# Bundling request for bootstrap/patternfly: https://fedorahosted.org/fpc/ticket/483
Name: ipsilon
Version: 2.0.2
Release: 2%{?builddate}%{?gittag}%{?dist}
Summary: An Identity Provider Server
Group: System Environment/Base
License: GPLv3+
URL: https://fedorahosted.org/ipsilon/
Source0: https://fedorahosted.org/released/ipsilon/ipsilon-%{version}.tar.gz
Patch0: 0001-Fix-RHBZ-1391445.patch
BuildArch: noarch
BuildRequires: python2-devel
BuildRequires: python-setuptools
BuildRequires: lasso-python
BuildRequires: python-openid, python-openid-cla, python-openid-teams
BuildRequires: m2crypto
Requires: python-requests
Requires: %{name}-base = %{version}-%{release}
BuildArch: noarch
%description
Ipsilon is a multi-protocol Identity Provider service. Its function is to
bridge authentication providers and applications to achieve Single Sign On
and Federation.
%package base
Summary: Ipsilon base IDP server
Group: System Environment/Base
License: GPLv3+
Requires: httpd
Requires: mod_ssl
Requires: %{name}-filesystem = %{version}-%{release}
Requires: %{name}-provider = %{version}-%{release}
Requires: mod_wsgi
Requires: python-cherrypy
Requires: python-jinja2
Requires: python-lxml
Requires: python-sqlalchemy
Requires: open-sans-fonts
Requires: fontawesome-fonts
Requires: pam
Requires(pre): shadow-utils
Requires(post): %_sbindir/semanage, %_sbindir/restorecon
Requires(postun): %_sbindir/semanage
%description base
The Ipsilon IdP server without installer
%package filesystem
Summary: Package providing files required by Ipsilon
Group: System Environment/Base
License: GPLv3+
%description filesystem
Package providing basic directory structure required
for all Ipsilon parts
%package client
Summary: Tools for configuring Ipsilon clients
Group: System Environment/Base
License: GPLv3+
Requires: %{name}-filesystem = %{version}-%{release}
Requires: %{name}-saml2-base = %{version}-%{release}
Requires: mod_auth_mellon
Requires: mod_auth_openidc
Requires: mod_ssl
Requires: python-requests
BuildArch: noarch
%description client
Client install tools
%package tools-ipa
summary: IPA helpers
Group: System Environment/Base
License: GPLv3+
Requires: %{name}-authgssapi = %{version}-%{release}
Requires: %{name}-authform = %{version}-%{release}
Requires: %{name}-infosssd = %{version}-%{release}
%if 0%{?rhel}
Requires: ipa-client
Requires: ipa-admintools
%else
Requires: freeipa-client
Requires: freeipa-admintools
%endif
BuildArch: noarch
%description tools-ipa
Convenience client install tools for IPA support in the Ipsilon identity Provider
%package saml2-base
Summary: SAML2 base
Group: System Environment/Base
License: GPLv3+
Requires: lasso-python
Requires: python-lxml
BuildArch: noarch
%description saml2-base
Provides core SAML2 utilities
%package saml2
Summary: SAML2 provider plugin
Group: System Environment/Base
License: GPLv3+
Provides: ipsilon-provider = %{version}-%{release}
Requires: %{name}-base = %{version}-%{release}
Requires: %{name}-saml2-base = %{version}-%{release}
BuildArch: noarch
%description saml2
Provides a SAML2 provider plugin for the Ipsilon identity Provider
%package openid
Summary: Openid provider plugin
Group: System Environment/Base
License: GPLv3+
Provides: ipsilon-provider = %{version}-%{release}
Requires: %{name}-base = %{version}-%{release}
Requires: python-openid
Requires: python-openid-cla
Requires: python-openid-teams
BuildArch: noarch
%description openid
Provides an OpenId provider plugin for the Ipsilon identity Provider
%package openidc
Summary: OpenID Connect provider plugin
Group: System Environment/Base
License: GPLv3+
Provides: ipsilon-provider = %{version}-%{release}
Requires: %{name} = %{version}-%{release}
Requires: python-jwcrypto
BuildArch: noarch
%description openidc
Provides an OpenID Connect and OAuth2 provider plugin for the Ipsilon
identity Provider
%package persona
Summary: Persona provider plugin
Group: System Environment/Base
License: GPLv3+
Provides: ipsilon-provider = %{version}-%{release}
Requires: %{name}-base = %{version}-%{release}
Requires: m2crypto
BuildArch: noarch
%description persona
Provides a Persona provider plugin for the Ipsilon identity Provider
%package authfas
Summary: Fedora Authentication System login plugin
Group: System Environment/Base
License: GPLv3+
Requires: %{name}-base = %{version}-%{release}
Requires: %{name}-infofas = %{version}-%{release}
Requires: python-fedora
BuildArch: noarch
%description authfas
Provides a login plugin to authenticate against the Fedora Authentication System
%package authform
Summary: mod_intercept_form_submit login plugin
Group: System Environment/Base
License: GPLv3+
Requires: %{name}-base = %{version}-%{release}
Requires: mod_intercept_form_submit
BuildArch: noarch
%description authform
Provides a login plugin to authenticate with mod_intercept_form_submit
%package authpam
Summary: PAM based login plugin
Group: System Environment/Base
License: GPLv3+
Requires: %{name}-base = %{version}-%{release}
Requires: python-pam
BuildArch: noarch
%description authpam
Provides a login plugin to authenticate against the local PAM stack
%package authgssapi
Summary: mod_auth_gssapi based login plugin
Group: System Environment/Base
License: GPLv3+
Requires: %{name}-base = %{version}-%{release}
Requires: mod_auth_gssapi
BuildArch: noarch
%description authgssapi
Provides a login plugin to allow authentication via the mod_auth_gssapi
Apache module.
%package authldap
Summary: LDAP info and login plugin
Group: System Environment/Base
License: GPLv3+
Requires: %{name}-base = %{version}-%{release}
Requires: python-ldap
BuildArch: noarch
%description authldap
Provides a login plugin to allow authentication and info retrieval via LDAP.
%package infofas
Summary: Fedora Authentication System login plugin
Group: System Environment/Base
License: GPLv3+
Requires: %{name}-base = %{version}-%{release}
Requires: python-fedora
BuildArch: noarch
%description infofas
Provides an info plugin to retrieve info from the Fedora Authentication System
%package infosssd
Summary: SSSD & mod_lookup_identity-based identity plugin
Group: System Environment/Base
License: GPLv3+
Requires: %{name}-base = %{version}-%{release}
Requires: mod_lookup_identity
Requires: libsss_simpleifp
Requires: sssd >= 1.12.4
BuildArch: noarch
%description infosssd
Provides an info plugin to allow retrieval via mod_lookup_identity and
SSSD.
%prep
%setup -q
%patch0 -p1
%build
CFLAGS="%{optflags}" %{__python} setup.py build
%install
%{__python} setup.py install --skip-build --root %{buildroot}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}%{_libexecdir}
mkdir -p %{buildroot}%{_defaultdocdir}
mkdir -p %{buildroot}%{_localstatedir}/cache/ipsilon
# These 0700 permissions are because ipsilon will store private keys here
install -d -m 0700 %{buildroot}%{_sharedstatedir}/ipsilon
install -d -m 0700 %{buildroot}%{_sysconfdir}/ipsilon
mv %{buildroot}/%{_bindir}/ipsilon %{buildroot}/%{_libexecdir}
mv %{buildroot}/%{_bindir}/ipsilon-server-install %{buildroot}/%{_sbindir}
mv %{buildroot}/%{_bindir}/ipsilon-upgrade-database %{buildroot}/%{_sbindir}
mv %{buildroot}%{_defaultdocdir}/%{name} %{buildroot}%{_defaultdocdir}/%{name}-%{version}
rm -fr %{buildroot}%{python2_sitelib}/tests
