389-ds-base/389-ds-base.spec
Mark Reynolds 04994aacbb Bump version to 2.1.0-1
Issue 4299 - UI - fix minor issues with ldap editor (table view)
Issue 4299 - UI - fix minor issues with ldap editor
Issue 5103 - UI - Add support for TPR to web console (#5111)
Issue 2790 - RFE - set db home directory to /dev/shm by default
Issue 5127 - ds_selinux_restorecon.sh: always exit 0
Issue 5135 - UI - Disk monitoring threshold does update properly
Issue 5129 - BUG - Incorrect fn signature in add_index (#5130)
Issue 5132 - Update Rust crate lru to fix CVE
Issue 3555 - UI - fix audit issue with npm nanoid
Issue 4299 - UI - Add ACI editing features
Issue 5127 - run restorecon on /dev/shm at server startup
Issue 5124 - dscontainer fails to create an instance
Issue 5098 - Multiple issues around replication and CI test test_online_reinit_may_hang (#5109)
Issue 4939 - Redesign LMDB import (#5071)
Issue 5113 - Increase timestamp precision for development builds
Issue 5115 - AttributeError: type object 'build_manpages' has no attribute 'build_manpages'
Issue 5117 - Revert skipif line from CI test (#5118)
Issue 5102 - BUG - container may fail with bare uid/gid (#5110)
Issue 5077 - UI - Add retrocl exclude attribute functionality (#5078)
Issue 5105 - During a bind, if the target entry is not reachable the operation may complete without sending result (#5107)
Issue 5074 - retro changelog cli updates (#5075)
Issue 3584 - Add is_fips check to password tests (#5100)
Issue 5095 - sync-repl with openldap may send truncated syncUUID (#5099)
Issue 5032 - Fix OpenLDAP version check (#5091)
Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094)
Issue 2929 - Fix github warnings
Issue 5053 - Improve GitHub Actions debugging
Issue 5088 - dsctl dblib broken because of a merge issue (#5089)
Issue 5079 - BUG - multiple ways to specific primary (#5087)
Issue 5085 - Race condition about snmp collator at startup (#5086)
Issue 5082 - slugify: ModuleNotFoundError when running test cases
Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail (#5003)
Issue 5037 - in OpenQA changelog trimming can crashes (#5070)
Issue 5049 - ns-slapd crash in replication/acceptance_test.py (#5063)
Issue 4890 - Need cli to easely get simple performance statistics (#4891)
Issue 5011 - test_replica_backup_and_restore random failure (#5066)
Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality
Issue 5018 - RFE - openSUSE systemd hardening (#5019)
Issue 4962 - Fix various UI bugs - Database and Backups (#5044)
Issue 5055 - Improve core dump detection and collection in PR CI
Issue 4994 - Revert retrocl dependency workaround (#4995)
Issue 5046 - BUG - update concread (#5047)
Issue 5043 - BUG - Result must be used compiler warning (#5045)
Issue 4312 - performance search rate: contention on global monitoring counters (#4940)
Issue 5034 - is_dbi contains an invalid debug message that trigger failure in import_tests (#5035)
Issue 5029 - Unbind generates incorrent closed error message (#5030)
Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections
Issue 4931 - RFE: dsidm - add creation of service accounts
Issue 5024 - BUG - windows ro replica sigsegv (#5027)
Issue 4758 - Add tests for WebUI
Issue 5032 - OpenLDAP is not shipped with non-threaded version of libldap (#5033)
Issue 5038 - BUG - dsconf tls may fail due to incorrect cert path (#5039)
Issue 5020 - BUG - improve clarity of posix win sync logging (#5021)
Issue 5011 - test_replica_backup_and_restore random failure (#5028)
Issue 5025 - RFE - remove useless logging (#5026)
Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeeds (#5009)
Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016)
Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import (#5017)
Issue 5014 - UI - Add group creation to LDAP editor
Issue 5006 - UI - LDAP editor tree not being properly updated
Issue 4923 - issue about LMDB dbi versus txn handling (#4924)
Issue 5001 - Update CI test for new availableSASLMechs attribute
Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail.
