27ce82
%if 0%{?fedora} || 0%{?rhel} > 7
27ce82
# Enable python3 build by default
27ce82
%bcond_without python3
10e487
%else
27ce82
%bcond_with python3
Simo Sorce b50bb1
%endif
Simo Sorce b50bb1
091680
%if 0%{?fedora} > 29 || 0%{?rhel} > 7
27ce82
# Disable python2 build by default
27ce82
%bcond_with python2
90a7d5
%else
27ce82
%bcond_without python2
90a7d5
%endif
90a7d5
27ce82
%{!?python3_pkgversion:%global python3_pkgversion 3}
27ce82
Simo Sorce b50bb1
Name:           custodia
27ce82
Version:        0.6.0
661015
Release:        6%{?dist}
cfa9da
Summary:        A service to manage, retrieve and store secrets for other processes
Simo Sorce b50bb1
Simo Sorce b50bb1
License:        GPLv3+
Simo Sorce 777ccd
URL:            https://github.com/latchset/%{name}
Simo Sorce 8bea4e
Source0:        https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
Simo Sorce 8bea4e
Source2:        custodia.conf
70e700
Source3:        custodia@.service
70e700
Source4:        custodia@.socket
cfa9da
Source5:        custodia.tmpfiles.conf
Simo Sorce b50bb1
bae82e
Patch1:         nonfatal_deprecation.patch
bae82e
Simo Sorce b50bb1
BuildArch:      noarch
Simo Sorce b50bb1
ff92ce
BuildRequires:      systemd
27ce82
091680
%if 0%{?with_python2}
Simo Sorce 8bea4e
BuildRequires:      python2-devel
e55b5c
BuildRequires:      python2-jwcrypto >= 0.4.2
Simo Sorce 8bea4e
BuildRequires:      python2-requests
Simo Sorce 8bea4e
BuildRequires:      python2-setuptools >= 18
Simo Sorce 8bea4e
BuildRequires:      python2-coverage
Simo Sorce 8bea4e
BuildRequires:      python2-pytest
e55b5c
BuildRequires:      python2-docutils
Simo Sorce 8b5a03
BuildRequires:      python2-configparser
f59292
BuildRequires:      python2-systemd
049ac8
BuildRequires:      tox >= 2.3.1
27ce82
%endif
Simo Sorce b50bb1
Simo Sorce b50bb1
%if 0%{?with_python3}
e55b5c
BuildRequires:      python%{python3_pkgversion}-devel
e55b5c
BuildRequires:      python%{python3_pkgversion}-jwcrypto >= 0.4.2
e55b5c
BuildRequires:      python%{python3_pkgversion}-requests
e55b5c
BuildRequires:      python%{python3_pkgversion}-setuptools > 18
e55b5c
BuildRequires:      python%{python3_pkgversion}-coverage
e55b5c
BuildRequires:      python%{python3_pkgversion}-pytest
e55b5c
BuildRequires:      python%{python3_pkgversion}-docutils
e55b5c
BuildRequires:      python%{python3_pkgversion}-systemd
Simo Sorce b50bb1
%endif
Simo Sorce b50bb1
c3551c
%if 0%{?with_python3}
e55b5c
Requires:           python%{python3_pkgversion}-custodia = %{version}-%{release}
c3551c
%else
Simo Sorce 8bea4e
Requires:           python2-custodia = %{version}-%{release}
c3551c
%endif
Simo Sorce b50bb1
10e487
Requires(preun):    systemd-units
10e487
Requires(postun):   systemd-units
10e487
Requires(post):     systemd-units
10e487
81f2fa
cfa9da
%global overview                                                           \
cfa9da
Custodia is a Secrets Service Provider, it stores or proxies access to     \
cfa9da
keys, password, and secret material in general. Custodia is built to       \
cfa9da
use the HTTP protocol and a RESTful API as an IPC mechanism over a local   \
cfa9da
Unix Socket. It can also be exposed to a network via a Reverse Proxy       \
cfa9da
service assuming proper authentication and header validation is            \
cfa9da
implemented in the Proxy.                                                  \
cfa9da
                                                                           \
cfa9da
Custodia is modular, the configuration file controls how authentication,   \
cfa9da
authorization, storage and API plugins are combined and exposed.
