The package rpms/sigul.git has added or updated architecture specific content in its spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s): https://src.fedoraproject.org/cgit/rpms/sigul.git/commit/?id=2ea5533438aa6b8....
Change: +%ifnarch ppc64
Thanks.
Full change: ============
commit 2ea5533438aa6b83791a03d0324686a09aa6166a Author: Igor Gnatenko ignatenkobrain@fedoraproject.org Date: Mon Aug 12 17:32:48 2019 +0200
Revert "sigul fails to build from source: https://bugzilla.redhat.com/show_bug.cgi?id=1701923"
This reverts commit 09d7a0277620664ab1809a2ccb0813ba39035577.
References: https://pagure.io/releng/issue/8622 Signed-off-by: Igor Gnatenko ignatenkobrain@fedoraproject.org
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..87c0b54 --- /dev/null +++ b/.gitignore @@ -0,0 +1,15 @@ +/.project +sigul-0.97.tar.bz2 +/sigul-0.98.tar.bz2 +/sigul-0.99.tar.bz2 +/sigul-0.100.tar.bz2 +/sigul-0.101.tar.bz2 +/sigul-0.102.tar.bz2 +/sigul-0.200.tar.bz2 +/sigul-0.201.tar.bz2 +/sigul-0.202.tar.bz2 +/sigul-0.203.tar.bz2 +/sigul-0.204.tar.bz2 +/sigul-0.205.tar.bz2 +/sigul-0.206.tar.bz2 +/sigul-0.207.tar.bz2 diff --git a/0001-Fix-PKCS11-pin-reading.patch b/0001-Fix-PKCS11-pin-reading.patch new file mode 100644 index 0000000..116c210 --- /dev/null +++ b/0001-Fix-PKCS11-pin-reading.patch @@ -0,0 +1,41 @@ +From d3b74683e3f0ec3baa87caa2082778ba5af6ba8f Mon Sep 17 00:00:00 2001 +From: Patrick Uiterwijk puiterwijk@redhat.com +Date: Tue, 21 Feb 2017 00:51:16 +0000 +Subject: [PATCH 1/2] Fix PKCS11 pin reading + +Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com +--- + ChangeLog | 2 ++ + src/bind_methods.py | 3 ++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 17efea2..f640c96 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -7,6 +7,8 @@ + * configure.ac: Release 0.204 + * NEWS: Update. + ++ * src/bind_methods.py: Fixed bug with pkcs11 PIN reading. ++ + 2017-02-13 Patrick Uiterwijk puiterwijk@redhat.com + + * configure.ac: Release 0.203 +diff --git a/src/bind_methods.py b/src/bind_methods.py +index fd40976..9625431 100644 +--- a/src/bind_methods.py ++++ b/src/bind_methods.py +@@ -163,7 +163,8 @@ def pkcs11(tokens, **config): + assert 'pkcs11:' in config['%s_privkey' % token] + + if ('%s_pin' % token) not in config: +- config['%s_pin'] = getpass('PIN code for token "%s": ' % token) ++ config['%s_pin' % token] = getpass( ++ 'PIN code for token "%s": ' % token) + config['%s_pin' % token] + + global pkcs11_config +-- +2.11.0 + diff --git a/0001-Implement-support-for-koji-krb_login.patch b/0001-Implement-support-for-koji-krb_login.patch new file mode 100644 index 0000000..0f31bee --- /dev/null +++ b/0001-Implement-support-for-koji-krb_login.patch @@ -0,0 +1,74 @@ +From 8ef24e54007f656ecc8641130a1078dd2fac8dca Mon Sep 17 00:00:00 2001 +From: Patrick Uiterwijk puiterwijk@redhat.com +Date: Sat, 3 Dec 2016 22:35:19 +0000 +Subject: [PATCH 1/2] Implement support for koji krb_login + +Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com +--- + ChangeLog | 4 ++++ + src/utils.py | 27 +++++++++++++++++++++++---- + 2 files changed, 27 insertions(+), 4 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index ea49105..7492274 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,7 @@ ++2016-12-03 Patrick Uiterwijk puiterwijk@redhat.com ++ ++ * src/utils.py: Added support for koji krb_login. ++ + 2016-10-03 Patrick Uiterwijk puiterwijk@redhat.com + + * src/server.py: Added gpg_signature for plain gpg signatures. +diff --git a/src/utils.py b/src/utils.py +index 