1 |
%define major 0 |
2 |
%define libname %mklibname %{name} %{major} |
3 |
%define develname %mklibname %{name} -d |
4 |
|
5 |
|
6 |
|
7 |
%global pkgname dirsrv |
8 |
|
9 |
|
10 |
%global use_openldap 1 |
11 |
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. |
12 |
%global use_Socket6 0 |
13 |
|
14 |
|
15 |
# To build without nunc-stans, set 0 to use_nunc_stans. |
16 |
# nunc-stans only builds on x86_64 for now |
17 |
%ifarch x86_64 |
18 |
%global use_nunc_stans 1 |
19 |
%else |
20 |
%global use_nunc_stans 0 |
21 |
%endif |
22 |
|
23 |
%global nunc_stans_ver 0.1.8 |
24 |
|
25 |
# (cg) NB the --with-tmpfiles_d argument below is for user generated config files |
26 |
# created via DSCreate.pm script - i.e. it should be the /etc/ path, NOT %_tmpfilesdir |
27 |
|
28 |
%global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} |
29 |
|
30 |
# systemd support |
31 |
%global groupname %{pkgname}.target |
32 |
|
33 |
|
34 |
Summary: 389 Directory Server (base) |
35 |
Name: 389-ds-base |
36 |
Version: 1.3.5.15 |
37 |
Release: %mkrel 3 |
38 |
License: GPLv3+ |
39 |
URL: http://port389.org/ |
40 |
Group: System/Servers |
41 |
Requires: %{libname} = %{version}-%{release} |
42 |
Provides: ldif2ldbm |
43 |
|
44 |
BuildRequires: nspr-devel |
45 |
BuildRequires: nss-devel |
46 |
BuildRequires: krb5-devel |
47 |
BuildRequires: svrcore-devel >= 4.1.2 |
48 |
%if %{use_openldap} |
49 |
BuildRequires: openldap-devel |
50 |
%else |
51 |
BuildRequires: mozldap-devel |
52 |
%endif |
53 |
BuildRequires: db-devel |
54 |
|
55 |
BuildRequires: libsasl-devel |
56 |
BuildRequires: icu |
57 |
BuildRequires: libicu-devel |
58 |
BuildRequires: pcre-devel |
59 |
BuildRequires: gcc-c++ |
60 |
# The following are needed to build the snmp ldap-agent |
61 |
BuildRequires: net-snmp-devel |
62 |
BuildRequires: lm_sensors-devel |
63 |
BuildRequires: bzip2-devel |
64 |
BuildRequires: zlib-devel |
65 |
BuildRequires: openssl-devel |
66 |
BuildRequires: tcp_wrappers |
67 |
# the following is for the pam passthru auth plug-in |
68 |
BuildRequires: pam-devel |
69 |
BuildRequires: systemd-units |
70 |
BuildRequires: systemd-devel |
71 |
|
72 |
# this is needed for using semanage from our setup scripts |
73 |
Requires: policycoreutils-python |
74 |
|
75 |
Requires(post): rpm-helper >= %{rpmhelper_required_version} |
76 |
Requires(preun): rpm-helper >= %{rpmhelper_required_version} |
77 |
Requires(pre): %{_sbindir}/useradd |
78 |
Requires(pre): %{_sbindir}/groupadd |
79 |
|
80 |
|
81 |
# the following are needed for some of our scripts |
82 |
%if %{use_openldap} |
83 |
Requires: openldap-clients |
84 |
%else |
85 |
Requires: mozldap-tools |
86 |
%endif |
87 |
|
88 |
# this is needed to setup SSL if you are not using the |
89 |
# administration server package |
90 |
Requires: nss |
91 |
|
92 |
# these are not found by the auto-dependency method |
93 |
# they are required to support the mandatory LDAP SASL mechs |
94 |
Requires: sasl-plug-gssapi |
95 |
Requires: sasl-plug-digestmd5 |
96 |
|
97 |
# this is needed for verify-db.pl |
98 |
Requires: db5-utils |
99 |
|
100 |
# for the init script |
101 |
Requires(post): systemd-units |
102 |
Requires(preun): systemd-units |
103 |
Requires(postun): systemd-units |
104 |
|
105 |
Source0: http://www.port389.org/binaries/%{name}-%{version}.tar.bz2 |
106 |
# 389-ds-git.sh should be used to generate the source tarball from git |
107 |
Source1: %{name}-git.sh |
