trocla 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5013d3c6ab75dc39bbbb5f7c8a77b19f7b5bed1c
-  data.tar.gz: bffc23e9979133c7303c7fde6b4b7a24fe367f8b
+SHA256:
+  metadata.gz: 18cb6a02ca556208840b6370287987e72fc18e01e199b7fe1b5b72c463a91ee4
+  data.tar.gz: d2f8068ab15baf1a5cbbfd3370543ff03ad2f2c1baf564ba43f824589920fcf6
 SHA512:
-  metadata.gz: 009e2b762c641a8f10be76d673a3860b98cd3dd91a27b77da5d0775c9312da26f454c1c54a039bc9011d25c6c77dd6813b87007e0a71dcab35839fb09d5a3457
-  data.tar.gz: e873f4ac50bebf1ab00eddb06b3c9cca0040783a46195391f7064cebba0b2c47648454cef391e20831c405ff6280d2354f249050eb5605452f8e1f3f5becbdc7
+  metadata.gz: a5829218248d2d9f7f4f3ddfc5bca4f35f8839871fd18074ede34f9281eae086a79c858987285da7839b5699961b417244fc5d86a696b355a8fd4c96d0145bf8
+  data.tar.gz: fc4c6e7ce2cf53009ee3db4f8791b820dca9c696223567fac1367cc3e80b8558a2b5d430f6a255d0f7e07403f9be06ee3e895310971303dc571be6a82d908404

data/.travis.yml

@@ -1,10 +1,6 @@
 language: ruby
 sudo: false
 rvm:
-  - jruby-18mode
-  - jruby-19mode
-  - 2.2.0
-  - 2.1.0
-  - 2.0.0
-  - 1.9.3
-  - 1.8.7
+  - jruby
+  - 2.7.0
+  - 3.0.0