60131d4..8f40b31 100644 +--- a/src/utils.py ++++ b/src/utils.py +@@ -222,11 +222,23 @@ def koji_read_config(global_config, instance): + parser = ConfigParser.ConfigParser() + parser.read(('/etc/koji.conf', os.path.expanduser(config_path))) + config = dict(parser.items('koji')) +- for opt in ('server', 'cert', 'serverca', 'topurl'): ++ for opt in ('server', 'serverca', 'topurl'): + if opt not in config: + raise KojiError('Missing koji configuration option %s' % opt) + for opt in ('cert', 'serverca'): +- config[opt] = os.path.expanduser(config[opt]) ++ if opt in config: ++ config[opt] = os.path.expanduser(config[opt]) ++ if 'authtype' not in config: ++ # We have no explicit authtype, try to be smart ++ if 'cert' in config: ++ config['authtype'] = 'ssl' ++ elif 'principal' in config and 'keytab' in config: ++ config['authtype'] = 'kerberos' ++ else: ++ raise KojiError('Unable to determine koji Auth type') ++ elif config['authtype'] not in ('ssl', 'kerberos'): ++ raise KojiError('Unsupported authtype %s requested' % ++ config['authtype']) + return config + + def koji_connect(koji_config, authenticate, proxyuser=None): +@@ -242,8 +254,15 @@ def koji_connect(koji_config, authenticate, proxyuser=None): + + session = koji.ClientSession(koji_config['server']) + if authenticate: +- session.ssl_login(koji_config['cert'], None, +- koji_config['serverca'], proxyuser=proxyuser) ++ if koji_config['authtye'] == 'ssl': ++ session.ssl_login(koji_config['cert'], None, ++ koji_config['serverca'], proxyuser=proxyuser) ++ elif koji_config['authtype'] == 'kerberos': ++ kwargs = {} ++ for opt in ('principal', 'keytab', 'ccache'): ++ if opt in koji_config: ++ kwargs[opt] = koji_config[opt] ++ session.krb_login(proxyuser=proxyuser, **kwargs) + try: + version = session.getAPIVersion() + except xmlrpclib.ProtocolError: +-- +2.10.2 + diff --git a/dead.package b/dead.package deleted file mode 100644 index 8aadb0a..0000000 --- a/dead.package +++ /dev/null @@ -1 +0,0 @@ -sigul fails to build from source: https://bugzilla.redhat.com/show_bug.cgi?id=1701923 diff --git a/sigul.logrotate b/sigul.logrotate new file mode 100644 index 0000000..ebe8ea0 --- /dev/null +++ b/sigul.logrotate @@ -0,0 +1,4 @@ +/var/log/sigul*.log { + missingok + notifempty +} \ No newline at end of file diff --git a/sigul.spec b/sigul.spec new file mode 100644 index 0000000..7a71f54 --- /dev/null +++ b/sigul.spec @@ -0,0 +1,357 @@ +# This package depends on automagic byte compilation +# https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilat... +%global _python_bytecompile_extra 1 + +Summary: A signing server and related software client +Name: sigul + +Version: 0.207 +Release: 8%{?dist} +License: GPLv2 + +URL: https://pagure.io/sigul/ +Source0: https://pagure.io/releases/sigul/sigul-%%7Bversion%7D.tar.bz2 +Source1: sigul_bridge.service +Source2: sigul_server.service +Source3: sigul.logrotate + +Requires: logrotate, python2 +Requires: python2-nss >= 0.11 +Requires: koji +# For sigul_setup_client +Requires: coreutils nss-tools +Requires(pre): shadow-utils +BuildRequires: gcc +BuildRequires: python2 +# To detect the path correctly in configure +BuildRequires: gnupg +# To run the test suite +BuildRequires: python2-nss, gnupg, koji, python2-pexpect, python2-pygpgme, python2, python2-fedora +BuildRequires: rpm-sign python2-urlgrabber python2-sqlalchemy git +BuildRequires: systemd +BuildRequires: ostree +BuildRequires: ostree-devel +%ifnarch ppc64 +# Skopeo is not built on ppc64 +BuildRequires: skopeo +%endif + +%if 0%{?rhel} +# There is no ostree package for RHEL other than x86_64, as that's in Atomic Host +ExclusiveArch: x86_64 +%endif + +%description +A signing server, which lets authorized users sign data without having any +access to the necessary private key, a client for the server, and a "bridge" +that connects the two. + + +%package server +Summary: Sigul server component +Requires: %{name}%{?