/[packages]/cauldron/389-ds-base/current/SPECS/389-ds-base.spec
ViewVC logotype

Contents of /cauldron/389-ds-base/current/SPECS/389-ds-base.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1084237 - (show annotations) (download)
Mon Jan 30 16:01:56 2017 UTC (7 years, 8 months ago) by mrambo3501
File size: 11915 byte(s)
add upstream patch to fix CVE-2017-2591
1 %define major 0
2 %define libname %mklibname %{name} %{major}
3 %define develname %mklibname %{name} -d
4
5
6
7 %global pkgname dirsrv
8
9
10 %global use_openldap 1
11 # If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
12 %global use_Socket6 0
13
14
15 # To build without nunc-stans, set 0 to use_nunc_stans.
16 # nunc-stans only builds on x86_64 for now
17 %ifarch x86_64
18 %global use_nunc_stans 1
19 %else
20 %global use_nunc_stans 0
21 %endif
22
23 %global nunc_stans_ver 0.1.8
24
25 # (cg) NB the --with-tmpfiles_d argument below is for user generated config files
26 # created via DSCreate.pm script - i.e. it should be the /etc/ path, NOT %_tmpfilesdir
27
28 %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
29
30 # systemd support
31 %global groupname %{pkgname}.target
32
33
34 Summary: 389 Directory Server (base)
35 Name: 389-ds-base
36 Version: 1.3.5.15
37 Release: %mkrel 3
38 License: GPLv3+
39 URL: http://port389.org/
40 Group: System/Servers
41 Requires: %{libname} = %{version}-%{release}
42 Provides: ldif2ldbm
43
44 BuildRequires: nspr-devel
45 BuildRequires: nss-devel
46 BuildRequires: krb5-devel
47 BuildRequires: svrcore-devel >= 4.1.2
48 %if %{use_openldap}
49 BuildRequires: openldap-devel
50 %else
51 BuildRequires: mozldap-devel
52 %endif
53 BuildRequires: db-devel
54
55 BuildRequires: libsasl-devel
56 BuildRequires: icu
57 BuildRequires: libicu-devel
58 BuildRequires: pcre-devel
59 BuildRequires: gcc-c++
60 # The following are needed to build the snmp ldap-agent
61 BuildRequires: net-snmp-devel
62 BuildRequires: lm_sensors-devel
63 BuildRequires: bzip2-devel
64 BuildRequires: zlib-devel
65 BuildRequires: openssl-devel
66 BuildRequires: tcp_wrappers
67 # the following is for the pam passthru auth plug-in
68 BuildRequires: pam-devel
69 BuildRequires: systemd-units
70 BuildRequires: systemd-devel
71
72 # this is needed for using semanage from our setup scripts
73 Requires: policycoreutils-python
74
75 Requires(post): rpm-helper >= %{rpmhelper_required_version}
76 Requires(preun): rpm-helper >= %{rpmhelper_required_version}
77 Requires(pre): %{_sbindir}/useradd
78 Requires(pre): %{_sbindir}/groupadd
79
80
81 # the following are needed for some of our scripts
82 %if %{use_openldap}
83 Requires: openldap-clients
84 %else
85 Requires: mozldap-tools
86 %endif
87
88 # this is needed to setup SSL if you are not using the
89 # administration server package
90 Requires: nss
91
92 # these are not found by the auto-dependency method
93 # they are required to support the mandatory LDAP SASL mechs
94 Requires: sasl-plug-gssapi
95 Requires: sasl-plug-digestmd5
96
97 # this is needed for verify-db.pl
98 Requires: db5-utils
99
100 # for the init script
101 Requires(post): systemd-units
102 Requires(preun): systemd-units
103 Requires(postun): systemd-units
104
105 Source0: http://www.port389.org/binaries/%{name}-%{version}.tar.bz2
106 # 389-ds-git.sh should be used to generate the source tarball from git
107 Source1: %{name}-git.sh
108 Source2: %{name}-devel.README
109 Source3: https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2
110 Patch0: 389-ds-base-1.3.4.14_CVE-2017-2591.patch
111
112
113 %description
114 389 Directory Server is an LDAPv3 compliant server. The base package includes
115 the LDAP server and command line utilities for server administration.
