|
 |
79af3c |
%global custodiaipa_version 0.1.0
|
|
|
79af3c |
|
|
|
79af3c |
Name: custodia
|
|
|
79af3c |
Version: 0.3.1
|
|
|
79af3c |
Release: 4%{?dist}
|
|
|
79af3c |
Summary: A service to manage, retrieve and store secrets for other processes
|
|
|
79af3c |
|
|
|
79af3c |
License: GPLv3+
|
|
|
79af3c |
URL: https://github.com/latchset/%{name}
|
|
|
79af3c |
Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
|
|
|
79af3c |
Source1: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz.sha512sum.txt
|
|
|
79af3c |
Source2: custodia.conf
|
|
|
79af3c |
Source5: custodia.tmpfiles.conf
|
|
|
79af3c |
Patch1: 0001-Vendor-configparser-3.5.0.patch
|
|
|
79af3c |
Patch2: 0002-Patch-and-integrate-vendored-configparser.patch
|
|
|
79af3c |
Patch3: 0003-Remove-etcd-store.patch
|
|
|
79af3c |
Patch4: 0004-Vendor-custodia.ipa.patch
|
|
|
79af3c |
Patch5: 0005-Add-workaround-for-missing-kra_server_server.patch
|
|
|
79af3c |
|
|
|
79af3c |
|
|
|
79af3c |
BuildArch: noarch
|
|
|
79af3c |
|
|
|
79af3c |
BuildRequires: python-devel
|
|
|
79af3c |
BuildRequires: python-jwcrypto
|
|
|
79af3c |
BuildRequires: python-requests
|
|
|
79af3c |
BuildRequires: python-setuptools
|
|
|
79af3c |
BuildRequires: python-coverage
|
|
|
79af3c |
BuildRequires: pytest
|
|
|
79af3c |
BuildRequires: python-docutils
|
|
|
79af3c |
BuildRequires: systemd-python
|
|
|
79af3c |
BuildRequires: python-ipalib
|
|
|
79af3c |
Requires: python-custodia = %{version}-%{release}
|
|
|
79af3c |
|
|
|
79af3c |
Requires(preun): systemd-units
|
|
|
79af3c |
Requires(postun): systemd-units
|
|
|
79af3c |
Requires(post): systemd-units
|
|
|
79af3c |
|
|
|
79af3c |
%global overview \
|
|
|
79af3c |
Custodia is a Secrets Service Provider, it stores or proxies access to \
|
|
|
79af3c |
keys, password, and secret material in general. Custodia is built to \
|
|
|
79af3c |
use the HTTP protocol and a RESTful API as an IPC mechanism over a local \
|
|
|
79af3c |
Unix Socket. It can also be exposed to a network via a Reverse Proxy \
|
|
|
79af3c |
service assuming proper authentication and header validation is \
|
|
|
79af3c |
implemented in the Proxy. \
|
|
|
79af3c |
\
|
|
|
79af3c |
Custodia is modular, the configuration file controls how authentication, \
|
|
|
79af3c |
authorization, storage and API plugins are combined and exposed.
|
|
|
79af3c |
|
|
|
79af3c |
|
|
|
79af3c |
%description
|
|
|
79af3c |
A service to manage, retrieve and store secrets for other processes
|
|
|
79af3c |
|
|
|
79af3c |
%{overview}
|
|
|
79af3c |
|
|
|
79af3c |
%package -n python-custodia
|
|
|
79af3c |
Summary: Sub-package with python2 custodia modules
|
|
|
79af3c |
Provides: python2-custodia = %{version}-%{release}
|
|
|
79af3c |
Requires: python-jwcrypto
|
|
|
79af3c |
Requires: python-requests
|
|
|
79af3c |
Requires: python-setuptools
|
|
|
79af3c |
Requires: systemd-python
|
|
|
79af3c |
|
|
|
79af3c |
%description -n python-custodia
|
|
|
79af3c |
Sub-package with python2 custodia modules
|
|
|
79af3c |
|
|
|
79af3c |
%{overview}
|
|
|
79af3c |
|
|
|
79af3c |
%package -n python-custodia-ipa
|
|
|
79af3c |
Summary: Sub-package with python2 custodia.ipa vault module
|
|
|
79af3c |
