Neal Gompa
5d40dff8d5
This is a dependency of Samba's Certificate Auto Enrollment. It extends certmonger to support auto enrollment to a Microsoft CA. OBS-URL: https://build.opensuse.org/request/show/903556 OBS-URL: https://build.opensuse.org/package/show/security:idm/cepces?expand=0&rev=1
187 lines
5.3 KiB
RPMSpec
187 lines
5.3 KiB
RPMSpec
#
|
|
# spec file for package cepces
|
|
#
|
|
# Copyright (c) 2021 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
%global app_name cepces
|
|
%global selinux_variants targeted
|
|
%global logdir %{_localstatedir}/log/%{app_name}
|
|
|
|
Name: %{app_name}
|
|
Version: 0.3.3
|
|
Release: 2%{?dist}
|
|
Summary: Certificate Enrollment through CEP/CES
|
|
|
|
License: GPL-3.0-or-later
|
|
URL: https://github.com/ufven/%{app_name}
|
|
Source0: %{name}-%{version}.tar.bz2
|
|
Patch0: 0001-Allow-overriding-of-server-auth-from-the-command-lin.patch
|
|
Patch1: 0001-add-SELinux-permissions-for-RHEL-6.patch
|
|
Patch2: 0001-Added-Kerberos-delegation.patch
|
|
BuildArch: noarch
|
|
|
|
Requires: python3-%{app_name} == %{version}
|
|
Requires: %{app_name}-certmonger == %{version}
|
|
Requires: %{app_name}-selinux == %{version}
|
|
|
|
%description
|
|
%{app_name} is an application for enrolling certificates through CEP and CES.
|
|
It currently only operates through certmonger.
|
|
|
|
%package -n python3-%{app_name}
|
|
Summary: Python part of %{app_name}
|
|
|
|
BuildRequires: python3-devel
|
|
BuildRequires: python3-setuptools
|
|
BuildRequires: python3-cryptography >= 1.2
|
|
BuildRequires: python3-requests
|
|
BuildRequires: python3-requests-kerberos >= 0.9
|
|
|
|
Requires: python3-cryptography >= 1.2
|
|
Requires: python3-requests
|
|
Requires: python3-requests-kerberos >= 0.9
|
|
|
|
%description -n python3-%{app_name}
|
|
%{app_name} is an application for enrolling certificates through CEP and CES.
|
|
This package provides the Python part for CEP and CES interaction.
|
|
|
|
%package certmonger
|
|
Summary: certmonger integration for %{app_name}
|
|
|
|
Requires: certmonger
|
|
|
|
%description certmonger
|
|
%{app_name} is an application for enrolling certificates through CEP and CES.
|
|
This package provides the certmonger integration.
|
|
|
|
%package selinux
|
|
Summary: SELinux support for %{app_name}
|
|
|
|
BuildRequires: selinux-policy-devel
|
|
|
|
Requires: selinux-policy
|
|
Requires(post): selinux-policy-targeted
|
|
|
|
%description selinux
|
|
SELinux support for %{app_name}
|
|
|
|
%prep
|
|
%setup -q -n %{app_name}-%{version}
|
|
%patch0 -p1
|
|
%patch1 -p1
|
|
%patch2 -p1
|
|
|
|
%build
|
|
%py3_build
|
|
|
|
# Build the SELinux module(s).
|
|
for SELINUXVARIANT in %{selinux_variants}; do
|
|
make -C selinux clean all
|
|
mv -v selinux/%{app_name}.pp selinux/%{app_name}-${SELINUXVARIANT}.pp
|
|
done
|
|
|
|
%install
|
|
%py3_install
|
|
|
|
install -d -m 0700 %{buildroot}%{logdir}
|
|
|
|
# Install the SELinux module(s).
|
|
rm -fv selinux-files.txt
|
|
|
|
for SELINUXVARIANT in %{selinux_variants}; do
|
|
install -d %{buildroot}%{_datadir}/selinux/${SELINUXVARIANT}
|
|
install -p -m 644 selinux/%{app_name}-${SELINUXVARIANT}.pp \
|
|
%{buildroot}%{_datadir}/selinux/${SELINUXVARIANT}/%{app_name}.pp
|
|
|
|
echo %{_datadir}/selinux/${SELINUXVARIANT}/%{app_name}.pp >> \
|
|
selinux-files.txt
|
|
done
|
|
|
|
# Install configuration files.
|
|
install -d %{buildroot}%{_sysconfdir}/%{app_name}
|
|
install -p -m 644 conf/cepces.conf.dist \
|
|
%{buildroot}%{_sysconfdir}/%{app_name}/cepces.conf
|
|
install -p -m 644 conf/logging.conf.dist \
|
|
%{buildroot}%{_sysconfdir}/%{app_name}/logging.conf
|
|
|
|
install -d %{buildroot}%{_libexecdir}/certmonger
|
|
install -p -m 755 bin/%{app_name}-submit \
|
|
%{buildroot}%{_libexecdir}/certmonger/%{app_name}-submit
|
|
|
|
# Remove unused executables and configuration files.
|
|
%{__rm} -rfv %{buildroot}/usr/local/etc
|
|
%{__rm} -rfv %{buildroot}/usr/local/libexec/certmonger
|
|
|
|
sed -i 's/\/usr\/bin\/env python3/\/usr\/bin\/python3/g' %{buildroot}%{_libexecdir}/certmonger/%{app_name}-submit
|
|
|
|
%post selinux
|
|
for SELINUXVARIANT in %{selinux_variants}; do
|
|
%{_sbindir}/semodule -n -s ${SELINUXVARIANT} \
|
|
-i %{_datadir}/selinux/${SELINUXVARIANT}/%{app_name}.pp
|
|
|
|
if %{_sbindir}/selinuxenabled; then
|
|
%{_sbindir}/load_policy
|
|
fi
|
|
done
|
|
|
|
%postun selinux
|
|
if [ $1 -eq 0 ]
|
|
then
|
|
for SELINUXVARIANT in %{selinux_variants}; do
|
|
%{_sbindir}/semodule -n -s ${SELINUXVARIANT} -r %{app_name} > /dev/null || :
|
|
|
|
if %{_sbindir}/selinuxenabled; then
|
|
%{_sbindir}/load_policy
|
|
fi
|
|
done
|
|
fi
|
|
|
|
%post certmonger
|
|
# Install the CA into certmonger.
|
|
if [[ "$1" == "1" ]]; then
|
|
getcert add-ca -c %{app_name} \
|
|
-e %{_libexecdir}/certmonger/%{app_name}-submit >/dev/null || :
|
|
fi
|
|
|
|
%preun certmonger
|
|
# Remove the CA from certmonger, unless it's an upgrade.
|
|
if [[ "$1" == "0" ]]; then
|
|
getcert remove-ca -c %{app_name} >/dev/null || :
|
|
fi
|
|
|
|
%check
|
|
%{__python3} setup.py test
|
|
|
|
%files
|
|
%doc LICENSE
|
|
%doc README.rst
|
|
%dir %{_sysconfdir}/%{app_name}/
|
|
%config(noreplace) %{_sysconfdir}/%{app_name}/%{app_name}.conf
|
|
%config(noreplace) %{_sysconfdir}/%{app_name}/logging.conf
|
|
%dir %{logdir}
|
|
|
|
%files -n python3-%{app_name}
|
|
%{python3_sitelib}/%{app_name}
|
|
%{python3_sitelib}/%{app_name}-%{version}-py?.?.egg-info
|
|
|
|
%files certmonger
|
|
%dir %{_libexecdir}/certmonger
|
|
%{_libexecdir}/certmonger/%{app_name}-submit
|
|
|
|
%files selinux -f selinux-files.txt
|
|
%defattr(0644,root,root,0755)
|
|
|
|
%changelog
|