From 698e214978cd51099a61882a910c2b32938e52d1 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Jun 30 2021 17:47:20 +0000 Subject: Upstream development has stopped. FreeIPA now ships a stripped down version of Custodia --- diff --git a/.gitignore b/.gitignore deleted file mode 100644 index d8b3c1a..0000000 --- a/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -/custodia-0.1.0.tar.gz -/custodia-0.2.0.tar.gz -/custodia-0.3.0.tar.gz -/custodia-0.3.0.tar.gz.sha512sum.txt -/custodia-0.3.1.tar.gz -/custodia-0.3.1.tar.gz.sha512sum.txt -/custodia-0.5.0.tar.gz -/custodia-0.6.0.tar.gz diff --git a/.rpmlint b/.rpmlint deleted file mode 100644 index be76fa6..0000000 --- a/.rpmlint +++ /dev/null @@ -1,5 +0,0 @@ -addFilter('spelling-error.*etcdstore') -addFilter('non-readable /etc/custodia/custodia.conf') -addFilter('non-standard-dir-perm /etc/custodia') -addFilter('non-standard-dir-perm /var/lib/custodia') -addFilter('non-standard-dir-perm /var/log/custodia') diff --git a/0001-Replace-use-of-pytest-get_marker.patch b/0001-Replace-use-of-pytest-get_marker.patch deleted file mode 100644 index 0ff1cb5..0000000 --- a/0001-Replace-use-of-pytest-get_marker.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3d0faa10762a803d4a75e658956b5aa72bef39be Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Wed, 10 Jul 2019 10:46:59 -0400 -Subject: [PATCH] Replace use of pytest get_marker - -get_marker has been removed in pytest 4, so replace it with theiur -suggested work around. - -Signed-off-by: Simo Sorce ---- - tests/conftest.py | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/tests/conftest.py b/tests/conftest.py -index c25e302..2dc7158 100644 ---- a/tests/conftest.py -+++ b/tests/conftest.py -@@ -34,6 +34,8 @@ def pytest_addoption(parser): - - def pytest_runtest_setup(item): - skip_servertest = item.config.getoption(SKIP_SERVERTEST) -- if skip_servertest and item.get_marker("servertest") is not None: -- # args has --skip-servertests and test is marked as servertest -- pytest.skip("Skip integration test") -+ if skip_servertest: -+ for marker in item.iter_markers(): -+ if marker.name == "servertest": -+ # args has --skip-servertests and test is marked as servertest -+ pytest.skip("Skip integration test") --- -2.21.0 - diff --git a/custodia.conf b/custodia.conf deleted file mode 100644 index 5e4b584..0000000 --- a/custodia.conf +++ /dev/null @@ -1,32 +0,0 @@ -# /etc/custodia/custodia.conf -[global] -debug = true -makedirs = true - -[store:sqlite] -handler = SqliteStore -dburi = ${libdir}/secrets.db -table = secrets - -[store:encrypted_sqlite] -handler = EncryptedOverlay -backing_store = sqlite -master_key = ${libdir}/secrets.key -master_enctype = A128CBC-HS256 -autogen_master_key = true - -[auth:creds] -handler = SimpleCredsAuth -uid = root -gid = root - -[authz:paths] -handler = SimplePathAuthz -paths = /. /secrets - -[/] -handler = Root - -[/secrets] -handler = Secrets -store = encrypted_sqlite diff --git a/custodia.spec b/custodia.spec deleted file mode 100644 index 429e7e4..0000000 --- a/custodia.spec +++ /dev/null @@ -1,295 +0,0 @@ -%{!?python3_pkgversion:%global python3_pkgversion 3} - -Name: custodia -Version: 0.6.0 -Release: 16%{?dist} -Summary: A service to manage, retrieve and store secrets for other processes - -License: GPLv3+ -URL: https://github.com/latchset/%{name} -Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz -Source2: custodia.conf -Source3: custodia@.service -Source4: custodia@.socket -Source5: custodia.tmpfiles.conf - -Patch1: nonfatal_deprecation.patch -Patch2: 0001-Replace-use-of-pytest-get_marker.patch - -BuildArch: noarch - -BuildRequires: systemd - -BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-jwcrypto >= 0.4.2 -BuildRequires: python%{python3_pkgversion}-requests -BuildRequires: python%{python3_pkgversion}-setuptools > 18 -BuildRequires: python%{python3_pkgversion}-pytest -BuildRequires: python%{python3_pkgversion}-docutils -BuildRequires: python%{python3_pkgversion}-systemd - -Requires: python%{python3_pkgversion}-custodia = %{version}-%{release} -Requires(preun): systemd-units -Requires(postun): systemd-units -Requires(post): systemd-units - - -%global overview \ -Custodia is a Secrets Service Provider, it stores or proxies access to \ -keys, password, and secret material in general. Custodia is built to \ -use the HTTP protocol and a RESTful API as an IPC mechanism over a local \ -Unix Socket. It can also be exposed to a network via a Reverse Proxy \ -service assuming proper authentication and header validation is \ -implemented in the Proxy. \ - \ -Custodia is modular, the configuration file controls how authentication, \ -authorization, storage and API plugins are combined and exposed. - - -%description -A service to manage, retrieve and store secrets for other processes - -%{overview} - -%package -n python%{python3_pkgversion}-custodia -Summary: Sub-package with python3 custodia modules -%{?python_provide:%python_provide python3-%{name}} -Requires: python%{python3_pkgversion}-jwcrypto >= 0.4.2 -Requires: python%{python3_pkgversion}-requests -Requires: python%{python3_pkgversion}-setuptools -Requires: python%{python3_pkgversion}-systemd -Conflicts: python%{python3_pkgversion}-custodia-extra < %{version} - -%description -n python%{python3_pkgversion}-custodia -Sub-package with python custodia modules - -%{overview} - - -%prep -%autosetup -p1 - - -%build -%py3_build - - -%check -# don't download packages -export PIP_INDEX_URL=http://host.invalid./ -# Don't try to download dnspython3. The package is provided by python%{python3_pkgversion}-dns -export PIP_NO_DEPS=yes -# Ignore all install packages to enforce installation of sdist. Otherwise tox -# may pick up this package from global site-packages instead of source dist. -export PIP_IGNORE_INSTALLED=yes - -# Test custodia in a virtual environment -%{__python3} -m venv --system-site-packages testenv -testenv/bin/pip install . -testenv/bin/python -m pytest --capture=no --strict --skip-servertests - - -%install -mkdir -p %{buildroot}/%{_sbindir} -mkdir -p %{buildroot}/%{_mandir}/man7 -mkdir -p %{buildroot}/%{_defaultdocdir}/custodia -mkdir -p %{buildroot}/%{_defaultdocdir}/custodia/examples -mkdir -p %{buildroot}/%{_sysconfdir}/custodia -mkdir -p %{buildroot}/%{_unitdir} -mkdir -p %{buildroot}/%{_tmpfilesdir} -mkdir -p %{buildroot}/%{_localstatedir}/lib/custodia -mkdir -p %{buildroot}/%{_localstatedir}/log/custodia -mkdir -p %{buildroot}/%{_localstatedir}/run/custodia - -%py3_install -mv %{buildroot}/%{_bindir}/custodia %{buildroot}/%{_sbindir}/custodia -cp %{buildroot}/%{_sbindir}/custodia %{buildroot}/%{_sbindir}/custodia-3 -cp %{buildroot}/%{_bindir}/custodia-cli %{buildroot}/%{_bindir}/custodia-cli-3 - -install -m 644 -t "%{buildroot}/%{_mandir}/man7" man/custodia.7 -install -m 644 -t "%{buildroot}/%{_defaultdocdir}/custodia" README API.md -install -m 644 -t "%{buildroot}/%{_defaultdocdir}/custodia/examples" custodia.conf -install -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/custodia -install -m 644 %{SOURCE3} %{buildroot}%{_unitdir} -install -m 644 %{SOURCE4} %{buildroot}%{_unitdir} -install -m 644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/custodia.conf - - -%pre -getent group custodia >/dev/null || groupadd -r custodia -getent passwd custodia >/dev/null || \ - useradd -r -g custodia -d / -s /sbin/nologin \ - -c "User for custodia" custodia -exit 0 - - -%post -%systemd_post custodia@\*.socket -%systemd_post custodia@\*.service - - -%preun -%systemd_preun custodia@\*.socket -%systemd_preun custodia@\*.service - - -%postun -%systemd_postun custodia@\*.socket -%systemd_postun custodia@\*.service - - -%files -%doc README API.md -%doc %{_defaultdocdir}/custodia/examples/custodia.conf -%license LICENSE -%{_mandir}/man7/custodia* -%{_sbindir}/custodia -%{_bindir}/custodia-cli -%dir %attr(0700,custodia,custodia) %{_sysconfdir}/custodia -%config(noreplace) %attr(600,custodia,custodia) %{_sysconfdir}/custodia/custodia.conf -%attr(644,root,root) %{_unitdir}/custodia@.socket -%attr(644,root,root) %{_unitdir}/custodia@.service -%dir %attr(0700,custodia,custodia) %{_localstatedir}/lib/custodia -%dir %attr(0700,custodia,custodia) %{_localstatedir}/log/custodia -%dir %attr(0755,custodia,custodia) %{_localstatedir}/run/custodia -%{_tmpfilesdir}/custodia.conf - -%files -n python%{python3_pkgversion}-custodia -%license LICENSE -%{python3_sitelib}/%{name} -%{python3_sitelib}/%{name}-%{version}-py%{python3_version}.egg-info -%{python3_sitelib}/%{name}-%{version}-py%{python3_version}-nspkg.pth -%{_sbindir}/custodia-3 -%{_bindir}/custodia-cli-3 - - -%changelog -* Fri Jun 04 2021 Python Maint - 0.6.0-16 -- Rebuilt for Python 3.10 - -* Tue Jan 26 2021 Fedora Release Engineering - 0.6.0-15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Wed Jan 20 14:50:26 CET 2021 Christian Heimes - 0.6.0-14 -- Remove Python 2 packaging -- Remove unused dependency on python3-coverage - -* Mon Jul 27 2020 Fedora Release Engineering - 0.6.0-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue May 26 2020 Miro Hrončok - 0.6.0-12 -- Rebuilt for Python 3.9 - -* Tue Jan 28 2020 Fedora Release Engineering - 0.6.0-11 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Oct 03 2019 Miro Hrončok - 0.6.0-10 -- Rebuilt for Python 3.8.0rc1 (#1748018) - -* Mon Aug 19 2019 Miro Hrončok - 0.6.0-9 -- Rebuilt for Python 3.8 - -* Wed Jul 24 2019 Fedora Release Engineering - 0.6.0-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Wed Jul 10 2019 Simo Sorce - 0.6.0-7 -- Add patch to deal with pytest4 upgrade in future fedora - -* Thu Jan 31 2019 Fedora Release Engineering - 0.6.0-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Wed Jan 09 2019 Miro Hrončok - 0.6.0-5 -- Drop Python 2 package from Fedora 30+ - -* Thu Jul 12 2018 Fedora Release Engineering - 0.6.0-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Fri Jun 29 2018 Christian Heimes - 0.6.0-3 -- Don't turn deprecation warnings into fatal errors - -* Thu Jun 28 2018 Christian Heimes - 0.6.0-2 -- Rebuild for Python 3.7 - -* Mon Jun 25 2018 Christian Heimes - 0.6.0-1 -- New upstream release 0.6.0 -- Remove etcd support -- Remove unnecesary conflict with old FreeIPA -- Make Python 2 optional - -* Tue Jun 19 2018 Miro Hrončok - 0.5.0-13 -- Rebuilt for Python 3.7 - -* Mon May 07 2018 Miro Hrončok - 0.5.0-12 -- Fix BuildRequires to require the tox command and not the python2 module - -* Fri Feb 09 2018 Igor Gnatenko - 0.5.0-11 -- Escape macros in %%changelog - -* Wed Feb 07 2018 Fedora Release Engineering - 0.5.0-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Mon Aug 07 2017 Christian Heimes - 0.5.0-9 -- freeipa 4.4.4-2.fc26 and newer are compatible with custodia 0.5 -- Fix dependency to python2-jwcrypto >= 0.4.2 - -* Wed Aug 02 2017 Christian Heimes - 0.5.0-8 -- Add PIP_IGNORE_INSTALLED - -* Tue Aug 01 2017 Christian Heimes - 0.5.0-7 -- Modernize spec - -* Tue Aug 01 2017 Christian Heimes - 0.5.0-6 -- Require latest python-jwcrypto with Python 3 fix -- Use python2 prefix for all Python 2 dependencies - -* Tue Aug 01 2017 Christian Heimes - 0.5.0-5 -- Add custodia user and named systemd instances - -* Wed Jul 26 2017 Fedora Release Engineering - 0.5.0-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Tue Jun 20 2017 Christian Heimes - 0.5.0-3 -- Add systemd build requirement for tmpfilesdir and unitdir macros - -* Mon Jun 19 2017 Christian Heimes - 0.5.0-2 -- Skip etcd store on PPC64 -- Add missing pre/post install hooks for systemd service -- Custodia 