# work around gcc 10 build errors
%global _legacy_common_support 1

%define major 0
%define libname %mklibname %{name} %{major}
%define develname %mklibname %{name} -d

%define svrmajor 0
%define svrlibname %mklibname svrcore %{svrmajor}
%define svrdevname %mklibname svrcore -d

%global pkgname   dirsrv

%global use_openldap 1
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
%global use_Socket6 0

# Following rh/fedora and disabling nunc-stans
# To build without nunc-stans, set 0 to use_nunc_stans.
# nunc-stans only builds on x86_64 for now
%ifarch x86_64
%global use_nunc_stans 0
%global use_nunc_stans 0

%global nunc_stans_ver 0.1.8

# (cg) NB the --with-tmpfiles_d argument below is for user generated config files
# created via script - i.e. it should be the /etc/ path, NOT %%_tmpfilesdir

%global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}

# systemd support
%global groupname %{pkgname}.target

Summary:          389 Directory Server (base)
Name:             389-ds-base
%define subrel 1
Release:          %mkrel 8
License:          GPLv3+
Group:            System/Servers
# should be used to generate the source tarball from git
Source1:          %{name}
Source2:          %{name}-devel.README
Patch0:           389-ds-base-
Patch1:           389-ds-base-
Patch2:           c1926dfc6591b55c4d33f9944de4d7ebe077e964.patch

Requires:         %{libname} = %{version}-%{release}
Provides:         ldif2ldbm

BuildRequires:    pkgconfig(nspr)
BuildRequires:    pkgconfig(nss)
BuildRequires:    pkgconfig(krb5)
%if %{use_openldap}
BuildRequires:    openldap-devel
BuildRequires:    mozldap-devel
BuildRequires:    db-devel

BuildRequires:    pkgconfig(libsasl2)
BuildRequires:    icu
BuildRequires:    libicu-devel
BuildRequires:    pkgconfig(libpcre)
BuildRequires:    gcc-c++
BuildRequires:    doxygen
# The following are needed to build the snmp ldap-agent
BuildRequires:    net-snmp-devel
BuildRequires:    lm_sensors-devel
BuildRequires:    bzip2-devel
BuildRequires:    pkgconfig(zlib)
BuildRequires:    pkgconfig(openssl)
BuildRequires:    tcp_wrappers
# the following is for the pam passthru auth plug-in
BuildRequires:    pam-devel
BuildRequires:    systemd-units
BuildRequires:    pkgconfig(systemd)

# For cockpit
BuildRequires:    rsync

# this is needed for using semanage from our setup scripts
Requires:         policycoreutils-python-utils

Requires(post):   rpm-helper >= %{rpmhelper_required_version}
Requires(preun):  rpm-helper >= %{rpmhelper_required_version}
Requires(pre):    %{_sbindir}/useradd
Requires(pre):    %{_sbindir}/groupadd

# the following are needed for some of our scripts
%if %{use_openldap}
Requires:         openldap-clients
Requires:         mozldap-tools

# this is needed to setup SSL if you are not using the
# administration server package
Requires:         nss

# these are not found by the auto-dependency method
# they are required to support the mandatory LDAP SASL mechs
Requires:         sasl-plug-gssapi
Requires:         sasl-plug-digestmd5

# this is needed for
Requires:         db5-utils

# for the init script
Requires(post):   systemd-units
Requires(preun):  systemd-units
Requires(postun): systemd-units

389 Directory Server is an LDAPv3 compliant server.  The base package includes
the LDAP server and command line utilities for server administration.

%package          -n %{libname}
Summary:          Core libraries for 389 Directory Server
Group:            System/Servers
BuildRequires:    pkgconfig(nspr)
BuildRequires:    pkgconfig(nss)
%if %{use_openldap}
BuildRequires:    openldap-devel
BuildRequires:    mozldap-devel
BuildRequires:    db-devel
BuildRequires:    pkgconfig(libsasl2)
BuildRequires:    libicu-devel
BuildRequires:    pkgconfig(libpcre)
BuildRequires:    pkgconfig(talloc)
BuildRequires:    pkgconfig(libevent)
BuildRequires:    pkgconfig(tevent)
BuildRequires:    libcrack-devel

%description  -n %{libname}
Core libraries for the 389 Directory Server base package.  These libraries
are used by the main package and the -devel package.  This allows the -devel
package to be installed with just the -libs package and without the main package.

%package          -n %{develname}
Summary:          Development libraries for 389 Directory Server
Group:            System/Libraries
Requires:         nspr-devel
Requires:         nss-devel
%if %{use_openldap}
Requires:         openldap-devel
Requires:         mozldap-devel

%if %{use_nunc_stans}
Requires:         talloc-devel
Requires:         event-devel
Requires:         tevent-devel

Requires:         %{libname} = %{version}-%{release}
Provides:         %{develname} = %{version}-%{release}

%description      -n %{develname}
Development Libraries and headers for the 389 Directory Server base package.

%package          snmp
Summary:          SNMP Agent for 389 Directory Server
Group:            System/Servers
Requires:         %{name} = %{version}-%{release}

%description      snmp
SNMP Agent for the 389 Directory Server base package.

%package -n cockpit-389-ds
Summary:          Cockpit UI Plugin for configuring and administering the 389 Directory Server
BuildArch:        noarch
#Requires:         cockpit
Requires:         python%{python3_pkgversion}
#Requires:         python%%{python3_pkgversion}-lib389

%description -n cockpit-389-ds
A cockpit UI Plugin for configuring and administering the 389 Directory Server.

%package          -n %{svrlibname}
Summary:          Secure PIN handling using NSS crypto
License:          MPLv2.0
Group:            System/Libraries
Epoch:            1
Conflicts:        %{_lib}389-ds-base0 < %{version}

%description -n %{svrlibname}
svrcore provides applications with several ways to handle secure PIN storage
e.g. in an application that must be restarted, but needs the PIN to unlock the
private key and other crypto material, without user intervention. svrcore uses
the facilities provided by NSS.

%package          -n %{svrdevname}
Summary:          Development files for svrcore
License:          MPLv2.0
Group:            Development/Other
Epoch:            1
Requires:         %{svrlibname} = 1:%{version}-%{release}
Provides:         svrcore-devel = 1:%{version}-%{release}
Conflicts:        %{_lib}389-ds-base-devel < %{version}

%description -n %{svrdevname}
Development libraries and headers for svrcore.

%setup -q -n %{name}-%{version} -a 3
%if %{use_nunc_stans}
%setup -q -n %{name}-%{version} -T -D -b 3
%autopatch -p1
cp %{_sourcedir}/%{name}-devel.README README.devel

# Make sure python3 is used in shebangs
# FIX ME!!  This should be fixed in the source code !!!
sed -r -i '1s|^#!\s*/usr/bin.*python.*|#!%{__python3}|' ldap/admin/src/scripts/*.py

autoreconf -vfi

%if %{use_nunc_stans}
pushd ../nunc-stans-%{nunc_stans_ver}
autoreconf -fi
%configure --with-fhs --libdir=%{_libdir}/%{pkgname}
mkdir -p lib
cp .libs/ lib/
mkdir -p include/nunc-stans
cp nunc-stans.h include/nunc-stans/nunc-stans.h

%if %{use_openldap}
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
# hack hack hack
NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss"
%if %{use_nunc_stans}
NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
%configure --enable-autobind  $OPENLDAP_FLAG $TMPFILES_FLAG \
           --with-systemdsystemunitdir=%{_unitdir} \
           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
           --with-systemdgroupname=%{groupname} $NSSARGS \
           --with-perldir=/usr/bin \
           --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \

# Generate symbolic info for debuggers


%if %{use_nunc_stans}
pushd ../nunc-stans-%{nunc_stans_ver}
rm -rf %{buildroot}%{_includedir} %{buildroot}%{_datadir} \


mkdir -p %{buildroot}%{_logdir}/%{pkgname}
mkdir -p %{buildroot}/var/lib/%{pkgname}
mkdir -p %{buildroot}/var/lock/%{pkgname}

# Cockpit directory and file list
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
echo "%{_datadir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml" >> cockpit.list

#remove libtool archives and static libs
find %{buildroot} -type f -name "*.la" -delete
find %{buildroot} -type f -name "*.a" -delete

# make sure perl scripts have a proper shebang
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl

# Add the dirsrv user and group accounts
%_pre_useradd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin
%_pre_groupadd %{pkgname} %{_localstatedir}/lib/%{pkgname} /sbin/nologin

# We need to do this because the BS doesn't accept the way Fedora (upstream) and others do it.
if [ $1 = 1 ] ; then
    mkdir -p %{_sysconfdir}/systemd/system/%{groupname}.wants
# reload to pick up any changes to systemd files
%{_bindir}/systemctl daemon-reload >/dev/null 2>&1 || :
# reload to pick up any shared lib changes

# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
if [ -n "$DEBUGPOSTTRANS" ] ; then
echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
    if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
    inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
    echo found instance $inst - getting status >> $output 2>&1 || :
    if %{_bindir}/systemctl -q is-active $inst ; then
       echo instance $inst is running >> $output 2>&1 || :
       instances="$instances $inst"
       echo instance $inst is not running >> $output 2>&1 || :
    ninst=`expr $ninst + 1`
if [ $ninst -eq 0 ] ; then
    echo no instances to upgrade >> $output 2>&1 || :
    exit 0 # have no instances to upgrade - just skip the rest
# shutdown all instances
echo shutting down all instances . . . >> $output 2>&1 || :
for inst in $instances ; do
echo stopping instance $inst >> $output 2>&1 || :
/bin/systemctl stop $inst >> $output 2>&1 || :
echo remove pid files . . . >> $output 2>&1 || :
%{_bindir}/rm -f /run/%{pkgname}*.pid /run/%{pkgname}*.startpid

# do the upgrade
echo upgrading instances . . . >> $output 2>&1 || :
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
%{_sbindir}/ -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
%{_sbindir}/ -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :

# restart instances that require it
for inst in $instances ; do
    echo restarting instance $inst >> $output 2>&1 || :
    %{_bindir}/systemctl start $inst >> $output 2>&1 || :

if [ $1 -eq 0 ]; then # Final removal
    # Package removal, not upgrade
    # remove instance specific service files/links
    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :

if [ $1 = 0 ]; then # Final removal
    rm -rf /run/%{pkgname}
%_postun_userdel %{pkgname}
%_postun_groupdel %{pkgname}

%preun snmp
%_preun_service %{pkgname}-snmp.service %{groupname}

%post snmp
%_post_service  %{pkgname}-snmp

%doc README.devel
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%dir %{_sysconfdir}/%{pkgname}/config
%dir %{_localstatedir}/lib/%{pkgname}
%dir %{_logdir}/%{pkgname}
%ghost %dir %{_localstatedir}/lock/%{pkgname}
%exclude %{_sbindir}/ldap-agent*
%exclude %{_mandir}/man1/ldap-agent.1.*

%files -n %{develname}
%doc README.devel
# It seems these files are always built regardless the global setting.
# %%if %%{use_nunc_stans}
# %%endif
%exclude %{_libdir}/pkgconfig/svrcore.pc

%files -n %{svrlibname}
%license src/svrcore/LICENSE
%doc src/svrcore/README

%files -n %{svrdevname}
%license src/svrcore/LICENSE
%doc src/svrcore/README

%files -n %{libname}
# %%if %%{use_nunc_stans}
# %%endif

%files snmp

%files -n cockpit-389-ds -f cockpit.list