cfa9da
cfa9da
Simo Sorce b50bb1
%description
cfa9da
A service to manage, retrieve and store secrets for other processes
Simo Sorce b50bb1
cfa9da
%{overview}
Simo Sorce 8bea4e
27ce82
%if 0%{?with_python2}
Simo Sorce 8bea4e
%package -n python2-custodia
cfa9da
Summary:    Sub-package with python2 custodia modules
e55b5c
%{?python_provide:%python_provide python2-%{name}}
Simo Sorce 8bea4e
Requires:   python2-configparser
90a7d5
Requires:   python2-jwcrypto >= 0.4.2
Simo Sorce 8bea4e
Requires:   python2-requests
Simo Sorce 8bea4e
Requires:   python2-setuptools
f59292
Requires:   python2-systemd
27ce82
Conflicts:  python2-custodia-extra < %{version}
Simo Sorce b50bb1
Simo Sorce 8bea4e
%description -n python2-custodia
cfa9da
Sub-package with python custodia modules
cfa9da
cfa9da
%{overview}
27ce82
%endif
Simo Sorce 8bea4e
Simo Sorce b50bb1
%if 0%{?with_python3}
e55b5c
%package -n python%{python3_pkgversion}-custodia
cfa9da
Summary:    Sub-package with python3 custodia modules
e55b5c
%{?python_provide:%python_provide python3-%{name}}
e55b5c
Requires:   python%{python3_pkgversion}-jwcrypto >= 0.4.2
e55b5c
Requires:   python%{python3_pkgversion}-requests
e55b5c
Requires:   python%{python3_pkgversion}-setuptools
e55b5c
Requires:   python%{python3_pkgversion}-systemd
27ce82
Conflicts:  python%{python3_pkgversion}-custodia-extra < %{version}
e55b5c
e55b5c
%description -n python%{python3_pkgversion}-custodia
cfa9da
Sub-package with python custodia modules
cfa9da
cfa9da
%{overview}
cfa9da
10e487
%endif  # with_python3
Simo Sorce b50bb1
Simo Sorce 8bea4e
Simo Sorce b50bb1
%prep
bae82e
%autosetup -p1
Simo Sorce b50bb1
Simo Sorce 8bea4e
Simo Sorce b50bb1
%build
27ce82
%if 0%{?with_python2}
e55b5c
%py2_build
27ce82
%endif
Simo Sorce b50bb1
%if 0%{?with_python3}
e55b5c
%py3_build
Simo Sorce b50bb1
%endif
Simo Sorce b50bb1
Simo Sorce b50bb1
Simo Sorce b50bb1
%check
Simo Sorce 8bea4e
# don't download packages
Simo Sorce 8bea4e
export PIP_INDEX_URL=http://host.invalid./
e55b5c
# Don't try to download dnspython3. The package is provided by python%{python3_pkgversion}-dns
f59292
export PIP_NO_DEPS=yes
d042c2
# Ignore all install packages to enforce installation of sdist. Otherwise tox
d042c2
# may pick up this package from global site-packages instead of source dist.
d042c2
export PIP_IGNORE_INSTALLED=yes
f59292
27ce82
%if 0%{?with_python2}
10e487
tox --sitepackages -e py%{python2_version_nodots} -- --skip-servertests
27ce82
%endif
27ce82
Simo Sorce 8bea4e
%if 0%{?with_python3}
27ce82
# Test custodia in a virtual environment
27ce82
%{__python3} -m venv --system-site-packages testenv
27ce82
testenv/bin/pip install .
