%global pkgname dirsrv %global srcname 389-ds-base # Exclude i686 bit arches ExcludeArch: i686 # If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. %global use_Socket6 0 %global use_asan 0 %global bundle_jemalloc 1 %if %{use_asan} %global bundle_jemalloc 0 %endif %if %{bundle_jemalloc} %global jemalloc_name jemalloc %global jemalloc_ver 5.3.0 %global __provides_exclude ^libjemalloc\\.so.*$ %endif # Use Clang instead of GCC %global use_clang 0 # Build cockpit plugin %global use_cockpit 1 # fedora 15 and later uses tmpfiles.d # otherwise, comment this out %{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} # systemd support %global groupname %{pkgname}.target # set PIE flag %global _hardened_build 1 # Filter argparse-manpage from autogenerated package Requires %global __requires_exclude ^python.*argparse-manpage # Force to require nss version greater or equal as the version available at the build time # See bz1986327 %define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") Summary: 389 Directory Server (base) Name: 389-ds-base Version: 2.3.2 Release: 1%{?dist} License: GPLv3+ and (ASL 2.0 or MIT) URL: https://www.port389.org Conflicts: selinux-policy-base < 3.9.8 Conflicts: freeipa-server < 4.0.3 Obsoletes: %{name} <= 1.4.4 Obsoletes: %{name}-legacy-tools < 1.4.4.6 Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6 Provides: ldif2ldbm >= 0 ##### Bundled cargo crates list - START ##### Provides: bundled(crate(ahash)) = 0.7.6 Provides: bundled(crate(ansi_term)) = 0.12.1 Provides: bundled(crate(atty)) = 0.2.14 Provides: bundled(crate(autocfg)) = 1.1.0 Provides: bundled(crate(base64)) = 0.13.1 Provides: bundled(crate(bitflags)) = 1.3.2 Provides: bundled(crate(byteorder)) = 1.4.3 Provides: bundled(crate(cbindgen)) = 0.9.1 Provides: bundled(crate(cc)) = 1.0.78 Provides: bundled(crate(cfg-if)) = 1.0.0 Provides: bundled(crate(clap)) = 2.34.0 Provides: bundled(crate(concread)) = 0.2.21 Provides: bundled(crate(crossbeam)) = 0.8.2 Provides: bundled(crate(crossbeam-channel)) = 0.5.6 Provides: bundled(crate(crossbeam-deque)) = 0.8.2 Provides: bundled(crate(crossbeam-epoch)) = 0.9.13 Provides: bundled(crate(crossbeam-queue)) = 0.3.8 Provides: bundled(crate(crossbeam-utils)) = 0.8.14 Provides: bundled(crate(entryuuid)) = 0.1.0 Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 Provides: bundled(crate(fastrand)) = 1.8.0 Provides: bundled(crate(fernet)) = 0.1.4 Provides: bundled(crate(foreign-types)) = 0.3.2 Provides: bundled(crate(foreign-types-shared)) = 0.1.1 Provides: bundled(crate(getrandom)) = 0.2.8 Provides: bundled(crate(hashbrown)) = 0.12.3 Provides: bundled(crate(hermit-abi)) = 0.1.19 Provides: bundled(crate(instant)) = 0.1.12 Provides: bundled(crate(itoa)) = 1.0.5 Provides: bundled(crate(jobserver)) = 0.1.25 Provides: bundled(crate(libc)) = 0.2.139 Provides: bundled(crate(librnsslapd)) = 0.1.0 Provides: bundled(crate(librslapd)) = 0.1.0 Provides: bundled(crate(lock_api)) = 0.4.9 Provides: bundled(crate(log)) = 0.4.17 Provides: bundled(crate(lru)) = 0.7.8 Provides: bundled(crate(memoffset)) = 0.7.1 Provides: bundled(crate(once_cell)) = 1.17.0 Provides: bundled(crate(openssl)) = 0.10.45 Provides: bundled(crate(openssl-macros)) = 0.1.0 Provides: bundled(crate(openssl-sys)) = 0.9.80 Provides: bundled(crate(parking_lot)) = 0.11.2 Provides: bundled(crate(parking_lot_core)) = 0.8.6 Provides: bundled(crate(paste)) = 0.1.18 Provides: bundled(crate(paste-impl)) = 0.1.18 Provides: bundled(crate(pin-project-lite)) = 0.2.9 Provides: bundled(crate(pkg-config)) = 0.3.26 Provides: bundled(crate(ppv-lite86)) = 0.2.17 Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated Provides: bundled(crate(proc-macro2)) = 1.0.50 Provides: bundled(crate(pwdchan)) = 0.1.0 Provides: bundled(crate(quote)) = 1.0.23 Provides: bundled(crate(rand)) = 0.8.5 Provides: bundled(crate(rand_chacha)) = 0.3.1 Provides: bundled(crate(rand_core)) = 0.6.4 Provides: bundled(crate(redox_syscall)) = 0.2.16 Provides: bundled(crate(remove_dir_all)) = 0.5.3 Provides: bundled(crate(ryu)) = 1.0.12 Provides: bundled(crate(scopeguard)) = 1.1.0 Provides: bundled(crate(serde)) = 1.0.152 Provides: bundled(crate(serde_derive)) = 1.0.152 Provides: bundled(crate(serde_json)) = 1.0.91 Provides: bundled(crate(slapd)) = 0.1.0 Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 Provides: bundled(crate(smallvec)) = 1.10.0 Provides: bundled(crate(strsim)) = 0.8.0 Provides: bundled(crate(syn)) = 1.0.107 Provides: bundled(crate(synstructure)) = 0.12.6 Provides: bundled(crate(tempfile)) = 3.3.0 Provides: bundled(crate(textwrap)) = 0.11.0 Provides: bundled(crate(tokio)) = 1.24.2 Provides: bundled(crate(tokio-macros)) = 1.8.2 Provides: bundled(crate(toml)) = 0.5.11 Provides: bundled(crate(unicode-ident)) = 1.0.6 Provides: bundled(crate(unicode-width)) = 0.1.10 Provides: bundled(crate(unicode-xid)) = 0.2.4 Provides: bundled(crate(uuid)) = 0.8.2 Provides: bundled(crate(vcpkg)) = 0.2.15 Provides: bundled(crate(vec_map)) = 0.8.2 Provides: bundled(crate(version_check)) = 0.9.4 Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1 Provides: bundled(crate(winapi)) = 0.3.9 Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(windows-sys)) = 0.42.0 Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.42.1 Provides: bundled(crate(windows_aarch64_msvc)) = 0.42.1 Provides: bundled(crate(windows_i686_gnu)) = 0.42.1 Provides: bundled(crate(windows_i686_msvc)) = 0.42.1 Provides: bundled(crate(windows_x86_64_gnu)) = 0.42.1 Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.42.1 Provides: bundled(crate(windows_x86_64_msvc)) = 0.42.1 Provides: bundled(crate(zeroize)) = 1.5.7 Provides: bundled(crate(zeroize_derive)) = 1.3.3 ##### Bundled cargo crates list - END ##### BuildRequires: nspr-devel >= 4.32 BuildRequires: nss-devel >= 3.67.0-7 BuildRequires: openldap-devel BuildRequires: lmdb-devel BuildRequires: libdb-devel BuildRequires: cyrus-sasl-devel BuildRequires: icu BuildRequires: libicu-devel BuildRequires: pcre2-devel BuildRequires: cracklib-devel BuildRequires: json-c-devel %if %{use_clang} BuildRequires: libatomic BuildRequires: clang %else BuildRequires: gcc BuildRequires: gcc-c++ %endif # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel BuildRequires: lm_sensors-devel BuildRequires: bzip2-devel BuildRequires: zlib-devel BuildRequires: openssl-devel # the following is for the pam passthru auth plug-in BuildRequires: pam-devel BuildRequires: systemd-units BuildRequires: systemd-devel %if %{use_asan} BuildRequires: libasan %endif BuildRequires: cargo BuildRequires: rust BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libpcre2-8) # Needed to support regeneration of the autotool artifacts. BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool # For our documentation BuildRequires: doxygen # For tests! BuildRequires: libcmocka-devel BuildRequires: libevent-devel # For lib389 and related components BuildRequires: python%{python3_pkgversion}-devel BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python%{python3_pkgversion}-ldap BuildRequires: python%{python3_pkgversion}-six BuildRequires: python%{python3_pkgversion}-pyasn1 BuildRequires: python%{python3_pkgversion}-pyasn1-modules BuildRequires: python%{python3_pkgversion}-dateutil BuildRequires: python%{python3_pkgversion}-argcomplete BuildRequires: python%{python3_pkgversion}-argparse-manpage BuildRequires: python%{python3_pkgversion}-libselinux BuildRequires: python%{python3_pkgversion}-policycoreutils # For cockpit %if %{use_cockpit} BuildRequires: rsync %endif Requires: %{name}-libs = %{version}-%{release} Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} Requires: lmdb-libs # this is needed for using semanage from our setup scripts Requires: policycoreutils-python-utils Requires: /usr/sbin/semanage Requires: libsemanage-python%{python3_pkgversion} Requires: selinux-policy >= 3.14.1-29 # the following are needed for some of our scripts Requires: openldap-clients Requires: /usr/bin/c_rehash Requires: python%{python3_pkgversion}-ldap Requires: acl Requires: zlib Requires: json-c # this is needed to setup SSL if you are not using the # administration server package Requires: nss-tools Requires: nss >= 3.67.0-7 Requires: nspr >= 4.32 # these are not found by the auto-dependency method # they are required to support the mandatory LDAP SASL mechs Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-md5 Requires: cyrus-sasl-plain # this is needed for verify-db.pl Requires: libdb-utils # Needed for password dictionary checks Requires: cracklib-dicts # Needed by logconv.pl Requires: perl-DB_File Requires: perl-Archive-Tar %if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 Requires: perl-debugger Requires: perl-sigtrap %endif # Picks up our systemd deps. %{?systemd_requires} Obsoletes: %{name} <= 1.4.4 Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2 # 389-ds-git.sh should be used to generate the source tarball from git Source1: %{name}-git.sh Source2: %{name}-devel.README %if %{bundle_jemalloc} Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 %endif %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. %if %{use_asan} WARNING! This build is linked to Address Sanitisation libraries. This probably isn't what you want. Please contact support immediately. Please see http://seclists.org/oss-sec/2016/q1/363 for more information. %endif %package libs Summary: Core libraries for 389 Directory Server BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.34 BuildRequires: openldap-devel BuildRequires: libdb-devel BuildRequires: cyrus-sasl-devel BuildRequires: libicu-devel BuildRequires: pcre2-devel BuildRequires: libtalloc-devel BuildRequires: libevent-devel BuildRequires: libtevent-devel Requires: krb5-libs Requires: libevent BuildRequires: systemd-devel BuildRequires: make Provides: svrcore = 4.1.4 Conflicts: svrcore Obsoletes: svrcore <= 4.1.3 %description libs Core libraries for the 389 Directory Server base package. These libraries are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package. %package devel Summary: Development libraries for 389 Directory Server Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig Requires: nspr-devel Requires: nss-devel >= 3.34 Requires: openldap-devel Requires: libtalloc Requires: libevent Requires: libtevent Requires: systemd-libs Provides: svrcore-devel = 4.1.4 Conflicts: svrcore-devel Obsoletes: svrcore-devel <= 4.1.3 %description devel Development Libraries and headers for the 389 Directory Server base package. %package snmp Summary: SNMP Agent for 389 Directory Server Requires: %{name} = %{version}-%{release} Obsoletes: %{name} <= 1.4.0.0 %description snmp SNMP Agent for the 389 Directory Server base package. %package -n python%{python3_pkgversion}-lib389 Summary: A library for accessing, testing, and configuring the 389 Directory Server BuildArch: noarch Requires: openssl Requires: iproute Recommends: bash-completion Requires: python%{python3_pkgversion} Requires: python%{python3_pkgversion}-distro Requires: python%{python3_pkgversion}-ldap Requires: python%{python3_pkgversion}-six Requires: python%{python3_pkgversion}-pyasn1 Requires: python%{python3_pkgversion}-pyasn1-modules Requires: python%{python3_pkgversion}-dateutil Requires: python%{python3_pkgversion}-argcomplete Requires: python%{python3_pkgversion}-libselinux Requires: python%{python3_pkgversion}-setuptools %{?python_provide:%python_provide python%{python3_pkgversion}-lib389} %description -n python%{python3_pkgversion}-lib389 This module contains tools and libraries for accessing, testing, and configuring the 389 Directory Server. %if %{use_cockpit} %package -n cockpit-389-ds Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server BuildArch: noarch Requires: cockpit Requires: 389-ds-base Requires: python%{python3_pkgversion} Requires: python%{python3_pkgversion}-lib389 %description -n cockpit-389-ds A cockpit UI Plugin for configuring and administering the 389 Directory Server %endif %prep %autosetup -p1 -v -n %{name}-%{version} %if %{bundle_jemalloc} %setup -q -n %{name}-%{version} -T -D -b 3 %endif cp %{SOURCE2} README.devel %build OPENLDAP_FLAG="--with-openldap" %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} # hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" %if %{use_asan} ASAN_FLAGS="--enable-asan --enable-debug" %endif RUST_FLAGS="--enable-rust --enable-rust-offline" %if !