108 |
Source2: %{name}-devel.README |
109 |
Source3: https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2 |
110 |
Patch0: 389-ds-base-1.3.4.14_CVE-2017-2591.patch |
111 |
|
112 |
|
113 |
%description |
114 |
389 Directory Server is an LDAPv3 compliant server. The base package includes |
115 |
the LDAP server and command line utilities for server administration. |
116 |
|
117 |
%package -n %{libname} |
118 |
Summary: Core libraries for 389 Directory Server |
119 |
Group: System/Servers |
120 |
BuildRequires: nspr-devel |
121 |
BuildRequires: nss-devel |
122 |
BuildRequires: svrcore-devel |
123 |
%if %{use_openldap} |
124 |
BuildRequires: openldap-devel |
125 |
%else |
126 |
BuildRequires: mozldap-devel |
127 |
%endif |
128 |
BuildRequires: db-devel |
129 |
BuildRequires: libsasl-devel |
130 |
BuildRequires: libicu-devel |
131 |
BuildRequires: pcre-devel |
132 |
BuildRequires: talloc-devel |
133 |
BuildRequires: event-devel |
134 |
BuildRequires: tevent-devel |
135 |
|
136 |
|
137 |
%description -n %{libname} |
138 |
Core libraries for the 389 Directory Server base package. These libraries |
139 |
are used by the main package and the -devel package. This allows the -devel |
140 |
package to be installed with just the -libs package and without the main package. |
141 |
|
142 |
%package -n %{develname} |
143 |
Summary: Development libraries for 389 Directory Server |
144 |
Group: System/Libraries |
145 |
Requires: pkgconfig |
146 |
Requires: nspr-devel |
147 |
Requires: nss-devel |
148 |
Requires: svrcore-devel |
149 |
%if %{use_openldap} |
150 |
Requires: openldap-devel |
151 |
%else |
152 |
Requires: mozldap-devel |
153 |
%endif |
154 |
|
155 |
%if %{use_nunc_stans} |
156 |
Requires: talloc-devel |
157 |
Requires: event-devel |
158 |
Requires: tevent-devel |
159 |
%endif |
160 |
|
161 |
Requires: %{libname} = %{version}-%{release} |
162 |
Provides: %{develname} = %{version}-%{release} |
163 |
|
164 |
|
165 |
%description -n %{develname} |
166 |
Development Libraries and headers for the 389 Directory Server base package. |
167 |
|
168 |
%package snmp |
169 |
Summary: SNMP Agent for 389 Directory Server |
170 |
Group: System/Servers |
171 |
Requires: %{name} = %{version}-%{release} |
172 |
|
173 |
|
174 |
%description snmp |
175 |
SNMP Agent for the 389 Directory Server base package. |
176 |
|
177 |
%prep |
178 |
%setup -q -n %{name}-%{version} -a 3 |
179 |
%if %{use_nunc_stans} |
180 |
%setup -q -n %{name}-%{version} -T -D -b 3 |
181 |
%endif |
182 |
%autopatch -p1 |
183 |
cp %{_sourcedir}/%{name}-devel.README README.devel |
184 |
|
185 |
|
186 |
# Make sure python3 is used in shebangs |
187 |
# FIX ME!! This should be fixed in the source code !!! |
188 |
sed -r -i '1s|^#!\s*/usr/bin.*python.*|#!%{__python3}|' ldap/admin/src/scripts/*.py |
189 |
|
190 |
|
191 |
%build |
192 |
%serverbuild |
193 |
autoreconf -vfi |
194 |
|
195 |
%if %{use_nunc_stans} |
196 |
pushd ../nunc-stans-%{nunc_stans_ver} |
197 |
autoreconf -fi |
198 |
%configure2_5x --with-fhs --libdir=%{_libdir}/%{pkgname} |
199 |
%make_build |
200 |
mkdir -p lib |
201 |
cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so |
202 |
mkdir -p include/nunc-stans |
203 |
cp nunc-stans.h include/nunc-stans/nunc-stans.h |
204 |
popd |
205 |
%endif |
206 |
|
207 |
%if %{use_openldap} |
208 |
OPENLDAP_FLAG="--with-openldap" |
209 |
%endif |
210 |
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} |
