## START: Set by rpmautospec ## (rpmautospec version 0.8.1) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: release_number = 5; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec %global pkgname dirsrv # Exclude i686 bit arches ExcludeArch: i686 %bcond bundle_jemalloc 1 %if %{with bundle_jemalloc} %global jemalloc_name jemalloc %global jemalloc_ver 5.3.0 %global __provides_exclude ^libjemalloc\\.so.*$ %endif %bcond bundle_libdb 1 %if %{with bundle_libdb} %global libdb_version 5.3 %global libdb_base_version db-%{libdb_version}.28 %global libdb_full_version lib%{libdb_base_version}-59 %global libdb_bundle_name libdb-%{libdb_version}-389ds.so %endif # This is used in certain builds to help us know if it has extra features. %global variant base # This enables a sanitized build. %bcond asan 0 %bcond msan 0 %bcond tsan 0 %bcond ubsan 0 %if %{with asan} || %{with msan} || %{with tsan} || %{with ubsan} %global variant base-xsan %endif # Use Clang instead of GCC %bcond clang 0 %if %{with msan} %bcond clang 1 %endif %if %{with clang} %global toolchain clang %global _missing_build_ids_terminate_build 0 %endif # Build cockpit plugin %bcond cockpit 0 # fedora 15 and later uses tmpfiles.d # otherwise, comment this out %{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} # systemd support %global groupname %{pkgname}.target # Filter argparse-manpage from autogenerated package Requires %global __requires_exclude ^python.*argparse-manpage # Force to require nss version greater or equal as the version available at the build time # See bz1986327 %define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") Summary: 389 Directory Server (%{variant}) Name: 389-ds-base Version: 3.1.3 Epoch: 1 Release: %{autorelease -n %{?with_asan:-e asan}}%{?dist} License: GPL-3.0-or-later WITH GPL-3.0-389-ds-base-exception AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR LGPL-2.1-or-later OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (MIT OR Apache-2.0) AND Unicode-3.0 AND (MIT OR Unlicense) AND Apache-2.0 AND MIT AND MPL-2.0 AND Zlib Conflicts: selinux-policy-base < 3.9.8 Conflicts: freeipa-server < 4.0.3 Obsoletes: %{name} <= 1.4.4 URL: https://www.port389.org/ Obsoletes: %{name}-legacy-tools < 1.4.4.6 Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6 Provides: ldif2ldbm >= 0 ##### Bundled cargo crates list - START ##### Provides: bundled(crate(addr2line)) = 0.24.2 Provides: bundled(crate(adler2)) = 2.0.1 Provides: bundled(crate(allocator-api2)) = 0.2.21 Provides: bundled(crate(atty)) = 0.2.14 Provides: bundled(crate(autocfg)) = 1.5.0 Provides: bundled(crate(backtrace)) = 0.3.75 Provides: bundled(crate(base64)) = 0.13.1 Provides: bundled(crate(bitflags)) = 2.9.1 Provides: bundled(crate(byteorder)) = 1.5.0 Provides: bundled(crate(cbindgen)) = 0.26.0 Provides: bundled(crate(cc)) = 1.2.31 Provides: bundled(crate(cfg-if)) = 1.0.1 Provides: bundled(crate(clap)) = 3.2.25 Provides: bundled(crate(clap_lex)) = 0.2.4 Provides: bundled(crate(concread)) = 0.5.7 Provides: bundled(crate(crossbeam-epoch)) = 0.9.18 Provides: bundled(crate(crossbeam-queue)) = 0.3.12 Provides: bundled(crate(crossbeam-utils)) = 0.8.21 Provides: bundled(crate(equivalent)) = 1.0.2 Provides: bundled(crate(errno)) = 0.3.13 Provides: bundled(crate(fastrand)) = 2.3.0 Provides: bundled(crate(fernet)) = 0.1.4 Provides: bundled(crate(foldhash)) = 0.1.5 Provides: bundled(crate(foreign-types)) = 0.3.2 Provides: bundled(crate(foreign-types-shared)) = 0.1.1 Provides: bundled(crate(getrandom)) = 0.3.3 Provides: bundled(crate(gimli)) = 0.31.1 Provides: bundled(crate(hashbrown)) = 0.15.4 Provides: bundled(crate(heck)) = 0.4.1 Provides: bundled(crate(hermit-abi)) = 0.1.19 Provides: bundled(crate(indexmap)) = 1.9.3 Provides: bundled(crate(io-uring)) = 0.7.9 Provides: bundled(crate(itoa)) = 1.0.15 Provides: bundled(crate(jobserver)) = 0.1.33 Provides: bundled(crate(libc)) = 0.2.174 Provides: bundled(crate(linux-raw-sys)) = 0.9.4 Provides: bundled(crate(log)) = 0.4.27 Provides: bundled(crate(lru)) = 0.13.0 Provides: bundled(crate(memchr)) = 2.7.5 Provides: bundled(crate(miniz_oxide)) = 0.8.9 Provides: bundled(crate(mio)) = 1.0.4 Provides: bundled(crate(object)) = 0.36.7 Provides: bundled(crate(once_cell)) = 1.21.3 Provides: bundled(crate(openssl)) = 0.10.73 Provides: bundled(crate(openssl-macros)) = 0.1.1 Provides: bundled(crate(openssl-sys)) = 0.9.109 Provides: bundled(crate(os_str_bytes)) = 6.6.1 Provides: bundled(crate(paste)) = 0.1.18 Provides: bundled(crate(paste-impl)) = 0.1.18 Provides: bundled(crate(pin-project-lite)) = 0.2.16 Provides: bundled(crate(pkg-config)) = 0.3.32 Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated Provides: bundled(crate(proc-macro2)) = 1.0.95 Provides: bundled(crate(quote)) = 1.0.40 Provides: bundled(crate(r-efi)) = 5.3.0 Provides: bundled(crate(rustc-demangle)) = 0.1.26 Provides: bundled(crate(rustix)) = 1.0.8 Provides: bundled(crate(ryu)) = 1.0.20 Provides: bundled(crate(serde)) = 1.0.219 Provides: bundled(crate(serde_derive)) = 1.0.219 Provides: bundled(crate(serde_json)) = 1.0.142 Provides: bundled(crate(shlex)) = 1.3.0 Provides: bundled(crate(slab)) = 0.4.10 Provides: bundled(crate(smallvec)) = 1.15.1 Provides: bundled(crate(sptr)) = 0.3.2 Provides: bundled(crate(strsim)) = 0.10.0 Provides: bundled(crate(syn)) = 2.0.104 Provides: bundled(crate(tempfile)) = 3.20.0 Provides: bundled(crate(termcolor)) = 1.4.1 Provides: bundled(crate(textwrap)) = 0.16.2 Provides: bundled(crate(tokio)) = 1.47.1 Provides: bundled(crate(toml)) = 0.5.11 Provides: bundled(crate(tracing)) = 0.1.41 Provides: bundled(crate(tracing-attributes)) = 0.1.30 Provides: bundled(crate(tracing-core)) = 0.1.34 Provides: bundled(crate(unicode-ident)) = 1.0.18 Provides: bundled(crate(uuid)) = 0.8.2 Provides: bundled(crate(vcpkg)) = 0.2.15 Provides: bundled(crate(wasi)) = 0.14.2+wasi_0.2.4 Provides: bundled(crate(winapi)) = 0.3.9 Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(winapi-util)) = 0.1.9 Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(windows-link)) = 0.1.3 Provides: bundled(crate(windows-sys)) = 0.60.2 Provides: bundled(crate(windows-targets)) = 0.53.3 Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.53.0 Provides: bundled(crate(windows_aarch64_msvc)) = 0.53.0 Provides: bundled(crate(windows_i686_gnu)) = 0.53.0 Provides: bundled(crate(windows_i686_gnullvm)) = 0.53.0 Provides: bundled(crate(windows_i686_msvc)) = 0.53.0 Provides: bundled(crate(windows_x86_64_gnu)) = 0.53.0 Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.53.0 Provides: bundled(crate(windows_x86_64_msvc)) = 0.53.0 Provides: bundled(crate(wit-bindgen-rt)) = 0.39.0 Provides: bundled(crate(zeroize)) = 1.8.1 Provides: bundled(crate(zeroize_derive)) = 1.4.2 ##### Bundled cargo crates list - END ##### # Attach the buildrequires to the top level package: BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.34 BuildRequires: openldap-clients BuildRequires: openldap-devel BuildRequires: lmdb-devel BuildRequires: cyrus-sasl-devel BuildRequires: icu BuildRequires: libicu-devel BuildRequires: pcre2-devel BuildRequires: cracklib-devel BuildRequires: json-c-devel %if %{with clang} BuildRequires: libatomic BuildRequires: clang BuildRequires: compiler-rt BuildRequires: lld %else BuildRequires: gcc BuildRequires: gcc-c++ %if %{with asan} BuildRequires: libasan %endif %if %{with tsan} BuildRequires: libtsan %endif %if %{with ubsan} BuildRequires: libubsan %endif %endif %if %{without bundle_libdb} BuildRequires: libdb-devel %endif # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel BuildRequires: bzip2-devel BuildRequires: openssl-devel # the following is for the pam passthru auth plug-in BuildRequires: pam-devel BuildRequires: systemd-units BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros %{?sysusers_requires_compat} BuildRequires: cargo BuildRequires: rust BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libpcre2-8) # Needed to support regeneration of the autotool artifacts. BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool # For our documentation BuildRequires: doxygen # For tests! BuildRequires: libcmocka-devel # For lib389 and related components. BuildRequires: python%{python3_pkgversion}-devel # For cockpit %if %{with cockpit} BuildRequires: rsync BuildRequires: npm BuildRequires: nodejs %endif Requires: %{name}-libs = %{epoch}:%{version}-%{release} Requires: python%{python3_pkgversion}-lib389 = %{epoch}:%{version}-%{release} # this is needed for using semanage from our setup scripts Requires: policycoreutils-python-utils Requires: libsemanage-python%{python3_pkgversion} # the following are needed for some of our scripts Requires: openldap-clients Requires: acl # this is needed to setup SSL if you are not using the # administration server package Requires: nss-tools %dirsrv_requires_ge nss # these are not found by the auto-dependency method # they are required to support the mandatory LDAP SASL mechs Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-md5 # This is optionally supported by us, as we use it in our tests Requires: cyrus-sasl-plain # this is needed for backldbm %if %{without bundle_libdb} Requires: libdb %endif Requires: lmdb-libs # Needed by logconv.pl %if %{without bundle_libdb} Requires: perl-DB_File %endif Requires: perl-Archive-Tar %if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 Requires: perl-debugger Requires: perl-sigtrap %endif # Needed for password dictionary checks Requires: cracklib-dicts Requires: json-c # Log compression Requires: zlib-devel # logconv.py, MIME type Requires: python3-file-magic # Picks up our systemd deps. %{?systemd_requires} Obsoletes: %{name} <= 1.4.4 Source0: %{name}-%{version}.tar.bz2 Source2: %{name}-devel.README %if %{with bundle_jemalloc} Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 %endif Source4: 389-ds-base.sysusers %if %{with bundle_libdb} Source5: https://fedorapeople.org/groups/389ds/libdb-5.3.28-59.tar.bz2 %endif Source6: vendor-%{version}-1.tar.gz Source7: Cargo-%{version}-1.lock Patch: 0001-Issue-6822-Backend-creation-cleanup-and-Database-UI-.patch Patch: 0002-Issue-6852-Move-ds-CLI-tools-back-to-sbin.patch Patch: 0003-Issue-6663-Fix-NULL-subsystem-crash-in-JSON-error-lo.patch Patch: 0004-Issue-6829-Update-parametrized-docstring-for-tests.patch Patch: 0005-Issue-6782-Improve-paged-result-locking.patch Patch: 0006-Issue-6838-lib389-replica.py-is-using-nonexistent-da.patch Patch: 0007-Issue-6753-Add-add_exclude_subtree-and-remove_exclud.patch Patch: 0008-Issue-6857-uiduniq-allow-specifying-match-rules-in-t.patch Patch: 0009-Issue-6756-CLI-UI-Properly-handle-disabled-NDN-cache.patch Patch: 0010-Issue-6854-Refactor-for-improved-data-management-685.patch Patch: 0011-Issue-6850-AddressSanitizer-memory-leak-in-mdb_init.patch Patch: 0012-Issue-6848-AddressSanitizer-leak-in-do_search.patch Patch: 0013-Issue-6865-AddressSanitizer-leak-in-agmt_update_init.patch Patch: 0014-Issue-6859-str2filter-is-not-fully-applying-matching.patch Patch: 0015-Issue-6872-compressed-log-rotation-creates-files-wit.patch Patch: 0016-Issue-6878-Prevent-repeated-disconnect-logs-during-s.patch Patch: 0017-Issue-6888-Missing-access-JSON-logging-for-TLS-Clien.patch Patch: 0018-Issue-6829-Update-parametrized-docstring-for-tests.patch Patch: 0019-Issue-6772-dsconf-Replicas-with-the-consumer-role-al.patch Patch: 0020-Issue-6893-Log-user-that-is-updated-during-password-.patch Patch: 0021-Issue-6352-Fix-DeprecationWarning.patch Patch: 0022-Issue-6880-Fix-ds_logs-test-suite-failure.patch Patch: 0023-Issue-6901-Update-changelog-trimming-logging.patch Patch: 0024-Issue-6895-Crash-if-repl-keep-alive-entry-can-not-be.patch Patch: 0025-Issue-6250-Add-test-for-entryUSN-overflow-on-failed-.patch Patch: 0026-Issue-6594-Add-test-for-numSubordinates-replication-.patch Patch: 0027-Issue-6884-Mask-password-hashes-in-audit-logs-6885.patch Patch: 0028-Issue-6897-Fix-disk-monitoring-test-failures-and-imp.patch Patch: 0029-Issue-6778-Memory-leak-in-roles_cache_create_object_.patch Patch: 0030-Issue-6901-Update-changelog-trimming-logging-fix-tes.patch Patch: 0031-Issue-6181-RFE-Allow-system-to-manage-uid-gid-at-sta.patch Patch: 0032-Issue-6468-CLI-Fix-default-error-log-level.patch Patch: 0033-Issue-6768-ns-slapd-crashes-when-a-referral-is-added.patch Patch: 0034-Issues-6913-6886-6250-Adjust-xfail-marks-6914.patch Patch: 0035-Issue-6875-Fix-dsidm-tests.patch Patch: 0036-Issue-6519-Add-basic-dsidm-account-tests.patch Patch: 0037-Issue-6940-dsconf-monitor-server-fails-with-ldapi-du.patch Patch: 0038-Issue-6936-Make-user-subtree-policy-creation-idempot.patch Patch: 0039-Issue-6919-numSubordinates-tombstoneNumSubordinates-.patch Patch: 0040-Issue-6910-Fix-latest-coverity-issues.patch Patch: 0041-Issue-6929-Compilation-failure-with-rust-1.89-on-Fed.patch #Patch: 389ds-tlsuri4.patch #Patch: 389ds-tlsuri4+ext.patch Patch: 389ds-tlsuri-pr.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. %if %{with asan} WARNING! This build is linked to Address Sanitisation libraries. This probably isn't what you want. Please contact support immediately. Please see http://seclists.org/oss-sec/2016/q1/363 for more information. %endif %package libs Summary: Core libraries for 389 Directory Server (%{variant}) Provides: svrcore = 4.1.4 Obsoletes: svrcore <= 4.1.3 Conflicts: svrcore %dirsrv_requires_ge nss Requires: nspr Requires: openldap Requires: systemd-libs # Pull in sasl Requires: cyrus-sasl-lib # KRB Requires: krb5-libs %if %{with clang} Requires: llvm Requires: compiler-rt %else %if %{with asan} Requires: libasan %endif %if %{with tsan} Requires: libtsan %endif %if %{with ubsan} Requires: libubsan %endif %endif %description libs Core libraries for the 389 Directory Server base package. These libraries are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package. %package devel Summary: Development libraries for 389 Directory