%{use_cockpit} COCKPIT_FLAGS="--disable-cockpit" %endif %if %{use_clang} export CC=clang export CXX=clang++ CLANG_FLAGS="--enable-clang" %endif %if %{bundle_jemalloc} # Override page size, bz #1545539 # 4K %ifarch %ix86 %arm x86_64 s390x %define lg_page --with-lg-page=12 %endif # 64K %ifarch ppc64 ppc64le aarch64 %define lg_page --with-lg-page=16 %endif # Override huge page size on aarch64 # 2M instead of 512M %ifarch aarch64 %define lg_hugepage --with-lg-hugepage=21 %endif # Build jemalloc pushd ../%{jemalloc_name}-%{jemalloc_ver} %configure \ --libdir=%{_libdir}/%{pkgname}/lib \ --bindir=%{_libdir}/%{pkgname}/bin \ --enable-prof make %{?_smp_mflags} popd %endif # Enforce strict linking %define _ld_strict_symbol_defs 1 # Rebuild the autotool artifacts now. autoreconf -fiv %configure --enable-autobind --with-selinux $TMPFILES_FLAG \ --with-systemd \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ --with-systemdgroupname=%{groupname} \ --libexecdir=%{_libexecdir}/%{pkgname} \ $NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ --enable-cmocka \ --with-libldap-r=no \ --enable-perl # lib389 pushd ./src/lib389 %py3_build popd # argparse-manpage dynamic man pages have hardcoded man v1 in header, # need to change it to v8 sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsconf.8 sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsctl.8 sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsidm.8 sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dscreate.8 # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS #make %{?_smp_mflags} make %install mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} %if %{use_cockpit} mkdir -p %{buildroot}%{_datadir}/cockpit %endif make DESTDIR="$RPM_BUILD_ROOT" install %if %{use_cockpit} find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list %endif # Copy in our docs from doxygen. cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 # lib389 pushd src/lib389 %py3_install popd mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} # for systemd mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants # remove libtool archives and static libs rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la %if %{bundle_jemalloc} pushd ../%{jemalloc_name}-%{jemalloc_ver} make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc cp -pa README ../%{name}-%{version}/README.jemalloc popd %endif %check # This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi %post if [ -n "$DEBUGPOSTTRANS" ] ; then output=$DEBUGPOSTTRANS output2=${DEBUGPOSTTRANS}.upgrade else output=/dev/null output2=/dev/null fi # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >$output 2>&1 || : # https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation # Soft static allocation for UID and GID USERNAME="dirsrv" ALLOCATED_UID=389 GROUPNAME="dirsrv" ALLOCATED_GID=389 HOMEDIR="/usr/share/dirsrv" getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME if ! getent passwd $USERNAME >/dev/null ; then if ! getent passwd $ALLOCATED_UID >/dev/null ; then /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME else /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME fi fi # Reload our sysctl before we restart (if we can) sysctl --system &> $output; true # Gather the running instances so we can restart them instbase="%{_sysconfdir}/%{pkgname}" ninst=0 for dir in $instbase/slapd-* ; do echo dir = $dir >> $output 2>&1 || : if [ ! -d "$dir" ] ; then continue ; fi case "$dir" in *.removed) continue ;; esac basename=`basename $dir` inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" echo found instance $inst - getting status >> $output 2>&1 || : if /bin/systemctl -q is-active $inst ; then echo instance $inst is running >> $output 2>&1 || : instances="$instances $inst" else echo instance $inst is not running >> $output 2>&1 || : fi ninst=`expr $ninst + 1` done if [ $ninst -eq 0 ] ; then echo no instances to upgrade >> $output 2>&1 || : exit 0 # have no instances to upgrade - just skip the rest else # restart running instances echo shutting down all instances . . . >> $output 2>&1 || : for inst in $instances ; do echo stopping instance $inst >> $output 2>&1 || : /bin/systemctl stop $inst >> $output 2>&1 || : done for inst in $instances ; do echo starting instance $inst >> $output 2>&1 || : /bin/systemctl start $inst >> $output 2>&1 || : done fi %preun if [ $1 -eq 0 ]; then # Final removal # remove instance specific service files/links rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : fi %postun if [ $1 = 0 ]; then # Final removal rm -rf /var/run/%{pkgname} fi %post snmp %systemd_post %{pkgname}-snmp.service %preun snmp %systemd_preun %{pkgname}-snmp.service %{groupname} %postun snmp %systemd_postun_with_restart %{pkgname}-snmp.service exit 0 %files %if %{bundle_jemalloc} %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc %license COPYING.jemalloc %else %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl %endif %dir %{_sysconfdir}/%{pkgname} %dir %{_sysconfdir}/%{pkgname}/schema %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif %dir %{_sysconfdir}/%{pkgname}/config %dir %{_sysconfdir}/systemd/system/%{groupname}.wants %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf %{_datadir}/%{pkgname} %{_datadir}/gdb/auto-load/* %{_unitdir} %{_bindir}/dbscan %{_mandir}/man1/dbscan.1.gz %{_bindir}/ds-replcheck %{_mandir}/man1/ds-replcheck.1.gz %{_bindir}/ds-logpipe.py %{_mandir}/man1/ds-logpipe.py.1.gz %{_bindir}/ldclt %{_mandir}/man1/ldclt.1.gz %{_bindir}/logconv.pl %{_mandir}/man1/logconv.pl.1.gz %{_bindir}/pwdhash %{_mandir}/man1/pwdhash.1.gz #%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd %{_sbindir}/ns-slapd %{_mandir}/man8/ns-slapd.8.gz %{_sbindir}/openldap_to_ds %{_mandir}/man8/openldap_to_ds.8.gz %{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl %{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh %{_mandir}/man5/99user.ldif.5.gz %{_mandir}/man5/certmap.conf.5.gz %{_mandir}/man5/slapd-collations.conf.5.gz %{_mandir}/man5/dirsrv.5.gz %{_mandir}/man5/dirsrv.systemd.5.gz %{_libdir}/%{pkgname}/python %dir %{_libdir}/%{pkgname}/plugins %{_libdir}/%{pkgname}/plugins/*.so # This has to be hardcoded to /lib - $libdir changes between lib/lib64, but # sysctl.d is always in /lib. %{_prefix}/lib/sysctl.d/* %dir %{_localstatedir}/lib/%{pkgname} %dir %{_localstatedir}/log/%{pkgname} %ghost %dir %{_localstatedir}/lock/%{pkgname} %exclude %{_sbindir}/ldap-agent* %exclude %{_mandir}/man1/ldap-agent.1.gz %exclude %{_unitdir}/%{pkgname}-snmp.service %if %{bundle_jemalloc} %{_libdir}/%{pkgname}/lib/ %{_libdir}/%{pkgname}/bin/ %exclude %{_libdir}/%{pkgname}/bin/jemalloc-config %exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh %exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a %exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so %exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a %exclude %{_libdir}/%{pkgname}/lib/pkgconfig %endif %files devel %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %{_mandir}/man3/* %{_includedir}/svrcore.h %{_includedir}/%{pkgname} %{_libdir}/libsvrcore.so %{_libdir}/%{pkgname}/libslapd.so %{_libdir}/%{pkgname}/libns-dshttpd.so %{_libdir}/%{pkgname}/libldaputil.so %{_libdir}/pkgconfig/svrcore.pc %{_libdir}/pkgconfig/dirsrv.pc %files libs %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %dir %{_libdir}/%{pkgname} %{_libdir}/libsvrcore.so.* %{_libdir}/%{pkgname}/libslapd.so.* %{_libdir}/%{pkgname}/libns-dshttpd.so.* %{_libdir}/%{pkgname}/libldaputil.so.