# Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=authentik pkgver=2024.8.6 pkgrel=1 pkgdesc="An open-source Identity Provider focused on flexibility and versatility" url="https://github.com/goauthentik/authentik" # s390x: missing py3-celery py3-flower and py3-kombu # armhf/armv7/x86: out of memory error when building goauthentik # ppc64le: not supported by Rollup build # missing uvicorn # arch="aarch64 x86_64" license="MIT" depends=" bash libcap-setcap nginx postgresql procps pwgen py3-aiohttp py3-aiosignal py3-amqp py3-anyio py3-asgiref py3-asn1 py3-asn1crypto py3-async-timeout py3-attrs py3-autobahn py3-automat py3-bcrypt py3-billiard py3-cachetools py3-cbor2 py3-celery py3-certifi py3-cffi py3-channels py3-channels_redis py3-charset-normalizer py3-click py3-click-didyoumean py3-click-plugins py3-click-repl py3-codespell py3-colorama py3-constantly py3-cparser py3-cryptography py3-dacite py3-daphne py3-dateutil py3-deepmerge py3-defusedxml py3-deprecated py3-dnspython py3-django py3-django-countries py3-django-cte py3-django-filter py3-django-guardian py3-django-model-utils py3-django-otp py3-django-prometheus py3-django-pglock py3-django-redis py3-django-rest-framework~3.14.0 py3-django-rest-framework-guardian py3-django-storages py3-django-tenants py3-django-tenant-schemas py3-docker-py py3-dotenv py3-dumb-init py3-duo_client py3-drf-orjson-renderer py3-drf-spectacular py3-email-validator py3-fido2 py3-flower py3-frozenlist py3-geoip2 py3-google-auth py3-google-api-python-client py3-gunicorn py3-h11 py3-httptools py3-humanize py3-hyperlink py3-idna py3-incremental py3-inflection py3-jsonschema py3-jsonpatch py3-jwt py3-kombu py3-kubernetes py3-ldap3 py3-lxml py3-maxminddb py3-msgpack py3-msgraph-sdk py3-multidict py3-oauthlib py3-opencontainers py3-openssl py3-packaging py3-paramiko py3-parsing py3-prometheus-client py3-prompt_toolkit py3-psycopg py3-psycopg-c py3-pydantic-scim py3-pynacl py3-pyrsistent py3-pyrad py3-python-jwt py3-redis py3-requests py3-requests-oauthlib py3-rsa py3-scim2-filter-parser py3-setproctitle py3-sentry-sdk py3-service_identity py3-setuptools py3-six py3-sniffio py3-sqlparse py3-structlog py3-swagger-spec-validator py3-tornado py3-twilio py3-txaio py3-tenant-schemas-celery py3-typing-extensions py3-tz py3-ua-parser py3-uritemplate py3-urllib3-secure-extra py3-uvloop py3-vine py3-watchdog py3-watchfiles py3-wcwidth py3-webauthn py3-websocket-client py3-websockets py3-wrapt py3-wsproto py3-xmlsec py3-yaml py3-yarl py3-zope-interface py3-zxcvbn valkey uvicorn " makedepends="go npm" checkdepends=" py3-pip py3-coverage py3-pytest py3-pytest-django py3-pytest-randomly py3-pytest-timeout py3-freezegun py3-boto3 py3-requests-mock " install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-install" source=" $pkgname-$pkgver.tar.gz::https://github.com/goauthentik/authentik/archive/refs/tags/version/$pkgver.tar.gz authentik.openrc authentik-worker.openrc authentik-ldap.openrc authentik-ldap.conf authentik-manage.sh fix-ak-bash.patch root-settings-csrf_trusted_origins.patch go-downgrade-1.22.patch 12184_fix-impersonnate-api.patch " builddir="$srcdir/"authentik-version-$pkgver subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgusers="authentik" pkggroups="authentik" export GOPATH=$srcdir/go export GOCACHE=$srcdir/go-build export GOTMPDIR=$srcdir build() { msg "Building authentik-ldap" go build -o ldap cmd/ldap/main.go msg "Building authentik-proxy" go build -o proxy cmd/proxy/main.go msg "Building authentik-radius" go build -o radius cmd/proxy/main.go msg "Building authentik-server" go build -o server cmd/server/*.go msg "Building authentik-web" cd web npm ci --no-audit npm run build cd .. msg "Building website" cd website npm ci --no-audit npm run build } check() { msg "Setting up test environments" export POSTGRES_DB=authentik export POSTGRES_USER=authentik export POSTGRES_PASSWORD="EK-5jnKfjrGRm<77" export AUTHENTIK_POSTGRESQL__TEST__NAME=authentik rm -Rf "$srcdir"/tmp initdb -D "$srcdir"/tmp postgres -D "$srcdir"/tmp --unix-socket-directories="$srcdir" > "$srcdir"/tmp/psql.log 2>&1 & valkey-server > "$srcdir"/tmp/valkey.log 2>&1 & trap "pkill valkey-server; pkill postgres" EXIT sleep 5 psql -h "$srcdir" -d postgres -c "CREATE ROLE $POSTGRES_USER PASSWORD '$POSTGRES_PASSWORD' INHERIT LOGIN;" psql -h "$srcdir" -d postgres -c "CREATE DATABASE $POSTGRES_DB OWNER $POSTGRES_USER ENCODING 'UTF-8';" psql -h "$srcdir" -d postgres -c "CREATE DATABASE test_$POSTGRES_DB OWNER $POSTGRES_USER ENCODING 'UTF-8';" # .github/actions/setup/action.yml: Generate config + csrf python3 -c " from authentik.lib.generators import generate_id from yaml import safe_dump with open(\"local.env.yml\", \"w\") as _config: safe_dump( { \"log_level\": \"debug\", \"secret_key\": generate_id(), \"csrf\": { \"trusted_origins\": ['https://*']}, }, _config, default_flow_style=False, ) " python -m lifecycle.migrate # no selenium package pip install selenium drf_jsonschema_serializer pdoc --break-system-packages msg "Starting tests" make test # TODO: Fix go-tests # make go-test pkill valkey-server pkill postgres } package() { msg "Packaging $pkgname" local prefix="/usr/share/webapps" local destdir="$pkgdir"$prefix/authentik # authentik install install -d -m755 \ "$destdir" \ "$destdir"/web \ "$pkgdir"/usr/bin \ "$pkgdir"/usr/share/doc \ "$pkgdir"/var/lib/authentik cp -rl authentik lifecycle locale tests \ "$destdir"/ cp -rl blueprints \ "$pkgdir"/var/lib/authentik/ cp -rl web/dist web/authentik \ "$destdir"/web/ install -m755 -t "$destdir" \ "$builddir"/server \ "$builddir"/ldap \ "$builddir"/radius \ "$builddir"/proxy \ "$builddir"/manage.py cp -rl website/build/ "$pkgdir"/usr/share/doc/authentik/ # symbolic bin links to usr/bin for i in server proxy ldap radius; do ln -s $prefix/authentik/$i "$pkgdir"/usr/bin/authentik-$i done # openrc install for i in $pkgname $pkgname-worker $pkgname-ldap; do install -Dm755 "$srcdir"/$i.openrc "$pkgdir"/etc/init.d/$i done # config file setup install -Dm640 "$builddir"/authentik/lib/default.yml \ "$pkgdir"/etc/authentik/config.yml ln -s "/etc/authentik/config.yml" "$pkgdir"/usr/share/webapps/authentik/local.env.yml chown root:www-data "$pkgdir"/etc/authentik/config.yml sed -i 's|cert_discovery_dir.*|cert_discovery_dir: /var/lib/authentik/certs|' "$pkgdir"/etc/authentik/config.yml sed -i 's|blueprints_dir.*|blueprints_dir: /var/lib/authentik/blueprints|' "$pkgdir"/etc/authentik/config.yml sed -i 's|template_dir.*|template_dir: /var/lib/authentik/templates|' "$pkgdir"/etc/authentik/config.yml printf "\ncsrf:\n trusted_origins: ['auth.example.com']" >> "$pkgdir"/etc/authentik/config.yml printf "\nsecret_key: '@@SECRET_KEY@@'" >> "$pkgdir"/etc/authentik/config.yml # custom css location change mv "$pkgdir"/usr/share/webapps/authentik/web/dist/custom.css "$pkgdir"/etc/authentik/custom.css ln -s "/etc/authentik/custom.css" "$pkgdir"/usr/share/webapps/authentik/web/dist/custom.css chown root:www-data "$pkgdir"/etc/authentik/custom.css # Install wrapper script to /usr/bin. install -m755 -D "$srcdir"/authentik-manage.sh "$pkgdir"/usr/bin/authentik-manage } pyc() { default_pyc cd "$pkgdir" # shellcheck disable=SC3003 local IFS=$'\n' # shellcheck disable=SC2046 amove $(find usr/share/webapps/authentik -type d -name __pycache__) } sha512sums=" ede869ff73e83707819d1cdc0c73bc4dc445fbf4a8ac27140245a3fe77949fc6b9cfa4ebb5de935956a5a1d9faf340720e8259287805fccdb0f141294f54e3cc authentik-2024.8.6.tar.gz 4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1 authentik.openrc 6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89 authentik-worker.openrc 351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17 authentik-ldap.openrc 89ee5f0ffdade1c153f3a56ff75b25a7104aa81d8c7a97802a8f4b0eab34850cee39f874dabe0f3c6da3f71d6a0f938f5e8904169e8cdd34d407c8984adee6b0 authentik-ldap.conf f1a3cb215b6210fa7d857a452a9f2bc4dc0520e49b9fa7027547cff093d740a7e2548f1bf1f8831f7d5ccb80c8e523ee0c8bafcc4dc42d2788725f2137d21bee authentik-manage.sh 3e47db684a3f353dcecdb7bab8836b9d5198766735d77f676a51d952141a0cf9903fcb92e6306c48d2522d7a1f3028b37247fdc1dc74d4d6e043da7eb4f36d49 fix-ak-bash.patch 5c60e54b6a7829d611af66f5cb8184a002b5ae927efbd024c054a7c176fcb9efcfbe5685279ffcf0390b0f0abb3bb03e02782c6867c2b38d1ad2d508aae83fa0 root-settings-csrf_trusted_origins.patch badff70b19aad79cf16046bd46cb62db25c2a8b85b2673ce7c44c42eb60d42f6fcb1b9a7a7236c00f24803b25d3c66a4d64423f7ce14a59763b8415db292a5b9 go-downgrade-1.22.patch 5d409cb41d4a506df30618bdaf325188d304d879e2d23fe49277db6ae8fe9341803d7eee54c9a5dbdfa87267146ea1647995b2adb503fbf8f8c4d7f861ce9de6 12184_fix-impersonnate-api.patch "