1 |
%define major 0 |
2 |
%define libname %mklibname %{name} %{major} |
3 |
%define develname %mklibname %{name} -d |
4 |
|
5 |
|
6 |
|
7 |
%global pkgname dirsrv |
8 |
# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release |
9 |
# also remove the space between % and global - this space is needed because |
10 |
# fedpkg verrel stupidly ignores comment lines |
11 |
#% global prerel .rc3 |
12 |
# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release |
13 |
#% global relprefix 0. |
14 |
|
15 |
%global use_openldap 1 |
16 |
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. |
17 |
%global use_Socket6 0 |
18 |
|
19 |
# (cg) NB the --with-tmpfiles_d argument below is for user generated config files |
20 |
# created via DSCreate.pm script - i.e. it should be the /etc/ path, NOT %_tmpfilesdir |
21 |
|
22 |
# Mageia 3 and later uses tmpfiles.d |
23 |
# otherwise, comment this out |
24 |
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} |
25 |
|
26 |
# systemd support |
27 |
%global groupname %{pkgname}.target |
28 |
|
29 |
|
30 |
Summary: 389 Directory Server (base) |
31 |
Name: 389-ds-base |
32 |
Version: 1.3.4.14 |
33 |
%define subrel 3 |
34 |
Release: %mkrel 1 |
35 |
License: GPLv3+ |
36 |
URL: http://port389.org/ |
37 |
Group: System/Servers |
38 |
Requires: %{libname} = %{version}-%{release} |
39 |
Provides: ldif2ldbm |
40 |
|
41 |
BuildRequires: nspr-devel |
42 |
BuildRequires: nss-devel |
43 |
BuildRequires: krb5-devel |
44 |
BuildRequires: svrcore-devel |
45 |
%if %{use_openldap} |
46 |
BuildRequires: openldap-devel |
47 |
%else |
48 |
BuildRequires: mozldap-devel |
49 |
%endif |
50 |
BuildRequires: db-devel |
51 |
|
52 |
BuildRequires: libsasl-devel |
53 |
BuildRequires: icu |
54 |
BuildRequires: libicu-devel |
55 |
BuildRequires: pcre-devel |
56 |
BuildRequires: gcc-c++ |
57 |
# The following are needed to build the snmp ldap-agent |
58 |
BuildRequires: net-snmp-devel |
59 |
BuildRequires: bzip2-devel |
60 |
BuildRequires: zlib-devel |
61 |
BuildRequires: openssl-devel |
62 |
BuildRequires: tcp_wrappers |
63 |
# the following is for the pam passthru auth plug-in |
64 |
BuildRequires: pam-devel |
65 |
BuildRequires: systemd-units |
66 |
|
67 |
# this is needed for using semanage from our setup scripts |
68 |
Requires: policycoreutils-python |
69 |
|
70 |
Requires(post): rpm-helper >= %{rpmhelper_required_version} |
71 |
Requires(preun): rpm-helper >= %{rpmhelper_required_version} |
72 |
|
73 |
|
74 |
# the following are needed for some of our scripts |
75 |
%if %{use_openldap} |
76 |
Requires: openldap-clients |
77 |
%else |
78 |
Requires: mozldap-tools |
79 |
%endif |
80 |
|
81 |
# this is needed to setup SSL if you are not using the |
82 |
# administration server package |
83 |
Requires: nss |
84 |
|
85 |
# these are not found by the auto-dependency method |
86 |
# they are required to support the mandatory LDAP SASL mechs |
87 |
Requires: sasl-plug-gssapi |
88 |
Requires: sasl-plug-digestmd5 |
89 |
|
90 |
# this is needed for verify-db.pl |
91 |
Requires: db5-utils |
92 |
|
93 |
# for the init script |
94 |
Requires(post): systemd-units |
95 |
Requires(preun): systemd-units |
96 |
Requires(postun): systemd-units |
97 |
|
98 |
Source0: http://www.port389.org/binaries/%{name}-%{version}%{?prerel}.tar.bz2 |
99 |
# 389-ds-git.sh should be used to generate the source tarball from git |
100 |
Source1: %{name}-git.sh |
101 |
Source2: %{name}-devel.README |
102 |
Patch0: mageia-nogroup.patch |
103 |
Patch1: 389-ds-base-1.3.4.14_CVE-2017-2591.patch |
104 |
Patch2: 389-ds-base-1.3.4.14_CVE-2017-2668.patch |
105 |
Patch3: 389-ds-base-1.3.5.17_CVE-2017-7551_brute-force.patch |
106 |
|
107 |
%description |
108 |
389 Directory Server is an LDAPv3 compliant server. The base package includes |
109 |
