X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa.spec;h=0b67a9f9cb53fb986e89f06106495e7fcf945c06;hb=4ae211d43bd442f4129eb38469a83caa7bfd7bcf;hp=0182527f0128a1514aa85c65350aa1a953f4b136;hpb=2d90df12f4c85e44733ed7ad23f0e2edf224ecf0;p=sfa.git diff --git a/sfa.spec b/sfa.spec index 0182527f..0b67a9f9 100644 --- a/sfa.spec +++ b/sfa.spec @@ -1,8 +1,6 @@ -%define url $URL: svn+ssh://svn.planet-lab.org/svn/geniwrapper/trunk/geniwrapper.spec $ - %define name sfa -%define version 0.9 -%define taglevel 1 +%define version 1.0 +%define taglevel 21 %define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}} %global python_sitearch %( python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" ) @@ -19,82 +17,468 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot Vendor: PlanetLab Packager: PlanetLab Central Distribution: PlanetLab %{plrelease} -URL: %(echo %{url} | cut -d ' ' -f 2) +URL: %{SCMURL} +Summary: the SFA python libraries +Group: Applications/System BuildRequires: make -Requires: python -Requires: pyOpenSSL >= 0.7 +Requires: python >= 2.5 Requires: m2crypto +Requires: xmlsec1-openssl-devel Requires: libxslt-python - -Summary: the SFA python libraries +Requires: python-ZSI +# xmlbuilder depends on lxml +Requires: python-lxml +Requires: python-setuptools +Requires: python-dateutil + +# python 2.5 has uuid module added, for python 2.4 we still need it. +# we can't really check for if we can load uuid as a python module, +# it'll be installed by "devel.pkgs". we have the epel repository so +# python-uuid will be provided. but we can test for the python +# version. +# %define has_py24 %( python -c "import sys;sys.exit(sys.version_info[0:2] == (2,4))" 2> /dev/null; echo $? ) +# %if %has_py24 +# +# this also didn't work very well. I'll just check for distroname - baris +#%if %{distroname} == "centos5" +#Requires: python-uuid +#%endif + +%package cm +Summary: the SFA wrapper around MyPLC NodeManager Group: Applications/System +Requires: sfa +Requires: pyOpenSSL >= 0.6 %package plc Summary: the SFA wrapper arounf MyPLC Group: Applications/System Requires: sfa +Requires: python-psycopg2 +Requires: myplc-config +Requires: pyOpenSSL >= 0.7 %package client Summary: the SFA experimenter-side CLI Group: Applications/System Requires: sfa +Requires: pyOpenSSL >= 0.7 + +%package sfatables +Summary: sfatables policy tool for SFA +Group: Applications/System +Requires: sfa + +%package flashpolicy +Summary: SFA support for flash clients +Group: Applications/System +Requires: sfa + +%package tests +Summary: unit tests suite for SFA +Group: Applications/System +Requires: sfa %description -This package provides the python libraries that the SFA implementation requires +This package provides the python libraries for the PlanetLab implementation of SFA +%description cm +This package implements the SFA interface which serves as a layer +between the existing PlanetLab NodeManager interfaces and the SFA API. + %description plc -Geniwrapper implements the SFA interface which serves as a layer +This package implements the SFA interface which serves as a layer between the existing PlanetLab interfaces and the SFA API. %description client This package provides the client side of the SFA API, in particular sfi.py, together with other utilities. +%description sfatables +sfatables is a tool for defining access and admission control policies +in an SFA network, in much the same way as iptables is for ip +networks. This is the command line interface to manage sfatables + +%description flashpolicy +This package provides support for adobe flash client applications. + +%description tests +Provides some binary unit tests in /usr/share/sfa/tests + %prep %setup -q %build -make +make VERSIONTAG="%{version}-%{taglevel}" SCMURL="%{SCMURL}" %install rm -rf $RPM_BUILD_ROOT -make install DESTDIR="$RPM_BUILD_ROOT" +make VERSIONTAG="%{version}-%{taglevel}" SCMURL="%{SCMURL}" install DESTDIR="$RPM_BUILD_ROOT" %clean rm -rf $RPM_BUILD_ROOT %files +# sfa and sfatables depend each other. +%{_bindir}/sfa-server.py* +/etc/sfatables/* %{python_sitelib}/* -/usr/bin/keyconvert +%{_bindir}/keyconvert.py* /var/www/html/wsdl/*.wsdl +%files cm +/etc/init.d/sfa-cm +%{_bindir}/sfa_component_setup.py* +# cron jobs here + %files plc %defattr(-,root,root) -%config (noreplace) /etc/sfa/sfa_config +%config /etc/sfa/default_config.xml %config (noreplace) /etc/sfa/aggregates.xml %config (noreplace) /etc/sfa/registries.xml /etc/init.d/sfa +/etc/sfa/pl.rng +/etc/sfa/credential.xsd +/etc/sfa/top.xsd +/etc/sfa/sig.xsd +/etc/sfa/xml.xsd +/etc/sfa/protogeni-rspec-common.xsd %{_bindir}/sfa-config-tty %{_bindir}/sfa-import-plc.py* +%{_bindir}/sfa-clean-peer-records.py* %{_bindir}/sfa-nuke-plc.py* -%{_bindir}/sfa-server.py* +%{_bindir}/gen-sfa-cm-config.py* +%{_bindir}/sfa-ca.py* %files client %config (noreplace) /etc/sfa/sfi_config -%{_bindir}/sfi.py* +%{_bindir}/sfi* %{_bindir}/getNodes.py* %{_bindir}/getRecord.py* %{_bindir}/setRecord.py* -%{_bindir}/genidump.py* +%{_bindir}/sfadump.py* + +%files sfatables +%{_bindir}/sfatables -%pre plc -[ -f %{_sysconfdir}/init.d/sfa ] && service sfa stop ||: +%files flashpolicy +%{_bindir}/sfa_flashpolicy.py* +/etc/sfa/sfa_flashpolicy_config.xml +%files tests +%{_datadir}/sfa/tests + +### sfa-plc installs the 'sfa' service %post plc chkconfig --add sfa +%preun plc +if [ "$1" = 0 ] ; then + /sbin/service sfa stop || : + /sbin/chkconfig --del sfa || : +fi + +%postun plc +[ "$1" -ge "1" ] && service sfa restart + +### sfa-cm installs the 'sfa-cm' service +%post cm +chkconfig --add sfa-cm + +%preun cm +if [ "$1" = 0 ] ; then + /sbin/service sfa-cm stop || : + /sbin/chkconfig --del sfa-cm || : +fi + +%postun cm +[ "$1" -ge "1" ] && service sfa-cm restart + + +%changelog +* Wed Mar 16 2011 Thierry Parmentelat - sfa-1.0-21 +- stable sfascan +- fix in initscript, *ENABLED tags in config now taken into account + +* Fri Mar 11 2011 Thierry Parmentelat - sfa-1.0-20 +- some commits had not been pushed in tag 19 + +* Fri Mar 11 2011 Thierry Parmentelat - sfa-1.0-19 +- GetVersion should now report full URLs with path +- scansfa has nicer output and new syntax (entry URLs as args and not options) +- dos2unix'ed flash policy pill + +* Wed Mar 09 2011 Thierry Parmentelat - sfa-1.0-18 +- fix packaging again for f8 + +* Wed Mar 09 2011 Thierry Parmentelat - sfa-1.0-17 +- fix packaging (apparently broken in 1.0-16) +- first working version of sfascan +- tweaks in GetVersion for exposing hrn(AM) and full set of aggregates(SM) +- deprecated the sfa_geni_aggregate config category + +* Tue Mar 08 2011 Andy Bavier - sfa-1.0-16 +- Fix build problem +- First version of SFA scanner + +* Mon Mar 07 2011 Andy Bavier - sfa-1.0-15 +- Add support for Flash clients using flashpolicy +- Fix problems with tag handling in RSpec + +* Wed Mar 02 2011 Andy Bavier - sfa-1.0-14 +- Modifications to the Eucalyptus Aggregate Manager +- Fixes for VINI RSpec +- Fix tag handling for PL RSpec +- Fix XML Schema ordering for element + +* Tue Feb 01 2011 Thierry Parmentelat - sfa-1.0-13 +- just set x509 version to 2 + +* Wed Jan 26 2011 Thierry Parmentelat - sfa-1.0-12 +- added urn to the node area in rspecs +- conversion to urn now exports fqdn +- sfa-import-plc.py now creates a unique registry record for each SFA interface + +* Thu Dec 16 2010 Thierry Parmentelat - sfa-1.0-11 +- undo broken attempt for python-2.7 + +* Wed Dec 15 2010 Thierry Parmentelat - sfa-1.0-10 +- SMs avoid duplicates for when call graph has dags; +- just based on network's name, when a duplicate occurs, one is just dropped +- does not try to merge/aggregate 2 networks +- also reviewed logging with the hope to fix the sfa startup msg: +- TypeError: not all arguments converted during string formatting + +* Tue Dec 07 2010 Thierry Parmentelat - sfa-1.0-9 +- verify credentials against xsd schema +- Fix SM to SM communication +- Fix bug in sfa.util.sfalogging, sfa-import.py now logs to sfa_import.log +- new setting session_key_path + +* Tue Nov 09 2010 Thierry Parmentelat - sfa-1.0-8 +- fix registry credential regeneration and handle expiration +- support for setting slice tags (min_role=user) +- client can display its own version: sfi.py version --local +- GetVersion to provide urn in addition to hrn +- more code uses plxrn vs previous helper functions +- import replaces '+' in email addresses with '_' + +* Fri Oct 22 2010 Thierry Parmentelat - sfa-1.0-7 +- fix GetVersion code_tag and add code_url + +* Fri Oct 22 2010 Thierry Parmentelat - sfa-1.0-6 +- extend GetVersion towards minimum federation introspection, and expose local tag + +* Wed Oct 20 2010 Thierry Parmentelat - sfa-1.0-5 +- fixed some legacy issues (list vs List) +- deprecated sfa.util.namespace for xrn and plxrn +- unit tests ship as the sfa-tests rpm + +* Mon Oct 11 2010 Thierry Parmentelat - sfa-1.0-2 +- deprecated old methods (e.g. List/list, and GetCredential/get_credential) +- NOTE: get_(self_)credential both have type and hrn swapped when moving to Get(Self)Credential +- hrn-urn translations tweaked +- fixed 'service sfa status' +- sfa-nuke-plc has a -f/--file-system option to clean up /var/lib/authorities (exp.) +- started to repair sfadump - although not usable yet +- trust objects now have dump_string method that dump() actually prints +- unit tests under review +- logging cleanup ongoing (always safe to use sfalogging.sfa_logger()) +- binaries now support -v or -vv to increase loglevel +- trashed obsolete sfa.util.client + +* Mon Oct 04 2010 Thierry Parmentelat - sfa-1.0-1 +- various bugfixes and cleanup, improved/harmonized logging + +* Tue Sep 07 2010 Tony Mack - sfa-0.9-16 +- truncate login base of external (ProtoGeni, etc) slices to 20 characters + to avoid returning a PLCAPI exception that might confuse users. +- Enhance PLC aggregate performace by using a better filter when querying SliceTags. +- fix build errors. + +* Tue Aug 24 2010 Tony Mack - sfa-0.9-15 +- (Architecture) Credential format changed to match ProtoGENI xml format +- (Architecture) All interfaces export a new set of methods that are compatible + with the ProtoGeni Aggregate spec. These new methods are considered a + replacement for the pervious methods exported by the interfaces. All + previous methods are still exported and work as normal, but they are + considered deprecated and will not be supported in future releases. +- (Architecture) SFI has been updated to use the new interface methods. +- (Architecture) Changed keyconvet implementation from c to python. +- (Architecture) Slice Manager now attempts looks for a delegated credential + provided by the client before using its own server credential. +- (Archiceture) Slice Interface no longers stores cache of resources on disk. + This cache now exists only in memory and is cleared when service is restarted + or cache lifetime is exceeded. +- (Performance) SliceManager sends request to Aggregates in parallel instead + of sequentially. +- (Bug fix) SFA tickets now support the new rspec format. +- (Bug fix) SFI only uses cahced credential if they aren't expired. +- (Bug fix) Cerdential delegation modified to work with new credential format. +- (Enhancement) SFI -a --aggregatge option now sends requests directly to the + Aggregate instead of relaying through the Slice Manager. +- (Enhancement) Simplified caching. Accociated a global cache instance with + the api handler