File 389-ds.spec of Package 389-ds
#
# spec file for package 389-ds
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif
%bcond_with rust
%bcond_without lib389
%define use_python python3
%define skip_python2 1
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
# Home directory
%global pkgname dirsrv
%global groupname %{pkgname}.target
%define homedir %{_localstatedir}/lib/dirsrv
%define logdir %{_localstatedir}/log/dirsrv
%define lockdir %{_localstatedir}/lock/dirsrv
# User and group name that own the home directory
%define user_group dirsrv
%ifnarch s390x s390 ppc64 ppc64le
%global use_tcmalloc 1
%else
%global use_tcmalloc 0
%endif
%define svrcorelib libsvrcore0
Name: 389-ds
Version: 1.4.0.18
Release: 0
Summary: 389 Directory Server
License: GPL-2.0-only AND MPL-2.0
Group: Productivity/Networking/LDAP/Servers
Url: https://pagure.io/389-ds-base
Source: https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2
Source1: extra-schema.tgz
Source2: LICENSE.openldap
Source9: %{name}-rpmlintrc
# PATCH-FIX-SLES -- Make init scripts LSB conform
Patch1: 0001-init_fhs.patch
Patch2: 0002-use-python2-for-selinux-detection.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: cracklib-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: db-devel >= 4.5
BuildRequires: doxygen
BuildRequires: gcc-c++
BuildRequires: gdb
BuildRequires: krb5-devel
BuildRequires: libcmocka-devel
BuildRequires: libevent-devel
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libtool
# net-snmp-devel is needed to build the snmp ldap-agent
BuildRequires: net-snmp-devel >= 5.1.2
BuildRequires: openldap2-devel
# pam-devel is required by the pam passthru auth plug-in
BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
%if %{with lib389}
BuildRequires: %{python_module argcomplete}
BuildRequires: %{python_module argparse-manpage}
BuildRequires: %{python_module ldap >= 3}
BuildRequires: %{python_module pyasn1-modules}
BuildRequires: %{python_module pyasn1}
BuildRequires: %{python_module python-dateutil}
BuildRequires: %{python_module six}
%endif
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
BuildRequires: pkgconfig(icu-i18n)
BuildRequires: pkgconfig(icu-uc)
BuildRequires: pkgconfig(libpcre)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(nspr)
BuildRequires: pkgconfig(nss)
BuildRequires: pkgconfig(systemd)
%if %{use_tcmalloc}
BuildRequires: pkgconfig(libtcmalloc)
%endif
BuildRequires: rsync
%if %{with rust}
BuildRequires: cargo
BuildRequires: rust
BuildRequires: rust-std
%endif
Requires: %{_sbindir}/service
Requires: acl
Requires: bind-utils
Requires: cyrus-sasl-digestmd5
Requires: cyrus-sasl-gssapi
Requires: db-utils
Requires: mozilla-nss-tools
Requires: openldap2-client
Requires: python-selinux
Requires: perl(Mozilla::LDAP::API)
Requires: perl(Mozilla::LDAP::Conn)
Requires: perl(Mozilla::LDAP::Entry)
Requires: perl(Mozilla::LDAP::LDIF)
Requires: perl(Mozilla::LDAP::Utils)
Requires: perl(NetAddr::IP)
Requires: perl(Socket6)
Requires(post): fillup
Requires(pre): shadow
Obsoletes: 389-ds-base < %{version}-%{release}
Provides: 389-ds-base = %{version}-%{release}
%{?systemd_requires}
%description
389 Directory Server is a full-featured LDAPv3 compliant server. In
addition to the standard LDAPv3 operations, it supports multi-master
replication, fully online configuration and administration, chaining,
virtual attributes, access control directives in the data, Virtual
List View, server-side sorting, SASL, TLS/SSL, and many other
features. (The server started out as Netscape Directory Server.)
%package devel
Summary: Development files for the 389 Directory Server
License: GPL-2.0-only AND MPL-2.0
Group: Development/Libraries/C and C++
Provides: svrcore-devel = 4.1.4
Obsoletes: svrcore-devel < 4.1.4
Requires: %{name} = %{version}
Requires: %{svrcorelib} = %{version}
Requires: openldap2-devel
Requires: pkgconfig
Requires: pkgconfig(nspr)
Requires: pkgconfig(nss)
Requires: pkgconfig(systemd)
%description devel
389 Directory Server is a full-featured LDAPv3 compliant server. In
addition to the standard LDAPv3 operations, it supports multi-master
replication, fully online configuration and administration, chaining,
virtual attributes, access control directives in the data, Virtual
List View, server-side sorting, SASL, TLS/SSL, and many other
features.
This package contains the development files for 389DS.
%package snmp
Summary: SNMP Agent for 389 Directory Server
License: GPL-2.0-only AND MPL-2.0
Group: System/Daemons
Requires: %{name} = %{version}
Obsoletes: %{name} <= 1.3.6.2
%description snmp
SNMP Agent for the 389 Directory Server base package.
%if %{with lib389}
%package -n lib389
Summary: Python library for interacting with the 389 Directory Server
License: GPL-2.0-only AND MPL-2.0
Group: Development/Languages/Python
Requires: %{use_python}-argcomplete
Requires: %{use_python}-argparse-manpage
Requires: %{use_python}-ldap >= 3.0
Requires: %{use_python}-pyasn1
Requires: %{use_python}-pyasn1-modules
Requires: %{use_python}-python-dateutil
Requires: %{use_python}-six
Requires: krb5
Requires: krb5-client
Provides: python-lib389 = %{version}-%{release}
Provides: python3-lib389 = %{version}-%{release}
Obsoletes: python-lib389 < %{version}-%{release}
Obsoletes: python3-lib389 < %{version}-%{release}
%description -n lib389
Python library for interacting with the 389 Directory Server
%endif
%package -n %{svrcorelib}
Summary: Secure PIN handling using NSS crypto
License: MPL-2.0
Group: System/Libraries
%description -n %{svrcorelib}
svrcore provides applications with several ways to handle secure PIN storage
e.g. in an application that must be restarted, but needs the PIN to unlock
the private key and other crypto material, without user intervention. svrcore
uses the facilities provided by NSS.
%prep
%setup -q -a 1 -n %{name}-base-%{version}
%patch1 -p1
%patch2 -p1
%build
# Make sure python3 is used in shebangs
# FIX ME!! This should be fixed in the source code !!!
sed -r -i '1s|^#!\s*%{_bindir}.*python.*|#!%{_bindir}/%{use_python}|' ldap/admin/src/scripts/{*.py,ds-replcheck} src/lib389/cli/ds*
# TODO:
# seems to have no effect --enable-perl \
# warning that it might lead to instabilities --with-journald \
touch docs/custom.css
autoreconf -fi
export CFLAGS="%{optflags}" # -std=gnu99"
%configure \
%if 0%{?suse_version} >= 1330
--enable-gcc-security \
%endif
--enable-autobind \
--enable-auto-dn-suffix \
--with-openldap \
--enable-cmocka \
%if %{use_tcmalloc}
--enable-tcmalloc \
%endif
--with-selinux \
%if %{with rust}
--enable-rust \
%endif
--with-perldir=%{_bindir} \
--libexecdir=%{_prefix}/lib/dirsrv/ \
--with-pythonexec="%{_bindir}/%{use_python}" \
--with-systemd \
--with-systemdgroupname=%{groupname} \
--with-systemdsystemunitdir="%{_unitdir}" \
--with-systemdsystemconfdir="%{_sysconfdir}/systemd/system" \
--with-tmpfiles-d="%{_tmpfilesdir}" \
--with-systemdgroupname=dirsrv.target \
