#
# This is 2012.2 folsom release
#
%global release_name folsom
%global release_letter rc
%global milestone 2
%global snapdate 20120926
%global git_revno r2538
%global snaptag ~%{release_letter}%{milestone}~%{snapdate}.%{git_revno}
%global with_doc %{!?_without_doc:1}%{?_without_doc:0}
Name: openstack-keystone
Version: 2012.2
Release: 4%{?dist}
#Release: 0.1.%{release_letter}%{milestone}%{?dist}
Summary: OpenStack Identity Service
License: ASL 2.0
URL: http://keystone.openstack.org/
Source0: http://launchpad.net/keystone/%{release_name}/%{version}/+download/keystone-%{version}.tar.gz
#Source0: http://launchpad.net/keystone/%{release_name}/%{release_name}-%{milestone}/+download/keystone-%{version}~%{release_letter}%{milestone}.tar.gz
#Source0: http://tarballs.openstack.org/keystone/keystone-%{version}%{snaptag}.tar.gz
Source1: openstack-keystone.logrotate
Source2: openstack-keystone.service
Source5: openstack-keystone-sample-data
#
# patches_base=2012.2
#
Patch0001: 0001-match-egg-and-spec-requires.patch
Patch0002: 0002-add-Quantum-endpoint-in-sample-data.patch
Patch0003: 0003-add-Swift-endpoint-in-sample-data.patch
Patch0004: 0004-notify-calling-process-we-are-ready-to-serve.patch
Patch0005: 0005-Fix-default-port-for-identity.internalURL.patch
BuildArch: noarch
BuildRequires: python2-devel
BuildRequires: python-sphinx >= 1.0
BuildRequires: openstack-utils
BuildRequires: python-iniparse
BuildRequires: systemd-units
Requires: python-keystone = %{version}-%{release}
Requires: python-keystoneclient >= 2012.1-0.4.e4
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(pre): shadow-utils
%description
Keystone is a Python implementation of the OpenStack
(http://www.openstack.org) identity service API.
This package contains the Keystone daemon.
%package -n python-keystone
Summary: Keystone Python libraries
Group: Applications/System
# python-keystone added in 2012.1-0.2.e3
Conflicts: openstack-keystone < 2012.1-0.2.e3
Provides: python-keystone-auth-token
Obsoletes: python-keystone-auth-token
# auth-token subpackage was removed to avoid issues like rhbz#868357
# in Folsom auth-token does not work standalone anyway rhbz#844508
# it will be back in Grizzly pythone-keystoneclient lp#1039567
Requires: python-eventlet
Requires: python-ldap
Requires: python-lxml
Requires: python-memcached
Requires: python-migrate
Requires: python-paste-deploy
Requires: python-routes
Requires: python-sqlalchemy
Requires: python-webob
Requires: python-passlib
Requires: MySQL-python
Requires: PyPAM
Requires: python-iso8601
%description -n python-keystone
Keystone is a Python implementation of the OpenStack
(http://www.openstack.org) identity service API.
This package contains the Keystone Python library.
%if 0%{?with_doc}
%package doc
Summary: Documentation for OpenStack Identity Service
Group: Documentation
%description doc
Keystone is a Python implementation of the OpenStack
(http://www.openstack.org) identity service API.
This package contains documentation for Keystone.
%endif
%prep
%setup -q -n keystone-%{version}
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
%patch0004 -p1
%patch0005 -p1
find . \( -name .gitignore -o -name .placeholder \) -delete
find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \;
%build
# change default configuration
cp etc/keystone.conf.sample etc/keystone.conf
openstack-config --set etc/keystone.conf DEFAULT log_file %{_localstatedir}/log/keystone/keystone.log
openstack-config --set etc/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone
openstack-config --set etc/keystone.conf catalog template_file %{_sysconfdir}/keystone/default_catalog.templates
openstack-config --set etc/keystone.conf catalog driver keystone.catalog.backends.sql.Catalog
openstack-config --set etc/keystone.conf identity driver keystone.identity.backends.sql.Identity
openstack-config --set etc/keystone.conf token driver keystone.token.backends.sql.Token
openstack-config --set etc/keystone.conf ec2 driver keystone.contrib.ec2.backends.sql.Ec2
openstack-config --set etc/keystone.conf DEFAULT onready keystone.common.systemd
%{__python} setup.py build
%install
%{__python} setup.py install --skip-build --root %{buildroot}
# Delete tests
rm -fr %{buildroot}%{python_sitelib}/tests
rm -fr %{buildroot}%{python_sitelib}/run_tests.*
install -d -m 755 %{buildroot}%{_sysconfdir}/keystone
install -p -D -m 640 etc/keystone.conf %{buildroot}%{_sysconfdir}/keystone/keystone.conf
install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf
install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates
install -p -D -m 640 etc/policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
install -p -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/openstack-keystone.service