on every new server request, making it easier to access the + cache and use in more general ways. + %changelog +* Wed Mar 16 2011 Thierry Parmentelat - sfa-1.0-21 +- stable sfascan +- fix in initscript, *ENABLED tags in config now taken into account + +* Fri Mar 11 2011 Thierry Parmentelat - sfa-1.0-20 +- some commits had not been pushed in tag 19 + +* Fri Mar 11 2011 Thierry Parmentelat - sfa-1.0-19 +- GetVersion should now report full URLs with path +- scansfa has nicer output and new syntax (entry URLs as args and not options) +- dos2unix'ed flash policy pill + +* Wed Mar 09 2011 Thierry Parmentelat - sfa-1.0-18 +- fix packaging again for f8 + +* Wed Mar 09 2011 Thierry Parmentelat - sfa-1.0-17 +- fix packaging (apparently broken in 1.0-16) +- first working version of sfascan +- tweaks in GetVersion for exposing hrn(AM) and full set of aggregates(SM) +- deprecated the sfa_geni_aggregate config category + +* Tue Mar 08 2011 Andy Bavier - sfa-1.0-16 +- Fix build problem +- First version of SFA scanner + +* Mon Mar 07 2011 Andy Bavier - sfa-1.0-15 +- Add support for Flash clients using flashpolicy +- Fix problems with tag handling in RSpec + +* Wed Mar 02 2011 Andy Bavier - sfa-1.0-14 +- Modifications to the Eucalyptus Aggregate Manager +- Fixes for VINI RSpec +- Fix tag handling for PL RSpec +- Fix XML Schema ordering for element + +* Tue Feb 01 2011 Thierry Parmentelat - sfa-1.0-13 +- just set x509 version to 2 + +* Wed Jan 26 2011 Thierry Parmentelat - sfa-1.0-12 +- added urn to the node area in rspecs +- conversion to urn now exports fqdn +- sfa-import-plc.py now creates a unique registry record for each SFA interface + +* Thu Dec 16 2010 Thierry Parmentelat - sfa-1.0-11 +- undo broken attempt for python-2.7 + +* Wed Dec 15 2010 Thierry Parmentelat - sfa-1.0-10 +- SMs avoid duplicates for when call graph has dags; +- just based on network's name, when a duplicate occurs, one is just dropped +- does not try to merge/aggregate 2 networks +- also reviewed logging with the hope to fix the sfa startup msg: +- TypeError: not all arguments converted during string formatting + +* Tue Dec 07 2010 Thierry Parmentelat - sfa-1.0-9 +- verify credentials against xsd schema +- Fix SM to SM communication +- Fix bug in sfa.util.sfalogging, sfa-import.py now logs to sfa_import.log +- new setting session_key_path + +* Tue Nov 09 2010 Thierry Parmentelat - sfa-1.0-8 +- fix registry credential regeneration and handle expiration +- support for setting slice tags (min_role=user) +- client can display its own version: sfi.py version --local +- GetVersion to provide urn in addition to hrn +- more code uses plxrn vs previous helper functions +- import replaces '+' in email addresses with '_' + +* Fri Oct 22 2010 Thierry Parmentelat - sfa-1.0-7 +- fix GetVersion code_tag and add code_url + +* Fri Oct 22 2010 Thierry Parmentelat - sfa-1.0-6 +- extend GetVersion towards minimum federation introspection, and expose local tag + +* Wed Oct 20 2010 Thierry Parmentelat - sfa-1.0-5 +- fixed some legacy issues (list vs List) +- deprecated sfa.util.namespace for xrn and plxrn +- unit tests ship as the sfa-tests rpm + +* Mon Oct 11 2010 Thierry Parmentelat - sfa-1.0-2 +- deprecated old methods (e.g. List/list, and GetCredential/get_credential) +- NOTE: get_(self_)credential both have type and hrn swapped when moving to Get(Self)Credential +- hrn-urn translations tweaked +- fixed 'service sfa status' +- sfa-nuke-plc has a -f/--file-system option to clean up /var/lib/authorities (exp.) +- started to repair sfadump - although not usable yet +- trust objects now have dump_string method that dump() actually prints +- unit tests under review +- logging cleanup ongoing (always safe to use sfalogging.sfa_logger()) +- binaries now support -v or -vv to increase