blob: 08b69a3f864631e1690585552d0159115cfbc676 [file] [log] [blame]
%global with_doc %{!?_without_doc:1}%{?_without_doc:0}
%global service keystone
# guard for package OSP does not support
%global rhosp 0
%{!?upstream_version: %global upstream_version %{version}%{?milestone}}
%global common_desc \
Keystone is a Python implementation of the OpenStack \
(http://www.openstack.org) identity service API.
Name: openstack-keystone
# Liberty semver reset
# https://review.openstack.org/#/q/I6a35fa0dda798fad93b804d00a46af80f08d475c,n,z
Epoch: 1
Version: 13.0.4
Release: 1%{?dist}
Summary: OpenStack Identity Service
License: ASL 2.0
URL: http://keystone.openstack.org/
Source0: https://tarballs.openstack.org/%{service}/%{service}-%{upstream_version}.tar.gz
#
Source1: openstack-keystone.logrotate
Source3: openstack-keystone.sysctl
Source5: openstack-keystone-sample-data
Source20: keystone-dist.conf
BuildArch: noarch
BuildRequires: openstack-macros
BuildRequires: python2-devel
BuildRequires: python2-osprofiler >= 1.1.0
BuildRequires: python2-pbr >= 1.8
BuildRequires: git
# Required to build keystone.conf
BuildRequires: python2-oslo-cache >= 1.26.0
BuildRequires: python2-oslo-config >= 2:5.1.0
BuildRequires: python2-passlib >= 1.6
BuildRequires: python2-pycadf >= 2.1.0
BuildRequires: python-redis
%if 0%{rhosp} == 0
BuildRequires: python-zmq
%endif
# Required to compile translation files
BuildRequires: python2-babel
# Required to build man pages
BuildRequires: python2-openstackdocstheme
BuildRequires: python2-oslo-policy
BuildRequires: python2-sphinx >= 1.1.2
BuildRequires: python2-jsonschema
BuildRequires: python2-oslo-db >= 4.27.0
BuildRequires: python-ldappool
BuildRequires: python2-oauthlib
BuildRequires: python2-pysaml2
BuildRequires: python2-keystonemiddleware >= 4.17.0
BuildRequires: python-webtest
BuildRequires: python-freezegun
BuildRequires: python2-testresources
BuildRequires: python-pep8
BuildRequires: python2-oslotest
Requires: python-keystone = %{epoch}:%{version}-%{release}
Requires: python-keystoneclient >= 1:3.8.0
%{?systemd_requires}
BuildRequires: systemd
Requires(pre): shadow-utils
%description
%{common_desc}
This package contains the Keystone daemon.
%package -n python-keystone
Summary: Keystone Python libraries
Requires: python2-pbr
Requires: python2-bcrypt
Requires: python-ldap
Requires: python-ldappool
Requires: python-memcached
Requires: python-migrate >= 0.11.0
Requires: python-paste-deploy >= 1.5.0
Requires: python-paste
Requires: python2-routes >= 2.3.1
Requires: python2-sqlalchemy >= 1.0.10
Requires: python-webob >= 1.7.1
Requires: python2-passlib >= 1.7.0
Requires: openssl
Requires: python2-six >= 1.9.0
Requires: python2-babel >= 2.3.4
Requires: python2-oauthlib >= 0.6
Requires: python-dogpile-cache >= 0.6.2
Requires: python2-jsonschema
Requires: python2-pycadf >= 2.1.0
Requires: python2-keystonemiddleware >= 4.17.0
Requires: python2-oslo-cache >= 1.26.0
Requires: python2-oslo-concurrency >= 3.25.0
Requires: python2-oslo-config >= 2:5.1.0
Requires: python2-oslo-context >= 2.19.2
Requires: python2-oslo-db >= 4.27.0
Requires: python2-oslo-i18n >= 3.15.3
Requires: python2-oslo-log >= 3.36.0
Requires: python2-oslo-messaging >= 5.29.0
Requires: python2-oslo-middleware >= 3.31.0
Requires: python2-oslo-policy >= 1.30.0
Requires: python2-oslo-serialization >= 2.18.0
Requires: python2-oslo-utils >= 3.33.0
Requires: python2-osprofiler >= 1.4.0
Requires: python2-pysaml2 >= 2.4.0
Requires: python2-stevedore >= 1.20.0
Requires: python2-scrypt
# for Keystone Lightweight Tokens (KLWT)
Requires: python2-cryptography
Requires: python-msgpack
%description -n python-keystone
%{common_desc}
This package contains the Keystone Python library.
%package -n python-%{service}-tests
Summary: Keystone tests
Requires: openstack-%{service} = %{epoch}:%{version}-%{release}
# Adding python-keystone-tests-tempest as Requires to keep backward
# compatibilty
Requires: python-keystone-tests-tempest
%description -n python-%{service}-tests
%{common_desc}
This package contains the Keystone test files.
%if 0%{?with_doc}
%package doc
Summary: Documentation for OpenStack Identity Service
# for API autodoc
BuildRequires: python2-cryptography
BuildRequires: python-dogpile-cache >= 0.5.7
BuildRequires: python-memcached
BuildRequires: python2-oslo-concurrency >= 3.25.0
BuildRequires: python2-oslo-log >= 3.36.0
BuildRequires: python2-oslo-messaging >= 5.29.0
BuildRequires: python2-oslo-middleware >= 3.31.0
BuildRequires: python2-oslo-policy >= 1.30.0
BuildRequires: python-paste-deploy
BuildRequires: python2-routes
BuildRequires: python-lxml
BuildRequires: python2-mock
%description doc
%{common_desc}
This package contains documentation for Keystone.
%endif
%prep
%autosetup -n keystone-%{upstream_version} -S git
find . \( -name .gitignore -o -name .placeholder \) -delete
find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \;
# Let RPM handle the dependencies
%py_req_cleanup
# adjust paths to WSGI scripts
sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf
sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf
%build
PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf
PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml
PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json
# distribution defaults are located in keystone-dist.conf
%{__python2} setup.py build
# Generate i18n files
%{__python2} setup.py compile_catalog -d build/lib/%{service}/locale -D keystone
%install
%{__python2} setup.py install --skip-build --root %{buildroot}
# Keystone doesn't ship policy.json file but only an example
# that contains data which might be problematic to use by default.
# Instead, ship an empty file that operators can override.
echo "{}" > policy.json
install -d -m 755 %{buildroot}%{_sysconfdir}/keystone
install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
install -p -D -m 640 etc/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/keystone-paste.ini
install -p -D -m 640 policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json
install -p -D -m 640 %{service}-schema.yaml %{buildroot}%{_datadir}/%{service}/%{service}-schema.yaml
install -p -D -m 640 %{service}-schema.json %{buildroot}%{_datadir}/%{service}/%{service}-schema.json
install -p -D -m 644 %{SOURCE20} %{buildroot}%{_datadir}/keystone/keystone-dist.conf
install -p -D -m 644 etc/policy.v3cloudsample.json %{buildroot}%{_datadir}/keystone/policy.v3cloudsample.json
install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf
install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates
install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
install -d -m 755 %{buildroot}%{_prefix}/lib/sysctl.d
install -p -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sysctl.d/openstack-keystone.conf
