Upgrade utf_16 project to use .NET 8 with NativeAot and remove runtime .NET dependency

CMakeLists.txt

@@ -194,9 +194,8 @@ endif()
 add_custom_command(
         TARGET credentials-fetcherd
         PRE_LINK
-        COMMAND bash -c  "CURR_DIR=$PWD && echo $CURR_DIR && cd ${CMAKE_CURRENT_SOURCE_DIR}/auth/kerberos/src/utf16_decode && ./build-using-csc.sh Program.cs && cp Program.exe $CURR_DIR/credentials_fetcher_utf16_private.exe && cp Program.runtimeconfig.json $CURR_DIR/credentials_fetcher_utf16_private.runtimeconfig.json"
+        COMMAND bash -c "CURR_DIR=$PWD && echo $CURR_DIR && cd ${CMAKE_CURRENT_SOURCE_DIR}/auth/kerberos/src/utf16_decode && ./build-using-native-aot.sh && cp bin/Release/net8.0/linux-x64/publish/utf16_decode $CURR_DIR/credentials_fetcher_utf16_private"
         VERBATIM)
-
 target_include_directories(credentials-fetcherd PUBLIC common)
 
 if(${Protobuf_VERSION} VERSION_GREATER_EQUAL "3.21.0.0")
@@ -222,12 +221,11 @@ install(FILES ${CMAKE_BINARY_DIR}/credentials-fetcherd
 
 install(FILES ${CMAKE_SOURCE_DIR}/scripts/systemd/credentials-fetcher.service
         DESTINATION "/usr/lib/systemd/system/")
-install(FILES ${CMAKE_BINARY_DIR}/credentials_fetcher_utf16_private.exe
-        DESTINATION "/usr/sbin/"
-        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)
-install(FILES ${CMAKE_BINARY_DIR}/credentials_fetcher_utf16_private.runtimeconfig.json
+
+install(FILES ${CMAKE_BINARY_DIR}/credentials_fetcher_utf16_private
         DESTINATION "/usr/sbin/"
         PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)
+
 install(FILES ${CMAKE_BINARY_DIR}/krb5.conf
         DESTINATION "/usr/sbin/"
         PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)

auth/kerberos/src/krb.cpp

@@ -12,7 +12,7 @@ const std::vector<char> invalid_characters = { '&',  '|', ';', ':',  '$', '*', '
                                                '>',  '!', ' ', '\\', '.', ']', '[', '+',
                                                '\'', '`', '~', '}',  '{', '"', ')', '(' };
 
-const std::string install_path_for_decode_exe = "/usr/sbin/credentials_fetcher_utf16_private.exe";
+const std::string install_path_for_decode_exe = "/usr/sbin/credentials_fetcher_utf16_private";
 
 const std::string install_path_for_aws_cli = "/usr/bin/aws";
 
@@ -213,7 +213,7 @@ std::pair<int, std::string> fetch_gmsa_password_and_create_krb_ticket(
     std::string default_principal = "'" + gmsa_account_name + "$'" + "@" + domain_name;
 
     /* Pipe password to the utf16 decoder and kinit */
-    std::string kinit_cmd = std::string( "dotnet " ) + std::string( install_path_for_decode_exe ) +
+    std::string kinit_cmd = std::string( install_path_for_decode_exe ) +
                             std::string( " | kinit " ) + std::string( " -c " ) + krb_cc_name +
                             " -V " + default_principal;
     std::cerr << Util::getCurrentTime() << '\t' << "INFO:" << kinit_cmd << std::endl;

auth/kerberos/src/utf16_decode/build-using-native-aot.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# Ensure .NET CLI doesn't send telemetry data
+DOTNET_CLI_TELEMETRY_OPTOUT=1
+export DOTNET_CLI_TELEMETRY_OPTOUT
+
+# Get the .NET SDK version
+sdkver=$(dotnet --version)
+
+project_file="utf16_decode.csproj"
+
+dotnet publish "$project_file" \
+    -c Release \
+    -r linux-x64 \
+    --self-contained true \
+    -p:PublishAot=true \
+    -p:InvariantGlobalization=true
+
+echo "NativeAOT compilation complete. Check the publish directory for the output."

auth/kerberos/src/utf16_decode/utf16_decode.csproj

@@ -2,10 +2,10 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
-    <PublishSingleFile>true</PublishSingleFile>
+    <PublishAot>true</PublishAot>
     <SelfContained>true</SelfContained>
     <RuntimeIdentifier>linux-x64</RuntimeIdentifier>
     <PublishTrimmed>true</PublishTrimmed>

package/credentials-fetcher.spec

@@ -1,6 +1,6 @@
 %global major_version 1
 %global minor_version 3
-%global patch_version 6
+%global patch_version 65
 
 # For handling bump release by rpmdev-bumpspec and mass rebuild
 %global baserelease 0
@@ -12,7 +12,7 @@ Summary:        credentials-fetcher is a daemon that refreshes tickets or tokens
 
 License:        Apache-2.0
 URL:            https://github.com/aws/credentials-fetcher
-Source0:        credentials-fetcher-v.1.3.6.tar.gz
+Source0:        credentials-fetcher-v.1.3.65.tar.gz
 
 BuildRequires:  cmake3 make chrpath openldap-clients grpc-devel gcc-c++ glib2-devel jsoncpp-devel
 BuildRequires:  openssl-devel zlib-devel protobuf-devel re2-devel krb5-devel systemd-devel
@@ -22,14 +22,7 @@ BuildRequires:  systemd-rpm-macros grpc-plugins
 BuildRequires:  aws-sdk-cpp-devel aws-sdk-cpp aws-sdk-cpp-static
 %endif
 
-# fedora41 does not support .NET6
-%if 0%{?fedora} >= 41
 BuildRequires:  dotnet-sdk-8.0
-Requires:       dotnet-runtime-8.0
-%else
-BuildRequires:  dotnet-sdk-6.0
-Requires:       dotnet-runtime-6.0
-%endif
 
 Requires: bind-utils openldap openldap-clients awscli jsoncpp
 # No one likes you i686
@@ -71,8 +64,7 @@ ctest3
 %license LICENSE
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/
 %doc CONTRIBUTING.md NOTICE README.md
-%attr(0700, -, -) %{_sbindir}/credentials_fetcher_utf16_private.exe
-%attr(0700, -, -) %{_sbindir}/credentials_fetcher_utf16_private.runtimeconfig.json
+%attr(0700, -, -) %{_sbindir}/credentials_fetcher_utf16_private
 %attr(0755, -, -) %{_sbindir}/krb5.conf
 
 %changelog

setup-scripts/README.md

@@ -0,0 +1,5 @@
+## Setup Scripts
+Setup scripts are meant to compile and build credentials-fetcher along with 
+all its dependencies. These can be used to setup a development environment 
+to build and test changes. You can choose to either setup a docker container 
+or setup the dependencies on the instance itself.

docker/Dockerfile-ubuntu-20.04 → setup-scripts/docker-scripts/Dockerfile-ubuntu-20.04

@@ -30,7 +30,7 @@ RUN cd /root && wget https://packages.microsoft.com/config/ubuntu/20.04/packages
     && dpkg -i packages-microsoft-prod.deb \
     && rm packages-microsoft-prod.deb \
     && apt-get update \
-    && apt-get install -y dotnet-sdk-6.0 \
+    && apt-get install -y dotnet-sdk-8.0 \
     && ln -s '/usr/share/dotnet' '/usr/lib/dotnet'
 
 RUN git clone https://github.com/aws/credentials-fetcher /root/credentials-fetcher \

docker/Dockerfile-ubuntu-22.04 → setup-scripts/docker-scripts/Dockerfile-ubuntu-22.04

@@ -28,7 +28,7 @@ RUN cd /root && wget https://packages.microsoft.com/config/ubuntu/20.04/packages
     && apt remove 'dotnet*' 'aspnetcore*' 'netstandard*' \
     && rm /etc/apt/sources.list.d/microsoft-prod.list \
     && apt update \
-    && apt-get install -y dotnet-sdk-6.0
+    && apt-get install -y dotnet-sdk-8.0
 