export XCFLAGS="$CFLAGS"
make %{?_smp_mflags}
make setup.py
%if %{with lib389}
pushd src/lib389
%python_build
popd
%endif
%install
%make_install
%if %{with lib389}
pushd src/lib389
%python_install
popd
%endif
cp -r man/man3 %{buildroot}%{_mandir}/man3
install -D -d -m 0750 %{buildroot}%{homedir}
mkdir -p %{buildroot}%{logdir}
mkdir -p %{buildroot}%{homedir}
mkdir -p %{buildroot}%{lockdir}
# for systemd
mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{groupname}.wants
#remove libtool archives and static libs
find %{buildroot} -type f -name "*.la" -delete -print
# make sure perl scripts have a proper shebang
sed -i -e 's|#{{PERL-EXEC}}|#!%{_bindir}/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl
# install extra schema files
cp -R extra-schema "%{buildroot}/%{_datadir}/dirsrv/"
# bring OpenLDAP copyright notice here because it is referenced by several extra schema files
cp %{SOURCE2} ./
install -d "%{buildroot}%{_fillupdir}"
for i in "%{buildroot}%{_sysconfdir}/sysconfig"/*; do
mv "$i" "%{buildroot}%{_fillupdir}/sysconfig.${i##*/}"
done
rm -rv %{buildroot}/usr/share/cockpit/
mv src/svrcore/README{,.svrcore}
mv src/svrcore/LICENSE{,.svrcore}
%pre
if ! getent group %{user_group} >/dev/null; then
%{_sbindir}/groupadd -f -r %{user_group}
fi
if ! getent passwd %{user_group} >/dev/null; then
%{_sbindir}/useradd -r -g %{user_group} -s /sbin/nologin -r -d %{homedir} -c "User for 389 directory server" %{user_group}
fi
%post
%fillup_only -n dirsrv
%postun
output=/dev/null
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
# reload to pick up any shared lib changes
%fillup_only -n dirsrv
%fillup_only -n dirsrv.systemd
# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
fi
echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
instbase="%{_sysconfdir}/%{pkgname}"
for dir in $instbase/slapd-* ; do
echo dir = $dir >> $output 2>&1 || :
if [ ! -d "$dir" ] ; then continue ; fi
case "$dir" in *.removed) continue ;; esac
basename=`basename $dir`
inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
instances="$instances $inst"
else
echo instance $inst is not running >> $output 2>&1 || :
fi
ninst=`expr $ninst + 1`
done
if [ $ninst -eq 0 ] ; then
echo no instances to upgrade >> $output 2>&1 || :
exit 0 # have no instances to upgrade - just skip the rest
fi
# shutdown all instances
echo shutting down all instances . . . >> $output 2>&1 || :
for inst in $instances ; do
echo stopping instance $inst >> $output 2>&1 || :
/bin/systemctl stop $inst >> $output 2>&1 || :
done
# do the upgrade
echo upgrading instances . . . >> $output 2>&1 || :
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
%{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
else
%{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
fi
# restart instances that require it
for inst in $instances ; do
echo restarting instance $inst >> $output 2>&1 || :
/bin/systemctl start $inst >> $output 2>&1 || :
done
exit 0
%preun
%service_del_preun %{pkgname}.target
%pre snmp
%service_add_pre dirsrv-snmp.service
%post snmp
%service_add_post %{pkgname}-snmp.service
%preun snmp
%service_del_preun %{pkgname}-snmp.service
%postun snmp
%service_del_postun %{pkgname}-snmp.service
%post -n %{svrcorelib} -p /sbin/ldconfig
%postun -n %{svrcorelib} -p /sbin/ldconfig
%files
%defattr(-,root,root)
%doc README*
