Skip to content

EGA-archive/LocalEGA-distribution

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
docs
docs
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.readthedocs.yaml
.readthedocs.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Distribution system for a Federated EGA node

This repository contains the code part of the LocalEGA software stack.
It allows the distribution of Crypt4GH-encrypted files.

Summary

The required packages are:

  • libfuse 3
  • OpenSSL
  • libpq
  • glib-2.0
  • Development tools: make cmake gcc git autoconf patch ...
  • PAM

On Debian/Ubuntu, you can install the dependencies with:

apt-get update && \
apt-get install -y --no-install-recommends \
            ca-certificates pkg-config git gcc make \
            autoconf patch meson ninja-build openssl \
            libssl-dev libpq-dev libpam0g-dev libglib2.0-dev libfuse3-dev

You need to install the following components:

Once installed, you can extend the Vault database with functions used by the file system. They allow the fuse filesystem to be smaller, as most string manipulation are done in the Postgres database itself.

Installation

Preliminaries

On Debian/Ubuntu, you can install the dependencies with:

apt-get update && \
apt-get install -y --no-install-recommends \
            ca-certificates pkg-config git gcc make \
            autoconf patch meson ninja-build openssl \
            libssl-dev libpq-dev libpam0g-dev libglib2.0-dev libfuse3-dev

We install all in /opt/LocalEGA:

sudo mkdir -p /opt/LocalEGA/{bin,etc,lib,homes}

Install libfuse 3.16.2 from the official repository.

Uncomment user_allow_other in /usr/local/etc/fuse.conf

Install the live distribution: crypt4gh.fs

cd crypt4gh-fs
autoreconf -i
./configure --prefix=/opt/LocalEGA
make
sudo make install

Find more information in src/crypt4gh-fs.

Install the NSS module

cd nss
make 
sudo make install

echo '/opt/LocalEGA/lib' > /etc/ld.so.conf.d/LocalEGA.conf

sudo ldconfig -v | grep egafiles

In /etc/nsswitch.conf, add egafiles such as:

passwd:         files egafiles systemd
group:          files egafiles systemd
shadow:         files egafiles

Find more information in src/nss.

PAM

cd pam
make
sudo make install

Find more information in src/pam.

OpenSSH

Follow the instructions in src/openssh/README.

Vault-DB extension

Go to LocalEGA/deploy/docker and run:

make load

This will load the files in load the SQL files in src/db.

Update the nss.* configurations in pg.conf.

Recreate the container:

docker-compose up -d vault-db

Change permissions of the landing directories for the NSS files:

sudo chown 999 /opt/LocalEGA/etc/nss
sudo chown 999:lega /opt/LocalEGA/etc/authorized_keys
sudo chmod g+s /opt/LocalEGA/etc/authorized_keys

Call the NSS file creation:

make nss

And test it:

id jane

You should see:

uid=10001(jane) gid=20000(requesters) groups=20000(requesters)

Finally, for the Crypt4GH-fuse, copy the sample config file and change permissions:

cp crypt4gh-fs/fs.conf.sample /opt/LocalEGA/etc/fuse-vault-db.conf
chmod 600 /opt/LocalEGA/etc/fuse-vault-db.conf

Update password in fuse-vault.db.conf.

About

Distribution system for a Federated EGA node

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages