359 lines
12 KiB
Django/Jinja
359 lines
12 KiB
Django/Jinja
{% set pypi_name = 'barbican' %}
|
|
{% set source = fetch_source('https://tarballs.openstack.org/barbican/barbican-master.tar.gz') %}
|
|
{% set upstream_version = upstream_version() %}
|
|
{% set rpm_release = '1' %}
|
|
%global with_doc 1
|
|
%if 0%{?rhel} || 0%{?fedora}
|
|
%global rdo 1
|
|
%endif
|
|
Name: {{ py2name() }}
|
|
Version: {{ py2rpmversion() }}
|
|
Release: {{ py2rpmrelease() }}
|
|
Summary: OpenStack key and secrets management (Barbican)
|
|
License: {{ license('Apache-2.0') }}
|
|
URL: https://docs.openstack.org/barbican/latest/
|
|
Source0: {{ source|basename }}
|
|
Source1: openstack-barbican.logrotate
|
|
Source2: openstack-barbican.tmpfiles
|
|
Source3: openstack-barbican.defaultconf
|
|
Source4: openstack-barbican.README.config
|
|
Source5: barbican-wsgi.conf
|
|
# systemd service files
|
|
Source10: openstack-barbican-worker.service
|
|
Source11: openstack-barbican-keystone-listener.service
|
|
Source12: openstack-barbican-retry.service
|
|
BuildRequires: openstack-macros
|
|
BuildRequires: {{ py3('Babel') }}
|
|
BuildRequires: {{ py3('Paste') }}
|
|
BuildRequires: {{ py3('PasteDeploy') }}
|
|
BuildRequires: {{ py3('PyKMIP') }}
|
|
BuildRequires: {{ py3('SQLAlchemy') }}
|
|
BuildRequires: {{ py3('WebOb') }}
|
|
BuildRequires: {{ py3('castellan') }}
|
|
BuildRequires: {{ py3('ddt') }}
|
|
BuildRequires: {{ py3('eventlet') }}
|
|
BuildRequires: {{ py3('fixtures') }}
|
|
BuildRequires: {{ py3('jsonschema') }}
|
|
BuildRequires: {{ py3('ldap3') }}
|
|
BuildRequires: {{ py3('neutronclient') }}
|
|
BuildRequires: {{ py3('oslo.concurrency') }}
|
|
BuildRequires: {{ py3('oslo.config') }}
|
|
BuildRequires: {{ py3('oslo.db') }}
|
|
BuildRequires: {{ py3('oslo.i18n') }}
|
|
BuildRequires: {{ py3('oslo.log') }}
|
|
BuildRequires: {{ py3('oslo.messaging') }}
|
|
BuildRequires: {{ py3('oslo.policy') }}
|
|
BuildRequires: {{ py3('oslo.utils') }}
|
|
BuildRequires: {{ py3('oslo.versionedobjects') }}
|
|
BuildRequires: {{ py3('oslotest') }}
|
|
BuildRequires: {{ py3('pbr') }}
|
|
BuildRequires: {{ py3('pecan') }}
|
|
BuildRequires: {{ py3('pyOpenSSL') }}
|
|
BuildRequires: {{ py3('six') }}
|
|
BuildRequires: {{ py3('stestr') }}
|
|
BuildRequires: {{ py3('stevedore') }}
|
|
BuildRequires: {{ py3('testtools') }}
|
|
Requires: logrotate
|
|
Requires: python3-barbican = %{version}-%{release}
|
|
BuildArch: noarch
|
|
%if 0%{?suse_version}
|
|
BuildRequires: systemd-rpm-macros
|
|
Requires(pre): pwdutils
|
|
%{?systemd_requires}
|
|
%else
|
|
BuildRequires: systemd
|
|
Requires(post): systemd
|
|
Requires(postun): systemd
|
|
Requires(pre): shadow-utils
|
|
Requires(preun): systemd
|
|
%endif
|
|
|
|
%description
|
|
Barbican is a REST API designed for the secure storage, provisioning and
|
|
management of secrets. It is aimed at being useful for all environments,
|
|
including large ephemeral Clouds.