data/CHANGELOG.md

@@ -0,0 +1,83 @@
+# Changelog
+
+## to 0.4.0
+
+* Add vault backend (#61) - Thank you [Steffy Fort](https://github.com/fe80)
+* Add sshkey format similar to the OpenSSL - Thank you [Raphaël Rondeau](https://github.com/rrondeau)
+* format/x509 allow to render 'publickeyonly' (#62) - Thank you [Thomas Weißschuh](https://github.com/t-8ch)
+* Add a method to search for keys and list all formats of a key (#49) - Thank you - [Steffy Fort](https://github.com/fe80)
+* Proper return code on cli (#57) - Thank you [Steffy Fort](https://github.com/fe80)
+* expand search path for sample config file to fix autopkgtest (#64) - Thank you  [anarcat](https://github.com/anarcat)
+* drop support for ruby < 2.7 & update dependencies
+* skip self-signed cert verification test on newer openssl version (#63)
+* Fix reseting passwords when using SSL encryption (#52)
+
+## to 0.3.0
+
+* Add open method to be able to immediately close a trocla store after using it - thanks martinpfeiffer
+* Add typesafe charset - thanks hggh
+* Support cost option for bcrypt
+* address concurrency corner cases, when 2 concurrent threads or even processes
+  are currently calculating the same (expensive) format.
+* parse additional options on cli (#39 & #46) - thanks fe80
+
+## to 0.2.3
+
+1. Add extended CA validity profiles
+1. Make it possible to define keyUsage
+
+## to 0.2.2
+
+1. Bugfix to render output correctly also on an already existing set
+1. Fix tests not working around midnight, due to timezone differences
+
+## to 0.2.1
+
+1. New Feature: Introduce a way to render specific formats, mainly this allows you to control the output of a specific format. See the x509 format for more information.
+
+## to 0.2.0
+
+1. New feature profiles: Introduce profiles to make it easy to have a default set of properties. See the profiles section for more information.
+1. New feature expiration: Make it possible that keys can have an expiration. See the expiration section for more information.
+1. Increase default password length to 16.
+1. Add a console safe password charset. It should provide a subset of chars that are easier to type on a physical keyboard.
+1. Fix a bug with encryptions while deleting all formats.
+1. Introduce pluggable stores, so in the future we are able to talk to different backends and not only moneta. For testing and inspiration a simple in memory storage backend was added.
+1. CHANGE: moneta's configuration for `adapter` & `adapter_options` now live under store_options in the configuration file. Till 0.3.0 old configuration entries will still be accepted.
+1. CHANGE: ssl_options is now known as encryption_options. Till 0.3.0 old configuration entries will still be accepted.
+1. Improve randomness when creating a serial number.
+1. Add a new charset: hexadecimal
+1. Add support for name constraints within the x509 format
+1. Clarify documentation of the set action, as well as introduce `--no-format` for the set action.
+
+## to 0.1.3
+
+1. CHANGE: Self signed certificates are no longer CAs by default, actually they have never been due to a bug. If you want that a certificate is also a CA, you *must* pass `become_ca: true` to the options hash. But this makes it actually possible, that you can even have certificate chains. Thanks for initial hint to [Adrien Bréfort](https://github.com/abrefort)
+1. Default keysize is now 4096
+1. SECURITY: Do not increment serial, rather choose a random one.
+1. Fixing setting of altnames, was not possible due to bug, till now.
+1. Add extended tests for the x509 format, that describe all the internal specialities and should give an idea how it can be used.
+1. Add cli option to list all formats
+
+## to 0.1.1
+
+1. fix storing data longer that public Keysize -11. Thanks [Timo Goebel](https://github.com/timogoebel)
+1. add a numeric only charset. Thanks [Jonas Genannt](https://github.com/hggh)
+1. fix reading key expire time. Thanks [asquelt](https://github.com/asquelt)
+
+## to 0.1.0
+
+1. Supporting encryption of the backends. Many thanks to Thomas Gelf
+1. Adding a windows safe password charset
+
+## to 0.0.12
+
+1. change from sha1 signature for the x509 format to sha2
+1. Fix an issue where shellsafe characters might have already been initialized with shell-unsafe characters. Plz review any shell-safe character passwords regarding this problem. See the [fix](https://github.com/duritong/trocla/pull/19) for more information. Thanks [asquelt](https://github.com/asquelt) for the fix.
+
+## to 0.0.8
+
+1. be sure to update as well the moneta gem, trocla now uses the official moneta releases and supports current avaiable versions.
+1. Options for moneta's backends have changed. For example, if you are using the yaml-backend you will likely need to change the adapter option `:path:` to `:file:` to match moneta's new API.
+1. **IMPORTANT:** If you are using the yaml backend you need to migrate the current data *before* using the new trocla version! You can migrate the datastore by using the following two sed commands: `sed -i 's/^\s\{3\}/ /' /PATH/TO/trocla_data.yaml` && `sed -i '/^\s\{2\}value\:/d' /PATH/TO/trocla_data.yaml`.
+1. **SECURITY:** Previous versions of trocla used quite a simple random generator. Especially in combination with the puppet `fqdn_rand` function, you likely have very predictable random passwords and I recommend you to regenerate all randomly generated passwords! Now!

data/Gemfile

@@ -3,30 +3,21 @@ source "http://rubygems.org"
 # Example:
 #   gem "activesupport", ">= 2.3.5"
 
-if RUBY_VERSION.to_f > 1.8
-  gem "moneta"
-  gem "highline"
-else
-  gem "moneta", "~> 0.7.20"
-  gem "highline", "~> 1.6.2"
-end
+gem "moneta", "~> 1.4.0"
+gem "highline", "~> 2.0.0"
 
 if defined?(RUBY_ENGINE) && (RUBY_ENGINE == 'jruby')
   gem 'jruby-openssl'
 end
 gem "bcrypt"
+gem "sshkey"
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
 group :development do
-  if RUBY_VERSION.to_f > 1.8
-    gem "rspec"
-    gem "rdoc"
-    gem "jeweler"
-  else
-    gem "rspec", "~> 2.4"
-    gem "rdoc", "~> 3.8"
-    gem "jeweler", "~> 1.6"
-  end
+  gem "rspec"
+  gem "rdoc"
+  gem "jeweler"
+  gem "addressable"
   gem 'rspec-pending_for'
 end

data/README.md

@@ -24,7 +24,7 @@ retrieve (by deleting) the plain password and send it to the user. Puppet
 will still simply retrieve the hashed password that is stored in trocla,
 while the plain password is not anymore stored on the server.
 
