Updated fds.in (updated ds creation scripts).

diff --git a/sources/fds.in/c3d/firstboot/data/USERS.txt b/sources/fds.in/c3d/firstboot/data/USERS.txt
index f898685ab250e1c0264fd4565163da327be03ca2..170f0e36fc424a48d0bda0d6d6f70d14a00a3483 100644 (file)
--- a/sources/fds.in/c3d/firstboot/data/USERS.txt
+++ b/sources/fds.in/c3d/firstboot/data/USERS.txt
@@ -1,15 +1,16 @@
-akosztolanyi,  Árpád,                Kosztolányi,   arpad.kosztolanyi@userrendszerhaz.hu,   +36 20 583 7539
-csgulyas,      Csaba,          Gulyás,                csaba.gulyas@userrendszerhaz.hu,        +36 30 374 4065
-cslevai,       Csilla,         Lévai,         csilla.levai@userrendszerhaz.hu,        +36 30 280 8517
-dhorvath,      Dénes,         Horváth,       denes.horvath@userrendszerhaz.hu,       +36 30 971 8563
-dvasary,       Dániel,                Vásáry,               daniel.vasary@userrendszerhaz.hu,       +36 30 515 9417
-fritter,       Ferenc,         Ritter,         ferenc.ritter@userrendszerhaz.hu,       +36 20 937 8022
-fschnell,      Ferenc,         Schnellbach,    ferenc.schnellbach@userrendszerhaz.hu,  +36 30 950 2529
-khorvath,      Kálmán,               Horváth,       kalman.horvath@userrendszerhaz.hu,      +36 20 444 8693
-kkancz,                Krisztián,     Káncz,         krisztian.kancz@userrendszerhaz.hu,     +36 70 666 2663
-kvajda,                Krisztina,      Vajda,          krisztina.vajda@userrendszerhaz.hu,     +36 20 313 0028
-mszabo,                Marcell,        Szabó,         marcell.szabo@userrendszerhaz.hu,       +36 70 458 1234
-osweidan,      Omár,          Sweidan,        omar.sweidan@userrendszerhaz.hu,        +36 70 382 4621
-rrendek,       Róbert,                Rendek,         robert.rendek@userrendszerhaz.hu,       +36 30 977 5888
-tlevai,                Tibor,          Lévai,         tibor.levai@userrendszerhaz.hu,         +36 30 297 6481
-zfelleg,       Zoltán,                Felleg,         zoltan.felleg@userrendszerhaz.hu,       +36 20 954 1513
+5000,  dsadmin,        ,               ,               ,
+10000, akosztolanyi,   Árpád,                Kosztolányi,   arpad.kosztolanyi@userrendszerhaz.hu,   +36 20 583 7539
+10000, csgulyas,       Csaba,          Gulyás,                csaba.gulyas@userrendszerhaz.hu,        +36 30 374 4065
+10000, cslevai,        Csilla,         Lévai,         csilla.levai@userrendszerhaz.hu,        +36 30 280 8517
+10000, dhorvath,       Dénes,         Horváth,       denes.horvath@userrendszerhaz.hu,       +36 30 971 8563
+10000, dvasary,        Dániel,                Vásáry,               daniel.vasary@userrendszerhaz.hu,       +36 30 515 9417
+10000, fritter,        Ferenc,         Ritter,         ferenc.ritter@userrendszerhaz.hu,       +36 20 937 8022
+10000, fschnell,       Ferenc,         Schnellbach,    ferenc.schnellbach@userrendszerhaz.hu,  +36 30 950 2529
+10000, khorvath,       Kálmán,               Horváth,       kalman.horvath@userrendszerhaz.hu,      +36 20 444 8693
+10000, kkancz,         Krisztián,     Káncz,         krisztian.kancz@userrendszerhaz.hu,     +36 70 666 2663
+10000, kvajda,         Krisztina,      Vajda,          krisztina.vajda@userrendszerhaz.hu,     +36 20 313 0028
+10000, mszabo,         Marcell,        Szabó,         marcell.szabo@userrendszerhaz.hu,       +36 70 458 1234
+10000, osweidan,       Omár,          Sweidan,        omar.sweidan@userrendszerhaz.hu,        +36 70 382 4621
+10000, rrendek,        Róbert,                Rendek,         robert.rendek@userrendszerhaz.hu,       +36 30 977 5888
+10000, tlevai,         Tibor,          Lévai,         tibor.levai@userrendszerhaz.hu,         +36 30 297 6481
+10000, zfelleg,        Zoltán,                Felleg,         zoltan.felleg@userrendszerhaz.hu,       +36 20 954 1513