Issue 5001 - Fix next round of UI bugs:
Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000)
Issue 4734 - ldif2db - import of entry with no parent doesnt generate a warning
Issue 4778 - [RFE] Schedule execution of "compactdb" at specific date/time
Issue 4978 - use more portable python command for checking containers
Issue 4990 - CI tests: improve robustness of fourwaymmr (#4991)
Issue 4992 - BUG - slapd.socket container fix (#4993)
Issue 4984 - BUG - pid file handling (#4986)
Issue 4460 - python3-lib389 ignore the configuration parameters from … (#4906)
Issue 4982 - BUG - missing inttypes.h (#4983)
Issue 4758 - Add tests for WebUI
Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981)
Issue 4096 - Missing perl dependencies for logconv.pl
Issue 4758 - Add tests for WebUI
Issue 4978 - make installer robust
Issue 4898 - Implement bdb to lmdb CLI migration tools (#4952)
Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import
Issue 4973 - update snmp to use /run/dirsrv for PID file
Issue 4973 - installer changes permissions on /run
Issue 4959 - BUG - Invalid /etc/hosts setup can cause isLocalHost (#4960)
Issue 4962 - Fix various UI bugs - Plugins (#4969)
Issue 4092 - systemd-tmpfiles warnings
Issue 4956 - Automember allows invalid regex, and does not log proper error
Issue 4731 - Promoting/demoting a replica can crash the server
Issue 4962 - Fix various UI bugs part 1
Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)
Issue 4943 - Fix csn generator to limit time skew drift (#4946)
Issue 4954 - pytest is killed by OOM killer when the whole test suite is executed
Issue 2790 - Set db home directory by default
Issue 4299 - Merge LDAP editor code into Cockpit UI
Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace
Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922)
Issue 4896 - improve CI tests report in case of SERVER_DOWN exception (#4897)
Issue 4678 - RFE automatique disable of virtual attribute checking (#4918)
Issue 4847 - BUG - potential deadlock in replica (#4936)
Issue 4513 - fix ACI CI tests involving ip/hostname rules
Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926)
Issue 4916 - Memory leak in ldap-agent
Issue 4656 DS Remove problematic language from CLI tools and UI (#4893)
Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
Issue 4912 - Account Policy plugin does not set the config entry DN
Issue 4863 - typoes in logconv.pl
Issue 4796 - Add support for nsslapd-state to CLI & UI
Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
Issue 4914 - BUG - resolve duplicate stderr with clang (#4915)
Issue 4912 - dsidm command crashing when account policy plugin is enabled
Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
Issue 4577 - Add GitHub actions
Issue 4901 - Add COPR integration
Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks
Issue 4889 - bdb lock deadlock while reindex/import vlv index (#4892)
Issue 4773 - Extend CI tests for DNA interval assignment
Issue 4887 - UI - fix minor regression from camelCase fixup
Issue 4887 - UI - Update webpack.config.js and package.json
Issue 4725 [RFE] DS - Update the password policy to support Temporary Password Rules (#4853)
Issue 4149 - UI - Migrate the remaining components to PF4
Issue 4169 - Migrate Replication & Schema tabs to PF4
Issue 4875 - CLI - Add some verbosity to installer
Issue 4884 - server crashes when dnaInterval attribute is set to zero
Issue 4880: Revert removed_config_49298_test.py wrongly modified by issue 4699 (#4881)
Issue 4699 - backend redesign phase 4 - db-mdb plugin implementation (#4716)
Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878)
Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876)
Issue 4775 - Add entryuuid CLI and Fixup (#4776)
Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871)
Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867)
Issue 4096 - Missing perl dependencies for logconv.pl
Issue 4736 - lib389 - fix regression in certutil error checking
2022-02-02 13:52:00 -05:00

858 lines
32 KiB
RPMSpec

%global pkgname dirsrv
%global srcname 389-ds-base
# Exclude i686 bit arches
ExcludeArch: i686
# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
# also remove the space between % and global - this space is needed because
# fedpkg verrel stupidly ignores comment lines
#% global prerel .rc3
# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
#% global relprefix 0.
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
%global use_Socket6 0
%global use_asan 0
%global use_rust 1
%global bundle_jemalloc 1
%if %{use_asan}
%global bundle_jemalloc 0
%endif
%if %{bundle_jemalloc}
%global jemalloc_name jemalloc
%global jemalloc_ver 5.2.1
%global __provides_exclude ^libjemalloc\\.so.*$
%endif
# Use Clang instead of GCC
%global use_clang 0
# Build cockpit plugin
%global use_cockpit 1
# fedora 15 and later uses tmpfiles.d
# otherwise, comment this out
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
# systemd support
%global groupname %{pkgname}.target
# set PIE flag
%global _hardened_build 1
# Filter argparse-manpage from autogenerated package Requires
%global __requires_exclude ^python.*argparse-manpage
# Force to require nss version greater or equal as the version available at the build time
# See bz1986327
%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
Summary: 389 Directory Server (base)
Name: 389-ds-base
Version: 2.1.0
Release: %{?relprefix}1%{?prerel}%{?dist}
License: GPLv3+
URL: https://www.port389.org
Conflicts: selinux-policy-base < 3.9.8
Conflicts: freeipa-server < 4.0.3
Obsoletes: %{name} <= 1.4.0.9
Obsoletes: %{name}-legacy-tools < 1.4.4.6
Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6
Provides: ldif2ldbm >= 0
##### Bundled cargo crates list - START #####
Provides: bundled(crate(ahash)) = 0.7.6
Provides: bundled(crate(ansi_term)) = 0.12.1
Provides: bundled(crate(atty)) = 0.2.14
Provides: bundled(crate(autocfg)) = 1.0.1
Provides: bundled(crate(base64)) = 0.13.0
Provides: bundled(crate(bitflags)) = 1.3.2
Provides: bundled(crate(byteorder)) = 1.4.3
Provides: bundled(crate(cbindgen)) = 0.9.1
Provides: bundled(crate(cc)) = 1.0.72
Provides: bundled(crate(cfg-if)) = 1.0.0
Provides: bundled(crate(clap)) = 2.34.0
Provides: bundled(crate(concread)) = 0.2.21
Provides: bundled(crate(crossbeam)) = 0.8.1
Provides: bundled(crate(crossbeam-channel)) = 0.5.2
Provides: bundled(crate(crossbeam-deque)) = 0.8.1
Provides: bundled(crate(crossbeam-epoch)) = 0.9.6
Provides: bundled(crate(crossbeam-queue)) = 0.3.3
Provides: bundled(crate(crossbeam-utils)) = 0.8.6
Provides: bundled(crate(entryuuid)) = 0.1.0
Provides: bundled(crate(entryuuid_syntax)) = 0.1.0
Provides: bundled(crate(fastrand)) = 1.7.0
Provides: bundled(crate(fernet)) = 0.1.4
Provides: bundled(crate(foreign-types)) = 0.3.2
Provides: bundled(crate(foreign-types-shared)) = 0.1.1
Provides: bundled(crate(getrandom)) = 0.2.4
Provides: bundled(crate(hashbrown)) = 0.11.2
Provides: bundled(crate(hermit-abi)) = 0.1.19
Provides: bundled(crate(instant)) = 0.1.12
Provides: bundled(crate(itoa)) = 1.0.1
Provides: bundled(crate(jobserver)) = 0.1.24
Provides: bundled(crate(lazy_static)) = 1.4.0
Provides: bundled(crate(libc)) = 0.2.116
Provides: bundled(crate(librnsslapd)) = 0.1.0
Provides: bundled(crate(librslapd)) = 0.1.0
Provides: bundled(crate(lock_api)) = 0.4.6
Provides: bundled(crate(log)) = 0.4.14
Provides: bundled(crate(lru)) = 0.7.2
Provides: bundled(crate(memoffset)) = 0.6.5
Provides: bundled(crate(once_cell)) = 1.9.0
Provides: bundled(crate(openssl)) = 0.10.38
Provides: bundled(crate(openssl-sys)) = 0.9.72
Provides: bundled(crate(parking_lot)) = 0.11.2
Provides: bundled(crate(parking_lot_core)) = 0.8.5
Provides: bundled(crate(paste)) = 0.1.18
Provides: bundled(crate(paste-impl)) = 0.1.18
Provides: bundled(crate(pin-project-lite)) = 0.2.8
Provides: bundled(crate(pkg-config)) = 0.3.24
Provides: bundled(crate(ppv-lite86)) = 0.2.16
Provides: bundled(crate(proc-macro-hack)) = 0.5.19
Provides: bundled(crate(proc-macro2)) = 1.0.36
Provides: bundled(crate(pwdchan)) = 0.1.0
Provides: bundled(crate(quote)) = 1.0.15
Provides: bundled(crate(rand)) = 0.8.4
Provides: bundled(crate(rand_chacha)) = 0.3.1
Provides: bundled(crate(rand_core)) = 0.6.3
Provides: bundled(crate(rand_hc)) = 0.3.1
Provides: bundled(crate(redox_syscall)) = 0.2.10
Provides: bundled(crate(remove_dir_all)) = 0.5.3
Provides: bundled(crate(ryu)) = 1.0.9
Provides: bundled(crate(scopeguard)) = 1.1.0
Provides: bundled(crate(serde)) = 1.0.136
Provides: bundled(crate(serde_derive)) = 1.0.136
Provides: bundled(crate(serde_json)) = 1.0.78
Provides: bundled(crate(slapd)) = 0.1.0
Provides: bundled(crate(slapi_r_plugin)) = 0.1.0
Provides: bundled(crate(smallvec)) = 1.8.0
Provides: bundled(crate(strsim)) = 0.8.0
Provides: bundled(crate(syn)) = 1.0.86
Provides: bundled(crate(synstructure)) = 0.12.6
Provides: bundled(crate(tempfile)) = 3.3.0
Provides: bundled(crate(textwrap)) = 0.11.0
Provides: bundled(crate(tokio)) = 1.16.1
Provides: bundled(crate(tokio-macros)) = 1.7.0
Provides: bundled(crate(toml)) = 0.5.8
Provides: bundled(crate(unicode-width)) = 0.1.9
Provides: bundled(crate(unicode-xid)) = 0.2.2
Provides: bundled(crate(uuid)) = 0.8.2
Provides: bundled(crate(vcpkg)) = 0.2.15
Provides: bundled(crate(vec_map)) = 0.8.2
Provides: bundled(crate(version_check)) = 0.9.4
Provides: bundled(crate(wasi)) = 0.10.2+wasi_snapshot_preview1
Provides: bundled(crate(winapi)) = 0.3.9
Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(zeroize)) = 1.5.2
Provides: bundled(crate(zeroize_derive)) = 1.3.1
##### Bundled cargo crates list - END #####
BuildRequires: nspr-devel
BuildRequires: nss-devel >= 3.34
BuildRequires: openldap-devel
BuildRequires: lmdb-devel
BuildRequires: libdb-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: icu
BuildRequires: libicu-devel
BuildRequires: pcre-devel
BuildRequires: cracklib-devel
%if %{use_clang}
BuildRequires: libatomic
BuildRequires: clang
%else
BuildRequires: gcc
BuildRequires: gcc-c++
%endif
# The following are needed to build the snmp ldap-agent
BuildRequires: net-snmp-devel
BuildRequires: lm_sensors-devel
BuildRequires: bzip2-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
# the following is for the pam passthru auth plug-in
BuildRequires: pam-devel
BuildRequires: systemd-units
BuildRequires: systemd-devel
%if %{use_asan}
BuildRequires: libasan
%endif
# If rust is enabled
%if %{use_rust}
BuildRequires: cargo
BuildRequires: rust
%endif
BuildRequires: pkgconfig
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(krb5)
# Needed to support regeneration of the autotool artifacts.
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
# For our documentation
BuildRequires: doxygen
# For tests!
BuildRequires: libcmocka-devel
BuildRequires: libevent-devel
# For lib389 and related components
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: python%{python3_pkgversion}-ldap
BuildRequires: python%{python3_pkgversion}-six
BuildRequires: python%{python3_pkgversion}-pyasn1
BuildRequires: python%{python3_pkgversion}-pyasn1-modules
BuildRequires: python%{python3_pkgversion}-dateutil
BuildRequires: python%{python3_pkgversion}-argcomplete
BuildRequires: python%{python3_pkgversion}-argparse-manpage
BuildRequires: python%{python3_pkgversion}-libselinux
BuildRequires: python%{python3_pkgversion}-policycoreutils
# For cockpit
%if %{use_cockpit}
BuildRequires: rsync
%endif
Requires: %{name}-libs = %{version}-%{release}
Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release}
Requires: lmdb
# this is needed for using semanage from our setup scripts
Requires: policycoreutils-python-utils
Requires: /usr/sbin/semanage
Requires: libsemanage-python%{python3_pkgversion}
Requires: selinux-policy >= 3.14.1-29
# the following are needed for some of our scripts
Requires: openldap-clients
Requires: /usr/bin/c_rehash
Requires: python%{python3_pkgversion}-ldap
# this is needed to setup SSL if you are not using the
# administration server package
Requires: nss-tools
Requires: nss >= 3.34
# these are not found by the auto-dependency method
# they are required to support the mandatory LDAP SASL mechs
Requires: cyrus-sasl-gssapi
Requires: cyrus-sasl-md5
Requires: cyrus-sasl-plain
# this is needed for verify-db.pl
Requires: libdb-utils
# Needed for password dictionary checks
Requires: cracklib-dicts
# Needed by logconv.pl
Requires: perl-DB_File
Requires: perl-Archive-Tar
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
Requires: perl-debugger
Requires: perl-sigtrap
%endif
# Picks up our systemd deps.
%{?systemd_requires}
Obsoletes: %{name} <= 1.3.5.4
Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}%{?prerel}.tar.bz2
# 389-ds-git.sh should be used to generate the source tarball from git
Source1: %{name}-git.sh
Source2: %{name}-devel.README
%if %{bundle_jemalloc}
Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
%endif
# Remove this after rust-1.56 lands in repos
%if 0%{?rhel} == 8
Patch0: concread-use-2018-edition.patch
%endif
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
%if %{use_asan}
WARNING! This build is linked to Address Sanitisation libraries. This probably
isn't what you want. Please contact support immediately.
Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
%endif
%package libs
Summary: Core libraries for 389 Directory Server
BuildRequires: nspr-devel
BuildRequires: nss-devel >= 3.34
BuildRequires: openldap-devel
BuildRequires: libdb-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: libicu-devel
BuildRequires: pcre-devel
BuildRequires: libtalloc-devel
BuildRequires: libevent-devel
BuildRequires: libtevent-devel
Requires: krb5-libs
Requires: libevent
BuildRequires: systemd-devel
BuildRequires: make
Provides: svrcore = 4.1.4
Conflicts: svrcore
Obsoletes: svrcore <= 4.1.3
%description libs
Core libraries for the 389 Directory Server base package. These libraries
are used by the main package and the -devel package. This allows the -devel
package to be installed with just the -libs package and without the main package.
%package devel
Summary: Development libraries for 389 Directory Server
Requires: %{name}-libs = %{version}-%{release}
Requires: pkgconfig
Requires: nspr-devel
Requires: nss-devel >= 3.34
Requires: openldap-devel
Requires: libtalloc
Requires: libevent
Requires: libtevent
Requires: systemd-libs
Provides: svrcore-devel = 4.1.4
Conflicts: svrcore-devel
Obsoletes: svrcore-devel <= 4.1.3
%description devel
Development Libraries and headers for the 389 Directory Server base package.
%package snmp
Summary: SNMP Agent for 389 Directory Server
Requires: %{name} = %{version}-%{release}
Obsoletes: %{name} <= 1.4.0.0
%description snmp
SNMP Agent for the 389 Directory Server base package.
%package -n python%{python3_pkgversion}-lib389
Summary: A library for accessing, testing, and configuring the 389 Directory Server
BuildArch: noarch
Requires: openssl
Requires: iproute
Recommends: bash-completion
Requires: python%{python3_pkgversion}
Requires: python%{python3_pkgversion}-distro
Requires: python%{python3_pkgversion}-ldap
Requires: python%{python3_pkgversion}-six
Requires: python%{python3_pkgversion}-pyasn1
Requires: python%{python3_pkgversion}-pyasn1-modules
Requires: python%{python3_pkgversion}-dateutil
Requires: python%{python3_pkgversion}-argcomplete
Requires: python%{python3_pkgversion}-libselinux
Requires: python%{python3_pkgversion}-setuptools
%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
%description -n python%{python3_pkgversion}-lib389
This module contains tools and libraries for accessing, testing,
and configuring the 389 Directory Server.
%if %{use_cockpit}
%package -n cockpit-389-ds
Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server
BuildArch: noarch
Requires: cockpit
Requires: 389-ds-base
Requires: python%{python3_pkgversion}
Requires: python%{python3_pkgversion}-lib389
%description -n cockpit-389-ds
A cockpit UI Plugin for configuring and administering the 389 Directory Server
%endif
%prep
%autosetup -p1 -v -n %{name}-%{version}%{?prerel}
%if %{bundle_jemalloc}
%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
%endif
cp %{SOURCE2} README.devel
%build
OPENLDAP_FLAG="--with-openldap"
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
%if %{use_asan}
ASAN_FLAGS="--enable-asan --enable-debug"
%endif
%if %{use_rust}
RUST_FLAGS="--enable-rust --enable-rust-offline"
%endif
%if !%{use_cockpit}
COCKPIT_FLAGS="--disable-cockpit"
%endif
%if %{use_clang}
export CC=clang
export CXX=clang++
CLANG_FLAGS="--enable-clang"