-Be default trocla uses moneta to store the passwords and can use any kind of
+By default trocla uses moneta to store the passwords and can use any kind of
 key/value based storage supported by moneta for trocla. By default it uses a
 simple yaml file.
 However, since version 0.2.0 trocla also supports a pluggable storage backend
@@ -69,6 +69,7 @@ Valid global options are:
 * profiles: a profile name or an array of profiles matching a profile_name in your configuration. Learn more about profiles below.
 * random: boolean - Whether we allow creation of random passwords or we expect a password to be preset. Default: true - or whatever you define in your global settings.
 * expires: An integer indicating the amount of seconds a value (e.g. password) is available. After expiration a value will not be available anymore and trying to `get` this key will return no value (nil). Meaning that calling create after expiration, would create a new password automatically. There is more about expiration in the storage backends section.
+* render: A hash providing flags for formats to render the output specifially. This is a global option, but support depends on a per format basis.
 
 Example:
 
@@ -167,6 +168,11 @@ options to work properly. These are documented here:
 Password hashes for PostgreSQL servers. Requires the option `username` to be set
 to the username to which the password will be assigned.
 
+### bcrypt
+
+You are able to tune the [cost factor of bcrypt](https://github.com/codahale/bcrypt-ruby#cost-factors) by passing the option `cost`.
+Note: ruby bcrypt does not support a [cost > 31](https://github.com/codahale/bcrypt-ruby/blob/master/lib/bcrypt/password.rb#L45).
+
 ### x509
 
 This format takes a set of additional options. Required are:
@@ -191,6 +197,9 @@ Additional options are:
     O                 instead within the subject string
     OU                instead within the subject string
     emailAddress      instead within the subject string
+    key_usages        Any specific key_usages different than the default ones. If you specify
+                      any, you must specify all that you want. If you don't want to have any,
+                      you must specify an empty array.
     altnames          An array of subjectAltNames. By default for non CA certificates we
                       ensure that the CN ends up here as well. If you don't want that.
                       You need to pass an empty array.
@@ -201,9 +210,33 @@ Additional options are:
                       openssl versions have a bug with [leading dots](https://rt.openssl.org/Ticket/Display.html?id=3562) for name
                       constraints. So using them might not work everywhere as expected.
 
+Output render options are:
+
+    certonly       If set to true the x509 format will return only the certificate
+    keyonly        If set to true the x509 format will return only the private key
+    publickeyonly  If set to true the x509 format will return only the public key
+
+### sshkey
+
+This format generate a ssh keypair
+
+Additional options are:
+
+    type        The ssh key type (rsa, dsa). Default: rsa
+    bits        Specifies the number of bits in the key to create. Default: 2048
+    comment     Specifies a comment.
+    passphrase  Specifies a passphrase.
+
+Output render options are:
+
+    pubonly     If set to true the sshkey format will return only the ssh public key
+    privonly    If set to true the sshkey format will return only the ssh private key
+
 ## Installation
 
-Simply build and install the gem.
+* Debian has trocla within its sid-release: `apt-get install trocla`
+* For RHEL/CentOS 7 there is a [copr reporisotry](https://copr.fedoraproject.org/coprs/duritong/trocla/). Follow the help there to integrate the repository and install trocla.
+* Trocla is also distributed as gem: `gem install trocla`
 
 ## Configuration
 
@@ -240,6 +273,7 @@ Such a store is a simple class that implements Trocla::Store and at the moment t
 
 * Moneta - the default store using [moneta](https://rubygems.org/gems/moneta) to delegate storing the values
 * Memory - simple inmemory backend. Mainly used for testing.
+* Vault - modern secrets storage by HashiCorp, require the ruby gem [vault](https://github.com/hashicorp/vault-ruby)
 
 The backend is chosen based on the `store` configuration option. If it is a symbol, we expect it to be a store that we ship with trocla. Otherwise, we assume it to be a fully qualified ruby class name, that inherits from Trocla::Store. If trocla should load an additional library to be able to find your custom store class, you can set `store_require` to whatever should be passed to a ruby require statement.
 
@@ -282,6 +316,31 @@ store_options:
 
 These examples are by no way complete, moneta has much more to offer. Please have a look at [moneta's documentation](https://github.com/minad/moneta/blob/master/README.md) for further information.
 
