Sync from SUSE:SLFO:Main cepces revision b8c0dce7e8f074bca3083121d6cc2caf

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

_service

@@ -0,0 +1,29 @@
+<services>
+        <service name="tar_scm" mode="disabled">
+                <param name="url">https://github.com/openSUSE/cepces.git</param>
+                <param name="scm">git</param>
+                <param name="revision">master</param>
+                <param name="versionformat">@PARENT_TAG@</param>
+                <param name="versionrewrite-pattern">v(.*)</param>
+                <param name="versionrewrite-replacement">\1</param>
+                <param name="filename">cepces</param>
+                <param name="exclude">.git</param>
+        </service>
+
+        <service name="set_version" mode="disabled">
+                <param name="basename">cepces</param>
+                <param name="regex">^cepces-([^/]+)</param>
+                <param name="file">cepces.spec</param>
+        </service>
+
+        <service name="set_version" mode="disabled">
+                <param name="basename">cepces</param>
+                <param name="regex">^cepces-([^/]+)</param>
+                <param name="file">cepces.changes</param>
+        </service>
+
+        <service name="recompress" mode="disabled">
+                <param name="file">*.tar</param>
+                <param name="compression">bz2</param>
+        </service>
+</services>

cepces.changes

@@ -0,0 +1,97 @@
+-------------------------------------------------------------------
+Thu Dec  1 14:44:33 UTC 2022 - David Mulder <dmulder@suse.com>
+
+Release v0.3.7:
+- Make the openssl security level configurable
+
+-------------------------------------------------------------------
+Thu Oct 20 12:15:15 UTC 2022 - David Mulder <dmulder@suse.com>
+
+Release v0.3.6:
+- Fix Bug #15 cepces.conf.dist: server should be pointed to actual CEP host
+- Replace old requests_kerberos with requests_gssapi
+- setup: Do not install example configs
+- setup: Respect the prefix the user specifies
+- Delete the spec file
+- Make Kerberos delegation configurable
+- Fix Bug #24 cepces-submit 'TypeError: option values must be strings'
+- Removed b755b56d25f3e54f8f15d9985fd0597b21c1051d.patch because
+  it is now upstream.
+
+-------------------------------------------------------------------
+Wed Jun 01 18:58:29 UTC 2022 - David Mulder <dmulder@suse.com>
+
+Release v0.3.5:
+- Added polling_interval which tells certmonger how long to wait in seconds before retrying.
+- Implemented Certificate authentication method.
+- Python 3.10 compatible.
+
+-------------------------------------------------------------------
+Tue May 10 19:19:56 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- add b755b56d25f3e54f8f15d9985fd0597b21c1051d.patch
+
+-------------------------------------------------------------------
+Wed Oct  6 09:03:40 UTC 2021 - Fabian Vogt <fvogt@suse.com>
+
+- Only install the selinux policy if necessary
+- Add missing dependency on the main package to the certmonger
+  subpackage
+- Use %license and move it to the common subpackage
+- Avoid bashisms
+- Fix file list for the python subpackage for 3.10+
+
+-------------------------------------------------------------------
+Tue Oct  5 14:28:05 UTC 2021 - David Mulder <david.mulder@suse.com>
+
+- Also disable selinux in 15.4, since it is still not supported.
+
+-------------------------------------------------------------------
+Thu Aug 19 14:39:17 UTC 2021 - David Mulder <dmulder@suse.com>
+
+- Disable selinux where not supported; (jsc#SLE-18456).
+
+-------------------------------------------------------------------
+Mon Jul 19 14:32:34 UTC 2021 - David Mulder <dmulder@suse.com>
+
+- Fix configuration missing global section.
+- Add a test runner for executing unittests, and github CI.
+
+-------------------------------------------------------------------
+Mon Jul 12 16:24:51 UTC 2021 - David Mulder <dmulder@suse.com>
+
+- v0.3.4: Allow overriding of parameters from the command line
+ - Removed upstreamed patch 0001-Added-Kerberos-delegation.patch
+ - Removed upstreamed patch 0001-Allow-overriding-of-server-auth-from-the-command-lin.patch
+ - Removed upstreamed patch 0001-add-SELinux-permissions-for-RHEL-6.patch
+
+-------------------------------------------------------------------
+Tue Jun 29 16:31:16 UTC 2021 - David Mulder <dmulder@suse.com>
+
+- v0.3.3: Initial submission of sources; (jsc#SLE-18457).
+
+-------------------------------------------------------------------
+Mon Jul 29 2019 - Daniel Uvehag <daniel.uvehag@gmail.com> - 0.3.3-2
+
+- Add missing log directory
+
+-------------------------------------------------------------------
+Mon Jul 29 2019 - Daniel Uvehag <daniel.uvehag@gmail.com> - 0.3.3-1
+
+- Update to version 0.3.3-1
+
+-------------------------------------------------------------------
+Mon Feb 05 2018 - Daniel Uvehag <daniel.uvehag@gmail.com> - 0.3.0-1
+
+- Update to version 0.3.0-1
+
+-------------------------------------------------------------------
+Thu Feb 01 2018 - Daniel Uvehag <daniel.uvehag@gmail.com> - 0.2.1-1
+
+- Update to version 0.2.1-1
+
+-------------------------------------------------------------------
+Mon Jun 27 2016 - Daniel Uvehag <daniel.uvehag@gmail.com> - 0.1.0-1
+
+- Initial package.
+