%endif
%if %{bundle_jemalloc}
# Override page size, bz #1545539
# 4K
%ifarch %ix86 %arm x86_64 s390x
%define lg_page --with-lg-page=12
%endif
# 64K
%ifarch ppc64 ppc64le aarch64
%define lg_page --with-lg-page=16
%endif
# Override huge page size on aarch64
# 2M instead of 512M
%ifarch aarch64
%define lg_hugepage --with-lg-hugepage=21
%endif
# Build jemalloc
pushd ../%{jemalloc_name}-%{jemalloc_ver}
%configure \
--libdir=%{_libdir}/%{pkgname}/lib \
--bindir=%{_libdir}/%{pkgname}/bin \
--enable-prof
make %{?_smp_mflags}
popd
%endif
# Enforce strict linking
%define _ld_strict_symbol_defs 1
# Rebuild the autotool artifacts now.
autoreconf -fiv
%configure --enable-autobind --with-selinux $TMPFILES_FLAG \
--with-systemd \
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
--with-systemdgroupname=%{groupname} \
--libexecdir=%{_libexecdir}/%{pkgname} \
$NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \
--enable-cmocka \
--with-libldap-r=no \
--enable-perl
# lib389
pushd ./src/lib389
%py3_build
popd
# argparse-manpage dynamic man pages have hardcoded man v1 in header,
# need to change it to v8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8
# Generate symbolic info for debuggers
export XCFLAGS=$RPM_OPT_FLAGS
#make %{?_smp_mflags}
make
%install
mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
%if %{use_cockpit}
mkdir -p %{buildroot}%{_datadir}/cockpit
%endif
make DESTDIR="$RPM_BUILD_ROOT" install
%if %{use_cockpit}
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
%endif
# Copy in our docs from doxygen.
cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
# lib389
pushd src/lib389
%py3_install
popd
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}
# for systemd
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
# remove libtool archives and static libs
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la
%if %{bundle_jemalloc}
pushd ../%{jemalloc_name}-%{jemalloc_ver}
make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc
cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc
popd
%endif
%check
# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
%post
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
output2=${DEBUGPOSTTRANS}.upgrade
else
output=/dev/null
output2=/dev/null
fi
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
# Soft static allocation for UID and GID
USERNAME="dirsrv"
ALLOCATED_UID=389
GROUPNAME="dirsrv"
ALLOCATED_GID=389
HOMEDIR="/usr/share/dirsrv"
getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME
if ! getent passwd $USERNAME >/dev/null ; then
if ! getent passwd $ALLOCATED_UID >/dev/null ; then
/usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
else
/usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
fi
fi
# Reload our sysctl before we restart (if we can)
sysctl --system &> $output; true
# Gather the running instances so we can restart them
instbase="%{_sysconfdir}/%{pkgname}"
ninst=0
for dir in $instbase/slapd-* ; do
echo dir = $dir >> $output 2>&1 || :
if [ ! -d "$dir" ] ; then continue ; fi
case "$dir" in *.removed) continue ;; esac
basename=`basename $dir`
inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
instances="$instances $inst"
else
echo instance $inst is not running >> $output 2>&1 || :
fi
ninst=`expr $ninst + 1`
done
if [ $ninst -eq 0 ] ; then
echo no instances to upgrade >> $output 2>&1 || :
exit 0 # have no instances to upgrade - just skip the rest
else
# restart running instances
echo shutting down all instances . . . >> $output 2>&1 || :
for inst in $instances ; do
echo stopping instance $inst >> $output 2>&1 || :
/bin/systemctl stop $inst >> $output 2>&1 || :
done
for inst in $instances ; do
echo starting instance $inst >> $output 2>&1 || :
/bin/systemctl start $inst >> $output 2>&1 || :
