From 40bc33f600e5af8e2f884121c59700b90c8b3358 Mon Sep 17 00:00:00 2001 From: Jan Vcelak Date: Nov 23 2010 16:45:47 +0000 Subject: fix database upgrade process Resolves: #656257 --- diff --git a/openldap.spec b/openldap.spec index d1e77f7..00dfb07 100644 --- a/openldap.spec +++ b/openldap.spec @@ -400,14 +400,14 @@ fi # upgrade if [ $1 -eq 2 ]; then - # safe way to migrate the database if minor version number changed (2.x -> 2.y) + # safe way to migrate the database if version number changed # http://www.openldap.org/doc/admin24/maintenance.html - old_version=$(rpm -q --qf=%%{version} openldap-servers | sed 's/\.[0-9]*$//') - new_version=$(sed 's/\.[0-9]*$//' <<< %{version}) + old_version=$(rpm -q --qf=%%{version} openldap-servers) + new_version=%{version} if [ "$old_version" != "$new_version" ]; then - pushd %{_sharedstatedir}/ldap + pushd %{_sharedstatedir}/ldap &>/dev/null # stop the service if service slapd status &>/dev/null; then @@ -417,7 +417,7 @@ if [ $1 -eq 2 ]; then rm -f need_start fi - if ls __db.* &>/dev/null; then + if ls *.bdb &>/dev/null; then # export the database if [ -f %{_sysconfdir}/openldap/slapd.conf ]; then slapcat -f %{_sysconfdir}/openldap/slapd.conf -l upgrade.ldif &>/dev/null @@ -427,15 +427,21 @@ if [ $1 -eq 2 ]; then # backup the old database if [ $? -eq 0 ]; then - rm -rf rpmorig - mv alock *.bdb __db.* log.* rpmorig &>/dev/null || : - cp -f rpmorig/DB_CONFIG . &>/dev/null || : + chown ldap:ldap upgrade.ldif + chmod 0400 upgrade.ldif + + rm -rf backup + mkdir -m 0700 backup + chown 0500 backup + + mv alock *.bdb __db.* log.* backup &>/dev/null + cp -f backup/DB_CONFIG DB_CONFIG &>/dev/null else rm -f upgrade.ldif fi fi - popd + popd &>/dev/null fi fi @@ -475,24 +481,24 @@ if ! ls -d %{_sysconfdir}/openldap/slapd.d/* &>/dev/null; then cp %{_datadir}/openldap-servers/slapd.conf.obsolete %{_sysconfdir}/openldap/slapd.conf # convert from old style config slapd.conf - mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak - mkdir -p %{_sysconfdir}/openldap/slapd.d/ - lines=$(egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1) - lines=$(($lines-1)) - head -n $lines %{_sysconfdir}/openldap/slapd.conf.bak > %{_sysconfdir}/openldap/slapd.conf - cat >> %{_sysconfdir}/openldap/slapd.conf << EOF + mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak + mkdir -p %{_sysconfdir}/openldap/slapd.d/ + lines=$(egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1) + lines=$(($lines-1)) + head -n $lines %{_sysconfdir}/openldap/slapd.conf.bak > %{_sysconfdir}/openldap/slapd.conf + cat >> %{_sysconfdir}/openldap/slapd.conf << EOF database config rootdn "cn=admin,cn=config" #rootpw secret EOF - lines_r=$(wc --lines %{_sysconfdir}/openldap/slapd.conf.bak | cut -f1 -d" ") - lines_r=$(($lines_r-$lines)) - tail -n $lines_r %{_sysconfdir}/openldap/slapd.conf.bak >> %{_sysconfdir}/openldap/slapd.conf - slaptest -f %{_sysconfdir}/openldap/slapd.conf -F %{_sysconfdir}/openldap/slapd.d > /dev/null 2> /dev/null - chown -R ldap:ldap %{_sysconfdir}/openldap/slapd.d - chmod -R 000 %{_sysconfdir}/openldap/slapd.d - chmod -R u+rwX %{_sysconfdir}/openldap/slapd.d - rm -f %{_sysconfdir}/openldap/slapd.conf + lines_r=$(wc --lines %{_sysconfdir}/openldap/slapd.conf.bak | cut -f1 -d" ") + lines_r=$(($lines_r-$lines)) + tail -n $lines_r %{_sysconfdir}/openldap/slapd.conf.bak >> %{_sysconfdir}/openldap/slapd.conf + slaptest -f %{_sysconfdir}/openldap/slapd.conf -F %{_sysconfdir}/openldap/slapd.d > /dev/null 2> /dev/null + chown -R ldap:ldap %{_sysconfdir}/openldap/slapd.d + chmod -R 000 %{_sysconfdir}/openldap/slapd.d + chmod -R u+rwX %{_sysconfdir}/openldap/slapd.d + rm -f %{_sysconfdir}/openldap/slapd.conf rm -f %{_sharedstatedir}/ldap/__db* %{_sharedstatedir}/ldap/alock [ $fresh_install -eq 0 ] && rm -f %{_sysconfdir}/openldap/slapd.conf.bak @@ -500,8 +506,8 @@ fi # finish database migration (see %pre) if [ -f %{_sharedstatedir}/ldap/upgrade.ldif ]; then - runuser -m -s /usr/sbin/slapadd -- ldap -l %{_sharedstatedir}/ldap/upgrade.ldif &>/dev/null - rm -f %{_sharedstatedir}/ldap/upgrade.ldif + runuser -m -s /usr/sbin/slapadd -- ldap -q -l %{_sharedstatedir}/ldap/upgrade.ldif >/dev/null + mv -f %{_sharedstatedir}/ldap/upgrade.ldif %{_sharedstatedir}/ldap/backup.ldif fi # restart after upgrade @@ -536,7 +542,7 @@ fi # db4 upgrade (see %triggerun) if [ $2 -eq 2 ]; then - pushd %{_sharedstatedir}/ldap + pushd %{_sharedstatedir}/ldap &>/dev/null # we are interested in minor version changes (both versions of db4 are installed at this moment) if [ "$(rpm -q --qf="%%{version}\n" db4 | sed 's/\.[0-9]*$//' | sort -u | wc -l)" != "1" ]; then @@ -555,7 +561,7 @@ if [ $2 -eq 2 ]; then rm -f upgrade_db4 fi - popd + popd &>/dev/null fi exit 0 @@ -564,7 +570,7 @@ exit 0 # db4 upgrade (see %triggerin) if [ -f %{_sharedstatedir}/ldap/upgrade_db4 ]; then - pushd %{_sharedstatedir}/ldap + pushd %{_sharedstatedir}/ldap &>/dev/null # perform the upgrade if ls *.bdb &>/dev/null; then @@ -579,7 +585,7 @@ if [ -f %{_sharedstatedir}/ldap/upgrade_db4 ]; then fi rm -f upgrade_db4 - popd + popd &>/dev/null fi exit 0 @@ -658,6 +664,7 @@ exit 0 - Mozilla NSS - implement full non-blocking semantics ldapsearch -Z hangs server if starttls fails (#652822) - updated list of all overlays in slapd.conf (#655899) +- fix database upgrade process (#656257) * Thu Nov 18 2010 Jan Vcelak 2.4.23-3 - add support for multiple prefixed Mozilla NSS database files in TLS_CACERTDIR