diff --git a/.cvsignore b/.cvsignore index af1316e..d560727 100644 --- a/.cvsignore +++ b/.cvsignore @@ -5,3 +5,4 @@ db-4.0.14.tar.gz db-4.2.52.tar.gz openldap-2.0.27.tgz openldap-2.1.30.tgz +openldap-2.2.13.tgz diff --git a/ldap.init b/ldap.init index efba439..e08694b 100644 --- a/ldap.init +++ b/ldap.init @@ -27,6 +27,7 @@ fi slapd=/usr/sbin/slapd slurpd=/usr/sbin/slurpd +slaptest=/usr/sbin/slaptest [ -x ${slapd} ] || exit 0 [ -x ${slurpd} ] || exit 0 @@ -42,6 +43,16 @@ function start() { echo -n $"$file is not owned by \"$user\"" ; warning ; echo done done + # Check the configuration file. + echo -n $"Checking configuration files for $prog: " + $slaptest + RETVAL=$? + if test $RETVAL -eq 0 ; then + success + else + failure + exit 1 + fi # Start daemons. prog=`basename ${slapd}` echo -n $"Starting $prog: " diff --git a/openldap-2.2.13-pie.patch b/openldap-2.2.13-pie.patch new file mode 100644 index 0000000..293e0e4 --- /dev/null +++ b/openldap-2.2.13-pie.patch @@ -0,0 +1,26 @@ +Build both slapd and slurpd as position-independent executables. This really +should be threaded into the various autotools, but I guess this is what we have +until that happens, if it happens. + +--- openldap-2.2.13/servers/slapd/Makefile.in 2004-04-12 14:07:40.000000000 -0400 ++++ openldap-2.2.13/servers/slapd/Makefile.in 2004-06-15 13:45:45.000000000 -0400 +@@ -255,7 +255,7 @@ + cp slapi/.libs/libslapi.a . + + slapd: $(SLAPD_DEPENDS) @LIBSLAPI@ +- $(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \ ++ $(LTLINK) -pie -o $@ $(SLAPD_OBJECTS) $(LIBS) \ + $(WRAP_LIBS) + rm -f $(SLAPTOOLS) + for i in $(SLAPTOOLS); do \ +--- openldap-2.2.13/servers/slurpd/Makefile.in 2004-01-01 13:16:42.000000000 -0500 ++++ openldap-2.2.13/servers/slurpd/Makefile.in 2004-06-15 13:44:45.000000000 -0400 +@@ -44,7 +44,7 @@ + XXXLIBS = $(LTHREAD_LIBS) + + slurpd: version.o +- $(LTLINK) -o $@ $(OBJS) version.o $(LIBS) ++ $(LTLINK) -pie -o $@ $(OBJS) version.o $(LIBS) + + sslurpd: version.o + $(LTLINK) -static -o $@ $(OBJS) version.o $(LIBS) diff --git a/openldap-2.2.13-setugid.patch b/openldap-2.2.13-setugid.patch new file mode 100644 index 0000000..77d11c5 --- /dev/null +++ b/openldap-2.2.13-setugid.patch @@ -0,0 +1,23 @@ +Don't read the user's configuration file if we're running in a setuid +or setgid application. +--- openldap-2.2.13/libraries/libldap/init.c 2004-06-15 11:51:32.000000000 -0400 ++++ openldap-2.2.13/libraries/libldap/init.c 2004-06-15 13:42:35.000000000 -0400 +@@ -551,10 +551,11 @@ + if( user != NULL ) { + gopts->ldo_def_sasl_authcid = user; + } +- } ++ } + #endif + + openldap_ldap_init_w_sysconf(LDAP_CONF_FILE); ++ if( ( getuid() == geteuid() ) && ( getgid() == getegid() ) ) { + openldap_ldap_init_w_userconf(LDAP_USERRC_FILE); + + { +@@ -608,4 +609,5 @@ + } + + openldap_ldap_init_w_env(gopts, NULL); ++ } + } diff --git a/openldap.spec b/openldap.spec index 3f62dfe..f4224e0 100644 --- a/openldap.spec +++ b/openldap.spec @@ -3,33 +3,40 @@ %define db_version_40 4.0.14 %define ldbm_backend berkeley %define version_20 2.0.27 +%define version_21 2.1.30 +# For Fedora, we want 2.1 compatibility. For RHEL or RHL9, we want 2.0. +%define compat_version %{version_21} %define nptl_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 x86_64 + Summary: The configuration files, libraries, and documentation for OpenLDAP. Name: openldap -Version: 2.1.30 +Version: 2.2.13 Release: 1 License: OpenLDAP Group: System Environment/Daemons Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz Source1: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_20}.tgz -Source2: ftp://ftp.OpenLDAP.org/pub/tools/autoconf-2.13.1.tar.gz -Source3: ftp://ftp.OpenLDAP.org/pub/tools/automake-1.4a.tar.gz -Source4: http://www.sleepycat.com/update/snapshot/db-%{db_version}.tar.gz -Source5: http://www.sleepycat.com/update/snapshot/db-%{db_version_40}.tar.gz -Source6: ldap.init -Source7: ftp://ftp.padl.com/pub/MigrationTools-%{migtools_version}.tar.gz -Source8: migration-tools.txt +Source2: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_21}.tgz +Source3: ftp://ftp.OpenLDAP.org/pub/tools/autoconf-2.13.1.tar.gz +Source4: ftp://ftp.OpenLDAP.org/pub/tools/automake-1.4a.tar.gz +Source5: http://www.sleepycat.com/update/snapshot/db-%{db_version}.tar.gz +Source6: http://www.sleepycat.com/update/snapshot/db-%{db_version_40}.tar.gz +Source7: ldap.init +Source8: ftp://ftp.padl.com/pub/MigrationTools-%{migtools_version}.tar.gz +Source9: migration-tools.txt Source10: autofs.schema Source11: README.upgrading Source12: http://www.OpenLDAP.org/doc/admin/guide.html Source13: nptl-abi-note.S -Patch0: openldap-2.1.17-config.patch -Patch1: openldap-2.1.17-string.patch +Patch0: openldap-2.2.13-config.patch Patch2: openldap-1.2.11-cldap.patch Patch3: openldap-2.1.17-syslog.patch Patch4: openldap-2.0.11-ldaprc.patch -Patch5: openldap-2.1.17-susesec.patch -Patch6: openldap-2.1.29-pie.patch +Patch5: openldap-2.2.13-setugid.patch +Patch6: openldap-2.2.13-pie.patch +Patch7: openldap-2.2.13-toollinks.patch +Patch8: openldap-2.2.13-nosql.patch +Patch9: openldap-2.1.30-ldapi.patch Patch12: db-4.0.14-disable-mutex.patch Patch13: db-4.0.14-libobjs.patch Patch21: MigrationTools-38-instdir.patch @@ -42,7 +49,8 @@ Patch31: http://www.sleepycat.com/update/4.2.52/patch.4.2.52.2 URL: http://www.openldap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildPreReq: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel -BuildPreReq: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers +BuildPreReq: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers, +BuildPreReq: unixODBC-devel Requires: cyrus-sasl, cyrus-sasl-md5, mktemp %description @@ -81,6 +89,20 @@ similar to the way DNS (Domain Name System) information is propagated over the Internet. This package contains the slapd and slurpd servers, migration scripts, and related files. +%package servers-sql +Summary: OpenLDAP server SQL support module. +Prereq: openldap-servers = %{version}-%{release} +Group: System Environment/Daemons + +%description servers-sql +OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access +Protocol) applications and development tools. LDAP is a set of +protocols for accessing directory services (usually phone book style +information, but other information is possible) over the Internet, +similar to the way DNS (Domain Name System) information is propagated +over the Internet. This package contains a loadable module which the +slapd server can use to read data from an RDBMS. + %package clients Summary: Client programs for OpenLDAP. Prereq: openldap = %{version}-%{release} @@ -95,16 +117,31 @@ similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap-clients package contains the client programs needed for accessing and modifying OpenLDAP directories. +# Declare this subpackage LAST. This version tag redefines %%{version}, so +# any future use in a Requires: tag would reference the wrong version. +%package -n compat-openldap +Summary: OpenLDAP compatibility shared libraries. +Group: System Environment/Libraries +Requires: openldap = %{version}-%{release}, cyrus-sasl >= 2.1 +Version: %{compat_version} + +%description -n compat-openldap +OpenLDAP is an open source suite of LDAP (Lightweight Directory Access +Protocol) applications and development tools. The compat-openldap package +includes older versions of the OpenLDAP shared