%define url $URL$
%define name sfa
-%define version 0.9
-%define taglevel 10
+%define version 1.0
+%define taglevel 5
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
%global python_sitearch %( python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" )
Group: Applications/System
BuildRequires: make
-Requires: python
+Requires: python >= 2.5
Requires: m2crypto
+Requires: xmlsec1-openssl-devel
Requires: libxslt-python
Requires: python-ZSI
# xmlbuilder depends on lxml
Requires: python-lxml
-
+Requires: python-setuptools
+Requires: python-dateutil
+
# python 2.5 has uuid module added, for python 2.4 we still need it.
# we can't really check for if we can load uuid as a python module,
# it'll be installed by "devel.pkgs". we have the epel repository so
# python-uuid will be provided. but we can test for the python
# version.
-%define has_py24 %( python -c "import sys;sys.exit(sys.version_info[0:2] == (2,4))" 2> /dev/null; echo $? )
-%if %has_py24
-Requires: python-uuid
-%endif
+# %define has_py24 %( python -c "import sys;sys.exit(sys.version_info[0:2] == (2,4))" 2> /dev/null; echo $? )
+# %if %has_py24
+#
+# this also didn't work very well. I'll just check for distroname - baris
+#%if %{distroname} == "centos5"
+#Requires: python-uuid
+#%endif
%package cm
-Summary: the SFA wrapper around MyPLC's NodeManager
+Summary: the SFA wrapper around MyPLC NodeManager
Group: Applications/System
Requires: sfa
Requires: pyOpenSSL >= 0.6
Group: Applications/System
Requires: sfa
+%Package tests
+Summary: unit tests suite for SFA
+Group: Applications/System
+Requires: sfa
+
%description
This package provides the python libraries that the SFA implementation requires
in an SFA network, in much the same way as iptables is for ip
networks. This is the command line interface to manage sfatables
+%description tests
+Provides some binary unit tests in /usr/share/sfa/tests
+
%prep
%setup -q
%{_bindir}/sfa-server.py*
/etc/sfatables/*
%{python_sitelib}/*
-/usr/bin/keyconvert
+%{_bindir}/keyconvert.py*
/var/www/html/wsdl/*.wsdl
%files cm
%config (noreplace) /etc/sfa/aggregates.xml
%config (noreplace) /etc/sfa/registries.xml
/etc/init.d/sfa
+/etc/sfa/pl.rng
%{_bindir}/sfa-config-tty
%{_bindir}/sfa-import-plc.py*
%{_bindir}/sfa-clean-peer-records.py*
%{_bindir}/sfa-nuke-plc.py*
%{_bindir}/gen-sfa-cm-config.py*
+%{_bindir}/sfa-ca.py*
%files client
%config (noreplace) /etc/sfa/sfi_config
-%{_bindir}/sfi.py*
+%{_bindir}/sfi*
%{_bindir}/getNodes.py*
%{_bindir}/getRecord.py*
%{_bindir}/setRecord.py*
%files sfatables
%{_bindir}/sfatables
-%pre plc
-[ -f %{_sysconfdir}/init.d/sfa ] && service sfa stop ||:
-
-%pre cm
-[ -f %{_sysconfdir}/init.d/sfa-cm ] && service sfa-cm stop ||:
+%files tests
+%{_datadir}/sfa/tests
+### sfa-plc installs the 'sfa' service
%post plc
chkconfig --add sfa
+%preun plc
+if [ "$1" = 0 ] ; then
+ /sbin/service sfa stop || :
+ /sbin/chkconfig --del sfa || :
+fi
+
+%postun plc
+[ "$1" -ge "1" ] && service sfa restart
+
+### sfa-cm installs the 'sfa-cm' service
%post cm
chkconfig --add sfa-cm
+
+%preun cm
+if [ "$1" = 0 ] ; then
+ /sbin/service sfa-cm stop || :
+ /sbin/chkconfig --del sfa-cm || :
+fi
+
+%postun cm
+[ "$1" -ge "1" ] && service sfa-cm restart
+
+
+%changelog
+* Mon Oct 11 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-2
+- deprecated old methods (e.g. List/list, and GetCredential/get_credential)
+- NOTE: get_(self_)credential both have type and hrn swapped when moving to Get(Self)Credential
+- hrn-urn translations tweaked
+- fixed 'service sfa status'
+- sfa-nuke-plc has a -f/--file-system option to clean up /var/lib/authorities (exp.)