ln -s %{_datadir}/fonts %{buildroot}%{_datadir}/ipsilon/ui/fonts
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
cp %{buildroot}%{_datadir}/ipsilon/templates/install/pam/ipsilon.pamd %{buildroot}%{_sysconfdir}/pam.d/ipsilon
#%check
# The test suite is not being run because:
# 1. The last step of %%install removes the entire test suite
# 2. It increases build time a lot
# 3. It adds more build dependencies (namely postgresql server and client libraries)
%pre base
getent group ipsilon >/dev/null || groupadd -r ipsilon
getent passwd ipsilon >/dev/null || \
useradd -r -g ipsilon -d %{_sharedstatedir}/ipsilon -s /sbin/nologin \
-c "Ipsilon Server" ipsilon
exit 0
%files filesystem
%doc COPYING README.md
%dir %{_datadir}/ipsilon
%dir %{_datadir}/ipsilon/templates
%dir %{_datadir}/ipsilon/templates/install
%dir %{python2_sitelib}/ipsilon
%{python2_sitelib}/ipsilon/__init__.py*
%{python2_sitelib}/ipsilon-*.egg-info
%dir %{python2_sitelib}/ipsilon/tools
%{python2_sitelib}/ipsilon/tools/__init__.py*
%{python2_sitelib}/ipsilon/tools/files.py*
%files
%{_sbindir}/ipsilon-server-install
%{_bindir}/ipsilon-db2conf
%{_datadir}/ipsilon/templates/install/*.conf
%{_datadir}/ipsilon/ui/saml2sp
%dir %{python2_sitelib}/ipsilon/helpers
%{python2_sitelib}/ipsilon/helpers/common.py*
%{python2_sitelib}/ipsilon/helpers/__init__.py*
%doc %{_mandir}/man*/ipsilon-server-install.1*
%files base
%{_defaultdocdir}/%{name}-%{version}
%{python2_sitelib}/ipsilon/admin
%{python2_sitelib}/ipsilon/authz
%{python2_sitelib}/ipsilon/rest
%{python2_sitelib}/ipsilon/tools/dbupgrade.py*
%dir %{python2_sitelib}/ipsilon/login
%{python2_sitelib}/ipsilon/login/__init__*
%{python2_sitelib}/ipsilon/login/common*
%{python2_sitelib}/ipsilon/login/authtest*
%dir %{python2_sitelib}/ipsilon/info
%{python2_sitelib}/ipsilon/info/__init__*
%{python2_sitelib}/ipsilon/info/common*
%{python2_sitelib}/ipsilon/info/infonss*
%dir %{python2_sitelib}/ipsilon/providers
%{python2_sitelib}/ipsilon/providers/__init__*
%{python2_sitelib}/ipsilon/providers/common*
%{python2_sitelib}/ipsilon/root.py*
%{python2_sitelib}/ipsilon/util
%{python2_sitelib}/ipsilon/user
%doc %{_mandir}/man*/ipsilon.7*
%doc %{_mandir}/man*/ipsilon.conf.5*
%{_datadir}/ipsilon/templates/*.html
%{_datadir}/ipsilon/templates/admin
%{_datadir}/ipsilon/templates/user
%dir %{_datadir}/ipsilon/templates/login
%{_datadir}/ipsilon/templates/login/index.html
%{_datadir}/ipsilon/templates/login/form.html
%dir %{_datadir}/ipsilon/ui
%{_datadir}/ipsilon/ui/css
%{_datadir}/ipsilon/ui/img
%{_datadir}/ipsilon/ui/js
%{_datadir}/ipsilon/ui/fonts
%{_datadir}/ipsilon/ui/fonts-local
%{_libexecdir}/ipsilon
%{_sbindir}/ipsilon-upgrade-database
%dir %attr(0751,root,root) %{_sharedstatedir}/ipsilon
%dir %attr(0751,root,root) %{_sysconfdir}/ipsilon
%dir %attr(0750,ipsilon,apache) %{_localstatedir}/cache/ipsilon
%{_sysconfdir}/pam.d/ipsilon
%files client
%{_bindir}/ipsilon-client-install
%{_datadir}/ipsilon/templates/install/saml2
%{_datadir}/ipsilon/templates/install/openidc
%doc %{_mandir}/man*/ipsilon-client-install.1*
%files tools-ipa
%{python2_sitelib}/ipsilon/helpers/ipa.py*
%files saml2-base
%{python2_sitelib}/ipsilon/tools/saml2metadata.py*
%{python2_sitelib}/ipsilon/tools/certs.py*
%files saml2
%{python2_sitelib}/ipsilon/providers/saml2*
%{_datadir}/ipsilon/templates/saml2
%files openid
%{python2_sitelib}/ipsilon/providers/openidp.py*
%{python2_sitelib}/ipsilon/providers/openid/
%{_datadir}/ipsilon/templates/openid
%files openidc
%{python2_sitelib}/ipsilon/providers/openidcp.py*
%{python2_sitelib}/ipsilon/providers/openidc/
%{_datadir}/ipsilon/templates/openidc
%files persona
