package init

README.en.md

@@ -1,22 +1,20 @@
 # ovirt-vmconsole
 
 #### Description
-{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
 
-#### Software Architecture
-Software architecture description
+ovirt-vmconsole enables secure access to virtual machine serial console. It uses SSH protocol to tunnel the console from customer to destination host.
 
-#### Installation
+Two components are available:
 
-1.  xxxx
-2.  xxxx
-3.  xxxx
+* ovirt-vmconsole-host
 
-#### Instructions
+    ssh daemon implementation that runs on the host end enables trusted connections to access the consoles. Consoles are assumed to be unix domain sockets that are directly attached to qemu virtual serial.
 
-1.  xxxx
-2.  xxxx
-3.  xxxx
+* ovirt-vmconsole-proxy
+
+    ssh daemon implementation that runs on the end user accessible host, users access the proxy, based on their public key the authorized consoles are fetch from a manager, once selected a connection to the host is established.
+
+    The ovirt-vmconsole package cannot be used as-is, it requires customization to fetch users' authorized keys and users' authorized consoles.
 
 #### Contribution
 
@@ -24,13 +22,3 @@ Software architecture description
 2.  Create Feat_xxx branch
 3.  Commit your code
 4.  Create Pull Request
-
-
-#### Gitee Feature
-
-1.  You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
-2.  Gitee blog [blog.gitee.com](https://blog.gitee.com)
-3.  Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
-4.  The most valuable open source project [GVP](https://gitee.com/gvp)
-5.  The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
-6.  The most popular members  [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

README.md

@@ -1,39 +1,23 @@
 # ovirt-vmconsole
 
 #### 介绍
-{**以下是码云平台说明，您可以替换此简介**
-码云是 OSCHINA 推出的基于 Git 的代码托管平台（同时支持 SVN）。专为开发者提供稳定、高效、安全的云端软件开发协作平台
-无论是个人、团队、或是企业，都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
+ovirt-vmconsole支持安全访问虚拟机控制台。 它使用SSH协议将控制台从客户传送到目标主机。
 
-#### 软件架构
-软件架构说明
+它提供了两个组件：
 
+* ovirt-vmconsole-host
 
-#### 安装教程
+    在主机端运行的ssh守护程序实现可信任连接以访问控制台。 假定控制台为Unix域直接连接到qemu虚拟串行的套接字。
 
-1.  xxxx
-2.  xxxx
-3.  xxxx
+* ovirt-vmconsole-proxy
 
-#### 使用说明
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
+    在最终用户可访问的主机（用户）上运行的ssh守护程序实现，根据从管理器获取的授权控制台的公用密钥访问代理，选择与既定主机连接。
 
+    ovirt-vmconsole软件包不能直接使用，它需要自定义获取用户的授权密钥和用户的授权控制台。
+    
 #### 参与贡献
 
 1.  Fork 本仓库
 2.  新建 Feat_xxx 分支
 3.  提交代码
 4.  新建 Pull Request
-
-
-#### 码云特技
-
-1.  使用 Readme\_XXX.md 来支持不同的语言，例如 Readme\_en.md, Readme\_zh.md
-2.  码云官方博客 [blog.gitee.com](https://blog.gitee.com)
-3.  你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
-4.  [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目，是码云综合评定出的优秀开源项目
-5.  码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
-6.  码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