done
fi
%preun
if [ $1 -eq 0 ]; then # Final removal
# remove instance specific service files/links
rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
fi
%postun
if [ $1 = 0 ]; then # Final removal
rm -rf /var/run/%{pkgname}
fi
%post snmp
%systemd_post %{pkgname}-snmp.service
%preun snmp
%systemd_preun %{pkgname}-snmp.service %{groupname}
%postun snmp
%systemd_postun_with_restart %{pkgname}-snmp.service
exit 0
%files
%if %{bundle_jemalloc}
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
%license COPYING.jemalloc
%else
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
%endif
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
%dir %{_sysconfdir}/%{pkgname}/config
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
%{_datadir}/%{pkgname}
%{_datadir}/gdb/auto-load/*
%{_unitdir}
%{_bindir}/dbscan
%{_mandir}/man1/dbscan.1.gz
%{_bindir}/ds-replcheck
%{_mandir}/man1/ds-replcheck.1.gz
%{_bindir}/ds-logpipe.py
%{_mandir}/man1/ds-logpipe.py.1.gz
%{_bindir}/ldclt
%{_mandir}/man1/ldclt.1.gz
%{_bindir}/logconv.pl
%{_mandir}/man1/logconv.pl.1.gz
%{_bindir}/pwdhash
%{_mandir}/man1/pwdhash.1.gz
#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
%{_sbindir}/ns-slapd
%{_mandir}/man8/ns-slapd.8.gz
%{_sbindir}/openldap_to_ds
%{_mandir}/man8/openldap_to_ds.8.gz
%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
%{_mandir}/man5/99user.ldif.5.gz
%{_mandir}/man5/certmap.conf.5.gz
%{_mandir}/man5/slapd-collations.conf.5.gz
%{_mandir}/man5/dirsrv.5.gz
%{_mandir}/man5/dirsrv.systemd.5.gz
%{_libdir}/%{pkgname}/python
%dir %{_libdir}/%{pkgname}/plugins
%{_libdir}/%{pkgname}/plugins/*.so
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
# sysctl.d is always in /lib.
%{_prefix}/lib/sysctl.d/*
%dir %{_localstatedir}/lib/%{pkgname}
%dir %{_localstatedir}/log/%{pkgname}
%ghost %dir %{_localstatedir}/lock/%{pkgname}
%exclude %{_sbindir}/ldap-agent*
%exclude %{_mandir}/man1/ldap-agent.1.gz
%exclude %{_unitdir}/%{pkgname}-snmp.service
%if %{bundle_jemalloc}
%{_libdir}/%{pkgname}/lib/
%{_libdir}/%{pkgname}/bin/
%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
%endif
%files devel
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%{_mandir}/man3/*
%{_includedir}/svrcore.h
%{_includedir}/%{pkgname}
%{_libdir}/libsvrcore.so
%{_libdir}/%{pkgname}/libslapd.so
%{_libdir}/%{pkgname}/libns-dshttpd.so
%{_libdir}/%{pkgname}/libldaputil.so
%{_libdir}/pkgconfig/svrcore.pc
%{_libdir}/pkgconfig/dirsrv.pc
%files libs
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%dir %{_libdir}/%{pkgname}
%{_libdir}/libsvrcore.so.*
%{_libdir}/%{pkgname}/libslapd.so.*
%{_libdir}/%{pkgname}/libns-dshttpd.so.*
%{_libdir}/%{pkgname}/libldaputil.so.*
%{_libdir}/%{pkgname}/librewriters.so*
%if %{bundle_jemalloc}
%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
%endif
%files snmp
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
%{_sbindir}/ldap-agent*
%{_mandir}/man1/ldap-agent.1.gz
%{_unitdir}/%{pkgname}-snmp.service
%files -n python%{python3_pkgversion}-lib389
%doc LICENSE LICENSE.GPLv3+
%{python3_sitelib}/lib389*
%{_sbindir}/dsconf
%{_mandir}/man8/dsconf.8.gz
%{_sbindir}/dscreate
%{_mandir}/man8/dscreate.8.gz
%{_sbindir}/dsctl
%{_mandir}/man8/dsctl.8.gz
%{_sbindir}/dsidm
%{_mandir}/man8/dsidm.8.gz
%{_libexecdir}/%{pkgname}/dscontainer
%if %{use_cockpit}
%files -n cockpit-389-ds -f cockpit.list
%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
%doc README.md
%endif
%changelog
* Wed Feb 2 2022 Mark Reynolds <mreynolds@redhat.com> - 2.1.0-1
- Bump version to 2.1.0-1
- Issue 4299 - UI - fix minor issues with ldap editor (table view)
- Issue 4299 - UI - fix minor issues with ldap editor
- Issue 5103 - UI - Add support for TPR to web console (#5111)
- Issue 2790 - RFE - set db home directory to /dev/shm by default
- Issue 5127 - ds_selinux_restorecon.sh: always exit 0
- Issue 5135 - UI - Disk monitoring threshold does update properly
- Issue 5129 - BUG - Incorrect fn signature in add_index (#5130)
- Issue 5132 - Update Rust crate lru to fix CVE
- Issue 3555 - UI - fix audit issue with npm nanoid
- Issue 4299 - UI - Add ACI editing features
- Issue 5127 - run restorecon on /dev/shm at server startup
- Issue 5124 - dscontainer fails to create an instance
- Issue 5098 - Multiple issues around replication and CI test test_online_reinit_may_hang (#5109)
- Issue 4939 - Redesign LMDB import (#5071)
- Issue 5113 - Increase timestamp precision for development builds
- Issue 5115 - AttributeError: type object 'build_manpages' has no attribute 'build_manpages'
- Issue 5117 - Revert skipif line from CI test (#5118)
- Issue 5102 - BUG - container may fail with bare uid/gid (#5110)
- Issue 5077 - UI - Add retrocl exclude attribute functionality (#5078)
- Issue 5105 - During a bind, if the target entry is not reachable the operation may complete without sending result (#5107)
- Issue 5074 - retro changelog cli updates (#5075)
- Issue 3584 - Add is_fips check to password tests (#5100)
- Issue 5095 - sync-repl with openldap may send truncated syncUUID (#5099)
- Issue 5032 - Fix OpenLDAP version check (#5091)
- Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094)
- Issue 2929 - Fix github warnings
- Issue 5053 - Improve GitHub Actions debugging
- Issue 5088 - dsctl dblib broken because of a merge issue (#5089)
- Issue 5079 - BUG - multiple ways to specific primary (#5087)
- Issue 5085 - Race condition about snmp collator at startup (#5086)
- Issue 5082 - slugify: ModuleNotFoundError when running test cases
- Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail (#5003)
- Issue 5037 - in OpenQA changelog trimming can crashes (#5070)
- Issue 5049 - ns-slapd crash in replication/acceptance_test.py (#5063)
- Issue 4890 - Need cli to easely get simple performance statistics (#4891)
- Issue 5011 - test_replica_backup_and_restore random failure (#5066)
- Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality
- Issue 5018 - RFE - openSUSE systemd hardening (#5019)
- Issue 4962 - Fix various UI bugs - Database and Backups (#5044)
- Issue 5055 - Improve core dump detection and collection in PR CI
- Issue 4994 - Revert retrocl dependency workaround (#4995)
- Issue 5046 - BUG - update concread (#5047)
- Issue 5043 - BUG - Result must be used compiler warning (#5045)
- Issue 4312 - performance search rate: contention on global monitoring counters (#4940)
- Issue 5034 - is_dbi contains an invalid debug message that trigger failure in import_tests (#5035)
- Issue 5029 - Unbind generates incorrent closed error message (#5030)
- Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections
- Issue 4931 - RFE: dsidm - add creation of service accounts
- Issue 5024 - BUG - windows ro replica sigsegv (#5027)
- Issue 4758 - Add tests for WebUI
- Issue 5032 - OpenLDAP is not shipped with non-threaded version of libldap (#5033)
- Issue 5038 - BUG - dsconf tls may fail due to incorrect cert path (#5039)
- Issue 5020 - BUG - improve clarity of posix win sync logging (#5021)
- Issue 5011 - test_replica_backup_and_restore random failure (#5028)
- Issue 5025 - RFE - remove useless logging (#5026)
- Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeeds (#5009)
- Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016)
- Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import (#5017)
- Issue 5014 - UI - Add group creation to LDAP editor
- Issue 5006 - UI - LDAP editor tree not being properly updated
- Issue 4923 - issue about LMDB dbi versus txn handling (#4924)
- Issue 5001 - Update CI test for new availableSASLMechs attribute
- Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail.
