Saba Touheed Mujawar 1279237fdf Change file permissions in k8s 1.24.4 and k8s 1.25.3
Currently the permissions of binary files owned by root is
754(rwxr-xr--) . The "sysadmin" user is a member of the "root"
group, and has permission to run kubectl.

Change permissions to below :
kubectl                  - 755
kubelet                  - 750
kube-apiserver           - 750
kube-controller-manager  - 750
kube-scheduler           - 750
kube-proxy               - 750

Test Plan:
PASS: Install iso on AIO-SX, run kubectl commands as root,
      sysadmin and as another user

Closes-Bug: 2009159

Signed-off-by: Saba Touheed Mujawar <sabatouheed.mujawar@windriver.com>
Change-Id: Id62c85d772d14f4dbc4b1c9339365936e19c3bd7
2023-03-13 12:42:24 -04:00

118 lines
4.8 KiB
Makefile
Executable File

#!/usr/bin/make -f
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# This debian/rules file is based on:
# https://packages.debian.org/source/bookworm/kubernetes
# http://deb.debian.org/debian/pool/main/k/kubernetes/kubernetes_1.20.5+really1.20.2-1.1.debian.tar.xz
# Customizations support kubernetes upgrades:
# - specific directory locations with kubernetes version, upgrades stage,
# and version specific golang compiler
# - build output not required on the production host is moved to
# kubernetes-misc package
kube_version := 1.24.4
kube_git_version := v${kube_version}
name := kubernetes-${kube_version}
go_version := 1.18.5
_stage1 := /usr/local/kubernetes/${kube_version}/stage1
_stage2 := /usr/local/kubernetes/${kube_version}/stage2
_bindir := /usr/bin
kube_dir := src/k8s.io/kubernetes
output_dir := ${kube_dir}/_output
output_bindir := ${output_dir}/bin
output_mandir := ${output_dir}/man
DEBIAN_DESTDIR := $(CURDIR)/debian/tmp
export DH_VERBOSE = 1
export PATH := /usr/lib/go-1.18/bin:$(PATH)
export KUBE_GIT_TREE_STATE="clean"
export KUBE_GIT_COMMIT=${kube_version}
export KUBE_GIT_VERSION=${kube_git_version}
export KUBE_EXTRA_GOPATH=$(pwd)/Godeps/_workspace
export PBR_VERSION=${kube_git_version}
bins = kube-proxy kube-apiserver kube-controller-manager kubelet kubeadm kube-scheduler kubectl
%:
dh $@ --with=bash-completion --builddirectory=src --without=build-stamp
override_dh_auto_build:
# we support multiple go compilers; indicate the version we are using
go version
which go
mkdir -pv ${kube_dir}
mv -v $$(ls | grep -v "^src$$" | grep -v "^debian$$") ${kube_dir}/.
cd ${kube_dir} && make WHAT="$(addprefix cmd/,$(bins) genman)"
# manpages
mkdir -p ${output_mandir}
echo $(bins) | xargs --max-args=1 ${output_bindir}/genman ${output_mandir}
# NOTICE files
find ${kube_dir}/vendor -name '*NOTICE*' -print0 | xargs -0 head -n1000 > ${output_dir}/NOTICE
override_dh_install:
# kube_version stage1
install -m 755 -d ${DEBIAN_DESTDIR}${_stage1}${_bindir}
install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage1}${_bindir} ${output_bindir}/kubeadm
# kube_version stage2
install -m 755 -d ${DEBIAN_DESTDIR}${_stage2}${_bindir}
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d
install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh
install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet
install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl
# bash completions
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/
${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl
# remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc
install -m 755 -d ${DEBIAN_DESTDIR}${_bindir}
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy
# specific cluster addons for optional use
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons
# Addon: volumesnapshots
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd
install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/crd ${kube_dir}/cluster/addons/volumesnapshots/crd/*
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller
install -m 0644 -t ${DEBIAN_DESTDIR}/etc/${name}/addons/volumesnapshots/volume-snapshot-controller ${kube_dir}/cluster/addons/volumesnapshots/volume-snapshot-controller/*
# unit-test
# - everything from the root directory is needed
# - unit-tests needs source code
# - integration tests needs docs and other files
# - test-cmd.sh atm needs cluster, examples and other
install -d -m 0755 ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/
cp -a src ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/
# remove generated output, i.e., binaries, go cache, man pages, violations report
rm -rf ${DEBIAN_DESTDIR}/var/lib/kubernetes-unit-test/${output_dir}
dh_install
override_dh_auto_test:
${kube_dir}/hack/test-cmd.sh
${kube_dir}/hack/benchmark-go.sh
${kube_dir}/hack/test-go.sh
${kube_dir}/hack/test-integration.sh --use_go_build
override_dh_fixperms:
dh_fixperms -Xkube-apiserver -Xkubeadm -Xkubeadm.conf \
-Xkubelet-cgroup-setup.sh -Xkube-apiserver \
-Xkube-controller-manager -Xkube-scheduler \
-Xkube-proxy -Xkubelet -Xkubectl
override_dh_usrlocal: