server-build/QEMU-autobuild/buildReclaim.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

#!/bin/sh
set -eu

## BEGIN configuration

# Where is WooCommerce?
WOOHOST=http://127.0.0.1:9999

# Name of the shop for the user
SHOP_NAME="WooTaler Shop"

# Ego of the zone for the RP in GNS
SHOP_ZONE=wootaler-shop

# Which attributes does WooCommerce want from the IdP?
OIDC_SCOPE="openid given_name family_name email address phone"

# URL where GNUnet REST service is listening for requests
GNUNET_REST="http://localhost:7776/openid/"

## END configuration

# Download and install GNUnet

apt install \
    screen \
    gcc \
    make\
    autoconf\
    automake \
    libtool\
    libgcrypt20-dev\
    libsqlite3-dev\
    gettext\
    libgnutls28-dev\
    libcurl4-gnutls-dev\
    libunistring-dev\
    libidn2-dev\
    libjansson-dev\
    openssl\
    pkgconf\
    libltdl-dev\
    zlib1g-dev\
    libsodium-dev\
    python3.7\
    texi2html\
    texinfo 

# This installs MHD and GNUnet to /usr, overwriting (!)
# the Debian package. We do that to get some minimal
# setup from Debian, and also so that IF in the future
# Debian does include a sufficiently recent GNUnet
# package, we can simply remove these lines:
cd /root
git clone git://git.gnunet.org/libmicrohttpd.git
cd libmicrohttpd
./bootstrap
./configure --prefix=/usr/
make install
cd /root
git clone git://git.gnunet.org/gnunet.git
cd gnunet
./bootstrap
./configure --prefix=/usr/
make install

echo "Updating GNUnet configuration"
chown gnunet:gnunet /etc/gnunet.conf
sudo -u gnunet gnunet-config -c /etc/gnunet.conf -s arm -o START_USER_SERVICES -V NO
sudo -u gnunet gnunet-config -c /etc/gnunet.conf -s arm -o START_SYSTEM_SERVICES -V YES

# Use the user 'reclaim' for the reclaim/OIDC service.
echo "Setting up users gnunet and reclaim"
adduser --system --disabled-password gnunet
adduser --system --disabled-password reclaim

echo "Setting up reclaim GNUnet peer"
sudo -u reclaim gnunet-config -s arm -o START_USER_SERVICES -V YES
sudo -u reclaim gnunet-config -s arm -o START_SYSTEM_SERVICES -V NO
sudo -u reclaim gnunet-config -s rest -o BIND_TO -V 0.0.0.0

# Setup GNUnet REST credentials
echo "Configuring GNUnet REST credentials"
OIDC_CLIENT_SECRET=`uuid`

sudo -u reclaim gnunet-config -s reclaim-rest-plugin -o OIDC_CLIENT_SECRET -V "$OIDC_CLIENT_SECRET"


echo "Setting up systemd integration"
sudo -u reclaim cat - > /etc/systemd/system/reclaim.service <<EOF
[Unit]
Description = GNUnet for reclaim
[Service]
Type=simple
User=reclaim
ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm
WorkingDirectory=/home/reclaim
EOF

sudo -u gnunet cat - > /etc/systemd/system/gnunet.service <<EOF
[Unit]
Description = GNUnet main service
[Service]
Type=simple
User=gnunet
ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf
WorkingDirectory=/home/gnunet
EOF

echo "Reloading systemd configuration"
systemctl daemon-reload

# Restart GNUnet (system service)
echo "Enabling and starting gnunet service"
systemctl enable gnunet
systemctl start gnunet

echo "Enabling and starting reclaim service"
systemctl enable reclaim
systemctl start reclaim

echo "Setting up RP zone"

# Setup Zone for RP
sudo -u reclaim gnunet-identity -C "$SHOP_ZONE"
OIDC_CLIENT_IDENTITY=`sudo -u reclaim gnunet-identity -dq -e $SHOP_ZONE`

# Tell reclaim where the RP expects the authorization callback
sudo -u reclaim gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_REDIRECT -V ${WOOHOST}/wp-admin/admin-ajax.php?action=openid-connect-authorize -e 1h -p

# Tell reclaim the name of the shop that asks for permissions (to be shown to the user)
sudo -u reclaim gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_CLIENT -V "$SHOP_NAME" -e 1h -p

# Setup ReClaim as OIDC provider with WooCommerce
cd /var/www/wordpress


sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_id "${OIDC_CLIENT_IDENTITY}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_secret "${OIDC_CLIENT_SECRET}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings scope "${OIDC_SCOPE}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_login "https://api.reclaim/openid/authorize"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_userinfo "${GNUNET_REST}/userinfo"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_token "${GNUNET_REST}/token"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_end_session ""
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identity_key "sub"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings no_sslverify "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings nickname_key "sub"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings displayname_format "{given_name} {full_name}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identify_with_username "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings enable_logging "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings redirect_user_back "1"