|
|
|
|
%package -n python3-{{ pypi_name }}
|
|
Summary: OpenStack key and secrets management (Barbican) - Python module
|
|
Group: Development/Languages/Python
|
|
Requires: {{ py3('Babel') }}
|
|
Requires: {{ py3('Paste') }}
|
|
Requires: {{ py3('PasteDeploy') }}
|
|
Requires: {{ py3('PyKMIP') }}
|
|
Requires: {{ py3('Pygments') }}
|
|
Requires: {{ py3('SQLAlchemy') }}
|
|
Requires: {{ py3('WebOb') }}
|
|
Requires: {{ py3('alembic') }}
|
|
Requires: {{ py3('castellan') }}
|
|
Requires: {{ py3('cffi') }}
|
|
Requires: {{ py3('cryptography') }}
|
|
Requires: {{ py3('eventlet') }}
|
|
Requires: {{ py3('jsonschema') }}
|
|
Requires: {{ py3('keystoneclient') }}
|
|
Requires: {{ py3('keystonemiddleware') }}
|
|
Requires: {{ py3('ldap3') }}
|
|
Requires: {{ py3('oslo.config') }}
|
|
Requires: {{ py3('oslo.context') }}
|
|
Requires: {{ py3('oslo.db') }}
|
|
Requires: {{ py3('oslo.i18n') }}
|
|
Requires: {{ py3('oslo.log') }}
|
|
Requires: {{ py3('oslo.messaging') }}
|
|
Requires: {{ py3('oslo.middleware') }}
|
|
Requires: {{ py3('oslo.policy') }}
|
|
Requires: {{ py3('oslo.serialization') }}
|
|
Requires: {{ py3('oslo.service') }}
|
|
Requires: {{ py3('oslo.upgradecheck') }}
|
|
Requires: {{ py3('oslo.utils') }}
|
|
Requires: {{ py3('oslo.versionedobjects') }}
|
|
Requires: {{ py3('pbr') }}
|
|
Requires: {{ py3('pecan') }}
|
|
Requires: {{ py3('pyOpenSSL') }}
|
|
Requires: {{ py3('requests') }}
|
|
Requires: {{ py3('six') }}
|
|
Requires: {{ py3('stevedore') }}
|
|
|
|
%description -n python3-{{ pypi_name }}
|
|
Barbican is a REST API designed for the secure storage, provisioning and
|
|
management of secrets. It is aimed at being useful for all environments,
|
|
including large ephemeral Clouds.
|
|
|
|
This package contains the core Python module of OpenStack Barbican.
|
|
|
|
%package api
|
|
Summary: OpenStack key and secret management (Barbican) - API
|
|
Group: Development/Languages/Python
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description api
|
|
Barbican is a REST API designed for the secure storage, provisioning and
|
|
management of secrets. It is aimed at being useful for all environments,
|
|
including large ephemeral Clouds.
|
|
This package contains the OpenStack Barbican API (WSGI only).
|
|
|
|
%package worker
|
|
Summary: OpenStack key and secret management (Barbican) - Worker
|
|
Group: Development/Languages/Python
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description worker
|
|
Barbican is a REST API designed for the secure storage, provisioning and
|
|
management of secrets. It is aimed at being useful for all environments,
|
|
including large ephemeral Clouds.
|
|
This package contains the OpenStack Barbican Worker service.
|
|
|
|
%package keystone-listener
|
|
Summary: OpenStack key and secret management (Barbican) - keystone listener
|
|
Group: Development/Languages/Python
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description keystone-listener
|
|
Barbican is a REST API designed for the secure storage, provisioning and
|
|
management of secrets. It is aimed at being useful for all environments,
|
|
including large ephemeral Clouds.
|
|
This package contains the OpenStack Barbican Keystone Listener service.
|
|
|
|
%package retry
|
|
Summary: OpenStack key and secret management (Barbican) - Retry Scheduler
|
|
Group: Development/Languages/Python
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description retry
|
|
Barbican is a REST API designed for the secure storage, provisioning and
|
|
management of secrets. It is aimed at being useful for all environments,
|
|
including large ephemeral Clouds.
|
|
This package contains the OpenStack Barbican Retry Scheduler service.
|
|
|
|
%if 0%{?with_doc}
|
|
%package doc
|
|
Summary: OpenStack key and secret management (Barbican) - Documentation
|
|
Group: Documentation/HTML
|
|
BuildRequires: {{ py3('Sphinx') }}
|
|
BuildRequires: {{ py3('openstackdocstheme') }}
|
|
BuildRequires: {{ py3('sphinxcontrib-svg2pdfconverter') }}
|
|
|
|
%description doc
|
|
Barbican is a REST API designed for the secure storage, provisioning and
|
|
management of secrets. It is aimed at being useful for all environments,
|
|
including large ephemeral Clouds.