libraries which may be +required by some applications. + %prep -%setup -q -a 1 -a 2 -a 3 -a 4 -a 5 -a 7 +%setup -q -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 8 %patch0 -p1 -b .config -%patch1 -p1 -b .redhat %patch2 -p1 -b .cldap %patch3 -p1 -b .syslog %patch4 -p1 -b .ldaprc -%patch5 -p1 -b .susesec +%patch5 -p1 -b .setugid %patch6 -p1 -b .pie +%patch7 -p1 -b .toollinks +%patch8 -p1 -b .nosql pushd db-%{db_version_40} %patch12 -p1 -b .disable-mutex @@ -127,7 +164,15 @@ pushd MigrationTools-%{migtools_version} popd pushd openldap-%{version_20} - for subdir in build-gdbm build-db ; do + for subdir in build-gdbm build-db build-clients build-compat ; do + mkdir $subdir + ln -s ../configure $subdir + done +popd + +pushd openldap-%{version_21} +%patch9 -p1 -b .ldapi + for subdir in build-servers build-compat ; do mkdir $subdir ln -s ../configure $subdir done @@ -172,49 +217,50 @@ pushd db-%{db_version_40}/dist ./configure -C \ --with-pic \ --disable-shared \ - --with-uniquename=_openldap_rhl_40 \ + --with-uniquename=_openldap_slapd_rhl_40 \ --prefix=${dbdir40} \ + --includedir=${dbdir40}/include \ --libdir=${dbdir40}/%{_lib} make %{_smp_mflags} make install popd +# Set CPPFLAGS/CFLAGS/LDFLAGS to find our just-built DB 4.0. CPPFLAGS="-I${dbdir40}/include" ; export CPPFLAGS +CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS LDFLAGS="-L${dbdir40}/%{_lib}" ; export LDFLAGS -pushd openldap-%{version_20} - pushd build-gdbm - ./configure \ - --prefix=%{_prefix} \ - --disable-shared \ - --without-cyrus-sasl \ - --without-kerberos \ - --without-threads \ - --without-tls \ - --enable-ldbm \ - --with-ldbm-api=gdbm \ - --program-suffix=-slapd-2.0-gdbm - make %{_smp_mflags} - popd +pushd openldap-%{version_20}/build-gdbm +%configure \ + --disable-shared \ + --without-cyrus-sasl \ + --without-kerberos \ + --without-threads \ + --without-tls \ + --enable-ldbm \ + --with-ldbm-api=gdbm \ + --program-suffix=-slapd-2.0-gdbm +make %{_smp_mflags} +popd - pushd build-db - LIBS=-lpthread \ - ./configure \ - --prefix=%{_prefix} \ - --disable-shared \ - --without-cyrus-sasl \ - --without-kerberos \ - --without-threads \ - --without-tls \ - --enable-ldbm \ - --with-ldbm-api=berkeley \ - --program-suffix=-slapd-2.0-dbb - make %{_smp_mflags} - popd +pushd openldap-%{version_20}/build-db +LIBS=-lpthread; export LIBS +%configure \ + --disable-shared \ + --without-cyrus-sasl \ + --without-kerberos \ + --without-threads \ + --without-tls \ + --enable-ldbm \ + --with-ldbm-api=berkeley \ + --program-suffix=-slapd-2.0-dbb +make %{_smp_mflags} +unset LIBS popd # Build Berkeley DB and install it into a temporary area, isolating OpenLDAP -# from any future changes to the system-wide Berkeley DB library. +# from any future changes to the system-wide Berkeley DB library. Version 4.2 +# or later is required by the BDB backend in OpenLDAP 2.1 and later. buildbdb() { subdir=$1 shift @@ -226,8 +272,9 @@ buildbdb() { --with-pic \ --disable-static \ --enable-shared \ - --with-uniquename=_openldap_slapd_rhl \ + --with-uniquename=_openldap_slapd_rhl_42 \ --prefix=${dbdir} \ + --includedir=${dbdir}/include \ --libdir=${dbdir}/%{_lib}${subdir:+/${subdir}} # XXX db-4.2.x handles O_DIRECT (by disabling on linux) correctly. # XXX hack out O_DIRECT support in db4 for now. @@ -274,14 +321,46 @@ if pkg-config openssl ; then OPENSSL_LDFLAGS=`pkg-config --libs-only-L openssl` LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS fi - -build() { +CPPFLAGS="-I${dbdir}/include $OPENSSL_CPPFLAGS" ; export CPPFLAGS CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS +LDFLAGS="-L${dbdir}/%{_lib} $OPENSSL_LDFLAGS" ; export LDFLAGS + +# Build the 2.1 server