%global pkgname dirsrv
%global srcname 389-ds-base
# Exclude i686 bit arches
ExcludeArch: i686
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
%global use_Socket6 0
%global use_asan 0
%global bundle_jemalloc 1
%if %{use_asan}
%global bundle_jemalloc 0
%endif
%if %{bundle_jemalloc}
%global jemalloc_name jemalloc
%global jemalloc_ver 5.3.0
%global __provides_exclude ^libjemalloc\\.so.*$
%endif
# Use Clang instead of GCC
%global use_clang 0
# Build cockpit plugin
%global use_cockpit 1
# fedora 15 and later uses tmpfiles.d
# otherwise, comment this out
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
# systemd support
%global groupname %{pkgname}.target
# set PIE flag
%global _hardened_build 1
# Filter argparse-manpage from autogenerated package Requires
%global __requires_exclude ^python.*argparse-manpage
# Force to require nss version greater or equal as the version available at the build time
# See bz1986327
%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
Summary: 389 Directory Server (base)
Name: 389-ds-base
Version: 2.2.7
Release: 2%{?dist}
License: GPLv3+ and (ASL 2.0 or MIT) and MIT and (Unlicense or MIT) and MPLv2.0 and BSD and (ASL 2.0 with exceptions or ASL 2.0 or MIT) and ASL 2.0 and (ASL 2.0 or Boost) and ((MIT or ASL 2.0) and Unicode-DFS-2016)
URL: https://www.port389.org
Conflicts: selinux-policy-base < 3.9.8
Conflicts: freeipa-server < 4.0.3
Obsoletes: %{name} <= 1.4.4
Obsoletes: %{name}-legacy-tools < 1.4.4.6
Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6
Provides: ldif2ldbm >= 0
##### Bundled cargo crates list - START #####
Provides: bundled(crate(ahash)) = 0.7.6
Provides: bundled(crate(ansi_term)) = 0.12.1
Provides: bundled(crate(atty)) = 0.2.14
Provides: bundled(crate(autocfg)) = 1.1.0
Provides: bundled(crate(base64)) = 0.13.1
Provides: bundled(crate(bitflags)) = 1.3.2
Provides: bundled(crate(byteorder)) = 1.4.3
Provides: bundled(crate(cbindgen)) = 0.9.1
Provides: bundled(crate(cc)) = 1.0.79
Provides: bundled(crate(cfg-if)) = 1.0.0
Provides: bundled(crate(clap)) = 2.34.0
Provides: bundled(crate(concread)) = 0.2.21
Provides: bundled(crate(crossbeam)) = 0.8.2
Provides: bundled(crate(crossbeam-channel)) = 0.5.8
Provides: bundled(crate(crossbeam-deque)) = 0.8.3
Provides: bundled(crate(crossbeam-epoch)) = 0.9.14
Provides: bundled(crate(crossbeam-queue)) = 0.3.8
Provides: bundled(crate(crossbeam-utils)) = 0.8.15
Provides: bundled(crate(entryuuid)) = 0.1.0
Provides: bundled(crate(entryuuid_syntax)) = 0.1.0
Provides: bundled(crate(errno)) = 0.3.1
Provides: bundled(crate(errno-dragonfly)) = 0.1.2
Provides: bundled(crate(fastrand)) = 1.9.0
Provides: bundled(crate(fernet)) = 0.1.4
Provides: bundled(crate(foreign-types)) = 0.3.2
Provides: bundled(crate(foreign-types-shared)) = 0.1.1
Provides: bundled(crate(getrandom)) = 0.2.9
Provides: bundled(crate(hashbrown)) = 0.12.3
Provides: bundled(crate(hermit-abi)) = 0.1.19
Provides: bundled(crate(hermit-abi)) = 0.3.1
Provides: bundled(crate(instant)) = 0.1.12
Provides: bundled(crate(io-lifetimes)) = 1.0.10
Provides: bundled(crate(itoa)) = 1.0.6
Provides: bundled(crate(jobserver)) = 0.1.26
Provides: bundled(crate(libc)) = 0.2.142
Provides: bundled(crate(librnsslapd)) = 0.1.0
Provides: bundled(crate(librslapd)) = 0.1.0
Provides: bundled(crate(linux-raw-sys)) = 0.3.4
Provides: bundled(crate(lock_api)) = 0.4.9
Provides: bundled(crate(log)) = 0.4.17
Provides: bundled(crate(lru)) = 0.7.8
Provides: bundled(crate(memoffset)) = 0.8.0
Provides: bundled(crate(once_cell)) = 1.17.1
Provides: bundled(crate(openssl)) = 0.10.52
Provides: bundled(crate(openssl-macros)) = 0.1.1
Provides: bundled(crate(openssl-sys)) = 0.9.87
Provides: bundled(crate(parking_lot)) = 0.11.2
Provides: bundled(crate(parking_lot_core)) = 0.8.6
Provides: bundled(crate(paste)) = 0.1.18
Provides: bundled(crate(paste-impl)) = 0.1.18
Provides: bundled(crate(pin-project-lite)) = 0.2.9
Provides: bundled(crate(pkg-config)) = 0.3.26
Provides: bundled(crate(ppv-lite86)) = 0.2.17
Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated
Provides: bundled(crate(proc-macro2)) = 1.0.56
Provides: bundled(crate(pwdchan)) = 0.1.0
Provides: bundled(crate(quote)) = 1.0.26
Provides: bundled(crate(rand)) = 0.8.5
Provides: bundled(crate(rand_chacha)) = 0.3.1
Provides: bundled(crate(rand_core)) = 0.6.4
Provides: bundled(crate(redox_syscall)) = 0.2.16
Provides: bundled(crate(redox_syscall)) = 0.3.5
Provides: bundled(crate(rustix)) = 0.37.14
Provides: bundled(crate(ryu)) = 1.0.13
Provides: bundled(crate(scopeguard)) = 1.1.0
Provides: bundled(crate(serde)) = 1.0.160
Provides: bundled(crate(serde_derive)) = 1.0.160
Provides: bundled(crate(serde_json)) = 1.0.96
Provides: bundled(crate(slapd)) = 0.1.0
Provides: bundled(crate(slapi_r_plugin)) = 0.1.0
Provides: bundled(crate(smallvec)) = 1.10.0
Provides: bundled(crate(strsim)) = 0.8.0
Provides: bundled(crate(syn)) = 1.0.109
Provides: bundled(crate(syn)) = 2.0.15
Provides: bundled(crate(tempfile)) = 3.5.0
Provides: bundled(crate(textwrap)) = 0.11.0
Provides: bundled(crate(tokio)) = 1.27.0
Provides: bundled(crate(tokio-macros)) = 2.0.0
Provides: bundled(crate(toml)) = 0.5.11
Provides: bundled(crate(unicode-ident)) = 1.0.8
Provides: bundled(crate(unicode-width)) = 0.1.10
Provides: bundled(crate(uuid)) = 0.8.2
Provides: bundled(crate(vcpkg)) = 0.2.15
Provides: bundled(crate(vec_map)) = 0.8.2
Provides: bundled(crate(version_check)) = 0.9.4
Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1
Provides: bundled(crate(winapi)) = 0.3.9
Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(windows-sys)) = 0.45.0
Provides: bundled(crate(windows-sys)) = 0.48.0
Provides: bundled(crate(windows-targets)) = 0.42.2
Provides: bundled(crate(windows-targets)) = 0.48.0
Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.42.2
Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.48.0
Provides: bundled(crate(windows_aarch64_msvc)) = 0.42.2
Provides: bundled(crate(windows_aarch64_msvc)) = 0.48.0
Provides: bundled(crate(windows_i686_gnu)) = 0.42.2
Provides: bundled(crate(windows_i686_gnu)) = 0.48.0
Provides: bundled(crate(windows_i686_msvc)) = 0.42.2
Provides: bundled(crate(windows_i686_msvc)) = 0.48.0
Provides: bundled(crate(windows_x86_64_gnu)) = 0.42.2
Provides: bundled(crate(windows_x86_64_gnu)) = 0.48.0
Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.42.2
Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.48.0
Provides: bundled(crate(windows_x86_64_msvc)) = 0.42.2
Provides: bundled(crate(windows_x86_64_msvc)) = 0.48.0
Provides: bundled(crate(zeroize)) = 1.6.0
Provides: bundled(crate(zeroize_derive)) = 1.4.2
##### Bundled cargo crates list - END #####
BuildRequires: nspr-devel >= 4.32
BuildRequires: nss-devel >= 3.67.0-7
BuildRequires: openldap-devel
BuildRequires: lmdb-devel
BuildRequires: libdb-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: icu
BuildRequires: libicu-devel
BuildRequires: pcre2-devel
BuildRequires: cracklib-devel
BuildRequires: json-c-devel
%if %{use_clang}
BuildRequires: libatomic
BuildRequires: clang
%else
BuildRequires: gcc
BuildRequires: gcc-c++
%endif
# The following are needed to build the snmp ldap-agent
BuildRequires: net-snmp-devel
BuildRequires: lm_sensors-devel
BuildRequires: bzip2-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
# the following is for the pam passthru auth plug-in
BuildRequires: pam-devel
BuildRequires: systemd-units
BuildRequires: systemd-devel
BuildRequires: systemd-rpm-macros
%{?sysusers_requires_compat}
%if %{use_asan}
BuildRequires: libasan
%endif
BuildRequires: cargo
BuildRequires: rust
BuildRequires: pkgconfig
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(libpcre2-8)
# Needed to support regeneration of the autotool artifacts.
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
# For our documentation
BuildRequires: doxygen
# For tests!
BuildRequires: libcmocka-devel
BuildRequires: libevent-devel
# For lib389 and related components
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: python%{python3_pkgversion}-ldap
BuildRequires: python%{python3_pkgversion}-six
BuildRequires: python%{python3_pkgversion}-pyasn1
BuildRequires: python%{python3_pkgversion}-pyasn1-modules
BuildRequires: python%{python3_pkgversion}-dateutil
BuildRequires: python%{python3_pkgversion}-argcomplete
BuildRequires: python%{python3_pkgversion}-argparse-manpage
BuildRequires: python%{python3_pkgversion}-libselinux
BuildRequires: python%{python3_pkgversion}-policycoreutils
BuildRequires: python%{python3_pkgversion}-cryptography
# For cockpit
%if %{use_cockpit}
BuildRequires: rsync
%endif
Requires: %{name}-libs = %{version}-%{release}
Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release}
Requires: lmdb-libs
# this is needed for using semanage from our setup scripts
Requires: policycoreutils-python-utils
Requires: /usr/sbin/semanage
Requires: libsemanage-python%{python3_pkgversion}
Requires: selinux-policy >= 3.14.1-29
# the following are needed for some of our scripts
Requires: openldap-clients
Requires: /usr/bin/c_rehash
Requires: python%{python3_pkgversion}-ldap
Requires: acl
Requires: zlib
Requires: json-c
# this is needed to setup SSL if you are not using the
# administration server package
Requires: nss-tools
Requires: nss >= 3.67.0-7
Requires: nspr >= 4.32
# these are not found by the auto-dependency method
# they are required to support the mandatory LDAP SASL mechs
Requires: cyrus-sasl-gssapi
Requires: cyrus-sasl-md5
Requires: cyrus-sasl-plain
# this is needed for verify-db.pl
Requires: libdb-utils
# Needed for password dictionary checks
Requires: cracklib-dicts
# Needed by logconv.pl
Requires: perl-DB_File
Requires: perl-Archive-Tar
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
Requires: perl-debugger
Requires: perl-sigtrap
%endif
# Picks up our systemd deps.
%{?systemd_requires}
Obsoletes: %{name} <= 1.4.4
Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2
# 389-ds-git.sh should be used to generate the source tarball from git
Source1: %{name}-git.sh
Source2: %{name}-devel.README
%if %{bundle_jemalloc}
Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
%endif
Source4: 389-ds-base.sysusers
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
%if %{use_asan}
WARNING! This build is linked to Address Sanitisation libraries. This probably
isn't what you want. Please contact support immediately.
Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
%endif
%package libs
Summary: Core libraries for 389 Directory Server
BuildRequires: nspr-devel
BuildRequires: nss-devel >= 3.34
BuildRequires: openldap-devel
BuildRequires: libdb-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: libicu-devel
BuildRequires: pcre2-devel
BuildRequires: libtalloc-devel
BuildRequires: libevent-devel
BuildRequires: libtevent-devel
Requires: krb5-libs
Requires: libevent
BuildRequires: systemd-devel
BuildRequires: make
Provides: svrcore = 4.1.4
Conflicts: svrcore
Obsoletes: svrcore <= 4.1.3
%description libs
Core libraries for the 389 Directory Server base package. These libraries
are used by the main package and the -devel package. This allows the -devel
package to be installed with just the -libs package and without the main package.
%package devel
Summary: Development libraries for 389 Directory Server
Requires: %{name}-libs = %{version}-%{release}
Requires: pkgconfig
Requires: nspr-devel
Requires: nss-devel >= 3.34
Requires: openldap-devel
Requires: libtalloc
Requires: libevent
Requires: libtevent
Requires: systemd-libs
Provides: svrcore-devel = 4.1.4
Conflicts: svrcore-devel
Obsoletes: svrcore-devel <= 4.1.3
%description devel
Development Libraries and headers for the 389 Directory Server base package.
%package snmp
Summary: SNMP Agent for 389 Directory Server
Requires: %{name} = %{version}-%{release}
Obsoletes: %{name} <= 1.4.0.0
%description snmp
SNMP Agent for the 389 Directory Server base package.