27ce82
testenv/bin/python -m pytest --capture=no --strict --skip-servertests
Simo Sorce 8bea4e
%endif
Simo Sorce b50bb1
Simo Sorce b50bb1
Simo Sorce b50bb1
%install
Simo Sorce b50bb1
mkdir -p %{buildroot}/%{_sbindir}
Simo Sorce 8bea4e
mkdir -p %{buildroot}/%{_mandir}/man7
Simo Sorce 8bea4e
mkdir -p %{buildroot}/%{_defaultdocdir}/custodia
Simo Sorce 8bea4e
mkdir -p %{buildroot}/%{_defaultdocdir}/custodia/examples
Simo Sorce 8bea4e
mkdir -p %{buildroot}/%{_sysconfdir}/custodia
Simo Sorce 8bea4e
mkdir -p %{buildroot}/%{_unitdir}
cfa9da
mkdir -p %{buildroot}/%{_tmpfilesdir}
Simo Sorce 8bea4e
mkdir -p %{buildroot}/%{_localstatedir}/lib/custodia
Simo Sorce 8bea4e
mkdir -p %{buildroot}/%{_localstatedir}/log/custodia
70e700
mkdir -p %{buildroot}/%{_localstatedir}/run/custodia
Simo Sorce 8bea4e
27ce82
%if 0%{?with_python2}
e55b5c
%py2_install
Simo Sorce b50bb1
mv %{buildroot}/%{_bindir}/custodia %{buildroot}/%{_sbindir}/custodia
638431
cp %{buildroot}/%{_sbindir}/custodia %{buildroot}/%{_sbindir}/custodia-2
638431
cp %{buildroot}/%{_bindir}/custodia-cli %{buildroot}/%{_bindir}/custodia-cli-2
27ce82
%endif
Simo Sorce 8bea4e
Simo Sorce b50bb1
%if 0%{?with_python3}
c3551c
# overrides /usr/bin/custodia-cli and /usr/sbin/custodia with Python 3 shebang
e55b5c
%py3_install
c3551c
mv %{buildroot}/%{_bindir}/custodia %{buildroot}/%{_sbindir}/custodia
638431
cp %{buildroot}/%{_sbindir}/custodia %{buildroot}/%{_sbindir}/custodia-3
638431
cp %{buildroot}/%{_bindir}/custodia-cli %{buildroot}/%{_bindir}/custodia-cli-3
Simo Sorce b50bb1
%endif
Simo Sorce b50bb1
27ce82
install -m 644 -t "%{buildroot}/%{_mandir}/man7" man/custodia.7
27ce82
install -m 644 -t "%{buildroot}/%{_defaultdocdir}/custodia" README API.md
27ce82
install -m 644 -t "%{buildroot}/%{_defaultdocdir}/custodia/examples" custodia.conf
27ce82
install -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/custodia
27ce82
install -m 644 %{SOURCE3} %{buildroot}%{_unitdir}
27ce82
install -m 644 %{SOURCE4} %{buildroot}%{_unitdir}
27ce82
install -m 644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/custodia.conf
27ce82
27ce82
Simo Sorce b50bb1
70e700
%pre
70e700
getent group custodia >/dev/null || groupadd -r custodia
70e700
getent passwd custodia >/dev/null || \
70e700
    useradd -r -g custodia -d / -s /sbin/nologin \
70e700
    -c "User for custodia" custodia
70e700
exit 0
70e700
70e700
10e487
%post
70e700
%systemd_post custodia@\*.socket
70e700
%systemd_post custodia@\*.service
10e487
10e487
10e487
%preun
70e700
%systemd_preun custodia@\*.socket
70e700
%systemd_preun custodia@\*.service
10e487
10e487
10e487
%postun
70e700
%systemd_postun custodia@\*.socket
70e700
%systemd_postun custodia@\*.service
10e487
10e487
Simo Sorce b50bb1
%files
Simo Sorce 8bea4e
%doc README API.md
Simo Sorce 8bea4e
%doc %{_defaultdocdir}/custodia/examples/custodia.conf
Simo Sorce b50bb1
%license LICENSE
Simo Sorce b50bb1
%{_mandir}/man7/custodia*
Simo Sorce b50bb1