Requires: python-custodia = %{version}-%{release}
|
|
|
79af3c |
Requires: python-ipalib
|
|
|
79af3c |
Requires: ipa-client
|
|
|
79af3c |
|
|
|
79af3c |
%description -n python-custodia-ipa
|
|
|
79af3c |
Sub-package with python2 custodia.ipa vault module
|
|
|
79af3c |
|
|
|
79af3c |
%{overview}
|
|
|
79af3c |
|
|
|
79af3c |
%prep
|
|
|
79af3c |
grep `sha512sum %{SOURCE0}` %{SOURCE1} || (echo "Checksum invalid!" && exit 1)
|
|
|
79af3c |
%setup
|
|
|
79af3c |
%patch1 -p1
|
|
|
79af3c |
%patch2 -p1
|
|
|
79af3c |
%patch3 -p1
|
|
|
79af3c |
%patch4 -p1
|
|
|
79af3c |
%patch5 -p1
|
|
|
79af3c |
|
|
|
79af3c |
|
|
|
79af3c |
%build
|
|
|
79af3c |
%{__python2} setup.py egg_info build
|
|
|
79af3c |
|
|
|
79af3c |
|
|
|
79af3c |
%check
|
|
|
79af3c |
export PYTHONPATH="%{buildroot}/%{python2_sitelib}"
|
|
|
79af3c |
py.test --skip-servertest --ignore=tests/test_ipa.py --ignore=tests/test_cli.py
|
|
|
79af3c |
|
|
|
79af3c |
|
|
|
79af3c |
%install
|
|
|
79af3c |
mkdir -p %{buildroot}/%{_sbindir}
|
|
|
79af3c |
mkdir -p %{buildroot}/%{_mandir}/man7
|
|
|
79af3c |
mkdir -p %{buildroot}/%{_defaultdocdir}/custodia
|
|
|
79af3c |
mkdir -p %{buildroot}/%{_defaultdocdir}/custodia/examples
|
|
|
79af3c |
mkdir -p %{buildroot}/%{_sysconfdir}/custodia
|
|
|
79af3c |
mkdir -p %{buildroot}/%{_unitdir}
|
|
|
79af3c |
mkdir -p %{buildroot}/%{_tmpfilesdir}
|
|
|
79af3c |
mkdir -p %{buildroot}/%{_localstatedir}/lib/custodia
|
|
|
79af3c |
mkdir -p %{buildroot}/%{_localstatedir}/log/custodia
|
|
|
79af3c |
|
|
|
79af3c |
%{__python2} setup.py install --skip-build --root %{buildroot}
|
|
|
79af3c |
mv %{buildroot}/%{_bindir}/custodia %{buildroot}/%{_sbindir}/custodia
|
|
|
79af3c |
install -m 644 -t "%{buildroot}/%{_mandir}/man7" man/custodia.7
|
|
|
79af3c |
install -m 644 -t "%{buildroot}/%{_defaultdocdir}/custodia" README README.custodia.ipa API.md
|
|
|
79af3c |
install -m 644 -t "%{buildroot}/%{_defaultdocdir}/custodia/examples" custodia.conf
|
|
|
79af3c |
install -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/custodia
|
|
|
79af3c |
install -m 644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/custodia.conf
|
|
|
79af3c |
# Recently setuptools stopped installing namespace __init__.py
|
|
|
79af3c |
install -m 644 -t "%{buildroot}/%{python2_sitelib}/custodia" custodia/__init__.py
|
|
|
79af3c |
|
|
|
79af3c |
|
|
|
79af3c |
%post
|
|
|
79af3c |
%systemd_post custodia.socket
|
|
|
79af3c |
%systemd_post custodia.service
|
|
|
79af3c |
|
|
|
79af3c |
%preun
|
|
|
79af3c |
%systemd_preun custodia.socket
|
|
|
79af3c |
%systemd_preun custodia.service
|
|
|
79af3c |
|
|
|
79af3c |
%postun
|
|
|
79af3c |
%systemd_postun custodia.socket
|
|
|
79af3c |
%systemd_postun custodia.service
|
|
|
79af3c |
|
|
|
79af3c |
|
|
|
79af3c |
%files
|
|
|
79af3c |
%doc %{_defaultdocdir}/custodia/README
|
|
|
79af3c |
%doc %{_defaultdocdir}/custodia/API.md
|
|
|
79af3c |
%doc %{_defaultdocdir}/custodia/examples/custodia.conf
|
|
|
79af3c |
%license LICENSE
|
|
|
79af3c |
%{_mandir}/man7/custodia*
|
|
|
79af3c |
%{_sbindir}/custodia
|
|
|
79af3c |
%{_bindir}/custodia-cli
|
|
|
79af3c |
%dir %attr(0700,root,root) %{_sysconfdir}/custodia
|
|
|
79af3c |
