fixes for bug 494144

Package-Manager: portage-2.2.7/cvs/Linux x86_64 Manifest-Sign-Key: 0x2471EB3E40AC5AC3
author: Matt Thode <prometheanfire@gentoo.org> 2013-12-13 17:31:45 +0000
committer: Matt Thode <prometheanfire@gentoo.org> 2013-12-13 17:31:45 +0000
commit: e39618792a8bf07a1b3b9b9aabade7b59ac9c24d (patch)
tree: 651a0ee96f3920154fde444344aed58df4e2b0f3 /sys-auth/keystone
parent: Stable on amd64 and x86, wrt bug #491892 (diff)
download: historical-e39618792a8bf07a1b3b9b9aabade7b59ac9c24d.tar.gz
historical-e39618792a8bf07a1b3b9b9aabade7b59ac9c24d.tar.bz2
historical-e39618792a8bf07a1b3b9b9aabade7b59ac9c24d.zip
13 files changed, 189 insertions, 771 deletions
diff --git a/sys-auth/keystone/ChangeLog b/sys-auth/keystone/ChangeLog
index 440df584e3f7..e3bf365b2837 100644
--- a/sys-auth/keystone/ChangeLog
+++ b/sys-auth/keystone/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for sys-auth/keystone
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.49 2013/12/13 16:53:02 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.50 2013/12/13 17:31:29 prometheanfire Exp $
+
+  13 Dec 2013; Matthew Thode <prometheanfire@gentoo.org>
+  +files/keystone.initd.havana, -files/2012.2.4-upstream-1181157.patch,
+  -files/keystone-cve-2013-4294-grizzly.patch,
+  -files/keystone-folsom-4-CVE-2013-1977.patch,
+  -files/keystone-folsom-4-CVE-2013-2030.patch,
+  -files/keystone-folsom-4-CVE-2013-2059.patch,
+  -files/keystone-folsom-4-CVE-2013-2104.patch,
+  -files/keystone-folsom-4-CVE-2013-2157.patch, -keystone-2013.2-r1.ebuild,
+  keystone-2013.2-r2.ebuild, keystone-2013.2.9999.ebuild:
+  fixes for bug 494144
 
 *keystone-2013.2-r2 (13 Dec 2013)
 
diff --git a/sys-auth/keystone/Manifest b/sys-auth/keystone/Manifest
index e63aeca456f3..0000ac4624a4 100644
--- a/sys-auth/keystone/Manifest
+++ b/sys-auth/keystone/Manifest
@@ -2,45 +2,38 @@
 Hash: SHA256
 
 AUX 2012.2.4-CVE-2013-4222.patch 4815 SHA256 3a5018cf7788fb0498ac50cb022d4ecf7803fa8e311b8c48114495fcc9604a9a SHA512 cc6d8bd63d183ca49c21c4d5dc0fa08ff87a77695dadc444306a45abb3e060e2814c303f6ba3c004adb33b8981f4c1f4c17e11ea4c241f626106d870ca952246 WHIRLPOOL b0e411aba193bbc5c5a45441c1a52680ddd006426f3aa2030840131b905d8c87beb880ad77b1a612c3a7c77853583c7de642b47533876ff709b01fe93ee80a18
-AUX 2012.2.4-upstream-1181157.patch 1336 SHA256 355c3e49e2c0ea0924bfb7eaf2d6a82120d2eb0f31fc4863ef6bf1b9791c94d4 SHA512 b90d41bcd9b60886af2f37de3cbc33c3583eef65b9ed4a92e2b55e8701f883f3662b8f5e00a4c65d869914b8c9718364b8024604197a5f6cc5403508e3fb8827 WHIRLPOOL 0454536a2c9ed28c6b164c9f64af6c472f8d22b38a509d27d4d0d22a238737f4d51ed17f416c04c7fe3b43790741e0914b09e0435c6dbc8e34c7c1debf75eb19
 AUX 2013.1.4-CVE-2013-4477.patch 3344 SHA256 6b4ff925ec1451eefb869ed85911f23fd90220f9394c482ee133feddd10eae32 SHA512 8a8a610603f05a27b2986637f9822389ef61e92c02d1837f13f30e56ce90de3733a2f8c5517179bbd3d1e4b0c69e8307262bbfba3fbd088b526c3c909d9d0a11 WHIRLPOOL 3e11c0ccd401ffedfc9549255e2843f3a9e0807bd37bb292adbe6e6a0beb736465ca126aff2022ea5d19fab59836aa51106d26d5e998b870a61cc42cd2378537
 AUX 2013.2-CVE-2013-4477.patch 3157 SHA256 c18b629cb0fabf89a51ad751cf5ddc64863938cd84ce31438de9b3623a56f7d6 SHA512 a681a02847d5da041303fcdb96414930f78e47cb677fb40f271dbf048f5e9e77126a5517f53e190a264b8865bc664e1f06383d604058e507b9fb674a3703a885 WHIRLPOOL 67f50bb07e549413528ce98a77cd7aea83466e41fd07d21437f88bba3117d03df8b46700951388548f296031b53ccd0d928167b9f079c090c0f9390e00e04975
 AUX cve-2013-6391_2013.2.patch 6944 SHA256 6f6c759ace5b4051ce0736f3852e083fd762e472ab7bea422ab32cb840024bec SHA512 4efb882a12c646626838539e5d0951aa9da7addfbeb68372a31607b296dd5cc12455cb42348967aca4f99f2ad9911644c433b9e7b282a93e8d1505e3bc0894e3 WHIRLPOOL f0f699bbb4c5e4977ed27435c620d5a9c3f8551bc8ab402e94f59d74012486fe979aa12677c7ef5338ef0c11c3d4f76102e3802b5071b8d1aaac23f926dd65ca
 AUX keystone-cve-2013-4294-folsom.patch 5662 SHA256 69b07e87cf021b21168fe40fedd2dabd492991e0b4192f86fad378e24ef0429c SHA512 502cca91cfd71bd43f1a0dd0ada718cc9020071e41b13abd7310de175a794453bdb529e1ffb641e60e199fef9a2226aa44395f32eb3b0af8dc0b56dbf739b307 WHIRLPOOL 58f95de485b6351f78a680a65531bee8bcc2d725329aefa21116443a8a5ad6759a32d0ff39aa97a5226fa32fdcf0ac689bab1e7730207677334d1559f8c8d790
-AUX keystone-cve-2013-4294-grizzly.patch 5704 SHA256 86a7f54c72675d5041b648dff4f607e7e20659dbdd56084aec4424e3e552e419 SHA512 b58bb75fa4bbfcc09b3a02ee407c05b031dce54976b949e140894f43b5691048ee62921496e132f0ac1d0c47e9a7a75b5ac238fa84f870289563abcda2e72d28 WHIRLPOOL 775365acc88a7486dd8ede7b999fb4811cca493a1487a9177b9af0ca8d0093aa2cc45e9ba6583b4b069671f3c44402269ae63875ca057d76e707e970d0a175e0
-AUX keystone-folsom-4-CVE-2013-1977.patch 1114 SHA256 af81df239364cab3f94b14636359a19e6c8474f8282d2c174e3e75208fa508c6 SHA512 e9139487cdf6185d0405fd034a48c451c15ab568ebb6d4e58c2c50160ef8dc6b926a31fd0b31c646ecfccf68f2b667d9577bbe6e169ef28f8abfc06ae9031210 WHIRLPOOL c2ed7858f514f3d4a45303b0a307eb259c3c53373160ad35afcb7012ca63f9360d152f4869745579b678d990ed6f929ef050b1c68683bac656123a0aea394ec0
-AUX keystone-folsom-4-CVE-2013-2030.patch 2318 SHA256 fd824a4000da663568f26dbcfa6de031911ebdca1dea2c0958b3d5398d4d9ba6 SHA512 6b00a6d9062dd418299f9f02891fbfaa86f8f69db394ccfff31367555d1d7dbad1cf0d5a8647b61addeaabd2107b9f75cdc1986df8186de5c428f33533abffab WHIRLPOOL 842c4adb14c4a4501ea84c0082c0f28295027e27fee9957eafea6db9397a26c4955eb355b955d625bf5df818c1178af2267270aedec93bc47da8f17b59eaeca2
-AUX keystone-folsom-4-CVE-2013-2059.patch 2340 SHA256 9c3a1d953abd719c55c77fd13295c0aa5caf730a4656f3a111a1bfc1d92a282c SHA512 c6f50ed21c95c7be256f0a15ef804eaf16f32fec038be53742ce85b9a303f4c613728c95af606aafd779009f298a68517668594a590fa40258dbbb6646c3fbed WHIRLPOOL 723b4d0e5573a2e7473e4613fcfc717d1e0d90ff18a7559baa7fe0a21c6c5fcb84648afcb227ea9231ed87738e0c17cf79153287d2d6b14a65974a67e78dbd2f
-AUX keystone-folsom-4-CVE-2013-2104.patch 12123 SHA256 28893546fa4d9df031285f892be629a475d0464e0c8a9e0a9ab77df7ef8d7fba SHA512 8116ee1227af98a7fd640ea2f16fab9f9a41af24d71d2d82031804dc19fc3aae4d26cc20233d7304a42423fa6b06e69766d19e11ba6fb8adeadc8ffa83f8ae34 WHIRLPOOL 5448626f6ac17eb7512d43683badbf12f1ca1de2b8ab706a786cb17db22b5f9da48d099d1ed33c429ac715621e64707b4d453ccaaf5a83b9408dba43bf51a021