%{_sbindir}/custodia
Simo Sorce 8bea4e
%{_bindir}/custodia-cli
70e700
%dir %attr(0700,custodia,custodia) %{_sysconfdir}/custodia
70e700
%config(noreplace) %attr(600,custodia,custodia) %{_sysconfdir}/custodia/custodia.conf
70e700
%attr(644,root,root)  %{_unitdir}/custodia@.socket
70e700
%attr(644,root,root)  %{_unitdir}/custodia@.service
70e700
%dir %attr(0700,custodia,custodia) %{_localstatedir}/lib/custodia
70e700
%dir %attr(0700,custodia,custodia) %{_localstatedir}/log/custodia
70e700
%dir %attr(0755,custodia,custodia) %{_localstatedir}/run/custodia
cfa9da
%{_tmpfilesdir}/custodia.conf
Simo Sorce 8bea4e
27ce82
%if 0%{?with_python2}
Simo Sorce 8bea4e
%files -n python2-custodia
Simo Sorce b50bb1
%license LICENSE
e55b5c
%{python2_sitelib}/%{name}
e55b5c
%{python2_sitelib}/%{name}-%{version}-py%{python2_version}.egg-info
e55b5c
%{python2_sitelib}/%{name}-%{version}-py%{python2_version}-nspkg.pth
638431
%{_sbindir}/custodia-2
638431
%{_bindir}/custodia-cli-2
27ce82
%endif
Simo Sorce 8bea4e
Simo Sorce b50bb1
%if 0%{?with_python3}
e55b5c
%files -n python%{python3_pkgversion}-custodia
Simo Sorce b50bb1
%license LICENSE
e55b5c
%{python3_sitelib}/%{name}
e55b5c
%{python3_sitelib}/%{name}-%{version}-py%{python3_version}.egg-info
e55b5c
%{python3_sitelib}/%{name}-%{version}-py%{python3_version}-nspkg.pth
638431
%{_sbindir}/custodia-3
638431
%{_bindir}/custodia-cli-3
Simo Sorce 8bea4e
10e487
%endif  # with_python3
Simo Sorce b50bb1
Simo Sorce b50bb1
Simo Sorce b50bb1
%changelog
661015
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-6
661015
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
661015
091680
* Wed Jan 09 2019 Miro Hron훾ok <mhroncok@redhat.com> - 0.6.0-5
091680
- Drop Python 2 package from Fedora 30+
091680
b07030
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-4
b07030
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
b07030
bae82e
* Fri Jun 29 2018 Christian Heimes <cheimes@redhat.com> - 0.6.0-3
bae82e
- Don't turn deprecation warnings into fatal errors
bae82e
7806b1
* Thu Jun 28 2018 Christian Heimes <cheimes@redhat.com> - 0.6.0-2
7806b1
- Rebuild for Python 3.7
7806b1
27ce82
* Mon Jun 25 2018 Christian Heimes <cheimes@redhat.com> - 0.6.0-1
27ce82
- New upstream release 0.6.0
27ce82
- Remove etcd support
27ce82
- Remove unnecesary conflict with old FreeIPA
27ce82
- Make Python 2 optional
27ce82
d479f8
* Tue Jun 19 2018 Miro Hron훾ok <mhroncok@redhat.com> - 0.5.0-13
d479f8
- Rebuilt for Python 3.7
d479f8
049ac8
* Mon May 07 2018 Miro Hron훾ok <mhroncok@redhat.com> - 0.5.0-12
049ac8
- Fix BuildRequires to require the tox command and not the python2 module
049ac8
481d36
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.5.0-11
481d36
- Escape macros in %%changelog
481d36
4b8670
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-10
4b8670
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
4b8670
90a7d5
* Mon Aug 07 2017 Christian Heimes <cheimes@redhat.com> - 0.5.0-9