+- started to repair sfadump - although not usable yet
+- trust objects now have dump_string method that dump() actually prints
+- unit tests under review
+- logging cleanup ongoing (always safe to use sfalogging.sfa_logger())
+- binaries now support -v or -vv to increase loglevel
+- trashed obsolete sfa.util.client
+
+* Mon Oct 04 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-1
+- various bugfixes and cleanup, improved/harmonized logging
+
+* Tue Sep 07 2010 Tony Mack <tmack@cs.princeton.edu> - sfa-0.9-16
+- truncate login base of external (ProtoGeni, etc) slices to 20 characters
+ to avoid returning a PLCAPI exception that might confuse users.
+- Enhance PLC aggregate performace by using a better filter when querying SliceTags.
+- fix build errors.
+
+* Tue Aug 24 2010 Tony Mack <tmack@cs.princeton.edu> - sfa-0.9-15
+- (Architecture) Credential format changed to match ProtoGENI xml format
+- (Architecture) All interfaces export a new set of methods that are compatible
+ with the ProtoGeni Aggregate spec. These new methods are considered a
+ replacement for the pervious methods exported by the interfaces. All
+ previous methods are still exported and work as normal, but they are
+ considered deprecated and will not be supported in future releases.
+- (Architecture) SFI has been updated to use the new interface methods.
+- (Architecture) Changed keyconvet implementation from c to python.
+- (Architecture) Slice Manager now attempts looks for a delegated credential
+ provided by the client before using its own server credential.
+- (Archiceture) Slice Interface no longers stores cache of resources on disk.
+ This cache now exists only in memory and is cleared when service is restarted
+ or cache lifetime is exceeded.
+- (Performance) SliceManager sends request to Aggregates in parallel instead
+ of sequentially.
+- (Bug fix) SFA tickets now support the new rspec format.
+- (Bug fix) SFI only uses cahced credential if they aren't expired.
+- (Bug fix) Cerdential delegation modified to work with new credential format.
+- (Enhancement) SFI -a --aggregatge option now sends requests directly to the
+ Aggregate instead of relaying through the Slice Manager.
+- (Enhancement) Simplified caching. Accociated a global cache instance with
+ the api handler on every new server request, making it easier to access the
+ cache and use in more general ways.
+
%changelog
+* Mon Oct 11 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-2
+- deprecated old methods (e.g. List/list, and GetCredential/get_credential)
+- NOTE: get_(self_)credential both have type and hrn swapped when moving to Get(Self)Credential
+- hrn-urn translations tweaked
+- fixed 'service sfa status'
+- sfa-nuke-plc has a -f/--file-system option to clean up /var/lib/authorities (exp.)
+- started to repair sfadump - although not usable yet
+- trust objects now have dump_string method that dump() actually prints
+- unit tests under review
+- logging cleanup ongoing (always safe to use sfalogging.sfa_logger())
+- binaries now support -v or -vv to increase loglevel
+- trashed obsolete sfa.util.client
+
+* Mon Oct 04 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-1
+- various bugfixes and cleanup, improved/harmonized logging
+
+* Thu May 11 2010 Tony Mack <tmack@cs.princeton.edu> - sfa-0.9-11
+- SfaServer now uses a pool of threads to handle requests concurrently
+- sfa.util.rspec no longer used to process/manage rspecs (deprecated). This is now handled by sfa.plc.network and is not backwards compatible
+- PIs can now get a slice credential for any slice at their site without having to be a member of the slice
+- Registry records for federated peers (defined in registries.xml, aggregates.xml) updated when sfa service is started
+- Interfaces will try to fetch and install gids from peers listed in registries.xml/aggregates.xml if gid is not found in /etc/sfa/trusted_roots dir
+- Component manager does not install gid files if slice already has them
+- Server automatically fetches and installs peer certificats (defined in registries/aggregates.xml) when service is restarted.
+- fix credential verification exploit (verify that the trusted signer is a parent of the object it it signed)
+- made it easier for root authorities to sign their sub's certifiacate using the sfa-ca.py (sfa/server/sfa-ca.py) tool
+
* Thu Jan 21 2010 anil vengalil <avengali@sophia.inria.fr> - sfa-0.9-10
- This tag is quite same as the previous one (sfa-0.9-9) except that the vini and max aggregate managers are also updated for urn support. Other features are:
- - sfa-config-tty now has the same features like plc-config-tty
git://git.onelab.eu / sfa.git / blobdiff