diff --git a/sources/fds.in/c3d/firstboot/scripts/01_setupnetworking.sh b/sources/fds.in/c3d/firstboot/scripts/01_setupnetworking.sh
index 2090570b960e1b4330f8bd5d0d3a999b4dccd52f..aae217a4cd1e70e6b1303cab0dfc642e68ac8b0c 100755 (executable)
--- a/sources/fds.in/c3d/firstboot/scripts/01_setupnetworking.sh
+++ b/sources/fds.in/c3d/firstboot/scripts/01_setupnetworking.sh
@@ -4,16 +4,47 @@
 sleep 1
 systemctl --quiet is-active NetworkManager.service
 NM_RC=$?
-WAITED=0
+CYCLES_WAITED=0
 while [ $NM_RC -ne 0 ]
 do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for NetworkManager"
+    fi
     echo -n .
     sleep 1
-    WAITED=1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
     systemctl --quiet is-active NetworkManager.service
     NM_RC=$?
 done
-[ $WAITED -eq 1 ] && echo
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+# wait for one/the network connection to come up
+CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                            | grep --invert-match ':$' | wc -l)
+CYCLES_WAITED=0
+while [ $CONNECTION_DEVICES_UP -lt 1 ]
+do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        nmcli connection show
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for the network connection"
+    fi
+    echo -n .
+    sleep 1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+    CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                                | grep --invert-match ':$' | wc -l)
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
 
 CONNECTIONS=$(nmcli --terse connection show | wc -l)
 if [ $CONNECTIONS -ne 1 ]
@@ -22,16 +53,6 @@ then
     exit 1
 fi
 
-nmcli --terse connection show | grep ':$' >/dev/null
-ALL_CONNECTION_DEVICES_KNOWN=$?
-while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ]
-do
-    echo "Not all connection devices are known yet" >&2
-    sleep 1
-    nmcli --terse connection show | grep ':$' >/dev/null
-    ALL_CONNECTION_DEVICES_KNOWN=$?
-done
-
 CONNECTION_LINE=$(nmcli --terse connection show)
 CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
 CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':')

diff --git a/sources/fds.in/c3d/firstboot/scripts/10_setupds.sh b/sources/fds.in/c3d/firstboot/scripts/10_setupds.sh
index 89726c816a32b6d936f5ae608d6c817fad392a6d..b8cd1390d8f7f6669352f38a62cee615259ec6d2 100755 (executable)
--- a/sources/fds.in/c3d/firstboot/scripts/10_setupds.sh
+++ b/sources/fds.in/c3d/firstboot/scripts/10_setupds.sh
@@ -5,29 +5,60 @@ REAL_PATH=$(realpath $(dirname $0))
 DATA_PATH=$(realpath $REAL_PATH/../data)
 
 
+INSTANCE_NAME=user
+
+
+/usr/local/bin/getletsencrypt.sh
+
+
 /usr/local/bin/restorefds.sh
 if [ $? -eq 0 ]
 then
     exit 0
 fi
 
-if [ ! -f $DATA_PATH/user.inf ]
+if [ ! -f $DATA_PATH/${INSTANCE_NAME}.inf ]
 then
-    dscreate create-template $DATA_PATH/user.inf
-    vi $DATA_PATH/user.inf
+    dscreate create-template $DATA_PATH/${INSTANCE_NAME}.inf
+    vi $DATA_PATH/${INSTANCE_NAME}.inf
 fi
 
-dscreate from-file $DATA_PATH/user.inf
-dsconf user plugin memberof enable
-dsconf user pwpolicy set \
+dscreate from-file $DATA_PATH/${INSTANCE_NAME}.inf
+dsconf $INSTANCE_NAME config replace nsslapd-auditlog-logging-enabled=on
+dsconf $INSTANCE_NAME config replace nsslapd-auditfaillog-logging-enabled=on
+dsconf $INSTANCE_NAME plugin memberof enable
+dsconf $INSTANCE_NAME pwpolicy set \
     --pwdmustchange on \
+    --pwdtrack on \
+    --pwdexpire on \
+    --pwdmaxage 8640000 \
+    --pwdgracelimit 5 \
     --pwdlockout on \
     --pwdchecksyntax on \
-    --pwdminlen 10 \
+    --pwdminlen 14 \
     --pwdmindigits 1 \
+    --pwdminalphas 1 \
     --pwdminuppers 1 \
     --pwdminlowers 1 \
     --pwdminspecials 1 \
-    --pwdmaxrepeats 2 \
+    --pwdmaxrepeats 3 \
+    --pwdpalindrome on \
     --pwdmincatagories 4 \
     --pwddictcheck on
+
+LDIF_FILE=$(mktemp)
+echo 'dn: ou=people,dc=user,dc=hu' >$LDIF_FILE
+echo 'changetype: modify' >>$LDIF_FILE
+echo 'add: aci' >>$LDIF_FILE
+echo 'aci: (targetattr="pwdUpdateTime")(version 3.0; acl "Enable anyone read pwdUpda' >>$LDIF_FILE
+echo ' teTime"; allow(read)(userdn="ldap:///anyone");)' >>$LDIF_FILE
+
+ldapmodify -D "cn=Directory Manager" \
+    -w Passw@rd01 \
+    -f $LDIF_FILE
+
+rm --force $LDIF_FILE
+
+/usr/local/bin/replacedirsrvcerts.sh
+
+dsctl $INSTANCE_NAME restart

diff --git a/sources/fds.in/c3d/firstboot/scripts/11_createusers.sh b/sources/fds.in/c3d/firstboot/scripts/11_createusers.sh
index 5ab61b8f87aeeb456b902b6baf9efa55d17817a4..8fb9434627be7fce9fdf666cc0ab165e84c54a2d 100755 (executable)
--- a/sources/fds.in/c3d/firstboot/scripts/11_createusers.sh
+++ b/sources/fds.in/c3d/firstboot/scripts/11_createusers.sh
@@ -5,7 +5,10 @@ exit 0
 
 REAL_PATH=$(realpath $(dirname $0))
 DATA_PATH=$(realpath $REAL_PATH/../data)
+FDS_ADMIN_UID=dsadmin
+FDS_BASEDN="dc=user,dc=hu"
 FDS_INPUT_FILE=$DATA_PATH/FDS_INPUT.txt
+INSTANCE_NAME=user
 UIDS_FILE=$DATA_PATH/UIDS.txt
 USERS_FILE=$DATA_PATH/USERS.txt
 
@@ -15,19 +18,20 @@ USERS_FILE=$DATA_PATH/USERS.txt
 cat $USERS_FILE | while read LINE
 do
     COMPACT_LINE=$(echo $LINE | sed 's/, /,/g')
-    LOGIN_NAME=$(echo $COMPACT_LINE | cut -f 1 -d ',')
+    UID_SHIFT=$(echo $COMPACT_LINE | cut -f 1 -d ',')
+    LOGIN_NAME=$(echo $COMPACT_LINE | cut -f 2 -d ',')
     LOGIN_MD5SUM=$(echo $LOGIN_NAME | md5sum | awk '{print $1}')
     UID_POSITION=30
     UID_IS_UNIQUE=0
     while [ $UID_IS_UNIQUE -eq 0 ]
     do
         LOGIN_UID=$(echo $LOGIN_MD5SUM | cut -c ${UID_POSITION}- | cut -c 1-3)
-        grep $LOGIN_UID $UIDS_FILE >/dev/null 2>&1
+        INT_UID=$(python -c "print($UID_SHIFT + int('$LOGIN_UID', 16))")
+        grep $INT_UID $UIDS_FILE >/dev/null 2>&1
         if [ $? -eq 1 ]
         then
-            INT_UID=$(python -c "print(10000 + int('$LOGIN_UID', 16))")
-            echo $LOGIN_UID >>$UIDS_FILE
-            echo "${INT_UID},$COMPACT_LINE" >>$FDS_INPUT_FILE
+            echo $INT_UID >>$UIDS_FILE
+            echo $COMPACT_LINE | sed "s/^$UID_SHIFT/$INT_UID/" >>$FDS_INPUT_FILE
             UID_IS_UNIQUE=1
         else
             UID_POSITION=$(( $UID_POSITION - 1 ))
@@ -50,14 +54,14 @@ do
     EMAIL_ADDRESS=$(echo $INPUT_LINE | cut -f 5 -d ',')
     MOBILE_NUMBER=$(echo $INPUT_LINE | cut -f 6 -d ',')
 
-    dsidm -b dc=user,dc=hu \
-        user \
+    dsidm -b $FDS_BASEDN \
+        $INSTANCE_NAME \
         group \
         create \
         --cn $LOGIN_NAME
 
     LDIF_FILE=$(mktemp)
-    echo "dn: cn=${LOGIN_NAME},ou=groups,dc=user,dc=hu" >$LDIF_FILE
+    echo "dn: cn=${LOGIN_NAME},ou=groups,$FDS_BASEDN" >$LDIF_FILE
     echo "changetype: modify" >>$LDIF_FILE
     echo "add: objectClass" >>$LDIF_FILE
     echo "objectClass: posixGroup" >>$LDIF_FILE
@@ -71,26 +75,46 @@ do
 
     rm --force $LDIF_FILE
 
-    dsidm -b dc=user,dc=hu \
-        user \
-        user \
-        create \
-        --uid $LOGIN_NAME \
-        --cn $LOGIN_NAME \
-        --displayName "$FIRSTNAME $LASTNAME" \
-        --uidNumber $LOGIN_UID \
-        --gidNumber $LOGIN_UID \
-        --homeDirectory /home/$LOGIN_NAME
+    if [ \( -n "$FIRSTNAME" \) -a \( -n "$LASTNAME" \) ]
+    then
+        dsidm -b $FDS_BASEDN \
+            $INSTANCE_NAME \
+            user \
+            create \
+            --uid $LOGIN_NAME \
+            --cn $LOGIN_NAME \
+            --displayName "$FIRSTNAME $LASTNAME" \
+            --uidNumber $LOGIN_UID \
+            --gidNumber $LOGIN_UID \
+            --homeDirectory /home/$LOGIN_NAME
+    else
+        dsidm -b $FDS_BASEDN \
+            $INSTANCE_NAME \
+            user \
+            create \
+            --uid $LOGIN_NAME \
+            --cn $LOGIN_NAME \
+            --displayName $LOGIN_NAME \
+            --uidNumber $LOGIN_UID \
+            --gidNumber $LOGIN_UID \
+            --homeDirectory /home/$LOGIN_NAME
+    fi
 
     LDIF_FILE=$(mktemp)
-    echo "dn: uid=${LOGIN_NAME},ou=people,dc=user,dc=hu" >$LDIF_FILE
+    echo "dn: uid=${LOGIN_NAME},ou=people,$FDS_BASEDN" >$LDIF_FILE
     echo "changetype: modify" >>$LDIF_FILE
-    echo "add: mail" >>$LDIF_FILE
-    echo "mail: $EMAIL_ADDRESS" >>$LDIF_FILE
-    echo "-" >>$LDIF_FILE
-    echo "add: mobile" >>$LDIF_FILE
-    echo "mobile: $MOBILE_NUMBER" >>$LDIF_FILE
-    echo "-" >>$LDIF_FILE
+    if [ -n "$EMAIL_ADDRESS" ]
+    then
+        echo "add: mail" >>$LDIF_FILE
+        echo "mail: $EMAIL_ADDRESS" >>$LDIF_FILE
+        echo "-" >>$LDIF_FILE
+    fi
+    if [ -n "$MOBILE_NUMBER" ]
+    then
+        echo "add: mobile" >>$LDIF_FILE
+        echo "mobile: $MOBILE_NUMBER" >>$LDIF_FILE
+        echo "-" >>$LDIF_FILE
+    fi
     echo "add: userPassword" >>$LDIF_FILE
     echo "userPassword: pwd" >>$LDIF_FILE
 