cepces.spec

@@ -0,0 +1,196 @@
+#
+# spec file
+#
+# Copyright (c) 2022 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%global app_name cepces
+%global selinux_variants targeted
+%global logdir %{_localstatedir}/log/%{app_name}
+
+Name:           %{app_name}
+Version:        0.3.7
+Release:        0%{?dist}
+Summary:        Certificate Enrollment through CEP/CES
+
+License:        GPL-3.0-or-later
+URL:            https://github.com/ufven/%{app_name}
+Source0:        %{name}-%{version}.tar.bz2
+BuildArch:      noarch
+
+Requires:       %{app_name}-certmonger == %{version}
+Requires:       python3-%{app_name} == %{version}
+%if 0%{?sle_version} > 150400 || 0%{?suse_version} > 1500
+Requires:       (%{app_name}-selinux == %{version} if selinux-policy)
+%endif
+
+%description
+%{app_name} is an application for enrolling certificates through CEP and CES.
+It currently only operates through certmonger.
+
+%package -n python3-%{app_name}
+Summary:        Python part of %{app_name}
+
+BuildRequires:  python3-cryptography >= 1.2
+BuildRequires:  python3-devel
+BuildRequires:  python3-requests
+BuildRequires:  python3-requests-gssapi
+BuildRequires:  python3-setuptools
+
+Requires:       python3-cryptography >= 1.2
+Requires:       python3-requests
+Requires:       python3-requests-gssapi
+
+%description -n python3-%{app_name}
+%{app_name} is an application for enrolling certificates through CEP and CES.
+This package provides the Python part for CEP and CES interaction.
+
+%package certmonger
+Summary:        certmonger integration for %{app_name}
+
+Requires:       %{name} == %{version}
+Requires:       certmonger
+
+%description certmonger
+%{app_name} is an application for enrolling certificates through CEP and CES.
+This package provides the certmonger integration.
+
+%if 0%{?sle_version} > 150400 || 0%{?suse_version} > 1500
+%package selinux
+Summary:        SELinux support for %{app_name}
+
+BuildRequires:  selinux-policy-devel
+
+Requires:       selinux-policy
+Requires(post): selinux-policy-targeted
+
+%description selinux
+SELinux support for %{app_name}
+%endif
+
+%prep
+%setup -q -n %{app_name}-%{version}
+
+%build
+%py3_build
+
+%if 0%{?sle_version} > 150400 || 0%{?suse_version} > 1500
+# Build the SELinux module(s).
+for SELINUXVARIANT in %{selinux_variants}; do
+  make -C selinux clean all
+  mv -v selinux/%{app_name}.pp selinux/%{app_name}-${SELINUXVARIANT}.pp
+done
+%endif
+
+%install
+%py3_install
+
+install -d -m 0700 %{buildroot}%{logdir}
+
+%if 0%{?sle_version} > 150400 || 0%{?suse_version} > 1500
+# Install the SELinux module(s).
+rm -fv selinux-files.txt
+
+for SELINUXVARIANT in %{selinux_variants}; do
+  install -d %{buildroot}%{_datadir}/selinux/${SELINUXVARIANT}
+  install -p -m 644 selinux/%{app_name}-${SELINUXVARIANT}.pp \
+    %{buildroot}%{_datadir}/selinux/${SELINUXVARIANT}/%{app_name}.pp
+
+  echo %{_datadir}/selinux/${SELINUXVARIANT}/%{app_name}.pp >> \
+    selinux-files.txt
+done
+%endif
+
+# Install configuration files.
+install -d %{buildroot}%{_sysconfdir}/%{app_name}
+install -p -m 644 conf/cepces.conf.dist \
+  %{buildroot}%{_sysconfdir}/%{app_name}/cepces.conf
+install -p -m 644 conf/logging.conf.dist \
+  %{buildroot}%{_sysconfdir}/%{app_name}/logging.conf
+
+install -d %{buildroot}%{_libexecdir}/certmonger
+install -p -m 755 bin/%{app_name}-submit \
+  %{buildroot}%{_libexecdir}/certmonger/%{app_name}-submit
+
+# Remove unused executables and configuration files.
+%{__rm} -rfv %{buildroot}/usr/local/etc
+%{__rm} -rfv %{buildroot}/usr/local/libexec/certmonger
+
+sed -i 's/\/usr\/bin\/env python3/\/usr\/bin\/python3/g' %{buildroot}%{_libexecdir}/certmonger/%{app_name}-submit
+
+%if 0%{?sle_version} > 150400 || 0%{?suse_version} > 1500
+%post selinux
+for SELINUXVARIANT in %{selinux_variants}; do
+  %{_sbindir}/semodule -n -s ${SELINUXVARIANT} \
+    -i %{_datadir}/selinux/${SELINUXVARIANT}/%{app_name}.pp
+
+  if %{_sbindir}/selinuxenabled; then
+    %{_sbindir}/load_policy
+  fi
+done
+
+%postun selinux
+if [ $1 -eq 0 ]
+then
+  for SELINUXVARIANT in %{selinux_variants}; do
+    %{_sbindir}/semodule -n -s ${SELINUXVARIANT} -r %{app_name} > /dev/null || :
+
+    if %{_sbindir}/selinuxenabled; then
+      %{_sbindir}/load_policy
+    fi
+  done
+fi
+%endif
+
+%post certmonger
+# Install the CA into certmonger.
+if [ $1 -eq 1 ]; then
+  getcert add-ca -c %{app_name} \
+    -e %{_libexecdir}/certmonger/%{app_name}-submit >/dev/null || :
+fi
+
+%preun certmonger
+# Remove the CA from certmonger, unless it's an upgrade.
+if [ $1 -eq 0 ]; then
+  getcert remove-ca -c %{app_name} >/dev/null || :
+fi
+
+%check
+pushd tests
+%{__python3} ./runner.py
+popd
+
+%files
+%doc README.rst
+%dir %{_sysconfdir}/%{app_name}/
+%config(noreplace) %{_sysconfdir}/%{app_name}/%{app_name}.conf
+%config(noreplace) %{_sysconfdir}/%{app_name}/logging.conf
+%dir %{logdir}
+
+%files -n python3-%{app_name}
+%license LICENSE
+%{python3_sitelib}/%{app_name}
+%{python3_sitelib}/%{app_name}-%{version}-py*.egg-info
+
+%files certmonger
+%dir %{_libexecdir}/certmonger
+%{_libexecdir}/certmonger/%{app_name}-submit
+
+%if 0%{?sle_version} > 150400 || 0%{?suse_version} > 1500
+%files selinux -f selinux-files.txt
+%defattr(0644,root,root,0755)
+%endif
+
+%changelog