Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Rocky
openstack-barbican-doc
openstack-barbican.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openstack-barbican.spec of Package openstack-barbican-doc
# # spec file for package openstack-barbican # # Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define component barbican %define groupname %{component} %define username %{component} %define version_unconverted 7.0.1.dev24 Name: openstack-%{component} Version: 7.0.1~dev24 Release: 0 Summary: OpenStack key and secret management (Barbican) License: Apache-2.0 Group: System/Management URL: https://launchpad.net/barbican Source0: http://tarballs.openstack.org/barbican/barbican-stable-rocky.tar.gz Source1: %{name}.logrotate Source2: %{component}-api.conf.sample Source3: %{name}-rpmlintrc Source5: %name.conf # systemd service files Source10: %{name}-worker.service Source11: %{name}-keystone-listener.service Source12: %{name}-retry.service Source50: README.config # PATCH-FIX-OPENSUSE fix-barbican-api.patch Patch1: fix-barbican-api.patch Patch2: 0001-Fix-secret-metadata-access-rules.patch Patch3: 0001-Fix-policy-for-adding-a-secret-to-a-container.patch Patch4: 0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch # PATCH-FIX-UPSTREAM CVE-2022-3100.patch -- https://review.opendev.org/c/openstack/barbican/+/859847 Patch5: CVE-2022-3100.patch BuildRequires: apache2 BuildRequires: fdupes BuildRequires: openstack-suse-macros BuildRequires: python-base BuildRequires: python-oslo.concurrency BuildRequires: python-oslo.config BuildRequires: python-oslo.db BuildRequires: python-pecan BuildRequires: python-pyOpenSSL BuildRequires: python-setuptools BuildRequires: python-six # Documentation build requirements: BuildRequires: crudini BuildRequires: python-Babel BuildRequires: python-Paste BuildRequires: python-PasteDeploy BuildRequires: python-PyKMIP BuildRequires: python-Sphinx BuildRequires: python-WebOb BuildRequires: python-eventlet BuildRequires: python-fixtures BuildRequires: python-mock BuildRequires: python-neutronclient BuildRequires: python-openstackdocstheme BuildRequires: python-oslo.i18n BuildRequires: python-oslo.log BuildRequires: python-oslo.messaging BuildRequires: python-oslo.policy BuildRequires: python-oslo.utils BuildRequires: python-pbr BuildRequires: python-sqlalchemy BuildRequires: python-stevedore BuildRequires: python-testtools BuildRequires: systemd-rpm-macros %{?systemd_requires} Requires: logrotate Requires: python >= 2.7 Requires: python-barbican = %{version} Requires(pre): pwdutils BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %description Barbican is a REST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. %package -n python-barbican Summary: OpenStack key and secret management (Barbican) - Python module Group: Development/Languages/Python Requires: python >= 2.7 Requires: python-Babel >= 2.3.4 Requires: python-Paste >= 2.0.2 Requires: python-PasteDeploy >= 1.5.0 Requires: python-PyKMIP >= 0.7.0 Requires: python-SQLAlchemy >= 1.0.10 Requires: python-WebOb >= 1.7.1 Requires: python-alembic >= 0.8.10 Requires: python-cffi >= 1.7.0 Requires: python-cryptography >= 2.1 Requires: python-eventlet >= 0.18.2 Requires: python-jsonschema >= 2.6.0 Requires: python-keystoneclient >= 3.8.0 Requires: python-keystonemiddleware >= 4.17.0 Requires: python-ldap3 >= 1.0.2 Requires: python-oslo.config >= 5.2.0 Requires: python-oslo.context >= 2.19.2 Requires: python-oslo.db >= 4.27.0 Requires: python-oslo.i18n >= 3.15.3 Requires: python-oslo.log >= 3.36.0 Requires: python-oslo.messaging >= 5.29.0 Requires: python-oslo.middleware >= 3.31.0 Requires: python-oslo.policy >= 1.30.0 Requires: python-oslo.serialization >= 2.18.0 Requires: python-oslo.service >= 1.24.0 Requires: python-oslo.utils >= 3.33.0 Requires: python-pbr >= 2.0.0 Requires: python-pecan >= 1.0.0 Requires: python-pyOpenSSL >= 17.1.0 Requires: python-pycrypto >= 2.6 Requires: python-requests >= 2.14.2 Requires: python-six >= 1.10.0 Requires: python-stevedore >= 1.20.0 %description -n python-barbican Barbican is a REST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. This package contains the core Python module of OpenStack Barbican. %package api Summary: OpenStack key and secret management (Barbican) - API Group: Development/Languages/Python Requires: %{name} = %{version} Requires: apache2 Requires: apache2-mod_wsgi %description api Barbican is a REST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. This package contains the OpenStack Barbican API (WSGI only). %package worker Summary: OpenStack key and secret management (Barbican) - Worker Group: Development/Languages/Python Requires: %{name} = %{version} %description worker Barbican is a REST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. This package contains the OpenStack Barbican Worker service. %package keystone-listener Summary: OpenStack key and secret management (Barbican) - keystone listener Group: Development/Languages/Python Requires: %{name} = %{version} %description keystone-listener Barbican is a REST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. This package contains the OpenStack Barbican Keystone Listener service. # TODO(aplanas): This package will be droped from master %package retry Summary: OpenStack key and secret management (Barbican) - Retry Scheduler Group: Development/Languages/Python Requires: %{name} = %{version} %description retry Barbican is a REST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. This package contains the OpenStack Barbican Retry Scheduler service. %package test Summary: OpenStack key and secret management (Barbican) - Testsuite Group: Development/Languages/Python Requires: %{name} = %{version} Requires: git-core Requires: python-WebTest >= 2.0.27 Requires: python-ddt >= 1.0.1 Requires: python-fixtures >= 3.0.0 Requires: python-mock >= 2.0.0 Requires: python-os-testr >= 0.4.1 Requires: python-oslotest >= 3.2.0 Requires: python-pbr >= 2.0.0 Requires: python-python-subunit >= 0.0.18 Requires: python-testrepository >= 0.0.18 Requires: python-testtools >= 2.2.0 %description test Barbican is a REST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. This package contains the OpenStack Barbican testsuite. %prep %setup -q -n %{component}-%{version_unconverted} %openstack_cleanup_prep %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %build python setup.py build PBR_VERSION=%version sphinx-build -b man doc/source doc/build/man ### configuration files PYTHONPATH=. oslo-config-generator --config-file etc/oslo-config-generator/barbican.conf --output-file etc/barbican.conf.sample PYTHONPATH=. oslopolicy-sample-generator --config-file=etc/oslo-config-generator/policy.conf %install python setup.py install --skip-build --prefix=%{_prefix} --root=%{buildroot} ### directories install -d -m 750 %{buildroot}%{_localstatedir}/{lib,log}/%{component} install -d -m 750 %{buildroot}%{_localstatedir}/cache/%{component} install -d -m 700 %{buildroot}%{_localstatedir}/run/%{component} install -D -m 644 %{SOURCE5} %{buildroot}/%_tmpfilesdir/%name.conf install -d -m 755 %{buildroot}%{_sysconfdir}/%{component} install -d -m 755 %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf.d/ install -p -D -m 640 %{SOURCE50} %{buildroot}%{_sysconfdir}/%{component}/README.config install -d -m 755 %{buildroot}/srv/www/%{component}-api ### Copy the Barbican WSGI app to DocumentRoot install -p -D -m 644 %{buildroot}/%{_bindir}/barbican-wsgi-api %{buildroot}/srv/www/%{component}-api/app.wsgi ### configuration files install -p -D -m 644 etc/%{component}.conf.sample %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf install -p -D -m 640 etc/%{component}/policy.yaml.sample %{buildroot}%{_sysconfdir}/%{component}/policy.yaml install -p -D -m 644 etc/barbican/{barbican-functional.conf,api_audit_map.conf} %{buildroot}%{_sysconfdir}/%{component}/ mv %{buildroot}/usr/etc/barbican/barbican-api-paste.ini %{buildroot}%{_sysconfdir}/%{component}/ install -d %{buildroot}%{_sysconfdir}/apache2/vhosts.d # bash-completion/logrotate/etc. install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # Install systemd unit services mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_unitdir} install -p -D -m 444 %{SOURCE10} %{buildroot}%{_unitdir}/%{name}-worker.service install -p -D -m 444 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}-keystone-listener.service install -p -D -m 444 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}-retry.service ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-worker ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-keystone-listener ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-retry ### documentation install -d %{buildroot}%{_mandir}/man1 install -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1 ### test subpackage %openstack_test_package_install %fdupes %{buildroot}%{_localstatedir}/lib/%{name}-test ### misc %fdupes %{buildroot}%{python_sitelib}/%{component} ### set default configuration %define barbican_conf %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf.d/010-%{component}.conf crudini --set %{barbican_conf} DEFAULT log_dir /var/log/barbican crudini --set %{barbican_conf} DEFAULT state_path /var/lib/barbican crudini --set %{barbican_conf} keystone_authtoken signing_dir /var/cache/%component/keystone-signing crudini --set %{barbican_conf} oslo_concurrency lock_path /var/run/barbican # adjust the default config file sed -i 's/enabled_certificate_plugins = snakeoil_ca/#enabled_certificate_plugins = snakeoil_ca/' %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/apache2/vhosts.d/ %pre %openstack_pre_user_group_create %{username} %{groupname} %post %tmpfiles_create %{_tmpfilesdir}/%{name}.conf %pre worker %service_add_pre %{name}-worker.service %post worker %service_add_post %{name}-worker.service %preun worker %service_del_preun %{name}-worker.service %postun worker %restart_on_update %{name}-worker.service %service_del_postun %{name}-worker.service %pre keystone-listener %service_add_pre %{name}-keystone-listener.service %post keystone-listener %service_add_post %{name}-keystone-listener.service %preun keystone-listener %service_del_preun %{name}-keystone-listener.service %postun keystone-listener %restart_on_update %{name}-keystone-listener.service %service_del_postun %{name}-keystone-listener.service %pre retry %service_add_pre %{name}-retry.service %post retry %service_add_post %{name}-retry.service %preun retry %service_del_preun %{name}-retry.service %postun retry %restart_on_update %{name}-retry.service %service_del_postun %{name}-retry.service %files %defattr(-,root,root) %license LICENSE %doc README.md %doc %{_mandir}/man1/%{component}.1.gz %dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/lib/%{component} %dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/cache/%{component} %dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/log/%{component} %_tmpfilesdir/%name.conf %dir %{_sysconfdir}/%{component} %dir %{_sysconfdir}/%{component}/%{component}.conf.d/ %{_sysconfdir}/%{component}/README.config %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config %attr(0644, root, %{groupname}) %{_sysconfdir}/%{component}/barbican-functional.conf %config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf %config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf.d/010-%{component}.conf %config %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/policy.yaml %{_bindir}/%{component}-manage %{_bindir}/%{component}-db-manage %{_bindir}/pkcs11-kek-rewrap %{_bindir}/pkcs11-key-generation %files -n python-%{component} %defattr(-,root,root,-) %license LICENSE %{python_sitelib}/%{component}/ %{python_sitelib}/%{component}-*.egg-info %exclude %{python_sitelib}/%{component}/test* %files api %defattr(-,root,root,-) %license LICENSE %{_bindir}/barbican-wsgi-api %config %attr(0644, root, %{groupname}) %{_sysconfdir}/%{component}/api_audit_map.conf %config %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/barbican-api-paste.ini %config %{_sysconfdir}/apache2/vhosts.d/ /srv/www/%{component}-api/ /srv/www/%{component}-api/app.wsgi %{_sysconfdir}/apache2/vhosts.d/ %{_sysconfdir}/apache2/vhosts.d/%{component}-api.conf.sample %files worker %defattr(-,root,root,-) %license LICENSE %{_unitdir}/%{name}-worker.service %{_sbindir}/rc%{name}-worker %{_bindir}/%{component}-worker %files keystone-listener %defattr(-,root,root,-) %license LICENSE %{_unitdir}/%{name}-keystone-listener.service %{_sbindir}/rc%{name}-keystone-listener %{_bindir}/%{component}-keystone-listener %files retry %defattr(-,root,root,-) %license LICENSE %{_unitdir}/%{name}-retry.service %{_sbindir}/rc%{name}-retry %{_bindir}/%{component}-retry %files test %defattr(-,root,root) %{_localstatedir}/lib/%{name}-test/ %{python_sitelib}/%{component}/test* %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor