File 389-ds.spec of Package 389-ds.8204
#
# spec file for package 389-ds
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif
%bcond_with lib389
%define use_python python3
%define skip_python2 1
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
# Home directory
%global pkgname dirsrv
%global groupname %{pkgname}.target
%define homedir %{_localstatedir}/lib/dirsrv
%define logdir %{_localstatedir}/log/dirsrv
%define lockdir %{_localstatedir}/lock/dirsrv
# User and group name that own the home directory
%define user_group dirsrv
%ifnarch s390x s390 ppc64 ppc64le
%global use_tcmalloc 1
%else
%global use_tcmalloc 0
%endif
Name: 389-ds
Version: 1.4.0.3
Release: 0
Summary: 389 Directory Server
License: GPL-2.0-only
Group: Productivity/Networking/LDAP/Servers
Url: https://pagure.io/389-ds-base
Source: https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2
Source1: extra-schema.tgz
Source2: LICENSE.openldap
Source9: %{name}-rpmlintrc
# PATCH-FIX-SLES -- Make init scripts LSB conform
Patch1: 0001-init_fhs.patch
Patch2: 0002-use-python2-for-selinux-detection.patch
Patch3: 0003-fix-rm-non-existent-man-pages.patch
Patch4: simplify-lib389-setup-py.patch
Patch5: tw.patch
Patch6: 0006-under-network-load-ps-can-decrease-connection-refcnt.patch
Patch7: 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch
Patch8: 0008-invalid-password-migration-causes-unauth-bind.patch
Patch9: 0009-ldapsearch-with-server-side-sort-crashes-the-server.patch
Patch10: 0010-Log-buffer-exceeded-emergency-logging-msg-is-not-thread-safe.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: cyrus-sasl-devel
BuildRequires: db-devel >= 4.5
BuildRequires: doxygen
BuildRequires: gcc-c++
BuildRequires: gdb
BuildRequires: krb5-devel
BuildRequires: libcmocka-devel
BuildRequires: libevent-devel
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libtool
# net-snmp-devel is needed to build the snmp ldap-agent
BuildRequires: net-snmp-devel >= 5.1.2
BuildRequires: openldap2-devel
# pam-devel is required by the pam passthru auth plug-in
BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
%if %{with lib389}
BuildRequires: %{python_module ldap >= 3.0}
BuildRequires: %{python_module pyasn1-modules}
BuildRequires: %{python_module pyasn1}
BuildRequires: %{python_module python-dateutil}
BuildRequires: %{python_module six}
BuildRequires: python3-ldap
%endif
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
BuildRequires: pkgconfig(icu-i18n)
BuildRequires: pkgconfig(icu-uc)
BuildRequires: pkgconfig(libpcre)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(nspr)
BuildRequires: pkgconfig(nss)
BuildRequires: pkgconfig(svrcore) >= 4.1.3
BuildRequires: pkgconfig(systemd)
%if %{use_tcmalloc}
BuildRequires: pkgconfig(libtcmalloc)
%endif
Requires: %{_sbindir}/service
Requires: acl
Requires: bind-utils
Requires: cyrus-sasl-digestmd5
Requires: cyrus-sasl-gssapi
Requires: db-utils
Requires: mozilla-nss-tools
Requires: openldap2-client
Requires: python-selinux
Requires: perl(Mozilla::LDAP::API)
Requires: perl(Mozilla::LDAP::Conn)
Requires: perl(Mozilla::LDAP::Entry)
Requires: perl(Mozilla::LDAP::LDIF)
Requires: perl(Mozilla::LDAP::Utils)
Requires: perl(NetAddr::IP)
Requires: perl(Socket6)
Requires(post): fillup
Requires(pre): shadow
Obsoletes: 389-ds-base < %{version}-%{release}
Provides: 389-ds-base = %{version}-%{release}
%{?systemd_requires}
%description
389 Directory Server is a full-featured LDAPv3 compliant server. In
addition to the standard LDAPv3 operations, it supports multi-master
replication, fully online configuration and administration, chaining,
virtual attributes, access control directives in the data, Virtual
List View, server-side sorting, SASL, TLS/SSL, and many other
features. (The server started out as Netscape Directory Server.)
%package devel
Summary: Development files for the 389 Directory Server
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}
Requires: openldap2-devel
Requires: pkgconfig
Requires: pkgconfig(nspr)
Requires: pkgconfig(nss)
Requires: pkgconfig(svrcore) >= 4.1.3
Requires: pkgconfig(systemd)
%description devel
389 Directory Server is a full-featured LDAPv3 compliant server. In
addition to the standard LDAPv3 operations, it supports multi-master
replication, fully online configuration and administration, chaining,
virtual attributes, access control directives in the data, Virtual
List View, server-side sorting, SASL, TLS/SSL, and many other
features.
This package contains the development files for 389DS.
%package snmp
Summary: SNMP Agent for 389 Directory Server
Group: System/Daemons
Requires: %{name} = %{version}
Obsoletes: %{name} <= 1.3.6.2
%description snmp
SNMP Agent for the 389 Directory Server base package.