211 |
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 |
212 |
NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss" |
213 |
%if %{use_nunc_stans} |
214 |
NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}" |
215 |
%endif |
216 |
%configure2_5x --enable-autobind $OPENLDAP_FLAG $TMPFILES_FLAG \ |
217 |
--with-systemdsystemunitdir=%{_unitdir} \ |
218 |
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ |
219 |
--with-systemdgroupname=%{groupname} $NSSARGS \ |
220 |
--with-perldir=/usr/bin \ |
221 |
--with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \ |
222 |
--with-systemd |
223 |
|
224 |
# Generate symbolic info for debuggers |
225 |
export XCFLAGS=$RPM_OPT_FLAGS |
226 |
|
227 |
|
228 |
%make_build |
229 |
|
230 |
|
231 |
%install |
232 |
%if %{use_nunc_stans} |
233 |
pushd ../nunc-stans-%{nunc_stans_ver} |
234 |
%make_install |
235 |
rm -rf %{buildroot}%{_includedir} %{buildroot}%{_datadir} \ |
236 |
%{buildroot}%{_libdir}/%{pkgname}/pkgconfig |
237 |
popd |
238 |
%endif |
239 |
|
240 |
%make_install |
241 |
|
242 |
mkdir -p %{buildroot}%{_logdir}/%{pkgname} |
243 |
mkdir -p %{buildroot}/var/lib/%{pkgname} |
244 |
mkdir -p %{buildroot}/var/lock/%{pkgname} |
245 |
|
246 |
|
247 |
#remove libtool archives and static libs |
248 |
find %{buildroot} -type f -name "*.la" -delete |
249 |
find %{buildroot} -type f -name "*.a" -delete |
250 |
|
251 |
# make sure perl scripts have a proper shebang |
252 |
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl |
253 |
|
254 |
%pre |
255 |
# Add the dirsrv user and group accounts |
256 |
%_pre_useradd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin |
257 |
%_pre_groupadd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin |
258 |
|
259 |
|
260 |
%post |
261 |
output=/dev/null |
262 |
# We need to do this because the BS doesn't accept the way Fedora (upstream) and others do it. |
263 |
if [ $1 = 1 ] ; then |
264 |
mkdir -p %{_sysconfdir}/systemd/system/%{groupname}.wants |
265 |
fi |
266 |
# reload to pick up any changes to systemd files |
267 |
%{_bindir}/systemctl daemon-reload >/dev/null 2>&1 || : |
268 |
# reload to pick up any shared lib changes |
269 |
|
270 |
# find all instances |
271 |
instances="" # instances that require a restart after upgrade |
272 |
ninst=0 # number of instances found in total |
273 |
if [ -n "$DEBUGPOSTTRANS" ] ; then |
274 |
output=$DEBUGPOSTTRANS |
275 |
fi |
276 |
echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || : |
277 |
for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do |
278 |
if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches |
279 |
inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'` |
280 |
echo found instance $inst - getting status >> $output 2>&1 || : |
281 |
if %{_bindir}/systemctl -q is-active $inst ; then |
282 |
echo instance $inst is running >> $output 2>&1 || : |
283 |
instances="$instances $inst" |
284 |
else |
285 |
echo instance $inst is not running >> $output 2>&1 || : |
286 |
fi |
287 |
ninst=`expr $ninst + 1` |
288 |
done |
289 |
if [ $ninst -eq 0 ] ; then |
290 |
echo no instances to upgrade >> $output 2>&1 || : |
291 |
exit 0 # have no instances to upgrade - just skip the rest |
292 |
fi |
293 |
# shutdown all instances |
294 |
echo shutting down all instances . . . >> $output 2>&1 || : |
295 |
for inst in $instances ; do |
296 |
echo stopping instance $inst >> $output 2>&1 || : |
297 |
