# # This is 2012.2 folsom release # %global release_name folsom %global release_letter rc %global milestone 2 %global snapdate 20120926 %global git_revno r2538 %global snaptag ~%{release_letter}%{milestone}~%{snapdate}.%{git_revno} %global with_doc %{!?_without_doc:1}%{?_without_doc:0} Name: openstack-keystone Version: 2012.2 Release: 4%{?dist} #Release: 0.1.%{release_letter}%{milestone}%{?dist} Summary: OpenStack Identity Service License: ASL 2.0 URL: http://keystone.openstack.org/ Source0: http://launchpad.net/keystone/%{release_name}/%{version}/+download/keystone-%{version}.tar.gz #Source0: http://launchpad.net/keystone/%{release_name}/%{release_name}-%{milestone}/+download/keystone-%{version}~%{release_letter}%{milestone}.tar.gz #Source0: http://tarballs.openstack.org/keystone/keystone-%{version}%{snaptag}.tar.gz Source1: openstack-keystone.logrotate Source2: openstack-keystone.service Source5: openstack-keystone-sample-data # # patches_base=2012.2 # Patch0001: 0001-match-egg-and-spec-requires.patch Patch0002: 0002-add-Quantum-endpoint-in-sample-data.patch Patch0003: 0003-add-Swift-endpoint-in-sample-data.patch Patch0004: 0004-notify-calling-process-we-are-ready-to-serve.patch Patch0005: 0005-Fix-default-port-for-identity.internalURL.patch BuildArch: noarch BuildRequires: python2-devel BuildRequires: python-sphinx >= 1.0 BuildRequires: openstack-utils BuildRequires: python-iniparse BuildRequires: systemd-units Requires: python-keystone = %{version}-%{release} Requires: python-keystoneclient >= 2012.1-0.4.e4 Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils %description Keystone is a Python implementation of the OpenStack (http://www.openstack.org) identity service API. This package contains the Keystone daemon. %package -n python-keystone Summary: Keystone Python libraries Group: Applications/System # python-keystone added in 2012.1-0.2.e3 Conflicts: openstack-keystone < 2012.1-0.2.e3 Provides: python-keystone-auth-token Obsoletes: python-keystone-auth-token # auth-token subpackage was removed to avoid issues like rhbz#868357 # in Folsom auth-token does not work standalone anyway rhbz#844508 # it will be back in Grizzly pythone-keystoneclient lp#1039567 Requires: python-eventlet Requires: python-ldap Requires: python-lxml Requires: python-memcached Requires: python-migrate Requires: python-paste-deploy Requires: python-routes Requires: python-sqlalchemy Requires: python-webob Requires: python-passlib Requires: MySQL-python Requires: PyPAM Requires: python-iso8601 %description -n python-keystone Keystone is a Python implementation of the OpenStack (http://www.openstack.org) identity service API. This package contains the Keystone Python library. %if 0%{?with_doc} %package doc Summary: Documentation for OpenStack Identity Service Group: Documentation %description doc Keystone is a Python implementation of the OpenStack (http://www.openstack.org) identity service API. This package contains documentation for Keystone. %endif %prep %setup -q -n keystone-%{version} %patch0001 -p1 %patch0002 -p1 %patch0003 -p1 %patch0004 -p1 %patch0005 -p1 find . \( -name .gitignore -o -name .placeholder \) -delete find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \; %build # change default configuration cp etc/keystone.conf.sample etc/keystone.conf openstack-config --set etc/keystone.conf DEFAULT log_file %{_localstatedir}/log/keystone/keystone.log openstack-config --set etc/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone openstack-config --set etc/keystone.conf catalog template_file %{_sysconfdir}/keystone/default_catalog.templates openstack-config --set etc/keystone.conf