andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
7e63d6
7e63d6
%global pkgname   dirsrv
7e63d6
%global srcname   389-ds-base
7e63d6
7e63d6
# Exclude i686 bit arches
7e63d6
ExcludeArch: i686 
7e63d6
7e63d6
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
7e63d6
%global use_Socket6 0
7e63d6
7e63d6
%global use_asan 0
7e63d6
%global use_rust 1
7e63d6
%global bundle_jemalloc 1
7e63d6
%if %{use_asan}
7e63d6
%global bundle_jemalloc 0
7e63d6
%endif
7e63d6
7e63d6
%if %{bundle_jemalloc}
7e63d6
%global jemalloc_name jemalloc
b60530
%global jemalloc_ver 5.3.0
7e63d6
%global __provides_exclude ^libjemalloc\\.so.*$
7e63d6
%endif
7e63d6
7e63d6
# Use Clang instead of GCC
7e63d6
%global use_clang 0
7e63d6
7e63d6
# Build cockpit plugin
7e63d6
%global use_cockpit 0
7e63d6
7e63d6
# fedora 15 and later uses tmpfiles.d
7e63d6
# otherwise, comment this out
7e63d6
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
7e63d6
7e63d6
# systemd support
7e63d6
%global groupname %{pkgname}.target
7e63d6
7e63d6
# set PIE flag
7e63d6
%global _hardened_build 1
7e63d6
7e63d6
# Filter argparse-manpage from autogenerated package Requires
7e63d6
%global __requires_exclude ^python.*argparse-manpage
7e63d6
7e63d6
# Force to require nss version greater or equal as the version available at the build time
7e63d6
# See bz1986327
7e63d6
%define dirsrv_requires_ge()  %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
7e63d6
7e63d6
Summary:          389 Directory Server (base)
7e63d6
Name:             389-ds-base
4f630f
Version:          2.2.4
b60530
Release:          3%{?dist}
b60530
License:          GPLv3+ and (ASL 2.0 or MIT)
7e63d6
URL:              https://www.port389.org
7e63d6
Conflicts:        selinux-policy-base < 3.9.8
7e63d6
Conflicts:        freeipa-server < 4.0.3
7e63d6
Obsoletes:        %{name} <= 1.4.0.9
7e63d6
Obsoletes:        %{name}-legacy-tools < 1.4.4.6
7e63d6
Obsoletes:        %{name}-legacy-tools-debuginfo < 1.4.4.6
7e63d6
Provides:         ldif2ldbm >= 0
7e63d6
7e63d6
##### Bundled cargo crates list - START #####
858e64
Provides:  bundled(crate(ahash)) = 0.7.6
dd314a
Provides:  bundled(crate(ansi_term)) = 0.12.1
7e63d6
Provides:  bundled(crate(atty)) = 0.2.14
b60530
Provides:  bundled(crate(autocfg)) = 1.1.0
7e63d6
Provides:  bundled(crate(base64)) = 0.13.0
858e64
Provides:  bundled(crate(bitflags)) = 1.3.2
7e63d6
Provides:  bundled(crate(byteorder)) = 1.4.3
7e63d6
Provides:  bundled(crate(cbindgen)) = 0.9.1
b60530
Provides:  bundled(crate(cc)) = 1.0.73
7e63d6
Provides:  bundled(crate(cfg-if)) = 1.0.0
dd314a
Provides:  bundled(crate(clap)) = 2.34.0
dd314a
Provides:  bundled(crate(concread)) = 0.2.21
b60530
Provides:  bundled(crate(crossbeam)) = 0.8.2
b60530
Provides:  bundled(crate(crossbeam-channel)) = 0.5.6
b60530
Provides:  bundled(crate(crossbeam-deque)) = 0.8.2
b60530
Provides:  bundled(crate(crossbeam-epoch)) = 0.9.10
b60530
Provides:  bundled(crate(crossbeam-queue)) = 0.3.6
b60530
Provides:  bundled(crate(crossbeam-utils)) = 0.8.11
7e63d6
Provides:  bundled(crate(entryuuid)) = 0.1.0
7e63d6
Provides:  bundled(crate(entryuuid_syntax)) = 0.1.0
b60530
Provides:  bundled(crate(fastrand)) = 1.8.0
7e63d6
Provides:  bundled(crate(fernet)) = 0.1.4
7e63d6
Provides:  bundled(crate(foreign-types)) = 0.3.2
7e63d6
Provides:  bundled(crate(foreign-types-shared)) = 0.1.1
b60530
Provides:  bundled(crate(getrandom)) = 0.2.7
b60530
Provides:  bundled(crate(hashbrown)) = 0.12.3
858e64
Provides:  bundled(crate(hermit-abi)) = 0.1.19
858e64
Provides:  bundled(crate(instant)) = 0.1.12
b60530
Provides:  bundled(crate(itoa)) = 1.0.3
858e64
Provides:  bundled(crate(jobserver)) = 0.1.24
b60530
Provides:  bundled(crate(libc)) = 0.2.132
7e63d6
Provides:  bundled(crate(librnsslapd)) = 0.1.0
7e63d6
Provides:  bundled(crate(librslapd)) = 0.1.0
b60530
Provides:  bundled(crate(lock_api)) = 0.4.7
b60530
Provides:  bundled(crate(log)) = 0.4.17
b60530
Provides:  bundled(crate(lru)) = 0.7.8
dd314a
Provides:  bundled(crate(memoffset)) = 0.6.5
b60530
Provides:  bundled(crate(once_cell)) = 1.13.1