loglevel +- trashed obsolete sfa.util.client + +* Mon Oct 04 2010 Thierry Parmentelat - sfa-1.0-1 +- various bugfixes and cleanup, improved/harmonized logging + +* Thu May 11 2010 Tony Mack - sfa-0.9-11 +- SfaServer now uses a pool of threads to handle requests concurrently +- sfa.util.rspec no longer used to process/manage rspecs (deprecated). This is now handled by sfa.plc.network and is not backwards compatible +- PIs can now get a slice credential for any slice at their site without having to be a member of the slice +- Registry records for federated peers (defined in registries.xml, aggregates.xml) updated when sfa service is started +- Interfaces will try to fetch and install gids from peers listed in registries.xml/aggregates.xml if gid is not found in /etc/sfa/trusted_roots dir +- Component manager does not install gid files if slice already has them +- Server automatically fetches and installs peer certificats (defined in registries/aggregates.xml) when service is restarted. +- fix credential verification exploit (verify that the trusted signer is a parent of the object it it signed) +- made it easier for root authorities to sign their sub's certifiacate using the sfa-ca.py (sfa/server/sfa-ca.py) tool + +* Thu Jan 21 2010 anil vengalil - sfa-0.9-10 +- This tag is quite same as the previous one (sfa-0.9-9) except that the vini and max aggregate managers are also updated for urn support. Other features are: +- - sfa-config-tty now has the same features like plc-config-tty +- - Contains code to support both urn and hrn +- - Cleaned up request_hash related stuff +- - SM, AM and Registry code is organized under respective managers +- - Site and Slice synchronization across federated aggregates +- - Script to generate sfa_component_config + +* Fri Jan 15 2010 anil vengalil - sfa-0.9-9 +- sfa-config-tty now has the same features like plc-config-tty +- Contains code to support both urn and hrn +- Cleaned up request_hash related stuff +- SM, AM and Registry code is organized under respective managers +- Slice synchronization across federated aggregates +- some bugs are fixed + +* Wed Jan 06 2010 Thierry Parmentelat - sfa-0.9-8 +- checkpoint with fewer mentions of geni + +* Tue Jan 05 2010 Thierry Parmentelat - sfa-0.9-7 +- checkpointing +- this is believed to pass the tests; among other things: +- reworked configuration based on the myplc config with xml skeleton (no more sfa_config) + +* Mon Nov 16 2009 anil vengalil - sfa-0.9-6 +- This tag includes: +- - Sfatables +- - Preliminary version of hash based authentication +- - Initial code for Component Manager +- - Authority structure is moved to /var/lib/sfa/ +- - some bug-fixes + +* Fri Oct 09 2009 anil vengalil - sfa-0.9-5 +- Create_slice and get_resources methods are connected to sfatables. +- Other features include compatibility with RP, handling remote objects created as part of federation, preliminary version of sfatables, call tracability and logging. + +* Wed Oct 07 2009 anil vengalil - sfa-0.9-4 +- Bug fix on update and remove_peer_object methods +- Compatibility with RP, preliminiary version of sfatables, call tracability and logging + +* Mon Oct 05 2009 anil vengalil - sfa-0.9-3 +- Compatibility with RP, two additional methods to handle remote objects, call tracability and logging, PLCDB now has single table for sfa records, preliminary version of sfatables (still under development) + +* Fri Sep 18 2009 Thierry Parmentelat - sfa-0.9-2 +- compatibility with RefreshPeer +- incremental mechanism for importing PLC records into SFA tables +- unified single database (still inside the underlying PLC db postgresql server) +- includes/improves call traceability and logging features +- several bug fixes + * Thu Sep 17 2009 Baris Metin - added libxslt-python dependency