current/SPECS/389-ds-base.spec

# work around gcc 10 build errors
%global _legacy_common_support 1

%define major 0
%define libname %mklibname %{name} %{major}
%define develname %mklibname %{name} -d

%define svrmajor 0
%define svrlibname %mklibname svrcore %{svrmajor}
%define svrdevname %mklibname svrcore -d

%global pkgname   dirsrv

%global use_openldap 1
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
%global use_Socket6 0


# Following rh/fedora and disabling nunc-stans
# https://pagure.io/389-ds-base/issue/49893
# https://bugzilla.redhat.com/show_bug.cgi?id=1614501
# To build without nunc-stans, set 0 to use_nunc_stans.
# nunc-stans only builds on x86_64 for now
%ifarch x86_64
%global use_nunc_stans 0
%else
%global use_nunc_stans 0
%endif

%global nunc_stans_ver 0.1.8

# (cg) NB the --with-tmpfiles_d argument below is for user generated config files
# created via DSCreate.pm script - i.e. it should be the /etc/ path, NOT %%_tmpfilesdir

%global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}

# systemd support
%global groupname %{pkgname}.target

Summary:          389 Directory Server (base)
Name:             389-ds-base
Version:          1.4.0.26
%define subrel 2
Release:          %mkrel 8
License:          GPLv3+
Group:            System/Servers
URL:              http://port389.org/
Source0:          https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
# 389-ds-git.sh should be used to generate the source tarball from git
Source1:          %{name}-git.sh
Source2:          %{name}-devel.README
Source3:          https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2
Patch0:           389-ds-base-1.4.0.26-mga-fix-path-to-nss-headers.patch
Patch1:           389-ds-base-1.4.0.26-CVE-2019-14824.patch
Patch2:           c1926dfc6591b55c4d33f9944de4d7ebe077e964.patch
Patch3:           0034-CVE-2021-4091-BZ-2030367-double-free-of-the-virtual-.patch

Requires:         %{libname} = %{version}-%{release}
Provides:         ldif2ldbm

BuildRequires:    pkgconfig(nspr)
BuildRequires:    pkgconfig(nss)
BuildRequires:    pkgconfig(krb5)
%if %{use_openldap}
BuildRequires:    openldap-devel
%else
BuildRequires:    mozldap-devel
%endif
BuildRequires:    db-devel

BuildRequires:    pkgconfig(libsasl2)
BuildRequires:    icu
BuildRequires:    libicu-devel
BuildRequires:    pkgconfig(libpcre)
BuildRequires:    gcc-c++
BuildRequires:    doxygen
# The following are needed to build the snmp ldap-agent
BuildRequires:    net-snmp-devel
BuildRequires:    lm_sensors-devel
BuildRequires:    bzip2-devel
BuildRequires:    pkgconfig(zlib)
BuildRequires:    pkgconfig(openssl)
BuildRequires:    tcp_wrappers
# the following is for the pam passthru auth plug-in
BuildRequires:    pam-devel
BuildRequires:    systemd-units
BuildRequires:    pkgconfig(systemd)

# For cockpit
BuildRequires:    rsync

# this is needed for using semanage from our setup scripts
Requires:         policycoreutils-python-utils

Requires(post):   rpm-helper >= %{rpmhelper_required_version}
Requires(preun):  rpm-helper >= %{rpmhelper_required_version}
Requires(pre):    %{_sbindir}/useradd
Requires(pre):    %{_sbindir}/groupadd


# the following are needed for some of our scripts
%if %{use_openldap}
Requires:         openldap-clients
%else
Requires:         mozldap-tools
%endif

# this is needed to setup SSL if you are not using the
# administration server package
Requires:         nss

# these are not found by the auto-dependency method
# they are required to support the mandatory LDAP SASL mechs
Requires:         sasl-plug-gssapi
Requires:         sasl-plug-digestmd5

# this is needed for verify-db.pl
Requires:         db5-utils

# for the init script
Requires(post):   systemd-units
Requires(preun):  systemd-units
Requires(postun): systemd-units

%description
389 Directory Server is an LDAPv3 compliant server.  The base package includes
the LDAP server and command line utilities for server administration.

%package          -n %{libname}
Summary:          Core libraries for 389 Directory Server
Group:            System/Servers
BuildRequires:    pkgconfig(nspr)
BuildRequires:    pkgconfig(nss)
%if %{use_openldap}
BuildRequires:    openldap-devel
%else
BuildRequires:    mozldap-devel
%endif
BuildRequires:    db-devel
BuildRequires:    pkgconfig(libsasl2)
BuildRequires:    libicu-devel
BuildRequires:    pkgconfig(libpcre)
BuildRequires:    pkgconfig(talloc)
BuildRequires:    pkgconfig(libevent)
BuildRequires:    pkgconfig(tevent)
BuildRequires:    libcrack-devel

%description  -n %{libname}
Core libraries for the 389 Directory Server base package.  These libraries
are used by the main package and the -devel package.  This allows the -devel
package to be installed with just the -libs package and without the main package.

%package          -n %{develname}
Summary:          Development libraries for 389 Directory Server
Group:            System/Libraries
Requires:         nspr-devel
Requires:         nss-devel
%if %{use_openldap}
Requires:         openldap-devel
%else
Requires:         mozldap-devel
%endif

%if %{use_nunc_stans}
Requires:         talloc-devel
Requires:         event-devel
Requires:         tevent-devel
%endif

Requires:         %{libname} = %{version}-%{release}
Provides:         %{develname} = %{version}-%{release}


%description      -n %{develname}
Development Libraries and headers for the 389 Directory Server base package.

%package          snmp
Summary:          SNMP Agent for 389 Directory Server
Group:            System/Servers
Requires:         %{name} = %{version}-%{release}


%description      snmp
SNMP Agent for the 389 Directory Server base package.

%package -n cockpit-389-ds
Summary:          Cockpit UI Plugin for configuring and administering the 389 Directory Server
BuildArch:        noarch
#Requires:         cockpit
Requires:         python%{python3_pkgversion}
#Requires:         python%%{python3_pkgversion}-lib389

%description -n cockpit-389-ds
A cockpit UI Plugin for configuring and administering the 389 Directory Server.

%package          -n %{svrlibname}
Summary:          Secure PIN handling using NSS crypto
License:          MPLv2.0
Group:            System/Libraries
Epoch:            1
Conflicts:        %{_lib}389-ds-base0 < %{version}

%description -n %{svrlibname}
svrcore provides applications with several ways to handle secure PIN storage
e.g. in an application that must be restarted, but needs the PIN to unlock the
private key and other crypto material, without user intervention. svrcore uses
the facilities provided by NSS.

%package          -n %{svrdevname}
Summary:          Development files for svrcore
License:          MPLv2.0
Group:            Development/Other
Epoch:            1
Requires:         %{svrlibname} = 1:%{version}-%{release}
Provides:         svrcore-devel = 1:%{version}-%{release}
Conflicts:        %{_lib}389-ds-base-devel < %{version}

%description -n %{svrdevname}
Development libraries and headers for svrcore.

%prep
%setup -q -n %{name}-%{version} -a 3
%if %{use_nunc_stans}
%setup -q -n %{name}-%{version} -T -D -b 3
%endif
%autopatch -p1
cp %{_sourcedir}/%{name}-devel.README README.devel


# Make sure python3 is used in shebangs
# FIX ME!!  This should be fixed in the source code !!!
sed -r -i '1s|^#!\s*/usr/bin.*python.*|#!%{__python3}|' ldap/admin/src/scripts/*.py


%build
%serverbuild
autoreconf -vfi

%if %{use_nunc_stans}
pushd ../nunc-stans-%{nunc_stans_ver}
autoreconf -fi
%configure --with-fhs --libdir=%{_libdir}/%{pkgname}
%make_build
mkdir -p lib
cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so
mkdir -p include/nunc-stans
cp nunc-stans.h include/nunc-stans/nunc-stans.h
popd
%endif

