%global pkgname dirsrv
%global srcname 389-ds-base
%global bundle_jemalloc 1
%if %{bundle_jemalloc}
%global jemalloc_name jemalloc
%global jemalloc_ver 5.3.0
%endif
%global bundle_libdb 0
%global libdb_version 5.3
%global libdb_base_version db-%{libdb_version}.28
%global libdb_full_version lib%{libdb_base_version}-59
%global libdb_bundle_name libdb-%{libdb_version}-389ds.so
# This is used in certain builds to help us know if it has extra features.
%global variant base
# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
# also remove the space between % and global - this space is needed because
# fedpkg verrel stupidly ignores comment lines
%global prerel .202404161457git55529d185%{nil}
# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
#% global relprefix 0.
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
%global use_Socket6 0
# This enables a sanitized build. This should not go to production, so we rename.
%global use_asan 1
%global use_msan 0
%global use_tsan 0
%global use_ubsan 0
%if %{use_asan} || %{use_msan} || %{use_tsan} || %{use_ubsan}
%global variant base-xsan
%endif
# Use Clang instead of GCC
%global use_clang 0
%if %{use_clang}
%global toolchain clang
%global _missing_build_ids_terminate_build 0
%endif
# Build cockpit plugin
%global use_cockpit 1
# fedora 15 and later uses tmpfiles.d
# otherwise, comment this out
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
# systemd support
%global groupname %{pkgname}.target
# set PIE flag
%global _hardened_build 1
# Filter argparse-manpage from autogenerated package Requires
%global __requires_exclude ^python.*argparse-manpage
# Force to require nss version greater or equal as the version available at the build time
# See bz1986327
%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
Summary: 389 Directory Server (%{variant})
Name: 389-ds-base
Version: 3.0.1
Release: 202404161457git55529d185%{?dist}
License: GPLv3+ and (ASL 2.0 or MIT)
URL: https://www.port389.org/
Group: System Environment/Daemons
# Is this still needed?
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: %{name} <= 1.4.0.9
Obsoletes: %{name}-legacy-tools < 1.4.4.6
Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6
Provides: ldif2ldbm
##### Bundled cargo crates list - START #####
Provides: bundled(crate(ahash)) = 0.7.6
Provides: bundled(crate(ansi_term)) = 0.12.1
Provides: bundled(crate(atty)) = 0.2.14
Provides: bundled(crate(autocfg)) = 1.1.0
Provides: bundled(crate(base64)) = 0.13.1
Provides: bundled(crate(bitflags)) = 1.3.2
Provides: bundled(crate(byteorder)) = 1.4.3
Provides: bundled(crate(cbindgen)) = 0.9.1
Provides: bundled(crate(cc)) = 1.0.78
Provides: bundled(crate(cfg-if)) = 1.0.0
Provides: bundled(crate(clap)) = 2.34.0
Provides: bundled(crate(concread)) = 0.2.21
Provides: bundled(crate(crossbeam)) = 0.8.2
Provides: bundled(crate(crossbeam-channel)) = 0.5.6
Provides: bundled(crate(crossbeam-deque)) = 0.8.2
Provides: bundled(crate(crossbeam-epoch)) = 0.9.13
Provides: bundled(crate(crossbeam-queue)) = 0.3.8
Provides: bundled(crate(crossbeam-utils)) = 0.8.14
Provides: bundled(crate(entryuuid)) = 0.1.0
Provides: bundled(crate(entryuuid_syntax)) = 0.1.0
Provides: bundled(crate(fastrand)) = 1.8.0
Provides: bundled(crate(fernet)) = 0.1.4
Provides: bundled(crate(foreign-types)) = 0.3.2
Provides: bundled(crate(foreign-types-shared)) = 0.1.1
Provides: bundled(crate(getrandom)) = 0.2.8
Provides: bundled(crate(hashbrown)) = 0.12.3
Provides: bundled(crate(hermit-abi)) = 0.1.19
Provides: bundled(crate(instant)) = 0.1.12
Provides: bundled(crate(itoa)) = 1.0.4
Provides: bundled(crate(jobserver)) = 0.1.25
Provides: bundled(crate(libc)) = 0.2.138
Provides: bundled(crate(librnsslapd)) = 0.1.0
Provides: bundled(crate(librslapd)) = 0.1.0
Provides: bundled(crate(lock_api)) = 0.4.9
Provides: bundled(crate(log)) = 0.4.17
Provides: bundled(crate(lru)) = 0.7.8
Provides: bundled(crate(memoffset)) = 0.7.1
Provides: bundled(crate(once_cell)) = 1.16.0
Provides: bundled(crate(openssl)) = 0.10.44
Provides: bundled(crate(openssl-macros)) = 0.1.0
Provides: bundled(crate(openssl-sys)) = 0.9.79
Provides: bundled(crate(parking_lot)) = 0.11.2
Provides: bundled(crate(parking_lot_core)) = 0.8.6
Provides: bundled(crate(paste)) = 0.1.18
Provides: bundled(crate(paste-impl)) = 0.1.18
Provides: bundled(crate(pin-project-lite)) = 0.2.9
Provides: bundled(crate(pkg-config)) = 0.3.26
Provides: bundled(crate(ppv-lite86)) = 0.2.17
Provides: bundled(crate(proc-macro-hack)) = 0.5.19
Provides: bundled(crate(proc-macro2)) = 1.0.47
Provides: bundled(crate(pwdchan)) = 0.1.0
Provides: bundled(crate(quote)) = 1.0.21
Provides: bundled(crate(rand)) = 0.8.5
Provides: bundled(crate(rand_chacha)) = 0.3.1
Provides: bundled(crate(rand_core)) = 0.6.4
Provides: bundled(crate(redox_syscall)) = 0.2.16
Provides: bundled(crate(remove_dir_all)) = 0.5.3
Provides: bundled(crate(ryu)) = 1.0.11
Provides: bundled(crate(scopeguard)) = 1.1.0
Provides: bundled(crate(serde)) = 1.0.150
Provides: bundled(crate(serde_derive)) = 1.0.150
Provides: bundled(crate(serde_json)) = 1.0.89
Provides: bundled(crate(slapd)) = 0.1.0
Provides: bundled(crate(slapi_r_plugin)) = 0.1.0
Provides: bundled(crate(smallvec)) = 1.10.0
Provides: bundled(crate(strsim)) = 0.8.0
Provides: bundled(crate(syn)) = 1.0.105
Provides: bundled(crate(synstructure)) = 0.12.6
Provides: bundled(crate(tempfile)) = 3.3.0
Provides: bundled(crate(textwrap)) = 0.11.0
Provides: bundled(crate(tokio)) = 1.23.0
Provides: bundled(crate(tokio-macros)) = 1.8.2
Provides: bundled(crate(toml)) = 0.5.10
Provides: bundled(crate(unicode-ident)) = 1.0.5
Provides: bundled(crate(unicode-width)) = 0.1.10
Provides: bundled(crate(unicode-xid)) = 0.2.4
Provides: bundled(crate(uuid)) = 0.8.2
Provides: bundled(crate(vcpkg)) = 0.2.15
Provides: bundled(crate(vec_map)) = 0.8.2
Provides: bundled(crate(version_check)) = 0.9.4
Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1
Provides: bundled(crate(winapi)) = 0.3.9
Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(windows-sys)) = 0.42.0
Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.42.0
Provides: bundled(crate(windows_aarch64_msvc)) = 0.42.0
Provides: bundled(crate(windows_i686_gnu)) = 0.42.0
Provides: bundled(crate(windows_i686_msvc)) = 0.42.0
Provides: bundled(crate(windows_x86_64_gnu)) = 0.42.0
Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.42.0
Provides: bundled(crate(windows_x86_64_msvc)) = 0.42.0
Provides: bundled(crate(zeroize)) = 1.5.7
Provides: bundled(crate(zeroize_derive)) = 1.3.3
##### Bundled cargo crates list - END #####
# Attach the buildrequires to the top level package:
BuildRequires: nspr-devel
BuildRequires: nss-devel >= 3.34
BuildRequires: openldap-clients
BuildRequires: openldap-devel
BuildRequires: lmdb-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: icu
BuildRequires: libicu-devel
BuildRequires: pcre2-devel
BuildRequires: cracklib-devel
BuildRequires: json-c-devel
%if %{use_clang}
BuildRequires: libatomic
BuildRequires: clang
BuildRequires: compiler-rt
BuildRequires: lld
%else
BuildRequires: gcc
BuildRequires: gcc-c++
%if %{use_asan}
BuildRequires: libasan
%endif
%if %{use_tsan}
BuildRequires: libtsan
%endif
%if %{use_ubsan}
BuildRequires: libubsan
%endif
%endif
%if !%{bundle_libdb}
BuildRequires: libdb-devel
%endif
# The following are needed to build the snmp ldap-agent
BuildRequires: net-snmp-devel
BuildRequires: bzip2-devel
BuildRequires: openssl-devel
# the following is for the pam passthru auth plug-in
BuildRequires: pam-devel
BuildRequires: systemd-units
BuildRequires: systemd-devel
BuildRequires: cargo
BuildRequires: rust
BuildRequires: pkgconfig
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(libpcre2-8)
# Needed to support regeneration of the autotool artifacts.
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
# For our documentation
BuildRequires: doxygen
# For tests!
BuildRequires: libcmocka-devel
# For lib389 and related components.
BuildRequires: python%{python3_pkgversion}
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: python%{python3_pkgversion}-ldap
BuildRequires: python%{python3_pkgversion}-pyasn1
BuildRequires: python%{python3_pkgversion}-pyasn1-modules
BuildRequires: python%{python3_pkgversion}-dateutil
BuildRequires: python%{python3_pkgversion}-argcomplete
BuildRequires: python%{python3_pkgversion}-argparse-manpage
BuildRequires: python%{python3_pkgversion}-policycoreutils
BuildRequires: python%{python3_pkgversion}-libselinux
BuildRequires: python%{python3_pkgversion}-cryptography
# For cockpit
%if %{use_cockpit}
BuildRequires: rsync
BuildRequires: npm
BuildRequires: nodejs
%endif
# END BUILD REQUIRES
# Now, attach the requires only to the package that needs them.
# -libs has most of our runtime libs
Requires: %{name}-libs = %{version}-%{release}
%if 0%{?rhel} > 7 || 0%{?fedora}
Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release}
%endif
# this is needed for using semanage from our setup scripts
Requires: policycoreutils-python-utils
# This is needed for our future move to python selinux interaction.
Requires: libsemanage-python%{python3_pkgversion}
# the following are needed for some of our scripts
Requires: openldap-clients
Requires: acl
# this is needed to setup SSL if you are not using the
# administration server package
Requires: nss-tools
%dirsrv_requires_ge nss
# these are not found by the auto-dependency method
# they are required to support the mandatory LDAP SASL mechs
Requires: cyrus-sasl-gssapi
Requires: cyrus-sasl-md5
# This is optionally supported by us, as we use it in our tests
Requires: cyrus-sasl-plain
# this is needed for backldbm
%if !%{bundle_libdb}
Requires: libdb
%endif
Requires: lmdb
# This picks up libperl.so as a Requires, so we add this versioned one
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
# Needed by logconv.pl
%if !%{bundle_libdb}
Requires: perl-DB_File
%endif
Requires: perl-Archive-Tar
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
Requires: perl-debugger
Requires: perl-sigtrap
%endif
# Needed for password dictionary checks
Requires: cracklib-dicts
Requires: json-c
# Log compression
Requires: zlib-devel
# Picks up our systemd deps.
%{?systemd_requires}
Source0: %{name}-%{version}%{?prerel}.tar.bz2
# 389-ds-git.sh should be used to generate the source tarball from git
Source1: %{name}-git.sh
Source2: %{name}-devel.README
%if %{bundle_jemalloc}
Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
%endif
%if %{bundle_libdb}
Source4: https://fedorapeople.org/groups/389ds/libdb-5.3.28-59.tar.bz2
%endif
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
%if %{use_asan}
WARNING! This build is linked to Address Sanitisation libraries. This probably
isn't what you want. Please contact support immediately.
Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
%endif
%package libs
Summary: Core libraries for 389 Directory Server (%{variant})
Group: System Environment/Daemons
Provides: svrcore = 4.1.4
Obsoletes: svrcore <= 4.1.3
Conflicts: svrcore
# You can work this out by running LDD on libslapd.so to see what it needs in
# isolation.
Requires: nss >= 3.34
Requires: nspr
Requires: openldap
Requires: systemd-libs
# Pull in sasl
Requires: cyrus-sasl-lib
# KRB
Requires: krb5-libs
%if %{use_clang}
Requires: llvm
Requires: compiler-rt
%else
%if %{use_asan}
Requires: libasan
%endif
%if %{use_tsan}
Requires: libtsan
%endif
%if %{use_ubsan}
Requires: libubsan
%endif
%endif
%description libs
Core libraries for the 389 Directory Server base package. These libraries
are used by the main package and the -devel package. This allows the -devel
package to be installed with just the -libs package and without the main package.
%package devel
Summary: Development libraries for 389 Directory Server (%{variant})
Group: Development/Libraries
Provides: svrcore-devel = 4.1.4
Obsoletes: svrcore-devel <= 4.1.3
Conflicts: svrcore-devel
Requires: %{name}-libs = %{version}-%{release}
Requires: pkgconfig
Requires: nspr-devel
Requires: nss-devel >= 3.34
Requires: openldap-devel
# systemd-libs contains the headers iirc.
Requires: systemd-libs
%description devel
Development Libraries and headers for the 389 Directory Server base package.
%package snmp
Summary: SNMP Agent for 389 Directory Server
Group: System Environment/Daemons
Requires: %{name} = %{version}-%{release}
Obsoletes: %{name} <= 1.3.5.4
%description snmp
SNMP Agent for the 389 Directory Server base package.
%if %{bundle_libdb}
%package bdb
Summary: Berkeley Database backend for 389 Directory Server
%description bdb
Berkeley Database backend for 389 Directory Server
Warning! This backend is deprecated in favor of lmdb and its support
may be removed in future versions.
Group: System Environment/Daemons
Requires: %{name} = %{version}-%{release}
# Berkeley DB database libdb was marked as deprecated since F40:
# https://fedoraproject.org/wiki/Changes/389_Directory_Server_3.0.0
# because libdb was marked as deprecated since F33
# https://fedoraproject.org/wiki/Changes/Libdb_deprecated
Provides: deprecated()
%endif
%package -n python%{python3_pkgversion}-lib389
Summary: A library for accessing, testing, and configuring the 389 Directory Server
BuildArch: noarch
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: openssl
# This is for /usr/bin/c_rehash tool, only needed for openssl < 1.1.0
Requires: openssl-perl
Requires: iproute
Requires: python%{python3_pkgversion}
Requires: python%{python3_pkgversion}-distro
Requires: python%{python3_pkgversion}-pytest
Requires: python%{python3_pkgversion}-ldap
Requires: python%{python3_pkgversion}-pyasn1
Requires: python%{python3_pkgversion}-pyasn1-modules
Requires: python%{python3_pkgversion}-dateutil
Requires: python%{python3_pkgversion}-argcomplete
Requires: python%{python3_pkgversion}-libselinux
Requires: python%{python3_pkgversion}-setuptools
Requires: python%{python3_pkgversion}-cryptography
Recommends: bash-completion
%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
%description -n python%{python3_pkgversion}-lib389
This module contains tools and libraries for accessing, testing,
and configuring the 389 Directory Server.
%if %{use_cockpit}
%package -n cockpit-389-ds
Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server
BuildArch: noarch
Requires: cockpit
Requires: %{name} = %{version}-%{release}
Requires: python%{python3_pkgversion}
Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release}
%description -n cockpit-389-ds
A cockpit UI Plugin for configuring and administering the 389 Directory Server
%endif
%prep
%setup -q -n %{name}-%{version}%{?prerel}
%if %{bundle_jemalloc}
%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
%endif
%if %{bundle_libdb}
%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 4
%endif
cp %{SOURCE2} README.devel
%build
%if %{use_clang}
CLANG_FLAGS="--enable-clang"
%endif
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
%if %{use_asan}
ASAN_FLAGS="--enable-asan --enable-debug"
%endif
%if %{use_msan}
MSAN_FLAGS="--enable-msan --enable-debug"
%endif
%if %{use_tsan}
TSAN_FLAGS="--enable-tsan --enable-debug"
%endif
%if %{use_ubsan}
UBSAN_FLAGS="--enable-ubsan --enable-debug"
%endif
RUST_FLAGS="--enable-rust --enable-rust-offline"
%if !%{use_cockpit}
COCKPIT_FLAGS="--disable-cockpit"
%endif
%if %{bundle_jemalloc}
# Override page size, bz #1545539
# 4K
%ifarch %ix86 %arm x86_64 s390x
%define lg_page --with-lg-page=12
%endif
# 64K
%ifarch ppc64 ppc64le aarch64
%define lg_page --with-lg-page=16
%endif
# Override huge page size on aarch64
# 2M instead of 512M
%ifarch aarch64
%define lg_hugepage --with-lg-hugepage=21
%endif
# Build jemalloc
pushd ../%{jemalloc_name}-%{jemalloc_ver}
%configure \
--libdir=%{_libdir}/%{pkgname}/lib \
--bindir=%{_libdir}/%{pkgname}/bin \
--enable-prof %{lg_page} %{lg_hugepage}
make %{?_smp_mflags}
popd
%endif
# Build custom libdb package
%if %{bundle_libdb}
mkdir -p ../%{libdb_base_version}
pushd ../%{libdb_base_version}
tar -xjf ../../SOURCES/%{libdb_full_version}.tar.bz2
mv %{libdb_full_version} SOURCES
rpmbuild --define "_topdir $PWD" -bc %{_builddir}/%{name}-%{version}%{?prerel}/rpm/bundle-libdb.spec
popd
%endif
# Rebuild the autotool artifacts now.
autoreconf -fiv
%configure \
%if %{bundle_libdb}
--with-bundle-libdb=%{_builddir}/%{libdb_base_version}/BUILD/%{libdb_base_version}/dist/dist-tls \
%endif
--with-selinux $TMPFILES_FLAG \
--with-systemd \
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
--with-systemdgroupname=%{groupname} \
--libexecdir=%{_libexecdir}/%{pkgname} \
$ASAN_FLAGS $MSAN_FLAGS $TSAN_FLAGS $UBSAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \
%if 0%{?fedora} >= 34 || 0%{?rhel} >= 9
--with-libldap-r=no \
%endif
--enable-cmocka
# Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings from systemd on older releases
%if 0%{?rhel} && 0%{?rhel} < 9
sed -r -i '/^(Protect(Home|Hostname|KernelLogs)|PrivateMounts)=/d' %{_builddir}/%{name}-%{version}%{?prerel}/wrappers/*.service.in
%endif
%if 0%{?rhel} > 7 || 0%{?fedora}
# lib389
make src/lib389/setup.py
pushd ./src/lib389
%py3_build
popd
# argparse-manpage dynamic man pages have hardcoded man v1 in header,
# need to change it to v8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8
%endif
# Generate symbolic info for debuggers
export XCFLAGS=$RPM_OPT_FLAGS
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
%if %{use_cockpit}
mkdir -p %{buildroot}%{_datadir}/cockpit
%endif
make DESTDIR="$RPM_BUILD_ROOT" install
%if %{use_cockpit}
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
%endif
# Copy in our docs from doxygen.
cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
%if 0%{?rhel} > 7 || 0%{?fedora}
# lib389
pushd src/lib389
%py3_install
popd
%endif
# Register CLI tools for bash completion
for clitool in dsconf dsctl dsidm dscreate ds-replcheck
do
register-python-argcomplete "${clitool}" > "${clitool}"
install -p -m 0644 -D -t '%{buildroot}%{bash_completions_dir}' "${clitool}"
done
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} \
&& chmod 770 $RPM_BUILD_ROOT/var/lock/%{pkgname}
# for systemd
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
#remove libtool and static libs
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la
%if %{bundle_jemalloc}
pushd ../%{jemalloc_name}-%{jemalloc_ver}
make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc
cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc
popd
%endif
%if %{bundle_libdb}
pushd ../%{libdb_base_version}
libdbbuilddir=$PWD/BUILD/%{libdb_base_version}
libdbdestdir=$PWD/../%{name}-%{version}%{?prerel}
cp -pa $libdbbuilddir/LICENSE $libdbdestdir/LICENSE.libdb
cp -pa $libdbbuilddir/README $libdbdestdir/README.libdb
cp -pa $libdbbuilddir/lgpl-2.1.txt $libdbdestdir/lgpl-2.1.txt.libdb
cp -pa $libdbbuilddir/dist/dist-tls/.libs/%{libdb_bundle_name} $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/%{libdb_bundle_name}
popd
%endif
%check
# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
%if %{use_tsan}
export TSAN_OPTIONS=print_stacktrace=1:second_deadlock_stack=1:history_size=7
%endif
%if !%{use_asan}
if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
%endif
%clean
rm -rf $RPM_BUILD_ROOT
%post
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
output2=${DEBUGPOSTTRANS}.upgrade
else
output=/dev/null
output2=/dev/null
fi
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
# Soft static allocation for UID and GID
USERNAME="dirsrv"
ALLOCATED_UID=389
GROUPNAME="dirsrv"
ALLOCATED_GID=389
HOMEDIR="/usr/share/dirsrv"
getent group $GROUPNAME >/dev/null || groupadd -f -g $ALLOCATED_GID -r $GROUPNAME
if ! getent passwd $USERNAME >/dev/null ; then
if ! getent passwd $ALLOCATED_UID >/dev/null ; then
useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
else
useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
fi
fi
# Reload our sysctl before we restart (if we can)
sysctl --system &> $output; true
# Gather the running instances so we can restart them
instbase="%{_sysconfdir}/%{pkgname}"
ninst=0
for dir in $instbase/slapd-* ; do
echo dir = $dir >> $output 2>&1 || :
if [ ! -d "$dir" ] ; then continue ; fi
case "$dir" in *.removed) continue ;; esac
basename=`basename $dir`
inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
instances="$instances $inst"
else
echo instance $inst is not running >> $output 2>&1 || :
fi
ninst=`expr $ninst + 1`
done
if [ $ninst -eq 0 ] ; then
echo no instances to upgrade >> $output 2>&1 || :
exit 0 # have no instances to upgrade - just skip the rest
else
# restart running instances
echo shutting down all instances . . . >> $output 2>&1 || :
for inst in $instances ; do
echo stopping instance $inst >> $output 2>&1 || :
/bin/systemctl stop $inst >> $output 2>&1 || :
done
for inst in $instances ; do
echo starting instance $inst >> $output 2>&1 || :
/bin/systemctl start $inst >> $output 2>&1 || :
done
fi
%preun
if [ $1 -eq 0 ]; then # Final removal
# remove instance specific service files/links
rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
fi
%postun
if [ $1 = 0 ]; then # Final removal
rm -rf /var/run/%{pkgname}
fi
%post snmp
%systemd_post %{pkgname}-snmp.service
%preun snmp
%systemd_preun %{pkgname}-snmp.service %{groupname}
%postun snmp
%systemd_postun_with_restart %{pkgname}-snmp.service
%files
%if %{bundle_jemalloc}
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
%license COPYING.jemalloc
%else
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
%endif
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
%dir %{_sysconfdir}/%{pkgname}/config
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
%{_datadir}/%{pkgname}
%{_datadir}/gdb/auto-load/*
%{_unitdir}
%{_bindir}/dbscan
%{_mandir}/man1/dbscan.1.gz
%{_bindir}/ds-replcheck
%{_mandir}/man1/ds-replcheck.1.gz
%{bash_completions_dir}/ds-replcheck
%{_bindir}/ds-logpipe.py
%{_mandir}/man1/ds-logpipe.py.1.gz
%{_bindir}/ldclt
%{_mandir}/man1/ldclt.1.gz
%{_bindir}/logconv.pl
%{_mandir}/man1/logconv.pl.1.gz
%{_bindir}/pwdhash
%{_mandir}/man1/pwdhash.1.gz
# We have to seperate this from being a glob to ensure the caps are applied.
# %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
%{_sbindir}/ns-slapd
%{_mandir}/man8/ns-slapd.8.gz
%{_sbindir}/openldap_to_ds
%{_mandir}/man8/openldap_to_ds.8.gz
%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
%{_mandir}/man5/99user.ldif.5.gz
%{_mandir}/man5/certmap.conf.5.gz
%{_mandir}/man5/slapd-collations.conf.5.gz
%{_mandir}/man5/dirsrv.5.gz
%{_mandir}/man5/dirsrv.systemd.5.gz
%{_libdir}/%{pkgname}/python
%dir %{_libdir}/%{pkgname}/plugins
%{_libdir}/%{pkgname}/plugins/*.so
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
# sysctl.d is always in /lib.
%{_prefix}/lib/sysctl.d/*
%dir %{_localstatedir}/lib/%{pkgname}
%dir %{_localstatedir}/log/%{pkgname}
%ghost %dir %{_localstatedir}/lock/%{pkgname}
%exclude %{_sbindir}/ldap-agent*
%exclude %{_mandir}/man1/ldap-agent.1.gz
%exclude %{_unitdir}/%{pkgname}-snmp.service
%if %{bundle_jemalloc}
%{_libdir}/%{pkgname}/lib/
%{_libdir}/%{pkgname}/bin/
%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
%endif
%files devel
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%{_mandir}/man3/*
%{_includedir}/svrcore.h
%{_includedir}/%{pkgname}
%{_libdir}/libsvrcore.so
%{_libdir}/%{pkgname}/libslapd.so
%{_libdir}/%{pkgname}/libns-dshttpd.so
%{_libdir}/%{pkgname}/libldaputil.so
%{_libdir}/pkgconfig/svrcore.pc
%{_libdir}/pkgconfig/dirsrv.pc
%files libs
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%dir %{_libdir}/%{pkgname}
%{_libdir}/libsvrcore.so.*
%{_libdir}/%{pkgname}/libslapd.so.*
%{_libdir}/%{pkgname}/libns-dshttpd.so.*
%{_libdir}/%{pkgname}/libldaputil.so.*
%{_libdir}/%{pkgname}/librewriters.so*
%if %{bundle_jemalloc}
%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
%endif
%files snmp
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
%{_sbindir}/ldap-agent*
%{_mandir}/man1/ldap-agent.1.gz
%{_unitdir}/%{pkgname}-snmp.service
%if %{bundle_libdb}
%files bdb
%doc LICENSE LICENSE.GPLv3+ README.devel LICENSE.libdb README.libdb lgpl-2.1.txt.libdb
%{_libdir}/%{pkgname}/%{libdb_bundle_name}
%{_libdir}/%{pkgname}/plugins/libback-bdb.so
%endif
%files -n python%{python3_pkgversion}-lib389
%doc LICENSE LICENSE.GPLv3+
%{python3_sitelib}/lib389*
%{_sbindir}/dsconf
%{_mandir}/man8/dsconf.8.gz
%{_sbindir}/dscreate
%{_mandir}/man8/dscreate.8.gz
%{_sbindir}/dsctl
%{_mandir}/man8/dsctl.8.gz
%{_sbindir}/dsidm
%{_mandir}/man8/dsidm.8.gz
%{_libexecdir}/%{pkgname}/dscontainer
%{bash_completions_dir}/dsctl
%{bash_completions_dir}/dsconf
%{bash_completions_dir}/dscreate
%{bash_completions_dir}/dsidm
%if %{use_cockpit}
%files -n cockpit-389-ds -f cockpit.list
%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
%doc README.md
%endif
%changelog
* Mon Jun 19 2023 User <user@port389.org> - 2.4.1-1
- Bump version to 2.4.1-1