diff options
Diffstat (limited to 'sys-cluster/swift')
| -rw-r--r-- | sys-cluster/swift/Manifest | 2 | ||||
| -rw-r--r-- | sys-cluster/swift/files/cve-2015-1856-master-kilo.patch | 253 | ||||
| -rw-r--r-- | sys-cluster/swift/files/swift-account.initd | 36 | ||||
| -rw-r--r-- | sys-cluster/swift/files/swift-container.initd | 36 | ||||
| -rw-r--r-- | sys-cluster/swift/files/swift-object.initd | 36 | ||||
| -rw-r--r-- | sys-cluster/swift/files/swift-proxy.initd | 57 | ||||
| -rw-r--r-- | sys-cluster/swift/metadata.xml | 23 | ||||
| -rw-r--r-- | sys-cluster/swift/swift-2.2.2-r1.ebuild | 121 | ||||
| -rw-r--r-- | sys-cluster/swift/swift-2.3.0.ebuild | 122 |
9 files changed, 686 insertions, 0 deletions
diff --git a/sys-cluster/swift/Manifest b/sys-cluster/swift/Manifest new file mode 100644 index 000000000000..af88a84de76b --- /dev/null +++ b/sys-cluster/swift/Manifest @@ -0,0 +1,2 @@ +DIST swift-2.2.2.tar.gz 1038850 SHA256 d97ff8e3c1381611ca2f9cd3eb13000e3339166e06d67ec079ce9ec958d1a088 SHA512 5abe34679305df18dabf49e6e9a6ddf7b890718a4586b1a33cadf0eb47412861a4af53d6124d2a238e463603d11b134a5afa2867939cb3cea49774ae9601d8e6 WHIRLPOOL 57f7364c0e2fa9094837b7127d4380df52a263150be05d84142e1d1256911d0466e7098a7f2a0380b087fb5da313d5a65a973f42b1e39bc102be46f21000c8ef +DIST swift-2.3.0.tar.gz 1346492 SHA256 7225061f92597e7eaf6196c9336c5e590c7626b7e84126c51e8ca5bf5b7bdae1 SHA512 cf8e1e640f1f679516ce1af772c93f860d7d1f1b6712fa9b89dda1688a4b02cd3fdadc443f4911be5927544f0cffe365ff4174ef6e44d118cb56c7b05cd630b9 WHIRLPOOL aade05a7b8f23e680aa932150e8edbc2e9b6bb83528ffa62becdf4d29c8597b20e873017c3c6a95e66448c13c60531abee6ed0bd9b524b6319642c0436ad5e4c diff --git a/sys-cluster/swift/files/cve-2015-1856-master-kilo.patch b/sys-cluster/swift/files/cve-2015-1856-master-kilo.patch new file mode 100644 index 000000000000..7b885ec80bd3 --- /dev/null +++ b/sys-cluster/swift/files/cve-2015-1856-master-kilo.patch @@ -0,0 +1,253 @@ +From 2d1a6f0e2abf16a21765fa9f62830bfbcdb812d5 Mon Sep 17 00:00:00 2001 +From: John Dickinson <me@not.mn> +Date: Fri, 20 Mar 2015 10:17:25 +0000 +Subject: [PATCH] Prevent unauthorized delete in versioned container + +An authenticated user can delete the most recent version of any +versioned object who's name is known if the user has listing access +to the x-versions-location container. Only Swift setups with +allow_version setting are affected. + +This patch closes this bug. + +Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> +Co-Authored-By: Christian Schwede <info@cschwede.de> +Co-Authored-By: Alistair Coles <alistair.coles@hp.com> + +Closes-Bug: 1430645 +Change-Id: Ibacc7413afe7cb6f77d92e5941dcfdf4768ffa18 +--- + swift/proxy/controllers/obj.py | 12 ++++--- + test/functional/tests.py | 52 +++++++++++++++++++++++++++++++ + test/unit/proxy/test_server.py | 71 ++++++++++++++++++++++++++++++++++++++++-- + 3 files changed, 129 insertions(+), 6 deletions(-) + +diff --git a/swift/proxy/controllers/obj.py b/swift/proxy/controllers/obj.py +index 70b0d0c..2b53ba7 100644 +--- a/swift/proxy/controllers/obj.py ++++ b/swift/proxy/controllers/obj.py +@@ -910,6 +910,10 @@ class ObjectController(Controller): + req.acl = container_info['write_acl'] + req.environ['swift_sync_key'] = container_info['sync_key'] + object_versions = container_info['versions'] ++ if 'swift.authorize' in req.environ: ++ aresp = req.environ['swift.authorize'](req) ++ if aresp: ++ return aresp + if object_versions: + # this is a version manifest and needs to be handled differently + object_versions = unquote(object_versions) +@@ -980,11 +984,11 @@ class ObjectController(Controller): + # remove 'X-If-Delete-At', since it is not for the older copy + if 'X-If-Delete-At' in req.headers: + del req.headers['X-If-Delete-At'] ++ if 'swift.authorize' in req.environ: ++ aresp = req.environ['swift.authorize'](req) ++ if aresp: ++ return aresp + break +- if 'swift.authorize' in req.environ: +- aresp = req.environ['swift.authorize'](req) +- if aresp: +- return aresp + if not containers: + return HTTPNotFound(request=req) + partition, nodes = obj_ring.get_nodes( +diff --git a/test/functional/tests.py b/test/functional/tests.py +index 931f364..6268801 100644 +--- a/test/functional/tests.py ++++ b/test/functional/tests.py +@@ -2409,6 +2409,14 @@ class TestObjectVersioningEnv(object): + cls.account = Account(cls.conn, tf.config.get('account', + tf.config['username'])) + ++ # Second connection for ACL tests ++ config2 = deepcopy(tf.config) ++ config2['account'] = tf.config['account2'] ++ config2['username'] = tf.config['username2'] ++ config2['password'] = tf.config['password2'] ++ cls.conn2 = Connection(config2) ++ cls.conn2.authenticate() ++ + # avoid getting a prefix that stops halfway through an encoded + # character + prefix = Utils.create_name().decode("utf-8")[:10].encode("utf-8") +@@ -2462,6 +2470,14 @@ class TestCrossPolicyObjectVersioningEnv(object): + cls.account = Account(cls.conn, tf.config.get('account', + tf.config['username'])) + ++ # Second connection for ACL tests ++ config2 = deepcopy(tf.config) ++ config2['account'] = tf.config['account2'] ++ config2['username'] = tf.config['username2'] ++ config2['password'] = tf.config['password2'] ++ cls.conn2 = Connection(config2) ++ cls.conn2.authenticate() ++ + # avoid getting a prefix that stops halfway through an encoded + # character + prefix = Utils.create_name().decode("utf-8")[:10].encode("utf-8") +@@ -2496,6 +2512,15 @@ class TestObjectVersioning(Base): + "Expected versioning_enabled to be True/False, got %r" % + (self.env.versioning_enabled,)) + ++ def tearDown(self): ++ super(TestObjectVersioning, self).tearDown() ++ try: ++ # delete versions first! ++ self.env.versions_container.delete_files() ++ self.env.container.delete_files() ++ except ResponseError: ++ pass ++ + def test_overwriting(self): + container = self.env.container + versions_container = self.env.versions_container +@@ -2555,6 +2580,33 @@ class TestObjectVersioning(Base): + self.assertEqual(3, versions_container.info()['object_count']) + self.assertEqual("112233", man_file.read()) + ++ def test_versioning_check_acl(self): ++ container = self.env.container ++ versions_container = self.env.versions_container ++ versions_container.create(hdrs={'X-Container-Read': '.r:*,.rlistings'}) ++ ++ obj_name = Utils.create_name() ++ versioned_obj = container.file(obj_name) ++ versioned_obj.write("aaaaa") ++ self.assertEqual("aaaaa", versioned_obj.read()) ++ ++ versioned_obj.write("bbbbb") ++ self.assertEqual("bbbbb", versioned_obj.read()) ++ ++ # Use token from second account and try to delete the object ++ org_token = self.env.account.conn.storage_token ++ self.env.account.conn.storage_token = self.env.conn2.storage_token ++ try: ++ self.assertRaises(ResponseError, versioned_obj.delete) ++ finally: ++ self.env.account.conn.storage_token = org_token ++ ++ # Verify with token from first account ++ self.assertEqual("bbbbb", versioned_obj.read()) ++ ++ versioned_obj.delete() ++ self.assertEqual("aaaaa", versioned_obj.read()) ++ + + class