-AUX keystone-folsom-4-CVE-2013-2157.patch 3068 SHA256 fe1cbdef818977610b8f6fa9bf9b2c11a4aab854d1b3da963d9f6d5624e707e0 SHA512 4cebd7f28ebc606fc35a65921d00ff7b989e092371cd3ccaeee2f48d5a6278fea45eee01ee92daba1d75125733ab1a5997d844c5ee0c01fa4b4aa6d317f8e516 WHIRLPOOL 3563405e1f958da3ac1d5f1e06627f49f5740893852f1d826a2f2013f698f25107062bf6d8e89b0243b33fff6e1f1718d2090dc3d9d7a46195bc9ad53ed09dc2
 AUX keystone-grizzly-2-CVE-2013-2157.patch 3371 SHA256 7f4e10e1c559dc8f3ece1a42115f17dc069d86140b4e4ecd6309eae5b787d341 SHA512 a9245c718548da6cd60b29e7cf6c0bd61b18a94cead8200b74d657342b5ef68ad4b4a0e1104121eb32359f960f96ad3840fec285a1d72b26b9729845ae4a8ac7 WHIRLPOOL a8494a2d6f4b5151780e6bcd1a21c409ca8921a4907aca529b72473745fd895c75dfcf926889a1a00f6d3d7446d849e44ce88c25dcfbdd74fdf96421ff78f1eb
 AUX keystone.confd 107 SHA256 b26daf41539aff7f69aff9f8416b8b503282f10e61752f5221f01e132001d623 SHA512 9209798fba236bbf1850e20ee085fe3ba08a3f5c6927f99a2207afe27020e74f7a185e5029bdc79bbcc2a2530f694e815018b0137b2887f1c69a501c122b14e2 WHIRLPOOL 5ea1fe2f04d4ca48479d7c075842686afd2f4bffba18fff35f984575ce1bd8ffc9c34e55a5fc03ddff14066e1042806c84fc734ad6689d5e5b965d891222de83
 AUX keystone.initd 1259 SHA256 cc96eb421fc4c0c04d391507a713aa5b4f426815404317d24a63e37338fca22c SHA512 093746f1f182a4348018c104a69e8e15e181f23c6fdf6eb0d330d364fbcc0ea9816762fc313efafe0128bfb772214072a3ac50b717f8b938373f044ba1b8dbd7 WHIRLPOOL 5792137774bfa78659691188a4751b65da697693dafcc5ce7f84141326b3c8eb4a27534c47868748774461e7ca37f77d3973fecc96346051b8ec6a0fb9d89317
+AUX keystone.initd.havana 1286 SHA256 0218d7abf00fe62cde4bfc1fdcdec9cd0784dad4c75cf7c34e1a90beece88f20 SHA512 1052b2bb3bedcd2b24ea7fc0cd28a09284419867339745fd94e5d13addbf33c88f1c1146e427f307383912d5624e3b86e8deb6c5747f1c10d59ba8fe1c3ed6ca WHIRLPOOL 093a488f6ae3e98914a43fa79ad833659e17940f950ed12ad57e46c699f0e70f1226bd69ca5595cba7293191ee410e473e8dc9be098cb48d5ddea88f3f7a7466
 AUX no_admin_token_auth-paste.ini 2646 SHA256 f98d9151f222d2143820bdc98727ce0cf3f4450a4dbdc54f1fb6e36bb63bf2df SHA512 c855dd2bb05e765c6594359f55b76f7f6e0649c8e8f4517b274c7432f136e51c408168ec24e0074f4ebc49eb641d658acfda205aef97fe68fe8fc016be4cb08d WHIRLPOOL faad0f98d0684cf206e2f2afb5fba6c6aab73f97bcf63e38038be49a2ae1303e8cb5434d8fab34492888c666462dcd751c678c04cd0039d9024fd42ddde30646
 DIST keystone-2013.1.4.tar.gz 799682 SHA256 3673f5d7c1c19fca7529934308e2d9a6efa55bf7d100d20de1aa85e431d259b2 SHA512 7b1d9d9ae0fc6b1cadef8eb0d85f6a71fcfab754f8908076d38b14c14c3eb46d2d3c6266ec7482a60d7ae8cf54d54ba604c4d903dde65ec1243f862423060c14 WHIRLPOOL dea8adbb504ee9e3cda416f6e5a12cb0e606b88db7c0fe9b83fb8487e6f18e313e7d53041fcdaab408ae4201e355b72324cf35585b113c8769f51daf1c3f4ea4
 DIST keystone-2013.2.tar.gz 1404658 SHA256 f0e037cc6e40cb8a703755eee52bcabb1c61d80e94d8d6ffaef5378cbe256b05 SHA512 4faa49c0e93a4a2285ed22e80e6bc4ef0faeeb1026c2ca22aeb9f17e5d458efd7d08d3b84c570850edefff3801fb96ade5d78f0b2f3cb999f8f07fbe22e68ca1 WHIRLPOOL 73a3e4d150b9894668d28648031f1ea3baf0986d9727a2c9edd96ca46571a171ebc0e689e2bbc62cac1ad28cc25edb14d57d9546a050d2d2450a321c6d5c7d69
 EBUILD keystone-2013.1.4-r1.ebuild 3153 SHA256 0a1ef5d65647f17dc70700d058d20cffc1379ca39f2a43d816ba9e260f9e686d SHA512 7b8288d4f205d2cd201ef6135aa1da527220d2b72896d24e0a99804091978adf88ca4a6a4d22f00acd3b199ffde73aa9ea259c253a582ccdfe0869c64a9151a9 WHIRLPOOL 94da411739945062ec72bb58cb78e718b673b7363e7999bd4be88f476aeedc9d0e66ab87fa6d8a116382c4e3bc8471defb5f7db4d389036bea56a78df2207839
 EBUILD keystone-2013.1.9999.ebuild 3101 SHA256 58a93657711e2bd7fdd7a54f4e641ee87ad29f39211fea04a4bdbcd18fda8807 SHA512 d2ab9ab6aad68f468eb2606a7a439d77f39ea85d9f2e69eb6308439a6824e76845b52ba6eb4df19205635b730a0233998ed3c9a75f28d1c20eb11018f56b22df WHIRLPOOL 5bdadbaca00e25e8b8f595fa23a10bdce18c764d9f960f7ba5bc45d791bfc4567eeee7d65c51e25a6119cb4505316b18f1de8b65d5f4f22bcae3d1b181bd6715
-EBUILD keystone-2013.2-r1.ebuild 3644 SHA256 902eab8466b9b61db4364db6f9bc6849adce29983d585124fcb72dfa342228a5 SHA512 56426ec02672aaf2dc219c17b8d0986485df0b794c1f96c67fc5e383090bec2b8e3ff5cf615054292107df8d970d055300ef0ca0ba560656e89d003628e030fe WHIRLPOOL 9f1d43c76f02cc5bb2253c4c51fc088cfbdcaeec73ddc9d02430fb77295664cc81e1549e2feb02590f20946658c623f842305edc88ca64fe92c3fa81ac081ecd
-EBUILD keystone-2013.2-r2.ebuild 3693 SHA256 4b3d696ecbe3016940d10780faf02cef30609d4caa14051b8ce687279715981e SHA512 34bb256230169d7d7c659d22a4ba0a68732820322c86e1918dd1f72681d7cf37dc35f1c4f96e6d462cee39e61a1c627fba71af5e6fb367f6c934fe14bb7c55e0 WHIRLPOOL 51e655e36316e874c35762fb682bbbd0c56c30c92a55afad2a2162576766b292e1a37223202813726700076747d0f882641bda64d6169bd31ca76d7d97419251
-EBUILD keystone-2013.2.9999.ebuild 3369 SHA256 66f1d8652cfc233c6ce6fcfa00737a35587178df8934e657666c76d4d7e7d625 SHA512 656541a968a7b1dbbb5240784dd9a60a5b53c57a387d72727232ffc087be4d3a2e268e5ee91ac27958dd9bfadfaff04a31a4949125b5425bdd12c474f4dfc459 WHIRLPOOL b8cbb7aca3464f8344376ba2d7529e4a2ef26c60b0545d26394b2f9d08c56e1462ac59a9f591fd51fba24add4327e945fa1b41459979d666be5ea057ea0318c4
+EBUILD keystone-2013.2-r2.ebuild 4556 SHA256 8e14b109ac4c0006393116200b603079dbcb80b6d9069f22bb4c339ec0670f8b SHA512 badc300a84a0e4440bd97b78f9134f8faeacbe4cbc0269bc521dda38be90172dfbb5d75d27d07cb8b5999d34128aa2e20765649bbf0876c0e4e16bc06610fec4 WHIRLPOOL 6c9d65e2e90a1222e3d5f8621064956444731c204bf2f9a935934d91f82de5d12a80a6b2a80806f641c39f7376f153a4d04e3b8f27c90a7b85299f77695a8026
+EBUILD keystone-2013.2.9999.ebuild 4578 SHA256 2c99fbd1b22554ffcf072ba2424004f09e3c180be8d6cc16dccb17c4acc84ab2 SHA512 851f68217e40f0d114959505da8436737ef030f7a1398b7cdf9860e11745f5a9383018b4ebaec32359c356127e7cb82f72dd88e89f2fb6cfc93ff4789ecba06d WHIRLPOOL ea09beff2cf49b8484e08643d0cc4e5d682eaff4d2cacf1c926d5811c620d7ff0015e8203fedfe439023eb35939ea34974b100a5d6c8ecbe03c0c512df60165a
 EBUILD keystone-9999.ebuild 3057 SHA256 935d2e365eed7feb2e33d644c6e3c9cd2987286bdba757a62e0295213b521245 SHA512 dcbb6315d118186b2e41ca83957aa11d72c2f264f96d6d7e82df6097a3c54388440ed4b4e38ca340b10c5f56a7f4a5385995a52e7cafe665512408144963a3bc WHIRLPOOL d5809a8a54d41d01b0ca93ba24407a65375ac34a93242d2278b4d056eb4f916442b6f7d54f193c5a907d0b957a7c17c237e83abb7d24210f11d57f3e6c73616b
-MISC ChangeLog 10577 SHA256 ed50fb41324443d729bec1d6d7bab24fd0f4c937ee8c5aaf74db17135fd8f637 SHA512 ae6a79dbaa574b04419ad93503b1103d9a2343ee6a0ef1de7d785a135a1e3b2ea888cdd0d1368904bf6242764cf907d6ec8e557802391268548df513580a1e74 WHIRLPOOL db62869f1f1a6c016d83e9222043ac25a05b125a10ccd2c51d718b0210ec3e8142073b8ebdd0b81c0ebe91c8e2a8718c8dc64e72596c2310da74e204bf5edc5b
+MISC ChangeLog 11103 SHA256 af46b3f9508f582592627d29119bf3a79ed9286b7b4a0b768199293fdfe83563 SHA512 3f4545da1b5c7024794f8b9d6debf3cc5a1fc9490db76e2b1c758b37d15e468990e5ac93e80db045a37fb359e6ac30be40c453d3f0f94f0eb8fa9b35d2cec751 WHIRLPOOL 559ea3c8149850f5af0da453a99bc967a02fa2504ebb1c4d0e837c032e683bf0d7dcf5cf6a7d931941db00c79a80dccb81434bef4134517f3e27e4bca195e5f4
 MISC metadata.xml 424 SHA256 c89c0232e90df5d811d17941c1594e4c4c45db48c2b6240a3c62b232caad4e84 SHA512 9d7fcca89a6f35a93f1a57790103249cdc25424cbdb374bf26b691e81b27182dc3380a8ff67b77e7aabf4ce944e4a813d619838d4bc97086b4208e5312d76f11 WHIRLPOOL 4ec9d4c5ff5c484c341b06fe77fcac8e6fdd0e0b651dbd58b6f2d5aecd05db5bf70218b94733eb749ced7436f9df5ba5c93496bae06c0ff9a62b91ecb53ab77a
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJSqzt3AAoJECRx6z5ArFrDChwQAJ/Oeqi3xZcmlKxPh+RsBENx
-UjOinvxIYznTFeAUKArZSta6FbjJUCD6IdlfuksqGu3kgCz0hhUe+ksVJAWsJjUO
-mmDDECJJdMeNVyIn4MI/Z84h1pp2eiHK3RRkuTU/Up5RGqK+uliUX/HPjutjgqN+
-NA8oSRkeFANFVdRnugpIPUd4Cwc+Poa3weVDkLu/7P/grFyBBNGtBCCY8JkaGZnP
-1GRHXeWM61ujoKReKIhdyW7XxJmeFWzCQCBg9LoTqZ1c/zCkjId9KVRgJpUc9LED
-TjmaOo25txMy/29P570R9HRriHD3m9P/kSbCDFFarx56v7gLfxfSF8ESDjgKUBEx
-86bj8/JKnh37bfiRdsVbL0HAKNl9L9qFPNNkjazqiWYx87JpLvs0hMpo7QX0aL2c
-sJTBAN8MOCMrrx9iMjRRSXVNiCpZtTJbpDuV6NVLcBzVLjCbLAu2zAUr+xD+uV6J
-/LTzOIU4GmYdapqc29HyPhlph1G6mu6R6acLukmUVMUK6+FNKbFwUoUzLbpB0oyo
-AIKcG6nVryhOT9OLsY1AeK4GNvXRgy8D86jp07UngqvfTy169yAcbiWviXZkypHO
-emA5dGSKI0egwpNgl3WXpOGdHtCDWzJYLTd5jeIYgKEHeho72bpSnj6bYK6K0it3
-FWOMgoXfxdAFBTDKVPva
-=8SNa
+iQIcBAEBCAAGBQJSq0SCAAoJECRx6z5ArFrDP1UP/RPANKbFUDWw7LAe4snZ8usg
+vk1wqarcgJaUdcWaZVgfjSaVIjZO82gAScLkhdv9VOmHNaQusGy8KV9mvTJ91DbY
+D5pGsB134DC4441SN3Nqz0x2ecpf69PpLE6XaVZlPk/i/0hdfUJdTrnQ0KQczNLv
+qy0lFxAkJ9X8ymUTnxOmS/g4huUDQa13lRKwSmzNYhW79JNiEqd8VlcYvL3tcRE0
+DfnoC8h+Zl+rq+jDG43tTP8HKdEAFKQBwmkcPipuSryQc2XI2L+y5lJYKMYlQwHQ
+79Q77wErz6LSiLIHQK3dDYAzeJ71fjysoZ1wG8MUP1bbNBFLIYbsYr8h6GJREOGc
+i+0reRrX6lu1xm288E1r9KmPJVBqOr1oqdbA+7KhXjoP0e3SwEEdvYHHx7V9QmJl
+eAOAxxA4Zew1klpKlwjwQ42NWcIynXEr8PPBeyJKJ3lI37b/DXr17L2SZ3QYz+mI
+OZBhUnPB4RxZ32n4ygfogBYu1fUA80DshiO1RSvY4oAhcKF/PudHUd18MInUpSV4
+9OGd9O0gmJ3r5ntoUdk/D7ZzZILbsgmeSnG+9Mp1KJJU1Nd8FpwN1qHDx+k8dpd1
+BgSPF6eCltfk1p/LObCkk15PFAbE4HMDEuiOx6kjrfcLsfxoo4cwhnnEO9VmKCoS
+tMfVPHwJou/2amZMzfjt
+=StG+
 -----END PGP SIGNATURE-----
diff --git a/sys-auth/keystone/files/2012.2.4-upstream-1181157.patch b/sys-auth/keystone/files/2012.2.4-upstream-1181157.patch
deleted file mode 100644
index f01643d083c5..000000000000
--- a/sys-auth/keystone/files/2012.2.4-upstream-1181157.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From edbd3ad9158f96fdc7ed621d7c72cd2e71fa5101 Mon Sep 17 00:00:00 2001
-From: Dolph Mathews <dolph.mathews@gmail.com>
-Date: Tue, 28 May 2013 08:09:49 -0500
-Subject: [PATCH] Default signing_dir to secure temp dir (bug 1181157)
-
-Change-Id: I1a29f50b07a60de3d0519bf40074dbea92fa8656
----
- keystone/middleware/auth_token.py | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
-index 01e6c58..b1a4d48 100644
---- a/keystone/middleware/auth_token.py
-+++ b/keystone/middleware/auth_token.py
-@@ -99,6 +99,7 @@ import json
- import logging
- import os
- import stat
-+import tempfile
- import time
- import webob
- import webob.exc
-@@ -213,10 +214,10 @@ class AuthProtocol(object):
-         self.cert_file = self._conf_get('certfile')
-         self.key_file = self._conf_get('keyfile')
- 
--        #signing
-+        # signing
-         self.signing_dirname = self._conf_get('signing_dir')
-         if self.signing_dirname is None:
--            self.signing_dirname = '%s/keystone-signing' % os.environ['HOME']
-+            self.signing_dirname = tempfile.mkdtemp(prefix='keystone-signing-')
-         LOG.info('Using %s as cache directory for signing certificate' %
-                  self.signing_dirname)
-         if os.path.exists(self.signing_dirname):
--- 
-1.8.1.5
diff --git a/sys-auth/keystone/files/keystone-cve-2013-4294-grizzly.patch b/sys-auth/keystone/files/keystone-cve-2013-4294-grizzly.patch
deleted file mode 100644
index d789ea38443c..000000000000
--- a/sys-auth/keystone/files/keystone-cve-2013-4294-grizzly.patch
+++ /dev/null
@@ -1,139 +0,0 @@
-From a20dcd159f9bf98e5605a3d13d4ba8de9aa1533e Mon Sep 17 00:00:00 2001
-From: Morgan Fainberg <m@metacloud.com>
-Date: Fri, 23 Aug 2013 14:53:26 -0700
-Subject: [PATCH] Fix and test token revocation list API
-
-Change-Id: I6c60bf2aecc7c9353e837e59a4e09860d049e0f5
----
- keystone/token/backends/kvs.py      |  2 +-
- keystone/token/backends/memcache.py | 12 ++++++----
- tests/test_backend.py               | 47 +++++++++++++++++++++++++++++++------
- 3 files changed, 48 insertions(+), 13 deletions(-)
-
-diff --git a/keystone/token/backends/kvs.py b/keystone/token/backends/kvs.py
-index 49f15ad..1935b41 100644
---- a/keystone/token/backends/kvs.py
-+++ b/keystone/token/backends/kvs.py
-@@ -111,7 +111,7 @@ class Token(kvs.Base, token.Driver):
-             if not token.startswith('revoked-token-'):
-                 continue
-             record = {}
--            record['id'] = token_ref['id']
-+            record['id'] = token[len('revoked-token-'):]
-             record['expires'] = token_ref['expires']
-             tokens.append(record)
-         return tokens
-diff --git a/keystone/token/backends/memcache.py b/keystone/token/backends/memcache.py
-index a62f342..c2c9b51 100644
---- a/keystone/token/backends/memcache.py
-+++ b/keystone/token/backends/memcache.py
-@@ -84,8 +84,9 @@ class Token(token.Driver):
-                         raise exception.UnexpectedError(msg)
-         return copy.deepcopy(data_copy)
- 
--    def _add_to_revocation_list(self, data):
--        data_json = jsonutils.dumps(data)
-+    def _add_to_revocation_list(self, token_id, token_data):
-+        data_json = jsonutils.dumps({'id': token_id,
-+                                     'expires': token_data['expires']})
-         if not self.client.append(self.revocation_key, ',%s' % data_json):
-             if not self.client.add(self.revocation_key, data_json):
-                 if not self.client.append(self.revocation_key,
-@@ -95,10 +96,11 @@ class Token(token.Driver):
- 
-     def delete_token(self, token_id):
-         # Test for existence
--        data = self.get_token(token.unique_id(token_id))
--        ptk = self._prefix_token_id(token.unique_id(token_id))
-+        token_id = token.unique_id(token_id)
-+        data = self.get_token(token_id)
-+        ptk = self._prefix_token_id(token_id)
-         result = self.client.delete(ptk)
--        self._add_to_revocation_list(data)
-+        self._add_to_revocation_list(token_id, data)
-         return result
- 
-     def list_tokens(self, user_id, tenant_id=None, trust_id=None):
-diff --git a/tests/test_backend.py b/tests/test_backend.py
-index 85ac7cf..d4c2e6c 100644
---- a/tests/test_backend.py
-+++ b/tests/test_backend.py
-@@ -14,10 +14,11 @@
- # License for the specific language governing permissions and limitations
- # under the License.
- 
-+import copy
- import datetime
- import default_fixtures
-+import hashlib
- import uuid
--import nose.exc
- 
- from keystone.catalog import core
- from keystone import config
-@@ -2065,17 +2066,19 @@ class TokenTests(object):
-                 'trust_id': None,
-                 'user': {'id': 'testuserid'}}
-         data_ref = self.token_api.create_token(token_id, data)
--        expires = data_ref.pop('expires')
--        data_ref.pop('user_id')
-+        data_ref_copy = copy.deepcopy(data_ref)
-+        expires = data_ref_copy.pop('expires')
-+        data_ref_copy.pop('user_id')
-         self.assertTrue(isinstance(expires, datetime.datetime))
--        self.assertDictEqual(data_ref, data)
-+        self.assertDictEqual(data_ref_copy, data)
- 
-         new_data_ref = self.token_api.get_token(token_id)
--        expires = new_data_ref.pop('expires')
--        new_data_ref.pop('user_id')
-+        new_data_ref_copy = copy.deepcopy(new_data_ref)
-+        expires = new_data_ref_copy.pop('expires')
-+        new_data_ref_copy.pop('user_id')
- 
-         self.assertTrue(isinstance(expires, datetime.datetime))
--        self.assertEquals(new_data_ref, data)
-+        self.assertEquals(new_data_ref_copy, data)
- 
-         self.token_api.delete_token(token_id)
-         self.assertRaises(exception.TokenNotFound,
-@@ -2248,6 +2251,36 @@ class TokenTests(object):
-         self.check_list_revoked_tokens([self.delete_token()
-                                         for x in xrange(2)])
- 
-+    def test_predictable_revoked_pki_token_id(self):
-+        # NOTE(dolph): _create_token_id() includes 'MII' as a prefix of the
-+        #               returned token str in master, but not in grizzly.
-+        #               revising _create_token_id() in grizzly to include the
-+        #               previx breaks several other tests here
-+        token_id = 'MII' + self._create_token_id()
-+        token_id_hash = hashlib.md5(token_id).hexdigest()
-+        token = {'user': {'id': uuid.uuid4().hex}}
-+
-+        self.token_api.create_token(token_id, token)
-+        self.token_api.delete_token(token_id)
-+
-+        revoked_ids = [x['id'] for x in self.token_api.list_revoked_tokens()]
-+        self.assertIn(token_id_hash, revoked_ids)
-+        self.assertNotIn(token_id, revoked_ids)
-+        for t in self.token_api.list_revoked_tokens():
-+            self.assertIn('expires', t)
-+
-+    def test_predictable_revoked_uuid_token_id(self):
-+        token_id = uuid.uuid4().hex
-+        token = {'user': {'id': uuid.uuid4().hex}}
-+
-+        self.token_api.create_token(token_id, token)
-+        self.token_api.delete_token(token_id)
-+
-+        revoked_ids = [x['id'] for x in self.token_api.list_revoked_tokens()]
-+        self.assertIn(token_id, revoked_ids)
-+        for t in self.token_api.list_revoked_tokens():
-+            self.assertIn('expires', t)
-+
- 
- class TrustTests(object):
-     def create_sample_trust(self, new_id):
--- 
-1.8.2.1 (Apple Git-45)
-
diff --git a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-1977.patch b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-1977.patch
deleted file mode 100644
index 91084fc23fb3..000000000000
--- a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-1977.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -Naur keystone-2012.2.4/keystone/config.py keystone-2012.2.4.new/keystone/config.py
---- keystone-2012.2.4/keystone/config.py	2013-04-11 15:02:19.000000000 -0400
-+++ keystone-2012.2.4.new/keystone/config.py	2013-05-17 11:26:57.557918817 -0400
-@@ -110,7 +110,7 @@
-     group = kw.pop('group', None)
-     return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group)
- 
--register_str('admin_token', default='ADMIN')
-+register_str('admin_token', secret=True, default='ADMIN')
- register_str('bind_host', default='0.0.0.0')
- register_str('compute_port', default=8774)
- register_str('admin_port', default=35357)
-@@ -162,7 +162,7 @@
- #ldap
- register_str('url', group='ldap', default='ldap://localhost')
- register_str('user', group='ldap', default='dc=Manager,dc=example,dc=com')
--register_str('password', group='ldap', default='freeipa4all')
-+register_str('password', group='ldap', secret=True, default='freeipa4all')
- register_str('suffix', group='ldap', default='cn=example,cn=com')
- register_bool('use_dumb_member', group='ldap', default=False)
- register_str('user_name_attribute', group='ldap', default='sn')
diff --git a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2030.patch b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2030.patch
deleted file mode 100644
index 616143be18c9..000000000000
--- a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2030.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 24c25b38ed6fc95ed919ab34463cdb10bdcc57fd Mon Sep 17 00:00:00 2001
-From: Dolph Mathews <dolph.mathews@gmail.com>
-Date: Wed, 8 May 2013 10:49:20 -0500
-Subject: [PATCH] Securely create signing_dir (bug 1174608)
-
-Also verifies the security of an existing signing_dir.
-
-Change-Id: I0685b4274a94ad3974a2b2a7ab3f45830d3934bb
-(cherry picked from python-keystoneclient 1736e2ffb12f70eeebed019448bc14def48aa036)
----
- keystone/middleware/auth_token.py | 23 ++++++++++++++---------
- 1 file changed, 14 insertions(+), 9 deletions(-)
-
-diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
-index ddadf9f..01e6c58 100644
---- a/keystone/middleware/auth_token.py
-+++ b/keystone/middleware/auth_token.py
-@@ -219,15 +219,20 @@ class AuthProtocol(object):
-             self.signing_dirname = '%s/keystone-signing' % os.environ['HOME']
-         LOG.info('Using %s as cache directory for signing certificate' %
-                  self.signing_dirname)
--        if (os.path.exists(self.signing_dirname) and
--                not os.access(self.signing_dirname, os.W_OK)):
--                raise ConfigurationError("unable to access signing dir %s" %
--                                         self.signing_dirname)
--
--        if not os.path.exists(self.signing_dirname):
--            os.makedirs(self.signing_dirname)
--        #will throw IOError  if it cannot change permissions
--        os.chmod(self.signing_dirname, stat.S_IRWXU)
-+        if os.path.exists(self.signing_dirname):
-+            if not os.access(self.signing_dirname, os.W_OK):
-+                raise ConfigurationError(
-+                    'unable to access signing_dir %s' % self.signing_dirname)
-+            if os.stat(self.signing_dirname).st_uid != os.getuid():
-+                LOG.warning(
-+                    'signing_dir is not owned by %s' % os.getlogin())
-+            current_mode = stat.S_IMODE(os.stat(self.signing_dirname).st_mode)
-+            if current_mode != stat.S_IRWXU:
-+                LOG.warning(
-+                    'signing_dir mode is %s instead of %s' %
-+                    (oct(current_mode), oct(stat.S_IRWXU)))
-+        else:
-+            os.makedirs(self.signing_dirname, stat.S_IRWXU)
- 
-         val = '%s/signing_cert.pem' % self.signing_dirname
-         self.signing_cert_file_name = val
--- 
-1.8.1.5
-
diff --git a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2059.patch b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2059.patch
deleted file mode 100644
index 3943f26cf976..000000000000
--- a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2059.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-diff --git a/keystone/identity/core.py b/keystone/identity/core.py
-index e029743..e6f63aa 100644
---- a/keystone/identity/core.py
-+++ b/keystone/identity/core.py
-@@ -508,6 +508,14 @@ class UserController(wsgi.Application):
-     def delete_user(self, context, user_id):
-         self.assert_admin(context)
-         self.identity_api.delete_user(context, user_id)
-+        try:
-+            for token_id in self.token_api.list_tokens(context, user_id):
-+                self.token_api.delete_token(context, token_id)
-+        except exception.NotImplemented:
-+            # The users status has been changed but tokens remain valid for
-+            # backends that can't list tokens for users
-+            LOG.warning('User %s status has changed, but existing tokens '
-+                        'remain valid' % user_id)
- 
-     def set_user_enabled(self, context, user_id, user):
-         return self.update_user(context, user_id, user)
-diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py
-index a45e27b..e65c7ef 100644
---- a/tests/test_keystoneclient.py
-+++ b/tests/test_keystoneclient.py
-@@ -385,6 +385,30 @@ class KeystoneClientTests(object):
-                           self.get_client,
-                           self.user_foo)
- 
-+    def test_delete_user_invalidates_token(self):
-+        from keystoneclient import exceptions as client_exceptions
-+
-+        admin_client = self.get_client(admin=True)
-+        client = self.get_client(admin=False)
-+
-+        username = uuid.uuid4().hex
-+        password = uuid.uuid4().hex
-+        user_id = admin_client.users.create(
-+            name=username, password=password, email=uuid.uuid4().hex).id
-+
-+        token_id = client.tokens.authenticate(
-+            username=username, password=password).id
-+
-+        # token should be usable before the user is deleted
-+        client.tokens.authenticate(token=token_id)
-+
-+        admin_client.users.delete(user=user_id)
-+
-+        # authenticate with a token should not work after the user is deleted
-+        self.assertRaises(client_exceptions.Unauthorized,
-+                          client.tokens.authenticate,
-+                          token=token_id)
-+
-     def test_token_expiry_maintained(self):
-         foo_client = self.get_client(self.user_foo)
-         orig_token = foo_client.service_catalog.catalog['token']
diff --git a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch
deleted file mode 100644
index ef760abb037c..000000000000
--- a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch
+++ /dev/null
@@ -1,225 +0,0 @@
-From 8d23da1302dde9d38bbc227d9aba30da919b60c8 Mon Sep 17 00:00:00 2001
-From: Adam Young <ayoung@redhat.com>
-Date: Mon, 13 May 2013 16:07:51 -0400
-Subject: [PATCH] Check token Expiration
-
-Backport for Folsom.
-
-Bug 1179615
-
-Change-Id: I8516d87ffc72cf35d3bff6fc21cb5324da4ad2bb
----
- keystone/middleware/auth_token.py            | 30 +++++++++++++--------
- tests/signing/Makefile                       |  2 +-
- tests/signing/auth_token_revoked.pem         | 10 +++----
- tests/signing/auth_token_scoped_expired.json |  1 +
- tests/signing/auth_token_scoped_expired.pem  | 40 ++++++++++++++++++++++++++++
- tests/test_auth_token_middleware.py          | 10 +++++++
- 6 files changed, 76 insertions(+), 17 deletions(-)
- create mode 100644 tests/signing/auth_token_scoped_expired.json
- create mode 100644 tests/signing/auth_token_scoped_expired.pem
-
-diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
-index 01e6c58..b1a574b 100644
---- a/keystone/middleware/auth_token.py
-+++ b/keystone/middleware/auth_token.py
-@@ -95,6 +95,7 @@ HTTP_X_ROLE
- 
- import datetime
- import httplib
-+import iso8601
- import json
- import logging
- import os
-@@ -259,13 +260,12 @@ class AuthProtocol(object):
-         self._token_revocation_list_fetched_time = None
-         self.token_revocation_list_cache_timeout = \
-             datetime.timedelta(seconds=0)
-+        self._iso8601 = iso8601
-         if memcache_servers:
-             try:
-                 import memcache
--                import iso8601
-                 LOG.info('Using memcache for caching token')
-                 self._cache = memcache.Client(memcache_servers.split(','))
--                self._iso8601 = iso8601
-             except ImportError as e:
-                 LOG.warn('disabled caching due to missing libraries %s', e)
- 
-@@ -512,7 +512,8 @@ class AuthProtocol(object):
-                 data = json.loads(verified)
-             else:
-                 data = self.verify_uuid_token(user_token, retry)
--            self._cache_put(token_id, data)
-+            expires = self._confirm_token_not_expired(data)
-+            self._cache_put(token_id, data, expires)
-             return data
-         except Exception as e:
-             LOG.debug('Token validation failure.', exc_info=True)
-@@ -642,7 +643,19 @@ class AuthProtocol(object):
-                 else:
-                     LOG.debug('Cached Token %s seems expired', token)
- 
--    def _cache_put(self, token, data):
-+    def _confirm_token_not_expired(self, data):
-+        if 'token' in data.get('access', {}):
-+            timestamp = data['access']['token']['expires']
-+            expires = self._iso8601.parse_date(timestamp).strftime('%s')
-+        else:
-+            LOG.error('invalid token format')
-+            raise InvalidUserToken('Token authorization failed')
-+        if time.time() >= float(expires):
-+            self.LOG.debug('Token expired a %s', timestamp)
-+            raise InvalidUserToken('Token authorization failed')
-+        return expires
-+
-+    def _cache_put(self, token, data, expires):
-         """Put token data into the cache.
- 
-         Stores the parsed expire date in cache allowing
-@@ -650,12 +663,6 @@ class AuthProtocol(object):
-         """
-         if self._cache and data:
-             key = 'tokens/%s' % token
--            if 'token' in data.get('access', {}):
--                timestamp = data['access']['token']['expires']
--                expires = self._iso8601.parse_date(timestamp).strftime('%s')
--            else:
--                LOG.error('invalid token format')
--                return
-             LOG.debug('Storing %s token in memcache', token)
-             self._cache.set(key,
-                             (data, expires),
-@@ -693,7 +700,8 @@ class AuthProtocol(object):
-                                             additional_headers=headers)
- 
-         if response.status == 200:
--            self._cache_put(user_token, data)
-+            expires = self._confirm_token_not_expired(data)
-+            self._cache_put(user_token, data, expires)
-             return data
-         if response.status == 404:
-             # FIXME(ja): I'm assuming the 404 status means that user_token is
-diff --git a/tests/signing/Makefile b/tests/signing/Makefile
-index b56c000..27f5ff8 100644
---- a/tests/signing/Makefile
-+++ b/tests/signing/Makefile
-@@ -19,7 +19,7 @@
- 
- .SUFFIXES:  .json .pem
- 
--SOURCES=auth_token_unscoped.json auth_token_scoped.json revocation_list.json
-+SOURCES=auth_token_unscoped.json auth_token_scoped.json auth_token_scoped.json auth_token_scoped_expired.json revocation_list.json
- SIGNED=$(SOURCES:.json=.pem)
- TARGETS=$(SIGNED)
- 
-diff --git a/tests/signing/auth_token_revoked.pem b/tests/signing/auth_token_revoked.pem
-index 186c080..27cef18 100644
---- a/tests/signing/auth_token_revoked.pem
-+++ b/tests/signing/auth_token_revoked.pem
-@@ -24,7 +24,7 @@ MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy
- bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV
- UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf
- bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u
--ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi
-+ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjExMi0wNi0wMlQxNDo0NzozNFoi
- LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1
- ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg
- ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJyZXZv
-@@ -33,8 +33,8 @@ LCAiaWQiOiAicmV2b2tlZF91c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAi
- cm9sZTEifSwgeyJuYW1lIjogInJvbGUyIn1dLCAibmFtZSI6ICJyZXZva2VkX3Vz
- ZXJuYW1lMSJ9fX0NCjGB9zCB9AIBATBUME8xFTATBgNVBAoTDFJlZCBIYXQsIElu
- YzERMA8GA1UEBxMIV2VzdGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxCzAJ
--BgNVBAYTAlVTAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAXstA+yZ5N/cS
--+i7Mmlhi585cckvwSVAGj9huPTpqBItpbO44+U3yUojEwcghomtpygI/wzUa8Z40
--UW/L3nGlATlOG833zhGvLKrp76GIitYMgk1e0OEmzGXeAWLnQZFev8ooMPs9rwYW
--MgEdAfDMWWqX+Tb7exdboLpRUiCQx1c=
-+BgNVBAYTAlVTAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAdnQ5zU60aOc+
-+TGK+5ESmYbOllqe7QGkcB2fWzuiIY4/9l53X0m3ThYNzxeloJ0NgETLWoHO24xIi
-+YoCUtAGP8BQI0D21Amg4Nb3jBxiwObzdONytEpAYOXxMq8pDMgboi8eU0esch1jJ
-+r+9/uR3R/xksWkPtPsl+qnt/KpUsL+A=
- -----END CMS-----
-diff --git a/tests/signing/auth_token_scoped_expired.json b/tests/signing/auth_token_scoped_expired.json
-new file mode 100644
-index 0000000..d36d8cf
---- /dev/null
-+++ b/tests/signing/auth_token_scoped_expired.json
-@@ -0,0 +1 @@
-+{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2010-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "user_name1", "roles_links": ["role1","role2"], "id": "user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "user_name1"}}}
-diff --git a/tests/signing/auth_token_scoped_expired.pem b/tests/signing/auth_token_scoped_expired.pem
-new file mode 100644
-index 0000000..8116b11
---- /dev/null
-+++ b/tests/signing/auth_token_scoped_expired.pem
-@@ -0,0 +1,40 @@
-+-----BEGIN CMS-----
-+MIIG9QYJKoZIhvcNAQcCoIIG5jCCBuICAQExCTAHBgUrDgMCGjCCBc4GCSqGSIb3
-+DQEHAaCCBb8EggW7eyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k
-+cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx
-+LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy
-+ZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2
-+L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInB1YmxpY1VS
-+TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh
-+NjBmY2Y4OWJiNjYxN2EifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUi
-+OiAidm9sdW1lIiwgIm5hbWUiOiAidm9sdW1lIn0sIHsiZW5kcG9pbnRzIjogW3si
-+YWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwgInJlZ2lvbiI6
-+ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5
-+MjkyL3YxIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi
-+fV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFt
-+ZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRw
-+Oi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5
-+YmI2NjE3YSIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjog
-+Imh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYw
-+ZmNmODliYjY2MTdhIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3
-+NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSJ9XSwgImVu
-+ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAi
-+bm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcu
-+MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy
-+bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV
-+UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf
-+bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u
-+ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMC0wNi0wMlQxNDo0NzozNFoi
-+LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1
-+ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg
-+ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy
-+X25hbWUxIiwgInJvbGVzX2xpbmtzIjogWyJyb2xlMSIsInJvbGUyIl0sICJpZCI6
-+ICJ1c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAicm9sZTEifSwgeyJuYW1l
-+IjogInJvbGUyIn1dLCAibmFtZSI6ICJ1c2VyX25hbWUxIn19fQ0KMYH/MIH8AgEB
-+MFwwVzELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVVuc2V0MQ4wDAYDVQQHEwVVbnNl
-+dDEOMAwGA1UEChMFVW5zZXQxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbQIBATAH
-+BgUrDgMCGjANBgkqhkiG9w0BAQEFAASBgJP+wKRwFaPY8xXAolDd6gmlID41yuAw
-+nd+IKeD54Ack0NI9h/M0Iv2LzTo0l84VbMOijmq++kbtdnDJ2pn4VAoNk7dQcTTy
-+lz2c78Xnu0NXvq7gsPRF4zDtIpjHbUXJ3ZRPHs342suG7Tb4nvQAbxYMJQHSN10k
-+W6w+gEeN7t7V
-+-----END CMS-----
-diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py
-index e6893ee..dfe424f 100644
---- a/tests/test_auth_token_middleware.py
-+++ b/tests/test_auth_token_middleware.py
-@@ -154,6 +154,9 @@ def setUpModule(self):
-     signing_path = os.path.join(os.path.dirname(__file__), 'signing')
-     with open(os.path.join(signing_path, 'auth_token_scoped.pem')) as f:
-         self.SIGNED_TOKEN_SCOPED = cms.cms_to_token(f.read())
-+    with open(os.path.join(signing_path,
-+                           'auth_token_scoped_expired.pem')) as f:
-+        self.SIGNED_TOKEN_SCOPED_EXPIRED = cms.cms_to_token(f.read())
-     with open(os.path.join(signing_path, 'auth_token_unscoped.pem')) as f:
-         self.SIGNED_TOKEN_UNSCOPED = cms.cms_to_token(f.read())
-     with open(os.path.join(signing_path, 'auth_token_revoked.pem')) as f:
-@@ -612,6 +615,13 @@ class AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest):
-         self.middleware(req.environ, self.start_fake_response)
-         self.assertEqual(self.middleware._cache.set_value, None)
- 
-+    def test_expired(self):
-+        req = webob.Request.blank('/')
-+        token = SIGNED_TOKEN_SCOPED_EXPIRED
-+        req.headers['X-Auth-Token'] = token
-+        self.middleware(req.environ, self.start_fake_response)
-+        self.assertEqual(self.response_status, 401)
-+
-     def test_memcache_set_invalid(self):
-         req = webob.Request.blank('/')
-         req.headers['X-Auth-Token'] = 'invalid-token'
--- 
-1.8.1.2
-
diff --git a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2157.patch b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2157.patch
deleted file mode 100644
index e2a172b5dafb..000000000000
--- a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2157.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 953fd4a2ac43ffcdf7edb4a35e0ca6a1c573092d Mon Sep 17 00:00:00 2001
-From: Jose Castro Leon <jose.castro.leon@cern.ch>
-Date: Thu, 6 Jun 2013 10:57:09 -0500
-Subject: [PATCH] Force simple Bind for authentication
-
-The authentication code was using a common code path with
-other LDAP code that got an LDAP connection.  If the system
-was configured to do Anonymous binding, users could by pass
-the authentication check.
-
-This patch forces the authentication code to do a simple_bind.
