NiceOS RPM dist-git source for cepces

Find a file

NiceOS DistGit Import Bot 5b95d2126b Sync cepces from NiceOS Core snapshot EVR: 0.3.16-1 Lock-SHA256: 612ea0bf6387c19426fe518cd3ada4b6979957c905ceac6ee9999af180775319 Branch: niceos-5.2		2026-05-01 15:54:21 +03:00
METADATA	Sync cepces from NiceOS Core snapshot	2026-04-27 21:45:10 +03:00
SBOM	Sync cepces from NiceOS Core snapshot	2026-04-27 21:45:10 +03:00
SOURCES	Sync cepces from NiceOS Core snapshot	2026-04-27 21:45:10 +03:00
SPECS	Sync cepces from NiceOS Core snapshot	2026-04-27 21:45:10 +03:00
.gitignore	Sync cepces from NiceOS Core snapshot	2026-04-27 21:45:10 +03:00
OWNERS	Sync cepces from NiceOS Core snapshot	2026-04-27 21:45:10 +03:00
README.md	Sync cepces from NiceOS Core snapshot	2026-05-01 15:54:21 +03:00
README_RU.md	Sync cepces from NiceOS Core snapshot	2026-05-01 15:54:21 +03:00

README.md

cepces

Overview

cepces is a certificate-enrollment client for CEP and CES. In practice, it is used to request and renew certificates from a Microsoft AD CS-style enrollment workflow from Linux systems. The package exists in a Linux distribution so that systems that need automated certificate enrollment can use a packaged, reproducible build instead of relying on ad hoc local installs.

The upstream project description notes that cepces currently requires certmonger to operate, and that the tested use case is a simple Microsoft Active Directory Certificate Services deployment. NiceOS maintainers should verify upstream behavior and supported scenarios before relying on broader compatibility.

Purpose and typical use cases

Typical use cases include:

certificate enrollment on managed Linux hosts
renewal workflows for machines that obtain client certificates automatically
integration with directory or PKI environments that expose CEP/CES endpoints
packaging and system integration work for administrators who manage certificate lifecycle automation

Typical users are:

system administrators who manage enterprise certificate enrollment
developers who integrate enrollment workflows into host provisioning or setup scripts
security engineers who operate PKI-backed authentication or device identity flows
CI/CD or configuration-management maintainers who need repeatable certificate enrollment on managed systems

Upstream project

Upstream is published at the project repository on GitHub. The repository description identifies cepces as an application for enrolling certificates through CEP and CES. The upstream README and package metadata should be treated as the primary sources for implementation details and supported scenarios. If a behavior is not explicitly documented upstream, NiceOS maintainers should verify it before using it as a packaging assumption. (build.opensuse.org)

Dist-git repository contents

This dist-git repository contains the packaging and distribution metadata for the NiceOS RPM:

SPECS/ — RPM spec files and packaging logic
SOURCES/ — source manifests and related source-control metadata used by the packaging workflow
METADATA/ — repository metadata used by the dist-git tooling
SBOM/ — software bill of materials data, when present or regenerated by packaging workflows

The repository is intended to hold the packaging inputs, not the full upstream source tree.

Source storage and integrity policy

Large upstream source archives are intentionally not stored in this Git repository. Instead, the source is referenced and tracked through manifest files in SOURCES/.

For maintainers, this means:

verify that the manifest entries still point to the intended upstream source
check that any regenerated source metadata matches the new upstream content
avoid assuming that a file present in SOURCES/ is the only integrity control; review the full packaging workflow as needed

NiceOS maintainers should verify the exact source-control mechanism used by the spec and source service before updating the package.

NiceOS maintenance notes

Before updating cepces, check the following:

upstream release notes and changelog for behavior changes
whether certmonger integration still matches the packaging assumptions
whether the spec needs updates for build dependencies, scriptlets, or installed paths
whether any generated files need regeneration, such as:
- SOURCES manifest entries
- SBOM data, if your packaging policy keeps it current
- any packaged documentation or man-page artifacts generated from upstream sources
whether the update changes runtime behavior for existing certificate enrollment workflows
whether the package still works with the distribution’s certificate-enrollment and service-management conventions

Risks to consider:

changes in upstream enrollment behavior may break automated renewal
upstream may alter the expected certmonger integration
service names, paths, or documentation may change and require spec updates
certificate-enrollment packages are often environment-specific; confirm the target deployment model before treating a new upstream version as a drop-in replacement

Build and verification checklist

For RPM maintainers, a practical update check is:

Confirm the upstream source and repository reference.
Compare the new upstream content with the current packaging assumptions.
Review the spec for changed build requirements or file lists.
Regenerate source metadata in SOURCES/ if the workflow requires it.
Rebuild the RPM in the target branch.
Run package tests, if available.
Verify that installed files, man pages, and service integration still match expectations.
Test a representative enrollment flow in a controlled environment.
Check the package for dependency or path changes that would affect existing deployments.
Review the resulting SBOM and repository metadata if your release process uses them.

References

Russian documentation

See README_RU.md for the Russian version of this document.

Dist-git repository notes

Package repository: rpms/cepces
NiceOS branch: niceos-5.2
This README is intentionally stable and does not include EVR, source archive checksums or lock hashes.

README.md Unescape Escape