TestObjectVersioningUTF8(Base2, TestObjectVersioning): + set_up = False +diff --git a/test/unit/proxy/test_server.py b/test/unit/proxy/test_server.py +index 39d637d..41f0ea3 100644 +--- a/test/unit/proxy/test_server.py ++++ b/test/unit/proxy/test_server.py +@@ -56,7 +56,7 @@ from swift.proxy.controllers.base import get_container_memcache_key, \ + get_account_memcache_key, cors_validation + import swift.proxy.controllers + from swift.common.swob import Request, Response, HTTPUnauthorized, \ +- HTTPException ++ HTTPException, HTTPForbidden + from swift.common import storage_policy + from swift.common.storage_policy import StoragePolicy, \ + StoragePolicyCollection, POLICIES +@@ -1615,6 +1615,7 @@ class TestObjectController(unittest.TestCase): + ]) + def test_DELETE_on_expired_versioned_object(self): + methods = set() ++ authorize_call_count = [0] + + def test_connect(ipaddr, port, device, partition, method, path, + headers=None, query_string=None): +@@ -1640,6 +1641,10 @@ class TestObjectController(unittest.TestCase): + for obj in object_list: + yield obj + ++ def fake_authorize(req): ++ authorize_call_count[0] += 1 ++ return None # allow the request ++ + with save_globals(): + controller = proxy_server.ObjectController(self.app, + 'a', 'c', 'o') +@@ -1651,7 +1656,8 @@ class TestObjectController(unittest.TestCase): + 204, 204, 204, # delete for the pre-previous + give_connect=test_connect) + req = Request.blank('/v1/a/c/o', +- environ={'REQUEST_METHOD': 'DELETE'}) ++ environ={'REQUEST_METHOD': 'DELETE', ++ 'swift.authorize': fake_authorize}) + + self.app.memcache.store = {} + self.app.update_request(req) +@@ -1661,6 +1667,67 @@ class TestObjectController(unittest.TestCase): + ('PUT', '/a/c/o'), + ('DELETE', '/a/foo/2')] + self.assertEquals(set(exp_methods), (methods)) ++ self.assertEquals(authorize_call_count[0], 2) ++ ++ @patch_policies([ ++ StoragePolicy(0, 'zero', False, object_ring=FakeRing()), ++ StoragePolicy(1, 'one', True, object_ring=FakeRing()) ++ ]) ++ def test_denied_DELETE_of_versioned_object(self): ++ """ ++ Verify that a request with read access to a versions container ++ is unable to cause any write operations on the versioned container. ++ """ ++ methods = set() ++ authorize_call_count = [0] ++ ++ def test_connect(ipaddr, port, device, partition, method, path, ++ headers=None, query_string=None): ++ methods.add((method, path)) ++ ++ def fake_container_info(account, container, req): ++ return {'status': 200, 'sync_key': None, ++ 'meta': {}, 'cors': {'allow_origin': None, ++ 'expose_headers': None, ++ 'max_age': None}, ++ 'sysmeta': {}, 'read_acl': None, 'object_count': None, ++ 'write_acl': None, 'versions': 'foo', ++ 'partition': 1, 'bytes': None, 'storage_policy': '1', ++ 'nodes': [{'zone': 0, 'ip': '10.0.0.0', 'region': 0, ++ 'id': 0, 'device': 'sda', 'port': 1000}, ++ {'zone': 1, 'ip': '10.0.0.1', 'region': 1, ++ 'id': 1, 'device': 'sdb', 'port': 1001}, ++ {'zone': 2, 'ip': '10.0.0.2', 'region': 0, ++ 'id': 2, 'device': 'sdc', 'port': 1002}]} ++ ++ def fake_list_iter(container, prefix, env): ++ object_list = [{'name': '1'}, {'name': '2'}, {'name': '3'}] ++ for obj in object_list: ++ yield obj ++ ++ def fake_authorize(req): ++ # deny write access ++ authorize_call_count[0] += 1 ++ return HTTPForbidden(req) # allow the request ++ ++ with save_globals(): ++ controller = proxy_server.ObjectController(self.app, ++ 'a', 'c', 'o') ++ controller.container_info = fake_container_info ++ # patching _listing_iter simulates request being authorized ++ # to list versions container ++ controller._listing_iter = fake_list_iter ++ set_http_connect(give_connect=test_connect) ++ req = Request.blank('/v1/a/c/o', ++ environ={'REQUEST_METHOD': 'DELETE', ++ 'swift.authorize': fake_authorize}) ++ ++ self.app.memcache.store = {} ++ self.app.update_request(req) ++ resp = controller.DELETE(req) ++ self.assertEqual(403, resp.status_int) ++ self.assertFalse(methods, methods) ++ self.assertEquals(authorize_call_count[0], 1) + + def test_PUT_auto_content_type(self): + with save_globals(): +-- +1.9.1 + + diff --git a/sys-cluster/swift/files/swift-account.initd b/sys-cluster/swift/files/swift-account.initd new file mode 100644 index 000000000000..e515fcb36f2b --- /dev/null +++ b/sys-cluster/swift/files/swift-account.initd @@ -0,0 +1,36 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +COMMAND=/usr/bin/swift-init +PIDFILE=/run/swift/account-server.pid + +depend() { + after net +} + +checkconfig() { + if [ ! -r /etc/swift/swift.conf ]; then + eerror "Missing required config file: /etc/swift/swift.conf" + return 1 + fi + if [ ! -r /etc/swift/account-server.conf ]; then + eerror "Missing required config file: /etc/swift/account-server.conf" + return 1 + fi + return 0 +} + +start() { + checkconfig || return $? + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --quiet -i --pidfile ${PIDFILE} ${COMMAND} -- account start + eend $? +} + +stop() { + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet -i --pidfile ${PIDFILE} ${COMMAND} -- account stop + eend $? +} diff --git a/sys-cluster/swift/files/swift-container.initd b/sys-cluster/swift/files/swift-container.initd new file mode 100644 index 000000000000..0b2ff0857ddc --- /dev/null +++ b/sys-cluster/swift/files/swift-container.initd @@ -0,0 +1,36 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +COMMAND=/usr/bin/swift-init +PIDFILE=/run/swift/container-server.pid + +depend() { + after net +} + +checkconfig() { + if [ ! -r /etc/swift/swift.conf ]; then + eerror "Missing required config file: /etc/swift/swift.conf" + return 1 + fi + if [ ! -r /etc/swift/container-server.conf ]; then + eerror "Missing required config file: /etc/swift/container-server.conf" + return 1 + fi + return 0 +} + +start() { + checkconfig || return $? + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --quiet -i --pidfile ${PIDFILE} ${COMMAND} -- container start + eend $? +} + +stop() { + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet -i --pidfile ${PIDFILE} ${COMMAND} -- container stop + eend $? +} diff --git a/sys-cluster/swift/files/swift-object.initd b/sys-cluster/swift/files/swift-object.initd new file mode 100644 index 000000000000..5fb6eb34aae4 --- /dev/null +++ b/sys-cluster/swift/files/swift-object.initd @@ -0,0 +1,36 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +COMMAND=/usr/bin/swift-init +PIDFILE=/run/swift/object-server.pid + +depend() { + after net +} + +checkconfig() { + if [ ! -r /etc/swift/swift.conf ]; then + eerror "Missing required config file: /etc/swift/swift.conf" + return 1 + fi + if [ ! -r /etc/swift/object-server.conf ]; then + eerror "Missing required config file: /etc/swift/object-server.conf" + return 1 + fi + return 0 +} + +start() { + checkconfig || return $? + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --quiet -i --pidfile ${PIDFILE} ${COMMAND} -- object start + eend $? +} + +stop() { + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet -i --pidfile ${PIDFILE} ${COMMAND} -- object stop + eend $? +} diff --git a/sys-cluster/swift/files/swift-proxy.initd