catalog driver keystone.catalog.backends.sql.Catalog openstack-config --set etc/keystone.conf identity driver keystone.identity.backends.sql.Identity openstack-config --set etc/keystone.conf token driver keystone.token.backends.sql.Token openstack-config --set etc/keystone.conf ec2 driver keystone.contrib.ec2.backends.sql.Ec2 openstack-config --set etc/keystone.conf DEFAULT onready keystone.common.systemd %{__python} setup.py build %install %{__python} setup.py install --skip-build --root %{buildroot} # Delete tests rm -fr %{buildroot}%{python_sitelib}/tests rm -fr %{buildroot}%{python_sitelib}/run_tests.* install -d -m 755 %{buildroot}%{_sysconfdir}/keystone install -p -D -m 640 etc/keystone.conf %{buildroot}%{_sysconfdir}/keystone/keystone.conf install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates install -p -D -m 640 etc/policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone install -p -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/openstack-keystone.service # Install sample data script. install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/%{name}/sample_data.sh install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone # docs generation requires everything to be installed first export PYTHONPATH="$( pwd ):$PYTHONPATH" pushd doc if [ -x /usr/bin/sphinx-apidoc ]; then make html make man else make html SPHINXAPIDOC=echo make man SPHINXAPIDOC=echo fi mkdir -p %{buildroot}%{_mandir}/man1 install -p -D -m 644 build/man/*.1 %{buildroot}%{_mandir}/man1/ popd # Fix hidden-file-or-dir warnings rm -fr doc/build/html/.doctrees doc/build/html/.buildinfo %pre # 163:163 for keystone (openstack-keystone) - rhbz#752842 getent group keystone >/dev/null || groupadd -r --gid 163 keystone getent passwd keystone >/dev/null || \ useradd --uid 163 -r -g keystone -d %{_sharedstatedir}/keystone -s /sbin/nologin \ -c "OpenStack Keystone Daemons" keystone exit 0 %post if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl daemon-reload >/dev/null 2>&1 || : fi %preun if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable openstack-keystone.service > /dev/null 2>&1 || : /bin/systemctl stop openstack-keystone.service > /dev/null 2>&1 || : fi %postun /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart openstack-keystone.service >/dev/null 2>&1 || : fi %files %doc LICENSE %doc README.rst %{_mandir}/man1/keystone*.1.gz %{_bindir}/keystone-all %{_bindir}/keystone-manage %{_bindir}/openstack-keystone-sample-data %{_datadir}/%{name} %{_unitdir}/openstack-keystone.service %dir %{_sysconfdir}/keystone %config(noreplace) %attr(-, root, keystone) %{_sysconfdir}/keystone/keystone.conf %config(noreplace) %attr(-, root, keystone) %{_sysconfdir}/keystone/logging.conf %config(noreplace) %attr(-, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates %config(noreplace) %attr(-, keystone, keystone) %{_sysconfdir}/keystone/policy.json %config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone %dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone %dir %attr(-, keystone, keystone) %{_localstatedir}/log/keystone %files -n python-keystone %defattr(-,root,root,-) %doc LICENSE %{python_sitelib}/keystone %{python_sitelib}/keystone-%{version}-*.egg-info %if 0%{?with_doc} %files doc %doc LICENSE doc/build/html %endif %changelog * Mon Nov 12 2012 Alan Pevec 2012.2-4 - readd iso8601 dependency (from openstack-common timeutils) * Fri Nov 09 2012 Alan Pevec 2012.2-3 - remove auth-token subpackage (rhbz#868357) * Thu Nov 08 2012 Alan Pevec 2012.2-2 - Fix default port for identity.internalURL in sample script * Thu Sep 27 2012 Alan Pevec 2012.2-1 - Update to