+#### Vault backend
+
+[Vault](https://www.vaultproject.io/) is a modern secret storage supported by HashiCorp, which works with a REST API. You can create multiple storage engine.
+
+To use vault with trocla you need to create a kv (key/value) storage engine on the vault side. Trocla can use [v1](https://www.vaultproject.io/docs/secrets/kv/kv-v1) and [v2](https://www.vaultproject.io/docs/secrets/kv/kv-v2) API endpoints, but it's recommended to use the v2 (native hash object, history, acl...).
+
+You need to install the `vault` gem to be able to use the vault backend, which is not included in the default dependencies for trocla.
+
+With vault storage, the terminology changes:
+* `mount`, this is the name of your kv engine
+* `key`, this is the biggest change. As usual with trocla, the key is a simple string. With the vault kv engine, the key map to a path, so you can have a key like `my/path/key` for structured your data
+* `secret`, is the data content of your key. This is a simple hash with key (format) and value (the secret content of your format)
+
+The trocla mapping works the same way as with a moneta or file backend.
+
+The `store_options` are a dynamic argument for initializer [Vault::Client](https://github.com/hashicorp/vault-ruby/blob/master/lib/vault/client.rb) class (except `:mount`, used to defined the kv name). You can define only one kv mount.
+
+```YAML
+store: :vault
+store_options:
+  :mount: kv
+  :token: s.Tok3n
+  :address: https://vault.local
+```
+
 ### Backend encryption
 
 By default trocla does not encrypt anything it stores. You might want to let Trocla encrypt all your passwords, at the moment the only supported way is SSL.
@@ -300,56 +359,10 @@ encryption_options:
 
 ## Update & Changes
 
-### to 0.2.0
-
-1. New feature profiles: Introduce profiles to make it easy to have a default set of properties. See the profiles section for more information.
-1. New feature expiration: Make it possible that keys can have an expiration. See the expiration section for more information.
-1. Increase default password length to 16.
-1. Add a console safe password charset. It should provide a subset of chars that are easier to type on a physical keyboard.
-1. Fix a bug with encryptions while deleting all formats.
-1. Introduce pluggable stores, so in the future we are able to talk to different backends and not only moneta. For testing and inspiration a simple in memory storage backend was added.
-1. CHANGE: moneta's configuration for `adapter` & `adapter_options` now live under store_options in the configuration file. Till 0.3.0 old configuration entries will still be accepted.
-1. CHANGE: ssl_options is now known as encryption_options. Till 0.3.0 old configuration entries will still be accepted.
-1. Improve randomness when creating a serial number.
-1. Add a new charset: hexadecimal
-1. Add support for name constraints within the x509 format
-1. Clarify documentation of the set action, as well as introduce `--no-format` for the set action.
-
-### to 0.1.3
-
-1. CHANGE: Self signed certificates are no longer CAs by default, actually they have never been due to a bug. If you want that a certificate is also a CA, you *must* pass `become_ca: true` to the options hash. But this makes it actually possible, that you can even have certificate chains. Thanks for initial hint to [Adrien Bréfort](https://github.com/abrefort)
-1. Default keysize is now 4096
-1. SECURITY: Do not increment serial, rather choose a random one.
-1. Fixing setting of altnames, was not possible due to bug, till now.
-1. Add extended tests for the x509 format, that describe all the internal specialities and should give an idea how it can be used.
-1. Add cli option to list all formats
-
-### to 0.1.1
-
-1. fix storing data longer that public Keysize -11. Thanks [Timo Goebel](https://github.com/timogoebel)
-1. add a numeric only charset. Thanks [Jonas Genannt](https://github.com/hggh)
-1. fix reading key expire time. Thanks [asquelt](https://github.com/asquelt)
-
-### to 0.1.0
-
-1. Supporting encryption of the backends. Many thanks to Thomas Gelf
-1. Adding a windows safe password charset
-
-### to 0.0.12
-
-1. change from sha1 signature for the x509 format to sha2
-1. Fix an issue where shellsafe characters might have already been initialized with shell-unsafe characters. Plz review any shell-safe character passwords regarding this problem. See the [fix](https://github.com/duritong/trocla/pull/19) for more information. Thanks [asquelt](https://github.com/asquelt) for the fix.
-
-### to 0.0.8
-
-1. be sure to update as well the moneta gem, trocla now uses the official moneta releases and supports current avaiable versions.
-1. Options for moneta's backends have changed. For example, if you are using the yaml-backend you will likely need to change the adapter option `:path:` to `:file:` to match moneta's new API.
-1. **IMPORTANT:** If you are using the yaml backend you need to migrate the current data *before* using the new trocla version! You can migrate the datastore by using the following two sed commands: `sed -i 's/^\s\{3\}/ /' /PATH/TO/trocla_data.yaml` && `sed -i '/^\s\{2\}value\:/d' /PATH/TO/trocla_data.yaml`.
-1. **SECURITY:** Previous versions of trocla used quite a simple random generator. Especially in combination with the puppet `fqdn_rand` function, you likely have very predictable random passwords and I recommend you to regenerate all randomly generated passwords! Now!
-1. We now support reading passwords from files, which means that you can now also easily add multi-line passwords. Have a look at the documentation above.
+See [Changelog](CHANGELOG.md)
 
