19 files changed, 30 insertions, 52 deletions

diff --git a/configure.ac b/configure.ac
index 31bfa8aaf..4a3ba15a5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -463,7 +463,6 @@ AC_CONFIG_FILES([
     install/share/Makefile
     install/share/advise/Makefile
     install/share/advise/legacy/Makefile
-    install/share/csrgen/Makefile
     install/share/profiles/Makefile
     install/share/schema.d/Makefile
     install/ui/Makefile
diff --git a/freeipa.spec.in b/freeipa.spec.in
index cc7422aad..db591e09b 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1231,13 +1231,6 @@ fi
 %{_usr}/share/ipa/advise/legacy/*.template
 %dir %{_usr}/share/ipa/profiles
 %{_usr}/share/ipa/profiles/*.cfg
-%dir %{_usr}/share/ipa/csrgen
-%dir %{_usr}/share/ipa/csrgen/templates
-%{_usr}/share/ipa/csrgen/templates/*.tmpl
-%dir %{_usr}/share/ipa/csrgen/profiles
-%{_usr}/share/ipa/csrgen/profiles/*.json
-%dir %{_usr}/share/ipa/csrgen/rules
-%{_usr}/share/ipa/csrgen/rules/*.json
 %dir %{_usr}/share/ipa/html
 %{_usr}/share/ipa/html/ffconfig.js
 %{_usr}/share/ipa/html/ffconfig_page.js
@@ -1364,6 +1357,9 @@ fi
 %{python_sitelib}/ipaclient/plugins/*.py*
 %{python_sitelib}/ipaclient/remote_plugins/*.py*
 %{python_sitelib}/ipaclient/remote_plugins/2_*/*.py*
+%{python_sitelib}/ipaclient/csrgen/profiles/*.json
+%{python_sitelib}/ipaclient/csrgen/rules/*.json
+%{python_sitelib}/ipaclient/csrgen/templates/*.tmpl
 %{python_sitelib}/ipaclient-*.egg-info
 
 
@@ -1384,6 +1380,9 @@ fi
 %{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py*
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
+%{python3_sitelib}/ipaclient/csrgen/profiles/*.json
+%{python3_sitelib}/ipaclient/csrgen/rules/*.json
+%{python3_sitelib}/ipaclient/csrgen/templates/*.tmpl
 %{python3_sitelib}/ipaclient-*.egg-info
 
 %endif # with_python3
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index bbf6ce10a..1e8f0d572 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -2,7 +2,6 @@ NULL =
 
 SUBDIRS =  				\
 	advise				\
-	csrgen				\
 	profiles			\
 	schema.d			\
 	$(NULL)
diff --git a/install/share/csrgen/Makefile.am b/install/share/csrgen/Makefile.am
deleted file mode 100644
index 12c62c4d9..000000000
--- a/install/share/csrgen/Makefile.am
+++ /dev/null
@@ -1,35 +0,0 @@
-NULL =
-
-profiledir = $(IPA_DATA_DIR)/csrgen/profiles
-profile_DATA =				\
-	profiles/caIPAserviceCert.json	\
-	profiles/userCert.json		\
-	$(NULL)
-
-ruledir = $(IPA_DATA_DIR)/csrgen/rules
-rule_DATA =				\
-	rules/dataDNS.json		\
-	rules/dataEmail.json		\
-	rules/dataHostCN.json		\
-	rules/dataUsernameCN.json	\
-	rules/dataSubjectBase.json	\
-	rules/syntaxSAN.json		\
-	rules/syntaxSubject.json	\
-	$(NULL)
-
-templatedir = $(IPA_DATA_DIR)/csrgen/templates
-template_DATA =			\
-	templates/certutil_base.tmpl	\
-	templates/openssl_base.tmpl	\
-	templates/openssl_macros.tmpl	\
-	$(NULL)
-
-EXTRA_DIST =				\
-	$(profile_DATA)			\
-	$(rule_DATA)			\
-	$(template_DATA)		\
-	$(NULL)
-
-MAINTAINERCLEANFILES =			\
-	*~				\
-	Makefile.in
diff --git a/ipaclient/csrgen.py b/ipaclient/csrgen.py
index 96100ae82..8c41e3985 100644
--- a/ipaclient/csrgen.py
+++ b/ipaclient/csrgen.py
@@ -8,6 +8,8 @@ import os.path
 import pipes
 import traceback
 
+import pkg_resources
+
 import jinja2
 import jinja2.ext
 import jinja2.sandbox
@@ -15,7 +17,6 @@ import six
 
 from ipalib import errors
 from ipalib.text import _
-from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import log_mgr
 
 if six.PY3:
@@ -72,10 +73,14 @@ class Formatter(object):
     """
     base_template_name = None
 
-    def __init__(self, csr_data_dir=paths.CSR_DATA_DIR):
+    def __init__(self, csr_data_dir=None):
+        if csr_data_dir is not None:
+            loader = jinja2.FileSystemLoader(
+                os.path.join(csr_data_dir, 'templates'))
+        else:
+            loader = jinja2.PackageLoader('ipaclient', 'csrgen/templates')
         self.jinja2 = jinja2.sandbox.SandboxedEnvironment(
-            loader=jinja2.FileSystemLoader(
-                os.path.join(csr_data_dir, 'templates')),
+            loader=loader,
             extensions=[jinja2.ext.ExprStmtExtension, IPAExtension],
             keep_trailing_newline=True, undefined=IndexableUndefined)
 