 #RUN git clone -b credentials-fetcher-credfile https://github.com/fordth/credentials-fetcher /root/credentials-fetcher \
 RUN git clone https://github.com/aws/credentials-fetcher /root/credentials-fetcher \

setup-scripts/shell-scripts/ubuntu-22.04-setup.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+# Run as root
+if [ "$EUID" -ne 0 ]
+  then echo "Please run as root"
+  exit
+fi
+
+# Set timezone
+TIME_ZONE="UTC"
+
+
+USER_DIR="/home/ubuntu"  # Default directory
+
+echo "Do you want to use a different directory instead of /home/ubuntu? (y/n)"
+read response
+
+if [[ $response =~ ^[Yy]$ ]]; then
+    echo "Please enter the directory path:"
+    read user_input
+
+    if [ -d "$user_input" ]; then
+        USER_DIR="$user_input"
+    else
+        echo "Warning: The directory $user_input does not exist. Using default: $USER_DIR"
+    fi
+fi
+
+cd "$USER_DIR"
+
+echo "Installing dependencies for credentials-fetcher"
+apt-get update \
+    && DEBIAN_FRONTEND="noninteractive" TZ="${TIME_ZONE}" \
+        apt install -y git clang wget curl autoconf \
+        libglib2.0-dev libboost-dev libkrb5-dev libsystemd-dev libssl-dev \
+        libboost-program-options-dev libboost-filesystem-dev byacc make \
+        libjsoncpp-dev libgtest-dev pip python3.10-venv \
+        libsasl2-modules-gssapi-mit:amd64 ldap-utils krb5-config awscli
+
+
+git clone https://github.com/Kitware/CMake.git -b release \
+    && cd CMake && ./configure && make -j4 &&  pwd && make install
+
+if [ $? -ne 0 ]; then
+    echo "error: Cmake installation failed"
+    exit 1
+else
+    echo "CMake successfully installed, now installing krb5"
+fi
+
+cd "$USER_DIR"
+
+
+git clone https://github.com/krb5/krb5.git -b krb5-1.21.2-final \
+     && cd krb5/src && autoconf && autoreconf && ./configure && make -j4 && make install
+
+if [ $? -ne 0 ]; then
+    echo "error: krb5 installation failed"
+    exit 1
+else
+    echo "krb5 successfully installed, now installing grpc"
+fi
+
+cd "$USER_DIR"
+
+git clone --recurse-submodules -b v1.58.0 https://github.com/grpc/grpc && mkdir -p grpc/build && cd grpc/build && cmake -DgRPC_INSTALL=ON -DgRPC_BUILD_TESTS=OFF -DCMAKE_CXX_STANDARD=17 ../  && make -j4 && make install
+
+cd "$USER_DIR"
+
+mkdir -p grpc/cmake/build && cd grpc/cmake/build \
+    && cmake -DgRPC_BUILD_TESTS=ON ../.. && make grpc_cli \
+    && cp grpc_cli /usr/local/bin
+
+if [ $? -ne 0 ]; then
+    echo "error: grpc installation failed"
+    exit 1
+else
+    echo "grpc successfully installed, now installing Microsoft packages"
+fi
+
+cd "$USER_DIR"
+
+wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb \
+    && DEBIAN_FRONTEND=noninteractive dpkg -i packages-microsoft-prod.deb \
+    && rm packages-microsoft-prod.deb \
+    && apt-get remove -y 'dotnet*' 'aspnetcore*' 'netstandard*' \
+    && rm /etc/apt/sources.list.d/microsoft-prod.list \
+    && apt-get update -y \
+    && apt-get install -y dotnet-sdk-8.0
+
+mkdir -p /usr/lib64/glib-2.0/ && ln -s '/usr/lib/x86_64-linux-gnu/glib-2.0/include/' '/usr/lib64/glib-2.0/include' && ln -s '/usr/include/jsoncpp/json/' '/usr/include/json'
+
+mkdir -p /var/credentials-fetcher/logging
+mkdir -p /var/credentials-fetcher/socket
+mkdir -p /var/credentials-fetcher/krbdir
+
+if [ $? -ne 0 ]; then
+    echo "error: Microsoft packages installation failed"
+    exit 1
+else
+    echo "Microsoft packages successfully installed. Please follow the instructions in the setup doc to clone the repo and build it"
+fi
+
+export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
+
+cd "$USER_DIR"
+git clone -b dev https://github.com/aws/credentials-fetcher.git # update branch as needed
+mkdir -p credentials-fetcher/build 
+cd credentials-fetcher/build
+cmake ../ && make -j4 && make install
+