the LDAP server and command line utilities for server administration. |
110 |
|
111 |
%package -n %{libname} |
112 |
Summary: Core libraries for 389 Directory Server |
113 |
Group: System/Servers |
114 |
BuildRequires: nspr-devel |
115 |
BuildRequires: nss-devel |
116 |
BuildRequires: svrcore-devel |
117 |
%if %{use_openldap} |
118 |
BuildRequires: openldap-devel |
119 |
%else |
120 |
BuildRequires: mozldap-devel |
121 |
%endif |
122 |
BuildRequires: db-devel |
123 |
BuildRequires: libsasl-devel |
124 |
BuildRequires: libicu-devel |
125 |
BuildRequires: pcre-devel |
126 |
|
127 |
%description -n %{libname} |
128 |
Core libraries for the 389 Directory Server base package. These libraries |
129 |
are used by the main package and the -devel package. This allows the -devel |
130 |
package to be installed with just the -libs package and without the main package. |
131 |
|
132 |
%package -n %{develname} |
133 |
Summary: Development libraries for 389 Directory Server |
134 |
Group: System/Libraries |
135 |
Requires: pkgconfig |
136 |
Requires: nspr-devel |
137 |
Requires: nss-devel |
138 |
Requires: svrcore-devel |
139 |
%if %{use_openldap} |
140 |
Requires: openldap-devel |
141 |
%else |
142 |
Requires: mozldap-devel |
143 |
%endif |
144 |
Requires: %{libname} = %{version}-%{release} |
145 |
Provides: %{develname} = %{version}-%{release} |
146 |
|
147 |
|
148 |
%description -n %{develname} |
149 |
Development Libraries and headers for the 389 Directory Server base package. |
150 |
|
151 |
%prep |
152 |
%setup -q -n %{name}-%{version}%{?prerel} |
153 |
cp %{SOURCE2} README.devel |
154 |
%patch0 -p1 -b .mageia-nogroup |
155 |
%patch1 -p1 -b .CVE-2017-2591 |
156 |
%patch2 -p1 -b .CVE-2017-2668 |
157 |
%patch3 -p1 -b .CVE-2017-7551 |
158 |
|
159 |
|
160 |
%build |
161 |
%serverbuild |
162 |
autoreconf -fi |
163 |
%if %{use_openldap} |
164 |
OPENLDAP_FLAG="--with-openldap" |
165 |
%endif |
166 |
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} |
167 |
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 |
168 |
NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss" |
169 |
%configure2_5x --enable-autobind $OPENLDAP_FLAG $TMPFILES_FLAG \ |
170 |
--with-systemdsystemunitdir=%{_unitdir} \ |
171 |
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ |
172 |
--with-systemdgroupname=%{groupname} $NSSARGS |
173 |
|
174 |
# Generate symbolic info for debuggers |
175 |
export XCFLAGS=$RPM_OPT_FLAGS |
176 |
|
177 |
|
178 |
%make |
179 |
|
180 |
|
181 |
%install |
182 |
make DESTDIR="%{buildroot}" install |
183 |
|
184 |
mkdir -p %{buildroot}%{_logdir}/%{pkgname} |
185 |
mkdir -p %{buildroot}/var/lib/%{pkgname} |
186 |
mkdir -p %{buildroot}/var/lock/%{pkgname} |
187 |
|
188 |
|
189 |
#remove libtool archives and static libs |
190 |
find %{buildroot} -type f -name "*.la" -delete |
191 |
find %{buildroot} -type f -name "*.a" -delete |
192 |
|
193 |
# make sure perl scripts have a proper shebang |
194 |
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl |
195 |
|
196 |
%post |
197 |
output=/dev/null |
198 |
# We need to do this because the BS doesn't accept the way Fedora (upstream) and others do it. |
199 |
if [ $1 = 1 ] ; then |
200 |
mkdir -p %{_sysconfdir}/systemd/system/%{groupname}.wants |
201 |
fi |
202 |
%_post_service %{pkgname}-snmp |
203 |
# reload to pick up any changes to systemd files |
204 |
%{_bindir}/systemctl daemon-reload >/dev/null 2>&1 || : |
205 |
# reload to pick up any shared lib changes |
206 |
|
207 |
# restart the snmp subagent if needed |
208 |
%{_bindir}/systemctl try-restart %{pkgname}-snmp.service > $output 2>&1 || : |
209 |
# find all instances |
210 |
instances="" # instances that require a restart after upgrade |
211 |
ninst=0 # number of instances found in total |
212 |
if [ -n "$DEBUGPOSTTRANS" ] ; then |