# Install sample data script.
install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/%{name}/sample_data.sh
install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data
install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone
install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone
# docs generation requires everything to be installed first
export PYTHONPATH="$( pwd ):$PYTHONPATH"
pushd doc
if [ -x /usr/bin/sphinx-apidoc ]; then
make html
make man
else
make html SPHINXAPIDOC=echo
make man SPHINXAPIDOC=echo
fi
mkdir -p %{buildroot}%{_mandir}/man1
install -p -D -m 644 build/man/*.1 %{buildroot}%{_mandir}/man1/
popd
# Fix hidden-file-or-dir warnings
rm -fr doc/build/html/.doctrees doc/build/html/.buildinfo
%pre
# 163:163 for keystone (openstack-keystone) - rhbz#752842
getent group keystone >/dev/null || groupadd -r --gid 163 keystone
getent passwd keystone >/dev/null || \
useradd --uid 163 -r -g keystone -d %{_sharedstatedir}/keystone -s /sbin/nologin \
-c "OpenStack Keystone Daemons" keystone
exit 0
%post
if [ $1 -eq 1 ] ; then
# Initial installation
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi
%preun
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable openstack-keystone.service > /dev/null 2>&1 || :
/bin/systemctl stop openstack-keystone.service > /dev/null 2>&1 || :
fi
%postun
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
# Package upgrade, not uninstall
/bin/systemctl try-restart openstack-keystone.service >/dev/null 2>&1 || :
fi
%files
%doc LICENSE
%doc README.rst
%{_mandir}/man1/keystone*.1.gz
%{_bindir}/keystone-all
%{_bindir}/keystone-manage
%{_bindir}/openstack-keystone-sample-data
%{_datadir}/%{name}
%{_unitdir}/openstack-keystone.service
%dir %{_sysconfdir}/keystone
%config(noreplace) %attr(-, root, keystone) %{_sysconfdir}/keystone/keystone.conf
%config(noreplace) %attr(-, root, keystone) %{_sysconfdir}/keystone/logging.conf
%config(noreplace) %attr(-, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates
%config(noreplace) %attr(-, keystone, keystone) %{_sysconfdir}/keystone/policy.json
%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
%dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone
%dir %attr(-, keystone, keystone) %{_localstatedir}/log/keystone
%files -n python-keystone
%defattr(-,root,root,-)
%doc LICENSE
%{python_sitelib}/keystone
%{python_sitelib}/keystone-%{version}-*.egg-info
%if 0%{?with_doc}
%files doc
%doc LICENSE doc/build/html
%endif
%changelog
* Mon Nov 12 2012 Alan Pevec <apevec@redhat.com> 2012.2-4
- readd iso8601 dependency (from openstack-common timeutils)
* Fri Nov 09 2012 Alan Pevec <apevec@redhat.com> 2012.2-3
- remove auth-token subpackage (rhbz#868357)
* Thu Nov 08 2012 Alan Pevec <apevec@redhat.com> 2012.2-2
- Fix default port for identity.internalURL in sample script
* Thu Sep 27 2012 Alan Pevec <apevec@redhat.com> 2012.2-1
- Update to folsom final
* Wed Sep 26 2012 Alan Pevec <apevec@redhat.com> 2012.2-0.9.rc2
- folsom rc2
* Fri Sep 21 2012 Alan Pevec <apevec@redhat.com> 2012.2-0.8.rc1
- fix systemd notification (rhbz#858188)
* Fri Sep 14 2012 Alan Pevec <apevec@redhat.com> 2012.2-0.7.rc1
- folsom rc1 (CVE-2012-4413)
* Thu Aug 30 2012 Alan Pevec <apevec@redhat.com> 2012.2-0.6.f3
- Require authz to update user's tenant (CVE-2012-3542)
* Wed Aug 29 2012 Alan Pevec <apevec@redhat.com> 2012.2-0.5.f3
- allow middleware configuration from app config
* Mon Aug 20 2012 Alan Pevec <apevec@redhat.com> 2012.2-0.4.f3
- folsom-3 milestone
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2012.2-0.3.f2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jul 06 2012 Alan Pevec <apevec@redhat.com> 2012.2-0.2.f2