Server (%{variant}) Provides: svrcore-devel = 4.1.4 Obsoletes: svrcore-devel <= 4.1.3 Conflicts: svrcore-devel Requires: %{name}-libs = %{epoch}:%{version}-%{release} Requires: pkgconfig Requires: nspr-devel Requires: nss-devel >= 3.34 Requires: openldap-devel # systemd-libs contains the headers iirc. Requires: systemd-libs %description devel Development Libraries and headers for the 389 Directory Server base package. %package snmp Summary: SNMP Agent for 389 Directory Server Requires: %{name} = %{epoch}:%{version}-%{release} Obsoletes: %{name} <= 1.4.0.0 %description snmp SNMP Agent for the 389 Directory Server base package. %if %{with bundle_libdb} %package bdb Summary: Berkeley Database backend for 389 Directory Server Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name}-libs = %{epoch}:%{version}-%{release} # Berkeley DB database libdb was marked as deprecated since F40: # https://fedoraproject.org/wiki/Changes/389_Directory_Server_3.0.0 # because libdb was marked as deprecated since F33 # https://fedoraproject.org/wiki/Changes/Libdb_deprecated Provides: deprecated() %description bdb Berkeley Database backend for 389 Directory Server Warning! This backend is deprecated in favor of lmdb and its support may be removed in future versions. %endif %package -n python%{python3_pkgversion}-lib389 Summary: A library for accessing, testing, and configuring the 389 Directory Server BuildArch: noarch Requires: %{name} = %{epoch}:%{version}-%{release} Requires: openssl # This is for /usr/bin/c_rehash tool, only needed for openssl < 1.1.0 Requires: openssl-perl Requires: iproute Requires: python%{python3_pkgversion} Requires: python%{python3_pkgversion}-distro Requires: python%{python3_pkgversion}-ldap Requires: python%{python3_pkgversion}-pyasn1 Requires: python%{python3_pkgversion}-pyasn1-modules Requires: python%{python3_pkgversion}-dateutil Requires: python%{python3_pkgversion}-argcomplete Requires: python%{python3_pkgversion}-libselinux Requires: python%{python3_pkgversion}-setuptools Requires: python%{python3_pkgversion}-cryptography Recommends: bash-completion %description -n python%{python3_pkgversion}-lib389 This module contains tools and libraries for accessing, testing, and configuring the 389 Directory Server. %if %{with cockpit} %package -n cockpit-389-ds Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server BuildArch: noarch Requires: cockpit Requires: %{name} = %{epoch}:%{version}-%{release} Requires: python%{python3_pkgversion} Requires: python%{python3_pkgversion}-lib389 = %{epoch}:%{version}-%{release} %description -n cockpit-389-ds A cockpit UI Plugin for configuring and administering the 389 Directory Server %endif %generate_buildrequires cd src/lib389 # Tests do not run in %%check (lib389's tests need to be fixed) # but test dependencies are needed to check import lib389.topologies %pyproject_buildrequires -g test %prep %autosetup -p1 -n %{name}-%{version} rm -rf vendor tar xzf %{SOURCE6} cp %{SOURCE7} src/Cargo.lock %if %{with bundle_jemalloc} %setup -q -n %{name}-%{version} -T -D -b 3 %endif %if %{with bundle_libdb} %setup -q -n %{name}-%{version} -T -D -b 5 %endif cp %{SOURCE2} README.devel %build %if %{with clang} CLANG_FLAGS="--enable-clang" %endif %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} %if %{with asan} ASAN_FLAGS="--enable-asan --enable-debug" %endif %if %{with msan} MSAN_FLAGS="--enable-msan --enable-debug" %endif %if %{with tsan} TSAN_FLAGS="--enable-tsan --enable-debug" %endif %if %{with ubsan} UBSAN_FLAGS="--enable-ubsan --enable-debug" %endif RUST_FLAGS="--enable-rust --enable-rust-offline" %if %{without cockpit} COCKPIT_FLAGS="--disable-cockpit" %endif %if %{with bundle_jemalloc} # Override page size, bz #1545539 # 4K %ifarch %ix86 %arm x86_64 s390x %define lg_page --with-lg-page=12 %endif # 64K %ifarch ppc64 ppc64le aarch64 %define lg_page --with-lg-page=16 %endif # Override huge page size on aarch64 # 2M instead of 512M %ifarch aarch64 %define lg_hugepage --with-lg-hugepage=21 %endif # Build jemalloc pushd ../%{jemalloc_name}-%{jemalloc_ver} %configure \ --libdir=%{_libdir}/%{pkgname}/lib \ --bindir=%{_libdir}/%{pkgname}/bin \ --enable-prof %{lg_page} %{lg_hugepage} make %{?_smp_mflags} popd %endif # Build custom libdb package %if %{with bundle_libdb} mkdir -p ../%{libdb_base_version} pushd ../%{libdb_base_version} tar -xjf ../../SOURCES/%{libdb_full_version}.tar.bz2 mv %{libdb_full_version} SOURCES rpmbuild --define "_topdir $PWD" -bc %{_builddir}/%{name}-%{version}/rpm/bundle-libdb.spec popd %endif # Rebuild the autotool artifacts now. autoreconf -fiv %configure \ %if %{with bundle_libdb} --with-bundle-libdb=%{_builddir}/%{libdb_base_version}/BUILD/%{libdb_base_version}/dist/dist-tls \ %endif --with-selinux $TMPFILES_FLAG \ --with-systemd \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ --with-systemdgroupname=%{groupname} \ --libexecdir=%{_libexecdir}/%{pkgname} \ $ASAN_FLAGS $MSAN_FLAGS $TSAN_FLAGS $UBSAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ %if 0%{?fedora} >= 34 || 0%{?rhel} >= 9 --with-libldap-r=no \ %endif --enable-cmocka # Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings from systemd on older releases %if 0%{?rhel} && 0%{?rhel} < 9 sed -r -i '/^(Protect(Home|Hostname|KernelLogs)|PrivateMounts)=/d' %{_builddir}/%{name}-%{version}/wrappers/*.service.in %endif # lib389 pushd ./src/lib389 %{python3} validate_version.py --update %pyproject_wheel popd # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS make %{?_smp_mflags} %install mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} %if %{with cockpit} mkdir -p %{buildroot}%{_datadir}/cockpit %endif make DESTDIR="$RPM_BUILD_ROOT" install %if %{with cockpit} find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list %endif find %{buildroot}%{_libdir}/%{pkgname}/plugins/ -type f -iname 'lib*.so' | sed -e "s@%{buildroot}@@" > plugins.list %if %{with bundle_libdb} sed -i -e "/libback-bdb/d" plugins.list %endif # Copy in our docs from doxygen. cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 # lib389 pushd src/lib389 %pyproject_install %if 0%{?fedora} <= 41 || (0%{?rhel} && 0%{?rhel} <= 10) for clitool in dsconf dscreate dsctl dsidm openldap_to_ds; do mv %{buildroot}%{_bindir}/$clitool %{buildroot}%{_sbindir}/ done %endif %pyproject_save_files -l lib389 popd # Register CLI tools for bash completion for clitool in dsconf dsctl dsidm dscreate ds-replcheck do register-python-argcomplete "${clitool}" > "${clitool}" install -p -m 0644 -D -t '%{buildroot}%{bash_completions_dir}' "${clitool}" done mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} \ && chmod 770 $RPM_BUILD_ROOT/var/lock/%{pkgname} # for systemd mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/389-ds-base.conf #remove libtool and static libs rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la %if %{with bundle_jemalloc} pushd ../%{jemalloc_name}-%{jemalloc_ver} make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc cp -pa README ../%{name}-%{version}/README.jemalloc popd %endif %if %{with bundle_libdb} pushd ../%{libdb_base_version} libdbbuilddir=$PWD/BUILD/%{libdb_base_version} libdbdestdir=$PWD/../%{name}-%{version} cp -pa $libdbbuilddir/LICENSE $libdbdestdir/LICENSE.libdb cp -pa $libdbbuilddir/README $libdbdestdir/README.libdb cp -pa $libdbbuilddir/lgpl-2.1.txt $libdbdestdir/lgpl-2.1.txt.libdb cp -pa $libdbbuilddir/dist/dist-tls/.libs/%{libdb_bundle_name} $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/%{libdb_bundle_name} popd %endif %check # This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. %if %{with tsan} export TSAN_OPTIONS=print_stacktrace=1:second_deadlock_stack=1:history_size=7 %endif %if %{without asan} && %{without msan} if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi %endif # Check import for lib389 modules %pyproject_check_import -e '*.test*' %post if [ -n "$DEBUGPOSTTRANS" ] ; then output=$DEBUGPOSTTRANS output2=${DEBUGPOSTTRANS}.upgrade else output=/dev/null output2=/dev/null fi # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >$output 2>&1 || : # https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation # Soft static allocation for UID and GID # sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format %sysusers_create_compat %{SOURCE4} # Reload our sysctl before we restart (if we can) sysctl --system &> $output; true # Gather the running instances so we can restart them instbase="%{_sysconfdir}/%{pkgname}" ninst=0 for dir in $instbase/slapd-* ; do echo dir = $dir >> $output 2>&1 || : if [ ! -d "$dir" ] ; then continue ; fi case "$dir" in *.removed) continue ;; esac basename=`basename $dir` inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" echo found instance $inst - getting status >> $output 2>&1 || : if /bin/systemctl -q is-active $inst ; then echo instance $inst is running >> $output 2>&1 || : instances="$instances $inst" else echo instance $inst is not running >> $output 2>&1 || : fi ninst=`expr $ninst + 1` done if [ $ninst -eq 0 ] ; then echo no instances to upgrade >> $output 2>&1 || : exit 0 # have no instances to upgrade - just skip the rest else # restart running instances echo shutting down all instances . . . >> $output 2>&1 || : for inst in $instances ; do echo