diff --git a/.custodia.metadata b/.custodia.metadata new file mode 100644 index 0000000..75d323f --- /dev/null +++ b/.custodia.metadata @@ -0,0 +1 @@ +110ee1016db441829c4f83be7b67a62c7c6aba24 SOURCES/custodia-0.1.0.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..59197af --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/custodia-0.1.0.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0002-Use-OAEP-instead-of-PKCS1v15.patch b/SOURCES/0002-Use-OAEP-instead-of-PKCS1v15.patch new file mode 100644 index 0000000..fa8efb9 --- /dev/null +++ b/SOURCES/0002-Use-OAEP-instead-of-PKCS1v15.patch @@ -0,0 +1,21 @@ +diff -ru custodia-0.1.0.orig/custodia/message/kem.py custodia-0.1.0/custodia/message/kem.py +--- custodia-0.1.0.orig/custodia/message/kem.py 2016-09-07 16:30:48.275037634 +0200 ++++ custodia-0.1.0/custodia/message/kem.py 2016-09-07 16:31:20.564570715 +0200 +@@ -184,7 +184,7 @@ + + ktype = self.client_keys[KEY_USAGE_ENC].key_type + if ktype == 'RSA': +- enc = ('RSA1_5', 'A256CBC-HS512') ++ enc = ('RSA-OAEP', 'A256CBC-HS512') + else: + raise ValueError("'%s' type not supported yet" % ktype) + +@@ -397,7 +397,7 @@ + JWK(**self.client_keys[KEY_USAGE_ENC])] + cli = KEMClient(server_keys, client_keys) + kem = KEMHandler({'KEMKeysStore': self.kk}) +- req = cli.make_request("key name", encalg=('RSA1_5', 'A256CBC-HS512')) ++ req = cli.make_request("key name", encalg=('RSA-OAEP', 'A256CBC-HS512')) + kem.parse(req, "key name") + msg = json_decode(kem.reply('key value')) + rep = cli.parse_reply("key name", msg['value']) diff --git a/SOURCES/custodia-0.1.0.tar.gz.sha512sum.txt b/SOURCES/custodia-0.1.0.tar.gz.sha512sum.txt new file mode 100644 index 0000000..c58d770 --- /dev/null +++ b/SOURCES/custodia-0.1.0.tar.gz.sha512sum.txt @@ -0,0 +1 @@ +a7030b61299305955f4935a43b1caf5f9e4c84434cbca6ce4d7407a3d5e75d42547b693397482d57ed93677ded5194d97b20a87368c75ae30f275d492c45c9fb dist/custodia-0.1.0.tar.gz diff --git a/SPECS/custodia.spec b/SPECS/custodia.spec new file mode 100644 index 0000000..1ebb319 --- /dev/null +++ b/SPECS/custodia.spec @@ -0,0 +1,140 @@ +%{!?__python2: %global __python2 /usr/bin/python2} +%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} + +%if 0%{?fedora} +%global with_python3 1 +%global with_tox 1 +%endif + +Name: custodia +Version: 0.1.0 +Release: 4%{?dist} +Summary: A service to manage, retrieve and store secrets for other processes. + +License: GPLv3+ +URL: https://github.com/latchset/%{name} +Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/custodia-%{version}.tar.gz +Source1: https://github.com/latchset/%{name}/releases/download/v%{version}/custodia-%{version}.tar.gz.sha512sum.txt + +BuildArch: noarch + +BuildRequires: python-devel +BuildRequires: python-setuptools +BuildRequires: python-jwcrypto +%if 0%{?with_tox} +BuildRequires: python-tox +BuildRequires: python-coverage +%endif +BuildRequires: pytest +Requires: python-jwcrypto +Requires: python-custodia + +%if 0%{?with_python3} +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-jwcrypto +BuildRequires: python3-pytest +%if 0%{?with_tox} +BuildRequires: python3-tox +BuildRequires: python3-coverage +%endif +%endif + +%if 0%{?with_tox} +Patch01: 0001-Allow-tox-to-use-locally-installed-packages.patch +%endif +Patch02: 0002-Use-OAEP-instead-of-PKCS1v15.patch + +%description +A service to manage, retrieve and store secrets for other processes. + +%package -n python-custodia +Summary: Subpackage with python custodia modules +Requires: python-jwcrypto + +%description -n python-custodia +Subpackage with python custodia modules + +%if 0%{?with_python3} +%package -n python3-custodia +Summary: Subpackage with python3 custodia modules +Requires: python3-jwcrypto + +%description -n python3-custodia +Subpackage with python custodia modules +%endif + +%prep +grep `sha512sum %{SOURCE0}` %{SOURCE1} || (echo "Checksum invalid!" && exit 1) +%setup +%patch02 -p1 + +%build +%{__python2} setup.py build +%if 0%{?with_python3} +%{__python3} setup.py build +%endif + + +%install +%{__python2} setup.py install -O1 --skip-build --root %{buildroot} +mv %{buildroot}/usr/share/doc/custodia _doc_staging +rm -rf %{buildroot}%{python2_sitelib}/tests +rm -rf %{buildroot}%{python2_sitelib}/__pycache__ +mkdir -p %{buildroot}/%{_sbindir} +mv %{buildroot}/%{_bindir}/custodia %{buildroot}/%{_sbindir}/custodia +%if 0%{?with_python3} +%{__python3} setup.py install -O1 --skip-build --root %{buildroot} +rm -rf %{buildroot}/usr/share/doc/custodia +rm -rf %{buildroot}%{python3_sitelib}/tests +rm -rf %{buildroot}%{python3_sitelib}/__pycache__ +rm -rf %{buildroot}/%{_bindir}/custodia +%endif + + +%check +mkdir docs/source/_static +%if 0%{?with_tox} +tox -e py27 +%if 0%{?with_python3} +tox -e py34 +%endif +%else +# tests are failing on build machines +# %{__python2} -m py.test ./tests/tests.py +%endif # with_tox + + +%files +%doc README API.md _doc_staging/* +%license LICENSE +%{_mandir}/man7/custodia* +%{_sbindir}/custodia + +%files -n python-custodia +%license LICENSE +%{python2_sitelib}/%{name} +%{python2_sitelib}/%{name}-*.egg-info + +%if 0%{?with_python3} +%files -n python3-custodia +%license LICENSE +%{python3_sitelib}/%{name} +%{python3_sitelib}/%{name}-*.egg-info +%endif + + +%changelog +* Wed Sep 07 2016 Christian Heimes - 0.1.0-4 +- Disable tests (broken on build machines) +- related: #1371902 + +* Wed Sep 07 2016 Simo Sorce - 0.1.0-3 +- Change default to use RSA OAEP padding +- resolves: #1371902 + +* Mon Apr 04 2016 Christian Heimes - 0.2.1-2 +- Correct download link + +* Thu Mar 31 2016 Christian Heimes - 0.1.0-1 +- Initial packaging