b/sys-cluster/swift/files/swift-proxy.initd new file mode 100644 index 000000000000..3fbadf33fa3e --- /dev/null +++ b/sys-cluster/swift/files/swift-proxy.initd @@ -0,0 +1,57 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +COMMAND=/usr/bin/swift-init +PIDFILE=/run/swift/proxy-server.pid + +depend() { + after net +} + +opts="reload" + +checkconfig() { + if [ ! -r /etc/swift/swift.conf ]; then + eerror "Missing required config file: /etc/swift/swift.conf" + return 1 + fi + if [ ! -r /etc/swift/proxy-server.conf ]; then + eerror "Missing required config file: /etc/swift/proxy-server.conf" + return 1 + fi + return 0 +} + +start() { + checkconfig || return $? + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --quiet -i --pidfile ${PIDFILE} ${COMMAND} -- proxy start + eend $? +} + +stop() { + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet -i --pidfile ${PIDFILE} ${COMMAND} -- proxy stop + eend $? +} + +reload() { + checkconfig || return $? + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --quiet -i ${COMMAND} -- proxy reload + eend $? "Failed to reload ${SVCNAME}" +} + +restart() { + checkconfig || return $? + ebegin "Restarting ${SVCNAME}" + start-stop-daemon --quiet -i --pidfile ${PIDFILE} ${COMMAND} -- proxy restart + eend $? "Failed to restart ${SVCNAME}" +} + +status() { + start-stop-daemon --quiet -i ${COMMAND} -- proxy status + eend $? "Failed to get status for ${SVCNAME}" +} diff --git a/sys-cluster/swift/metadata.xml b/sys-cluster/swift/metadata.xml new file mode 100644 index 000000000000..9f7df66f121e --- /dev/null +++ b/sys-cluster/swift/metadata.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>openstack</herd> + <use> + <flag name="account">adds swift account support</flag> + <flag name="container">adds swift container support</flag> + <flag name="memcached">adds memcached support</flag> + <flag name="object">adds swift object support</flag> + <flag name="proxy">adds swift proxy support</flag> + </use> + <maintainer> + <email>prometheanfire@gentoo.org</email> + <name>Matthew Thode</name> + </maintainer> + <longdescription lang="en"> + Swift is a highly available, distributed, eventually consistent object/blob + store. + </longdescription> + <upstream> + <remote-id type="launchpad">swift</remote-id> + </upstream> +</pkgmetadata> diff --git a/sys-cluster/swift/swift-2.2.2-r1.ebuild b/sys-cluster/swift/swift-2.2.2-r1.ebuild new file mode 100644 index 000000000000..a46314bd2e0e --- /dev/null +++ b/sys-cluster/swift/swift-2.2.2-r1.ebuild @@ -0,0 +1,121 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit distutils-r1 eutils linux-info user + +DESCRIPTION="A highly available, distributed, and eventually consistent object/blob store" +HOMEPAGE="https://launchpad.net/swift" +SRC_URI="http://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="proxy account container object test +memcached" +REQUIRED_USE="|| ( proxy account container object )" + +DEPEND=" + dev-python/setuptools[${PYTHON_USEDEP}] + >=dev-python/pbr-0.8.0[${PYTHON_USEDEP}] + <dev-python/pbr-1.0[${PYTHON_USEDEP}] + test? ( + ${RDEPEND} + >=dev-python/hacking-0.8.0[${PYTHON_USEDEP}] + <dev-python/hacking-0.9[${PYTHON_USEDEP}] + dev-python/coverage[${PYTHON_USEDEP}] + dev-python/nose[${PYTHON_USEDEP}] + dev-python/nosexcover[${PYTHON_USEDEP}] + dev-python/openstack-nose-plugin[${PYTHON_USEDEP}] + dev-python/nosehtmloutput[${PYTHON_USEDEP}] + >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] + <dev-python/sphinx-1.2[${PYTHON_USEDEP}] + dev-python/oslo-sphinx[${PYTHON_USEDEP}] + >=dev-python/mock-1.0[${PYTHON_USEDEP}] + dev-python/python-swiftclient[${PYTHON_USEDEP}] + )" + +RDEPEND=" + >=dev-python/dnspython-1.9.4[${PYTHON_USEDEP}] + >=dev-python/eventlet-0.9.15[${PYTHON_USEDEP}] + >=dev-python/greenlet-0.3.1[${PYTHON_USEDEP}] + >=dev-python/netifaces-0.5[${PYTHON_USEDEP}] + !