_isa} = %{version}-%{release} +%if 0%{?rhel} && 0%{?rhel} <= 5 +Requires: python-sqlite2 +%endif +Requires: gnupg +Requires: python2-pygpgme +Requires: python2-pexpect +Requires: ostree +Requires: rpm-sign +Requires: python2-sqlalchemy >= 0.5 +# For systemd unit macros +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description server +The server part of sigul that keeps the keys and performs the actual signing. + + +%package bridge +Summary: Sigul bridge +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: python2-fedora +Requires: python2-urlgrabber +# For systemd unit macros +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description bridge +The bridge part of sigul that facilitates connection between the client and server. + + +%prep +%setup -q + +%build +%if 0%{?rhel} >= 7 +export GPG=/usr/bin/gpg1 +%endif +%configure +make %{?_smp_mflags} + +%check +exit 0 +%ifnarch ppc64 +# Skopeo is not built on ppc64 +%if 0%{?fedora} + if make check; then + echo "Tests passed" + else + echo "Tests failed. Log output follows" + cat testsuite.log + cat testsuite.dir/*/{testsuite.log,bridge/sigul_bridge.log,server/sigul_server.log} + exit 1 + fi +%endif +%endif + +%install +make DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' install +mkdir -p $RPM_BUILD_ROOT%{_unitdir} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d +install -m 0644 -p %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/sigul_bridge.service +install -m 0644 -p %{SOURCE2} $RPM_BUILD_ROOT%{_unitdir}/sigul_server.service +install -m 0644 -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sigul + +%pre +getent group sigul >/dev/null || groupadd -r sigul +getent passwd sigul >/dev/null || \ +useradd -r -g sigul -d %{_localstatedir}/lib/sigul -s /sbin/nologin \ + -c "Signing server or bridge" sigul +exit 0 + +%post bridge +%systemd_post sigul_bridge.service + +%post server +%systemd_post sigul_server.service + +%preun bridge +%systemd_preun sigul_bridge.service + +%preun server +%systemd_preun sigul_server.service + +%postun bridge +%systemd_postun_with_restart sigul_bridge.service + +%postun server +%systemd_postun_with_restart sigul_server.service + + +%files +%doc AUTHORS COPYING NEWS README +%dir %{_sysconfdir}/sigul +%config(noreplace) %{_sysconfdir}/sigul/client.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/sigul +%{_bindir}/sigul +%{_bindir}/sigul_setup_client +%{_mandir}/man1/sigul*.1* +%{_mandir}/man8/sigul*.8* +%dir %{_datadir}/sigul +%{_datadir}/sigul/bind_methods.py* +%{_datadir}/sigul/client.py* +%{_datadir}/sigul/double_tls.py* +%{_datadir}/sigul/errors.py* +%{_datadir}/sigul/settings.py* +%{_datadir}/sigul/utils.py* + + +%files bridge +%config(noreplace) %attr(640,root,sigul) %{_sysconfdir}/sigul/bridge.conf +%{_unitdir}/sigul_bridge.service +%{_sbindir}/sigul_bridge +%{_datadir}/sigul/bridge* + +%files server +%config(noreplace) %attr(640,root,sigul) %{_sysconfdir}/sigul/server.conf +%{_unitdir}/sigul_server.service +%{_bindir}/sigul-ostree-helper +%{_sbindir}/sigul_server +%{_sbindir}/sigul_server_add_admin +%{_sbindir}/sigul_server_create_db +%dir %attr(700,sigul,sigul) %{_localstatedir}/lib/sigul +%dir %attr(700,sigul,sigul) %{_localstatedir}/lib/sigul/gnupg +%{_datadir}/sigul/server* + + +%changelog +* Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 0.207-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Feb 02 2019 Fedora Release Engineering releng@fedoraproject.org - 0.207-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 0.207-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 28 2018 Iryna Shcherbina ishcherb@redhat.com - 0.207-5 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Feb 09 2018 Fedora Release Engineering releng@fedoraproject.org - 0.207-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering releng@fedoraproject.org - 0.207-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 0.207-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu May 04 2017 Patrick Uiterwijk puiterwijk@redhat.com - 0.207-1 +- Rebase to 0.207 + +* Wed May 03 2017 Patrick Uiterwijk puiterwijk@redhat.com - 0.206-2 +- Koji was broken. Rebuild please + +* Tue May 02 2017 Patrick Uiterwijk puiterwijk@redhat.com - 0.206-1 +- Rebase to 0.206 + +* Wed Mar 01 2017 Patrick Uiterwijk puiterwijk@redhat.com - 0.205-1 +- Rebase to upstream 0.205 + +* Tue Feb 21 2017 Patrick Uiterwijk puiterwijk@redhat.com - 0.204-3 +- Add PIN reading fix + +* Tue Feb 21 2017 Patrick Uiterwijk puiterwijk@redhat.com - 0.204-2 +- rebuilt + +* Mon Feb 20 2017 Patrick Uiterwijk puiterwijk@redhat.com - 0.204-1 +- Rebase to upstream 0.204 + +* Mon Feb 13 2017 Patrick Uiterwijk puiterwijk@redhat.com - 0.203-1 +- Rebase to 0.203 + +* Sat Feb 11 2017 Fedora Release Engineering releng@fedoraproject.org - 0.202-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sun Dec 11 2016 Patrick Uiterwijk puiterwijk@redhat.com - 0.202-4 +- Add patch for krb5 support + +* Sat Oct 29 2016 Patrick Uiterwijk puiterwijk@redhat.com - 0.202-3 +- Disable test suite for ppc64, since skopeo failed to build +- Enable test suite on Fedora instead of RHEL + +* Wed Oct 19 2016 Patrick Uiterwijk puiterwijk@redhat.com - 0.202-2 +- Do not run tests on el7 + +* Tue Oct 11 2016 Patrick Uiterwijk puiterwijk@redhat.com - 0.202-1 +- Update to 0.202 + +* Tue Sep 20 2016 Patrick Uiterwijk puiterwijk@redhat.com - 0.201-2 +- Rebuild with test suite on + +* Fri Sep 16 2016 Patrick Uiterwijk puiterwijk@redhat.com - 0.201-1 +- New upstream release + +* Wed Sep 07 2016 Patrick Uiterwijk puiterwijk@redhat.com - 0.200-1 +- New upstream release + +* Fri Feb 05 2016 Fedora Release Engineering releng@fedoraproject.org - 0.102-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Jan 25 2016 Miloslav Trma mitr@redhat.com - 0.102-2 +- Migrate to systemd unit files, based on a patch by Kevin Fenzi + kevin@scrye.com. + Resolves: #1301297 + +* Thu Nov 26 2015 Miloslav Trma mitr@redhat.com - 0.102-1 +- Update to sigul-0.102. + Resolves: #1283364 + Related: #1272535 + +* Wed Nov 18 2015 Miloslav Trma mitr@redhat.com - 0.101-1 +- Update to sigul-0.101. + Related: #1272535 + +* Fri Jun 19 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.100-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Apr 27 2015 Miloslav Trma mitr@redhat.com - 0.100-5 +- Add Requires: rpm-sign + Resolves: #1215678 + +* Sun Jun 08 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.100-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Aug 04 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.100-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.100-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Jul 