%global pkgname dirsrv # for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release # also remove the space between % and global - this space is needed because # fedpkg verrel stupidly ignores comment lines #% global prerel .rc3 # also need the relprefix field for a pre-release e.g. .0 - also comment out for official release #% global relprefix 0. %global use_openldap 1 %global use_db4 0 # If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. %global use_Socket6 0 # (cg) NB the --with-tmpfiles_d argument below is for user generated config files # created via DSCreate.pm script - i.e. it should be the /etc/ path, NOT %_tmpfilesdir # Mageia 3 and later uses tmpfiles.d # otherwise, comment this out %{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} # systemd support %global groupname %{pkgname}.target Summary: 389 Directory Server (base) Name: 389-ds-base Version: 1.3.0.8 Release: %mkrel 1 License: GPLv2 with exceptions URL: http://port389.org/ Group: System/Servers Requires: %{name}-libs = %{version}-%{release} Provides: ldif2ldbm BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: krb5-devel BuildRequires: svrcore-devel %if %{use_openldap} BuildRequires: openldap-devel %else BuildRequires: mozldap-devel %endif %if %{use_db4} BuildRequires: db4-devel %else BuildRequires: db-devel %endif BuildRequires: libsasl-devel BuildRequires: icu BuildRequires: libicu-devel BuildRequires: pcre-devel BuildRequires: gcc-c++ # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel BuildRequires: bzip2-devel BuildRequires: zlib-devel BuildRequires: openssl-devel BuildRequires: tcp_wrappers # the following is for the pam passthru auth plug-in BuildRequires: pam-devel BuildRequires: systemd-units # this is needed for using semanage from our setup scripts Requires: policycoreutils-python Requires(post): rpm-helper >= %{rpmhelper_required_version} Requires(preun): rpm-helper >= %{rpmhelper_required_version} # the following are needed for some of our scripts %if %{use_openldap} Requires: openldap-clients %else Requires: mozldap-tools %endif # use_openldap assumes perl-Mozilla-LDAP is built with openldap support Requires: perl-Mozilla-LDAP # this is needed to setup SSL if you are not using the # administration server package Requires: nss # these are not found by the auto-dependency method # they are required to support the mandatory LDAP SASL mechs Requires: sasl-plug-gssapi Requires: sasl-plug-digestmd5 # this is needed for verify-db.pl %if %{use_db4} Requires: db4-utils %else Requires: db5-utils %endif # This picks up libperl.so as a Requires, so we add this versioned one # We don't pack this virtual package in Mageia and it doesn't look it's needed anymore in mdern perl. # Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) # for the init script Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units # for setup-ds.pl to support ipv6 %if %{use_Socket6} Requires: perl-Socket6 %else Requires: perl-Socket %endif Requires: perl-NetAddr-IP Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2 # 389-ds-git.sh should be used to generate the source tarball from git Source1: %{name}-git.sh Source2: %{name}-devel.README Patch0: mageia-nogroup.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. %package libs Summary: Core libraries for 389 Directory Server Group: System/Servers BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: svrcore-devel %if %{use_openldap} BuildRequires: openldap-devel %else BuildRequires: mozldap-devel %endif %if %{use_db4} BuildRequires: db4-devel %else BuildRequires: db-devel %endif BuildRequires: libsasl-devel BuildRequires: libicu-devel BuildRequires: pcre-devel %description libs Core libraries for the 389 Directory Server base package. These libraries are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package. %package devel Summary: Development libraries for 389 Directory Server Group: System/Libraries Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig Requires: nspr-devel Requires: nss-devel Requires: svrcore-devel %if %{use_openldap} Requires: openldap-devel %else Requires: mozldap-devel %endif %description devel Development Libraries and headers for the 389 Directory Server base package. %prep %setup -q -n %{name}-%{version}%{?prerel} cp %{SOURCE2} README.devel %patch0 -p1 -b .mageia-nogroup %build autoreconf -fi %if %{use_openldap} OPENLDAP_FLAG="--with-openldap" %endif %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} # hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss" %configure2_5x --enable-autobind \ --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ --with-systemdgroupname=%{groupname} $NSSARGS # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS %ifarch x86_64 export USE_64=1 %endif %make %install make DESTDIR="%{buildroot}" install mkdir -p %{buildroot}/var/log/%{pkgname} mkdir -p %{buildroot}/var/lib/%{pkgname} mkdir -p %{buildroot}/var/lock/%{pkgname} # for systemd # This is the Fedora and other Distro's way but our BS rejects this file # mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{groupname}.wants #remove libtool and static libs rm -f %{buildroot}%{_libdir}/%{pkgname}/*.a rm -f %{buildroot}%{_libdir}/%{pkgname}/*.la rm -f %{buildroot}%{_libdir}/%{pkgname}/plugins/*.a rm -f %{buildroot}%{_libdir}/%{pkgname}/plugins/*.la # make sure perl scripts have a proper shebang sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl %post output=/dev/null # We need to do this because the BS doesn't accept the way Fedora (upstream) and others do it. if [ $1 = 1 ] ; then mkdir -p %{_sysconfdir}/systemd/system/%{groupname}.wants fi %_post_service %{pkgname}-snmp # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >/dev/null 2>&1 || : # reload to pick up any shared lib changes /sbin/ldconfig # restart the snmp subagent if needed /bin/systemctl try-restart %{pkgname}-snmp.service > $output 2>&1 || : # find all instances instances="" # instances that require a restart after upgrade ninst=0 # number of instances found in total if [ -n "$DEBUGPOSTTRANS" ] ; then output=$DEBUGPOSTTRANS fi echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* > $output 2>&1 || : for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'` echo found instance $inst - getting status > $output 2>&1 || : if /bin/systemctl -q is-active $inst ; then echo instance $inst is running > $output 2>&1 || : instances="$instances $inst" else echo instance $inst is not running > $output 2>&1 || : fi ninst=`expr $ninst + 1` done if [ $ninst -eq 0 ] ; then echo no instances to upgrade > $output 2>&1 || : exit 0 # have no instances to upgrade - just skip the rest fi # shutdown all instances echo shutting down all instances . . . > $output 2>&1 || : /bin/systemctl stop %{groupname} > $output 2>&1 || : echo remove pid files . . . > $output 2>&1 || : /bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid # do the upgrade echo upgrading instances . . . > $output 2>&1 || : %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline > $output 2>&1 || : # restart instances that require it for inst in $instances ; do echo restarting instance $inst > $output 2>&1 || : /bin/systemctl start $inst > $output 2>&1 || : done exit 0 %preun if [ $1 -eq 0 ]; then # Final removal # Package removal, not upgrade %systemd_preun %{pkgname}-snmp.service %{groupname} # remove instance specific service files/links rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : fi %postun /sbin/ldconfig if [ $1 = 0 ]; then # Final removal rm -rf /var/run/%{pkgname} fi %files %doc LICENSE EXCEPTION LICENSE.GPLv2 %dir %{_sysconfdir}/%{pkgname} %dir %{_sysconfdir}/%{pkgname}/schema %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif %dir %{_sysconfdir}/%{pkgname}/config # This is the Fedora and other Distro's way but our BS rejects this file # %dir %{_sysconfdir}/systemd/system/%{groupname}.wants %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname} %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd %{_datadir}/%{pkgname} %{_unitdir} %{_bindir}/* %{_sbindir}/* %{_libdir}/%{pkgname}/libns-dshttpd.so* %{_libdir}/%{pkgname}/perl %{_libdir}/%{pkgname}/plugins/*.so %dir %{_localstatedir}/lib/%{pkgname} %dir %{_logdir}/%{pkgname} %{_mandir}/man1/* %{_mandir}/man8/* %files devel %doc LICENSE EXCEPTION LICENSE.GPLv2 README.devel %{_includedir}/%{pkgname} %{_libdir}/%{pkgname}/libslapd.so %{_libdir}/pkgconfig/* %files libs %doc LICENSE EXCEPTION LICENSE.GPLv2 README.devel %{_libdir}/%{pkgname}/libslapd.so.