b60530
Provides:  bundled(crate(openssl)) = 0.10.41
b60530
Provides:  bundled(crate(openssl-macros)) = 0.1.0
b60530
Provides:  bundled(crate(openssl-sys)) = 0.9.75
858e64
Provides:  bundled(crate(parking_lot)) = 0.11.2
858e64
Provides:  bundled(crate(parking_lot_core)) = 0.8.5
7e63d6
Provides:  bundled(crate(paste)) = 0.1.18
7e63d6
Provides:  bundled(crate(paste-impl)) = 0.1.18
b60530
Provides:  bundled(crate(pin-project-lite)) = 0.2.9
b60530
Provides:  bundled(crate(pkg-config)) = 0.3.25
dd314a
Provides:  bundled(crate(ppv-lite86)) = 0.2.16
7e63d6
Provides:  bundled(crate(proc-macro-hack)) = 0.5.19
b60530
Provides:  bundled(crate(proc-macro2)) = 1.0.43
7e63d6
Provides:  bundled(crate(pwdchan)) = 0.1.0
b60530
Provides:  bundled(crate(quote)) = 1.0.21
b60530
Provides:  bundled(crate(rand)) = 0.8.5
858e64
Provides:  bundled(crate(rand_chacha)) = 0.3.1
858e64
Provides:  bundled(crate(rand_core)) = 0.6.3
b60530
Provides:  bundled(crate(redox_syscall)) = 0.2.16
7e63d6
Provides:  bundled(crate(remove_dir_all)) = 0.5.3
b60530
Provides:  bundled(crate(ryu)) = 1.0.11
7e63d6
Provides:  bundled(crate(scopeguard)) = 1.1.0
b60530
Provides:  bundled(crate(serde)) = 1.0.143
b60530
Provides:  bundled(crate(serde_derive)) = 1.0.143
b60530
Provides:  bundled(crate(serde_json)) = 1.0.83
7e63d6
Provides:  bundled(crate(slapd)) = 0.1.0
7e63d6
Provides:  bundled(crate(slapi_r_plugin)) = 0.1.0
b60530
Provides:  bundled(crate(smallvec)) = 1.9.0
7e63d6
Provides:  bundled(crate(strsim)) = 0.8.0
b60530
Provides:  bundled(crate(syn)) = 1.0.99
858e64
Provides:  bundled(crate(synstructure)) = 0.12.6
dd314a
Provides:  bundled(crate(tempfile)) = 3.3.0
7e63d6
Provides:  bundled(crate(textwrap)) = 0.11.0
b60530
Provides:  bundled(crate(tokio)) = 1.20.1
b60530
Provides:  bundled(crate(tokio-macros)) = 1.8.0
b60530
Provides:  bundled(crate(toml)) = 0.5.9
b60530
Provides:  bundled(crate(unicode-ident)) = 1.0.3
858e64
Provides:  bundled(crate(unicode-width)) = 0.1.9
b60530
Provides:  bundled(crate(unicode-xid)) = 0.2.3
7e63d6
Provides:  bundled(crate(uuid)) = 0.8.2
858e64
Provides:  bundled(crate(vcpkg)) = 0.2.15
7e63d6
Provides:  bundled(crate(vec_map)) = 0.8.2
dd314a
Provides:  bundled(crate(version_check)) = 0.9.4
b60530
Provides:  bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1
7e63d6
Provides:  bundled(crate(winapi)) = 0.3.9
7e63d6
Provides:  bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
7e63d6
Provides:  bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
b60530
Provides:  bundled(crate(zeroize)) = 1.5.7
b60530
Provides:  bundled(crate(zeroize_derive)) = 1.3.2
7e63d6
##### Bundled cargo crates list - END #####
7e63d6
b60530
BuildRequires:    nspr-devel >= 4.32
b60530
BuildRequires:    nss-devel >= 3.67.0-7
b60530
7e63d6
BuildRequires:    openldap-devel
b60530
BuildRequires:    lmdb-devel
7e63d6
BuildRequires:    libdb-devel
7e63d6
BuildRequires:    cyrus-sasl-devel
7e63d6
BuildRequires:    icu
7e63d6
BuildRequires:    libicu-devel
7e63d6
BuildRequires:    pcre-devel
7e63d6
BuildRequires:    cracklib-devel
4f630f
BuildRequires:    json-c-devel
7e63d6
%if %{use_clang}
7e63d6
BuildRequires:    libatomic
7e63d6
BuildRequires:    clang
7e63d6
%else
7e63d6
BuildRequires:    gcc
7e63d6
BuildRequires:    gcc-c++
7e63d6
%endif
7e63d6
# The following are needed to build the snmp ldap-agent
7e63d6
BuildRequires:    net-snmp-devel
7e63d6
BuildRequires:    lm_sensors-devel
7e63d6
BuildRequires:    bzip2-devel
7e63d6
BuildRequires:    zlib-devel
7e63d6
BuildRequires:    openssl-devel
7e63d6
# the following is for the pam passthru auth plug-in
7e63d6
BuildRequires:    pam-devel
7e63d6
BuildRequires:    systemd-units
7e63d6
BuildRequires:    systemd-devel
7e63d6
%if %{use_asan}
7e63d6
BuildRequires:    libasan
7e63d6
%endif
7e63d6
# If rust is enabled
7e63d6
%if %{use_rust}
7e63d6
BuildRequires: cargo
7e63d6
BuildRequires: rust
7e63d6
%endif
7e63d6
BuildRequires:    pkgconfig
7e63d6
BuildRequires:    pkgconfig(systemd)
7e63d6
BuildRequires:    pkgconfig(krb5)