~dev-python/netifaces-0.10.0[${PYTHON_USEDEP}] + !~dev-python/netifaces-0.10.1[${PYTHON_USEDEP}] + >=dev-python/pastedeploy-1.3.3[${PYTHON_USEDEP}] + >=dev-python/simplejson-2.0.9[${PYTHON_USEDEP}] + dev-python/pyxattr[${PYTHON_USEDEP}] + memcached? ( net-misc/memcached ) + net-misc/rsync[xattr]" + +CONFIG_CHECK="~EXT3_FS_XATTR ~SQUASHFS_XATTR ~CIFS_XATTR ~JFFS2_FS_XATTR +~TMPFS_XATTR ~UBIFS_FS_XATTR ~EXT2_FS_XATTR ~REISERFS_FS_XATTR ~EXT4_FS_XATTR +~ZFS" + +PATCHES=( +"${FILESDIR}/cve-2015-1856-master-kilo.patch" +) + +pkg_setup() { + enewuser swift + enewgroup swift +} + +src_prepare() { + sed -i 's/xattr/pyxattr/g' "${S}/swift.egg-info/requires.txt" + sed -i 's/xattr/pyxattr/g' "${S}/requirements.txt" + distutils-r1_python_prepare_all +} + +src_test () { + # https://bugs.launchpad.net/swift/+bug/1249727 + find . \( -name test_wsgi.py -o -name test_locale.py -o -name test_utils.py \) -delete || die + SKIP_PIP_INSTALL=1 PBR_VERSION=0.6.0 sh .unittests || die +} + +python_install() { + distutils-r1_python_install + keepdir /etc/swift + insinto /etc/swift + + newins "etc/swift.conf-sample" "swift.conf" + newins "etc/rsyncd.conf-sample" "rsyncd.conf" + newins "etc/mime.types-sample" "mime.types-sample" + newins "etc/memcache.conf-sample" "memcache.conf-sample" + newins "etc/drive-audit.conf-sample" "drive-audit.conf-sample" + newins "etc/dispersion.conf-sample" "dispersion.conf-sample" + + if use proxy; then + newinitd "${FILESDIR}/swift-proxy.initd" "swift-proxy" + newins "etc/proxy-server.conf-sample" "proxy-server.conf" + if use memcached; then + sed -i '/depend/a\ + need memcached' "${D}/etc/init.d/swift-proxy" + fi + fi + if use account; then + newinitd "${FILESDIR}/swift-account.initd" "swift-account" + newins "etc/account-server.conf-sample" "account-server.conf" + fi + if use container; then + newinitd "${FILESDIR}/swift-container.initd" "swift-container" + newins "etc/container-server.conf-sample" "container-server.conf" + fi + if use object; then + newinitd "${FILESDIR}/swift-object.initd" "swift-object" + newins "etc/object-server.conf-sample" "object-server.conf" + newins "etc/object-expirer.conf-sample" "object-expirer.conf" + fi + + fowners swift:swift "/etc/swift" || die "fowners failed" +} + +pkg_postinst() { + elog "Openstack swift will default to using insecure http unless a" + elog "certificate is created in /etc/swift/cert.crt and the associated key" + elog "in /etc/swift/cert.key. These can be created with the following:" + elog " * cd /etc/swift" + elog " * openssl req -new -x509 -nodes -out cert.crt -keyout cert.key" +} diff --git a/sys-cluster/swift/swift-2.3.0.ebuild b/sys-cluster/swift/swift-2.3.0.ebuild new file mode 100644 index 000000000000..e076b94db141 --- /dev/null +++ b/sys-cluster/swift/swift-2.3.0.