@@ -277,9 +282,13 @@ class RuleProvider(object):
 
 
 class FileRuleProvider(RuleProvider):
-    def __init__(self, csr_data_dir=paths.CSR_DATA_DIR):
+    def __init__(self, csr_data_dir=None):
         self.rules = {}
-        self.csr_data_dir = csr_data_dir
+        if csr_data_dir is None:
+            self.csr_data_dir = pkg_resources.resource_filename(
+                'ipaclient', 'csrgen')
+        else:
+            self.csr_data_dir = csr_data_dir
 
     def _rule(self, rule_name, helper):
         if (rule_name, helper) not in self.rules:
diff --git a/install/share/csrgen/profiles/caIPAserviceCert.json b/ipaclient/csrgen/profiles/caIPAserviceCert.json
index 114d2ffd4..114d2ffd4 100644
--- a/install/share/csrgen/profiles/caIPAserviceCert.json
+++ b/ipaclient/csrgen/profiles/caIPAserviceCert.json
diff --git a/install/share/csrgen/profiles/userCert.json b/ipaclient/csrgen/profiles/userCert.json
index d6cf5cfff..d6cf5cfff 100644
--- a/install/share/csrgen/profiles/userCert.json
+++ b/ipaclient/csrgen/profiles/userCert.json
diff --git a/install/share/csrgen/rules/dataDNS.json b/ipaclient/csrgen/rules/dataDNS.json
index 2663f1141..2663f1141 100644
--- a/install/share/csrgen/rules/dataDNS.json
+++ b/ipaclient/csrgen/rules/dataDNS.json
diff --git a/install/share/csrgen/rules/dataEmail.json b/ipaclient/csrgen/rules/dataEmail.json
index 2eae9fb25..2eae9fb25 100644
--- a/install/share/csrgen/rules/dataEmail.json
+++ b/ipaclient/csrgen/rules/dataEmail.json
diff --git a/install/share/csrgen/rules/dataHostCN.json b/ipaclient/csrgen/rules/dataHostCN.json
index 5c415bb8c..5c415bb8c 100644
--- a/install/share/csrgen/rules/dataHostCN.json
+++ b/ipaclient/csrgen/rules/dataHostCN.json
diff --git a/install/share/csrgen/rules/dataSubjectBase.json b/ipaclient/csrgen/rules/dataSubjectBase.json
index 309dfb1ed..309dfb1ed 100644
--- a/install/share/csrgen/rules/dataSubjectBase.json
+++ b/ipaclient/csrgen/rules/dataSubjectBase.json
diff --git a/install/share/csrgen/rules/dataUsernameCN.json b/ipaclient/csrgen/rules/dataUsernameCN.json
index 37e7e0113..37e7e0113 100644
--- a/install/share/csrgen/rules/dataUsernameCN.json
+++ b/ipaclient/csrgen/rules/dataUsernameCN.json
diff --git a/install/share/csrgen/rules/syntaxSAN.json b/ipaclient/csrgen/rules/syntaxSAN.json
index 122eb1244..122eb1244 100644
--- a/install/share/csrgen/rules/syntaxSAN.json
+++ b/ipaclient/csrgen/rules/syntaxSAN.json
diff --git a/install/share/csrgen/rules/syntaxSubject.json b/ipaclient/csrgen/rules/syntaxSubject.json
index af6ec03d3..af6ec03d3 100644
--- a/install/share/csrgen/rules/syntaxSubject.json
+++ b/ipaclient/csrgen/rules/syntaxSubject.json
diff --git a/install/share/csrgen/templates/certutil_base.tmpl b/ipaclient/csrgen/templates/certutil_base.tmpl
index a5556fda0..a5556fda0 100644
--- a/install/share/csrgen/templates/certutil_base.tmpl
+++ b/ipaclient/csrgen/templates/certutil_base.tmpl
diff --git a/install/share/csrgen/templates/openssl_base.tmpl b/ipaclient/csrgen/templates/openssl_base.tmpl
index 22b16862e..22b16862e 100644
--- a/install/share/csrgen/templates/openssl_base.tmpl
+++ b/ipaclient/csrgen/templates/openssl_base.tmpl
diff --git a/install/share/csrgen/templates/openssl_macros.tmpl b/ipaclient/csrgen/templates/openssl_macros.tmpl
index d31b8fef5..d31b8fef5 100644
--- a/install/share/csrgen/templates/openssl_macros.tmpl
+++ b/ipaclient/csrgen/templates/openssl_macros.tmpl
diff --git a/ipaclient/setup.py b/ipaclient/setup.py
index 93cb1e8fb..f5be7ea61 100644
--- a/ipaclient/setup.py
+++ b/ipaclient/setup.py
@@ -43,6 +43,13 @@ if __name__ == '__main__':
             "ipaclient.remote_plugins.2_156",
             "ipaclient.remote_plugins.2_164",
         ],
+        package_data={
+            'ipaclient': [
+                'csrgen/profiles/*.json',
+                'csrgen/rules/*.json',
+                'csrgen/templates/*.tmpl',
+            ],
+        },
         install_requires=[
             "cryptography",
             "ipalib",
@@ -56,5 +63,6 @@ if __name__ == '__main__':
         extras_require={
             "install": ["ipaplatform"],
             "otptoken_yubikey": ["yubico", "usb"]
-        }
+        },
+        zip_safe=False,
     )
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index e4d4f2edc..de4ea23d3 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -238,7 +238,6 @@ class BasePathNamespace(object):
     SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
     IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
     UPDATES_DIR = "/usr/share/ipa/updates/"
-    CSR_DATA_DIR = "/usr/share/ipa/csrgen"
     DICT_WORDS = "/usr/share/dict/words"
     CACHE_IPA_SESSIONS = "/var/cache/ipa/sessions"
     VAR_KERBEROS_KRB5KDC_DIR = "/var/kerberos/krb5kdc/"