%if %{use_openldap}
OPENLDAP_FLAG="--with-openldap"
%endif
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss"
%if %{use_nunc_stans}
NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
%endif
%configure --enable-autobind  $OPENLDAP_FLAG $TMPFILES_FLAG \
           --with-systemdsystemunitdir=%{_unitdir} \
           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
           --with-systemdgroupname=%{groupname} $NSSARGS \
           --with-perldir=/usr/bin \
           --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \
           --with-systemd

# Generate symbolic info for debuggers
export XCFLAGS=$RPM_OPT_FLAGS


%make_build


%install
%if %{use_nunc_stans}
pushd ../nunc-stans-%{nunc_stans_ver}
%make_install
rm -rf %{buildroot}%{_includedir} %{buildroot}%{_datadir} \
    %{buildroot}%{_libdir}/%{pkgname}/pkgconfig
popd
%endif

%make_install

mkdir -p %{buildroot}%{_logdir}/%{pkgname}
mkdir -p %{buildroot}/var/lib/%{pkgname}
mkdir -p %{buildroot}/var/lock/%{pkgname}

# Cockpit directory and file list
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
echo "%{_datadir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml" >> cockpit.list

#remove libtool archives and static libs
find %{buildroot} -type f -name "*.la" -delete
find %{buildroot} -type f -name "*.a" -delete

# make sure perl scripts have a proper shebang
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl

%pre
# Add the dirsrv user and group accounts
%_pre_useradd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin
%_pre_groupadd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin


%post
output=/dev/null
# We need to do this because the BS doesn't accept the way Fedora (upstream) and others do it.
if [ $1 = 1 ] ; then
    mkdir -p %{_sysconfdir}/systemd/system/%{groupname}.wants
fi
# reload to pick up any changes to systemd files
%{_bindir}/systemctl daemon-reload >/dev/null 2>&1 || :
# reload to pick up any shared lib changes

# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
if [ -n "$DEBUGPOSTTRANS" ] ; then
   output=$DEBUGPOSTTRANS
fi
echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
    if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
    inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
    echo found instance $inst - getting status >> $output 2>&1 || :
    if %{_bindir}/systemctl -q is-active $inst ; then
       echo instance $inst is running >> $output 2>&1 || :
       instances="$instances $inst"
    else
       echo instance $inst is not running >> $output 2>&1 || :
    fi
    ninst=`expr $ninst + 1`
done
if [ $ninst -eq 0 ] ; then
    echo no instances to upgrade >> $output 2>&1 || :
    exit 0 # have no instances to upgrade - just skip the rest
fi
# shutdown all instances
echo shutting down all instances . . . >> $output 2>&1 || :
for inst in $instances ; do
echo stopping instance $inst >> $output 2>&1 || :
/bin/systemctl stop $inst >> $output 2>&1 || :
done
echo remove pid files . . . >> $output 2>&1 || :
%{_bindir}/rm -f /run/%{pkgname}*.pid /run/%{pkgname}*.startpid


# do the upgrade
echo upgrading instances . . . >> $output 2>&1 || :
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
%{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
else
%{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
fi

# restart instances that require it
for inst in $instances ; do
    echo restarting instance $inst >> $output 2>&1 || :
    %{_bindir}/systemctl start $inst >> $output 2>&1 || :
done

%preun
if [ $1 -eq 0 ]; then # Final removal
    # Package removal, not upgrade
    # remove instance specific service files/links
    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
fi

%postun
if [ $1 = 0 ]; then # Final removal
    rm -rf /run/%{pkgname}
fi
%_postun_userdel %{pkgname}
%_postun_groupdel %{pkgname}

%preun snmp
%_preun_service %{pkgname}-snmp.service %{groupname}

%post snmp
%_post_service  %{pkgname}-snmp

%files
%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
%doc README.devel README.md
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
%dir %{_sysconfdir}/%{pkgname}/config
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd
%{_datadir}/%{pkgname}
%{_unitdir}/%{pkgname}.target
%{_unitdir}/%{pkgname}@.service
%{_bindir}/*
%{_sbindir}/*
%{_libdir}/%{pkgname}/perl
%{_libdir}/%{pkgname}/python
%{_libdir}/%{pkgname}/plugins/*.so
%{_libexecdir}/ds_selinux_enabled
%{_libexecdir}/ds_selinux_port_query
%{_libexecdir}/ds_systemd_ask_password_acl
%{_prefix}/lib/sysctl.d/*
%{_prefix}/share/gdb/auto-load/usr/sbin/ns-slapd-gdb.py
%dir %{_localstatedir}/lib/%{pkgname}
%dir %{_logdir}/%{pkgname}
%ghost %dir %{_localstatedir}/lock/%{pkgname}
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%exclude %{_sbindir}/ldap-agent*
%exclude %{_mandir}/man1/ldap-agent.1.*

%files -n %{develname}
%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
%doc README.devel README.md
%{_includedir}/%{pkgname}
%{_libdir}/%{pkgname}/libslapd.so
%{_libdir}/%{pkgname}/libsds.so
%{_libdir}/%{pkgname}/libldaputil.so
%{_libdir}/%{pkgname}/libns-dshttpd.so
# It seems these files are always built regardless the global setting.
# %%if %%{use_nunc_stans}
%{_libdir}/%{pkgname}/libnunc-stans.so
# %%endif
%{_libdir}/pkgconfig/*
%exclude %{_libdir}/pkgconfig/svrcore.pc

%files -n %{svrlibname}
%license src/svrcore/LICENSE
%doc src/svrcore/README
%{_libdir}/libsvrcore.so.%{svrmajor}{,.*}

%files -n %{svrdevname}
%license src/svrcore/LICENSE
%doc src/svrcore/README
%{_includedir}/svrcore.h
%{_libdir}/libsvrcore.so
%{_libdir}/pkgconfig/svrcore.pc

%files -n %{libname}
%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
%doc README.md
%{_libdir}/%{pkgname}/libslapd.so.*
%{_libdir}/%{pkgname}/libsds.so.*
%{_libdir}/%{pkgname}/libldaputil.so.*
%{_libdir}/%{pkgname}/libns-dshttpd-%{version}.so
# %%if %%{use_nunc_stans}
%{_libdir}/%{pkgname}/libnunc-stans.so.*
# %%endif

%files snmp
%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
%doc README.md
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
%{_unitdir}/%{pkgname}-snmp.service
%{_sbindir}/ldap-agent*
%{_mandir}/man1/ldap-agent.1.*

