%global with_doc 1 %global service keystone %{!?upstream_version: %global upstream_version %{version}%{?milestone}} %global common_desc \ Keystone is a Python implementation of the OpenStack \ (http://www.openstack.org) identity service API. Name: openstack-keystone Version: 19.0.0 Release: 2 Summary: OpenStack Identity Service License: ASL 2.0 URL: http://keystone.openstack.org/ Source0: https://tarballs.openstack.org/%{service}/%{service}-%{upstream_version}.tar.gz Source1: openstack-keystone.logrotate Source3: openstack-keystone.sysctl Source5: openstack-keystone-sample-data Source20: keystone-dist.conf Patch0: Hide_AccountLocked.patch BuildArch: noarch BuildRequires: openstack-macros BuildRequires: python3-devel BuildRequires: python3-osprofiler >= 1.1.0 BuildRequires: python3-pbr >= 2.0.0 BuildRequires: git-core BuildRequires: python3-oslo-cache >= 1.26.0 BuildRequires: python3-oslo-config >= 6.8.0 BuildRequires: python3-passlib >= 1.6 BuildRequires: python3-pycadf >= 2.1.0 BuildRequires: python3-babel BuildRequires: python3-oslo-policy BuildRequires: python3-jsonschema >= 2.6.0 BuildRequires: python3-oslo-db >= 4.27.0 BuildRequires: python3-oauthlib BuildRequires: python3-pysaml2 BuildRequires: python3-keystonemiddleware >= 7.0.0 BuildRequires: python3-testresources BuildRequires: python3-testscenarios BuildRequires: python3-oslotest BuildRequires: python3-redis BuildRequires: python3-ldappool >= 2.0.0 BuildRequires: python3-webtest BuildRequires: python3-freezegun Requires: python3-keystone = %{version}-%{release} Requires: python3-keystoneclient >= 3.8.0 %{?systemd_ordering} BuildRequires: systemd Requires(pre): shadow-utils %description %{common_desc} This package contains the Keystone daemon. %package -n python3-keystone Summary: Keystone Python libraries %{?python_provide:%python_provide python3-keystone} Requires: python3-pbr >= 2.0.0 Requires: python3-bcrypt >= 3.1.3 Requires: python3-sqlalchemy >= 1.3.0 Requires: python3-passlib >= 1.7.0 Requires: openssl Requires: python3-oauthlib >= 0.6.2 Requires: python3-jsonschema >= 3.2.0 Requires: python3-pycadf >= 1.1.0 Requires: python3-keystonemiddleware >= 7.0.0 Requires: python3-oslo-cache >= 1.26.0 Requires: python3-oslo-config >= 6.8.0 Requires: python3-oslo-context >= 2.22.0 Requires: python3-oslo-db >= 6.0.0 Requires: python3-oslo-i18n >= 3.15.3 Requires: python3-oslo-log >= 3.44.0 Requires: python3-oslo-messaging >= 5.29.0 Requires: python3-oslo-middleware >= 3.31.0 Requires: python3-oslo-policy >= 3.6.0 Requires: python3-oslo-serialization >= 2.18.0 Requires: python3-oslo-upgradecheck >= 1.3.0 Requires: python3-oslo-utils >= 3.33.0 Requires: python3-osprofiler >= 1.4.0 Requires: python3-pysaml2 >= 5.0.0 Requires: python3-stevedore >= 1.20.0 Requires: python3-scrypt >= 0.8.0 Requires: python3-flask >= 1.0.2 Requires: python3-flask-restful >= 0.3.5 Requires: python3-jwt >= 1.6.1 Requires: python3-pytz >= 2013.6 Requires: python3-cryptography >= 2.7 Requires: python3-ldap >= 3.1.0 Requires: python3-ldappool >= 2.0.0 Requires: python3-memcached >= 1.56 Requires: python3-sqlalchemy-migrate Requires: python3-webob >= 1.7.1 Requires: python3-dogpile-cache >= 1.0.2 Requires: python3-msgpack >= 0.5.0 %description -n python3-keystone %{common_desc} This package contains the Keystone Python library. %package -n python3-%{service}-tests Summary: Keystone tests %{?python_provide:%python_provide python3-%{service}-tests} Requires: openstack-%{service} = %{version}-%{release} %description -n python3-%{service}-tests %{common_desc} This package contains the Keystone test files. %if 0%{?with_doc} %package doc Summary: Documentation for OpenStack Identity Service # for API autodoc BuildRequires: python3-sphinx >= 1.1.2 BuildRequires: python3-sphinx-feature-classification BuildRequires: python3-openstackdocstheme BuildRequires: python3-sphinxcontrib-apidoc BuildRequires: python3-sphinxcontrib-seqdiag BuildRequires: python3-sphinxcontrib-blockdiag BuildRequires: python3-flask >= 1.0.2 BuildRequires: python3-flask-restful >= 0.3.5 BuildRequires: python3-cryptography >= 2.1 BuildRequires: python3-oslo-log >= 3.44.0 BuildRequires: python3-oslo-messaging >= 5.29.0 BuildRequires: python3-oslo-middleware >= 3.31.0 BuildRequires: python3-oslo-policy >= 2.3.0 BuildRequires: python3-mock BuildRequires: python3-dogpile-cache >= 0.5.7 BuildRequires: python3-memcached >= 1.56 BuildRequires: python3-lxml %description doc %{common_desc} This package contains documentation for Keystone. %endif %prep %autosetup -n keystone-%{upstream_version} -p1 find . \( -name .gitignore -o -name .placeholder \) -delete