folsom final * Wed Sep 26 2012 Alan Pevec 2012.2-0.9.rc2 - folsom rc2 * Fri Sep 21 2012 Alan Pevec 2012.2-0.8.rc1 - fix systemd notification (rhbz#858188) * Fri Sep 14 2012 Alan Pevec 2012.2-0.7.rc1 - folsom rc1 (CVE-2012-4413) * Thu Aug 30 2012 Alan Pevec 2012.2-0.6.f3 - Require authz to update user's tenant (CVE-2012-3542) * Wed Aug 29 2012 Alan Pevec 2012.2-0.5.f3 - allow middleware configuration from app config * Mon Aug 20 2012 Alan Pevec 2012.2-0.4.f3 - folsom-3 milestone * Fri Jul 20 2012 Fedora Release Engineering - 2012.2-0.3.f2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jul 06 2012 Alan Pevec 2012.2-0.2.f2 - folsom-2 milestone (CVE-2012-3426) * Fri May 25 2012 Alan Pevec 2012.2-0.1.f1 - folsom-1 milestone * Thu May 24 2012 Alan Pevec 2012.1-3 - python-keystone-auth-token subpackage (rhbz#824034) - use reserved user id for keystone (rhbz#752842) * Mon May 21 2012 Alan Pevec 2012.1-2 - Sync up with Essex stable branch - Remove dependencies no loner needed by Essex * Thu Apr 05 2012 Alan Pevec 2012.1-1 - Essex release * Wed Apr 04 2012 Alan Pevec 2012.1-0.13.rc2 - essex rc2 * Sat Mar 24 2012 Alan Pevec 2012.1-0.12.rc1 - update to final essex rc1 * Wed Mar 21 2012 Alan Pevec 2012.1-0.11.rc1 - essex rc1 * Thu Mar 08 2012 Alan Pevec 2012.1-0.10.e4 - change default catalog backend to sql rhbz#800704 - update sample-data script - add missing keystoneclient dependency * Thu Mar 01 2012 Alan Pevec 2012.1-0.9.e4 - essex-4 milestone * Sat Feb 25 2012 Alan Pevec 2012.1-0.8.e4 - change default database to mysql * Tue Feb 21 2012 Alan Pevec 2012.1-0.7.e4 - switch all backends to sql * Mon Feb 20 2012 Alan Pevec 2012.1-0.6.e4 - add missing default_catalog.templates * Mon Feb 20 2012 Alan Pevec 2012.1-0.5.e4 - pre essex-4 snapshot, for keystone rebase * Mon Feb 13 2012 Alan Pevec 2012.1-0.4.e3 - fix deps rhbz#787072 - keystone is not hashing passwords lp#924391 - Fix "KeyError: 'service-header-mappings'" lp#925872 * Wed Feb 8 2012 Toshio Kuratomi - 2012.1-0.3.e3 - Remove the dep on python-sqlite2 as that's being retired in F17 and keystone will work with the sqlite3 module from the stdlib * Thu Jan 26 2012 Alan Pevec 2012.1-0.2.e3 - separate library to python-keystone - avoid conflict with python-keystoneclient * Thu Jan 26 2012 Alan Pevec 2012.1-0.1.e3 - essex-3 milestone * Wed Jan 18 2012 Alan Pevec 2012.1-0.e2 - essex-2 milestone * Fri Jan 13 2012 Fedora Release Engineering - 2011.3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Thu Nov 24 2011 Alan Pevec 2011.3.1-2 - include LICENSE, update package description from README.md * Mon Nov 21 2011 Alan Pevec 2011.3.1-1 - Update to 2011.3.1 stable/diablo release * Fri Nov 11 2011 Alan Pevec 2011.3-2 - Update to the latest stable/diablo snapshot * Mon Oct 24 2011 Mark McLoughlin - 2011.3-1 - Update version to diablo final * Wed Oct 19 2011 Matt Domsch - 1.0-0.4.d4.1213 - add Requires: python-passlib * Mon Oct 3 2011 Matt Domsch - 1.0-0.2.d4.1213 - update to diablo release. - BR systemd-units for _unitdir * Fri Sep 2 2011 Mark McLoughlin - 1.0-0.2.d4.1078 - Use upstream snapshot tarball - No need to define python_sitelib anymore - BR python2-devel - Remove BRs only needed for unit tests - No need to clean buildroot in install anymore - Use slightly more canonical site for URL tag - Prettify the requires tags - Cherry-pick tools.tracer patch from upstream - Add config file - Add keystone user and group - Ensure log file is in /var/log/keystone - Ensure the sqlite db is in /var/lib/keystone - Add logrotate support - Add system units * Thu Sep 1 2011 Matt Domsch - 1.0-0.1.20110901git396f0bfd%{?dist} - initial packaging