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/custodia/custodia.conf
|
|
|
79af3c |
%dir %attr(0700,root,root) %{_localstatedir}/lib/custodia
|
|
|
79af3c |
%dir %attr(0700,root,root) %{_localstatedir}/log/custodia
|
|
|
79af3c |
%{_tmpfilesdir}/custodia.conf
|
|
|
79af3c |
|
|
|
79af3c |
%files -n python-custodia
|
|
|
79af3c |
%license LICENSE
|
|
|
79af3c |
%exclude %{python2_sitelib}/custodia/ipa
|
|
|
79af3c |
%{python2_sitelib}/*
|
|
|
79af3c |
|
|
|
79af3c |
%files -n python-custodia-ipa
|
|
|
79af3c |
%doc %{_defaultdocdir}/custodia/README.custodia.ipa
|
|
|
79af3c |
%{python2_sitelib}/custodia/ipa/*
|
|
|
79af3c |
|
|
|
79af3c |
|
|
|
79af3c |
%changelog
|
|
|
79af3c |
* Tue Jun 20 2017 Christian Heimes <cheimes@redhat.com> - 0.3.1-4
|
|
|
79af3c |
- Add workaround for missing kra_server_server key, resolves #1462403
|
|
|
79af3c |
|
|
|
79af3c |
* Mon Jun 12 2017 Christian Heimes <cheimes@redhat.com> - 0.3.1-3
|
|
|
79af3c |
- Remove custodia user from tmpfiles.d, resolves #1460735
|
|
|
79af3c |
- Add missing systemd hooks for service and socket files
|
|
|
79af3c |
- Drop dependency on python-mock and skip mock tests in check block,
|
|
|
79af3c |
resolves #1447426
|
|
|
79af3c |
|
|
|
79af3c |
* Fri Mar 31 2017 Christian Heimes <cheimes@redhat.com> - 0.3.1-2
|
|
|
79af3c |
- Exclude empty directory custodia/ipa from python-custodia
|
|
|
79af3c |
|
|
|
79af3c |
* Fri Mar 31 2017 Christian Heimes <cheimes@redhat.com> - 0.3.1-1
|
|
|
79af3c |
- Rebase to Custodia 0.3.1
|
|
|
79af3c |
- Vendor custodia.ipa 0.1.0
|
|
|
79af3c |
- Vendor backports.configparser 3.5.0 final
|
|
|
79af3c |
- related: #1403214
|
|
|
79af3c |
|
|
|
79af3c |
* Tue Mar 28 2017 Christian Heimes <cheimes@redhat.com> - 0.3.0-4
|
|
|
79af3c |
- Fix whitespace handling in URLs
|
|
|
79af3c |
- Use upstream patches to replace patches for setuptools and configparser
|
|
|
79af3c |
- resolves: #1436763
|
|
|
79af3c |
|
|
|
79af3c |
* Fri Mar 17 2017 Christian Heimes <cheimes@redhat.com> - 0.3.0-3
|
|
|
79af3c |
- custodia depends on python-custodia
|
|
|
79af3c |
|
|
|
79af3c |
* Fri Mar 17 2017 Christian Heimes <cheimes@redhat.com> - 0.3.0-2
|
|
|
79af3c |
- Fix package dependencies and package names to use python prefix
|
|
|
79af3c |
|
|
|
79af3c |
* Wed Mar 15 2017 Christian Heimes <cheimes@redhat.com> - 0.3.0-1
|
|
|
79af3c |
- Update to custodia 0.3.0
|
|
|
79af3c |
- Vendor backports.configparser 3.5.0b2
|
|
|
79af3c |
- Fix compatibility issues with old setuptools
|
|
|
79af3c |
- Add tmpfiles.d config for /run/custodia
|
|
|
79af3c |
|
|
|
79af3c |
* Wed Sep 07 2016 Christian Heimes <cheimes@redhat.com> - 0.1.0-4
|
|
|
79af3c |
- Disable tests (broken on build machines)
|
|
|
79af3c |
- related: #1371902
|
|
|
79af3c |
|
|
|
79af3c |
* Wed Sep 07 2016 Simo Sorce <simo@redhat.com> - 0.1.0-3
|
|
|
79af3c |
- Change default to use RSA OAEP padding
|
|
|
79af3c |
- resolves: #1371902
|
|
|
79af3c |
|
|
|
79af3c |
* Mon Apr 04 2016 Christian Heimes <cheimes@redhat.com> - 0.2.1-2
|
|
|
79af3c |
- Correct download link
|
|
|
79af3c |
|
|
|
79af3c |
* Thu Mar 31 2016 Christian Heimes <cheimes@redhat.com> - 0.1.0-1
|
|
|
79af3c |
- Initial packaging
|