zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone
b682e9
b682e9
%global pkgname   dirsrv
b682e9
%global srcname   389-ds-base
b682e9
b682e9
# Exclude i686 bit arches
b682e9
ExcludeArch: i686
b682e9
b682e9
# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
b682e9
# also remove the space between % and global - this space is needed because
b682e9
# fedpkg verrel stupidly ignores comment lines
b682e9
#% global prerel .rc3
b682e9
# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
b682e9
#% global relprefix 0.
b682e9
b682e9
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
b682e9
%global use_Socket6 0
b682e9
b682e9
%global use_asan 0
b682e9
%global use_rust 0
8394b4
%global use_legacy 1
b682e9
%global bundle_jemalloc 1
b682e9
%if %{use_asan}
b682e9
%global bundle_jemalloc 0
b682e9
%endif
b682e9
b682e9
%if %{bundle_jemalloc}
b682e9
%global jemalloc_name jemalloc
8394b4
%global jemalloc_ver 5.2.1
b682e9
%global __provides_exclude ^libjemalloc\\.so.*$
b682e9
%endif
b682e9
b682e9
# Use Clang instead of GCC
b682e9
%global use_clang 0
b682e9
b682e9
# fedora 15 and later uses tmpfiles.d
b682e9
# otherwise, comment this out
b682e9
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
b682e9
b682e9
# systemd support
b682e9
%global groupname %{pkgname}.target
b682e9
b682e9
# set PIE flag
b682e9
%global _hardened_build 1
b682e9
b682e9
Summary:          389 Directory Server (base)
b682e9
Name:             389-ds-base
d69b2b
Version:          1.4.3.8
ef1f48
Release:          %{?relprefix}7%{?prerel}%{?dist}
b682e9
License:          GPLv3+
b682e9
URL:              https://www.port389.org
b682e9
Group:            System Environment/Daemons
b682e9
Conflicts:        selinux-policy-base < 3.9.8
b682e9
Conflicts:        freeipa-server < 4.0.3
b682e9
Obsoletes:        %{name} <= 1.4.0.9
b682e9
Provides:         ldif2ldbm >= 0
b682e9
b682e9
BuildRequires:    nspr-devel
b682e9
BuildRequires:    nss-devel >= 3.34
b682e9
BuildRequires:    perl-generators
b682e9
BuildRequires:    openldap-devel
b682e9
BuildRequires:    libdb-devel
b682e9
BuildRequires:    cyrus-sasl-devel
b682e9
BuildRequires:    icu
b682e9
BuildRequires:    libicu-devel
b682e9
BuildRequires:    pcre-devel
b682e9
BuildRequires:    cracklib-devel
b682e9
%if %{use_clang}
b682e9
BuildRequires:    libatomic
b682e9
BuildRequires:    clang
b682e9
%else
b682e9
BuildRequires:    gcc
b682e9
BuildRequires:    gcc-c++
b682e9
%endif
b682e9
# The following are needed to build the snmp ldap-agent
b682e9
BuildRequires:    net-snmp-devel
b682e9
BuildRequires:    lm_sensors-devel
b682e9
BuildRequires:    bzip2-devel
b682e9
BuildRequires:    zlib-devel
b682e9
BuildRequires:    openssl-devel
b682e9
# the following is for the pam passthru auth plug-in
b682e9
BuildRequires:    pam-devel
b682e9
BuildRequires:    systemd-units
b682e9
BuildRequires:    systemd-devel
b682e9
%if %{use_asan}
b682e9
BuildRequires:    libasan
b682e9
%endif
b682e9
# If rust is enabled
b682e9
%if %{use_rust}
b682e9
BuildRequires: cargo
b682e9
BuildRequires: rust
b682e9
%endif
b682e9
BuildRequires:    pkgconfig
b682e9
BuildRequires:    pkgconfig(systemd)
232633
BuildRequires:    pkgconfig(krb5)
b682e9
b682e9
# Needed to support regeneration of the autotool artifacts.
b682e9
BuildRequires:    autoconf
b682e9
BuildRequires:    automake
b682e9
BuildRequires:    libtool
b682e9
# For our documentation
b682e9
BuildRequires:    doxygen
b682e9
# For tests!
b682e9
BuildRequires:    libcmocka-devel
b682e9
BuildRequires:    libevent-devel
b682e9
# For lib389 and related components
b682e9
BuildRequires:    python%{python3_pkgversion}
b682e9
BuildRequires:    python%{python3_pkgversion}-devel
b682e9
BuildRequires:    python%{python3_pkgversion}-setuptools
b682e9
BuildRequires:    python%{python3_pkgversion}-ldap
b682e9
BuildRequires:    python%{python3_pkgversion}-six
b682e9
BuildRequires:    python%{python3_pkgversion}-pyasn1
b682e9
BuildRequires:    python%{python3_pkgversion}-pyasn1-modules
b682e9
BuildRequires:    python%{python3_pkgversion}-dateutil
b682e9
BuildRequires:    python%{python3_pkgversion}-argcomplete
b682e9
BuildRequires:    python%{python3_pkgversion}-argparse-manpage
b682e9
BuildRequires:    python%{python3_pkgversion}-policycoreutils
b682e9
BuildRequires:    python%{python3_pkgversion}-libselinux
b682e9
b682e9
# For cockpit
b682e9
BuildRequires:    rsync
b682e9
b682e9
Requires:         %{name}-libs = %{version}-%{release}
b682e9
Requires:         python%{python3_pkgversion}-lib389 = %{version}-%{release}
b682e9
b682e9
# this is needed for using semanage from our setup scripts
b682e9
Requires:         policycoreutils-python-utils
b682e9
Requires:         /usr/sbin/semanage
b682e9
Requires:         libsemanage-python%{python3_pkgversion}
b682e9
b682e9
Requires:         selinux-policy >= 3.14.1-29
b682e9
b682e9
# the following are needed for some of our scripts
b682e9
Requires:         openldap-clients
b682e9
Requires:         openssl-perl
b682e9
Requires:         python%{python3_pkgversion}-ldap
b682e9
b682e9
# this is needed to setup SSL if you are not using the
b682e9
# administration server package
b682e9
Requires:         nss-tools
b682e9
Requires:         nss >= 3.34
b682e9
b682e9
# these are not found by the auto-dependency method
b682e9
# they are required to support the mandatory LDAP SASL mechs
b682e9
Requires:         cyrus-sasl-gssapi
b682e9
Requires:         cyrus-sasl-md5
b682e9
Requires:         cyrus-sasl-plain
b682e9
b682e9
# this is needed for verify-db.pl
b682e9
Requires:         libdb-utils
b682e9
8394b4
# Needed for password dictionary checks
8394b4
Requires:         cracklib-dicts
8394b4
b682e9
# This picks up libperl.so as a Requires, so we add this versioned one
b682e9
Requires:         perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
b682e9
Requires:         perl-Errno >= 1.23-360
b682e9
b682e9
# Needed by logconv.pl
b682e9
Requires:         perl-DB_File
b682e9
Requires:         perl-Archive-Tar
b682e9
232633
# Needed for password dictionary checks
232633
Requires:         cracklib-dicts
232633
b682e9
# Picks up our systemd deps.
b682e9
%{?systemd_requires}
b682e9
b682e9
Obsoletes:        %{name} <= 1.3.5.4
b682e9
232633
Source0:          https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2
b682e9
# 389-ds-git.sh should be used to generate the source tarball from git
b682e9
Source1:          %{name}-git.sh
b682e9
Source2:          %{name}-devel.README
b682e9
%if %{bundle_jemalloc}
b682e9
Source3:          https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
b682e9
%endif
d69b2b
Patch01:          0001-Issue-51076-prevent-unnecessarily-duplication-of-the.patch
d69b2b
Patch02:          0002-Ticket-51082-abort-when-a-empty-valueset-is-freed.patch
d69b2b
Patch03:          0003-Issue-51091-healthcheck-json-report-fails-when-mappi.patch
d69b2b
Patch04:          0004-Issue-51076-remove-unnecessary-slapi-entry-dups.patch
d69b2b
Patch05:          0005-Issue-51086-Improve-dscreate-instance-name-validatio.patch
d69b2b
Patch06:          0006-Issue-51102-RFE-ds-replcheck-make-online-timeout-con.patch
d69b2b
Patch07:          0007-Issue-51110-Fix-ASAN-ODR-warnings.patch
d69b2b
Patch08:          0008-Issue-51095-abort-operation-if-CSN-can-not-be-genera.patch
d69b2b
Patch09:          0009-Issue-51113-Allow-using-uid-for-replication-manager-.patch
d69b2b
Patch10:          0010-Issue-50931-RFE-AD-filter-rewriter-for-ObjectCategor.patch
d69b2b
Patch11:          0011-Issue-50746-Add-option-to-healthcheck-to-list-all-th.patch
d69b2b
Patch12:          0012-Issue-50984-Memory-leaks-in-disk-monitoring.patch
d69b2b
Patch13:          0013-Issue-50984-Memory-leaks-in-disk-monitoring.patch
d69b2b
Patch14:          0014-Issue-50201-nsIndexIDListScanLimit-accepts-any-value.patch
d69b2b
Patch15:          0015-Issue-51157-Reindex-task-may-create-abandoned-index-.patch
d69b2b
Patch16:          0016-Issue-51165-add-new-access-log-keywords-for-wtime-an.patch
d69b2b
Patch17:          0017-Issue-50912-pwdReset-can-be-modified-by-a-user.patch
d69b2b
Patch18:          0018-Issue-50791-Healthcheck-should-look-for-notes-A-F-in.patch
d69b2b
Patch19:          0019-Issue-51144-dsctl-fails-with-instance-names-that-con.patch
d69b2b
Patch20:          0020-Ticket-49859-A-distinguished-value-can-be-missing-in.patch
d69b2b
Patch21:          0021-Issue-49256-log-warning-when-thread-number-is-very-d.patch
d69b2b
Patch22:          0022-Issue-51188-db2ldif-crashes-when-LDIF-file-can-t-be-.patch
d69b2b
Patch23:          0023-Issue-51086-Fix-instance-name-length-for-interactive.patch
d69b2b
Patch24:          0024-Issue-51129-SSL-alert-The-value-of-sslVersionMax-TLS.patch
d69b2b
Patch25:          0025-Issue-50984-Memory-leaks-in-disk-monitoring.patch
5d2be4
Patch26:          0026-Issue-4297-On-ADD-replication-URP-issue-internal-sea.patch
5d2be4
Patch27:          0027-Issue-4297-2nd-fix-for-on-ADD-replication-URP-issue-.patch
5d2be4
Patch28:          0028-Issue-51233-ds-replcheck-crashes-in-offline-mode.patch
5d2be4
Patch29:          0029-Issue-4429-NULL-dereference-in-revert_cache.patch
5d2be4
Patch30:          0030-ticket-2058-Add-keep-alive-entry-after-on-line-initi.patch
5d2be4
Patch31:          0031-do-not-add-referrals-for-masters-with-different-data.patch
5d2be4
Patch32:          0032-Issue-4383-Do-not-normalize-escaped-spaces-in-a-DN.patch
5d2be4
Patch33:          0033-Issue-49300-entryUSN-is-duplicated-after-memberOf-op.patch
ef1f48
Patch34:          0034-Issue-4480-Unexpected-info-returned-to-ldap-request-.patch
ef1f48
Patch35:          0035-Issue-5442-Search-results-are-different-between-RHDS.patch
ef1f48
Patch36:          0036-Issue-4581-A-failed-re-indexing-leaves-the-database-.patch
ef1f48
Patch37:          0037-Issue-4609-CVE-info-disclosure-when-authenticating.patch
ef1f48
Patch38:          0038-Issue-4460-BUG-lib389-should-use-system-tls-policy.patch
ef1f48
Patch39:          0039-Issue-4460-BUG-add-machine-name-to-subject-alt-names.patch
b682e9
b682e9
%description
b682e9
389 Directory Server is an LDAPv3 compliant server.  The base package includes
b682e9
the LDAP server and command line utilities for server administration.
b682e9
%if %{use_asan}
b682e9
WARNING! This build is linked to Address Sanitisation libraries. This probably
b682e9
isn't what you want. Please contact support immediately.
b682e9
Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
b682e9
%endif
b682e9
b682e9
%package          libs
b682e9
Summary:          Core libraries for 389 Directory Server
b682e9
Group:            System Environment/Daemons
b682e9
BuildRequires:    nspr-devel
b682e9
BuildRequires:    nss-devel >= 3.34
b682e9
BuildRequires:    openldap-devel
b682e9
BuildRequires:    libdb-devel
b682e9
BuildRequires:    cyrus-sasl-devel
b682e9
BuildRequires:    libicu-devel
b682e9
BuildRequires:    pcre-devel
b682e9
BuildRequires:    libtalloc-devel
b682e9
BuildRequires:    libevent-devel
b682e9
BuildRequires:    libtevent-devel
b682e9
Requires:         krb5-libs
b682e9
Requires:         libevent
b682e9
BuildRequires:    systemd-devel
b682e9
Provides:         svrcore = 4.1.4
b682e9
Conflicts:        svrcore
b682e9
Obsoletes:        svrcore <= 4.1.3
b682e9
b682e9
%description      libs
b682e9
Core libraries for the 389 Directory Server base package.  These libraries
b682e9
are used by the main package and the -devel package.  This allows the -devel
b682e9
package to be installed with just the -libs package and without the main package.
b682e9
8394b4
%if %{use_legacy}
b682e9
%package          legacy-tools
8394b4
Summary:          Legacy utilities for 389 Directory Server
b682e9
Group:            System Environment/Daemons
b682e9
Obsoletes:        %{name} <= 1.4.0.9
232633
Requires:         %{name}-libs = %{version}-%{release}
b682e9
# for setup-ds.pl to support ipv6
b682e9
%if %{use_Socket6}
b682e9
Requires:         perl-Socket6
b682e9
%else
b682e9
Requires:         perl-Socket
b682e9
%endif
b682e9
Requires:         perl-NetAddr-IP
b682e9
# use_openldap assumes perl-Mozilla-LDAP is built with openldap support
b682e9
Requires:         perl-Mozilla-LDAP
b682e9
# for setup-ds.pl
b682e9
Requires:         bind-utils
8394b4
%global __provides_exclude_from %{_libdir}/%{pkgname}/perl
8394b4
%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog)
b682e9
%{?perl_default_filter}
b682e9
b682e9
%description      legacy-tools
b682e9
Legacy (and deprecated) utilities for 389 Directory Server. This includes
b682e9
the old account management and task scripts. These are deprecated in favour of
b682e9
the dscreate, dsctl, dsconf and dsidm tools.
8394b4
%endif
b682e9
b682e9
%package          devel
b682e9
Summary:          Development libraries for 389 Directory Server
b682e9
Group:            Development/Libraries
b682e9
Requires:         %{name}-libs = %{version}-%{release}
b682e9
Requires:         pkgconfig
b682e9
Requires:         nspr-devel
b682e9
Requires:         nss-devel >= 3.34
b682e9
Requires:         openldap-devel
b682e9
Requires:         libtalloc
b682e9
Requires:         libevent
b682e9
Requires:         libtevent
b682e9
Requires:         systemd-libs
b682e9
Provides:         svrcore-devel = 4.1.4
b682e9
Conflicts:        svrcore-devel
b682e9
Obsoletes:        svrcore-devel <= 4.1.3
b682e9
b682e9
%description      devel
b682e9
Development Libraries and headers for the 389 Directory Server base package.
b682e9
b682e9
%package          snmp
b682e9
Summary:          SNMP Agent for 389 Directory Server
b682e9
Group:            System Environment/Daemons
b682e9
Requires:         %{name} = %{version}-%{release}
b682e9
b682e9
Obsoletes:        %{name} <= 1.4.0.0
b682e9
b682e9
%description      snmp
b682e9
SNMP Agent for the 389 Directory Server base package.
b682e9
b682e9
%package -n python%{python3_pkgversion}-lib389
b682e9
Summary:  A library for accessing, testing, and configuring the 389 Directory Server
b682e9
BuildArch:        noarch
b682e9
Group:            Development/Libraries
b682e9
Requires: openssl
b682e9
Requires: iproute
318adb
Requires: platform-python
ea1d1b
Recommends: bash-completion
b682e9
Requires: python%{python3_pkgversion}-ldap
b682e9
Requires: python%{python3_pkgversion}-six
b682e9
Requires: python%{python3_pkgversion}-pyasn1
b682e9
Requires: python%{python3_pkgversion}-pyasn1-modules
b682e9
Requires: python%{python3_pkgversion}-dateutil
b682e9
Requires: python%{python3_pkgversion}-argcomplete
b682e9
Requires: python%{python3_pkgversion}-libselinux
8394b4
Requires: python%{python3_pkgversion}-setuptools
8394b4
Requires: python%{python3_pkgversion}-distro
b682e9
%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
b682e9
b682e9
%description -n python%{python3_pkgversion}-lib389
b682e9
This module contains tools and libraries for accessing, testing,
b682e9
 and configuring the 389 Directory Server.
b682e9
b682e9
%package -n cockpit-389-ds
b682e9
Summary:          Cockpit UI Plugin for configuring and administering the 389 Directory Server
b682e9
BuildArch:        noarch
b682e9
Requires:         cockpit
b682e9
Requires:         platform-python
b682e9
Requires:         python%{python3_pkgversion}-lib389
b682e9
b682e9
%description -n cockpit-389-ds
b682e9
A cockpit UI Plugin for configuring and administering the 389 Directory Server
b682e9
b682e9
%prep
232633
%autosetup -p1 -v -n %{name}-%{version}%{?prerel}
b682e9
%if %{bundle_jemalloc}
232633
%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
b682e9
%endif
b682e9
cp %{SOURCE2} README.devel
b682e9
b682e9
%build
b682e9
b682e9
OPENLDAP_FLAG="--with-openldap"
b682e9
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
b682e9
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
b682e9
NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
b682e9
b682e9
%if %{use_asan}
b682e9
ASAN_FLAGS="--enable-asan --enable-debug"
b682e9
%endif
b682e9
b682e9
%if %{use_rust}
b682e9
RUST_FLAGS="--enable-rust"
b682e9
%endif
b682e9
8394b4
%if %{use_legacy}
8394b4
LEGACY_FLAGS="--enable-legacy --enable-perl"
232633
%else
8394b4
LEGACY_FLAGS="--disable-legacy --disable-perl"
b682e9
%endif
b682e9
b682e9
%if %{use_clang}
b682e9
export CC=clang
b682e9
export CXX=clang++
b682e9
CLANG_FLAGS="--enable-clang"
b682e9
%endif
b682e9
b682e9
%if %{bundle_jemalloc}
d69b2b
# Override page size, bz #1545539
d69b2b
# 4K
d69b2b
%ifarch %ix86 %arm x86_64 s390x
d69b2b
%define lg_page --with-lg-page=12
d69b2b
%endif
d69b2b
d69b2b
# 64K
d69b2b
%ifarch ppc64 ppc64le aarch64
d69b2b
%define lg_page --with-lg-page=16
d69b2b
%endif
d69b2b
d69b2b
# Override huge page size on aarch64
d69b2b
# 2M instead of 512M
d69b2b
%ifarch aarch64
d69b2b
%define lg_hugepage --with-lg-hugepage=21
d69b2b
%endif
d69b2b
b682e9
# Build jemalloc
b682e9
pushd ../%{jemalloc_name}-%{jemalloc_ver}
b682e9
%configure \
b682e9
        --libdir=%{_libdir}/%{pkgname}/lib \
d69b2b
        --bindir=%{_libdir}/%{pkgname}/bin \
d69b2b
        --enable-prof
d69b2b
make %{?_smp_mflags}        
b682e9
popd
b682e9
%endif
b682e9
d69b2b
b682e9
# Enforce strict linking
b682e9
%define _strict_symbol_defs_build 1
b682e9
b682e9
# Rebuild the autotool artifacts now.
b682e9
autoreconf -fiv
b682e9
b682e9
%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
b682e9
           --with-systemd \
b682e9
           --with-systemdsystemunitdir=%{_unitdir} \
b682e9
           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
b682e9
           --with-systemdgroupname=%{groupname}  \
b682e9
           --libexecdir=%{_libexecdir}/%{pkgname} \
8394b4
           $NSSARGS $ASAN_FLAGS $RUST_FLAGS $LEGACY_FLAGS $CLANG_FLAGS \
b682e9
           --enable-cmocka 
b682e9
b682e9
# lib389
b682e9
pushd ./src/lib389
b682e9
%py3_build
b682e9
popd
b682e9
# argparse-manpage dynamic man pages have hardcoded man v1 in header,
b682e9
# need to change it to v8
232633
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8
232633
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8
232633
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8
232633
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8
b682e9
b682e9
# Generate symbolic info for debuggers
b682e9
export XCFLAGS=$RPM_OPT_FLAGS
b682e9
b682e9
#make %{?_smp_mflags}
b682e9
make
b682e9
b682e9
%install
b682e9
b682e9
mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
b682e9
mkdir -p %{buildroot}%{_datadir}/cockpit
b682e9
make DESTDIR="$RPM_BUILD_ROOT" install
b682e9
8394b4
# Cockpit file list
b682e9
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
b682e9
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
b682e9
b682e9
# Copy in our docs from doxygen.
232633
cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
b682e9
b682e9
# lib389
b682e9
pushd src/lib389
b682e9
%py3_install
b682e9
popd
b682e9
b682e9
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
b682e9
mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
d69b2b
mkdir -p $RPM_BUILD_ROOT/var/3lock/%{pkgname}
b682e9
b682e9
# for systemd
b682e9
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
b682e9
b682e9
#remove libtool archives and static libs
b682e9
find %{buildroot} -type f -name "*.la" -delete
b682e9
find %{buildroot} -type f -name "*.a" -delete
b682e9
8394b4
%if %{use_legacy}
b682e9
# make sure perl scripts have a proper shebang
b682e9
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl
b682e9
%endif
b682e9
b682e9
%if %{bundle_jemalloc}
b682e9
pushd ../%{jemalloc_name}-%{jemalloc_ver}
b682e9
make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
232633
cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc
232633
cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc
b682e9
popd
b682e9
%endif
b682e9
b682e9
%check
b682e9
# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
b682e9
if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
b682e9
b682e9
%clean
b682e9
rm -rf $RPM_BUILD_ROOT
b682e9
b682e9
%post
b682e9
if [ -n "$DEBUGPOSTTRANS" ] ; then
b682e9
    output=$DEBUGPOSTTRANS
b682e9
    output2=${DEBUGPOSTTRANS}.upgrade
b682e9
else
b682e9
    output=/dev/null
b682e9
    output2=/dev/null
b682e9
fi
b682e9
b682e9
# reload to pick up any changes to systemd files
b682e9
/bin/systemctl daemon-reload >$output 2>&1 || :
b682e9
b682e9
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
b682e9
# Soft static allocation for UID and GID
b682e9
USERNAME="dirsrv"
b682e9
ALLOCATED_UID=389
b682e9
GROUPNAME="dirsrv"
b682e9
ALLOCATED_GID=389
b682e9
HOMEDIR="/usr/share/dirsrv"
b682e9
b682e9
getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME
b682e9
if ! getent passwd $USERNAME >/dev/null ; then
b682e9
    if ! getent passwd $ALLOCATED_UID >/dev/null ; then
b682e9
      /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
b682e9
    else
b682e9
      /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
b682e9
    fi
b682e9
fi
b682e9
b682e9
# Reload our sysctl before we restart (if we can)
b682e9
sysctl --system &> $output; true
b682e9
b682e9
%preun
b682e9
if [ $1 -eq 0 ]; then # Final removal
b682e9
    # remove instance specific service files/links
b682e9
    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
b682e9
fi
b682e9
b682e9
%postun
b682e9
if [ $1 = 0 ]; then # Final removal
b682e9
    rm -rf /var/run/%{pkgname}
b682e9
fi
b682e9
b682e9
%post snmp
b682e9
%systemd_post %{pkgname}-snmp.service
b682e9
b682e9
%preun snmp
b682e9
%systemd_preun %{pkgname}-snmp.service %{groupname}
b682e9
b682e9
%postun snmp
b682e9
%systemd_postun_with_restart %{pkgname}-snmp.service
b682e9
8394b4
%if %{use_legacy}
b682e9
%post legacy-tools
b682e9
b682e9
# START UPGRADE SCRIPT
b682e9
b682e9
if [ -n "$DEBUGPOSTTRANS" ] ; then
b682e9
    output=$DEBUGPOSTTRANS
b682e9
    output2=${DEBUGPOSTTRANS}.upgrade
b682e9
else
b682e9
    output=/dev/null
b682e9
    output2=/dev/null
b682e9
fi
b682e9
b682e9
# find all instances
b682e9
instances="" # instances that require a restart after upgrade
b682e9
ninst=0 # number of instances found in total
b682e9
b682e9
echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
b682e9
instbase="%{_sysconfdir}/%{pkgname}"
b682e9
for dir in $instbase/slapd-* ; do
b682e9
    echo dir = $dir >> $output 2>&1 || :
b682e9
    if [ ! -d "$dir" ] ; then continue ; fi
b682e9
    case "$dir" in *.removed) continue ;; esac
b682e9
    basename=`basename $dir`
b682e9
    inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
b682e9
    echo found instance $inst - getting status  >> $output 2>&1 || :
b682e9
    if /bin/systemctl -q is-active $inst ; then
b682e9
       echo instance $inst is running >> $output 2>&1 || :
b682e9
       instances="$instances $inst"
b682e9
    else
b682e9
       echo instance $inst is not running >> $output 2>&1 || :
b682e9
    fi
b682e9
    ninst=`expr $ninst + 1`
b682e9
done
b682e9
if [ $ninst -eq 0 ] ; then
b682e9
    echo no instances to upgrade >> $output 2>&1 || :
b682e9
    exit 0 # have no instances to upgrade - just skip the rest
b682e9
fi
b682e9
# shutdown all instances
b682e9
echo shutting down all instances . . . >> $output 2>&1 || :
b682e9
for inst in $instances ; do
b682e9
    echo stopping instance $inst >> $output 2>&1 || :
b682e9
    /bin/systemctl stop $inst >> $output 2>&1 || :
b682e9
done
b682e9
echo remove pid files . . . >> $output 2>&1 || :
b682e9
/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid
b682e9
# do the upgrade
b682e9
echo upgrading instances . . . >> $output 2>&1 || :
b682e9
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
b682e9
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
b682e9
    %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
b682e9
else
b682e9
    %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || :
b682e9
fi
b682e9
b682e9
# restart instances that require it
b682e9
for inst in $instances ; do
b682e9
    echo restarting instance $inst >> $output 2>&1 || :
b682e9
    /bin/systemctl start $inst >> $output 2>&1 || :
b682e9
done
b682e9
#END UPGRADE
b682e9
%endif
b682e9
b682e9
exit 0
b682e9
b682e9
b682e9
%files
b682e9
%if %{bundle_jemalloc}
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
b682e9
%license COPYING.jemalloc
b682e9
%else
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
b682e9
%endif
b682e9
%dir %{_sysconfdir}/%{pkgname}
b682e9
%dir %{_sysconfdir}/%{pkgname}/schema
b682e9
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
b682e9
%dir %{_sysconfdir}/%{pkgname}/config
b682e9
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
b682e9
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
b682e9
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
b682e9
%{_datadir}/%{pkgname}
b682e9
%{_datadir}/gdb/auto-load/*
b682e9
%{_unitdir}
b682e9
%{_bindir}/dbscan
b682e9
%{_mandir}/man1/dbscan.1.gz
b682e9
%{_bindir}/ds-replcheck
b682e9
%{_mandir}/man1/ds-replcheck.1.gz
b682e9
%{_bindir}/ds-logpipe.py
b682e9
%{_mandir}/man1/ds-logpipe.py.1.gz
b682e9
%{_bindir}/ldclt
b682e9
%{_mandir}/man1/ldclt.1.gz
b682e9
%{_sbindir}/ldif2ldap
b682e9
%{_mandir}/man8/ldif2ldap.8.gz
b682e9
%{_bindir}/logconv.pl
b682e9
%{_mandir}/man1/logconv.pl.1.gz
b682e9
%{_bindir}/pwdhash
b682e9
%{_mandir}/man1/pwdhash.1.gz
b682e9
%{_bindir}/readnsstate
b682e9
%{_mandir}/man1/readnsstate.1.gz
b682e9
# Remove for now: %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
b682e9
%{_sbindir}/ns-slapd
b682e9
%{_mandir}/man8/ns-slapd.8.gz
b682e9
%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
b682e9
%{_mandir}/man5/99user.ldif.5.gz
b682e9
%{_mandir}/man5/certmap.conf.5.gz
b682e9
%{_mandir}/man5/slapd-collations.conf.5.gz
b682e9
%{_mandir}/man5/dirsrv.5.gz
b682e9
%{_mandir}/man5/dirsrv.systemd.5.gz
b682e9
%{_libdir}/%{pkgname}/python
b682e9
%dir %{_libdir}/%{pkgname}/plugins
b682e9
%{_libdir}/%{pkgname}/plugins/*.so
b682e9
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
b682e9
# sysctl.d is always in /lib.
b682e9
%{_prefix}/lib/sysctl.d/*
b682e9
%dir %{_localstatedir}/lib/%{pkgname}
b682e9
%dir %{_localstatedir}/log/%{pkgname}
b682e9
%ghost %dir %{_localstatedir}/lock/%{pkgname}
b682e9
%exclude %{_sbindir}/ldap-agent*
b682e9
%exclude %{_mandir}/man1/ldap-agent.1.gz
b682e9
%exclude %{_unitdir}/%{pkgname}-snmp.service
b682e9
%if %{bundle_jemalloc}
b682e9
%{_libdir}/%{pkgname}/lib/
b682e9
%{_libdir}/%{pkgname}/bin/
b682e9
%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
b682e9
%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
b682e9
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
b682e9
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
b682e9
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
b682e9
%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
b682e9
%endif
b682e9
b682e9
%files devel
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
b682e9
%{_mandir}/man3/*
b682e9
%{_includedir}/svrcore.h
b682e9
%{_includedir}/%{pkgname}
b682e9
%{_libdir}/libsvrcore.so
b682e9
%{_libdir}/%{pkgname}/libslapd.so
b682e9
%{_libdir}/%{pkgname}/libns-dshttpd.so
b682e9
%{_libdir}/%{pkgname}/libsds.so
b682e9
%{_libdir}/%{pkgname}/libldaputil.so
b682e9
%{_libdir}/pkgconfig/svrcore.pc
b682e9
%{_libdir}/pkgconfig/dirsrv.pc
b682e9
%{_libdir}/pkgconfig/libsds.pc
b682e9
b682e9
%files libs
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
b682e9
%dir %{_libdir}/%{pkgname}
b682e9
%{_libdir}/libsvrcore.so.*
b682e9
%{_libdir}/%{pkgname}/libslapd.so.*
b682e9
%{_libdir}/%{pkgname}/libns-dshttpd-*.so
b682e9
%{_libdir}/%{pkgname}/libsds.so.*
b682e9
%{_libdir}/%{pkgname}/libldaputil.so.*
d69b2b
%{_libdir}/%{pkgname}/librewriters.so*
b682e9
%if %{bundle_jemalloc}
b682e9
%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
b682e9
%endif
b682e9
%if %{use_rust}
b682e9
%{_libdir}/%{pkgname}/librsds.so
b682e9
%endif
b682e9
8394b4
%if %{use_legacy}
b682e9
%files legacy-tools
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
b682e9
%{_bindir}/infadd
b682e9
%{_mandir}/man1/infadd.1.gz
b682e9
%{_bindir}/ldif
b682e9
%{_mandir}/man1/ldif.1.gz
b682e9
%{_bindir}/migratecred
b682e9
%{_mandir}/man1/migratecred.1.gz
b682e9
%{_bindir}/mmldif
b682e9
%{_mandir}/man1/mmldif.1.gz
b682e9
%{_bindir}/rsearch
b682e9
%{_mandir}/man1/rsearch.1.gz
8394b4
%{_libexecdir}/%{pkgname}/ds_selinux_enabled
8394b4
%{_libexecdir}/%{pkgname}/ds_selinux_port_query
8394b4
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
8394b4
%{_mandir}/man5/template-initconfig.5.gz
8394b4
%{_datadir}/%{pkgname}/properties/*.res
8394b4
%{_datadir}/%{pkgname}/script-templates
8394b4
%{_datadir}/%{pkgname}/updates
8394b4
%{_sbindir}/ldif2ldap
8394b4
%{_mandir}/man8/ldif2ldap.8.gz
8394b4
%{_sbindir}/bak2db
8394b4
%{_mandir}/man8/bak2db.8.gz
8394b4
%{_sbindir}/db2bak
8394b4
%{_mandir}/man8/db2bak.8.gz
8394b4
%{_sbindir}/db2index
8394b4
%{_mandir}/man8/db2index.8.gz
8394b4
%{_sbindir}/db2ldif
8394b4
%{_mandir}/man8/db2ldif.8.gz
8394b4
%{_sbindir}/dbverify
8394b4
%{_mandir}/man8/dbverify.8.gz
8394b4
%{_sbindir}/ldif2db
8394b4
%{_mandir}/man8/ldif2db.8.gz
8394b4
%{_sbindir}/restart-dirsrv
8394b4
%{_mandir}/man8/restart-dirsrv.8.gz
8394b4
%{_sbindir}/start-dirsrv
8394b4
%{_mandir}/man8/start-dirsrv.8.gz
8394b4
%{_sbindir}/status-dirsrv
8394b4
%{_mandir}/man8/status-dirsrv.8.gz
8394b4
%{_sbindir}/stop-dirsrv
8394b4
%{_mandir}/man8/stop-dirsrv.8.gz
8394b4
%{_sbindir}/upgradedb
8394b4
%{_mandir}/man8/upgradedb.8.gz
8394b4
%{_sbindir}/vlvindex
8394b4
%{_mandir}/man8/vlvindex.8.gz
b682e9
%{_sbindir}/monitor
b682e9
%{_mandir}/man8/monitor.8.gz
b682e9
%{_sbindir}/dbmon.sh
b682e9
%{_mandir}/man8/dbmon.sh.8.gz
b682e9
%{_sbindir}/dn2rdn
b682e9
%{_mandir}/man8/dn2rdn.8.gz
b682e9
%{_sbindir}/restoreconfig
b682e9
%{_mandir}/man8/restoreconfig.8.gz
b682e9
%{_sbindir}/saveconfig
b682e9
%{_mandir}/man8/saveconfig.8.gz
b682e9
%{_sbindir}/suffix2instance
b682e9
%{_mandir}/man8/suffix2instance.8.gz
b682e9
%{_sbindir}/upgradednformat
b682e9
%{_mandir}/man8/upgradednformat.8.gz
b682e9
%{_mandir}/man1/dbgen.pl.1.gz
b682e9
%{_bindir}/repl-monitor
b682e9
%{_mandir}/man1/repl-monitor.1.gz
b682e9
%{_bindir}/repl-monitor.pl
b682e9
%{_mandir}/man1/repl-monitor.pl.1.gz
b682e9
%{_bindir}/cl-dump
b682e9
%{_mandir}/man1/cl-dump.1.gz
b682e9
%{_bindir}/cl-dump.pl
b682e9