%files -n cockpit-389-ds -f cockpit.list
%doc README.md
1	# work around gcc 10 build errors
2	%global _legacy_common_support 1
3
4	%define major 0
5	%define libname %mklibname %{name} %{major}
6	%define develname %mklibname %{name} -d
7
8	%define svrmajor 0
9	%define svrlibname %mklibname svrcore %{svrmajor}
10	%define svrdevname %mklibname svrcore -d
11
12	%global pkgname dirsrv
13
14	%global use_openldap 1
15	# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
16	%global use_Socket6 0
17
18
19	# Following rh/fedora and disabling nunc-stans
20	# https://pagure.io/389-ds-base/issue/49893
21	# https://bugzilla.redhat.com/show_bug.cgi?id=1614501
22	# To build without nunc-stans, set 0 to use_nunc_stans.
23	# nunc-stans only builds on x86_64 for now
24	%ifarch x86_64
25	%global use_nunc_stans 0
26	%else
27	%global use_nunc_stans 0
28	%endif
29
30	%global nunc_stans_ver 0.1.8
31
32	# (cg) NB the --with-tmpfiles_d argument below is for user generated config files
33	# created via DSCreate.pm script - i.e. it should be the /etc/ path, NOT %%_tmpfilesdir
34
35	%global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
36
37	# systemd support
38	%global groupname %{pkgname}.target
39
40	Summary: 389 Directory Server (base)
41	Name: 389-ds-base
42	Version: 1.4.0.26
43	%define subrel 2
44	Release: %mkrel 8
45	License: GPLv3+
46	Group: System/Servers
47	URL: http://port389.org/
48	Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
49	# 389-ds-git.sh should be used to generate the source tarball from git
50	Source1: %{name}-git.sh
51	Source2: %{name}-devel.README
52	Source3: https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2
53	Patch0: 389-ds-base-1.4.0.26-mga-fix-path-to-nss-headers.patch
54	Patch1: 389-ds-base-1.4.0.26-CVE-2019-14824.patch
55	Patch2: c1926dfc6591b55c4d33f9944de4d7ebe077e964.patch
56	Patch3: 0034-CVE-2021-4091-BZ-2030367-double-free-of-the-virtual-.patch
57
58	Requires: %{libname} = %{version}-%{release}
59	Provides: ldif2ldbm
60
61	BuildRequires: pkgconfig(nspr)
62	BuildRequires: pkgconfig(nss)
63	BuildRequires: pkgconfig(krb5)
64	%if %{use_openldap}
65	BuildRequires: openldap-devel
66	%else
67	BuildRequires: mozldap-devel
68	%endif
69	BuildRequires: db-devel
70
71	BuildRequires: pkgconfig(libsasl2)
72	BuildRequires: icu
73	BuildRequires: libicu-devel
74	BuildRequires: pkgconfig(libpcre)
75	BuildRequires: gcc-c++
76	BuildRequires: doxygen
77	# The following are needed to build the snmp ldap-agent
78	BuildRequires: net-snmp-devel
79	BuildRequires: lm_sensors-devel
80	BuildRequires: bzip2-devel
81	BuildRequires: pkgconfig(zlib)
82	BuildRequires: pkgconfig(openssl)
83	BuildRequires: tcp_wrappers
84	# the following is for the pam passthru auth plug-in
85	BuildRequires: pam-devel
86	BuildRequires: systemd-units
87	BuildRequires: pkgconfig(systemd)
88
89	# For cockpit
90	BuildRequires: rsync
91
92	# this is needed for using semanage from our setup scripts
93	Requires: policycoreutils-python-utils
94
95	Requires(post): rpm-helper >= %{rpmhelper_required_version}
96	Requires(preun): rpm-helper >= %{rpmhelper_required_version}
97	Requires(pre): %{_sbindir}/useradd
98	Requires(pre): %{_sbindir}/groupadd
99
100
101	# the following are needed for some of our scripts
102	%if %{use_openldap}
103	Requires: openldap-clients
104	%else
105	Requires: mozldap-tools
106	%endif
107
108	# this is needed to setup SSL if you are not using the
109	# administration server package
110	Requires: nss
111
112	# these are not found by the auto-dependency method
113	# they are required to support the mandatory LDAP SASL mechs
114	Requires: sasl-plug-gssapi
115	Requires: sasl-plug-digestmd5
116
117	# this is needed for verify-db.pl
118	Requires: db5-utils
119
120	# for the init script
121	Requires(post): systemd-units
122	Requires(preun): systemd-units
123	Requires(postun): systemd-units
124
125	%description