%if %{with lib389}
%package -n lib389
Summary: Python library for interacting with the 389 Directory Server
Group: Development/Languages/Python
Requires: %{use_python}-ldap >= 3.0
Requires: %{use_python}-pyasn1
Requires: %{use_python}-pyasn1-modules
Requires: %{use_python}-python-dateutil
Requires: %{use_python}-six
Requires: krb5
Requires: krb5-client
Provides: python-lib389 = %{version}-%{release}
Provides: python3-lib389 = %{version}-%{release}
Obsoletes: python-lib389 < %{version}-%{release}
Obsoletes: python3-lib389 < %{version}-%{release}
%description -n lib389
Python library for interacting with the 389 Directory Server
%endif
%prep
%setup -q -a 1 -n %{name}-base-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%build
# Make sure python3 is used in shebangs
# FIX ME!! This should be fixed in the source code !!!
sed -r -i '1s|^#!\s*%{_bindir}.*python.*|#!%{_bindir}/%{use_python}|' ldap/admin/src/scripts/{*.py,ds-replcheck} src/lib389/cli/ds*
# TODO:
# seems to have no effect --enable-perl \
# warning that it might lead to instabilities --with-journald \
touch docs/custom.css
autoreconf -fi
export CFLAGS="%{optflags}" # -std=gnu99"
%configure \
%if 0%{?suse_version} >= 1330
--enable-gcc-security \
%endif
--enable-autobind \
--enable-auto-dn-suffix \
--with-openldap \
--enable-cmocka \
%if %{use_tcmalloc}
--enable-tcmalloc \
%endif
--with-selinux \
--with-perldir=%{_bindir} \
--with-pythonexec="%{_bindir}/%{use_python}" \
--with-systemd \
--with-systemdgroupname=%{groupname} \
--with-systemdsystemunitdir="%{_unitdir}" \
--with-systemdsystemconfdir="%{_sysconfdir}/systemd/system" \
--with-tmpfiles-d="%{_tmpfilesdir}" \
--with-systemdgroupname=dirsrv.target \
export XCFLAGS="$CFLAGS"
make %{?_smp_mflags}
make setup.py
%if %{with lib389}
pushd src/lib389
%python_build
popd
%endif
%install
%make_install
%if %{with lib389}
pushd src/lib389
%python_install
popd
%endif
cp -r man/man3 %{buildroot}%{_mandir}/man3
install -D -d -m 0750 %{buildroot}%{homedir}
mkdir -p %{buildroot}%{logdir}
mkdir -p %{buildroot}%{homedir}
mkdir -p %{buildroot}%{lockdir}
# for systemd
mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{groupname}.wants
#remove libtool archives and static libs
find %{buildroot} -type f -name "*.la" -delete -print
# make sure perl scripts have a proper shebang
sed -i -e 's|#{{PERL-EXEC}}|#!%{_bindir}/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl
# install extra schema files
cp -R extra-schema "%{buildroot}/%{_datadir}/dirsrv/"
# bring OpenLDAP copyright notice here because it is referenced by several extra schema files
cp %{SOURCE2} ./
install -d "%{buildroot}%{_fillupdir}"
for i in "%{buildroot}%{_sysconfdir}/sysconfig"/*; do
mv "$i" "%{buildroot}%{_fillupdir}/sysconfig.${i##*/}"
done
%pre
if ! getent group %{user_group} >/dev/null; then
%{_sbindir}/groupadd -f -r %{user_group}
fi
if ! getent passwd %{user_group} >/dev/null; then
%{_sbindir}/useradd -r -g %{user_group} -s /sbin/nologin -r -d %{homedir} -c "User for 389 directory server" %{user_group}
fi
%post
%fillup_only -n dirsrv
%postun
output=/dev/null
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
# reload to pick up any shared lib changes
%fillup_only -n dirsrv
%fillup_only -n dirsrv.systemd
# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
fi
echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
instbase="%{_sysconfdir}/%{pkgname}"
for dir in $instbase/slapd-* ; do
echo dir = $dir >> $output 2>&1 || :
if [ ! -d "$dir" ] ; then continue ; fi
case "$dir" in *.removed) continue ;; esac
basename=`basename $dir`
inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
instances="$instances $inst"
else
echo instance $inst is not running >> $output 2>&1 || :
fi
ninst=`expr $ninst + 1`
done
if [ $ninst -eq 0 ] ; then
echo no instances to upgrade >> $output 2>&1 || :