%{_mandir}/man1/cl-dump.pl.1.gz
b682e9
%{_bindir}/dbgen.pl
b682e9
%{_mandir}/man8/bak2db.pl.8.gz
b682e9
%{_sbindir}/bak2db.pl
b682e9
%{_sbindir}/cleanallruv.pl
b682e9
%{_mandir}/man8/cleanallruv.pl.8.gz
b682e9
%{_sbindir}/db2bak.pl
b682e9
%{_mandir}/man8/db2bak.pl.8.gz
b682e9
%{_sbindir}/db2index.pl
b682e9
%{_mandir}/man8/db2index.pl.8.gz
b682e9
%{_sbindir}/db2ldif.pl
b682e9
%{_mandir}/man8/db2ldif.pl.8.gz
b682e9
%{_sbindir}/fixup-linkedattrs.pl
b682e9
%{_mandir}/man8/fixup-linkedattrs.pl.8.gz
b682e9
%{_sbindir}/fixup-memberof.pl
b682e9
%{_mandir}/man8/fixup-memberof.pl.8.gz
b682e9
%{_sbindir}/ldif2db.pl
b682e9
%{_mandir}/man8/ldif2db.pl.8.gz
b682e9
%{_sbindir}/migrate-ds.pl
b682e9
%{_mandir}/man8/migrate-ds.pl.8.gz
b682e9
%{_sbindir}/ns-accountstatus.pl
b682e9
%{_mandir}/man8/ns-accountstatus.pl.8.gz
b682e9
%{_sbindir}/ns-activate.pl
b682e9
%{_mandir}/man8/ns-activate.pl.8.gz
b682e9
%{_sbindir}/ns-inactivate.pl
b682e9
%{_mandir}/man8/ns-inactivate.pl.8.gz
b682e9
%{_sbindir}/ns-newpwpolicy.pl
b682e9
%{_mandir}/man8/ns-newpwpolicy.pl.8.gz
b682e9
%{_sbindir}/remove-ds.pl
b682e9
%{_mandir}/man8/remove-ds.pl.8.gz
b682e9
%{_sbindir}/schema-reload.pl
b682e9
%{_mandir}/man8/schema-reload.pl.8.gz
b682e9
%{_sbindir}/setup-ds.pl
b682e9
%{_mandir}/man8/setup-ds.pl.8.gz
b682e9
%{_sbindir}/syntax-validate.pl
b682e9
%{_mandir}/man8/syntax-validate.pl.8.gz
b682e9
%{_sbindir}/usn-tombstone-cleanup.pl
b682e9
%{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz
b682e9
%{_sbindir}/verify-db.pl
b682e9
%{_mandir}/man8/verify-db.pl.8.gz
b682e9
%{_libdir}/%{pkgname}/perl
b682e9
%endif
b682e9
b682e9
%files snmp
b682e9
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
b682e9
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
b682e9
%{_sbindir}/ldap-agent*
b682e9
%{_mandir}/man1/ldap-agent.1.gz
b682e9
%{_unitdir}/%{pkgname}-snmp.service
b682e9
b682e9
%files -n python%{python3_pkgversion}-lib389
b682e9
%doc LICENSE LICENSE.GPLv3+
b682e9
%{python3_sitelib}/lib389*
b682e9
%{_sbindir}/dsconf
b682e9
%{_mandir}/man8/dsconf.8.gz
b682e9
%{_sbindir}/dscreate
b682e9
%{_mandir}/man8/dscreate.8.gz
b682e9
%{_sbindir}/dsctl
b682e9
%{_mandir}/man8/dsctl.8.gz
b682e9
%{_sbindir}/dsidm
b682e9
%{_mandir}/man8/dsidm.8.gz
8394b4
%{_libexecdir}/%{pkgname}/dscontainer
b682e9
b682e9
%files -n cockpit-389-ds -f cockpit.list
232633
%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
b682e9
%doc README.md
b682e9
b682e9
%changelog
ef1f48
* Thu Mar 11 2021 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.8-7
ef1f48
- Bump version to 1.4.3.8-7
ef1f48
- Resolves: Bug 1908705 - CVE-2020-35518 389-ds:1.4/389-ds-base: information disclosure during the binding of a DN
ef1f48
- Resolves: Bug 1936461 - A failed re-indexing leaves the database in broken state.
ef1f48
- Resolves: Bug 1912481 - Server-Cert.crt created using dscreate has Subject:CN =localhost instead of hostname. 
ef1f48
5d2be4
* Thu Dec 3 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.8-6
5d2be4
- Bump version to 1.4.3.8-6
ef1f48
- Resolves: Bug 1904348 - Duplicate entryUSN numbers for different LDAP entries in the same backend
ef1f48
- Resolves: Bug 1904349 - group rdn with leading space char and add fails error 21 invalid syntax and delete fails error 32
ef1f48
- Resolves: Bug 1904350 - do not add referrals for masters with different data generation
ef1f48
- Resolves: Bug 1904351 - create keep alive entry after on line init
ef1f48
- Resolves: Bug 1904352 - NULL dereference in revert_cache()
ef1f48
- Resolves: Bug 1904353 - ds-replcheck crashes in offline mode
ef1f48
- Resolves: Bug 1904347 - Entries conflict not resolved by replication
5d2be4
d69b2b
* Wed Aug 5 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.8-5
d69b2b
- Bump version to 1.4.3.8-5
d69b2b
- Resolves: Bug 1841086 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version
d69b2b
- Resolves: Bug 1800529 - Memory leaks in disk monitoring
d69b2b
- Resolves: Bug 1748227 - Instance name length is not enforced
d69b2b
- Resolves: Bug 1849418 - python3-lib389 pulls unnecessary bash-completion package
d69b2b
d69b2b
* Fri Jun 26 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.8-4
d69b2b
- Bump version to 1.4.3.8-4
d69b2b
- Resolves: Bug 1806978 - ns-slapd crashes during db2ldif
d69b2b
- Resolves: Bug 1450863 - Log warning when tuning of nsslapd-threadnumber above or below the optimal value
d69b2b
- Resolves: Bug 1647017 - A distinguished value of a single valued attribute can be missing in an entry
d69b2b
- Resolves: Bug 1806573 - Dsctl healthcheck doesn't work when using instance name with 'slapd-'
d69b2b
- Resolves: Bug 1807773 - dsctl healthcheck : typo in DSREPLLE0002 Lint error suggested resolution commands
d69b2b
- Resolves: Bug 1843567 - Healthcheck to find notes=F
d69b2b
- Resolves: Bug 1845094 - User/Directory Manager can modify Password Policy attribute "pwdReset"
d69b2b
- Resolves: Bug 1850275 - Add new access log keywords for time spent in work queue and actual operation time
d69b2b
- Resolves: Bug 1442386 - Recreating an index while changing case will create an indexfile with the old name (different case) and after restart the indexfile is abandoned
d69b2b
- Resolves: Bug 1672574 - nsIndexIDListScanLimit accepts any value
d69b2b
- Resolves: Bug 1800529 - Memory leaks in disk monitoring
d69b2b
d69b2b
* Fri Jun 5 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.8-3
d69b2b
- Bump version to 1.4.3.8-3
d69b2b
- Resolves: Bug 1835619 - Healthcheck with --json option reports "Object of type 'bytes' is not JSON serializable" when mapping tree is deleted 
d69b2b
- Resolves: Bug 1836428 - Directory Server ds-replcheck RFE to add a timeout command-line arg/value to wait longer when connecting to a replica server
d69b2b
- Resolves: Bug 1843090 - abort when a empty valueset is freed
d69b2b
- Resolves: Bug 1843156 - Prevent unnecessarily duplication of the target entry
d69b2b
- Resolves: Bug 1843157 - Check for clock errors and time skew
d69b2b
- Resolves: Bug 1843159 - RFE AD filter rewriter for ObjectCategory
d69b2b
- Resolves: Bug 1843162 - Creating Replication Manager fails if uid=repman is used
d69b2b
- Resolves: Bug 1816851 - Add option to healthcheck to list all the lint reports