tools for dumping out old on-disk databases. This +# requires Berkeley DB 4.2.x. +pushd openldap-%{version_21}/build-servers +LIBS=-lpthread; export LIBS %configure \ - --with-slapd --with-slurpd --without-ldapd \ + --disable-shared \ + --without-cyrus-sasl \ + --without-kerberos \ + --without-threads \ + --without-tls \ + --enable-slapd --disable-slurpd \ + --enable-bdb \ + --enable-ldbm \ + --with-ldbm-api=%{ldbm_backend} \ + --program-suffix=-slapd-2.1 +make %{_smp_mflags} +unset LIBS +popd + +# Build the client libraries for the compat package. +pushd openldap-%{compat_version}/build-compat +%configure \ + --disable-slapd --disable-slurpd \ + --with-threads=posix --enable-static --enable-dynamic \ + --enable-local --enable-rlookups --with-tls --with-cyrus-sasl \ + --without-kerberos +make %{_smp_mflags} +popd + +# Build 2.2. +build() { +%configure \ + --disable-slapd --disable-slurpd \ --with-threads=posix --enable-static --enable-dynamic \ \ - --enable-local --enable-cldap --enable-rlookups \ + --enable-local --enable-rlookups \ \ --with-tls \ --with-cyrus-sasl \ @@ -297,34 +376,35 @@ CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS --disable-sql \ \ --libexecdir=%{_sbindir} \ - --localstatedir=/%{_var}/run \ $@ make %{_smp_mflags} LIBTOOL="$libtool" } # Build the servers with Kerberos support (for password checking, mainly). -CPPFLAGS="$OPENSSL_CPPFLAGS -I${dbdir}/include" ; export CPPFLAGS -LDFLAGS="$OPENSSL_LDFLAGS -L${dbdir}/%{_lib}" ; export LDFLAGS +LIBS=-lpthread; export LIBS pushd build-servers build \ + --enable-plugins \ + --enable-slapd \ + --enable-slurpd \ + --enable-bdb \ + --enable-hdb \ + --enable-ldap \ --enable-ldbm \ --with-ldbm-api=%{ldbm_backend} \ - --enable-bdb \ - --enable-ldap \ --enable-meta \ --enable-monitor \ --enable-null \ - --enable-rewrite \ + --enable-shell \ + --enable-sql=mod \ + --disable-perl \ --disable-shared \ - --with-kerberos=k5only \ - --with-cyrus-sasl + --with-kerberos=k5only +unset LIBS popd # Build clients without Kerberos password-checking support, which is only # useful in the server anyway, to avoid stray dependencies. -CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS -LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS -unset LIBS pushd build-clients build \ --disable-slapd \ @@ -340,22 +420,41 @@ popd [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT libtool='%{_bindir}/libtool' tagname=CC; export tagname + # Install the 2.0 server tools for dumping out old on-disk databases. mkdir -p $RPM_BUILD_ROOT/%{_sbindir}/ pushd openldap-%{version_20} pushd build-gdbm/servers/slapd/tools for bin in slapadd slapcat ; do - $libtool --mode=install install -m755 $bin $RPM_BUILD_ROOT/%{_sbindir}/$bin-slapd-2.0-gdbm + ../../../libtool --mode=install install -m755 $bin $RPM_BUILD_ROOT/%{_sbindir}/$bin-slapd-2.0-gdbm done popd pushd build-db/servers/slapd/tools for bin in slapadd slapcat ; do - $libtool --mode=install install -m755 $bin $RPM_BUILD_ROOT/%{_sbindir}/$bin-slapd-2.0-dbb + ../../../libtool --mode=install install -m755 $bin $RPM_BUILD_ROOT/%{_sbindir}/$bin-slapd-2.0-dbb done popd popd +# Install the 2.0 or 2.1 shared libraries for compatibility. The two sets of +# libraries share sonames, so we have to choose one. +mkdir -p $RPM_BUILD_ROOT/%{_libdir}/ +pushd openldap-%{compat_version}/build-compat/libraries + for lib in libldap libldap_r liblber ; do + pushd $lib + ../../libtool --mode=install install -m755 $lib.la $RPM_BUILD_ROOT/%{_libdir}/$lib.la + popd + done +popd + +# Install the 2.1 server tools for dumping out old on-disk databases. +pushd openldap-%{version_21}/build-servers/servers/slapd/tools + for bin in slapadd slapcat ; do + ../../../libtool --mode=install install -m755 $bin $RPM_BUILD_ROOT/%{_sbindir}/$bin-slapd-2.1 + done +popd + # Install servers. %ifarch %{nptl_arches} pushd db-instroot/%{_lib}/tls/ @@ -429,6 +528,8 @@ chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a # Remove files which we don't want packaged. rm -f $RPM_BUILD_ROOT/%{_datadir}/openldap/migration/*.{instdir,simple,schema,mktemp,suffix} rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la +rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.a +rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.so %clean rm -rf $RPM_BUILD_ROOT @@ -489,11 +590,19 @@ fi %doc ANNOUNCEMENT CHANGES COPYRIGHT LICENSE README %attr(0755,root,root) %dir /etc/openldap %attr(0644,root,root) %config(noreplace) /etc/openldap/ldap*.conf -%attr(0755,root,root) %{_libdir}/libl*.so.* -%attr(0644,root,root) %{_mandir}/man5/* +%attr(0755,root,root) %{_libdir}/liblber-*.so.* +%attr(0755,root,root) %{_libdir}/libldap-*.so.* +%attr(0755,root,root) %{_libdir}/libldap_r-*.so.* +%attr(0644,root,root) %{_mandir}/man5/ldif.5* +%attr(0644,root,root) %{_mandir}/man5/ldap.conf.5* %attr(0755,root,root) %dir %{_datadir}/openldap -%attr(0755,root,root) %dir %{_datadir}/openldap/ucdata -%attr(0644,root,root) %dir %{_datadir}/openldap/ucdata/* + +%files -n compat-openldap +%defattr(-,root,root) +%doc ANNOUNCEMENT COPYRIGHT LICENSE +%attr(0755,root,root) %{_libdir}/liblber.so.* +%attr(0755,root,root) %{_libdir}/libldap.so.* +%attr(0755,root,root) %{_libdir}/libldap_r.so.* %files servers %defattr(-,root,root) @@ -506,20 +615,30 @@ fi %attr(0644,root,root) %config(noreplace) /etc/openldap/schema/*.schema* %attr(0755,root,root) %dir /etc/openldap/schema/redhat %attr(0644,root,root) %config(noreplace) /etc/openldap/schema/redhat/*.schema* -%attr(0755,root,root) %{_sbindir}/* +%attr(0755,root,root) %{_sbindir}/sl* %attr(0644,root,root) %{_mandir}/man8/* +%attr(0644,root,root) %{_mandir}/man5/slapd*.5* %attr(0755,root,root) %dir %{_datadir}/openldap/migration %attr(0644,root,root) %{_datadir}/openldap/migration/README %attr(0644,root,root) %config(noreplace) %{_datadir}/openldap/migration/*.ph %attr(0755,root,root) %{_datadir}/openldap/migration/*.pl %attr(0755,root,root) %{_datadir}/openldap/migration/*.sh %attr(0644,root,root) %{_datadir}/openldap/migration/*.txt +%attr(0755,root,root) %dir %{_datadir}/openldap/ucdata +%attr(0644,root,root) %dir %{_datadir}/openldap/ucdata/* %attr(0700,ldap,ldap) %dir /var/lib/ldap %attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so %ifarch %{nptl_arches} %attr(0755,root,root) %{_libdir}/tls/libslapd_db-*.*.so %endif +%files servers-sql +%defattr(-,root,root) +%doc servers/slapd/back-sql/docs/* +%doc servers/slapd/back-sql/rdbms_depend +%attr(0755,root,root) %{_sbindir}/openldap/back_sql.la +%attr(0755,root,root) %{_sbindir}/openldap/back_sql*.so.* + %files clients %defattr(-,root,root) %attr(0755,root,root) %{_bindir}/* @@ -534,6 +653,16 @@ fi %attr(0644,root,root) %{_mandir}/man3/* %changelog +* Wed Jun 16 2004 Nalin Dahyabhai 2.2.13-1 +- add compat-openldap subpackage + +* Tue Jun 15 2004 Nalin Dahyabhai 2.2.13-0 +- preliminary 2.2.13 update +- move ucdata to the -servers subpackage where it belongs + +* Tue Jun 15 2004 Nalin Dahyabhai 2.1.30-1 +- build experimental sql backend as a loadable module + * Tue Jun 15 2004 Elliot Lee - rebuilt diff --git a/sources b/sources index 6606e2d..d4d33de 100644 --- a/sources +++ b/sources @@ -5,3 +5,4 @@ cbc77517c9278cdb47613ce8cb55779f db-4.2.52.tar.gz a1e6508c471dd47205a3492cf57110a6 openldap-2.0.27.tgz e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz +5ba3c2d9af0ae614e4a001aa6b16e6e3 openldap-2.2.13.tgz