%{python2_sitelib}/ipsilon/providers/persona*
%{_datadir}/ipsilon/templates/persona
%files authfas
%{python2_sitelib}/ipsilon/login/authfas*
%files authform
%{python2_sitelib}/ipsilon/login/authform*
%files authpam
%{python2_sitelib}/ipsilon/login/authpam*
%{_datadir}/ipsilon/templates/install/pam
%files authgssapi
%{python2_sitelib}/ipsilon/login/authgssapi*
%{_datadir}/ipsilon/templates/login/gssapi.html
%files authldap
%{python2_sitelib}/ipsilon/login/authldap*
%{python2_sitelib}/ipsilon/info/infoldap*
%files infosssd
%{python2_sitelib}/ipsilon/info/infosssd.*
%files infofas
%{python2_sitelib}/ipsilon/info/infofas.*
%changelog
* Sun Dec 04 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 2.0.2-2
- Add patch to fix RHBZ#1391445
* Thu Nov 24 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 2.0.2-1
- Upgrade to 2.0.2
* Mon Oct 31 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 2.0.1-1
- New release to enable authz allow on upgrade
* Fri Oct 28 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 2.0.0-1
- Rebase to Ipsilon 2.0.0
* Wed Aug 31 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.2.0-7
- Backport ipsilon-upgrade-database fix for configfile
* Wed Aug 10 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.2.0-6
- Move pam file to base package
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.0-5
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
* Tue May 10 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.2.0-4
- Backport unicode patches (RHBZ#1334637)
* Tue May 10 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.2.0-3
- Move user creation to -base subpackage (RHBZ#1334583)
* Tue May 03 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.2.0-2
- Install pam file
* Mon May 02 2016 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.2.0-1
- Rebase to upstream 1.2.0
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Oct 14 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.1.1-2
- Fix files and requires
* Wed Oct 14 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.1.1-1
- Rebase to upstream 1.1.1
* Tue Sep 08 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.1.0-1
- Rebased to 1.1.0 release
* Fri Aug 21 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.0.0-5
- Backported some patches
- Fix for CVE-2015-5215/CVE-2015-5216/CVE-2015-5217
* Tue Aug 11 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.0.0-4
- Remove the gpg check
* Mon Jun 22 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.0.0-3
- Add mod_ssl dependency on ipsilon-client
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon May 11 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.0.0-1
- Update to release 1.0.0
* Mon Apr 20 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 0.6.0-1
- Update to release 0.6.0
* Mon Mar 30 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 0.5.0-1
- Update to release 0.5.0
* Mon Mar 02 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 0.4.0-1
- Update to release 0.4.0
* Wed Jan 28 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 0.3.0-5
- Split IPA tools
* Mon Jan 12 2015 Patrick Uiterwijk <puiterwijk@redhat.com> - 0.3.0-4
- Add symlink to fonts directory
* Tue Dec 16 2014 Patrick Uiterwijk <puiterwijk@redhat.com> - 0.3.0-3
- Fix typo
- Add comments on why the test suite is not in check
- The subpackages require the base package
- Add link to FPC ticket for bundling exception request
* Tue Dec 16 2014 Patrick Uiterwijk <puiterwijk@redhat.com> - 0.3.0-2
- Fix shebang removal
* Tue Dec 16 2014 Patrick Uiterwijk <puiterwijk@redhat.com> - 0.3.0-1
- Initial packaging