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit distutils-r1 eutils linux-info user + +DESCRIPTION="A highly available, distributed, and eventually consistent object/blob store" +HOMEPAGE="https://launchpad.net/swift" +SRC_URI="http://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="proxy account container object test +memcached" +REQUIRED_USE="|| ( proxy account container object )" + +DEPEND=" + dev-python/setuptools[${PYTHON_USEDEP}] + >=dev-python/pbr-0.8.0[${PYTHON_USEDEP}] + <dev-python/pbr-1.0[${PYTHON_USEDEP}] + test? ( + ${RDEPEND} + >=dev-python/hacking-0.8.0[${PYTHON_USEDEP}] + <dev-python/hacking-0.9[${PYTHON_USEDEP}] + dev-python/coverage[${PYTHON_USEDEP}] + dev-python/nose[${PYTHON_USEDEP}] + dev-python/nosexcover[${PYTHON_USEDEP}] + dev-python/openstack-nose-plugin[${PYTHON_USEDEP}] + dev-python/nosehtmloutput[${PYTHON_USEDEP}] + dev-python/oslo-sphinx[${PYTHON_USEDEP}] + >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] + <dev-python/sphinx-1.2[${PYTHON_USEDEP}] + >=dev-python/mock-1.0[${PYTHON_USEDEP}] + dev-python/python-swiftclient[${PYTHON_USEDEP}] + )" + +RDEPEND=" + >=dev-python/dnspython-1.9.4[${PYTHON_USEDEP}] + >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}] + !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}] + >=dev-python/greenlet-0.3.1[${PYTHON_USEDEP}] + >=dev-python/netifaces-0.5[${PYTHON_USEDEP}] + !~dev-python/netifaces-0.10.0[${PYTHON_USEDEP}] + !~dev-python/netifaces-0.10.1[${PYTHON_USEDEP}] + >=dev-python/pastedeploy-1.3.3[${PYTHON_USEDEP}] + >=dev-python/simplejson-2.0.9[${PYTHON_USEDEP}] + dev-python/pyxattr[${PYTHON_USEDEP}] + >=dev-python/PyECLib-1.0.7[${PYTHON_USEDEP}] + memcached? ( net-misc/memcached ) + net-misc/rsync[xattr]" + +CONFIG_CHECK="~EXT3_FS_XATTR ~SQUASHFS_XATTR ~CIFS_XATTR ~JFFS2_FS_XATTR +~TMPFS_XATTR ~UBIFS_FS_XATTR ~EXT2_FS_XATTR ~REISERFS_FS_XATTR ~EXT4_FS_XATTR +~ZFS" + +PATCHES=( +) + +pkg_setup() { + enewuser swift + enewgroup swift +} + +src_prepare() { + sed -i 's/xattr/pyxattr/g' "${S}/swift.egg-info/requires.txt" + sed -i 's/xattr/pyxattr/g' "${S}/requirements.txt" + distutils-r1_python_prepare_all +} + +src_test () { + # https://bugs.launchpad.net/swift/+bug/1249727 + find . \( -name test_wsgi.py -o -name test_locale.py -o -name test_utils.py \) -delete || die + SKIP_PIP_INSTALL=1 PBR_VERSION=0.6.0 sh .unittests || die +} + +python_install() { + distutils-r1_python_install + keepdir /etc/swift + insinto /etc/swift + + newins "etc/swift.conf-sample" "swift.conf" + newins "etc/rsyncd.conf-sample" "rsyncd.conf" + newins "etc/mime.types-sample" "mime.types-sample" + newins "etc/memcache.conf-sample" "memcache.conf-sample" + newins "etc/drive-audit.conf-sample" "drive-audit.conf-sample" + newins "etc/dispersion.conf-sample" "dispersion.conf-sample" + + if use proxy; then + newinitd "${FILESDIR}/swift-proxy.initd" "swift-proxy" + newins "etc/proxy-server.conf-sample" "proxy-server.conf" + if use memcached; then + sed -i '/depend/a\ + need memcached' "${D}/etc/init.d/swift-proxy" + fi + fi + if use account; then + newinitd "${FILESDIR}/swift-account.initd" "swift-account" + newins "etc/account-server.conf-sample" "account-server.conf" + fi + if use container; then + newinitd "${FILESDIR}/swift-container.initd" "swift-container" + newins "etc/container-server.conf-sample" "container-server.conf" + fi + if use object; then + newinitd "${FILESDIR}/swift-object.initd" "swift-object" + newins "etc/object-server.conf-sample" "object-server.conf" + newins "etc/object-expirer.conf-sample" "object-expirer.conf" + fi + + fowners swift:swift "/etc/swift" || die "fowners failed" +} + +pkg_postinst() { + elog "Openstack swift will default to using insecure http unless a" + elog "certificate is created in /etc/swift/cert.crt and the associated key" + elog "in /etc/swift/cert.key. These can be created with the following:" + elog " * cd /etc/swift" + elog " * openssl req -new -x509 -nodes -out cert.crt -keyout cert.key" +} |