The officially official Devuan Forum!

You are not logged in.

#1 2019-11-13 12:58:00

bgstack15
Member
Registered: 2018-02-04
Posts: 205  

Does anyone else use FreeIPA?

I use Devuan Ceres because it has most of the FreeIPA packages, and only a few are banned: python3-ipalib, python-ipalib, and freeipa-server, and dependency oddjob (for oddjob-mkhomedir). By making a few changes to the packages from Debian, I can get them installed and working! All the regular ipa client functions work: host ssh keys in the directory, sudoers from ldap, kerberos authentication, ntp.

I came from a Fedora and CentOS world where of course they work natively with FreeIPA. I migrated my home network to FreeIPA from Active Directory back in 2017 and never looked back. When I started my transition to Devuan I couldn't just leave freeipa behind. I guess using Ceres (unstable) lets me get all the most recent updates, but if given the choice I probably would hold back from the bleeding edge.

One thing I must say, I really like how Devuan (Debian) has lots of versions of gcc available in each suite. gcc-6, gcc-7, gcc-8, and gcc-9! I had to bend over backwards to use any other gcc than the one each Fedora and CentOS release used.


This space intentionally left blank.

Offline

#2 2019-11-14 03:03:08

aut0exec
Member
Registered: 2018-11-21
Posts: 81  

Re: Does anyone else use FreeIPA?

I've wanted to use FreeIPA but haven't spent the time to go through the process. Did you happen to write up the steps and changes you made to make it work in Devuan?! I'd definitely be interested.

Offline

#3 2019-11-14 03:58:19

bgstack15
Member
Registered: 2018-02-04
Posts: 205  

Re: Does anyone else use FreeIPA?

Yes, I have written about FreeIPA on Devuan multiple times on my blog: https://bgstack15.wordpress.com/tag/freeipa/?s=devuan
Basically, you have to run Devuan ceres, make and install a dummy oddjob-mkhomedir package, write some dummy scripts for /usr/bin/systemctl and /usr/bin/hostnamectl, mkdir -p /etc/ipa /var/lib/ipa-client/pki and you can install freeipa-client.

Apparently my blog posts don't cover the python-ipalib hack. The package name has migrated to python3-ipalib but basically this is the exact same process.

# Getting python-ipalib on devuan
Devuan bans python-ipalib because it depends on systemd. You can get around this by changing the deb Requires: statements.

Download the released dpkg from http://ftp.us.debian.org/debian/pool/main/f/freeipa/python-ipalib_4.7.1-3_all.deb

    cd ~/Downloads
    wget http://ftp.us.debian.org/debian/pool/main/f/freeipa/python-ipalib_4.7.1-3_all.deb
    mkdir temp
    dpkg-deb -R python-ipalib_4.7.1-3_all.deb temp
    # manually fix DEBIAN/control file as needed. I used

#Depends: freeipa-common (= 4.7.1-3), gnupg2, gnupg-agent, keyutils, python-cffi, python-cryptography (>= 1.6), python-dbus, python-dnspython, python-gssapi, python-jwcrypto, python-ldap, python-libipa-hbac, python-lxml, python-netaddr, python-netifaces (>= 0.10.4), python-nss (>= 0.16.0), python-pyasn1, python-qrcode (>= 5.0.0), python-requests, python-setuptools, python-six, python-usb (>= 1.0.0~b2), python-yubico, python-pyasn1-modules, python:any (<< 2.8), python:any (>= 2.7~)
Depends: python-netaddr, python-netifaces (>= 0.10.4), python-dbus

   # I also customized the release number.
   # and reassemble
   dpkg-deb -b temp python-ipalib_4.7.1-3+stackrpms_all.deb

# References
1. https://unix.stackexchange.com/questions/138188/easily-unpack-deb-edit-postinst-and-repack-deb
2. http://ftp.us.debian.org/debian/pool/main/f/freeipa/

Last edited by bgstack15 (2019-11-14 04:01:28)


This space intentionally left blank.

Offline

Board footer