/bin/systemctl stop $inst >> $output 2>&1 || : |
298 |
done |
299 |
echo remove pid files . . . >> $output 2>&1 || : |
300 |
%{_bindir}/rm -f /run/%{pkgname}*.pid /run/%{pkgname}*.startpid |
301 |
|
302 |
|
303 |
# do the upgrade |
304 |
echo upgrading instances . . . >> $output 2>&1 || : |
305 |
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"` |
306 |
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then |
307 |
%{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : |
308 |
else |
309 |
%{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || : |
310 |
fi |
311 |
|
312 |
# restart instances that require it |
313 |
for inst in $instances ; do |
314 |
echo restarting instance $inst >> $output 2>&1 || : |
315 |
%{_bindir}/systemctl start $inst >> $output 2>&1 || : |
316 |
done |
317 |
|
318 |
%preun |
319 |
if [ $1 -eq 0 ]; then # Final removal |
320 |
# Package removal, not upgrade |
321 |
# remove instance specific service files/links |
322 |
rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : |
323 |
fi |
324 |
|
325 |
%postun |
326 |
if [ $1 = 0 ]; then # Final removal |
327 |
rm -rf /run/%{pkgname} |
328 |
fi |
329 |
%_postun_userdel %{pkgname} |
330 |
%_postun_groupdel %{pkgname} |
331 |
|
332 |
%preun snmp |
333 |
%_preun_service %{pkgname}-snmp.service %{groupname} |
334 |
|
335 |
%post snmp |
336 |
%_post_service %{pkgname}-snmp |
337 |
|
338 |
%files |
339 |
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl |
340 |
%dir %{_sysconfdir}/%{pkgname} |
341 |
%dir %{_sysconfdir}/%{pkgname}/schema |
342 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif |
343 |
%dir %{_sysconfdir}/%{pkgname}/config |
344 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf |
345 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf |
346 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig |
347 |
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname} |
348 |
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd |
349 |
%{_datadir}/%{pkgname} |
350 |
%{_unitdir}/%{pkgname}.target |
351 |
%{_unitdir}/%{pkgname}@.service |
352 |
%{_bindir}/* |
353 |
%{_sbindir}/* |
354 |
%{_libdir}/%{pkgname}/perl |
355 |
%{_libdir}/%{pkgname}/python |
356 |
%{_libdir}/%{pkgname}/plugins/*.so |
357 |
%dir %{_localstatedir}/lib/%{pkgname} |
358 |
%dir %{_logdir}/%{pkgname} |
359 |
%ghost %dir %{_localstatedir}/lock/%{pkgname} |
360 |
%{_mandir}/man1/* |
361 |
%{_mandir}/man8/* |
362 |
%exclude %{_sbindir}/ldap-agent* |
363 |
%exclude %{_mandir}/man1/ldap-agent.1.* |
364 |
|
365 |
%files -n %{develname} |
366 |
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel |
367 |
%{_includedir}/%{pkgname} |
368 |
%{_libdir}/%{pkgname}/libslapd.so |
369 |
%{_libdir}/%{pkgname}/libns-dshttpd.so |
370 |
%if %{use_nunc_stans} |
371 |
%{_libdir}/%{pkgname}/libnunc-stans.so |
372 |
%endif |
373 |
%{_libdir}/pkgconfig/* |
374 |
|
375 |
%files -n %{libname} |
376 |
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel |
377 |
%{_libdir}/%{pkgname}/libslapd.so.* |
378 |
%{_libdir}/%{pkgname}/libns-dshttpd.so.* |
379 |
%if %{use_nunc_stans} |
380 |
%{_libdir}/%{pkgname}/libnunc-stans.so.* |
381 |
%endif |
382 |
|
383 |
%files snmp |
384 |
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel |
385 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf |
386 |
%{_unitdir}/%{pkgname}-snmp.service |
387 |
%{_sbindir}/ldap-agent* |
388 |
%{_mandir}/man1/ldap-agent.1.* |
389 |
|