commit 3e4fe4074ddca423fb03ab705bc840c28a2e7056 Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Fri Jun 5 15:30:52 2020 +0200 Add bkernel roles/bkernel/files/bkernel-site-defaults.cfg | 6 +++ roles/bkernel/files/history_off.sh | 2 + roles/bkernel/files/pesign-users | 2 + roles/bkernel/tasks/main.yml | 50 +++++++++++++++++++++++++ 4 files changed, 60 insertions(+), 0 deletions(-) --- diff --git a/roles/bkernel/files/bkernel-site-defaults.cfg b/roles/bkernel/files/bkernel-site-defaults.cfg new file mode 100644 index 0000000..dcfe957 --- /dev/null +++ b/roles/bkernel/files/bkernel-site-defaults.cfg @@ -0,0 +1,6 @@ +# mount the pesign socket into the chroot +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/var/run/pesign', '/var/run/pesign' )) +config_opts['plugin_conf']['package_state_enable'] = False +config_opts['nosync'] = True +config_opts['nosync_force'] = True +config_opts['environment']['LANG'] = os.environ.setdefault('LANG', 'C.UTF-8') diff --git a/roles/bkernel/files/history_off.sh b/roles/bkernel/files/history_off.sh new file mode 100644 index 0000000..be7ee75 --- /dev/null +++ b/roles/bkernel/files/history_off.sh @@ -0,0 +1,2 @@ +unset HISTFILE +set HISTSIZE=0 diff --git a/roles/bkernel/files/pesign-users b/roles/bkernel/files/pesign-users new file mode 100644 index 0000000..649d673 --- /dev/null +++ b/roles/bkernel/files/pesign-users @@ -0,0 +1,2 @@ +kojibuilder +pesign diff --git a/roles/bkernel/tasks/main.yml b/roles/bkernel/tasks/main.yml new file mode 100644 index 0000000..f2efd74 --- /dev/null +++ b/roles/bkernel/tasks/main.yml @@ -0,0 +1,50 @@ +--- +- name: add pkgs for bkernel boxes + package: + state: present + name: + - pesign + - ccid + - pcsc-lite + - pcsc-lite-libs + - opensc + - nss-tools + tags: + - bkernel + +- name: enable pcscd + service: name=pcscd state=started enabled=true + tags: + - bkernel + +- name: setup opensc in pcscd + shell: modutil -dbdir /etc/pki/pesign -list | grep -q Fedora || modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so + check_mode: no + changed_when: "1 != 1" + tags: + - bkernel + +- name: setup pesign users config + copy: src=pesign-users dest=/etc/pesign/users mode=0600 owner=root group=root + tags: + - bkernel + +- name: enable pesign + service: name=pesign state=started enabled=true + tags: + - bkernel + +- name: /var/run/pesign perms + file: state=directory path=/var/run/pesign owner=pesign group=pesign mode=0770 + tags: + - bkernel + +- name: when you awake you will remember nothing + copy: src=history_off.sh dest=/etc/profile.d/history_off.sh mode=0644 + tags: + - bkernel + +- name: mock site-defaults.cfg + copy: src=bkernel-site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock + tags: + - bkernel