-
-Change-Id: Id0c19f09d615446927db1ba074561b129329b5c8
----
- keystone/identity/backends/ldap/core.py | 14 ++------------
- tests/test_backend_ldap.py              | 16 ++++++++++++++++
- 2 files changed, 18 insertions(+), 12 deletions(-)
-
-diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py
-index 03d3ab6..e5bfcf6 100644
---- a/keystone/identity/backends/ldap/core.py
-+++ b/keystone/identity/backends/ldap/core.py
-@@ -58,18 +58,6 @@ class Identity(identity.Driver):
-         self.tenant = TenantApi(CONF)
-         self.role = RoleApi(CONF)
- 
--    def get_connection(self, user=None, password=None):
--        if self.LDAP_URL.startswith('fake://'):
--            conn = fakeldap.FakeLdap(self.LDAP_URL)
--        else:
--            conn = common_ldap.LdapWrapper(self.LDAP_URL)
--        if user is None:
--            user = self.LDAP_USER
--        if password is None:
--            password = self.LDAP_PASSWORD
--        conn.simple_bind_s(user, password)
--        return conn
--
-     # Identity interface
-     def authenticate(self, user_id=None, tenant_id=None, password=None):
-         """Authenticate based on a user, tenant and password.
-@@ -85,6 +73,8 @@ class Identity(identity.Driver):
-         except exception.UserNotFound:
-             raise AssertionError('Invalid user / password')
- 
-+        if not user_id or not password:
-+            raise AssertionError('Invalid user / password')
-         try:
-             conn = self.user.get_connection(self.user._id_to_dn(user_id),
-                                             password)
-diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py
-index 5f0137c..88e48c5 100644
---- a/tests/test_backend_ldap.py
-+++ b/tests/test_backend_ldap.py
-@@ -65,3 +65,19 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
-         user_api = identity_ldap.UserApi(CONF)
-         self.assertTrue(user_api)
-         self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix)
-+
-+    def test_authenticate_requires_simple_bind(self):
-+        user = {
-+            'id': uuid.uuid4().hex,
-+            'name': uuid.uuid4().hex,
-+            'password': uuid.uuid4().hex,
-+            'enabled': True,
-+        }
-+        self.identity_api.create_user(user['id'], user)
-+        self.identity_api.user.LDAP_USER = None
-+        self.identity_api.user.LDAP_PASSWORD = None
-+
-+        self.assertRaises(AssertionError,
-+                          self.identity_api.authenticate,
-+                          user_id=user['id'],
-+                          password=None)
--- 
-1.8.2.3
-
-
diff --git a/sys-auth/keystone/files/keystone.initd.havana b/sys-auth/keystone/files/keystone.initd.havana
new file mode 100644
index 000000000000..44be4b82f124
--- /dev/null
+++ b/sys-auth/keystone/files/keystone.initd.havana
@@ -0,0 +1,57 @@
+#!/sbin/runscript
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/files/keystone.initd.havana,v 1.1 2013/12/13 17:31:30 prometheanfire Exp $
+
+depend() {
+	need net
+}
+
+BASENAME=$(echo $SVCNAME | cut -d '-' -f 1)
+
+checkconfig() {
+	if [ ! -r /etc/conf.d/$BASENAME ]; then
+		eerror "No keystone service confd file found: /etc/conf.d/$BASENAME)"
+		return 1
+	fi
+	. /etc/conf.d/$BASENAME
+
+	if [ ! -r ${CONFIG_FILE} ]; then
+		eerror "No keystone config file found: ${CONFIG_FILE})"
+		return 1
+	fi
+
+	return 0
+}
+
+
+start() {
+	checkconfig || return $?
+	. /etc/conf.d/$BASENAME
+
+    if [ ! -d ${PID_PATH} ]; then
+        mkdir ${PID_PATH}
+    fi
+	
+	ebegin "Starting ${SVCNAME}"
+	
+	start-stop-daemon --start --quiet --user keystone \
+		--make-pidfile --pidfile "${PID_PATH}/${SVCNAME}.pid" --exec /usr/bin/${SVCNAME}-all --background -- --config-file=${CONFIG_FILE} --log-file=${LOG_FILE}
+	
+	eend $? "Failed to start ${SVCNAME}"
+}
+
+stop() {
+	checkconfig || return $?
+	. /etc/conf.d/$BASENAME
+	
+	ebegin "Stopping ${SVCNAME}"
+	
+	start-stop-daemon --stop --pidfile "${PID_PATH}/${SVCNAME}.pid" \
+					  --exec /usr/bin/${SVCNAME}-all
+	eend $? "Failed to stop ${SVCNAME}"
+}
+
+#restart() {
+#
+#}
diff --git a/sys-auth/keystone/keystone-2013.2-r1.ebuild b/sys-auth/keystone/keystone-2013.2-r1.ebuild
deleted file mode 100644
index 82683a775bd6..000000000000
--- a/sys-auth/keystone/keystone-2013.2-r1.ebuild
+++ /dev/null
@@ -1,106 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2-r1.ebuild,v 1.2 2013/11/28 04:51:37 idella4 Exp $
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1
-
-DESCRIPTION="Keystone is the Openstack authentication, authorization, and
-service catalog written in Python."
-HOMEPAGE="https://launchpad.net/keystone"
-SRC_URI="http://launchpad.net/${PN}/havana/${PV}/+download/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="grizzly"
-KEYWORDS="~amd64 ~x86"
-IUSE="+sqlite mysql postgres ldap test"
-REQUIRED_USE="|| ( mysql postgres sqlite )"
-
-#todo, seperate out rdepend via use flags
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
-	test? ( dev-python/Babel
-			dev-python/decorator
-			dev-python/eventlet
-			dev-python/greenlet
-			dev-python/httplib2
-			dev-python/iso8601
-			dev-python/lxml
-			dev-python/netifaces
-			dev-python/nose
-			dev-python/nosexcover
-			dev-python/passlib
-			dev-python/paste
-			dev-python/pastedeploy
-			dev-python/python-pam
-			dev-python/repoze-lru
-			dev-python/routes
-			dev-python/sphinx
-			>=dev-python/sqlalchemy-migrate-0.7
-			dev-python/tempita
-			>=dev-python/webob-1.0.8
-			dev-python/webtest
-			dev-python/python-memcached )
-	>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
-	<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
-RDEPEND=">=dev-python/python-pam-0.1.4[${PYTHON_USEDEP}]
-	>=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
-	<dev-python/webob-1.3[${PYTHON_USEDEP}]
-	>=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}]
-	>=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
-	dev-python/netaddr[${PYTHON_USEDEP}]
-	>=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}]
-	dev-python/paste[${PYTHON_USEDEP}]
-	>=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
-	sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
-	          <dev-python/sqlalchemy-0.7.99[sqlite,${PYTHON_USEDEP}] )
-	mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}]
-	         <dev-python/sqlalchemy-0.7.99[mysql,${PYTHON_USEDEP}] )
-	postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}]
-	            <dev-python/sqlalchemy-0.7.99[postgres,${PYTHON_USEDEP}] )
-	>=dev-python/sqlalchemy-migrate-0.7.2[${PYTHON_USEDEP}]
-	dev-python/passlib[${PYTHON_USEDEP}]
-	>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
-	>=dev-python/iso8601-0.1.4[${PYTHON_USEDEP}]
-	>=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}]
-	>=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}]
-	>=dev-python/Babel-0.9.6[${PYTHON_USEDEP}]
-	dev-python/oauth2[${PYTHON_USEDEP}]
-	>=dev-python/dogpile-cache-0.5.0[${PYTHON_USEDEP}]
-	dev-python/python-daemon[${PYTHON_USEDEP}]
-	virtual/python-argparse[${PYTHON_USEDEP}]
-	ldap? ( dev-python/python-ldap[${PYTHON_USEDEP}] )
-	>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
-	<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
-
-PATCHES=(
-	"${FILESDIR}/2013.2-CVE-2013-4477.patch"
-)
-
-python_prepare_all() {
-	mkdir ${PN}/tests/tmp || die
-	cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die
-	distutils-r1_python_prepare_all
-}
-
-python_test() {
-	# Ignore (naughty) test_.py files & 1 test that connect to the network
-	nosetests -I 'test_keystoneclient*' \
-		-e test_import || die "testsuite failed under python2.7"
-}
-
-python_install() {
-	distutils-r1_python_install
-	newconfd "${FILESDIR}/keystone.confd" keystone
-	newinitd "${FILESDIR}/keystone.initd" keystone
-
-	diropts -m 0750
-	dodir /var/run/keystone /var/log/keystone /etc/keystone
-	keepdir /etc/keystone
-	insinto /etc/keystone
-	doins etc/keystone.conf.sample etc/logging.conf.sample
-	doins etc/default_catalog.templates etc/policy.json
-	doins etc/policy.v3cloudsample.json etc/keystone-paste.ini
-}
diff --git a/sys-auth/keystone/keystone-2013.2-r2.ebuild b/sys-auth/keystone/keystone-2013.2-r2.ebuild
index e3de7b4a2775..71d256b4eefe 100644
--- a/sys-auth/keystone/keystone-2013.2-r2.ebuild
+++ b/sys-auth/keystone/keystone-2013.2-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2-r2.ebuild,v 1.1 2013/12/13 16:53:02 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2-r2.ebuild,v 1.2 2013/12/13 17:31:29 prometheanfire Exp $
 
 EAPI=5
 
@@ -80,6 +80,11 @@ PATCHES=(
 	"${FILESDIR}/cve-2013-6391_2013.2.patch"
 )
 
+pkg_setup() {
+	enewgroup keystone
+	enewuser keystone -1 -1 /var/lib/keystone keystone
+}
+
 python_prepare_all() {
 	mkdir ${PN}/tests/tmp || die
 	cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die
@@ -104,4 +109,26 @@ python_install() {
 	doins etc/keystone.conf.sample etc/logging.conf.sample
 	doins etc/default_catalog.templates etc/policy.json
 	doins etc/policy.v3cloudsample.json etc/keystone-paste.ini
+
+	fowners keystone:keystone /var/run/keystone /var/log/keystone /etc/keystone
+}
+
+pkg_postinst() {
+	elog "You might want to run:"
+	elog "emerge --config =${CATEGORY}/${PF}"
+	elog "if this is a new install."
