Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debian12 support #272

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Debian12 support #272

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,7 @@ module aims to support the current and previous major Puppet versions.
* Amazon Linux 2
* Debian 10
* Debian 11
* Debian 12
* Ubuntu 20.04 LTS
* Ubuntu 22.04 LTS

Expand Down
31 changes: 31 additions & 0 deletions data/os/Debian/10.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
pam::common_files_create_links: false
pam::common_files_suffix: ~
pam::common_files:
- common_account
- common_auth
- common_password
- common_session
- common_session_noninteractive

pam::pam_d_login_template: pam/login.debian10.erb
pam::pam_d_sshd_template: pam/sshd.debian10.erb
pam::package_name: libpam0g
pam::pam_auth_lines:
- 'auth [success=1 default=ignore] pam_unix.so nullok_secure'
- 'auth requisite pam_deny.so'
- 'auth required pam_permit.so'
pam::pam_account_lines:
- 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so'
- 'account requisite pam_deny.so'
- 'account required pam_permit.so'
pam::pam_password_lines:
- 'password [success=1 default=ignore] pam_unix.so obscure sha512'
- 'password requisite pam_deny.so'
- 'password required pam_permit.so'
pam::pam_session_lines:
- 'session [default=1] pam_permit.so'
- 'session requisite pam_deny.so'
- 'session required pam_permit.so'
- 'session required pam_unix.so'
- 'session optional pam_systemd.so'
31 changes: 31 additions & 0 deletions data/os/Debian/12.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
pam::common_files_create_links: false
pam::common_files_suffix: ~
pam::common_files:
- common_account
- common_auth
- common_password
- common_session
- common_session_noninteractive

pam::pam_d_login_template: pam/login.debian12.erb
pam::pam_d_sshd_template: pam/sshd.debian12.erb
pam::package_name: libpam0g
pam::pam_auth_lines:
- 'auth [success=1 default=ignore] pam_unix.so nullok'
- 'auth requisite pam_deny.so'
- 'auth required pam_permit.so'
pam::pam_account_lines:
- 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so'
- 'account requisite pam_deny.so'
- 'account required pam_permit.so'
pam::pam_password_lines:
- 'password [success=1 default=ignore] pam_unix.so obscure yescrypt'
- 'password requisite pam_deny.so'
- 'password required pam_permit.so'
pam::pam_session_lines:
- 'session [default=1] pam_permit.so'
- 'session requisite pam_deny.so'
- 'session required pam_permit.so'
- 'session required pam_unix.so'
- 'session optional pam_systemd.so'
4 changes: 2 additions & 2 deletions manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -266,8 +266,8 @@
fail("osfamily Suse's os.release.major is <${::facts['os']['release']['major']}> and must be 9, 10, 11, 12, 13 or 15")
}

if $facts['os']['name'] == 'Debian' and !($facts['os']['release']['major'] in ['7','8','9','10', '11']) {
fail("Debian's os.release.major is <${facts['os']['release']['major']}> and must be 7, 8, 9, 10 or 11")
if $facts['os']['name'] == 'Debian' and !($facts['os']['release']['major'] in ['7','8','9','10','11','12']) {
fail("Debian's os.release.major is <${facts['os']['release']['major']}> and must be 7, 8, 9, 10, 11 or 12")
}

if $facts['os']['name'] == 'Ubuntu' and !($facts['os']['release']['major'] in ['12.04', '14.04', '16.04', '18.04', '20.04', '22.04']) {
Expand Down
3 changes: 2 additions & 1 deletion metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"11"
"11",
"12"
]
},
{
Expand Down
27 changes: 27 additions & 0 deletions spec/acceptance/nodesets/debian-12.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
HOSTS:
debian11:
roles:
- agent
platform: debian-12-amd64
hypervisor: docker
image: debian:12
docker_preserve_image: true
docker_cmd:
- '/sbin/init'
docker_image_commands:
- 'apt-get install -y wget net-tools systemd-sysv locales apt-transport-https ca-certificates'
- 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment'
- 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen'
- 'echo "LANG=en_US.UTF-8" > /etc/locale.conf'
- 'locale-gen en_US.UTF-8'
docker_env:
- LANG=en_US.UTF-8
- LANGUAGE=en_US.UTF-8
- LC_ALL=en_US.UTF-8
docker_container_name: 'pam-debian12'
CONFIG:
log_level: debug
type: foss
ssh:
password: root
auth_methods: ["password"]
5 changes: 5 additions & 0 deletions spec/fixtures/debian-12-x86_64-pam_common_account
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# This file is being maintained by Puppet.
# DO NOT EDIT
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
5 changes: 5 additions & 0 deletions spec/fixtures/debian-12-x86_64-pam_common_auth
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# This file is being maintained by Puppet.
# DO NOT EDIT
auth [success=1 default=ignore] pam_unix.so nullok
auth requisite pam_deny.so
auth required pam_permit.so
5 changes: 5 additions & 0 deletions spec/fixtures/debian-12-x86_64-pam_common_password
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# This file is being maintained by Puppet.
# DO NOT EDIT
password [success=1 default=ignore] pam_unix.so obscure yescrypt
password requisite pam_deny.so
password required pam_permit.so
7 changes: 7 additions & 0 deletions spec/fixtures/debian-12-x86_64-pam_common_session
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# This file is being maintained by Puppet.
# DO NOT EDIT
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
session optional pam_systemd.so
7 changes: 7 additions & 0 deletions spec/fixtures/debian-12-x86_64-pam_common_session_noninteractive
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# This file is being maintained by Puppet.
# DO NOT EDIT
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
session optional pam_systemd.so
18 changes: 18 additions & 0 deletions spec/fixtures/debian-12-x86_64-pam_d_login
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
auth optional pam_faildelay.so delay=3000000
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_mail.so standard
session optional pam_keyinit.so force revoke
@include common-account
@include common-session
@include common-password
16 changes: 16 additions & 0 deletions spec/fixtures/debian-12-x86_64-pam_d_sshd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
@include common-auth
account required pam_nologin.so
account required pam_access.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
@include common-session
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password
19 changes: 19 additions & 0 deletions templates/login.debian10.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
auth optional pam_faildelay.so delay=3000000
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session optional pam_mail.so standard
session optional pam_keyinit.so force revoke
@include common-account
@include common-session
@include common-password
18 changes: 18 additions & 0 deletions templates/login.debian12.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
auth optional pam_faildelay.so delay=3000000
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_mail.so standard
session optional pam_keyinit.so force revoke
@include common-account
@include common-session
@include common-password
18 changes: 18 additions & 0 deletions templates/sshd.debian10.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
@include common-auth
account required pam_nologin.so
<% if @sshd_pam_access != 'absent' -%>
account <%= @sshd_pam_access %> pam_access.so
<% end -%>
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
@include common-session
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password
18 changes: 18 additions & 0 deletions templates/sshd.debian12.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
@include common-auth
account required pam_nologin.so
<% if @sshd_pam_access != 'absent' -%>
account <%= @sshd_pam_access %> pam_access.so
<% end -%>
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
@include common-session
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password
Loading