213 |
output=$DEBUGPOSTTRANS |
214 |
fi |
215 |
echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || : |
216 |
for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do |
217 |
if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches |
218 |
inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'` |
219 |
echo found instance $inst - getting status >> $output 2>&1 || : |
220 |
if %{_bindir}/systemctl -q is-active $inst ; then |
221 |
echo instance $inst is running >> $output 2>&1 || : |
222 |
instances="$instances $inst" |
223 |
else |
224 |
echo instance $inst is not running >> $output 2>&1 || : |
225 |
fi |
226 |
ninst=`expr $ninst + 1` |
227 |
done |
228 |
if [ $ninst -eq 0 ] ; then |
229 |
echo no instances to upgrade >> $output 2>&1 || : |
230 |
exit 0 # have no instances to upgrade - just skip the rest |
231 |
fi |
232 |
# shutdown all instances |
233 |
echo shutting down all instances . . . >> $output 2>&1 || : |
234 |
for inst in $instances ; do |
235 |
echo stopping instance $inst >> $output 2>&1 || : |
236 |
/bin/systemctl stop $inst >> $output 2>&1 || : |
237 |
done |
238 |
echo remove pid files . . . >> $output 2>&1 || : |
239 |
%{_bindir}/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid |
240 |
|
241 |
|
242 |
# do the upgrade |
243 |
echo upgrading instances . . . >> $output 2>&1 || : |
244 |
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"` |
245 |
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then |
246 |
%{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : |
247 |
else |
248 |
%{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || : |
249 |
fi |
250 |
|
251 |
# restart instances that require it |
252 |
for inst in $instances ; do |
253 |
echo restarting instance $inst >> $output 2>&1 || : |
254 |
%{_bindir}/systemctl start $inst >> $output 2>&1 || : |
255 |
done |
256 |
|
257 |
%preun |
258 |
if [ $1 -eq 0 ]; then # Final removal |
259 |
# Package removal, not upgrade |
260 |
%_preun_service %{pkgname}-snmp.service %{groupname} |
261 |
# remove instance specific service files/links |
262 |
rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : |
263 |
fi |
264 |
|
265 |
%postun |
266 |
if [ $1 = 0 ]; then # Final removal |
267 |
rm -rf /var/run/%{pkgname} |
268 |
fi |
269 |
|
270 |
%files |
271 |
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl |
272 |
%dir %{_sysconfdir}/%{pkgname} |
273 |
%dir %{_sysconfdir}/%{pkgname}/schema |
274 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif |
275 |
%dir %{_sysconfdir}/%{pkgname}/config |
276 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf |
277 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf |
278 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf |
279 |
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig |
280 |
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname} |
281 |
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd |
282 |
%{_datadir}/%{pkgname} |
283 |
%{_unitdir}/* |
284 |
%{_bindir}/* |
285 |
%{_sbindir}/* |
286 |
%{_libdir}/%{pkgname}/perl |
287 |
%{_libdir}/%{pkgname}/python |
288 |
%{_libdir}/%{pkgname}/plugins/*.so |
289 |
%dir %{_localstatedir}/lib/%{pkgname} |
290 |
%dir %{_logdir}/%{pkgname} |
291 |
%ghost %dir %{_localstatedir}/lock/%{pkgname} |
292 |
%{_mandir}/man1/* |
293 |
%{_mandir}/man8/* |
294 |
|
295 |
%files -n %{develname} |
296 |
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel |
297 |
%{_includedir}/%{pkgname} |
298 |
%{_libdir}/%{pkgname}/libslapd.so |
299 |
%{_libdir}/%{pkgname}/libns-dshttpd.so |
300 |
%{_libdir}/pkgconfig/* |
301 |
|
302 |
%files -n %{libname} |
303 |
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel |
304 |
%{_libdir}/%{pkgname}/libslapd.so.* |
305 |
%{_libdir}/%{pkgname}/libns-dshttpd.so.* |