d69b2b
- Resolves: Bug 1748227 - Instance name length is not enforced
d69b2b
- Resolves: Bug 1748244 - dscreate doesn't sanitize instance name
d69b2b
d69b2b
* Mon May 11 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.8-2
d69b2b
- Bump version to 1.4.3.8-2
d69b2b
- Resolves: Bug 1833350 - Remove cockpit dependancies that are breaking builds
d69b2b
d69b2b
* Mon May 11 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.8-1
d69b2b
- Bump version to 1.4.3.8-1
d69b2b
- Resolves: Bug 1833350 - Rebase 389-ds-base for RHEL 8.3
d69b2b
- Resolves: Bug 1728943 - [RFE] Advance options in RHDS Disk Monitoring Framework
d69b2b
- Resolves: Bug 1775285 - [RFE] Implement the Password Policy attribute "pwdReset"
d69b2b
- Resolves: Bug 1638875 - [RFE] extract key/certs pem file into a private namespace
d69b2b
- Resolves: Bug 1758478 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev
d69b2b
- Resolves: Bug 1795943 - Port dbmon.sh from legacy tools package
d69b2b
- Resolves: Bug 1798394 - Port dbgen from legacy tools package
d69b2b
- Resolves: Bug 1800529 - Memory leaks in disk monitoring
d69b2b
- Resolves: Bug 1807419 - Unable to create a suffix with countryName either via dscreate or the admin console
d69b2b
- Resolves: Bug 1816848 - Database links: get_monitor() takes 1 positional argument but 2 were given
d69b2b
- Resolves: Bug 1816854 - Setting nsslapd-allowed-sasl-mechanisms truncates the value
d69b2b
- Resolves: Bug 1816857 - Searches on cn=config takes values with spaces and makes multiple attributes out of them
d69b2b
- Resolves: Bug 1816859 - lib389 - Replace exec() with setattr()
d69b2b
- Resolves: Bug 1816862 - Memory leak in indirect COS
d69b2b
- Resolves: Bug 1829071 - Installation of RHDS 11 fails on RHEL8 server with IPv6 disabled
d69b2b
- Resolves: Bug 1833515 - set 'nsslapd-enable-upgrade-hash: off' as this raises warnings in IPA
d69b2b
- Resolves: Bug 1790986 - cenotaph errors on modrdn operations
d69b2b
- Resolves: Bug 1769734 - Heavy StartTLS connection load can randomly fail with err=1
d69b2b
- Resolves: Bug 1758501 - LeakSanitizer: detected memory leaks in changelog5_init and perfctrs_init
d69b2b
d69b2b
* Fri May 8 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.8-0
d69b2b
- Bump version to 1.4.3.8-0
d69b2b
- Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema
d69b2b
- Issue 51054 - Revise ACI target syntax checking
d69b2b
- Issue 51068 - deadlock when updating the schema
d69b2b
- Issue 51060 - unable to set sslVersionMin to TLS1.0
d69b2b
- Issue 51064 - Unable to install server where IPv6 is disabled
d69b2b
- Issue 51051 - CLI fix consistency issues with confirmations
d69b2b
- Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
d69b2b
- Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev
d69b2b
- Issue 51047 - React deprecating ComponentWillMount
d69b2b
- Issue 50499 - fix npm audit issues
d69b2b
- Issue 50545 - Port dbgen.pl to dsctl
d69b2b
d69b2b
* Wed Apr 22 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.7-1
d69b2b
- Bump version to 1.4.3.7
d69b2b
- Issue 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins
d69b2b
- Issue 51035 - Heavy StartTLS connection load can randomly fail with err=1
d69b2b
- Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
d69b2b
- Issue 51031 - UI - transition between two instances needs improvement
d69b2b
d69b2b
* Thu Apr 16 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.6-1
d69b2b
- Bump version to 1.4.3.6
d69b2b
- Issue 50933 - 10rfc2307compat.ldif is not ready to set used by default
d69b2b
- Issue 50931 - RFE AD filter rewriter for ObjectCategory
d69b2b
- Issue 51016 - Fix memory leaks in changelog5_init and perfctrs_init
d69b2b
- Issue 50980 - RFE extend usability for slapi_compute_add_search_rewriter and slapi_compute_add_evaluator
d69b2b
- Issue 51008 - dbhome in containers
d69b2b
- Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code
d69b2b
- Issue 51014 - slapi_pal.c possible static buffer overflow
d69b2b
- Issue 50545 - remove dbmon "incr" option from arg parser
d69b2b
- Issue 50545 - Port dbmon.sh to dsconf
d69b2b
- Issue 51005 - AttributeUniqueness plugin's DN parameter should not have a default value
d69b2b
- Issue 49731 - Fix additional issues with setting db home directory by default
d69b2b
- Issue 50337 - Replace exec() with setattr()
d69b2b
- Issue 50905 - intermittent SSL hang with rhds
d69b2b
- Issue 50952 - SSCA lacks basicConstraint:CA
d69b2b
- Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given
d69b2b
- Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value
d69b2b
d69b2b
* Wed Apr 1 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.5-1
d69b2b
- Bump version to 1.4.3.5
d69b2b
- Issue 50994 - Fix latest UI bugs found by QE
d69b2b
- Issue 50933 - rfc2307compat.ldif
d69b2b
- Issue 50337 - Replace exec() with setattr()
d69b2b
- Issue 50984 - Memory leaks in disk monitoring
d69b2b
- Issue 50984 - Memory leaks in disk monitoring
d69b2b
- Issue 49731 - dscreate fails in silent mode because of db_home_dir
d69b2b
- Issue 50975 - Revise UI branding with new minimized build
d69b2b
- Issue 49437 - Fix memory leak with indirect COS
d69b2b
- Issue 49731 - Do not add db_home_dir to template-dse.ldif
d69b2b
- Issue 49731 - set and use db_home_directory by default
d69b2b
- Issue 50971 - fix BSD_SOURCE
d69b2b
- Issue 50744 - -n option of dbverify does not work
d69b2b
- Issue 50952 - SSCA lacks basicConstraint:CA
d69b2b
- Issue 50976 - Clean up Web UI source directory from unused files
d69b2b
- Issue 50955 - Fix memory leaks in chaining plugin(part 2)
d69b2b
- Issue 50966 - UI - Database indexes not using typeAhead correctly
d69b2b
- Issue 50974 - UI - wrong title in "Delete Suffix" popup
d69b2b
- Issue 50972 - Fix cockpit plugin build
d69b2b
- Issue 49761 - Fix CI test suite issues
d69b2b
- Issue 50971 - Support building on FreeBSD.
d69b2b
- Issue 50960 - [RFE] Advance options in RHDS Disk Monitoring Framework
d69b2b
- Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted
d69b2b
- Issue 50963 - We should bundle *.min.js files of Console
d69b2b
- Issue 50860 - Port Password Policy test cases from TET to python3 Password grace limit section.