+	elog "If you have not already configured your openssl installation"
+	elog "please do it by modifying /etc/ssl/openssl.cnf"
+	elog "BEFORE issuing the configuration command."
+	elog "Otherwise default values will be used."
+}
+
+pkg_config() {
+	if [ ! -d "${ROOT}"/etc/keystone/ssl ] ; then
+		einfo "Press ENTER to configure the keystone PKI, or Control-C to abort now..."
+		read
+		"${ROOT}"/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
+	else
+		einfo "keystone PKI certificates directory already present, skipping configuration"
+	fi
 }
diff --git a/sys-auth/keystone/keystone-2013.2.9999.ebuild b/sys-auth/keystone/keystone-2013.2.9999.ebuild
index a1633058d8f7..9895246e2c6b 100644
--- a/sys-auth/keystone/keystone-2013.2.9999.ebuild
+++ b/sys-auth/keystone/keystone-2013.2.9999.ebuild
@@ -1,32 +1,52 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2.9999.ebuild,v 1.4 2013/11/28 04:51:37 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2.9999.ebuild,v 1.5 2013/12/13 17:31:29 prometheanfire Exp $
 
 EAPI=5
-#test restricted becaues of bad requirements given (old webob for instance)
-RESTRICT="test"
+
 PYTHON_COMPAT=( python2_7 )
 
 inherit git-2 distutils-r1
 
-DESCRIPTION="The Openstack authentication, authorization, and service catalog written in Python."
+DESCRIPTION="Keystone is the Openstack authentication, authorization, and
+service catalog written in Python."
 HOMEPAGE="https://launchpad.net/keystone"
 EGIT_REPO_URI="https://github.com/openstack/keystone.git"
 EGIT_BRANCH="stable/havana"
 
 LICENSE="Apache-2.0"
 SLOT="grizzly"
-KEYWORDS=""
-IUSE="+sqlite mysql postgres ldap"
-#IUSE="+sqlite mysql postgres ldap test"
+KEYWORDS="~amd64 ~x86"
+IUSE="+sqlite mysql postgres ldap test"
 REQUIRED_USE="|| ( mysql postgres sqlite )"
 
 #todo, seperate out rdepend via use flags
 DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
+	test? ( dev-python/Babel
+			dev-python/decorator
+			dev-python/eventlet
+			dev-python/greenlet
+			dev-python/httplib2
+			dev-python/iso8601
+			dev-python/lxml
+			dev-python/netifaces
+			dev-python/nose
+			dev-python/nosexcover
+			dev-python/passlib
+			dev-python/paste
+			dev-python/pastedeploy
+			dev-python/python-pam
+			dev-python/repoze-lru
+			dev-python/routes
+			dev-python/sphinx
+			>=dev-python/sqlalchemy-migrate-0.7
+			dev-python/tempita
+			>=dev-python/webob-1.0.8
+			dev-python/webtest
+			dev-python/python-memcached )
 	>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
 	<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
-RDEPEND="${DEPEND}
-	>=dev-python/python-pam-0.1.4[${PYTHON_USEDEP}]
+RDEPEND=">=dev-python/python-pam-0.1.4[${PYTHON_USEDEP}]
 	>=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
 	<dev-python/webob-1.3[${PYTHON_USEDEP}]
 	>=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}]
@@ -52,33 +72,31 @@ RDEPEND="${DEPEND}
 	>=dev-python/dogpile-cache-0.5.0[${PYTHON_USEDEP}]
 	dev-python/python-daemon[${PYTHON_USEDEP}]
 	virtual/python-argparse[${PYTHON_USEDEP}]
-	ldap? ( dev-python/python-ldap[${PYTHON_USEDEP}] )"
-#	test? ( dev-python/Babel
-#			dev-python/decorator
-#			dev-python/eventlet
-#			dev-python/greenlet
-#			dev-python/httplib2
-#			dev-python/iso8601
-#			dev-python/lxml
-#			dev-python/netifaces
-#			dev-python/nose
-#			dev-python/nosexcover
-#			dev-python/passlib
-#			dev-python/paste
-#			dev-python/pastedeploy
-#			dev-python/python-pam
-#			dev-python/repoze-lru
-#			dev-python/routes
-#			dev-python/sphinx
-#			>=dev-python/sqlalchemy-migrate-0.7
-#			dev-python/tempita
-#			>=dev-python/webob-1.0.8
-#			dev-python/webtest
-#			)
+	ldap? ( dev-python/python-ldap[${PYTHON_USEDEP}] )
+	>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
+	<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
+
+PATCHES=(
+	"${FILESDIR}/2013.2-CVE-2013-4477.patch"
+	"${FILESDIR}/cve-2013-6391_2013.2.patch"
+)
+
+pkg_setup() {
+	enewgroup keystone
+	enewuser keystone -1 -1 /var/lib/keystone keystone
+}
+
+python_prepare_all() {
+	mkdir ${PN}/tests/tmp || die
+	cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die
+	distutils-r1_python_prepare_all
+}
 
-#PATCHES=(
-#	"${FILESDIR}/2013.1.3-CVE-2013-4222.patch"
-#)
+python_test() {
+	# Ignore (naughty) test_.py files & 1 test that connect to the network
+	nosetests -I 'test_keystoneclient*' \
+		-e test_import || die "testsuite failed under python2.7"
+}
 
 python_install() {
 	distutils-r1_python_install
@@ -92,4 +110,26 @@ python_install() {
 	doins etc/keystone.conf.sample etc/logging.conf.sample
 	doins etc/default_catalog.templates etc/policy.json
 	doins etc/policy.v3cloudsample.json etc/keystone-paste.ini
+
+	fowners keystone:keystone /var/run/keystone /var/log/keystone /etc/keystone
+}
+
+pkg_postinst() {
+	elog "You might want to run:"
+	elog "emerge --config =${CATEGORY}/${PF}"
+	elog "if this is a new install."
+	elog "If you have not already configured your openssl installation"
+	elog "please do it by modifying /etc/ssl/openssl.cnf"
+	elog "BEFORE issuing the configuration command."
+	elog "Otherwise default values will be used."
+}
+
+pkg_config() {
+	if [ ! -d "${ROOT}"/etc/keystone/ssl ] ; then
+		einfo "Press ENTER to configure the keystone PKI, or Control-C to abort now..."
+		read
+		"${ROOT}"/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
+	else
+		einfo "keystone PKI certificates directory already present, skipping configuration"
+	fi
 }
author	Matt Thode <prometheanfire@gentoo.org>	2013-12-13 17:31:45 +0000
committer	Matt Thode <prometheanfire@gentoo.org>	2013-12-13 17:31:45 +0000
commit	e39618792a8bf07a1b3b9b9aabade7b59ac9c24d (patch)
tree	651a0ee96f3920154fde444344aed58df4e2b0f3 /sys-auth/keystone
parent	Stable on amd64 and x86, wrt bug #491892 (diff)
download	historical-e39618792a8bf07a1b3b9b9aabade7b59ac9c24d.tar.gz historical-e39618792a8bf07a1b3b9b9aabade7b59ac9c24d.tar.bz2 historical-e39618792a8bf07a1b3b9b9aabade7b59ac9c24d.zip