%package -n python%{python3_pkgversion}-lib389
Summary: A library for accessing, testing, and configuring the 389 Directory Server
BuildArch: noarch
Requires: openssl
Requires: iproute
Recommends: bash-completion
Requires: python%{python3_pkgversion}
Requires: python%{python3_pkgversion}-distro
Requires: python%{python3_pkgversion}-ldap
Requires: python%{python3_pkgversion}-six
Requires: python%{python3_pkgversion}-pyasn1
Requires: python%{python3_pkgversion}-pyasn1-modules
Requires: python%{python3_pkgversion}-dateutil
Requires: python%{python3_pkgversion}-argcomplete
Requires: python%{python3_pkgversion}-libselinux
Requires: python%{python3_pkgversion}-setuptools
Requires: python%{python3_pkgversion}-cryptography
%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
%description -n python%{python3_pkgversion}-lib389
This module contains tools and libraries for accessing, testing,
and configuring the 389 Directory Server.
%if %{use_cockpit}
%package -n cockpit-389-ds
Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server
BuildArch: noarch
Requires: cockpit
Requires: 389-ds-base
Requires: python%{python3_pkgversion}
Requires: python%{python3_pkgversion}-lib389
%description -n cockpit-389-ds
A cockpit UI Plugin for configuring and administering the 389 Directory Server
%endif
%prep
%autosetup -p1 -v -n %{name}-%{version}
%if %{bundle_jemalloc}
%setup -q -n %{name}-%{version} -T -D -b 3
%endif
cp %{SOURCE2} README.devel
%build
OPENLDAP_FLAG="--with-openldap"
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
%if %{use_asan}
ASAN_FLAGS="--enable-asan --enable-debug"
%endif
RUST_FLAGS="--enable-rust --enable-rust-offline"
%if !%{use_cockpit}
COCKPIT_FLAGS="--disable-cockpit"
%endif
%if %{use_clang}
export CC=clang
export CXX=clang++
CLANG_FLAGS="--enable-clang"
%endif
%if %{bundle_jemalloc}
# Override page size, bz #1545539
# 4K
%ifarch %ix86 %arm x86_64 s390x
%define lg_page --with-lg-page=12
%endif
# 64K
%ifarch ppc64 ppc64le aarch64
%define lg_page --with-lg-page=16
%endif
# Override huge page size on aarch64
# 2M instead of 512M
%ifarch aarch64
%define lg_hugepage --with-lg-hugepage=21
%endif
# Build jemalloc
pushd ../%{jemalloc_name}-%{jemalloc_ver}
%configure \
--libdir=%{_libdir}/%{pkgname}/lib \
--bindir=%{_libdir}/%{pkgname}/bin \
--enable-prof
make %{?_smp_mflags}
popd
%endif
# Enforce strict linking
%define _ld_strict_symbol_defs 1
# Rebuild the autotool artifacts now.
autoreconf -fiv
%configure --enable-autobind --with-selinux $TMPFILES_FLAG \
--with-systemd \
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
--with-systemdgroupname=%{groupname} \
--libexecdir=%{_libexecdir}/%{pkgname} \
$NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \
--enable-cmocka \
--with-libldap-r=no \
--enable-perl
# lib389
pushd ./src/lib389
%py3_build
popd
# argparse-manpage dynamic man pages have hardcoded man v1 in header,
# need to change it to v8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsconf.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsctl.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsidm.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dscreate.8