7e63d6
7e63d6
# Needed to support regeneration of the autotool artifacts.
7e63d6
BuildRequires:    autoconf
7e63d6
BuildRequires:    automake
7e63d6
BuildRequires:    libtool
7e63d6
# For our documentation
7e63d6
BuildRequires:    doxygen
7e63d6
# For tests!
7e63d6
BuildRequires:    libcmocka-devel
7e63d6
BuildRequires:    libevent-devel
7e63d6
# For lib389 and related components
7e63d6
BuildRequires:    python%{python3_pkgversion}-devel
7e63d6
BuildRequires:    python%{python3_pkgversion}-setuptools
7e63d6
BuildRequires:    python%{python3_pkgversion}-ldap
7e63d6
BuildRequires:    python%{python3_pkgversion}-six
7e63d6
BuildRequires:    python%{python3_pkgversion}-pyasn1
7e63d6
BuildRequires:    python%{python3_pkgversion}-pyasn1-modules
7e63d6
BuildRequires:    python%{python3_pkgversion}-dateutil
7e63d6
BuildRequires:    python%{python3_pkgversion}-argcomplete
7e63d6
BuildRequires:    python%{python3_pkgversion}-argparse-manpage
7e63d6
BuildRequires:    python%{python3_pkgversion}-libselinux
7e63d6
BuildRequires:    python%{python3_pkgversion}-policycoreutils
7e63d6
7e63d6
# For cockpit
7e63d6
%if %{use_cockpit}
7e63d6
BuildRequires:    rsync
7e63d6
%endif
7e63d6
7e63d6
Requires:         %{name}-libs = %{version}-%{release}
7e63d6
Requires:         python%{python3_pkgversion}-lib389 = %{version}-%{release}
b60530
Requires:         lmdb-libs
7e63d6
7e63d6
# this is needed for using semanage from our setup scripts
7e63d6
Requires:         policycoreutils-python-utils
7e63d6
Requires:         /usr/sbin/semanage
7e63d6
Requires:         libsemanage-python%{python3_pkgversion}
7e63d6
Requires:         selinux-policy >= 3.14.1-29
7e63d6
7e63d6
# the following are needed for some of our scripts
7e63d6
Requires:         openldap-clients
7e63d6
Requires:         /usr/bin/c_rehash
7e63d6
Requires:         python%{python3_pkgversion}-ldap
b60530
Requires:         acl
4f630f
Requires:         zlib
4f630f
Requires:         json-c
7e63d6
7e63d6
# this is needed to setup SSL if you are not using the
7e63d6
# administration server package
b60530
Requires:         nspr >= 4.32
b60530
Requires:         nss >= 3.67.0-7
7e63d6
Requires:         nss-tools
7e63d6
%dirsrv_requires_ge nss
7e63d6
7e63d6
# these are not found by the auto-dependency method
7e63d6
# they are required to support the mandatory LDAP SASL mechs
7e63d6
Requires:         cyrus-sasl-gssapi
7e63d6
Requires:         cyrus-sasl-md5
7e63d6
Requires:         cyrus-sasl-plain
7e63d6
7e63d6
# this is needed for verify-db.pl
7e63d6
Requires:         libdb-utils
7e63d6
7e63d6
# Needed for password dictionary checks
7e63d6
Requires:         cracklib-dicts
7e63d6
7e63d6
# Needed by logconv.pl
7e63d6
Requires:         perl-DB_File
7e63d6
Requires:         perl-Archive-Tar
7e63d6
Requires:         perl-debugger
7e63d6
Requires:         perl-sigtrap
7e63d6
7e63d6
# Picks up our systemd deps.
7e63d6
%{?systemd_requires}
7e63d6
7e63d6
Obsoletes:        %{name} <= 1.3.5.4
7e63d6
7e63d6
Source0:          https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2
7e63d6
# 389-ds-git.sh should be used to generate the source tarball from git
7e63d6
Source1:          %{name}-git.sh
7e63d6
Source2:          %{name}-devel.README
7e63d6
%if %{bundle_jemalloc}
7e63d6
Source3:          https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
7e63d6
%endif
4f630f
Patch01:          0001-Issue-3729-cont-RFE-Extend-log-of-operations-statist.patch
4f630f
Patch02:          0002-Issue-5544-Increase-default-task-TTL.patch
4f630f
Patch03:          0003-Issue-5413-Allow-mutliple-MemberOf-fixup-tasks-with-.patch
b60530
858e64
7e63d6
%description
7e63d6
389 Directory Server is an LDAPv3 compliant server.  The base package includes
7e63d6
the LDAP server and command line utilities for server administration.
7e63d6
%if %{use_asan}
7e63d6
WARNING! This build is linked to Address Sanitisation libraries. This probably
7e63d6
isn't what you want. Please contact support immediately.
7e63d6
Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
7e63d6
%endif
7e63d6
7e63d6
%package          libs
7e63d6
Summary:          Core libraries for 389 Directory Server
b60530
BuildRequires:    nspr >= 4.32
b60530
BuildRequires:    nss >= 3.67.0-7
7e63d6
BuildRequires:    openldap-devel
7e63d6
BuildRequires:    libdb-devel
7e63d6
BuildRequires:    cyrus-sasl-devel
7e63d6
BuildRequires:    libicu-devel
7e63d6
BuildRequires:    pcre-devel
7e63d6
BuildRequires:    libtalloc-devel
7e63d6
BuildRequires:    libevent-devel
7e63d6
BuildRequires:    libtevent-devel
7e63d6
Requires:         krb5-libs
7e63d6
Requires:         libevent
7e63d6
BuildRequires:    systemd-devel
7e63d6
BuildRequires:    make
7e63d6
Provides:         svrcore = 4.1.4
7e63d6
Conflicts:        svrcore
7e63d6
Obsoletes:        svrcore <= 4.1.3
7e63d6
7e63d6
%description      libs
7e63d6
Core libraries for the 389 Directory Server base package.  These libraries
7e63d6
are used by the main package and the -devel package.  This allows the -devel
7e63d6
package to be installed with just the -libs package and without the main package.
7e63d6
7e63d6
%package          devel
7e63d6
Summary:          Development libraries for 389 Directory Server
7e63d6
Requires:         %{name}-libs = %{version}-%{release}
7e63d6
Requires:         pkgconfig
7e63d6
Requires:         nspr-devel
7e63d6
Requires:         nss-devel >= 3.34
7e63d6
Requires:         openldap-devel
7e63d6
Requires:         libtalloc
7e63d6
Requires:         libevent
7e63d6
Requires:         libtevent
7e63d6
Requires:         systemd-libs
7e63d6
Provides:         svrcore-devel = 4.1.4
7e63d6
Conflicts:        svrcore-devel
7e63d6
Obsoletes:        svrcore-devel <= 4.1.3
7e63d6
7e63d6
%description      devel
7e63d6
Development Libraries and headers for the 389 Directory Server base package.
7e63d6
7e63d6
%package          snmp
7e63d6
Summary:          SNMP Agent for 389 Directory Server
7e63d6
Requires:         %{name} = %{version}-%{release}
7e63d6
7e63d6
Obsoletes:        %{name} <= 1.4.0.0
7e63d6
7e63d6
%description      snmp
7e63d6
SNMP Agent for the 389 Directory Server base package.
7e63d6
7e63d6
%package -n python%{python3_pkgversion}-lib389
7e63d6
Summary:  A library for accessing, testing, and configuring the 389 Directory Server
7e63d6
BuildArch:        noarch
7e63d6
Requires: openssl
7e63d6
Requires: iproute
b60530
Requires: 389-ds-base
7e63d6
Recommends: bash-completion
7e63d6
Requires: python%{python3_pkgversion}
7e63d6
Requires: python%{python3_pkgversion}-distro
7e63d6
Requires: python%{python3_pkgversion}-ldap
7e63d6
Requires: python%{python3_pkgversion}-six
7e63d6
Requires: python%{python3_pkgversion}-pyasn1
7e63d6
Requires: python%{python3_pkgversion}-pyasn1-modules
7e63d6
Requires: python%{python3_pkgversion}-dateutil
7e63d6
Requires: python%{python3_pkgversion}-argcomplete
7e63d6
Requires: python%{python3_pkgversion}-libselinux
7e63d6
Requires: python%{python3_pkgversion}-setuptools
7e63d6
%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
7e63d6
7e63d6
%description -n python%{python3_pkgversion}-lib389
7e63d6
This module contains tools and libraries for accessing, testing,
7e63d6
 and configuring the 389 Directory Server.
7e63d6
7e63d6
%if %{use_cockpit}
7e63d6
%package -n cockpit-389-ds
7e63d6
Summary:          Cockpit UI Plugin for configuring and administering the 389 Directory Server
7e63d6
BuildArch:        noarch
7e63d6
Requires:         cockpit
7e63d6
Requires:         389-ds-base
7e63d6
Requires:         python%{python3_pkgversion}
7e63d6
Requires:         python%{python3_pkgversion}-lib389
7e63d6
7e63d6
%description -n cockpit-389-ds
7e63d6
A cockpit UI Plugin for configuring and administering the 389 Directory Server
7e63d6
%endif
7e63d6
7e63d6
%prep
7e63d6
7e63d6
%autosetup -p1 -v -n %{name}-%{version}
7e63d6
%if %{bundle_jemalloc}
7e63d6
%setup -q -n %{name}-%{version} -T -D -b 3
7e63d6
%endif
7e63d6
7e63d6
cp %{SOURCE2} README.devel
7e63d6
7e63d6
# The configure macro will modify some autoconf-related files, which upsets
7e63d6
# cargo when it tries to verify checksums in those files.  If we just truncate
7e63d6
# that file list, cargo won't have anything to complain about.
7e63d6
find vendor -name .cargo-checksum.json \
7e63d6
  -exec sed -i.uncheck -e 's/"files":{[^}]*}/"files":{ }/' '{}' '+'
7e63d6
7e63d6
%build
7e63d6
7e63d6
OPENLDAP_FLAG="--with-openldap"
7e63d6
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
7e63d6
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
7e63d6
NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
7e63d6
7e63d6
%if %{use_asan}
7e63d6
ASAN_FLAGS="--enable-asan --enable-debug"
7e63d6
%endif
7e63d6
7e63d6
%if %{use_rust}
7e63d6
RUST_FLAGS="--enable-rust --enable-rust-offline"
7e63d6
%endif
7e63d6
7e63d6
%if !%{use_cockpit}
7e63d6
COCKPIT_FLAGS="--disable-cockpit"
7e63d6
%endif 
7e63d6
7e63d6
%if %{use_clang}
7e63d6
export CC=clang
7e63d6
export CXX=clang++
7e63d6
CLANG_FLAGS="--enable-clang"