%license LICENSE LICENSE.openldap
%dir %attr(-,%{user_group},%{user_group}) %{homedir}
%dir %attr(-,%{user_group},%{user_group}) %{logdir}
%config(noreplace) %{_sysconfdir}/dirsrv/config/*
%config(noreplace) %{_sysconfdir}/dirsrv/schema/*
%{_datadir}/dirsrv
%dir %{_libdir}/dirsrv
%dir %{_libdir}/dirsrv/*
%dir %{_sysconfdir}/dirsrv
%dir %{_sysconfdir}/dirsrv/config
%dir %{_sysconfdir}/dirsrv/schema
%{_libdir}/dirsrv/libns-dshttpd-*.so
%{_libdir}/dirsrv/perl/*.pm
%{_libdir}/dirsrv/plugins/*.so
%{_libdir}/dirsrv/python/*.py
%{_libdir}/dirsrv/*.so.*
%if %{with rust}
%{_libdir}/dirsrv/librsds.so
%endif
%{_fillupdir}/sysconfig.*
%exclude %{_mandir}/man1/ldap-agent*
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%{_bindir}/*
# TODO: audit bug running https://bugzilla.opensuse.org/show_bug.cgi?id=1111564
# This also needs a lot more work on the service file
#%attr(750,root,dirsrv) %caps(CAP_NET_BIND_SERVICE=pe) %{_sbindir}/ns-slapd
%{_sbindir}/ns-slapd
%{_sbindir}/bak2db
%{_sbindir}/bak2db.pl
%{_sbindir}/cleanallruv.pl
%{_sbindir}/db2bak
%{_sbindir}/db2bak.pl
%{_sbindir}/db2index
%{_sbindir}/db2index.pl
%{_sbindir}/db2ldif
%{_sbindir}/db2ldif.pl
%{_sbindir}/dbmon.sh
%{_sbindir}/dbverify
%{_sbindir}/dn2rdn
%{_sbindir}/fixup-linkedattrs.pl
%{_sbindir}/fixup-memberof.pl
%{_sbindir}/ldif2db
%{_sbindir}/ldif2db.pl
%{_sbindir}/ldif2ldap
%{_sbindir}/migrate-ds.pl
%{_sbindir}/monitor
%{_sbindir}/ns-accountstatus.pl
%{_sbindir}/ns-activate.pl
%{_sbindir}/ns-inactivate.pl
%{_sbindir}/ns-newpwpolicy.pl
%{_sbindir}/remove-ds.pl
%{_sbindir}/restart-dirsrv
%{_sbindir}/restoreconfig
%{_sbindir}/saveconfig
%{_sbindir}/schema-reload.pl
%{_sbindir}/setup-ds.pl
%{_sbindir}/start-dirsrv
%{_sbindir}/status-dirsrv
%{_sbindir}/stop-dirsrv
%{_sbindir}/suffix2instance
%{_sbindir}/syntax-validate.pl
%{_sbindir}/upgradedb
%{_sbindir}/upgradednformat
%{_sbindir}/usn-tombstone-cleanup.pl
%{_sbindir}/verify-db.pl
%{_sbindir}/vlvindex
%{_unitdir}/dirsrv@.service
%{_unitdir}/dirsrv.target
%{_prefix}/lib/dirsrv/
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
# sysctl.d is always in /lib.
%{_prefix}/lib/sysctl.d/*
%dir %{_datadir}/gdb/auto-load/usr/sbin/
%{_datadir}/gdb/auto-load/usr/sbin/ns-slapd-gdb.py
%files devel
%defattr(-,root,root)
%doc README*
%doc src/svrcore/README.svrcore
%license LICENSE
%license src/svrcore/LICENSE.svrcore
%{_mandir}/man3/*
%{_includedir}/dirsrv
%{_includedir}/svrcore.h
%{_libdir}/libsvrcore.so
%{_libdir}/dirsrv/libns-dshttpd.so
%{_libdir}/dirsrv/libnunc-stans.so
%{_libdir}/dirsrv/libsds.so
%{_libdir}/dirsrv/libslapd.so
%{_libdir}/dirsrv/libldaputil.so
%{_libdir}/pkgconfig/dirsrv.pc
%{_libdir}/pkgconfig/libsds.pc
%{_libdir}/pkgconfig/nunc-stans.pc
%{_libdir}/pkgconfig/svrcore.pc
%files -n %{svrcorelib}
%defattr(-,root,root,-)
%license src/svrcore/LICENSE*
%{_libdir}/libsvrcore.so.*
%files snmp
%defattr(-,root,root,-)
%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
# TODO: README.devel
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
%{_sbindir}/ldap-agent*
%{_mandir}/man1/ldap-agent.1*
%{_unitdir}/%{pkgname}-snmp.service
%if %{with lib389}
%files -n lib389
%defattr(-,root,root,-)
%license src/lib389/LICENSE
%doc src/lib389/README*
%{_sbindir}/dsconf
%{_sbindir}/dscreate
%{_sbindir}/dsctl
%{_sbindir}/dsidm
/usr/lib/python*/site-packages/lib389*
%endif
%changelog