126	389 Directory Server is an LDAPv3 compliant server. The base package includes
127	the LDAP server and command line utilities for server administration.
128
129	%package -n %{libname}
130	Summary: Core libraries for 389 Directory Server
131	Group: System/Servers
132	BuildRequires: pkgconfig(nspr)
133	BuildRequires: pkgconfig(nss)
134	%if %{use_openldap}
135	BuildRequires: openldap-devel
136	%else
137	BuildRequires: mozldap-devel
138	%endif
139	BuildRequires: db-devel
140	BuildRequires: pkgconfig(libsasl2)
141	BuildRequires: libicu-devel
142	BuildRequires: pkgconfig(libpcre)
143	BuildRequires: pkgconfig(talloc)
144	BuildRequires: pkgconfig(libevent)
145	BuildRequires: pkgconfig(tevent)
146	BuildRequires: libcrack-devel
147
148	%description -n %{libname}
149	Core libraries for the 389 Directory Server base package. These libraries
150	are used by the main package and the -devel package. This allows the -devel
151	package to be installed with just the -libs package and without the main package.
152
153	%package -n %{develname}
154	Summary: Development libraries for 389 Directory Server
155	Group: System/Libraries
156	Requires: nspr-devel
157	Requires: nss-devel
158	%if %{use_openldap}
159	Requires: openldap-devel
160	%else
161	Requires: mozldap-devel
162	%endif
163
164	%if %{use_nunc_stans}
165	Requires: talloc-devel
166	Requires: event-devel
167	Requires: tevent-devel
168	%endif
169
170	Requires: %{libname} = %{version}-%{release}
171	Provides: %{develname} = %{version}-%{release}
172
173
174	%description -n %{develname}
175	Development Libraries and headers for the 389 Directory Server base package.
176
177	%package snmp
178	Summary: SNMP Agent for 389 Directory Server
179	Group: System/Servers
180	Requires: %{name} = %{version}-%{release}
181
182
183	%description snmp
184	SNMP Agent for the 389 Directory Server base package.
185
186	%package -n cockpit-389-ds
187	Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server
188	BuildArch: noarch
189	#Requires: cockpit
190	Requires: python%{python3_pkgversion}
191	#Requires: python%%{python3_pkgversion}-lib389
192
193	%description -n cockpit-389-ds
194	A cockpit UI Plugin for configuring and administering the 389 Directory Server.
195
196	%package -n %{svrlibname}
197	Summary: Secure PIN handling using NSS crypto
198	License: MPLv2.0
199	Group: System/Libraries
200	Epoch: 1
201	Conflicts: %{_lib}389-ds-base0 < %{version}
202
203	%description -n %{svrlibname}
204	svrcore provides applications with several ways to handle secure PIN storage
205	e.g. in an application that must be restarted, but needs the PIN to unlock the
206	private key and other crypto material, without user intervention. svrcore uses
207	the facilities provided by NSS.
208
209	%package -n %{svrdevname}
210	Summary: Development files for svrcore
211	License: MPLv2.0
212	Group: Development/Other
213	Epoch: 1
214	Requires: %{svrlibname} = 1:%{version}-%{release}
215	Provides: svrcore-devel = 1:%{version}-%{release}
216	Conflicts: %{_lib}389-ds-base-devel < %{version}
217
218	%description -n %{svrdevname}
219	Development libraries and headers for svrcore.
220
221	%prep
222	%setup -q -n %{name}-%{version} -a 3
223	%if %{use_nunc_stans}
224	%setup -q -n %{name}-%{version} -T -D -b 3
225	%endif
226	%autopatch -p1
227	cp %{_sourcedir}/%{name}-devel.README README.devel
228
229
230	# Make sure python3 is used in shebangs
231	# FIX ME!! This should be fixed in the source code !!!
232	sed -r -i '1s\|^#!\s/usr/bin.python.\|#!%{__python3}\|' ldap/admin/src/scripts/.py
233
234
235	%build
236	%serverbuild
237	autoreconf -vfi
238
239	%if %{use_nunc_stans}
240	pushd ../nunc-stans-%{nunc_stans_ver}
241	autoreconf -fi
242	%configure --with-fhs --libdir=%{_libdir}/%{pkgname}
243	%make_build
244	mkdir -p lib
245	cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so
246	mkdir -p include/nunc-stans
247	cp nunc-stans.h include/nunc-stans/nunc-stans.h