7e63d6
%endif
7e63d6
7e63d6
%if %{bundle_jemalloc}
7e63d6
# Override page size, bz #1545539
7e63d6
# 4K
7e63d6
%ifarch %ix86 %arm x86_64 s390x
7e63d6
%define lg_page --with-lg-page=12
7e63d6
%endif
7e63d6
7e63d6
# 64K
7e63d6
%ifarch ppc64 ppc64le aarch64
7e63d6
%define lg_page --with-lg-page=16
7e63d6
%endif
7e63d6
7e63d6
# Override huge page size on aarch64
7e63d6
# 2M instead of 512M
7e63d6
%ifarch aarch64
7e63d6
%define lg_hugepage --with-lg-hugepage=21
7e63d6
%endif
7e63d6
7e63d6
# Build jemalloc
7e63d6
pushd ../%{jemalloc_name}-%{jemalloc_ver}
7e63d6
%configure \
7e63d6
        --libdir=%{_libdir}/%{pkgname}/lib \
7e63d6
        --bindir=%{_libdir}/%{pkgname}/bin \
7e63d6
        --enable-prof
7e63d6
make %{?_smp_mflags}
7e63d6
popd
7e63d6
%endif
7e63d6
7e63d6
# Enforce strict linking
7e63d6
%define _ld_strict_symbol_defs 1
7e63d6
7e63d6
# Rebuild the autotool artifacts now.
7e63d6
autoreconf -fiv
7e63d6
7e63d6
%configure --enable-autobind --with-selinux $TMPFILES_FLAG \
7e63d6
           --with-systemd \
7e63d6
           --with-systemdsystemunitdir=%{_unitdir} \
7e63d6
           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
7e63d6
           --with-systemdgroupname=%{groupname}  \
7e63d6
           --libexecdir=%{_libexecdir}/%{pkgname} \
7e63d6
           $NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \
b60530
           --enable-cmocka --enable-new-dtags --with-libldap-r=no
7e63d6
7e63d6
7e63d6
# lib389
7e63d6
pushd ./src/lib389
7e63d6
%py3_build
7e63d6
popd
7e63d6
# argparse-manpage dynamic man pages have hardcoded man v1 in header,
7e63d6
# need to change it to v8
7e63d6
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsconf.8
7e63d6
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsctl.8
7e63d6
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsidm.8
7e63d6
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dscreate.8
7e63d6
7e63d6
# Generate symbolic info for debuggers
7e63d6
export XCFLAGS=$RPM_OPT_FLAGS
7e63d6
7e63d6
#make %{?_smp_mflags}
7e63d6
make
7e63d6
7e63d6
%install
7e63d6
7e63d6
mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
7e63d6
%if %{use_cockpit}
7e63d6
mkdir -p %{buildroot}%{_datadir}/cockpit
7e63d6
%endif
7e63d6
make DESTDIR="$RPM_BUILD_ROOT" install
7e63d6
7e63d6
%if %{use_cockpit}
7e63d6
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
7e63d6
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
7e63d6
%endif
7e63d6
7e63d6
# Copy in our docs from doxygen.
7e63d6
cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
7e63d6
7e63d6
# lib389
7e63d6
pushd src/lib389
7e63d6
%py3_install
7e63d6
popd
7e63d6
7e63d6
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
7e63d6
mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
7e63d6
mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}
7e63d6
7e63d6
# for systemd
7e63d6
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
7e63d6
7e63d6
# remove libtool archives and static libs
7e63d6
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a
7e63d6
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la
7e63d6
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a
7e63d6
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la
7e63d6
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a
7e63d6
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la
7e63d6
7e63d6
%if %{bundle_jemalloc}
7e63d6
pushd ../%{jemalloc_name}-%{jemalloc_ver}
7e63d6
make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
7e63d6
cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc
7e63d6
cp -pa README ../%{name}-%{version}/README.jemalloc
7e63d6
popd
7e63d6
%endif
7e63d6
7e63d6
%check
7e63d6
# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
7e63d6
if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
7e63d6
7e63d6
%post
7e63d6
if [ -n "$DEBUGPOSTTRANS" ] ; then
7e63d6
    output=$DEBUGPOSTTRANS
7e63d6
    output2=${DEBUGPOSTTRANS}.upgrade
7e63d6
else
7e63d6
    output=/dev/null
7e63d6
    output2=/dev/null
7e63d6
fi
7e63d6
# reload to pick up any changes to systemd files
7e63d6
/bin/systemctl daemon-reload >$output 2>&1 || :
7e63d6
7e63d6
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
7e63d6
# Soft static allocation for UID and GID
7e63d6
USERNAME="dirsrv"
7e63d6
ALLOCATED_UID=389
7e63d6
GROUPNAME="dirsrv"
7e63d6
ALLOCATED_GID=389
7e63d6
HOMEDIR="/usr/share/dirsrv"
7e63d6
7e63d6
getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME
7e63d6
if ! getent passwd $USERNAME >/dev/null ; then
7e63d6
    if ! getent passwd $ALLOCATED_UID >/dev/null ; then
7e63d6
      /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
7e63d6
    else
7e63d6
      /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
7e63d6
    fi
7e63d6
fi
7e63d6
7e63d6
# Reload our sysctl before we restart (if we can)
7e63d6
sysctl --system &> $output; true
7e63d6
7e63d6
# Gather the running instances so we can restart them
7e63d6
instbase="%{_sysconfdir}/%{pkgname}"
7e63d6
ninst=0
7e63d6
for dir in $instbase/slapd-* ; do
7e63d6
    echo dir = $dir >> $output 2>&1 || :
7e63d6
    if [ ! -d "$dir" ] ; then continue ; fi
7e63d6
    case "$dir" in *.removed) continue ;; esac
7e63d6
    basename=`basename $dir`
7e63d6
    inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
7e63d6
    echo found instance $inst - getting status  >> $output 2>&1 || :
7e63d6
    if /bin/systemctl -q is-active $inst ; then
7e63d6
       echo instance $inst is running >> $output 2>&1 || :
7e63d6
       instances="$instances $inst"
7e63d6
    else
7e63d6
       echo instance $inst is not running >> $output 2>&1 || :
7e63d6
    fi
7e63d6
    ninst=`expr $ninst + 1`
7e63d6
done
7e63d6
if [ $ninst -eq 0 ] ; then
7e63d6
    echo no instances to upgrade >> $output 2>&1 || :
7e63d6
    exit 0 # have no instances to upgrade - just skip the rest
7e63d6
else
7e63d6
    # restart running instances
7e63d6
    echo shutting down all instances . . . >> $output 2>&1 || :
7e63d6
    for inst in $instances ; do
7e63d6
        echo stopping instance $inst >> $output 2>&1 || :
7e63d6
        /bin/systemctl stop $inst >> $output 2>&1 || :
7e63d6
    done
7e63d6
    for inst in $instances ; do
7e63d6
        echo starting instance $inst >> $output 2>&1 || :
7e63d6
        /bin/systemctl start $inst >> $output 2>&1 || :