 ## Contributing to trocla
- 
+
 * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
 * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
 * Fork the project

data/bin/trocla

@@ -47,18 +47,20 @@ OptionParser.new do |opts|
 end.parse!
 
 def create(options)
-  Trocla.new(options.delete(:config_file)).password(
+  [ Trocla.new(options.delete(:config_file)).password(
     options.delete(:trocla_key),
     options.delete(:trocla_format),
     options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
-  )
+  ) , 0 ]
 end
 
 def get(options)
-  Trocla.new(options.delete(:config_file)).get_password(
+  res = Trocla.new(options.delete(:config_file)).get_password(
     options.delete(:trocla_key),
-    options.delete(:trocla_format)
+    options.delete(:trocla_format),
+    options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
   )
+  [ res, res.nil? ? 1 : 0 ]
 end
 def set(options)
   if options.delete(:ask_password)
@@ -67,7 +69,7 @@ def set(options)
     pwd2 = ask('Repeat password: ') { |q| q.echo = 'x' }.to_s
     unless password == pwd2
       STDERR.puts 'Passwords did not match, exiting!'
-      exit 1
+      return [ nil, 1 ]
     end
   else
     password = options.delete(:password) || STDIN.read.chomp
@@ -78,33 +80,50 @@ def set(options)
   value = if no_format
     password
   else
-    trocla.formats(format).format(password, options.delete(:other_options).shift.to_s)
+    trocla.formats(format).format(password, (YAML.load(options.delete(:other_options).shift.to_s)||{}))
   end
   trocla.set_password(
     options.delete(:trocla_key),
     format,
     value
   )
-  ''
+  [ '', 0 ]
 end
 
 def reset(options)
-  Trocla.new(options.delete(:config_file)).reset_password(
+  [ Trocla.new(options.delete(:config_file)).reset_password(
     options.delete(:trocla_key),
     options.delete(:trocla_format),
     options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
-  )
+  ), 0 ]
 end
 
 def delete(options)
-  Trocla.new(options.delete(:config_file)).delete_password(
+  res = Trocla.new(options.delete(:config_file)).delete_password(
     options.delete(:trocla_key),
     options.delete(:trocla_format)
   )
+  [ res, res.nil? ? 1 : 0 ]
 end
 
 def formats(options)
-  "Available formats: #{Trocla::Formats.all.join(', ')}"
+  key = (options.delete(:trocla_key) || '' )
+  if key.empty?
+    "Available formats: #{Trocla::Formats.all.join(', ')}"
+  else
+    res = Trocla.new(options.delete(:config_file)).available_format(
+      key,
+      options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
+    )
+    [ res.nil? ? res : res.join(', '), res.nil? ? 1 : 0 ]
+  end
+end
+
+def search(options)
+  res = Trocla.new(options.delete(:config_file)).search_key(
+    options.delete(:trocla_key)
+  )
+  [ res.nil? ? res : res.join("\n"), res.nil? ? 1 : 0 ]
 end
 
 def check_format(format_name)
@@ -117,15 +136,16 @@ def check_format(format_name)
   end
 end
 
-actions=['create','get','set','reset','delete', 'formats' ]
+actions=['create','get','set','reset','delete','formats','search']
 
 if (action=ARGV.shift) && actions.include?(action)
     options[:trocla_key] = ARGV.shift
     options[:trocla_format] = ARGV.shift
     options[:other_options] = ARGV
-    check_format(options[:trocla_format]) unless ['delete','formats'].include?(action)
+    check_format(options[:trocla_format]) unless ['delete','formats','search'].include?(action)
     begin
-      if result = send(action,options)
+      result, excode = send(action,options)
+      if result
         puts result.is_a?(String) ? result : result.inspect
       end
     rescue Exception => e
@@ -136,6 +156,7 @@ if (action=ARGV.shift) && actions.include?(action)
       raise e if options[:trace]
       exit 1
     end
+    exit excode.nil? ? 0 : excode
 else
     STDERR.puts "Please supply one of the following actions: #{actions.join(', ')}"
     STDERR.puts "Use #{$0} --help to get a list of options for these actions"