ovirt-vmconsole.spec

@@ -0,0 +1,259 @@
+%global package_version 1.0.7-2
+
+%global selinuxtype targeted
+%global moduletype contrib
+%global modulename ovirt_vmconsole
+
+%global default_python_ver %(%{__python} -c "from sys import version_info; print(version_info[0])")
+
+%if 0%{?default_python_ver} > 2
+%global with_python3 1
+%global __python %{__python3}
+%global with_python2 0
+%else
+%global with_python3 0
+%global with_python2 1
+%endif
+
+
+Summary:	oVirt VM console
+Name:		ovirt-vmconsole
+Version:	1.0.7
+Release:	2%{?release_suffix}%{?dist}
+License:	GPLv3
+URL:		http://www.ovirt.org
+Source:		http://resources.ovirt.org/pub/src/%{name}/%{name}-%{package_version}.tar.gz
+
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:	checkpolicy
+BuildRequires:	gettext
+BuildRequires:	openssh-clients
+BuildRequires:	openssh-server
+BuildRequires:	selinux-policy-devel
+BuildRequires:  selinux-policy
+BuildArch:	noarch
+%{?selinux_requires}
+
+%if 0%{?with_python2}
+BuildRequires:	python2-devel
+Requires:	python
+%endif
+%if 0%{?with_python3}
+BuildRequires:	python3-devel
+Requires:	python3
+%endif
+
+Requires(post):		libselinux-utils
+Requires(preun):	libselinux-utils
+Requires(postun):	libselinux-utils
+
+Requires(pre):		shadow-utils
+Requires(preun):	policycoreutils
+%if 0%{?with_python2}
+Requires(post):		policycoreutils-python
+Requires(postun):	policycoreutils-python
+%endif
+%if 0%{?with_python3}
+Requires(post):		policycoreutils-python3
+Requires(postun):	policycoreutils-python3
+%endif
+
+%description
+oVirt VM console proxy
+
+%package host
+Summary:	oVirt VM console host components
+
+Requires:	%{name} = %{version}-%{release}
+Requires:	openssh-server
+
+Requires(post):		libselinux-utils
+Requires(preun):	libselinux-utils
+
+%if 0%{?with_python2}
+Requires(post):		policycoreutils-python
+Requires(postun):	policycoreutils-python
+%endif
+%if 0%{?with_python3}
+Requires(post):		policycoreutils-python3
+Requires(postun):	policycoreutils-python3
+%endif
+
+BuildRequires:		systemd
+Requires(post):		systemd
+Requires(preun):	systemd
+Requires(postun):	systemd
+
+%description host
+oVirt VM console host components
+
+%package proxy
+Summary:	oVirt VM console proxy components
+
+Requires:	%{name} = %{version}-%{release}
+Requires:	openssh-clients
+
+Requires(post):		libselinux-utils
+Requires(preun):	libselinux-utils
+
+%if 0%{?with_python2}
+Requires(post):		policycoreutils-python
+Requires(postun):	policycoreutils-python
+%endif
+%if 0%{?with_python3}
+Requires(post):		policycoreutils-python3
+Requires(postun):	policycoreutils-python3
+%endif
+
+BuildRequires:		systemd
+Requires(post):		systemd
+Requires(preun):	systemd
+Requires(postun):	systemd
+
+%description proxy
+oVirt VM console proxy components
+
+%pre
+getent group %{name} >/dev/null || \
+	groupadd -r %{name}
+getent passwd %{name} >/dev/null || \
+	useradd \
+		-r \
+		-g %{name} \
+		-c "oVirt VM Console" \
+		-s /bin/sh \
+		-d %{_datadir}/%{name}/empty \
+		%{name}
+%selinux_relabel_pre -s %{selinuxtype}
+
+# [policy-priority]
+# keep priority (-P) consistent between install and uninstall to avoid silent failure for removal on %postun
+# 400 is just the old default, no reason to change it.
+%post
+%selinux_modules_install -s %{selinuxtype} -p 400 %{_datadir}/selinux/packages/ovirt-vmconsole/%{modulename}.pp
+
+# per https://fedoraproject.org/wiki/Packaging:Scriptlets#Syntax
+# this happens on uninstall - recommended by
+# https://fedoraproject.org/wiki/PackagingDrafts/SELinux_Independent_Policy#The_.25post_Section
+%postun
+if [ $1 -eq 0 ]; then
+    # see [policy-priority]
+    %selinux_modules_uninstall -s %{selinuxtype} -p 400 %{modulename}