|
|
|
|
This package contains documentation.
|
|
%endif
|
|
|
|
%prep
|
|
%autosetup -p1 -n {{ pypi_name }}-{{ upstream_version }}
|
|
%py_req_cleanup
|
|
|
|
%build
|
|
%{py3_build}
|
|
# doc
|
|
%if 0%{?with_doc}
|
|
PYTHONPATH=. PBR_VERSION={{ upstream_version }} %sphinx_build -b html doc/source doc/build/html
|
|
PYTHONPATH=. PBR_VERSION={{ upstream_version }} %sphinx_build -b man doc/source doc/build/man
|
|
# remove the Sphinx-build leftovers
|
|
rm -rf doc/build/html/.{doctrees,buildinfo}
|
|
rm -rf doc/build/man/.{doctrees,buildinfo}
|
|
%endif
|
|
|
|
### configuration file generation
|
|
PYTHONPATH=. oslo-config-generator --config-file etc/oslo-config-generator/barbican.conf --output-file etc/barbican.conf.sample
|
|
PYTHONPATH=. oslopolicy-sample-generator --config-file=etc/oslo-config-generator/policy.conf
|
|
|
|
%install
|
|
%{py3_install}
|
|
|
|
### directories
|
|
install -d -m 750 %{buildroot}%{_localstatedir}/{lib,log}/barbican
|
|
install -d -m 750 %{buildroot}%{_localstatedir}/cache/barbican
|
|
install -D -m 644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/barbican.conf
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/barbican
|
|
install -d -m 755 %{buildroot}%{_datadir}/barbican
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/barbican/barbican.conf.d/
|
|
install -p -D -m 640 %{SOURCE4} %{buildroot}%{_sysconfdir}/barbican/README.config
|
|
|
|
### configuration files
|
|
install -p -D -m 644 etc/barbican.conf.sample %{buildroot}%{_sysconfdir}/barbican/barbican.conf
|
|
install -p -D -m 640 etc/barbican/policy.yaml.sample %{buildroot}%{_sysconfdir}/barbican/policy.yaml
|
|
install -p -D -m 644 etc/barbican/{barbican-functional.conf,api_audit_map.conf} %{buildroot}%{_sysconfdir}/barbican/
|
|
mv %{buildroot}/%{_prefix}/%{_sysconfdir}/barbican/barbican-api-paste.ini %{buildroot}%{_sysconfdir}/barbican/
|
|
|
|
### default configuration
|
|
install -D -m 640 %{SOURCE3} %{buildroot}/%{_sysconfdir}/barbican/barbican.conf.d/010-barbican.conf
|
|
|
|
# bash-completion/logrotate/etc.
|
|
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/barbican
|
|
|
|
# Install systemd unit services
|
|
mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_unitdir}
|
|
install -p -D -m 444 %{SOURCE10} %{buildroot}%{_unitdir}/%{name}-worker.service
|
|
install -p -D -m 444 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}-keystone-listener.service
|
|
install -p -D -m 444 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}-retry.service
|
|
%if 0%{?suse_version}
|
|
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-worker
|
|
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-keystone-listener
|
|
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-retry
|
|
%endif
|
|
|
|
# Install apache configuration files
|
|
install -p -D -m 644 %{SOURCE5} %{buildroot}%{_datadir}/barbican/
|
|
|
|
# man pages
|
|
%if 0%{?with_doc}
|
|
mkdir -p %{buildroot}%{_mandir}/man1
|
|
install -p -D -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1/
|
|
%endif
|
|
|
|
%check
|
|
# don't want to depend on hacking for package building
|
|
rm barbican/tests/test_hacking.py
|
|
|
|
%if 0%{?suse_version}
|
