%global pkgname dirsrv
# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
# also remove the space between % and global - this space is needed because
# fedpkg verrel stupidly ignores comment lines
#% global prerel .rc3
# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
#% global relprefix 0.
%global use_openldap 1
%global use_db4 0
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
%global use_Socket6 0
# (cg) NB the --with-tmpfiles_d argument below is for user generated config files
# created via DSCreate.pm script - i.e. it should be the /etc/ path, NOT %_tmpfilesdir
# Mageia 3 and later uses tmpfiles.d
# otherwise, comment this out
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
# systemd support
%global groupname %{pkgname}.target
Summary: 389 Directory Server (base)
Name: 389-ds-base
Version: 1.3.0.9
%define subrel 1
Release: %mkrel 1
License: GPLv2 with exceptions
URL: http://port389.org/
Group: System/Servers
Requires: %{name}-libs = %{version}-%{release}
Provides: ldif2ldbm
BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: krb5-devel
BuildRequires: svrcore-devel
%if %{use_openldap}
BuildRequires: openldap-devel
%else
BuildRequires: mozldap-devel
%endif
%if %{use_db4}
BuildRequires: db4-devel
%else
BuildRequires: db-devel
%endif
BuildRequires: libsasl-devel
BuildRequires: icu
BuildRequires: libicu-devel
BuildRequires: pcre-devel
BuildRequires: gcc-c++
# The following are needed to build the snmp ldap-agent
BuildRequires: net-snmp-devel
BuildRequires: bzip2-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
BuildRequires: tcp_wrappers
# the following is for the pam passthru auth plug-in
BuildRequires: pam-devel
BuildRequires: systemd-units
# this is needed for using semanage from our setup scripts
Requires: policycoreutils-python
Requires(post): rpm-helper >= %{rpmhelper_required_version}
Requires(preun): rpm-helper >= %{rpmhelper_required_version}
# the following are needed for some of our scripts
%if %{use_openldap}
Requires: openldap-clients
%else
Requires: mozldap-tools
%endif
# use_openldap assumes perl-Mozilla-LDAP is built with openldap support
Requires: perl-Mozilla-LDAP
# this is needed to setup SSL if you are not using the
# administration server package
Requires: nss
# these are not found by the auto-dependency method
# they are required to support the mandatory LDAP SASL mechs
Requires: sasl-plug-gssapi
Requires: sasl-plug-digestmd5
# this is needed for verify-db.pl
%if %{use_db4}
Requires: db4-utils
%else
Requires: db5-utils
%endif
# This picks up libperl.so as a Requires, so we add this versioned one
# We don't pack this virtual package in Mageia and it doesn't look it's needed anymore in mdern perl.
# Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
# for the init script
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
# for setup-ds.pl to support ipv6
%if %{use_Socket6}
Requires: perl-Socket6
%else
Requires: perl-Socket
%endif
Requires: perl-NetAddr-IP
Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
# 389-ds-git.sh should be used to generate the source tarball from git
Source1: %{name}-git.sh
Source2: %{name}-devel.README
Patch0: mageia-nogroup.patch
Patch1: 0001-Ticket-47739-directory-server-is-insecurely-misinter.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
%package libs
Summary: Core libraries for 389 Directory Server
Group: System/Servers
BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: svrcore-devel
%if %{use_openldap}
BuildRequires: openldap-devel
%else
BuildRequires: mozldap-devel
%endif
%if %{use_db4}
BuildRequires: db4-devel
%else
BuildRequires: db-devel
%endif
BuildRequires: libsasl-devel
BuildRequires: libicu-devel
BuildRequires: pcre-devel
%description libs
Core libraries for the 389 Directory Server base package. These libraries
are used by the main package and the -devel package. This allows the -devel
package to be installed with just the -libs package and without the main package.
%package devel
Summary: Development libraries for 389 Directory Server
Group: System/Libraries
Requires: %{name}-libs = %{version}-%{release}
Requires: pkgconfig
Requires: nspr-devel
Requires: nss-devel
Requires: svrcore-devel
%if %{use_openldap}
Requires: openldap-devel
%else
Requires: mozldap-devel
%endif
%description devel
Development Libraries and headers for the 389 Directory Server base package.
%prep
%setup -q -n %{name}-%{version}%{?prerel}
cp %{SOURCE2} README.devel
%patch0 -p1 -b .mageia-nogroup
%patch1 -p1 -b .0001-Ticket-47739
%build
autoreconf -fi
%if %{use_openldap}
OPENLDAP_FLAG="--with-openldap"
%endif
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss"
%configure2_5x --enable-autobind \
--with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
--with-systemdgroupname=%{groupname} $NSSARGS
# Generate symbolic info for debuggers
export XCFLAGS=$RPM_OPT_FLAGS
%ifarch x86_64
export USE_64=1
%endif
%make
%install
make DESTDIR="%{buildroot}" install
mkdir -p %{buildroot}/var/log/%{pkgname}
mkdir -p %{buildroot}/var/lib/%{pkgname}
mkdir -p %{buildroot}/var/lock/%{pkgname}
# for systemd
# This is the Fedora and other Distro's way but our BS rejects this file
# mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{groupname}.wants
#remove libtool and static libs
rm -f %{buildroot}%{_libdir}/%{pkgname}/*.a
rm -f %{buildroot}%{_libdir}/%{pkgname}/*.la
rm -f %{buildroot}%{_libdir}/%{pkgname}/plugins/*.a
rm -f %{buildroot}%{_libdir}/%{pkgname}/plugins/*.la
# make sure perl scripts have a proper shebang
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' %{buildroot}%{_datadir}/%{pkgname}/script-templates/template-*.pl
%post
output=/dev/null
# We need to do this because the BS doesn't accept the way Fedora (upstream) and others do it.
if [ $1 = 1 ] ; then
mkdir -p %{_sysconfdir}/systemd/system/%{groupname}.wants
fi
%_post_service %{pkgname}-snmp
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
# reload to pick up any shared lib changes
/sbin/ldconfig
# restart the snmp subagent if needed
/bin/systemctl try-restart %{pkgname}-snmp.service > $output 2>&1 || :
# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
fi
echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* > $output 2>&1 || :
for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
echo found instance $inst - getting status > $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running > $output 2>&1 || :
instances="$instances $inst"
else
echo instance $inst is not running > $output 2>&1 || :
fi
ninst=`expr $ninst + 1`
done
if [ $ninst -eq 0 ] ; then
echo no instances to upgrade > $output 2>&1 || :
exit 0 # have no instances to upgrade - just skip the rest
fi
# shutdown all instances
echo shutting down all instances . . . > $output 2>&1 || :
/bin/systemctl stop %{groupname} > $output 2>&1 || :
echo remove pid files . . . > $output 2>&1 || :
/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid
# do the upgrade
echo upgrading instances . . . > $output 2>&1 || :
%{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline > $output 2>&1 || :
# restart instances that require it
for inst in $instances ; do
echo restarting instance $inst > $output 2>&1 || :
/bin/systemctl start $inst > $output 2>&1 || :
done
exit 0
%preun
if [ $1 -eq 0 ]; then # Final removal
# Package removal, not upgrade
%systemd_preun %{pkgname}-snmp.service %{groupname}
# remove instance specific service files/links
rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
fi
%postun
/sbin/ldconfig
if [ $1 = 0 ]; then # Final removal
rm -rf /var/run/%{pkgname}
fi
%files
%doc LICENSE EXCEPTION LICENSE.GPLv2
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
%dir %{_sysconfdir}/%{pkgname}/config
# This is the Fedora and other Distro's way but our BS rejects this file
# %dir %{_sysconfdir}/systemd/system/%{groupname}.wants
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd
%{_datadir}/%{pkgname}
%{_unitdir}
%{_bindir}/*
%{_sbindir}/*
%{_libdir}/%{pkgname}/libns-dshttpd.so*
%{_libdir}/%{pkgname}/perl
%{_libdir}/%{pkgname}/plugins/*.so
%dir %{_localstatedir}/lib/%{pkgname}
%dir %{_logdir}/%{pkgname}
%{_mandir}/man1/*
%{_mandir}/man8/*
%files devel
%doc LICENSE EXCEPTION LICENSE.GPLv2 README.devel
%{_includedir}/%{pkgname}
%{_libdir}/%{pkgname}/libslapd.so
%{_libdir}/pkgconfig/*
%files libs
%doc LICENSE EXCEPTION LICENSE.GPLv2 README.devel
%{_libdir}/%{pkgname}/libslapd.so.*
%changelog
* Fri Mar 14 2014 spuhler <spuhler> 1.3.0.9-1.1.mga3
+ Revision: 603900
- added 0001-Ticket-47739-directory-server-is-insecurely-misinter.patch from upstream
* this fixes bug #13019, CVE-2014-0132
- upgrade to version 1.3.0.9
* This resolves bug #11720, CVE-2013-4485
- made the "mkdir" conditional
- upgrade to version 1.3.0.5
- removed patch CVE-2013-2219-ACLs-inoperative-in-some-search-scenar.patch
* already incorporated in updtaed source
- this updated solves security issue CVE-2013-4283, bug #10889
- added autoreconf -fi to make mageia-nogroup.patch active
- bumped subrel
- changed the way how to create the %%{_sysconfdir}/systemd/system/%%{groupname}.wants file for instance @dirsrv
* The BS reject the way of adding this directory in the files section
- added %%dir %%{_sysconfdir}/systemd/system/%%{groupname}.wants
- this directory is needed so dirsrv@instance.service can put their instance in there
- enables added instances to start at boot
added mageia-nogroup patch
- provides the correct group at setup, we use group nogroup instead of nobody
added rpm-helper macros
+ luigiwalser <luigiwalser>
- add patch from redhat to fix CVE-2013-2219
* Tue Apr 16 2013 spuhler <spuhler> 1.3.0.5-2.mga3
+ Revision: 410202
- replaced incorrect macro in post section with Mageia macro
- %%systemd_post with %%_post_service
* Wed Apr 03 2013 spuhler <spuhler> 1.3.0.5-1.mga3
+ Revision: 407558
- upgrade to ver. 1.3.0.5
Fixes to following issues from upstream
- unintended information exposure when anonymous access is set to rootdse
- crash in aci evaluation
- ns-slapd crashes sporadically with segmentation fault in libslapd.so
- Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up
- 389-ds-base cannot handle Kerberos tickets with PAC
- cleanAllRUV task fails to cleanup config upon completion
* Wed Mar 13 2013 spuhler <spuhler> 1.3.0.4-1.mga3
+ Revision: 402840
- upgrade to version 1.3.0.4 fixes
* Bug 9349 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
* DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled)
* Slow role performance when using a lot of roles
* Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry
* Mon Mar 04 2013 spuhler <spuhler> 1.3.0.3-1.mga3
+ Revision: 401340
- upgrade to 1.3.0.3
Lots of bugfixes by upstream
o Ticket #584 - Existence of an entry is not checked when its password is to be deleted
o Ticket 562 - Crash when deleting suffix
o Ticket #542 - Cannot dynamically set nsslapd-maxbersize
o Ticket 556 - Don't overwrite certmap.conf during upgrade
o Ticket 549 - DNA plugin no longer reports additional info when range is depleted
o Ticket 541 - need to set plugin as off in ldif template
o Ticket 541 - RootDN Access Control plugin is missing after upgrade
- cleaned up spec file
aaded Requires: libselinux-utils
* Fri Jan 11 2013 umeabot <umeabot> 1.3.0-4.mga3
+ Revision: 345051
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild
* Tue Dec 18 2012 spuhler <spuhler> 1.3.0-3.mga3
+ Revision: 332415
- upgrade to rc2
bumped rel
* Sun Dec 16 2012 spuhler <spuhler> 1.3.0-2.mga3
+ Revision: 331346
- upgrade to from a1 to rc1
* Sat Dec 01 2012 spuhler <spuhler> 1.3.0-1.mga3
+ Revision: 324211
- upgrade to 1.3.0
* Sat Dec 01 2012 fwang <fwang> 1.2.11.15-5.mga3
+ Revision: 323723
- rebuild for new pcre
* Sun Nov 25 2012 colin <colin> 1.2.11.15-4.mga3
+ Revision: 321807
- Do not ship the /var/lock folder
- Ensure tmpfiles.d is enabled in the DSCreate.pm script
- Add patch to create the .wants folder for systemd units.
- Do not ship any systemd folders in /etc
* Fri Nov 09 2012 fwang <fwang> 1.2.11.15-3.mga3
+ Revision: 316610
- rebuild for update icu
* Tue Nov 06 2012 fwang <fwang> 1.2.11.15-2.mga3
+ Revision: 314759
- rebuild for new icu
* Sun Oct 21 2012 spuhler <spuhler> 1.2.11.15-1.mga3
+ Revision: 308664
- upgrade to version 2.12.11.15
* Mon Oct 15 2012 spuhler <spuhler> 1.2.11.12-2.mga3
+ Revision: 305913
- changed the libname as done by upstream
bumped rel
* Sat Oct 13 2012 spuhler <spuhler> 1.2.11.12-1.mga3
+ Revision: 305248
- added LDFLAGS=-L%%{perl_archlib}/CORE
commented out Requires: perl(:MODULE_COMPAT_%%(eval "`%%{__perl} -V:version`"; echo $version))
- added Buildrequires: krb5-devel
- fixed Requires naming
- mageified spec file and removed unneeded lines
- cleaned up spec file
- imported package 389-ds-base
distrib
>
Mageia
>
3
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
83bfad456b1d2cf4b5fe637df4d72b17
>
files
>
5