- folsom-2 milestone (CVE-2012-3426)
* Fri May 25 2012 Alan Pevec <apevec@redhat.com> 2012.2-0.1.f1
- folsom-1 milestone
* Thu May 24 2012 Alan Pevec <apevec@redhat.com> 2012.1-3
- python-keystone-auth-token subpackage (rhbz#824034)
- use reserved user id for keystone (rhbz#752842)
* Mon May 21 2012 Alan Pevec <apevec@redhat.com> 2012.1-2
- Sync up with Essex stable branch
- Remove dependencies no loner needed by Essex
* Thu Apr 05 2012 Alan Pevec <apevec@redhat.com> 2012.1-1
- Essex release
* Wed Apr 04 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.13.rc2
- essex rc2
* Sat Mar 24 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.12.rc1
- update to final essex rc1
* Wed Mar 21 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.11.rc1
- essex rc1
* Thu Mar 08 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.10.e4
- change default catalog backend to sql rhbz#800704
- update sample-data script
- add missing keystoneclient dependency
* Thu Mar 01 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.9.e4
- essex-4 milestone
* Sat Feb 25 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.8.e4
- change default database to mysql
* Tue Feb 21 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.7.e4
- switch all backends to sql
* Mon Feb 20 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.6.e4
- add missing default_catalog.templates
* Mon Feb 20 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.5.e4
- pre essex-4 snapshot, for keystone rebase
* Mon Feb 13 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.4.e3
- fix deps rhbz#787072
- keystone is not hashing passwords lp#924391
- Fix "KeyError: 'service-header-mappings'" lp#925872
* Wed Feb 8 2012 Toshio Kuratomi <toshio@fedoraproject.org> - 2012.1-0.3.e3
- Remove the dep on python-sqlite2 as that's being retired in F17 and keystone
will work with the sqlite3 module from the stdlib
* Thu Jan 26 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.2.e3
- separate library to python-keystone
- avoid conflict with python-keystoneclient
* Thu Jan 26 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.1.e3
- essex-3 milestone
* Wed Jan 18 2012 Alan Pevec <apevec@redhat.com> 2012.1-0.e2
- essex-2 milestone
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2011.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Nov 24 2011 Alan Pevec <apevec@redhat.com> 2011.3.1-2
- include LICENSE, update package description from README.md
* Mon Nov 21 2011 Alan Pevec <apevec@redhat.com> 2011.3.1-1
- Update to 2011.3.1 stable/diablo release
* Fri Nov 11 2011 Alan Pevec <apevec@redhat.com> 2011.3-2
- Update to the latest stable/diablo snapshot
* Mon Oct 24 2011 Mark McLoughlin <markmc@redhat.com> - 2011.3-1
- Update version to diablo final
* Wed Oct 19 2011 Matt Domsch <Matt_Domsch@dell.com> - 1.0-0.4.d4.1213
- add Requires: python-passlib
* Mon Oct 3 2011 Matt Domsch <Matt_Domsch@dell.com> - 1.0-0.2.d4.1213
- update to diablo release.
- BR systemd-units for _unitdir
* Fri Sep 2 2011 Mark McLoughlin <markmc@redhat.com> - 1.0-0.2.d4.1078
- Use upstream snapshot tarball
- No need to define python_sitelib anymore
- BR python2-devel
- Remove BRs only needed for unit tests
- No need to clean buildroot in install anymore
- Use slightly more canonical site for URL tag
- Prettify the requires tags
- Cherry-pick tools.tracer patch from upstream
- Add config file
- Add keystone user and group
- Ensure log file is in /var/log/keystone
- Ensure the sqlite db is in /var/lib/keystone
- Add logrotate support
- Add system units
* Thu Sep 1 2011 Matt Domsch <Matt_Domsch@dell.com> - 1.0-0.1.20110901git396f0bfd%{?dist}
- initial packaging