7e63d6
    done
7e63d6
fi
7e63d6
7e63d6
7e63d6
%preun
7e63d6
if [ $1 -eq 0 ]; then # Final removal
7e63d6
    # remove instance specific service files/links
7e63d6
    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
7e63d6
fi
7e63d6
7e63d6
%postun
7e63d6
if [ $1 = 0 ]; then # Final removal
7e63d6
    rm -rf /var/run/%{pkgname}
7e63d6
fi
7e63d6
7e63d6
%post snmp
7e63d6
%systemd_post %{pkgname}-snmp.service
7e63d6
7e63d6
%preun snmp
7e63d6
%systemd_preun %{pkgname}-snmp.service %{groupname}
7e63d6
7e63d6
%postun snmp
7e63d6
%systemd_postun_with_restart %{pkgname}-snmp.service
7e63d6
7e63d6
exit 0
7e63d6
7e63d6
%files
7e63d6
%if %{bundle_jemalloc}
7e63d6
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
7e63d6
%license COPYING.jemalloc
7e63d6
%else
7e63d6
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
7e63d6
%endif
7e63d6
%dir %{_sysconfdir}/%{pkgname}
7e63d6
%dir %{_sysconfdir}/%{pkgname}/schema
7e63d6
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
7e63d6
%dir %{_sysconfdir}/%{pkgname}/config
7e63d6
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
7e63d6
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
7e63d6
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
7e63d6
%{_datadir}/%{pkgname}
7e63d6
%{_datadir}/gdb/auto-load/*
7e63d6
%{_unitdir}
7e63d6
%{_bindir}/dbscan
7e63d6
%{_mandir}/man1/dbscan.1.gz
7e63d6
%{_bindir}/ds-replcheck
7e63d6
%{_mandir}/man1/ds-replcheck.1.gz
7e63d6
%{_bindir}/ds-logpipe.py
7e63d6
%{_mandir}/man1/ds-logpipe.py.1.gz
7e63d6
%{_bindir}/ldclt
7e63d6
%{_mandir}/man1/ldclt.1.gz
7e63d6
%{_bindir}/logconv.pl
7e63d6
%{_mandir}/man1/logconv.pl.1.gz
7e63d6
%{_bindir}/pwdhash
7e63d6
%{_mandir}/man1/pwdhash.1.gz
7e63d6
#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
7e63d6
%{_sbindir}/ns-slapd
7e63d6
%{_mandir}/man8/ns-slapd.8.gz
7e63d6
%{_sbindir}/openldap_to_ds
7e63d6
%{_mandir}/man8/openldap_to_ds.8.gz
7e63d6
%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
dd314a
%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
7e63d6
%{_mandir}/man5/99user.ldif.5.gz
7e63d6
%{_mandir}/man5/certmap.conf.5.gz
7e63d6
%{_mandir}/man5/slapd-collations.conf.5.gz
7e63d6
%{_mandir}/man5/dirsrv.5.gz
7e63d6
%{_mandir}/man5/dirsrv.systemd.5.gz
7e63d6
%{_libdir}/%{pkgname}/python
7e63d6
%dir %{_libdir}/%{pkgname}/plugins
7e63d6
%{_libdir}/%{pkgname}/plugins/*.so
7e63d6
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
7e63d6
# sysctl.d is always in /lib.
7e63d6
%{_prefix}/lib/sysctl.d/*
7e63d6
%dir %{_localstatedir}/lib/%{pkgname}
7e63d6
%dir %{_localstatedir}/log/%{pkgname}
7e63d6
%ghost %dir %{_localstatedir}/lock/%{pkgname}
7e63d6
%exclude %{_sbindir}/ldap-agent*
7e63d6
%exclude %{_mandir}/man1/ldap-agent.1.gz
7e63d6
%exclude %{_unitdir}/%{pkgname}-snmp.service
7e63d6
%if %{bundle_jemalloc}
7e63d6
%{_libdir}/%{pkgname}/lib/
7e63d6
%{_libdir}/%{pkgname}/bin/
7e63d6
%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
7e63d6
%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
7e63d6
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
7e63d6
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
7e63d6
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
7e63d6
%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
7e63d6
%endif
7e63d6
7e63d6
%files devel
7e63d6
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
7e63d6
%{_mandir}/man3/*
7e63d6
%{_includedir}/svrcore.h
7e63d6
%{_includedir}/%{pkgname}
7e63d6