find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \; %py_req_cleanup sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf %build PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json # distribution defaults are located in keystone-dist.conf %{py3_build} %{__python3} setup.py compile_catalog -d build/lib/%{service}/locale -D keystone %install %{py3_install} echo "{}" > policy.json install -d -m 755 %{buildroot}%{_sysconfdir}/keystone install -d -m 755 %{buildroot}%{_sysconfdir}/keystone/policy.d install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf install -p -D -m 640 policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json install -p -D -m 640 %{service}-schema.yaml %{buildroot}%{_datadir}/%{service}/%{service}-schema.yaml install -p -D -m 640 %{service}-schema.json %{buildroot}%{_datadir}/%{service}/%{service}-schema.json install -p -D -m 644 %{SOURCE20} %{buildroot}%{_datadir}/keystone/keystone-dist.conf install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone install -d -m 755 %{buildroot}%{_prefix}/lib/sysctl.d install -p -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sysctl.d/openstack-keystone.conf install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/keystone/sample_data.sh install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data install -p -D -m 644 httpd/wsgi-keystone.conf %{buildroot}%{_datadir}/keystone/ install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone rm -rf %{buildroot}/%{_prefix}%{_sysconfdir} %if 0%{?with_doc} sphinx-build -b html doc/source doc/build/html mkdir -p doc/build/man/_static sphinx-build -b man doc/source doc/build/man mkdir -p %{buildroot}%{_mandir}/man1 install -p -D -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1/ %endif %if 0%{?with_doc} # Fix hidden-file-or-dir warnings rm -fr doc/build/html/.doctrees doc/build/html/.buildinfo %endif # Install i18n .mo files (.po and .pot are not required) install -d -m 755 %{buildroot}%{_datadir} rm -f %{buildroot}%{python3_sitelib}/%{service}/locale/*/LC_*/%{service}*po rm -f %{buildroot}%{python3_sitelib}/%{service}/locale/*pot mv %{buildroot}%{python3_sitelib}/%{service}/locale %{buildroot}%{_datadir}/locale %find_lang %{service} --all-name %pre getent group keystone >/dev/null || groupadd -r --gid 163 keystone getent passwd keystone >/dev/null || \ useradd --uid 163 -r -g keystone -d %{_sharedstatedir}/keystone -s /sbin/nologin \ -c "OpenStack Keystone Daemons" keystone exit 0 %post %sysctl_apply openstack-keystone.conf touch %{_localstatedir}/log/keystone/keystone.log chown root:keystone %{_localstatedir}/log/keystone/keystone.log chmod 660 %{_localstatedir}/log/keystone/keystone.log %files %license LICENSE %doc README.rst %if 0%{?with_doc} %{_mandir}/man1/keystone*.1.gz %endif %{_bindir}/keystone-wsgi-admin %{_bindir}/keystone-wsgi-public %{_bindir}/keystone-manage %{_bindir}/keystone-status %{_bindir}/openstack-keystone-sample-data %dir %{_datadir}/keystone %attr(0644, root, keystone) %{_datadir}/keystone/keystone-dist.conf %attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.yaml %attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.json %attr(0755, root, root) %{_datadir}/keystone/sample_data.sh %attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf %dir %attr(0750, root, keystone) %{_sysconfdir}/keystone %dir %attr(0750, root, keystone) %{_sysconfdir}/keystone/policy.d %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/policy.json %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates %config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html %config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone %dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone %dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone %ghost %attr(0660, root, keystone) %{_localstatedir}/log/keystone/keystone.log %{_prefix}/lib/sysctl.d/openstack-keystone.conf %files -n python3-keystone -f %{service}.lang %defattr(-,root,root,-) %license LICENSE %{python3_sitelib}/keystone %{python3_sitelib}/keystone-*.egg-info %exclude %{python3_sitelib}/%{service}/tests %files -n python3-%{service}-tests %license LICENSE %{python3_sitelib}/%{service}/tests %if 0%{?with_doc} %files doc %license LICENSE %doc doc/build/html %endif %changelog * Sat Aug 28 2021 wangxiyuan - 19.0.0-2 - Fix CVE-2021-38155 * Thu Jul 15 2021 openstack-sig - Update to 19.0.0 * Fri Feb 26 2021 zhaorenhai - 18.0.0-3 - Change reserved port to 5000 * Sat Feb 20 2021 wangxiyuan - Correct python3-sqlalchemy-migrate requirement and drop useless openstack-keystone.defaultconf file * Wed Feb 3 2021 wangxiyuan - Support OpenStack Victoria release