# Install sample data script.
install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/keystone/sample_data.sh
install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data
# Install sample HTTPD integration files
install -p -D -m 644 httpd/wsgi-keystone.conf %{buildroot}%{_datadir}/keystone/
install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone
install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone
# cleanup config files installed by keystone
# we already generate them w/ oslo-config-generator
rm -rf %{buildroot}/%{_prefix}%{_sysconfdir}
# docs generation requires everything to be installed first
%if 0%{?with_doc}
%{__python2} setup.py build_sphinx -b html
%endif
%{__python2} setup.py build_sphinx -b man
mkdir -p %{buildroot}%{_mandir}/man1
install -p -D -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1/
%if 0%{?with_doc}
# Fix hidden-file-or-dir warnings
rm -fr doc/build/html/.doctrees doc/build/html/.buildinfo
%endif
# Install i18n .mo files (.po and .pot are not required)
install -d -m 755 %{buildroot}%{_datadir}
rm -f %{buildroot}%{python2_sitelib}/%{service}/locale/*/LC_*/%{service}*po
rm -f %{buildroot}%{python2_sitelib}/%{service}/locale/*pot
mv %{buildroot}%{python2_sitelib}/%{service}/locale %{buildroot}%{_datadir}/locale
# Find language files
%find_lang %{service} --all-name
%pre
# 163:163 for keystone (openstack-keystone) - rhbz#752842
getent group keystone >/dev/null || groupadd -r --gid 163 keystone
getent passwd keystone >/dev/null || \
useradd --uid 163 -r -g keystone -d %{_sharedstatedir}/keystone -s /sbin/nologin \
-c "OpenStack Keystone Daemons" keystone
exit 0
%post
%sysctl_apply openstack-keystone.conf
# Install keystone.log file before, so both keystone & root users can write in it.
touch %{_localstatedir}/log/keystone/keystone.log
chown root:keystone %{_localstatedir}/log/keystone/keystone.log
chmod 660 %{_localstatedir}/log/keystone/keystone.log
%files
%license LICENSE
%doc README.rst
%{_mandir}/man1/keystone*.1.gz
%{_bindir}/keystone-wsgi-admin
%{_bindir}/keystone-wsgi-public
%{_bindir}/keystone-manage
%{_bindir}/openstack-keystone-sample-data
%dir %{_datadir}/keystone
%attr(0644, root, keystone) %{_datadir}/keystone/keystone-dist.conf
%attr(0644, root, keystone) %{_datadir}/keystone/policy.v3cloudsample.json
%attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.yaml
%attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.json
%attr(0755, root, root) %{_datadir}/keystone/sample_data.sh
%attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf
%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone-paste.ini
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/policy.json
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates
%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html
%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
%dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone
%dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone
%ghost %attr(0660, root, keystone) %{_localstatedir}/log/keystone/keystone.log
%{_prefix}/lib/sysctl.d/openstack-keystone.conf
%files -n python-keystone -f %{service}.lang
%defattr(-,root,root,-)
%license LICENSE
%{python2_sitelib}/keystone
%{python2_sitelib}/keystone-*.egg-info
%exclude %{python2_sitelib}/%{service}/tests
%files -n python-%{service}-tests
%license LICENSE
%{python2_sitelib}/%{service}/tests
%if 0%{?with_doc}
%files doc
%license LICENSE
%doc doc/build/html
%endif
%changelog
* Thu Oct 31 2019 RDO <dev@lists.rdoproject.org> 1:13.0.4-1
- Update to 13.0.4
* Wed Oct 30 2019 RDO <dev@lists.rdoproject.org> 1:13.0.3-1
- Update to 13.0.3
* Wed Nov 21 2018 RDO <dev@lists.rdoproject.org> 1:13.0.2-2
- Use copytruncate when rotating logs and bump release
* Wed Oct 31 2018 RDO <dev@lists.rdoproject.org> 1:13.0.2-1
- Update to 13.0.2
* Wed Aug 01 2018 Jon Schlueter <jschluet@redhat.com> 1:13.0.1-1
- Update to 13.0.1 (CVE-2018-14432)
* Wed Feb 28 2018 RDO <dev@lists.rdoproject.org> 1:13.0.0-1
- Update to 13.0.0
* Thu Feb 22 2018 RDO <dev@lists.rdoproject.org> 1:13.0.0-0.2.0rc1
- Update to 13.0.0.0rc2
* Thu Feb 15 2018 RDO <dev@lists.rdoproject.org> 1:13.0.0-0.1.0rc1
- Update to 13.0.0.0rc1