248	popd
249	%endif
250
251	%if %{use_openldap}
252	OPENLDAP_FLAG="--with-openldap"
253	%endif
254	%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
255	# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
256	NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss"
257	%if %{use_nunc_stans}
258	NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
259	%endif
260	%configure --enable-autobind $OPENLDAP_FLAG $TMPFILES_FLAG \
261	--with-systemdsystemunitdir=%{_unitdir} \
262	--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
263	--with-systemdgroupname=%{groupname} $NSSARGS \
264	--with-perldir=/usr/bin \
265	--with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \
266	--with-systemd
267
268	# Generate symbolic info for debuggers
269	export XCFLAGS=$RPM_OPT_FLAGS
270
271
272	%make_build
273
274
275	%install
276	%if %{use_nunc_stans}
277	pushd ../nunc-stans-%{nunc_stans_ver}
278	%make_install
279	rm -rf %{buildroot}%{_includedir} %{buildroot}%{_datadir} \
280	%{buildroot}%{_libdir}/%{pkgname}/pkgconfig
281	popd
282	%endif
283
284	%make_install
285
286	mkdir -p %{buildroot}%{_logdir}/%{pkgname}
287	mkdir -p %{buildroot}/var/lib/%{pkgname}
288	mkdir -p %{buildroot}/var/lock/%{pkgname}
289
290	# Cockpit directory and file list
291	find %{buildroot}%{_datadir}/cockpit/389-console -type d \| sed -e "s@%{buildroot}@@" \| sed -e 's/^/\%dir /' > cockpit.list
292	find %{buildroot}%{_datadir}/cockpit/389-console -type f \| sed -e "s@%{buildroot}@@" >> cockpit.list
293	echo "%{_datadir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml" >> cockpit.list
294
295	#remove libtool archives and static libs
296	find %{buildroot} -type f -name "*.la" -delete
297	find %{buildroot} -type f -name "*.a" -delete
298
299	# make sure perl scripts have a proper shebang
300	sed -i -e 's\|#{{PERL-EXEC}}\|#!/usr/bin/perl\|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl
301
302	%pre
303	# Add the dirsrv user and group accounts
304	%_pre_useradd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin
305	%_pre_groupadd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin
306
307
308	%post
309	output=/dev/null
310	# We need to do this because the BS doesn't accept the way Fedora (upstream) and others do it.
311	if [ $1 = 1 ] ; then
312	mkdir -p %{_sysconfdir}/systemd/system/%{groupname}.wants
313	fi
314	# reload to pick up any changes to systemd files
315	%{_bindir}/systemctl daemon-reload >/dev/null 2>&1 \|\| :
316	# reload to pick up any shared lib changes
317
318	# find all instances
319	instances="" # instances that require a restart after upgrade
320	ninst=0 # number of instances found in total
321	if [ -n "$DEBUGPOSTTRANS" ] ; then
322	output=$DEBUGPOSTTRANS
323	fi
324	echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 \|\| :
325	for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
326	if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
327	inst=`echo $service \| sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
328	echo found instance $inst - getting status >> $output 2>&1 \|\| :
329	if %{_bindir}/systemctl -q is-active $inst ; then
330	echo instance $inst is running >> $output 2>&1 \|\| :
331	instances="$instances $inst"
332	else
333	echo instance $inst is not running >> $output 2>&1 \|\| :
334	fi
335	ninst=`expr $ninst + 1`
336	done
337	if [ $ninst -eq 0 ] ; then
338	echo no instances to upgrade >> $output 2>&1 \|\| :
339	exit 0 # have no instances to upgrade - just skip the rest
340	fi
341	# shutdown all instances
342	echo shutting down all instances . . . >> $output 2>&1 \|\| :
343	for inst in $instances ; do
344	echo stopping instance $inst >> $output 2>&1 \|\| :
345	/bin/systemctl stop $inst >> $output 2>&1 \|\| :
346	done
347	echo remove pid files . . . >> $output 2>&1 \|\| :
348	%{_bindir}/rm -f /run/%{pkgname}.pid /run/%{pkgname}.startpid
349
350
351	# do the upgrade
352	echo upgrading instances . . . >> $output 2>&1 \|\| :
