantedBy=multi-user.target

"""
        with open('/lib/systemd/system/keycloak.service','w') as service_file:
            service_file.write(service)

        run('systemctl daemon-reload')

    print('Set user rights')
    run(f'chown -R keycloak:keycloak {keycloak_installdir}')

    if first_install:
        if use_apache2:
            print('Install Apache2')
            install_apt('apache2')

            print('Enable Apache2 modules')
            run('a2enmod ssl headers proxy proxy_http')

            jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader('templates'))
            template = jinja_env.get_template('apache2.conf.j2')

            if generate_ssl_cert:
                print('Generate SSL key and certificate')
                ap_ssl_dir = makepath('/etc','ssl')
                mkdirs(ap_ssl_dir)
                key_fn = os.path.join(ap_ssl_dir,'private','keycloak_key.pem')
                key = SSLPrivateKey(key_fn)
                if not os.path.isfile(key_fn):
                    print('Create SSL RSA Key %s' % key_fn)
                    key.create()
                    key.save_as_pem()

                cert_fn = os.path.join(ap_ssl_dir,'certs','keycloak_cert.pem')
                if os.path.isfile(cert_fn):
                    crt = SSLCertificate(cert_fn)
                    if os.path.isfile(cert_fn):
                        crt = SSLCertificate(cert_fn)
                        if crt.cn != get_fqdn():
                            os.rename(cert_fn,"%s-%s.old" % (cert_fn,'{:%Y%m%d-%Hh%Mm%Ss}'.format(datetime.datetime.now())))
                            crt = key.build_sign_certificate(cn=get_fqdn(),dnsname=get_fqdn(),is_code_signing=False)
                            print('Create X509 cert %s' % cert_fn)
                            crt.save_as_pem(cert_fn)
                else:
                    crt = key.build_sign_certificate(cn=get_fqdn(),dnsname=get_fqdn(),is_code_signing=False)
                    print('Create X509 cert %s' % cert_fn)
                    crt.save_as_pem(cert_fn)

                template_variables = {
                    'kc_url': kc_url.replace('https://','').replace('http://',''),
                    'ssl_certificate_path': cert_fn.replace('\\','/'),
                    'ssl_key_path': key_fn.replace('\\','/')
                }
            else:
                template_variables = {
                    'kc_url': kc_url.replace('https://','').replace('http://',''),
                    'ssl_certificate_path': ssl_certificate_path,
                    'ssl_key_path': ssl_key_path
                }

            print('Write Apache2 site configfile')
            config_string = template.render(template_variables)
            print(f'Create Apache2 configuration file {keycloak_a2site}')
            with open(keycloak_a2site, 'w') as dst_file:
                dst_file.write(config_string)

            print('Enable keycloak site and disable default site')
            run('a2ensite keycloak.conf')
            run_notfatal('a2dissite 000-default.conf')

            print('Restart apache2 service')
            run('systemctl restart apache2')


        jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader('templates'))
        template = jinja_env.get_template('keycloak.conf.j2')

        template_variables = {
            'use_apache2': use_apache2,
            'pgsql_passwd': database_password,
            'kc_health': kc_health,
            'kc_metrics': kc_metrics,
            'kc_url': kc_url.replace('https://','').replace('http://',''),
        }

        print('Write Keycloak configuration')
        config_string = template.render(template_variables)
        print('Create Keycloak configuration file %s' % makepath(keycloak_installdir,'conf/keycloak.conf'))
        with open(makepath(keycloak_installdir,'conf/keycloak.conf'), 'w') as dst_file:
                dst_file.write(config_string)
                
    if not first_install:
        print('Copy old configfile')
        filecopyto(makepath(keycloak_installdir_bck,'conf/keycloak.conf'), makepath(keycloak_installdir,'conf','keycloak.conf'))
        if isfile(keytabfile_path_bck):
            filecopyto(keytabfile_path_bck,keytabfile_path)
            
        print('Set user rights')
        run('chown -R keycloak:keycloak {keycloak_installdir}')
     

    print('Build Keycloak for production')
    run("/opt/keycloak/bin/kc.sh build")

    print('Start Keycloak service')
    systemd_enable_start_service('keycloak')

update_package.py


# -*- coding: utf-8 -*-
from setuphelpers import *
import platform
import json

# Declaring specific app values (TO CHANGE)
package_name = "rocketchat-server"


def update_package():
    print("Download/Update package content from upstream binary sources")

    # Getting proxy informations from WAPT settings
    proxy = {}
    if platform.system() == "Windows" and isfile(makepath(user_local_appdata(), "waptconsole", "waptconsole.ini")):
        proxywapt = inifile_readstring(makepath(user_local_appdata(), "waptconsole", "waptconsole.ini"), "global", "http_proxy")
        if proxywapt:
            proxy = {"http": proxywapt, "https": proxywapt}

    # Specific app values
    app_name = control.name
    git_repo = "keycloak/keycloak"
    url_api = "https://api.github.com/repos/%s/releases/latest" % git_repo

    # Getting latest informations from Github API
    json_load = json.loads(wgets(url_api, proxies=proxy))

    for asset in json_load['assets']:
        if '.tar.gz' in asset['name']:
            url_dl = asset['browser_download_url']
            break

    version = json_load["tag_name"]

    latest_bin = f"keycloak-{version}.tar.gz"

    print("Latest " + app_name + " version is: " + version)
    print("Download url for APT-based systems is: " + url_dl)

    # Downloading latest binaries
    if not isfile(latest_bin):
        print("Downloading: " + latest_bin)
        wget(url_dl, latest_bin, proxies=proxy)

        # Changing version of the package
        control.version = "%s-%s" % (version, int(control.version.split("-", 1)[1]) + 1)
        control.save_control_to_wapt()
        print("Changing version to " + control.version + " in WAPT\\control")
    else:
        print("This package is already up-to-date")

    # Deleting outdated binaries
    for bin_in_dir in glob.glob("*.deb"):
        if bin_in_dir != latest_bin_deb:
            print("Outdated binary: " + bin_in_dir + " Deleted")
            remove_file(bin_in_dir)

manifest.sha256


                                
9e0c622eee0f7409b478e1fcdc643474b99742dd4abe898163d4e537c3f67116 : setup.py 
e15338029da66541850deaeb4974bcebe5e76c811a5e0c0fb57cc4212dd00b8c : templates/keycloak.conf.j2 
b6111903a9f2d54ed6ef7455761683efb020a9cf6d146a3ccb570ed1b756afc4 : templates/apache2.conf.j2 
e510a5b7cec505cd4281c0b822c13f6ccfbae9726bd0a730a78523d3c1c9514e : update_package.py 
f844ec0989ea764ddcbb17e3e0ea7c15aa95e53d6e47d1c4950a1742a15707f5 : WAPT/icon.png 
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt 
33935118b767f431b1d6765912e4c254c92898b76cc6fead72d5fcc81bacfc54 : luti.json 
8f5213398f69003b6760943c3d7be4149fb292e6fa35c61a641b1975139adc4e : keycloak-21.1.1.tar.gz 
11836266e348ce1c0a4626f93f41452b194fbf00cacdf698ecd2113cfedeb433 : WAPT/control

Choisir les langues

Choisir l'architecture

Choisir le système d'exploitation

Choisir une catégorie

Filter sur la licence des paquets

tis-keycloak-server

Description

control

Setup.py

update_package.py