d69b2b
- Issue 50860 - Port Password Policy test cases from TET to python3 series of bugs Port final
d69b2b
- Issue 50954 - buildnum.py - fix date formatting issue
d69b2b
d69b2b
* Mon Mar 16 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.4-1
d69b2b
- Bump version to 1.4.3.4
d69b2b
- Issue 50954 - Port buildnum.pl to python(part 2)
d69b2b
- Issue 50955 - Fix memory leaks in chaining plugin
d69b2b
- Issue 50954 - Port buildnum.pl to python
d69b2b
- Issue 50947 - change 00core.ldif objectClasses for openldap migration
d69b2b
- Issue 50755 - setting nsslapd-db-home-directory is overriding db_directory
d69b2b
- Issue 50937 - Update CLI for new backend split configuration
d69b2b
- Issue 50860 - Port Password Policy test cases from TET to python3 pwp.sh
d69b2b
- Issue 50945 - givenname alias of gn from openldap
d69b2b
- Issue 50935 - systemd override in lib389 for dscontainer
d69b2b
- Issue 50499 - Fix npm audit issues
d69b2b
- Issue 49761 - Fix CI test suite issues
d69b2b
- Issue 50618 - clean compiler warning and log level
d69b2b
- Issue 50889 - fix compiler issues
d69b2b
- Issue 50884 - Health check tool DSEldif check fails
d69b2b
- Issue 50926 - Remove dual spinner and other UI fixes
d69b2b
- Issue 50928 - Unable to create a suffix with countryName
d69b2b
- Issue 50758 - Only Recommend bash-completion, not Require
d69b2b
- Issue 50923 - Fix a test regression
d69b2b
- Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code
d69b2b
- Issue 50920 - cl-dump exit code is 0 even if command fails with invalid arguments
d69b2b
- Issue 50923 - Add test - dsctl fails to remove instances with dashes in the name
d69b2b
- Issue 50919 - Backend delete fails using dsconf
d69b2b
- Issue 50872 - dsconf can't create GSSAPI replication agreements
d69b2b
- Issue 50912 - RFE - add password policy attribute pwdReset
d69b2b
- Issue 50914 - No error returned when adding an entry matching filters for a non existing automember group
d69b2b
- Issue 50889 - Extract pem files into a private namespace
d69b2b
- Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before
d69b2b
- Issue 50686 - Port fractional replication test cases from TET to python3 final
d69b2b
- Issue 49845 - Remove pkgconfig check for libasan
d69b2b
- Issue:50860 - Port Password Policy test cases from TET to python3 bug624080
d69b2b
- Issue:50860 - Port Password Policy test cases from TET to python3 series of bugs
d69b2b
- Issue 50786 - connection table freelist
d69b2b
- Issue 50618 - support cgroupv2
d69b2b
- Issue 50900 - Fix cargo offline build
d69b2b
- Issue 50898 - ldclt core dumped when run with -e genldif option
d69b2b
d69b2b
* Mon Feb 17 2020 Matus Honek <mhonek@redhat.com> - 1.4.3.3-3
d69b2b
- Bring back the necessary c_rehash util (#1803370)
d69b2b
d69b2b
* Fri Feb 14 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.3-2
d69b2b
- Bump version to 1.4.3.3-2
d69b2b
- Remove unneeded perl dependencies
d69b2b
- Change bash-completion to "Recommends" instead of "Requires"
d69b2b
d69b2b
* Thu Feb 13 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.3-1
d69b2b
- Bump version to 1.4.3.3
d69b2b
- Issue 50855 - remove unused file from UI
d69b2b
- Issue 50855 - UI: Port Server Tab to React
d69b2b
- Issue 49845 - README does not contain complete information on building
d69b2b
- Issue 50686 - Port fractional replication test cases from TET to python3 part 1
d69b2b
- Issue 49623 - cont cenotaph errors on modrdn operations
d69b2b
- Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled
d69b2b
- Issue 50886 - Typo in the replication debug message
d69b2b
- Issue 50873 - Fix healthcheck and virtual attr check
d69b2b
- Issue 50873 - Fix issues with healthcheck tool
d69b2b
- Issue 50028 - Add a new CI test case
d69b2b
- Issue 49946 - Add a new CI test case
d69b2b
- Issue 50117 - Add a new CI test case
d69b2b
- Issue 50787 - fix implementation of attr unique
d69b2b
- Issue 50859 - support running only with ldaps socket
d69b2b
- Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name
d69b2b
- Issue 49624 - cont - DB Deadlock on modrdn appears to corrupt database and entry cache
d69b2b
- Issue 50867 - Fix minor buildsys issues
d69b2b
- Issue 50737 - Allow building with rust online without vendoring
d69b2b
- Issue 50831 - add cargo.lock to allow offline builds
d69b2b
- Issue 50694 - import PEM certs on startup
d69b2b
- Issue 50857 - Memory leak in ACI using IP subject
d69b2b
- Issue 49761 - Fix CI test suite issues
d69b2b
- Issue 50853 - Fix NULL pointer deref in config setting
d69b2b
- Issue 50850 - Fix dsctl healthcheck for python36
d69b2b
- Issue 49990 - Need to enforce a hard maximum limit for file descriptors
d69b2b
- Issue 48707 - ldapssotoken for authentication
d69b2b
d69b2b
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.3.2-1.1
d69b2b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
d69b2b
d69b2b
* Thu Jan 23 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.2-1
d69b2b
- Bump version to 1.4.3.2
d69b2b
- Issue 49254 - Fix compiler failures and warnings
d69b2b
- Issue 50741 - cont bdb_start - Detected Disorderly Shutdown
d69b2b
- Issue 50836 - Port Schema UI tab to React
d69b2b
- Issue 50842 - Decrease 389-console Cockpit component size
d69b2b
- Issue 50790 - Add result text when filter is invalid
d69b2b
- Issue 50627 - Add ASAN logs to HTML report
d69b2b
- Issue 50834 - Incorrectly setting the NSS default SSL version max
d69b2b
- Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
d69b2b
- Issue 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
d69b2b
- Issue 50784 - performance testing scripts
d69b2b
- Issue 50599 - Fix memory leak when removing db region files
d69b2b
- Issue 49395 - Set the default TLS version min to TLS1.2
d69b2b
- Issue 50818 - dsconf pwdpolicy get error
d69b2b
- Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined"
d69b2b
- Issue 50599 - Remove db region files prior to db recovery
d69b2b
- Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/
d69b2b
- Issue 50816 - dsconf allows the root password to be set to nothing
d69b2b
- Issue 50798 - incorrect bytes in format string(fix import issue)
d69b2b
d69b2b
* Thu Jan 16 2020 Adam Williamson <awilliam@redhat.com> - 1.4.3.1-3
d69b2b
- Backport two more import/missing function fixes
d69b2b
d69b2b
* Wed Jan 15 2020 Adam Williamson <awilliam@redhat.com> - 1.4.3.1-2
d69b2b
- Backport 828aad0 to fix missing imports from 1.4.3.1
d69b2b
d69b2b
* Mon Jan 13 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.1-1
d69b2b
- Bump version to 1.4.3.1
d69b2b
- Issue 50798 - incorrect bytes in format string
d69b2b
- Issue 50545 - Add the new replication monitor functionality to UI
d69b2b
- Issue 50806 - Fix minor issues in lib389 health checks
d69b2b
- Issue 50690 - Port Password Storage test cases from TET to python3 part 1
d69b2b
- Issue 49761 - Fix CI test suite issues
d69b2b
- Issue 49761 - Fix CI test suite issues
d69b2b
- Issue 50754 - Add Restore Change Log option to CLI
d69b2b
- Issue 48055 - CI test - automember_plugin(part2)
d69b2b
- Issue 50667 - dsctl -l did not respect PREFIX
d69b2b
- Issue 50780 - More CLI fixes
d69b2b
- Issue 50649 - lib389 without defaults.inf
d69b2b
- Issue 50780 - Fix UI issues
d69b2b
- Issue 50727 - correct mistaken options in filter validation patch
d69b2b
- Issue 50779 - lib389 - conflict compare fails for DN's with spaces
d69b2b
- Set branch version to 1.4.3.0