# Generate symbolic info for debuggers
export XCFLAGS=$RPM_OPT_FLAGS
#make %{?_smp_mflags}
make
%install
mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
%if %{use_cockpit}
mkdir -p %{buildroot}%{_datadir}/cockpit
%endif
make DESTDIR="$RPM_BUILD_ROOT" install
%if %{use_cockpit}
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
%endif
# Copy in our docs from doxygen.
cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
# lib389
pushd src/lib389
%py3_install
popd
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}
# for systemd
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/389-ds-base.conf
# remove libtool archives and static libs
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la
%if %{bundle_jemalloc}
pushd ../%{jemalloc_name}-%{jemalloc_ver}
make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc
cp -pa README ../%{name}-%{version}/README.jemalloc
popd
%endif
%check
# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
%post
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
output2=${DEBUGPOSTTRANS}.upgrade
else
output=/dev/null
output2=/dev/null
fi
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
# Soft static allocation for UID and GID
# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
%sysusers_create_compat %{SOURCE4}
# Reload our sysctl before we restart (if we can)
sysctl --system &> $output; true
# Gather the running instances so we can restart them
instbase="%{_sysconfdir}/%{pkgname}"
ninst=0
for dir in $instbase/slapd-* ; do
echo dir = $dir >> $output 2>&1 || :
if [ ! -d "$dir" ] ; then continue ; fi
case "$dir" in *.removed) continue ;; esac
basename=`basename $dir`
inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
instances="$instances $inst"
else
echo instance $inst is not running >> $output 2>&1 || :
fi
ninst=`expr $ninst + 1`
done
if [ $ninst -eq 0 ] ; then
echo no instances to upgrade >> $output 2>&1 || :
exit 0 # have no instances to upgrade - just skip the rest
else
# restart running instances
echo shutting down all instances . . . >> $output 2>&1 || :
for inst in $instances ; do
echo stopping instance $inst >> $output 2>&1 || :
/bin/systemctl stop $inst >> $output 2>&1 || :
done
for inst in $instances ; do
echo starting instance $inst >> $output 2>&1 || :
/bin/systemctl start $inst >> $output 2>&1 || :
done
fi
%preun
if [ $1 -eq 0 ]; then # Final removal
# remove instance specific service files/links
rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
fi
%postun
if [ $1 = 0 ]; then # Final removal
rm -rf /var/run/%{pkgname}
fi
%post snmp
%systemd_post %{pkgname}-snmp.service
%preun snmp
%systemd_preun %{pkgname}-snmp.service %{groupname}
%postun snmp
%systemd_postun_with_restart %{pkgname}-snmp.service
exit 0
%files
%if %{bundle_jemalloc}
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
%license COPYING.jemalloc
%else
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
%endif
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
%dir %{_sysconfdir}/%{pkgname}/config
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
%{_sysusersdir}/389-ds-base.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
%{_datadir}/%{pkgname}
%{_datadir}/gdb/auto-load/*
%{_unitdir}
%{_bindir}/dbscan
%{_mandir}/man1/dbscan.1.gz
%{_bindir}/ds-replcheck
%{_mandir}/man1/ds-replcheck.1.gz
%{_bindir}/ds-logpipe.py
%{_mandir}/man1/ds-logpipe.py.1.gz
%{_bindir}/ldclt
%{_mandir}/man1/ldclt.1.gz
%{_bindir}/logconv.pl
%{_mandir}/man1/logconv.pl.1.gz
%{_bindir}/pwdhash
%{_mandir}/man1/pwdhash.1.gz
#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
%{_sbindir}/ns-slapd
%{_mandir}/man8/ns-slapd.8.gz
%{_sbindir}/openldap_to_ds
%{_mandir}/man8/openldap_to_ds.8.gz
%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
%{_mandir}/man5/99user.ldif.5.gz
%{_mandir}/man5/certmap.conf.5.gz
%{_mandir}/man5/slapd-collations.conf.5.gz
%{_mandir}/man5/dirsrv.5.gz
%{_mandir}/man5/dirsrv.systemd.5.gz
%{_libdir}/%{pkgname}/python
%dir %{_libdir}/%{pkgname}/plugins
%{_libdir}/%{pkgname}/plugins/*.so
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
# sysctl.d is always in /lib.
%{_prefix}/lib/sysctl.d/*
%dir %{_localstatedir}/lib/%{pkgname}
%dir %{_localstatedir}/log/%{pkgname}
%ghost %dir %{_localstatedir}/lock/%{pkgname}
%exclude %{_sbindir}/ldap-agent*
%exclude %{_mandir}/man1/ldap-agent.1.gz
%exclude %{_unitdir}/%{pkgname}-snmp.service
%if %{bundle_jemalloc}
%{_libdir}/%{pkgname}/lib/
%{_libdir}/%{pkgname}/bin/
%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
%endif
%files devel
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%{_mandir}/man3/*
%{_includedir}/svrcore.h
%{_includedir}/%{pkgname}
%{_libdir}/libsvrcore.so
%{_libdir}/%{pkgname}/libslapd.so
%{_libdir}/%{pkgname}/libns-dshttpd.so
%{_libdir}/%{pkgname}/libldaputil.so
%{_libdir}/pkgconfig/svrcore.pc
%{_libdir}/pkgconfig/dirsrv.pc
%files libs
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%dir %{_libdir}/%{pkgname}
%{_libdir}/libsvrcore.so.*
%{_libdir}/%{pkgname}/libslapd.so.*
%{_libdir}/%{pkgname}/libns-dshttpd.so.*
%{_libdir}/%{pkgname}/libldaputil.so.*
%{_libdir}/%{pkgname}/librewriters.so*
%if %{bundle_jemalloc}
%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
%endif
%files snmp
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
%{_sbindir}/ldap-agent*
%{_mandir}/man1/ldap-agent.1.gz
%{_unitdir}/%{pkgname}-snmp.service
%files -n python%{python3_pkgversion}-lib389
%doc LICENSE LICENSE.GPLv3+
%{python3_sitelib}/lib389*
%{_sbindir}/dsconf
%{_mandir}/man8/dsconf.8.gz
%{_sbindir}/dscreate
%{_mandir}/man8/dscreate.8.gz
%{_sbindir}/dsctl
%{_mandir}/man8/dsctl.8.gz
%{_sbindir}/dsidm
%{_mandir}/man8/dsidm.8.gz
%{_libexecdir}/%{pkgname}/dscontainer
%if %{use_cockpit}
%files -n cockpit-389-ds -f cockpit.list
%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
%doc README.md
%endif
%changelog
* Wed Apr 26 2023 Viktor Ashirov <vashirov@redhat.com> - 2.2.7-2
- Fix a typo in Requires
* Tue Apr 25 2023 Mark Reynolds <mreynolds@redhat.com> - 2.2.7-1
- Bump version to 2.2.7
- Issue 5734 - RFE - Exclude pwdFailureTime and ContextCSN (#5735)
- Issue 5726 - ns-slapd crashing in ldbm_back_upgradednformat (#5727)
- Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations
- Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711)
- Issue 1081 - Stop schema replication from overwriting x-origin
- Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699)
- Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692)
- Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691)
- Issue 5687 - UI - sensitive information disclosure
- Issue 4583 - Update specfile to skip checks of ASAN builds
- Issue 5550 - dsconf monitor crashes with Error math domain error (#5553)
- Issue 3604 - UI - Add support for Subject Alternative Names in CSR
- Issue 5600 - buffer overflow when enabling sync repl plugin when dynamic plugins is enabled
- Fix build break
- Issue 5640 - Update logconv for new logging format
- Issue 5545 - A random crash in import over lmdb (#5546)
- Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498)
- Issue 5408 - lmdb import is slow (#5481)
- Issue 5162 - CI - fix error message for invalid pem file
- Issue 5598 - In 2.x, SRCH throughput drops by 10% because of handling of referral (#5604)
- Issue 5671 - covscan - clang warning (#5672)
- Issue 5267 - CI - Fix issues with nsslapd-return-original-entrydn
- Issue 5666 - CLI - Add timeout parameter for tasks
- Issue 5567 - CLI - make ldifgen use the same default ldif name for all options
- Issue 5162 - Lib389 - verify certificate type before adding
- Issue 5630 - CLI - need to add logging filter for stdout
- Issue 5646 - CLI/UI - do not hardcode password storage schemes
- Issue 5640 - Update logconv for new logging format
- Issue 5652 - Libasan crash in replication/cascading_test (#5659)
- Issue 5658 - CLI - unable to add attribute with matching rule
- Issue 5653 - covscan - fix invalid dereference
- Issue 5648 - Covscan - Compiler warnings (#5651)
- Issue 5630 - CLI - error messages should goto stderr
- Issue 2435 - RFE - Raise IDL Scan Limit to INT_MAX (#5639)
- Issue 5632 - CLI - improve error handling with db2ldif
- Issue 5578 - dscreate ds-root does not normaile paths (#5613)
- Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579)
- Issue 5624 - RFE - UI - export certificates, and import text base64 encoded certificates
- Issue 4293 - RFE - CLI - add dsrc options for setting user and group subtrees
- Issue 5497 - boolean attributes should be case insensitive
* Tue Mar 07 2023 Simon Pichugin <spichugi@redhat.com> - 2.2.6-2
- Use systemd-sysusers for dirsrv user and group (#2176257)
* Mon Jan 23 2023 Mark Reynolds <mreynolds@redhat.com> - 2.2.6-1
- Bump version to 2.2.6
- Issue 5607, 5351, 5611 - UI/CLI - fix various issues
- Issue 5608 - UI - need to replace some "const" with "let"
- Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584)
- Issue 5602 - UI - browser crash when trying to modify read-only variable
- Issue 5581 - UI - Support cockpit dark theme
- Issue 5593 - CLI - dsidm account subtree-status fails with TypeError
- Issue 5591 - BUG - Segfault in cl5configtrim with invalid confi (#5592)
- Fix latest npm audit failures
- Issue 5599 - CI - webui tests randomly fail
- Issue 5348 - RFE - CLI - add functionality to do bulk updates to entries
- Issue 5526 - RFE - Improve saslauthd migration options (#5528)
- Issue 5588 - Fix CI tests
- Issue 5585 - lib389 password policy DN handling is incorrect (#5587)
- Issue 5521 - UI - Update plugins for new split PAM and LDAP pass thru auth
* Tue Jan 3 2023 Mark Reynolds <mreynolds@redhat.com> - 2.2.5-1
- Bump version to 2.2.5
- Issue 5236 - UI add specialized group edit modal
- Issue 5278 - CLI - dsidm asks for the old password on password reset
- Issue 5531 - CI - use universal_lines in capture_output
- Issue 5505 - Fix compiler warning (#5506)
- Issue 3615 - CLI - prevent virtual attribute indexing
- Issue 5413 - Allow multiple MemberOf fixup tasks with different bases/filters
- Issue 5561 - Nightly tests are failing
- Issue 5521 - RFE - split pass through auth cli
- Issue 5521 - BUG - Pam PTA multiple issues
- Issue 5544 - Increase default task TTL
- Issue 5541 - Fix typo in `lib389.cli_conf.backend._get_backend` (#5542)
- Issue 5539 - Make logger's parameter name unified (#5540)
- Issue 3729 - (cont) RFE Extend log of operations statistics in access log (#5538)
- Issue 5534 - Fix a rebase typo (#5537)
- Issue 5534 - Add copyright text to the repository file
* Fri Nov 18 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.4-1
- Bump version to 2.2.4
- Issue 5532 - Make db compaction TOD day more robust.
- Issue 3729 - RFE Extend log of operations statistics in access log (#5508)
- Issue 5529 - UI - Fix npm vulnerability in loader-utils
- Issue 3555 - UI - fix audit issue with npm loader-utils (#5514)
- Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement
- Issue 5510 - remove twalk_r dependency to build on RHEL8 (#5516)
- Issue 5162 - RFE - CLI allow adding CA certificate bundles
- Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455)
- Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513)
- Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed
- Issue 5502 - RFE - Add option to display entry attributes in audit log
- Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501)
- Issue 5367 - RFE - store full DN in database record
- Issue 5495 - RFE - skip dds during migration. (#5496)
- Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492)
- Issue 5368 - Retro Changelog trimming does not work (#5486)
- Issue 5487 - Fix various issues with logconv.pl
- Issue 5482 - lib389 - Can not enable replication with a mixed case suffix
- Issue 5478 - Random crash in connection code during server shutdown (#5479)
- Issue 3061 - RFE - Add password policy debug log level
- Issue 4324 - Revert recursive pthread mutex usage in factory.c
- Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264)
- Issue 4324 - Revert recursive pthread mutex change (#5463)
- Issue 5465 - Fix dbscan linking (#5466)
- Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272)
- Issue 5453 - UI/CLI - Changing Root DN breaks UI
- Issue 5446 - Fix some covscan issues (#5451)
- Issue 4308 - checking if an entry is a referral is expensive
- Issue 5447 - UI - add NDN max cache size to UI
- Issue 5443 - UI - disable save button while saving
- Issue 5413 - Allow only one MemberOf fixup task at a time
- Issue 5158 - entryuuid fixup tasks fails in replicated topology (#5439)
- Issue 4592 - dscreate error with custom dir_path (#5434)
* Tue Sep 20 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.3-2
- Bump verrsion to 2.2.3-2
- Replace pcre-delvel requirment with pcre2-devel
* Thu Sep 1 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.3-1
- Bump verrsion to 2.2.3
- Issue 5012 - Migrate pcre to pcre2 - remove match limit
- Update CI tests
- Issue 5356 - Make Rust non-optional and update default password storage scheme
- Issue 5012 - Migrate pcre to pcre2
- Issue 5428 - Fix regression with nscpEntryWsi computation
- Fix missing 'not' in description (closes #5423) (#5424)
- Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422)
- Issue 3903 - fix repl keep alive event interval
- Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420)
- Issue 5415 - Hostname when set to localhost causing failures in other tests
- Issue 5412 - lib389 - do not set backend name to lowercase
- Issue 5407 - sync_repl crashes if enabled while dynamic plugin is enabled (#5411)
- Issue 5385 - LMDB - import crash in rdncache_add_elem (#5406)
- Issue 5403 - Memory leak in conntection table mulit list (#5404)
- Issue 3903 - keep alive update event starts too soon
- Issue 5397 - Fix various memory leaks
- Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400)
- Issue 3903 - Supplier should do periodic updates
- Issue 5377 - Code cleanup: Fix Covscan invalid reference (#5393)
- Issue 5394 - configure doesn't check for lmdb and json-c
- Issue 5392 - dscreate fails when using alternative ports in the SELinux hi_reserved_port_t label range
- Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387)
- Issue 5388 - fix use-after-free and deadcode
- Issue 5383 - UI - Various fixes and RFE's for UI
- Issue 4656 - Remove problematic language from source code
- Issue 5380 - Separate cleanAllRUV code into new file
- Issue 5322 - optime & wtime on rejected connections is not properly set
- Issue 5335 - RFE - Add Security Audit Log
- Issue 5375 - CI - disable TLS hostname checking
- Issue 981 - Managed Entries betxnpreoperation - transaction not aborted on managed entry failure (#5369)
- Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function
- Issue 5371 - Update npm and cargo packages
- Issue 3069 - Support ECDSA private keys for TLS (#5365)
- Issue 5290 - Importing certificate chain files via "import-server-key-cert" no longer works (#5293)
* Mon Aug 01 2022 Frantisek Zatloukal <fzatlouk@redhat.com> - 2.2.2-3