353	DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP \| /usr/bin/sed -e "s/[^d]//g"`
354	if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
355	%{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 \|\| :
356	else
357	%{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 \|\| :
358	fi
359
360	# restart instances that require it
361	for inst in $instances ; do
362	echo restarting instance $inst >> $output 2>&1 \|\| :
363	%{_bindir}/systemctl start $inst >> $output 2>&1 \|\| :
364	done
365
366	%preun
367	if [ $1 -eq 0 ]; then # Final removal
368	# Package removal, not upgrade
369	# remove instance specific service files/links
370	rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 \|\| :
371	fi
372
373	%postun
374	if [ $1 = 0 ]; then # Final removal
375	rm -rf /run/%{pkgname}
376	fi
377	%_postun_userdel %{pkgname}
378	%_postun_groupdel %{pkgname}
379
380	%preun snmp
381	%_preun_service %{pkgname}-snmp.service %{groupname}
382
383	%post snmp
384	%_post_service %{pkgname}-snmp
385
386	%files
387	%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
388	%doc README.devel README.md
389	%dir %{_sysconfdir}/%{pkgname}
390	%dir %{_sysconfdir}/%{pkgname}/schema
391	%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
392	%dir %{_sysconfdir}/%{pkgname}/config
393	%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
394	%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
395	%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
396	%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}
397	%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd
398	%{_datadir}/%{pkgname}
399	%{_unitdir}/%{pkgname}.target
400	%{_unitdir}/%{pkgname}@.service
401	%{_bindir}/*
402	%{_sbindir}/*
403	%{_libdir}/%{pkgname}/perl
404	%{_libdir}/%{pkgname}/python
405	%{_libdir}/%{pkgname}/plugins/*.so
406	%{_libexecdir}/ds_selinux_enabled
407	%{_libexecdir}/ds_selinux_port_query
408	%{_libexecdir}/ds_systemd_ask_password_acl
409	%{_prefix}/lib/sysctl.d/*
410	%{_prefix}/share/gdb/auto-load/usr/sbin/ns-slapd-gdb.py
411	%dir %{_localstatedir}/lib/%{pkgname}
412	%dir %{_logdir}/%{pkgname}
413	%ghost %dir %{_localstatedir}/lock/%{pkgname}
414	%{_mandir}/man1/*
415	%{_mandir}/man5/*
416	%{_mandir}/man8/*
417	%exclude %{_sbindir}/ldap-agent*
418	%exclude %{_mandir}/man1/ldap-agent.1.*
419
420	%files -n %{develname}
421	%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
422	%doc README.devel README.md
423	%{_includedir}/%{pkgname}
424	%{_libdir}/%{pkgname}/libslapd.so
425	%{_libdir}/%{pkgname}/libsds.so
426	%{_libdir}/%{pkgname}/libldaputil.so
427	%{_libdir}/%{pkgname}/libns-dshttpd.so
428	# It seems these files are always built regardless the global setting.
429	# %%if %%{use_nunc_stans}
430	%{_libdir}/%{pkgname}/libnunc-stans.so
431	# %%endif
432	%{_libdir}/pkgconfig/*
433	%exclude %{_libdir}/pkgconfig/svrcore.pc
434
435	%files -n %{svrlibname}
436	%license src/svrcore/LICENSE
437	%doc src/svrcore/README
438	%{_libdir}/libsvrcore.so.%{svrmajor}{,.*}
439
440	%files -n %{svrdevname}
441	%license src/svrcore/LICENSE
442	%doc src/svrcore/README
443	%{_includedir}/svrcore.h
444	%{_libdir}/libsvrcore.so
445	%{_libdir}/pkgconfig/svrcore.pc
446
447	%files -n %{libname}
448	%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
449	%doc README.md
450	%{_libdir}/%{pkgname}/libslapd.so.*
451	%{_libdir}/%{pkgname}/libsds.so.*
452	%{_libdir}/%{pkgname}/libldaputil.so.*
453	%{_libdir}/%{pkgname}/libns-dshttpd-%{version}.so
454	# %%if %%{use_nunc_stans}
455	%{_libdir}/%{pkgname}/libnunc-stans.so.*
456	# %%endif
457
458	%files snmp
459	%license LICENSE LICENSE.GPLv3+ LICENSE.openssl
460	%doc README.md
461	%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
462	%{_unitdir}/%{pkgname}-snmp.service
463	%{_sbindir}/ldap-agent*
464	%{_mandir}/man1/ldap-agent.1.*
465
466	%files -n cockpit-389-ds -f cockpit.list
467	%doc README.md