17 2012 Miloslav Trma mitr@redhat.com - 0.100-1 +- Update to sigul-0.100. + +* Wed Feb 8 2012 Toshio Kuratomi toshio@fedoraproject.org - 0.99-3 +- Remove the python-sqlite2 dep in Fedora as that package is being retired and + sigul can use the sqlite3 module from the python stdlib + +* Sat Jan 14 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.99-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Jun 6 2011 Miloslav Trma mitr@redhat.com - 0.99-1 +- Update to sigul-0.99. + +* Thu Jun 2 2011 Miloslav Trma mitr@redhat.com - 0.98-2 +- Add Requires: gnupg + Resolves: #664536 + +* Tue May 31 2011 Miloslav Trma mitr@redhat.com - 0.98-1 +- Update to sigul-0.98. + +* Wed Feb 09 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.97-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Aug 11 2010 David Malcolm dmalcolm@redhat.com +- recompiling .py files against Python 2.7 (rhbz#623359) + +- Drop no longer necessary references to BuildRoot: + +* Fri Jul 31 2009 Miloslav Trma mitr@redhat.com - 0.97-1 +- Update to sigul-0.97. +- Ship NEWS. + +* Tue Jul 28 2009 Jesse Keating jkeating@redhat.com - 0.96-6 +- Fix the patch in -4 + +* Tue Jul 28 2009 Jesse Keating jkeating@redhat.com - 0.96-5 +- Add a dist tag + +* Tue Jul 28 2009 Jesse Keating jkeating@redhat.com - 0.96-4 +- Add another patch to temporarily work around a stale koji issue. +- Bump python-nss reqs up now that we have a newer one in EPEL + +* Mon Jul 27 2009 Jesse Keating jkeating@redhat.com - 0.96-3 +- Setup the Requires right for EL5 + +* Mon Jul 27 2009 Jesse Keating jkeating@redhat.com - 0.96-2 +- Fix various bugs while testing (release by Mitr) +- Patch from jkeating for srpm signing. + +* Sat Jul 18 2009 Miloslav Trma mitr@redhat.com - 0.95-0.mitr.1 +- Update to 0.95. +- Add missing Requires: m2crypto. + +* Wed Jul 1 2009 Miloslav Trma mitr@redhat.com - 0.94-0.mitr.1 +- Update to 0.94. + +* Fri Apr 10 2009 Miloslav Trma mitr@redhat.com - 0.93-0.mitr.1 +- Update to 0.93. + +* Wed Jan 28 2009 Miloslav Trma mitr@redhat.com - 0.92-0.mitr.1 +- Update to 0.92. + +* Mon Jan 12 2009 Miloslav Trma mitr@redhat.com - 0.91-0.mitr.1 +- Update to 0.91. + +* Sun Jan 11 2009 Miloslav Trma mitr@redhat.com - 0.90-0.mitr.2 +- Requires: koji, python-sqlite2 + +* Sun Jan 11 2009 Miloslav Trma mitr@redhat.com - 0.90-0.mitr.1 +- s/rpmsigner/sigul/g + +* Sun Nov 30 2008 Miloslav Trma mitr@redhat.com - 0.90-0.mitr.1 +- Initial package. diff --git a/sigul_bridge.service b/sigul_bridge.service new file mode 100644 index 0000000..b2cc43c --- /dev/null +++ b/sigul_bridge.service @@ -0,0 +1,11 @@ +[Unit] +Description=Sigul bridge server +After=network.target +Documentation=https://fedorahosted.org/sigul/ + +[Service] +ExecStart=/usr/sbin/sigul_bridge -v +Type=simple + +[Install] +WantedBy=multi-user.target diff --git a/sigul_server.service b/sigul_server.service new file mode 100644 index 0000000..f65f0c7 --- /dev/null +++ b/sigul_server.service @@ -0,0 +1,11 @@ +[Unit] +Description=Sigul vault server +After=network.target +Documentation=https://fedorahosted.org/sigul/ + +[Service] +ExecStart=/usr/sbin/sigul_server -v +Type=simple + +[Install] +WantedBy=multi-user.target diff --git a/sources b/sources new file mode 100644 index 0000000..1b6ec3e --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (sigul-0.207.tar.bz2) = c7be0c7a92ded970e3ca707429bf79f01aed4f70c7addf0ac5a1afbb89fcaa7633e736d2caf7548d3edffbb50b9d7d9f3f50f1f1ebea539b02ca1a2892d1d041
arch-excludes@lists.fedoraproject.org