%{_libdir}/libsvrcore.so
7e63d6
%{_libdir}/%{pkgname}/libslapd.so
7e63d6
%{_libdir}/%{pkgname}/libns-dshttpd.so
7e63d6
%{_libdir}/%{pkgname}/libldaputil.so
7e63d6
%{_libdir}/pkgconfig/svrcore.pc
7e63d6
%{_libdir}/pkgconfig/dirsrv.pc
7e63d6
7e63d6
%files libs
7e63d6
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
7e63d6
%dir %{_libdir}/%{pkgname}
7e63d6
%{_libdir}/libsvrcore.so.*
7e63d6
%{_libdir}/%{pkgname}/libslapd.so.*
7e63d6
%{_libdir}/%{pkgname}/libns-dshttpd.so.*
7e63d6
%{_libdir}/%{pkgname}/libldaputil.so.*
7e63d6
%{_libdir}/%{pkgname}/librewriters.so*
7e63d6
%if %{bundle_jemalloc}
7e63d6
%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
7e63d6
%endif
7e63d6
7e63d6
%files snmp
7e63d6
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
7e63d6
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
7e63d6
%{_sbindir}/ldap-agent*
7e63d6
%{_mandir}/man1/ldap-agent.1.gz
7e63d6
%{_unitdir}/%{pkgname}-snmp.service
7e63d6
7e63d6
%files -n python%{python3_pkgversion}-lib389
7e63d6
%doc LICENSE LICENSE.GPLv3+
7e63d6
%{python3_sitelib}/lib389*
7e63d6
%{_sbindir}/dsconf
7e63d6
%{_mandir}/man8/dsconf.8.gz
7e63d6
%{_sbindir}/dscreate
7e63d6
%{_mandir}/man8/dscreate.8.gz
7e63d6
%{_sbindir}/dsctl
7e63d6
%{_mandir}/man8/dsctl.8.gz
7e63d6
%{_sbindir}/dsidm
7e63d6
%{_mandir}/man8/dsidm.8.gz
7e63d6
%{_libexecdir}/%{pkgname}/dscontainer
7e63d6
7e63d6
%if %{use_cockpit}
7e63d6
%files -n cockpit-389-ds -f cockpit.list
7e63d6
%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
7e63d6
%doc README.md
7e63d6
%endif
7e63d6
7e63d6
%changelog
4f630f
* Tue Dec 13 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.4-3
4f630f
- Bump version to 2.2.4-3
4f630f
- Resolves: rhbz#2142636 - pam mutex lock causing high etimes, affecting red hat internal sso
4f630f
- Resolves: rhbz#2093981 - RFE - Create Security Audit Log
4f630f
- Resolves: rhbz#2132697 - [RFE] 389ds: run as non-root
4f630f
- Resolves: rhbz#2124660 - Retro changelog trimming uses maxage incorrectly
4f630f
- Resolves: rhbz#2114039 - Current pbkdf2 hardcoded parameters are no longer secure
4f630f
- Resolves: rhbz#2112998 - performance search rate: checking if an entry is a referral is expensive
4f630f
- Resolves: rhbz#2112361 - Supplier should do periodic update to avoid slow replication when a new direct update happen
4f630f
- Resolves: rhbz#2109891 - Migrate 389 to pcre2
4f630f
4f630f
4f630f
* Mon Dec 12 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.4-2
4f630f
- Bump version to 2.2.4-2
4f630f
- Resolves: Bug 1859271 - RFE - Extend log of operations statistics in access log
4f630f
- Resolves: Bug 2093981 - RFE - Create Security Audit Log
4f630f
- Resolves: Bug 2109891 - Migrate 389 to pcre2
4f630f
- Resolves: Bug 2112361 - Supplier should do periodic update to avoid slow replication when a new direct update happen
4f630f
- Resolves: Bug 2112998 - performance search rate: checking if an entry is a referral is expensive
4f630f
- Resolves: Bug 2114039 - Current pbkdf2 hardcoded parameters are no longer secure
4f630f
- Resolves: Bug 2124660 - Retro changelog trimming uses maxage incorrectly
4f630f
- Resolves: Bug 2132697 - RFE - run as non-root
4f630f
- Resolves: Bug 2142636 - pam mutex lock causing high etimes, affecting red hat internal sso
4f630f
4f630f
* Fri Nov 11 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.4-1
4f630f
- Bump version to 2.2.4-1
4f630f
- Resolves:  Bug 1132524 - [RFE] Compression of log files
7e63d6