116
117 %package -n %{libname}
118 Summary: Core libraries for 389 Directory Server
119 Group: System/Servers
120 BuildRequires: nspr-devel
121 BuildRequires: nss-devel
122 BuildRequires: svrcore-devel
123 %if %{use_openldap}
124 BuildRequires: openldap-devel
125 %else
126 BuildRequires: mozldap-devel
127 %endif
128 BuildRequires: db-devel
129 BuildRequires: libsasl-devel
130 BuildRequires: libicu-devel
131 BuildRequires: pcre-devel
132 BuildRequires: talloc-devel
133 BuildRequires: event-devel
134 BuildRequires: tevent-devel
135
136
137 %description -n %{libname}
138 Core libraries for the 389 Directory Server base package. These libraries
139 are used by the main package and the -devel package. This allows the -devel
140 package to be installed with just the -libs package and without the main package.
141
142 %package -n %{develname}
143 Summary: Development libraries for 389 Directory Server
144 Group: System/Libraries
145 Requires: pkgconfig
146 Requires: nspr-devel
147 Requires: nss-devel
148 Requires: svrcore-devel
149 %if %{use_openldap}
150 Requires: openldap-devel
151 %else
152 Requires: mozldap-devel
153 %endif
154
155 %if %{use_nunc_stans}
156 Requires: talloc-devel
157 Requires: event-devel
158 Requires: tevent-devel
159 %endif
160
161 Requires: %{libname} = %{version}-%{release}
162 Provides: %{develname} = %{version}-%{release}
163
164
165 %description -n %{develname}
166 Development Libraries and headers for the 389 Directory Server base package.
167
168 %package snmp
169 Summary: SNMP Agent for 389 Directory Server
170 Group: System/Servers
171 Requires: %{name} = %{version}-%{release}
172
173
174 %description snmp
175 SNMP Agent for the 389 Directory Server base package.
176
177 %prep
178 %setup -q -n %{name}-%{version} -a 3
179 %if %{use_nunc_stans}
180 %setup -q -n %{name}-%{version} -T -D -b 3
181 %endif
182 %autopatch -p1
183 cp %{_sourcedir}/%{name}-devel.README README.devel
184
185
186 # Make sure python3 is used in shebangs
187 # FIX ME!! This should be fixed in the source code !!!
188 sed -r -i '1s|^#!\s*/usr/bin.*python.*|#!%{__python3}|' ldap/admin/src/scripts/*.py
189
190
191 %build
192 %serverbuild
193 autoreconf -vfi
194
195 %if %{use_nunc_stans}
196 pushd ../nunc-stans-%{nunc_stans_ver}
197 autoreconf -fi
198 %configure2_5x --with-fhs --libdir=%{_libdir}/%{pkgname}
199 %make_build
200 mkdir -p lib
201 cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so
202 mkdir -p include/nunc-stans
203 cp nunc-stans.h include/nunc-stans/nunc-stans.h
204 popd
205 %endif
206
207 %if %{use_openldap}
208 OPENLDAP_FLAG="--with-openldap"
209 %endif
210 %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
211 # hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
212 NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss"
213 %if %{use_nunc_stans}
214 NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
215 %endif
216 %configure2_5x --enable-autobind $OPENLDAP_FLAG $TMPFILES_FLAG \
217 --with-systemdsystemunitdir=%{_unitdir} \
218 --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
219 --with-systemdgroupname=%{groupname} $NSSARGS \
220 --with-perldir=/usr/bin \
221 --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \
222 --with-systemd
223
224 # Generate symbolic info for debuggers
225 export XCFLAGS=$RPM_OPT_FLAGS
226
227
228 %make_build
229
230
231 %install
232 %if %{use_nunc_stans}
233 pushd ../nunc-stans-%{nunc_stans_ver}
234 %make_install
235 rm -rf %{buildroot}%{_includedir} %{buildroot}%{_datadir} \
236 %{buildroot}%{_libdir}/%{pkgname}/pkgconfig
237 popd
238 %endif
239
240 %make_install
241
242 mkdir -p %{buildroot}%{_logdir}/%{pkgname}
243 mkdir -p %{buildroot}/var/lib/%{pkgname}
244 mkdir -p %{buildroot}/var/lock/%{pkgname}
245
246
247 #remove libtool archives and static libs
248 find %{buildroot} -type f -name "*.la" -delete
249 find %{buildroot} -type f -name "*.a" -delete
250
251 # make sure perl scripts have a proper shebang
252 sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl
253
254 %pre
255 # Add the dirsrv user and group accounts
256 %_pre_useradd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin
257 %_pre_groupadd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin
258
259
260 %post
261 output=/dev/null
262 # We need to do this because the BS doesn't accept the way Fedora (upstream) and others do it.