+fi
+
+# [ordering]
+# see https://fedoraproject.org/wiki/Packaging:Scriptlets#Ordering
+%posttrans
+%selinux_relabel_post -s %{selinuxtype}
+
+# [ignore-errors]
+# see https://fedoraproject.org/wiki/PackagingDrafts/SELinux_Independent_Policy#Port_Labeling
+#
+# per https://fedoraproject.org/wiki/Packaging:Scriptlets#Syntax it seems that it is preferred
+# to hide and swallow non-zero exit codes in the scriptlets. Let it be.
+%post host
+if %{_sbindir}/selinuxenabled ; then
+	semanage port -a -t ovirt_vmconsole_host_port_t -p tcp 2223 &> /dev/null || :
+fi
+%systemd_post ovirt-vmconsole-host-sshd.service
+
+# see [ignore-errors]
+%postun host
+if %{_sbindir}/selinuxenabled ; then
+	semanage port -d -p tcp 2223 &> /dev/null || :
+fi
+%systemd_postun ovirt-vmconsole-host-sshd.service
+
+# see [ordering]
+%posttrans host
+%selinux_relabel_post -s %{selinuxtype}
+
+%preun host
+%systemd_preun ovirt-vmconsole-host-sshd.service
+
+# see [ignore-errors]
+%post proxy
+if %{_sbindir}/selinuxenabled ; then
+	semanage port -a -t ovirt_vmconsole_proxy_port_t -p tcp 2222 &> /dev/null || :
+fi
+%systemd_post ovirt-vmconsole-proxy-sshd.service
+
+# see [ignore-errors]
+%postun proxy
+if %{_sbindir}/selinuxenabled ; then
+	semanage port -d -p tcp 2222 &> /dev/null || :
+fi
+%systemd_postun ovirt-vmconsole-proxy-sshd.service
+
+# see [ordering]
+%posttrans proxy
+%selinux_relabel_post -s %{selinuxtype}
+
+%preun proxy
+%systemd_preun ovirt-vmconsole-proxy-sshd.service
+
+%prep
+%setup -q -n %{name}-%{package_version}
+
+%build
+%configure \
+	--with-local-version="%{name}-%{version}-%{release}" \
+	%{?conf}
+make %{?_smp_mflags}
+make -f /usr/share/selinux/devel/Makefile -C selinux-ovirt_vmconsole
+
+%install
+rm -rf "%{buildroot}"
+make %{?_smp_mflags} install DESTDIR="%{buildroot}"
+# install policy modules
+install -d %{buildroot}%{_datadir}/selinux/packages/ovirt-vmconsole
+install -m 0644 selinux-ovirt_vmconsole/%{modulename}.pp %{buildroot}%{_datadir}/selinux/packages/ovirt-vmconsole
+
+#
+# workaround rpmlint warnings
+#
+find "%{buildroot}" -name .keep -exec rm {} \;
+
+#
+# Register services
+#
+install -dm 755 "%{buildroot}%{_unitdir}"
+install -m 644 "src/ovirt-vmconsole-host/ovirt-vmconsole-host-sshd/ovirt-vmconsole-host-sshd.systemd" "%{buildroot}%{_unitdir}/ovirt-vmconsole-host-sshd.service"
+install -m 644 "src/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/ovirt-vmconsole-proxy-sshd.systemd" "%{buildroot}%{_unitdir}/ovirt-vmconsole-proxy-sshd.service"
+
+%files
+%dir %{_datadir}/%{name}
+%dir %{_sysconfdir}/%{name}
+%if 0%{?with_python2}
+%dir %{python_sitelib}/ovirt_vmconsole
+%{python_sitelib}/ovirt_vmconsole/__init__.py*
+%{python_sitelib}/ovirt_vmconsole/common/
+%endif
+%if 0%{?with_python3}
+%dir %{python3_sitelib}/ovirt_vmconsole
+%{python3_sitelib}/ovirt_vmconsole/__init__.py*
+%{python3_sitelib}/ovirt_vmconsole/common/
+%exclude %{python3_sitelib}/ovirt_vmconsole/__pycache__/*
+%endif
+%{_datadir}/selinux/packages/ovirt-vmconsole/%{modulename}.pp
+%{_docdir}/%{name}/
+%{_sysconfdir}/pki/%{name}/
+
+%files host
+%{_datadir}/%{name}/ovirt-vmconsole-host/
+%{_libexecdir}/ovirt-vmconsole-host-*
+%{_sysconfdir}/%{name}/ovirt-vmconsole-host/
+%{python_sitelib}/ovirt_vmconsole/ovirt_vmconsole_host_*/
+%{_unitdir}/ovirt-vmconsole-host-sshd.service
+
+%files proxy
+%{_datadir}/%{name}/ovirt-vmconsole-proxy/
+%{_libexecdir}/ovirt-vmconsole-proxy-*
+%{_sysconfdir}/%{name}/ovirt-vmconsole-proxy/
+%{python_sitelib}/ovirt_vmconsole/ovirt_vmconsole_proxy_*/
+%{_unitdir}/ovirt-vmconsole-proxy-sshd.service
+
+%changelog
+* Thu Mar 5 2020 di.wang <di.wang@cs2c.com.cn> - 1.0.7-2
+- Package Initialization