0.5 is compatible with FreeIPA 4.4.5 and newer -- Drop custodia user from tmpfiles.d conf - -* Tue May 16 2017 Simo Sorce - 0.5.0-1 -- New Custodia version -- Drop checks on sha512sum, these checks are already done by dist-git - -* Tue Apr 11 2017 Christian Heimes - 0.3.1-3 -- Run Python 3 tests with correct Python version - -* Fri Apr 07 2017 Christian Heimes - 0.3.1-2 -- Add conflict with FreeIPA < 4.5 - -* Mon Mar 27 2017 Christian Heimes - 0.3.1-1 -- Upstream release 0.3.1 - -* Thu Mar 16 2017 Christian Heimes - 0.3.0-3 -- Provide custodia-2 and custodia-3 scripts - -* Thu Mar 02 2017 Christian Heimes - 0.3.0-2 -- Run Custodia daemon with Python 3 -- Resolves: Bug 1426737 - custodia: Provide a Python 3 subpackage - -* Wed Mar 01 2017 Christian Heimes - 0.3.0-1 -- Update to custodia 0.3.0 -- Run tests with global site packages -- Add tmpfiles.d config for /run/custodia - -* Wed Feb 22 2017 Christian Heimes - 0.2.0-4 -- Add missing runtime requirement on python[23]-systemd. -- Drop unnecesary build dependency on python%%{python3_pkgversion}-configparser. -- Fix tests, don't try to download dnspython3. - -* Fri Feb 10 2017 Fedora Release Engineering - 0.2.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Thu Dec 22 2016 Miro Hrončok - 0.2.0-2 -- Rebuild for Python 3.6 - diff --git a/custodia.tmpfiles.conf b/custodia.tmpfiles.conf deleted file mode 100644 index cacc039..0000000 --- a/custodia.tmpfiles.conf +++ /dev/null @@ -1 +0,0 @@ -d /run/custodia 0755 custodia custodia diff --git a/custodia@.service b/custodia@.service deleted file mode 100644 index ef539f9..0000000 --- a/custodia@.service +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/systemd/system/custodia@.service - -[Unit] -Description=Custodia Secrets Service for %I -Documentation=https://github.com/latchset/custodia -Requires=custodia@%i.socket -After=network.target - -[Service] -Type=notify -ExecStart=/usr/sbin/custodia --instance=%i /etc/custodia/%i.conf -User=custodia -Group=custodia -ProtectSystem=full -ProtectHome=true -NoNewPrivileges=true -Restart=on-failure -RestartSec=30s - -[Install] -WantedBy=multi-user.target diff --git a/custodia@.socket b/custodia@.socket deleted file mode 100644 index fbd0fab..0000000 --- a/custodia@.socket +++ /dev/null @@ -1,18 +0,0 @@ -# /etc/systemd/system/custodia@.socket - -[Unit] -Description=Custodia Socket for %i -Documentation=https://github.com/latchset/custodia - -[Socket] -ListenStream=/var/run/custodia/%i.sock -Service=custodia@%i.service -RemoveOnStop=true -SocketUser=custodia -SocketGroup=custodia -SocketMode=0666 -PassCredentials=true -PassSecurity=true - -[Install] -WantedBy=sockets.target diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..88b0b06 --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +Upstream development has stopped. FreeIPA now ships a stripped down version of Custodia diff --git a/nonfatal_deprecation.patch b/nonfatal_deprecation.patch deleted file mode 100644 index 12fbb7f..0000000 --- a/nonfatal_deprecation.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/tests/conftest.py.orig 2018-06-29 18:06:51.296810334 +0200 -+++ b/tests/conftest.py 2018-06-29 18:06:58.691767950 +0200 -@@ -9,7 +9,7 @@ - from custodia.log import ProvisionalWarning, setup_logging - - # deprecated APIs raise an exception --warnings.simplefilter('error', category=DeprecationWarning) -+# warnings.simplefilter('error', category=DeprecationWarning) - # ignore pytest warnings - warnings.filterwarnings('ignore', category=DeprecationWarning, - module=r'_pytest\..*') diff --git a/sources b/sources deleted file mode 100644 index 6ed26a6..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -SHA512 (custodia-0.6.0.tar.gz) = 1938f4020240a759963b888bc45fa67969da712675e20360d9ad6e2e420da40a95d49e93a72e2278a21154a910eb702b5c45c184879c472e32fbf79a3f88ca21