|
PYTHON=python3 stestr run
|
|
%endif
|
|
%if 0%{?rdo}
|
|
stestr-3 run
|
|
%endif
|
|
|
|
%pre
|
|
%openstack_pre_user_group_create barbican barbican /sbin/nologin
|
|
exit 0
|
|
|
|
%post
|
|
%tmpfiles_create %{_tmpfilesdir}/barbican.conf
|
|
|
|
%post worker
|
|
%systemd_post %{name}-worker.service
|
|
|
|
%preun worker
|
|
%systemd_preun %{name}-worker.service
|
|
|
|
%postun worker
|
|
%systemd_postun %{name}-worker.service
|
|
|
|
%post keystone-listener
|
|
%systemd_post %{name}-keystone-listener.service
|
|
|
|
%preun keystone-listener
|
|
%systemd_preun %{name}-keystone-listener.service
|
|
|
|
%postun keystone-listener
|
|
%systemd_postun %{name}-keystone-listener.service
|
|
|
|
%post retry
|
|
%systemd_post %{name}-retry.service
|
|
|
|
%preun retry
|
|
%systemd_preun %{name}-retry.service
|
|
|
|
%postun retry
|
|
%systemd_postun %{name}-retry.service
|
|
|
|
%files
|
|
%license LICENSE
|
|
%dir %attr(0750, barbican, barbican) %{_localstatedir}/lib/barbican
|
|
%dir %attr(0750, barbican, barbican) %{_localstatedir}/cache/barbican
|
|
%dir %attr(0750, barbican, barbican) %{_localstatedir}/log/barbican
|
|
%_tmpfilesdir/barbican.conf
|
|
%dir %{_datadir}/barbican
|
|
%dir %{_sysconfdir}/barbican
|
|
%dir %{_sysconfdir}/barbican/barbican.conf.d/
|
|
%{_sysconfdir}/barbican/README.config
|
|
%config(noreplace) %{_sysconfdir}/logrotate.d/barbican
|
|
%config %attr(0644, root, barbican) %{_sysconfdir}/barbican/barbican-functional.conf
|
|
%config(noreplace) %attr(0640, root, barbican) %{_sysconfdir}/barbican/barbican.conf
|
|
%config(noreplace) %attr(0640, root, barbican) %{_sysconfdir}/barbican/barbican.conf.d/010-barbican.conf
|
|
%config %attr(0640, root, barbican) %{_sysconfdir}/barbican/policy.yaml
|
|
%attr(0644, root, barbican) %{_datadir}/barbican/barbican-wsgi.conf
|
|
%{_bindir}/barbican-manage
|
|
%{_bindir}/barbican-status
|
|
%{_bindir}/barbican-db-manage
|
|
%{_bindir}/pkcs11-kek-rewrap
|
|
%{_bindir}/pkcs11-key-generation
|
|
%if 0%{?with_doc}
|
|
%{_mandir}/man1/barbican.1.gz
|
|
%endif
|
|
|
|
%files -n python3-barbican
|
|
%license LICENSE
|
|
%{python3_sitelib}/barbican/
|
|
%{python3_sitelib}/barbican-*.egg-info
|
|
|
|
%files api
|
|
%defattr(-,root,root,-)
|
|
%license LICENSE
|
|
%{_bindir}/barbican-wsgi-api
|
|
%config %attr(0644, root, barbican) %{_sysconfdir}/barbican/api_audit_map.conf
|
|
%config %attr(0640, root, barbican) %{_sysconfdir}/barbican/barbican-api-paste.ini
|
|
|
|
%files worker
|
|
%defattr(-,root,root,-)
|
|
%license LICENSE
|
|
%{_unitdir}/%{name}-worker.service
|
|
%{_bindir}/barbican-worker
|
|
%if 0%{?suse_version}
|
|
%{_sbindir}/rc%{name}-worker
|
|
%endif
|
|
|
|
%files keystone-listener
|
|
%license LICENSE
|
|
%{_unitdir}/%{name}-keystone-listener.service
|
|
%{_bindir}/barbican-keystone-listener
|
|
%if 0%{?suse_version}
|
|
%{_sbindir}/rc%{name}-keystone-listener
|
|
%endif
|
|
|
|
%files retry
|
|
%license LICENSE
|
|
%{_unitdir}/%{name}-retry.service
|
|
%{_bindir}/barbican-retry
|
|
%if 0%{?suse_version}
|
|
%{_sbindir}/rc%{name}-retry
|
|
%endif
|
|
|
|
%if 0%{?with_doc}
|
|
%files doc
|
|
%license LICENSE
|
|
%doc doc/build/html
|
|
%endif
|
|
|
|
%changelog
|