stopping instance $inst >> $output 2>&1 || : /bin/systemctl stop $inst >> $output 2>&1 || : done for inst in $instances ; do echo starting instance $inst >> $output 2>&1 || : /bin/systemctl start $inst >> $output 2>&1 || : done fi %preun if [ $1 -eq 0 ]; then # Final removal # remove instance specific service files/links rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : fi %postun if [ $1 = 0 ]; then # Final removal rm -rf /var/run/%{pkgname} fi %post snmp %systemd_post %{pkgname}-snmp.service %preun snmp %systemd_preun %{pkgname}-snmp.service %{groupname} %postun snmp %systemd_postun_with_restart %{pkgname}-snmp.service exit 0 %files -f plugins.list %if %{with bundle_jemalloc} %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc %license COPYING.jemalloc %else %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl %endif %dir %{_sysconfdir}/%{pkgname} %dir %{_sysconfdir}/%{pkgname}/schema %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif %dir %{_sysconfdir}/%{pkgname}/config %dir %{_sysconfdir}/systemd/system/%{groupname}.wants %{_sysusersdir}/389-ds-base.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf %{_datadir}/%{pkgname} %{_datadir}/gdb/auto-load/* %{_unitdir} %{_bindir}/dbscan %{_mandir}/man1/dbscan.1.gz %{_bindir}/ds-replcheck %{_mandir}/man1/ds-replcheck.1.gz %{bash_completions_dir}/ds-replcheck %{_bindir}/ds-logpipe.py %{_mandir}/man1/ds-logpipe.py.1.gz %{_bindir}/ldclt %{_mandir}/man1/ldclt.1.gz %{_bindir}/logconv.pl %{_mandir}/man1/logconv.pl.1.gz %{_bindir}/logconv.py %{_mandir}/man1/logconv.py.1.gz %{_bindir}/pwdhash %{_mandir}/man1/pwdhash.1.gz %{_sbindir}/ns-slapd %{_mandir}/man8/ns-slapd.8.gz %{_sbindir}/openldap_to_ds %{_mandir}/man8/openldap_to_ds.8.gz %{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl %{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh %{_mandir}/man5/99user.ldif.5.gz %{_mandir}/man5/certmap.conf.5.gz %{_mandir}/man5/slapd-collations.conf.5.gz %{_mandir}/man5/dirsrv.5.gz %{_mandir}/man5/dirsrv.systemd.5.gz %{_libdir}/%{pkgname}/python %dir %{_libdir}/%{pkgname}/plugins # This has to be hardcoded to /lib - $libdir changes between lib/lib64, but # sysctl.d is always in /lib. %{_prefix}/lib/sysctl.d/* %dir %{_localstatedir}/lib/%{pkgname} %dir %{_localstatedir}/log/%{pkgname} %ghost %dir %{_localstatedir}/lock/%{pkgname} %exclude %{_sbindir}/ldap-agent* %exclude %{_mandir}/man1/ldap-agent.1.gz %exclude %{_unitdir}/%{pkgname}-snmp.service %if %{with bundle_jemalloc} %{_libdir}/%{pkgname}/lib/ %{_libdir}/%{pkgname}/bin/ %exclude %{_libdir}/%{pkgname}/bin/jemalloc-config %exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh %exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a %exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so %exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a %exclude %{_libdir}/%{pkgname}/lib/pkgconfig %endif %files devel %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %{_mandir}/man3/* %{_includedir}/svrcore.h %{_includedir}/%{pkgname} %{_libdir}/libsvrcore.so %{_libdir}/%{pkgname}/libslapd.so %{_libdir}/%{pkgname}/libns-dshttpd.so %{_libdir}/%{pkgname}/libldaputil.so %{_libdir}/pkgconfig/svrcore.pc %{_libdir}/pkgconfig/dirsrv.pc %files libs %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %dir %{_libdir}/%{pkgname} %{_libdir}/libsvrcore.so.* %{_libdir}/%{pkgname}/libslapd.so.* %{_libdir}/%{pkgname}/libns-dshttpd.so.* %{_libdir}/%{pkgname}/libldaputil.so.* %{_libdir}/%{pkgname}/librewriters.so* %if %{with bundle_jemalloc} %{_libdir}/%{pkgname}/lib/libjemalloc.so.2 %endif %files snmp %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf %{_sbindir}/ldap-agent* %{_mandir}/man1/ldap-agent.1.gz %{_unitdir}/%{pkgname}-snmp.service %if %{with bundle_libdb} %files bdb %doc LICENSE LICENSE.GPLv3+ README.devel LICENSE.libdb README.libdb lgpl-2.1.txt.libdb %{_libdir}/%{pkgname}/%{libdb_bundle_name} %{_libdir}/%{pkgname}/plugins/libback-bdb.so %endif %files -n python%{python3_pkgversion}-lib389 -f %{pyproject_files} %doc src/lib389/README.md %license LICENSE LICENSE.GPLv3+ # Binaries %{_sbindir}/dsconf %{_sbindir}/dscreate %{_sbindir}/dsctl %{_sbindir}/dsidm %{_sbindir}/openldap_to_ds %{_libexecdir}/%{pkgname}/dscontainer # Man pages %{_mandir}/man8/dsconf.8.gz %{_mandir}/man8/dscreate.8.gz %{_mandir}/man8/dsctl.8.gz %{_mandir}/man8/dsidm.8.gz %{_mandir}/man8/openldap_to_ds.8.gz %exclude %{_mandir}/man1 # Bash completions for scripts provided by python3-lib389 %{bash_completions_dir}/dsctl %{bash_completions_dir}/dsconf %{bash_completions_dir}/dscreate %{bash_completions_dir}/dsidm %if %{with cockpit} %files -n cockpit-389-ds -f