* %{_libdir}/%{pkgname}/librewriters.so* %if %{bundle_jemalloc} %{_libdir}/%{pkgname}/lib/libjemalloc.so.2 %endif %files snmp %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf %{_sbindir}/ldap-agent* %{_mandir}/man1/ldap-agent.1.gz %{_unitdir}/%{pkgname}-snmp.service %files -n python%{python3_pkgversion}-lib389 %doc LICENSE LICENSE.GPLv3+ %{python3_sitelib}/lib389* %{_sbindir}/dsconf %{_mandir}/man8/dsconf.8.gz %{_sbindir}/dscreate %{_mandir}/man8/dscreate.8.gz %{_sbindir}/dsctl %{_mandir}/man8/dsctl.8.gz %{_sbindir}/dsidm %{_mandir}/man8/dsidm.8.gz %{_libexecdir}/%{pkgname}/dscontainer %if %{use_cockpit} %files -n cockpit-389-ds -f cockpit.list %{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml %doc README.md %endif %changelog * Mon Jan 23 2023 Mark Reynolds - 2.3.2-1 - Bump version to 2.3.2 - Issue 5547 - automember plugin improvements - Issue 5607, 5351, 5611 - UI/CLI - fix various issues - Issue 5610 - Build failure on Debian - Issue 5608 - UI - need to replace some "const" with "let" - Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579) - Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584) - Issue 5605 - Adding a slapi_log_backtrace function in libslapd (#5606) - Issue 5602 - UI - browser crash when trying to modify read-only variable - Issue 5581 - UI - Support cockpit dark theme - Issue 5593 - CLI - dsidm account subtree-status fails with TypeError - Issue 5591 - BUG - Segfault in cl5configtrim with invalid confi (#5592) - Fix latest npm audit failures - Issue 5599 - CI - webui tests randomly fail - Issue 5348 - RFE - CLI - add functionality to do bulk updates to entries - Issue 5588 - Fix CI tests - Issue 5585 - lib389 password policy DN handling is incorrect (#5587) - Issue 5521 - UI - Update plugins for new split PAM and LDAP pass thru auth - Bump json5 from 2.2.1 to 2.2.3 in /src/cockpit/389-console - Issue 5236 - UI add specialized group edit modal - Issue 5550 - dsconf monitor crashes with Error math domain error (#5553) - Issue 5278 - CLI - dsidm asks for the old password on password reset - Issue 5531 - CI - use universal_lines in capture_output - Issue 5425 - CLI - add confirmation arg when deleting backend - Issue 5558 - non-root instance fails to start on creation (#5559) - Issue 5545 - A random crash in import over lmdb (#5546) - Issue 3615 - CLI - prevent virtual attribute indexing - Update specfile and rust crates - Issue 5413 - Allow mutliple MemberOf fixup tasks with different bases/filters - Issue 5554 - Add more tests to security_basic_test suite (#5555) - Issue 5561 - Nightly tests are failing - Issue 5521 - RFE - split pass through auth cli - Issue 5521 - BUG - Pam PTA multiple issues - Issue 5544 - Increase default task TTL - Issue 5526 - RFE - Improve saslauthd migration options (#5528) - Issue 5539 - Make logger's parameter name unified (#5540) - Issue 5541 - Fix typo in `lib389.cli_conf.backend._get_backend` (#5542) - Issue 3729 - (cont) RFE Extend log of operations statistics in access log (#5538) - Issue 5534 - Fix a rebase typo (#5537) - Issue 5534 - Add copyright text to the repository files * Wed Jan 18 2023 Fedora Release Engineering - 2.3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Dec 31 2022 Pete Walter - 2.3.1-2 - Rebuild for ICU 72 * Fri Nov 18 2022 Mark Reynolds - 2.3.1-1 - Bump version to 2.3.1 - Issue 5532 - Make db compaction TOD day more robust. - Issue 3729 - RFE Extend log of operations statistics in access log (#5508) - Issue 5529 - UI - Fix npm vulnerability in loader-utils - Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498) - Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement - Issue 5510 - remove twalk_r dependency to build on RHEL8 (#5516) - Issue 5162 - RFE - CLI allow adding CA certificate bundles - Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455) - Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513) - Issue 3555 - UI - fix audit issue with npm loader-utils (#5514) - Issue 5505 - Fix compiler warning (#5506) - Issue 5469 - Increase the default value of nsslapd-conntablesize (#5472) - Issue 5408 - lmdb import is slow (#5481) - Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed - Issue 5502 - RFE - Add option to display entry attributes in audit log - Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501) - Issue 5367 - RFE - store full DN in database record - Issue 5495 - RFE - skip dds during migration. (#5496) - Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492) - Issue 5368 - Retro Changelog trimming does not work (#5486) - Issue 5487 - Fix various issues with logconv.pl - Issue 5476 - RFE - add memberUid read aci by default (#5477) - Issue 5482 - lib389 - Can not enable replication with a mixed case suffix - Issue 5478 - Random crash in connection code during server shutdown (#5479) - Issue 3061 - RFE - Add password policy debug log level - Issue 5302 - Release tarballs don't contain cockpit webapp - Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264) - Issue 4324 - Revert recursive pthread mutex change (#5463) - Issue 5462 - RFE - add missing default indexes (#5464) - Issue 5465 - Fix dbscan linking (#5466) - Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272) - Issue 5453 - UI/CLI - Changing Root DN breaks UI - Issue 5446 - Fix some covscan issues (#5451) - Issue 4308 - checking if an entry is a referral is expensive - Issue 5447 - UI - add NDN max cache size to UI - Issue 5443 - UI - disable save button while saving - Issue 5413 - Allow only one MemberOf fixup task at a time - Issue 4592 - dscreate error with custom dir_path (#5434) - Issue 5158 - entryuuid fixup tasks fails in replicated topology (#5439) * Tue Sep 20 2022 Mark Reynolds - 2.3.0-2 - Bump version to 2.3.0-2 - Update old pcre-devel requirement to pcre2-devel * Thu Sep 1 2022 Mark Reynolds - 2.3.0-1 - Bump version to 2.3.0 - Issue 5012 - Migrate pcre to pcre2 - remove match limit - Issue 5356 - Make Rust non-optional and update default password storage scheme - Issue 5012 - Migrate pcre to pcre2 - Issue 5428 - Fix regression with nscpEntryWsi computation - Fix missing 'not' in description (closes #5423) (#5424) - Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422) - Issue 3903 - fix repl keep alive event interval - Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420) - Issue 5415 - Hostname when set to localhost causing failures in other tests - Issue 5412 - lib389 - do not set backend name to lowercase - Issue 5407 - sync_repl crashes if enabled while dynamic plugin is enabled (#5411) - Issue 5385 - LMDB - import crash in rdncache_add_elem (#5406) - Issue 5403 - Memory leak in conntection table mulit list (#5404) - Issue 3903 - keep alive update event starts too soon - Issue 5397 - Fix various memory leaks - Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400) - Issue 3903 - Supplier should do periodic updates - Issue 5377 - Code cleanup: Fix Covscan invalid reference (#5393) - Issue 5394 - configure doesn't check for lmdb and json-c - Issue 5392 - dscreate fails when using alternative ports in the SELinux hi_reserved_port_t label range - Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387) - Issue 5388 - fix use-after-free and deadcode - Issue 5383 - UI - Various fixes and RFE's for UI - Issue 4656 - Remove problematic language from source code - Issue 5380 - Separate cleanAllRUV code into new file - Issue 5322 - optime & wtime on rejected connections is not properly set - Issue 5335 - RFE - Add Security Audit Log - Issue 5375 - CI - disable TLS hostname checking - Issue 981 - Managed Entries betxnpreoperation - transaction not aborted on managed entry failure (#5369) - Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function - Issue 5371 - Update npm and cargo packages - Issue 3069 - Support ECDSA private keys for TLS (#5365) - Issue 5290 - Importing certificate chain files via "import-server-key-cert" no longer works (#5293) * Mon Aug 01 2022 Frantisek Zatloukal - 2.2.2-3 - Rebuilt for ICU 71.1 * Wed Jul 20 2022 Fedora Release Engineering - 2.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 5 2022 Mark Reynolds - 2.2.2-1 - Bump version to 2.2.2 - Issue 5221 - fix covscan (#5359) - Issue 5294 - Report Portal 5 is not processing an XML file with (#5358) - Issue 5353 - CLI - dsconf backend export breaks with multiple backends - Issue 5346 - New connection table fails with ASAN failures (#5350) - Issue 5345 - BUG - openldap migration fails when ppolicy is active (#5347) - Issue 5323 - BUG - improve skipping of monitor db (#5340) - Issue 5329 - Improve replication extended op logging - Issue 5343 - Various improvements to winsync - Issue 4932 - CLI - add parser aliases to long arg names - Issue 5332 - BUG - normalise filter as intended - Issue 5327 - Validate test metadata - Issue 4812 - Scalability with high number of connections (#5090) - Issue 4348 - Add tests for dsidm - Issue 5333 - 389-ds-base fails to build with Python 3.11 * Thu Jun 16 2022 Python Maint - 2.2.1-4 - Rebuilt for Python 3.11 * Wed Jun 15 2022 Mark Reynolds - 2.2.1-3 - Bump version to 2.2.1-3 - Issue 5332 - BUG - normalise filter as intended - Issue 5327 - Validate test metadata - Issue 4348 - Add tests for dsidm - Bump crossbeam-utils from 0.8.6 to 0.8.8 in /src - Issue 5333 - 389-ds-base fails to build with Python 3.11 * Mon Jun 13 2022 Python Maint - 2.2.1-2 - Rebuilt for Python 3.11 * Fri Jun 3 2022 Mark Reynolds - 2.2.1-1 - Bump version to 2.2.1 - Issue 5323 - BUG - Fix issue in mdb tests with monitor (#5326) - Issue 5170 - BUG - incorrect behaviour of filter test (#5315) - Issue 5324 - plugin acceptance test needs hardening - Issue 5319 - dsctl_tls_test.py fails with openssl-3.x - Issue 5323 - BUG - migrating database for monitoring interface lead to crash (#5321) - Issue 5304 - Need a compatibility option about sub suffix handling (#5310) - Issue 5313 - dbgen test uses deprecated -h HOST and -p PORT options for ldapmodify - Issue 5311 - Missing Requires for acl in the spec file - Issue 5305 - OpenLDAP version autodetection doesn't work - Issue 5307 - VERSION_PREREL is not set correctly in CI builds - Issue 5302 - Release tarballs don't contain cockpit webapp - Issue 5170 - RFE - improve filter logging to assist debugging (#5301) - Issue 5299 - jemalloc 5.3 released - Issue 5175 - Remove stale zlib-devel dependency declaration (#5173) - Issue 5294 - Report Portal 5 is not processing test results XML file - Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285) - Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292) - Issue 379 - RFE - Compress rotated logs (fix linker) - Issue 379 - RFE - Compress rotated logs - Issue 5281 - HIGH - basic test does not run - Issue 5284 - Replication broken after password change (#5286) - Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int' - Issue 5170 - RFE - Filter optimiser (#5171) - Issue 5276 - CLI - improve task handling - Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153) - Issue 3 - ansible-ds - Prefix handling fix (#5275) - Issue 5273 - CLI - add arg completer for instance name - Issue 2893 - CLI - dscreate - add options for setting up replication - Issue 4866 - CLI - when enabling replication set changelog trimming by default - Issue 5241 - UI - Add account locking missing functionality (#5251) - Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266) - Issue 4904 - Fix various small issues - lib389 prerequisite for ansible-ds (#5253) - Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261) - Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256) - Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255) - Issue 5210 - Python undefined names in lib389 - Issue 5065 - Crash in suite plugins - test_dna_max_value (#5108) - Issue 5247 - BUG - Missing attributes in samba schema (#5248) - Issue 5242- Craft message may crash the server (#5243) - Issue 4775 -plugin entryuuid failing (#5229) - Issue 5239 - Nightly copr builds are broken - Issue 5237 - audit-ci: Cannot convert undefined or null to object - Issue 5234 - UI - rename Users and Groups tab - Issue 5227 - UI - No way to move back to Get Started step (#5233) - Issue 5217 - Simplify instance creation and administration by non root user (#5224)