@@ -100,10 +124,28 @@ do
 
     rm --force $LDIF_FILE
 
-    dsidm -b dc=user,dc=hu \
-        user \
+    dsidm -b $FDS_BASEDN \
+        $INSTANCE_NAME \
         group \
         add_member \
         $LOGIN_NAME \
-        uid=${LOGIN_NAME},ou=people,dc=user,dc=hu
+        uid=${LOGIN_NAME},ou=people,$FDS_BASEDN
+
+    if [ "$LOGIN_NAME" = "$FDS_ADMIN_UID" ]
+    then
+        for PERMISSION in group_admin group_modify user_admin user_modify user_passwd_reset user_private_read
+        do
+            LDIF_FILE=$(mktemp)
+            echo "dn: cn=${PERMISSION},ou=permissions,$FDS_BASEDN" >$LDIF_FILE
+            echo "changetype: modify" >>$LDIF_FILE
+            echo "add: member" >>$LDIF_FILE
+            echo "member: uid=${LOGIN_NAME},ou=people,$FDS_BASEDN" >>$LDIF_FILE
+
+            ldapmodify -D "cn=Directory Manager" \
+                -w Passw@rd01 \
+                -f $LDIF_FILE
+
+            rm --force $LDIF_FILE
+        done
+    fi
 done

diff --git a/sources/fds.in/c3d/owner.txt b/sources/fds.in/c3d/owner.txt
index aac981856313ca85189fdaaaff801a663364b09a..ea1bd74c24cda361cbfd6d40381f3556952f30d1 100644 (file)
--- a/sources/fds.in/c3d/owner.txt
+++ b/sources/fds.in/c3d/owner.txt
@@ -1,3 +1,2 @@
 # owner file (relative to /c3d)
-# shell globbing does not work
-root.ssh_keys postinstall/install-data/etc/ssh/ssh_host_ed25519_key
+root.ssh_keys postinstall/install-data/etc/ssh/ssh_host_*_key

diff --git a/sources/fds.in/c3d/postinstall/data/template.inf b/sources/fds.in/c3d/postinstall/data/template.inf
index a6ef2249cd39285b774232035fc35c7a8844edf3..06fe863a33bb307ff0de0720fd33e2d27254b4a3 100644 (file)
--- a/sources/fds.in/c3d/postinstall/data/template.inf
+++ b/sources/fds.in/c3d/postinstall/data/template.inf
@@ -21,8 +21,8 @@
 
 # full_machine_name (str)
 # Description: Sets the fully qualified hostname (FQDN) of this system. When installing this instance with GSSAPI authentication behind a load balancer, set this parameter to the FQDN of the load balancer and, additionally, set "strict_host_checking" to "false".
-# Default value: fds.in.useribm.hu 
-;full_machine_name = fds.in.useribm.hu
+# Default value: fds.useribm.hu 
+;full_machine_name = fds.useribm.hu
 
 # start (bool)
 # Description: Starts the instance after the install completes. If false, the instance is created but started.

diff --git a/sources/fds.in/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh b/sources/fds.in/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh
new file mode 100755 (executable)
index 0000000..2b9a3bb
--- /dev/null
+++ b/sources/fds.in/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+
+if [ -d /etc/letsencrypt ]
+then
+    rm --force --recursive /etc/letsencrypt.old
+    cp --archive /etc/letsencrypt /etc/letsencrypt.old
+fi
+
+/usr/bin/rsync \
+    --archive \
+    --delete-after \
+    --info=STATS \
+    pki.in.useribm.hu::letsencrypt \
+    /etc/letsencrypt