- Rebuilt for ICU 71.1
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 5 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.2-1
- Bump version to 2.2.2
- Issue 5221 - fix covscan (#5359)
- Issue 5294 - Report Portal 5 is not processing an XML file with (#5358)
- Issue 5353 - CLI - dsconf backend export breaks with multiple backends
- Issue 5346 - New connection table fails with ASAN failures (#5350)
- Issue 5345 - BUG - openldap migration fails when ppolicy is active (#5347)
- Issue 5323 - BUG - improve skipping of monitor db (#5340)
- Issue 5329 - Improve replication extended op logging
- Issue 5343 - Various improvements to winsync
- Issue 4932 - CLI - add parser aliases to long arg names
- Issue 5332 - BUG - normalise filter as intended
- Issue 5327 - Validate test metadata
- Issue 4812 - Scalability with high number of connections (#5090)
- Issue 4348 - Add tests for dsidm
- Issue 5333 - 389-ds-base fails to build with Python 3.11
* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 2.2.1-4
- Rebuilt for Python 3.11
* Wed Jun 15 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.1-3
- Bump version to 2.2.1-3
- Issue 5332 - BUG - normalise filter as intended
- Issue 5327 - Validate test metadata
- Issue 4348 - Add tests for dsidm
- Bump crossbeam-utils from 0.8.6 to 0.8.8 in /src
- Issue 5333 - 389-ds-base fails to build with Python 3.11
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 2.2.1-2
- Rebuilt for Python 3.11
* Fri Jun 3 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.1-1
- Bump version to 2.2.1
- Issue 5323 - BUG - Fix issue in mdb tests with monitor (#5326)
- Issue 5170 - BUG - incorrect behaviour of filter test (#5315)
- Issue 5324 - plugin acceptance test needs hardening
- Issue 5319 - dsctl_tls_test.py fails with openssl-3.x
- Issue 5323 - BUG - migrating database for monitoring interface lead to crash (#5321)
- Issue 5304 - Need a compatibility option about sub suffix handling (#5310)
- Issue 5313 - dbgen test uses deprecated -h HOST and -p PORT options for ldapmodify
- Issue 5311 - Missing Requires for acl in the spec file
- Issue 5305 - OpenLDAP version autodetection doesn't work
- Issue 5307 - VERSION_PREREL is not set correctly in CI builds
- Issue 5302 - Release tarballs don't contain cockpit webapp
- Issue 5170 - RFE - improve filter logging to assist debugging (#5301)
- Issue 5299 - jemalloc 5.3 released
- Issue 5175 - Remove stale zlib-devel dependency declaration (#5173)
- Issue 5294 - Report Portal 5 is not processing test results XML file
- Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285)
- Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292)
- Issue 379 - RFE - Compress rotated logs (fix linker)
- Issue 379 - RFE - Compress rotated logs
- Issue 5281 - HIGH - basic test does not run
- Issue 5284 - Replication broken after password change (#5286)
- Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'
- Issue 5170 - RFE - Filter optimiser (#5171)
- Issue 5276 - CLI - improve task handling
- Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153)
- Issue 3 - ansible-ds - Prefix handling fix (#5275)
- Issue 5273 - CLI - add arg completer for instance name
- Issue 2893 - CLI - dscreate - add options for setting up replication
- Issue 4866 - CLI - when enabling replication set changelog trimming by default
- Issue 5241 - UI - Add account locking missing functionality (#5251)
- Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266)
- Issue 4904 - Fix various small issues
- lib389 prerequisite for ansible-ds (#5253)
- Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261)
- Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256)
- Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255)
- Issue 5210 - Python undefined names in lib389
- Issue 5065 - Crash in suite plugins - test_dna_max_value (#5108)
- Issue 5247 - BUG - Missing attributes in samba schema (#5248)
- Issue 5242- Craft message may crash the server (#5243)
- Issue 4775 -plugin entryuuid failing (#5229)
- Issue 5239 - Nightly copr builds are broken
- Issue 5237 - audit-ci: Cannot convert undefined or null to object
- Issue 5234 - UI - rename Users and Groups tab
- Issue 5227 - UI - No way to move back to Get Started step (#5233)
- Issue 5217 - Simplify instance creation and administration by non root user (#5224)