* %changelog * Fri Aug 30 2013 spuhler <spuhler> 1.3.0.8-1.mga3 + Revision: 473178 - made the "mkdir" conditional - upgrade to version 1.3.0.5 - removed patch CVE-2013-2219-ACLs-inoperative-in-some-search-scenar.patch * already incorporated in updtaed source - this updated solves security issue CVE-2013-4283, bug #10889 - added autoreconf -fi to make mageia-nogroup.patch active - bumped subrel - changed the way how to create the %%{_sysconfdir}/systemd/system/%%{groupname}.wants file for instance @dirsrv * The BS reject the way of adding this directory in the files section - added %%dir %%{_sysconfdir}/systemd/system/%%{groupname}.wants - this directory is needed so dirsrv@instance.service can put their instance in there - enables added instances to start at boot added mageia-nogroup patch - provides the correct group at setup, we use group nogroup instead of nobody added rpm-helper macros + luigiwalser <luigiwalser> - add patch from redhat to fix CVE-2013-2219 * Tue Apr 16 2013 spuhler <spuhler> 1.3.0.5-2.mga3 + Revision: 410202 - replaced incorrect macro in post section with Mageia macro - %%systemd_post with %%_post_service * Wed Apr 03 2013 spuhler <spuhler> 1.3.0.5-1.mga3 + Revision: 407558 - upgrade to ver. 1.3.0.5 Fixes to following issues from upstream - unintended information exposure when anonymous access is set to rootdse - crash in aci evaluation - ns-slapd crashes sporadically with segmentation fault in libslapd.so - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up - 389-ds-base cannot handle Kerberos tickets with PAC - cleanAllRUV task fails to cleanup config upon completion * Wed Mar 13 2013 spuhler <spuhler> 1.3.0.4-1.mga3 + Revision: 402840 - upgrade to version 1.3.0.4 fixes * Bug 9349 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data * DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled) * Slow role performance when using a lot of roles * Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry * Mon Mar 04 2013 spuhler <spuhler> 1.3.0.3-1.mga3 + Revision: 401340 - upgrade to 1.3.0.3 Lots of bugfixes by upstream o Ticket #584 - Existence of an entry is not checked when its password is to be deleted o Ticket 562 - Crash when deleting suffix o Ticket #542 - Cannot dynamically set nsslapd-maxbersize o Ticket 556 - Don't overwrite certmap.conf during upgrade o Ticket 549 - DNA plugin no longer reports additional info when range is depleted o Ticket 541 - need to set plugin as off in ldif template o Ticket 541 - RootDN Access Control plugin is missing after upgrade - cleaned up spec file aaded Requires: libselinux-utils * Fri Jan 11 2013 umeabot <umeabot> 1.3.0-4.mga3 + Revision: 345051 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Tue Dec 18 2012 spuhler <spuhler> 1.3.0-3.mga3 + Revision: 332415 - upgrade to rc2 bumped rel * Sun Dec 16 2012 spuhler <spuhler> 1.3.0-2.mga3 + Revision: 331346 - upgrade to from a1 to rc1 * Sat Dec 01 2012 spuhler <spuhler> 1.3.0-1.mga3 + Revision: 324211 - upgrade to 1.3.0 * Sat Dec 01 2012 fwang <fwang> 1.2.11.15-5.mga3 + Revision: 323723 - rebuild for new pcre * Sun Nov 25 2012 colin <colin> 1.2.11.15-4.mga3 + Revision: 321807 - Do not ship the /var/lock folder - Ensure tmpfiles.d is enabled in the DSCreate.pm script - Add patch to create the .wants folder for systemd units. - Do not ship any systemd folders in /etc * Fri Nov 09 2012 fwang <fwang> 1.2.11.15-3.mga3 + Revision: 316610 - rebuild for update icu * Tue Nov 06 2012 fwang <fwang> 1.2.11.15-2.mga3 + Revision: 314759 - rebuild for new icu * Sun Oct 21 2012 spuhler <spuhler> 1.2.11.15-1.mga3 + Revision: 308664 - upgrade to version 2.12.11.15 * Mon Oct 15 2012 spuhler <spuhler> 1.2.11.12-2.mga3 + Revision: 305913 - changed the libname as done by upstream bumped rel * Sat Oct 13 2012 spuhler <spuhler> 1.2.11.12-1.mga3 + Revision: 305248 - added LDFLAGS=-L%%{perl_archlib}/CORE commented out Requires: perl(:MODULE_COMPAT_%%(eval "`%%{__perl} -V:version`"; echo $version)) - added Buildrequires: krb5-devel - fixed Requires naming - mageified spec file and removed unneeded lines - cleaned up spec file - imported package 389-ds-base