data/ext/redhat/rubygem-trocla.spec

@@ -0,0 +1,120 @@
+# Generated from trocla-0.1.2.gem by gem2rpm -*- rpm-spec -*-
+%global gem_name trocla
+
+Name: rubygem-%{gem_name}
+Version: 0.3.0
+Release: 1%{?dist}
+Summary: Trocla a simple password generator and storage
+Group: Development/Languages
+License: GPLv3
+URL: https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/
+Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
+Requires: rubygem-moneta
+Requires: rubygem-bcrypt
+Requires: rubygem-highline
+BuildRequires: rubygem-moneta = 0.7.20
+BuildRequires: rubygem-bcrypt
+BuildRequires: rubygem-highline
+%if 0%{?rhel} >= 7
+BuildRequires: ruby(release)
+%endif
+BuildRequires: rubygems-devel
+BuildRequires: ruby
+# BuildRequires: rubygem(mocha)
+# BuildRequires: rubygem(rspec) => 2.4
+# BuildRequires: rubygem(rspec) < 3
+# BuildRequires: rubygem(jeweler) => 1.6
+# BuildRequires: rubygem(jeweler) < 2
+BuildArch: noarch
+
+%description
+Trocla helps you to generate random passwords and to store them in various
+formats (plain, MD5, bcrypt) for later retrival.
+
+
+%package doc
+Summary: Documentation for %{name}
+Group: Documentation
+Requires: %{name} = %{version}-%{release}
+BuildArch: noarch
+
+%description doc
+Documentation for %{name}.
+
+%prep
+gem unpack %{SOURCE0}
+
+%setup -q -D -T -n  %{gem_name}-%{version}
+
+gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
+
+%build
+# Create the gem as gem install only works on a gem file
+gem build %{gem_name}.gemspec
+
+# %%gem_install compiles any C extensions and installs the gem into ./%%gem_dir
+# by default, so that we can move it into the buildroot in %%install
+%gem_install
+
+%install
+mkdir -p %{buildroot}%{gem_dir}
+cp -a .%{gem_dir}/* \
+        %{buildroot}%{gem_dir}/
+
+
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_sysconfdir}
+mkdir -p %{buildroot}/%{_sharedstatedir}/%{gem_name}
+touch %{buildroot}/%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
+
+cp -pa .%{_bindir}/* \
+        %{buildroot}%{_bindir}/
+
+chmod a+x %{buildroot}%{gem_instdir}/bin/%{gem_name}
+
+cat <<EOF > %{buildroot}/%{_sysconfdir}/%{gem_name}rc.yaml
+---
+store: :moneta
+store_options:
+  adapter: :YAML
+  adapter_options:
+    :file: '%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml'
+EOF
+
+# Run the test suite
+%check
+pushd .%{gem_instdir}
+
+popd
+
+%files
+%dir %{gem_instdir}
+%{_bindir}/trocla
+%{gem_instdir}/.rspec
+%exclude %{gem_instdir}/.travis.yml
+%exclude %{gem_instdir}/.rspec
+%exclude %{gem_instdir}/ext/redhat/%{name}.spec
+%license %{gem_instdir}/LICENSE.txt
+%{gem_instdir}/bin
+%{gem_libdir}
+%exclude %{gem_cache}
+%{gem_spec}
+%config(noreplace) %{_sysconfdir}/%{gem_name}rc.yaml
+%dir %attr(-, -, -) %{_sharedstatedir}/%{gem_name}
+%config(noreplace) %attr(660, root, root) %{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
+
+%files doc
+%doc %{gem_docdir}
+%doc %{gem_instdir}/.document
+%{gem_instdir}/Gemfile
+%doc %{gem_instdir}/README.md
+%doc %{gem_instdir}/CHANGELOG.md
+%{gem_instdir}/Rakefile
+%{gem_instdir}/spec
+%{gem_instdir}/trocla.gemspec
+
+%changelog
+* Mon Dec 21 2015 mh - 0.2.0-1
+- Release of v0.2.0
+* Sun Jun 21 2015 mh - 0.1.2-1
+- Initial package