cockpit.list %{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml %doc README.md %endif %changelog ## START: Generated by rpmautospec * Thu Sep 18 2025 Viktor Ashirov - 3.1.3-5 - Resolves: RHEL-101727 - The numSubordinates value is not matching the number of direct children. - Resolves: RHEL-101783 - RHDS12: Web console doesn't show Server Version - Resolves: RHEL-109018 - Allow Uniqueness plugin to search uniqueness attributes using custom matching rules - Resolves: RHEL-111224 - Error showing local password policy on web UI - Resolves: RHEL-112675 - Statistics about index lookup report a wrong duration - Resolves: RHEL-112689 - Crash if repl keep alive entry can not be created - Resolves: RHEL-112722 - Exception thrown by dsconf instance repl get_ruv - Resolves: RHEL-113969 - AddressSanitizer: memory leak in memberof_add_memberof_attr * Tue Aug 05 2025 Viktor Ashirov - 3.1.3-4 - Resolves: RHEL-73032 - segfault - error 4 in libpthread-2.28.so - Resolves: RHEL-79079 - Failure to get Server monitoring data when NDN cache is disabled. - Resolves: RHEL-87352 - ns-slapd crashed when we add nsslapd-referral - Resolves: RHEL-92054 - Memory leak in roles_cache_create_object_from_entry [rhel-10] - Resolves: RHEL-107001 - ipa-restore fails to restore SELinux contexts, causes ns-slapd AVC denials on /dev/shm after restore. [rhel-10] - Resolves: RHEL-107028 - CWE-284 dirsrv log rotation creates files with world readable permission - Resolves: RHEL-107035 - CWE-532 Created user password hash available to see in audit log - Resolves: RHEL-107037 - CWE-778 Log doesn't show what user gets password changed by administrator * Fri Aug 01 2025 Viktor Ashirov - 3.1.3-3 - Resolves: RHEL-80252 - [RFE] Structured (JSON) logging option for RHDS access and error logs - Resolves: RHEL-95441 - ns-slapd[xxxx]: segfault at 10d7d0d0 ip 00007ff734050cdb sp 00007ff6de9f1430 error 6 in libslapd.so.0.1.0[7ff733ec0000+1b3000] * Thu Jul 10 2025 Viktor Ashirov - 3.1.3-2 - Resolves: RHEL-5117 - ns-slapd crash in dbmdb_import_prepare_worker_entry() - Resolves: RHEL-31959 - [RFE] add plugin origin or source in security's log msg info - Resolves: RHEL-35241 - ns-slapd crashes in referral mode - Resolves: RHEL-61327 - Incomplete messages about replication in the errors log. - Resolves: RHEL-61353 - dbscan on replication changelog does not display MOD_TYPE - Resolves: RHEL-62874 - dsidm: issue when renaming users - Resolves: RHEL-65660 - DSIDM: Re-enabling user accounts that reached inactivity limit fails with error - Resolves: RHEL-67003 - dsconf backend replication monitor fails if replica id starts with 0 - Resolves: RHEL-67006 - dsconf utility should let you configure the "uniqueness-exclude-subtrees" parameter of the Attribute Uniqueness plug- in - Resolves: RHEL-67019 - Crash in __strlen_sse2 when using the nsRole filter rewriter. - Resolves: RHEL-67022 - Password modify extended operation should skip password policy checks when executed by root DN - Resolves: RHEL-70117 - Unify how group description can be added to a new group in WebUI and CLU - Resolves: RHEL-74085 - Increased memory consumption caused by NDN cache - Resolves: RHEL-74270 - [RFE] Implement "list-dn" option for dsidm tool in Directory Server - Resolves: RHEL-76832 - Wrong backend database name syntax causes "Red Hat Directory Server" => "Databases" menu blank in Cockpit - Resolves: RHEL-76837 - dsidm Error: float() argument must be a string or a number, not 'NoneType' - Resolves: RHEL-76840 - Monitoring tab should use dsconf monitor - Resolves: RHEL-77490 - Complete remove the parameter "nsslapd-subtree- rename-switch" from DS-12 - Resolves: RHEL-79080 - Json option does not work with "dsidm account get- by-dn" command - Resolves: RHEL-80252 - [RFE] Structured (JSON) logging option for RHDS access and error logs - Resolves: RHEL-80253 - RHDS hangs when having online backup running together with automember_rebuild task executing - Resolves: RHEL-80497 - Can't rename users member of automember rule [rhel-10] - Resolves: RHEL-81277 - logconv.py fails when specific timestamps are provided - Resolves: RHEL-83850 - mdb database statistics don't work - Resolves: RHEL-86279 - Cannot create a nested role using "dsidm role create-nested" - Resolves: RHEL-86280 - Cannot create a filtered role using "dsidm role create-filtered" - Resolves: RHEL-86313 - RootDN Access Control Plugin with wildcards for IP addresses fails with an error "Invalid IP address" - Resolves: RHEL-86314 - dsidm failing with error "argument must be a string or a number" - Resolves: RHEL-86315 - Dsidm get_dn option fails for organizational