diff --git a/sources/fds.in/c3d/postinstall/install-data/usr/local/bin/replacedirsrvcerts.sh b/sources/fds.in/c3d/postinstall/install-data/usr/local/bin/replacedirsrvcerts.sh
new file mode 100755 (executable)
index 0000000..b4d9755
--- /dev/null
+++ b/sources/fds.in/c3d/postinstall/install-data/usr/local/bin/replacedirsrvcerts.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+
+INSTANCE_NAME=user
+
+
+if [ -d /etc/letsencrypt ]
+then
+    LETSENCRYPT_BASE=/etc/letsencrypt
+    CERT_PATH=$LETSENCRYPT_BASE/archive/useribm
+
+    dsconf $INSTANCE_NAME security ca-certificate list \
+        | grep '^Certificate Name:' | cut -f 2- -d ':' \
+        | while read CA_NAME
+    do
+        dsconf $INSTANCE_NAME security ca-certificate del "$CA_NAME"
+    done
+
+    dsconf $INSTANCE_NAME security ca-certificate add \
+        --file $CERT_PATH/chain1.pem \
+       --name "Let's Encrypt Certificate Authority"
+    dsconf $INSTANCE_NAME security ca-certificate set-trust-flags \
+        "Let's Encrypt Certificate Authority" \
+               --flags "CT,,"
+    dsctl $INSTANCE_NAME tls import-server-key-cert \
+        $CERT_PATH/cert1.pem \
+        $CERT_PATH/privkey1.pem
+
+fi

diff --git a/sources/fds.in/c3d/postinstall/scp/copy.list b/sources/fds.in/c3d/postinstall/scp/copy.list
index 20d78ba9efa4185abad9d799d28c4b46f2d25c0c..3a9fc90558133cdf5a232561836bd2fd67fe5e5c 100644 (file)
--- a/sources/fds.in/c3d/postinstall/scp/copy.list
+++ b/sources/fds.in/c3d/postinstall/scp/copy.list
@@ -1,2 +1,2 @@
 # source_host source_path
-fds.in.useribm.hu /tmp/fds.tar
+fds.useribm.hu /tmp/fds.tar

diff --git a/sources/fds.in/c3d/postinstall/ssh/run.list b/sources/fds.in/c3d/postinstall/ssh/run.list
index adb1dabc1700a3f94913665177f7c69c4babdd48..cb83df138e1a204c42fd0200bff087cb89df69ab 100644 (file)
--- a/sources/fds.in/c3d/postinstall/ssh/run.list
+++ b/sources/fds.in/c3d/postinstall/ssh/run.list
@@ -1,2 +1,2 @@
 # target_host target_user target_executable
-fds.in.useribm.hu root /usr/local/bin/backupfds.sh
+fds.useribm.hu root /usr/local/bin/backupfds.sh

diff --git a/sources/fds.in/config b/sources/fds.in/config
index 12ac34b0c5889a2a370f47446bb64baadecdd8b8..c020290ffe00f9bc8ea5fb5b6cf42e0ce49b1bc0 100644 (file)
--- a/sources/fds.in/config
+++ b/sources/fds.in/config
@@ -1,7 +1,7 @@
 lxc.include = /usr/share/lxc/config/common.conf
 
 lxc.arch = x86_64
-lxc.uts.name = fds.in.useribm.hu
+lxc.uts.name = fds.useribm.hu
 lxc.rootfs.path = __CONTAINER_PATH__/rootfs
 lxc.mount.auto = proc:rw sys:ro
 

diff --git a/sources/fds.in/envvars b/sources/fds.in/envvars
index 979f8822a7ab0d5a7a00e64fd6a668a9145bfa7d..3107097d3316f7d95df366e5b971c504830c09e9 100644 (file)
--- a/sources/fds.in/envvars
+++ b/sources/fds.in/envvars
@@ -1,3 +1,3 @@
 DISTRIBUTION=Fedora
 DISTRIBUTION_VERSION=35
-SPEC_PACKAGES="389-ds-base cockpit cockpit-389-ds openssh-clients openssh-server"
+SPEC_PACKAGES="389-ds-base cockpit cockpit-389-ds openssh-clients openssh-server rsync"