- Issue 5001 - Fix next round of UI bugs:
- Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000)
- Issue 4734 - ldif2db - import of entry with no parent doesnt generate a warning
- Issue 4778 - [RFE] Schedule execution of "compactdb" at specific date/time
- Issue 4978 - use more portable python command for checking containers
- Issue 4990 - CI tests: improve robustness of fourwaymmr (#4991)
- Issue 4992 - BUG - slapd.socket container fix (#4993)
- Issue 4984 - BUG - pid file handling (#4986)
- Issue 4460 - python3-lib389 ignore the configuration parameters from (#4906)
- Issue 4982 - BUG - missing inttypes.h (#4983)
- Issue 4758 - Add tests for WebUI
- Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981)
- Issue 4096 - Missing perl dependencies for logconv.pl
- Issue 4758 - Add tests for WebUI
- Issue 4978 - make installer robust
- Issue 4898 - Implement bdb to lmdb CLI migration tools (#4952)
- Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import
- Issue 4973 - update snmp to use /run/dirsrv for PID file
- Issue 4973 - installer changes permissions on /run
- Issue 4959 - BUG - Invalid /etc/hosts setup can cause isLocalHost (#4960)
- Issue 4962 - Fix various UI bugs - Plugins (#4969)
- Issue 4092 - systemd-tmpfiles warnings
- Issue 4956 - Automember allows invalid regex, and does not log proper error
- Issue 4731 - Promoting/demoting a replica can crash the server
- Issue 4962 - Fix various UI bugs part 1
- Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)
- Issue 4943 - Fix csn generator to limit time skew drift (#4946)
- Issue 4954 - pytest is killed by OOM killer when the whole test suite is executed
- Issue 2790 - Set db home directory by default
- Issue 4299 - Merge LDAP editor code into Cockpit UI
- Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace
- Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922)
- Issue 4896 - improve CI tests report in case of SERVER_DOWN exception (#4897)
- Issue 4678 - RFE automatique disable of virtual attribute checking (#4918)
- Issue 4847 - BUG - potential deadlock in replica (#4936)
- Issue 4513 - fix ACI CI tests involving ip/hostname rules
- Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926)
- Issue 4916 - Memory leak in ldap-agent
- Issue 4656 DS Remove problematic language from CLI tools and UI (#4893)
- Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
- Issue 4912 - Account Policy plugin does not set the config entry DN
- Issue 4863 - typoes in logconv.pl
- Issue 4796 - Add support for nsslapd-state to CLI & UI
- Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
- Issue 4914 - BUG - resolve duplicate stderr with clang (#4915)
- Issue 4912 - dsidm command crashing when account policy plugin is enabled
- Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
- Issue 4577 - Add GitHub actions
- Issue 4901 - Add COPR integration
- Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks
- Issue 4889 - bdb lock deadlock while reindex/import vlv index (#4892)
- Issue 4773 - Extend CI tests for DNA interval assignment
- Issue 4887 - UI - fix minor regression from camelCase fixup
- Issue 4887 - UI - Update webpack.config.js and package.json
- Issue 4725 [RFE] DS - Update the password policy to support Temporary Password Rules (#4853)
- Issue 4149 - UI - Migrate the remaining components to PF4
- Issue 4169 - Migrate Replication & Schema tabs to PF4
- Issue 4875 - CLI - Add some verbosity to installer
- Issue 4884 - server crashes when dnaInterval attribute is set to zero
- Issue 4880: Revert removed_config_49298_test.py wrongly modified by issue 4699 (#4881)
- Issue 4699 - backend redesign phase 4 - db-mdb plugin implementation (#4716)
- Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878)
- Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876)
- Issue 4775 - Add entryuuid CLI and Fixup (#4776)
- Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871)
- Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867)
- Issue 4096 - Missing perl dependencies for logconv.pl
- Issue 4736 - lib389 - fix regression in certutil error checking