unit, service and posixgroup - Resolves: RHEL-86316 - Dsidm uniquegroup members option does not work - Resolves: RHEL-86321 - dsidm role rename-by-dn does not rename a role - Resolves: RHEL-86322 - dsidm role subtree-status doesn't work - Resolves: RHEL-86323 - dsidm role get-by-dn doesn't work properly with -j option - Resolves: RHEL-86324 - Deleting a role with dsidm results in proper deletion message, but role is still present - Resolves: RHEL-86785 - dscontainer: support loading custom schema - Resolves: RHEL-86878 - segfault at 7ff2370010c8 ip 00007ff2339ba239 sp 00007fed321fe100 error 6 in liblmdb.so.0.0.0 - Resolves: RHEL-89748 - Nested group does not receive memberOf attribute - Resolves: RHEL-89774 - Improve the "result" field of ipa-healthcheck if replicas are busy [rhel-10] - Resolves: RHEL-89776 - RHDS12.2 NSMMReplicationPlugin - release_replica Unable to parse the response - Resolves: RHEL-95441 - ns-slapd[xxxx]: segfault at 10d7d0d0 ip 00007ff734050cdb sp 00007ff6de9f1430 error 6 in libslapd.so.0.1.0[7ff733ec0000+1b3000] - Resolves: RHEL-95761 - Improve error message when bulk import connection is closed - Resolves: RHEL-97565 - On RHDS 12.6 The user password policy for a user was created, but the pwdpolicysubentry attribute for this user incorrectly points to the People OU password policy instead of the specific user policy. - Resolves: RHEL-101926 - ipa-backup failed with error : 'No such file or directory: '/usr/sbin/dsctl' * Mon Jun 30 2025 Viktor Ashirov - 3.1.3-1 - Resolves: RHEL-80162 - Rebase 389-ds-base to 3.1.x * Wed Feb 12 2025 Viktor Ashirov - 3.0.6-2 - Bump version to 3.0.6-3 - Resolves: RHEL-5141 - [RFE] For each request, a ldap client can assign an identifier to be added in the logs - Resolves: RHEL-77948 - ns-slapd crashes with data directory ≥ 2 days old [rhel-10] - Resolves: RHEL-78342 - During import of entries without nsUniqueId, a supplier generates duplicate nsUniqueId (LMDB only) * Wed Jan 29 2025 Viktor Ashirov - 3.0.6-1 - Update to 3.0.6 - Resolves: RHEL-1681 - [RFE] Log buffering for all log types - Resolves: RHEL-5141 - [RFE] For each request, a ldap client can assign an identifier to be added in the logs - Resolves: RHEL-38917 - dscreate interactive install shows a traceback when mdb is selected - Resolves: RHEL-42485 - [RFE] pbkdf2 hardcoded parameters should be turned into configuration options - Resolves: RHEL-59513 - [RFE] Port logconv.pl to python - Resolves: RHEL-61253 - Make online import more robust - Resolves: RHEL-69819 - "Duplicated DN detected" errors when creating indexes or importing entries. [rhel-10.0] - Resolves: RHEL-70122 - Crash in attrlist_find() when the Account Policy plugin is enabled. - Resolves: RHEL-74149 - backup/restore broken - Resolves: RHEL-74154 - If an entry RDN is identical to the suffix, then Entryrdn gets broken during a reindex - Resolves: RHEL-74159 - Crash during bind when acct policy plugin does not have "alwaysrecordlogin" set - Resolves: RHEL-74164 - On replica consumer, account policy plugin fails to manage the last login history - Resolves: RHEL-76020 - IPA LDAP error code T3 when no exceeded time limit from a paged search result [rhel-10] - Resolves: RHEL-76838 - Unlocked and locked users having same error output - Resolves: RHEL-76841 - Healthcheck tool should warn admin about creating a substring index on membership attribute * Mon Dec 16 2024 Viktor Ashirov - 3.0.5-2 - Fix License tag - Resolves: RHEL-67196 - Rebase 389-ds-base to 3.0.5 * Mon Dec 16 2024 Viktor Ashirov - 3.0.5-1 - Update to 3.0.5 - Resolves: RHEL-67196 - Rebase 389-ds-base to 3.0.5 * Tue Oct 29 2024 Troy Dawson - 3.0.4-4 - Bump release for October 2024 mass rebuild: * Mon Sep 16 2024 Viktor Ashirov - 3.0.4-2 - Resolves: RHEL-58070 - lmdb reindex is broken if index type is specified * Wed Aug 21 2024 Viktor Ashirov - 3.0.4-1 - Bump version to 3.0.4 * Thu Jul 11 2024 James Chapman - 3.0.3-10 - Bump version to 3.0.3-10 * Wed Jun 26 2024 Viktor Ashirov - 3.0.3-9 - Replace lmdb with lmdb-libs in Requires * Mon Jun 24 2024 Troy Dawson - 3.0.3-8 - Bump release for June 2024 mass rebuild * Mon Jun 17 2024 Viktor Ashirov - 3.0.3-7 - Drop pytest dependency * Thu Jun 13 2024 Viktor Ashirov - 3.0.3-6 - Remove incorrect Requires and Provides * Tue Jun 04 2024 Viktor Ashirov - 3.0.3-4 - Update dependencies for 389-ds-base-bdb * Mon Jun 03 2024 Viktor Ashirov - 3.0.3-3 - Resolves: RHEL-30640 - Remove libdb requirement from 389-ds-base * Thu May 09 2024 James Chapman - 3.0.3-1 - Bump version to 3.0.3 - Resolves: RHEL-31780 - Rebase 389-ds-base.3.0.3 in RHEL 10 ## END: Generated by rpmautospec