exit 0 # have no instances to upgrade - just skip the rest
fi
# shutdown all instances
echo shutting down all instances . . . >> $output 2>&1 || :
for inst in $instances ; do
echo stopping instance $inst >> $output 2>&1 || :
/bin/systemctl stop $inst >> $output 2>&1 || :
done
# do the upgrade
echo upgrading instances . . . >> $output 2>&1 || :
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
%{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
else
%{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
fi
# restart instances that require it
for inst in $instances ; do
echo restarting instance $inst >> $output 2>&1 || :
/bin/systemctl start $inst >> $output 2>&1 || :
done
exit 0
%preun
%service_del_preun %{pkg_name}.target
%pre snmp
%service_add_pre dirsrv-snmp.service
%post snmp
%service_add_post %{pkgname}-snmp.service
%preun snmp
%service_del_preun %{pkgname}-snmp.service
%postun snmp
%service_del_postun %{pkgname}-snmp.service
%files
%defattr(-,root,root)
%doc README
%license LICENSE LICENSE.openldap
%dir %attr(-,%{user_group},%{user_group}) %{homedir}
%dir %attr(-,%{user_group},%{user_group}) %{logdir}
%config(noreplace) %{_sysconfdir}/dirsrv/config/*
%config(noreplace) %{_sysconfdir}/dirsrv/schema/*
%{_datadir}/dirsrv
%dir %{_libdir}/dirsrv
%dir %{_libdir}/dirsrv/*
%dir %{_sysconfdir}/dirsrv
%dir %{_sysconfdir}/dirsrv/config
%dir %{_sysconfdir}/dirsrv/schema
%{_libdir}/dirsrv/libns-dshttpd-*.so
%{_libdir}/dirsrv/perl/*.pm
%{_libdir}/dirsrv/plugins/*.so
%{_libdir}/dirsrv/python/*.py
%{_libdir}/dirsrv/*.so.*
%{_fillupdir}/sysconfig.*
%exclude %{_mandir}/man1/ldap-agent*
%{_mandir}/man1/*
%{_mandir}/man8/*
%{_bindir}/*
%caps(CAP_NET_BIND_SERVICE=pe) %{_sbindir}/ns-slapd
#{_sbindir}/ns-slapd
%{_sbindir}/bak2db
%{_sbindir}/bak2db.pl
%{_sbindir}/cleanallruv.pl
%{_sbindir}/db2bak
%{_sbindir}/db2bak.pl
%{_sbindir}/db2index
%{_sbindir}/db2index.pl
%{_sbindir}/db2ldif
%{_sbindir}/db2ldif.pl
%{_sbindir}/dbmon.sh
%{_sbindir}/dbverify
%{_sbindir}/dn2rdn
%{_sbindir}/ds_selinux_enabled
%{_sbindir}/ds_selinux_port_query
%{_sbindir}/ds_systemd_ask_password_acl
%{_sbindir}/fixup-linkedattrs.pl
%{_sbindir}/fixup-memberof.pl
%{_sbindir}/ldif2db
%{_sbindir}/ldif2db.pl
%{_sbindir}/ldif2ldap
%{_sbindir}/migrate-ds.pl
%{_sbindir}/monitor
%{_sbindir}/ns-accountstatus.pl
%{_sbindir}/ns-activate.pl
%{_sbindir}/ns-inactivate.pl
%{_sbindir}/ns-newpwpolicy.pl
%{_sbindir}/remove-ds.pl
%{_sbindir}/restart-dirsrv
%{_sbindir}/restoreconfig
%{_sbindir}/saveconfig
%{_sbindir}/schema-reload.pl
%{_sbindir}/setup-ds.pl
%{_sbindir}/start-dirsrv
%{_sbindir}/status-dirsrv
%{_sbindir}/stop-dirsrv
%{_sbindir}/suffix2instance
%{_sbindir}/syntax-validate.pl
%{_sbindir}/upgradedb
%{_sbindir}/upgradednformat
%{_sbindir}/usn-tombstone-cleanup.pl
%{_sbindir}/verify-db.pl
%{_sbindir}/vlvindex
%{_unitdir}/dirsrv@.service
%{_unitdir}/dirsrv.target
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
# sysctl.d is always in /lib.
%{_prefix}/lib/sysctl.d/*
%dir %{_datadir}/gdb/auto-load/usr/sbin/
%{_datadir}/gdb/auto-load/usr/sbin/ns-slapd-gdb.py
%files devel
%defattr(-,root,root)
%doc README
%license LICENSE
%{_mandir}/man3/*
%{_includedir}/dirsrv
%{_libdir}/dirsrv/libns-dshttpd.so
%{_libdir}/dirsrv/libnunc-stans.so
%{_libdir}/dirsrv/libsds.so
%{_libdir}/dirsrv/libslapd.so
%{_libdir}/dirsrv/libldaputil.so
%{_libdir}/pkgconfig/*.pc
%files snmp
%defattr(-,root,root,-)
%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
# TODO: README.devel
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
%{_sbindir}/ldap-agent*
%{_mandir}/man1/ldap-agent.1*
%{_unitdir}/%{pkgname}-snmp.service
%if %{with lib389}
%files -n lib389
%defattr(-,root,root,-)
%doc src/lib389/README*
%license src/lib389/LICENSE
%{_sbindir}/dsconf
%{_sbindir}/dscreate
%{_sbindir}/dsctl
%{_sbindir}/dsidm
/usr/lib/python*/site-packages/lib389*
%endif
%changelog