263 if [ $1 = 1 ] ; then
264 mkdir -p %{_sysconfdir}/systemd/system/%{groupname}.wants
265 fi
266 # reload to pick up any changes to systemd files
267 %{_bindir}/systemctl daemon-reload >/dev/null 2>&1 || :
268 # reload to pick up any shared lib changes
269
270 # find all instances
271 instances="" # instances that require a restart after upgrade
272 ninst=0 # number of instances found in total
273 if [ -n "$DEBUGPOSTTRANS" ] ; then
274 output=$DEBUGPOSTTRANS
275 fi
276 echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
277 for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
278 if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
279 inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
280 echo found instance $inst - getting status >> $output 2>&1 || :
281 if %{_bindir}/systemctl -q is-active $inst ; then
282 echo instance $inst is running >> $output 2>&1 || :
283 instances="$instances $inst"
284 else
285 echo instance $inst is not running >> $output 2>&1 || :
286 fi
287 ninst=`expr $ninst + 1`
288 done
289 if [ $ninst -eq 0 ] ; then
290 echo no instances to upgrade >> $output 2>&1 || :
291 exit 0 # have no instances to upgrade - just skip the rest
292 fi
293 # shutdown all instances
294 echo shutting down all instances . . . >> $output 2>&1 || :
295 for inst in $instances ; do
296 echo stopping instance $inst >> $output 2>&1 || :
297 /bin/systemctl stop $inst >> $output 2>&1 || :
298 done
299 echo remove pid files . . . >> $output 2>&1 || :
300 %{_bindir}/rm -f /run/%{pkgname}*.pid /run/%{pkgname}*.startpid
301
302
303 # do the upgrade
304 echo upgrading instances . . . >> $output 2>&1 || :
305 DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
306 if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
307 %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
308 else
309 %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
310 fi
311
312 # restart instances that require it
313 for inst in $instances ; do
314 echo restarting instance $inst >> $output 2>&1 || :
315 %{_bindir}/systemctl start $inst >> $output 2>&1 || :
316 done
317
318 %preun
319 if [ $1 -eq 0 ]; then # Final removal
320 # Package removal, not upgrade
321 # remove instance specific service files/links
322 rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
323 fi
324
325 %postun
326 if [ $1 = 0 ]; then # Final removal
327 rm -rf /run/%{pkgname}
328 fi
329 %_postun_userdel %{pkgname}
330 %_postun_groupdel %{pkgname}
331
332 %preun snmp
333 %_preun_service %{pkgname}-snmp.service %{groupname}
334
335 %post snmp
336 %_post_service %{pkgname}-snmp
337
338 %files
339 %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
340 %dir %{_sysconfdir}/%{pkgname}
341 %dir %{_sysconfdir}/%{pkgname}/schema
342 %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
343 %dir %{_sysconfdir}/%{pkgname}/config
344 %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
345 %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
346 %config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
347 %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}
348 %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd
349 %{_datadir}/%{pkgname}
350 %{_unitdir}/%{pkgname}.target
351 %{_unitdir}/%{pkgname}@.service
352 %{_bindir}/*
353 %{_sbindir}/*
354 %{_libdir}/%{pkgname}/perl
355 %{_libdir}/%{pkgname}/python
356 %{_libdir}/%{pkgname}/plugins/*.so
357 %dir %{_localstatedir}/lib/%{pkgname}
358 %dir %{_logdir}/%{pkgname}
359 %ghost %dir %{_localstatedir}/lock/%{pkgname}
360 %{_mandir}/man1/*
361 %{_mandir}/man8/*
362 %exclude %{_sbindir}/ldap-agent*
363 %exclude %{_mandir}/man1/ldap-agent.1.*
364
365 %files -n %{develname}
366 %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
367 %{_includedir}/%{pkgname}
368 %{_libdir}/%{pkgname}/libslapd.so
369 %{_libdir}/%{pkgname}/libns-dshttpd.so
370 %if %{use_nunc_stans}
371 %{_libdir}/%{pkgname}/libnunc-stans.so
372 %endif
373 %{_libdir}/pkgconfig/*
374
375 %files -n %{libname}
376 %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
377 %{_libdir}/%{pkgname}/libslapd.so.*
378 %{_libdir}/%{pkgname}/libns-dshttpd.so.*
379 %if %{use_nunc_stans}
380 %{_libdir}/%{pkgname}/libnunc-stans.so.*
381 %endif
382
383 %files snmp
384 %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
385 %config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
386 %{_unitdir}/%{pkgname}-snmp.service
387 %{_sbindir}/ldap-agent*
388 %{_mandir}/man1/ldap-agent.1.*
389

  ViewVC Help
Powered by ViewVC 1.1.30