90a7d5
- freeipa 4.4.4-2.fc26 and newer are compatible with custodia 0.5
90a7d5
- Fix dependency to python2-jwcrypto >= 0.4.2
90a7d5
d042c2
* Wed Aug 02 2017 Christian Heimes <cheimes@redhat.com> - 0.5.0-8
d042c2
- Add PIP_IGNORE_INSTALLED
d042c2
e55b5c
* Tue Aug 01 2017 Christian Heimes <cheimes@redhat.com> - 0.5.0-7
e55b5c
- Modernize spec
e55b5c
e55b5c
* Tue Aug 01 2017 Christian Heimes <cheimes@redhat.com> - 0.5.0-6
e55b5c
- Require latest python-jwcrypto with Python 3 fix
e55b5c
- Use python2 prefix for all Python 2 dependencies
e55b5c
d042c2
* Tue Aug 01 2017 Christian Heimes <cheimes@redhat.com> - 0.5.0-5
70e700
- Add custodia user and named systemd instances
70e700
f77221
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-4
f77221
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
f77221
ff92ce
* Tue Jun 20 2017 Christian Heimes <cheimes@redhat.com> - 0.5.0-3
ff92ce
- Add systemd build requirement for tmpfilesdir and unitdir macros
ff92ce
10e487
* Mon Jun 19 2017 Christian Heimes <cheimes@redhat.com> - 0.5.0-2
10e487
- Skip etcd store on PPC64
10e487
- Add missing pre/post install hooks for systemd service
10e487
- Custodia 0.5 is compatible with FreeIPA 4.4.5 and newer
10e487
- Drop custodia user from tmpfiles.d conf
10e487
Simo Sorce aa0d10
* Tue May 16 2017 Simo Sorce <simo@redhat.com> - 0.5.0-1
Simo Sorce aa0d10
- New Custodia version
Simo Sorce aa0d10
- Drop checks on sha512sum, these checks are already done by dist-git
Simo Sorce aa0d10
05365a
* Tue Apr 11 2017 Christian Heimes <cheimes@redhat.com> - 0.3.1-3
05365a
- Run Python 3 tests with correct Python version
05365a
81f2fa
* Fri Apr 07 2017 Christian Heimes <cheimes@redhat.com> - 0.3.1-2
81f2fa
- Add conflict with FreeIPA < 4.5
81f2fa
aa5315
* Mon Mar 27 2017 Christian Heimes <cheimes@redhat.com> - 0.3.1-1
aa5315
- Upstream release 0.3.1
aa5315
638431
* Thu Mar 16 2017 Christian Heimes <cheimes@redhat.com> - 0.3.0-3
638431
- Provide custodia-2 and custodia-3 scripts
638431
c3551c
* Thu Mar 02 2017 Christian Heimes <cheimes@redhat.com> - 0.3.0-2
c3551c
- Run Custodia daemon with Python 3
c3551c
- Resolves: Bug 1426737 - custodia: Provide a Python 3 subpackage
c3551c
cfa9da
* Wed Mar 01 2017 Christian Heimes <cheimes@redhat.com> - 0.3.0-1
cfa9da
- Update to custodia 0.3.0
cfa9da
- Run tests with global site packages
cfa9da
- Add tmpfiles.d config for /run/custodia
cfa9da
f59292
* Wed Feb 22 2017 Christian Heimes <cheimes@redhat.com> - 0.2.0-4
f59292
- Add missing runtime requirement on python[23]-systemd.
481d36
- Drop unnecesary build dependency on python%%{python3_pkgversion}-configparser.
f59292
- Fix tests, don't try to download dnspython3.
f59292
4b8ee4
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.0-3
4b8ee4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
4b8ee4
98a0ab
* Thu Dec 22 2016 Miro Hron훾ok <mhroncok@redhat.com> - 0.2.0-2
98a0ab
- Rebuild for Python 3.6
98a0ab