Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amazonlinux make bug #72

Closed
Immortalin opened this issue Jul 7, 2018 · 2 comments
Closed

Amazonlinux make bug #72

Immortalin opened this issue Jul 7, 2018 · 2 comments

Comments

@Immortalin
Copy link 

--> Compiling lambda dependencies
docker run --rm -it -v /home/lin/Development/System_Administration/builds/bless:/src -w /src amazonlinux make compile
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "exec: \"make\": executable file not found in $PATH": unknown.
Makefile:50: recipe for target 'lambda-deps' failed
make: *** [lambda-deps] Error 127
@tuxinaut
Copy link

tuxinaut commented Jul 13, 2018
edited

This error appears because the make lambda-deps command uses the latest Amazon Linux docker image which is an Amazon Linux 2 instead of the original Amazon Linux!

Using the last Amazon Linux (amazonlinux:1) solves the problem.

russell-lewis added a commit to russell-lewis/bless that referenced this issue Jul 13, 2018
@russell-lewis
Fixing Netflix#72 thanks @Immortalin and @tuxinaut .
4ba1d0e
russell-lewis added a commit that referenced this issue Jul 13, 2018
@russell-lewis
Fixing #72 thanks @Immortalin and @tuxinaut .
ed54668
@russell-lewis
Copy link
Contributor

Thanks for the issue. Fixed in #73

acmcelwee added a commit to datadotworld/bless that referenced this issue Nov 29, 2018
@acmcelwee
Merge upstream changes (#2)
ef09738 
* Allows username validation against IAM groups

This change gives the option to validate the remote username against
the IAM groups containing the user invoking the lambda function. This
is an optional feature which is used in conjunction with kmsauth.

For example, if there were two groups of users, you could put your
admins in the ssh-admin IAM group to allow them to generate certificates
with a remote_username of 'admin'. Users with fewer permissions could be
in the ssh-user group to allow them to generate certificates for the 'user'
account.

The group name is configurable, however they must all be in a consistent
format, and must all contain the relevant remote_username once.

* Compressed CA private key support

* Fixing Netflix#72 thanks @Immortalin and @tuxinaut .

* Add support for loading ED25519 public keys

* Add certificate builder and test ED25519 signed by RSA

* Allowing BLESS lambda to accept ed25519 keys, completing https://gith… (Netflix#74)

* Allowing BLESS lambda to accept ed25519 keys, completing Netflix#71 .  Thanks @jnewbigin .

* Moving BLESS to python 3.6. (Netflix#75)

* Moving BLESS to python 3.6.
You just need to rebuild, publish, and switch your lambda runtime from 2.7 to 3.6.

* Moving TravisCI to Python3.6 as well.

* bless_client.py: fix argv unpacking when using a kmsauth token (Netflix#63)

* Add the FileSync flag to the zip command (Netflix#76)

* Make lambda_configs dir optional for publish make target (Netflix#69)

* Adding a blacklisted remote_usernames option.  This would prevent particular SSH Authorized Principals from being included in a BLESS certificate.

* Refactored BLESS to cache KMS decrypt results for the ca private key password.

* Bumping to Release v.0.3.0

Features include:
Python 3.6 Lambda support
Caching of the KMS decrypted CA Private Key Password.
Compressed CA Private Key support, allowing RSA 4096 keys to be set in the Lambda Environment.
Issue certificates for ED25519 public keys (RSA CA).
New option to validate the remote username against the IAM groups of the calling user.
Updated dependencies.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tuxinaut @Immortalin @russell-lewis