fix database upgrade process

Resolves: #656257

openldap.spec

@@ -400,14 +400,14 @@ fi
 
 # upgrade
 if [ $1 -eq 2 ]; then
-	# safe way to migrate the database if minor version number changed (2.x -> 2.y)
+	# safe way to migrate the database if version number changed
 	# http://www.openldap.org/doc/admin24/maintenance.html
 
-	old_version=$(rpm -q --qf=%%{version} openldap-servers | sed 's/\.[0-9]*$//')
-	new_version=$(sed 's/\.[0-9]*$//' <<< %{version})
+	old_version=$(rpm -q --qf=%%{version} openldap-servers)
+	new_version=%{version}
 
 	if [ "$old_version" != "$new_version" ]; then
-		pushd %{_sharedstatedir}/ldap
+		pushd %{_sharedstatedir}/ldap &>/dev/null
 
 		# stop the service
 		if service slapd status &>/dev/null; then
@@ -417,7 +417,7 @@ if [ $1 -eq 2 ]; then
 			rm -f need_start
 		fi
 
-		if ls __db.* &>/dev/null; then
+		if ls *.bdb &>/dev/null; then
 			# export the database
 			if [ -f %{_sysconfdir}/openldap/slapd.conf ]; then
 				slapcat -f %{_sysconfdir}/openldap/slapd.conf -l upgrade.ldif &>/dev/null
@@ -427,15 +427,21 @@ if [ $1 -eq 2 ]; then
 
 			# backup the old database
 			if [ $? -eq 0 ]; then
-				rm -rf rpmorig
-				mv alock *.bdb __db.* log.* rpmorig &>/dev/null || :
-				cp -f rpmorig/DB_CONFIG . &>/dev/null || :
+				chown ldap:ldap upgrade.ldif
+				chmod 0400 upgrade.ldif
+
+				rm -rf backup
+				mkdir -m 0700 backup
+				chown 0500 backup
+
+				mv alock *.bdb __db.* log.* backup &>/dev/null
+				cp -f backup/DB_CONFIG DB_CONFIG &>/dev/null
 			else
 				rm -f upgrade.ldif
 			fi
 		fi
 
-		popd
+		popd &>/dev/null
 	fi
 fi
 
@@ -475,24 +481,24 @@ if ! ls -d %{_sysconfdir}/openldap/slapd.d/* &>/dev/null; then
 		cp %{_datadir}/openldap-servers/slapd.conf.obsolete %{_sysconfdir}/openldap/slapd.conf
 
 	# convert from old style config slapd.conf
-    mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak
-    mkdir -p %{_sysconfdir}/openldap/slapd.d/
-    lines=$(egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1)
-    lines=$(($lines-1))
-    head -n $lines %{_sysconfdir}/openldap/slapd.conf.bak > %{_sysconfdir}/openldap/slapd.conf
-    cat >> %{_sysconfdir}/openldap/slapd.conf << EOF
+	mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak
+	mkdir -p %{_sysconfdir}/openldap/slapd.d/
+	lines=$(egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1)
+	lines=$(($lines-1))
+	head -n $lines %{_sysconfdir}/openldap/slapd.conf.bak > %{_sysconfdir}/openldap/slapd.conf
+	cat >> %{_sysconfdir}/openldap/slapd.conf << EOF
 database config
 rootdn   "cn=admin,cn=config"
 #rootpw   secret
 EOF
-    lines_r=$(wc --lines %{_sysconfdir}/openldap/slapd.conf.bak | cut -f1 -d" ")
-    lines_r=$(($lines_r-$lines))
-    tail -n $lines_r %{_sysconfdir}/openldap/slapd.conf.bak >> %{_sysconfdir}/openldap/slapd.conf
-    slaptest -f %{_sysconfdir}/openldap/slapd.conf -F %{_sysconfdir}/openldap/slapd.d > /dev/null 2> /dev/null
-    chown -R ldap:ldap %{_sysconfdir}/openldap/slapd.d
-    chmod -R 000 %{_sysconfdir}/openldap/slapd.d
-    chmod -R u+rwX %{_sysconfdir}/openldap/slapd.d
-    rm -f %{_sysconfdir}/openldap/slapd.conf
+	lines_r=$(wc --lines %{_sysconfdir}/openldap/slapd.conf.bak | cut -f1 -d" ")
+	lines_r=$(($lines_r-$lines))
+	tail -n $lines_r %{_sysconfdir}/openldap/slapd.conf.bak >> %{_sysconfdir}/openldap/slapd.conf
+	slaptest -f %{_sysconfdir}/openldap/slapd.conf -F %{_sysconfdir}/openldap/slapd.d > /dev/null 2> /dev/null
+	chown -R ldap:ldap %{_sysconfdir}/openldap/slapd.d
+	chmod -R 000 %{_sysconfdir}/openldap/slapd.d
+	chmod -R u+rwX %{_sysconfdir}/openldap/slapd.d
+	rm -f %{_sysconfdir}/openldap/slapd.conf
 	rm -f %{_sharedstatedir}/ldap/__db* %{_sharedstatedir}/ldap/alock
 
 	[ $fresh_install -eq 0 ] && rm -f %{_sysconfdir}/openldap/slapd.conf.bak
@@ -500,8 +506,8 @@ fi
 
 # finish database migration (see %pre)
 if [ -f %{_sharedstatedir}/ldap/upgrade.ldif ]; then
-	runuser -m -s /usr/sbin/slapadd -- ldap -l %{_sharedstatedir}/ldap/upgrade.ldif &>/dev/null
-	rm -f %{_sharedstatedir}/ldap/upgrade.ldif
+	runuser -m -s /usr/sbin/slapadd -- ldap -q -l %{_sharedstatedir}/ldap/upgrade.ldif >/dev/null
+	mv -f %{_sharedstatedir}/ldap/upgrade.ldif %{_sharedstatedir}/ldap/backup.ldif
 fi
 
 # restart after upgrade
@@ -536,7 +542,7 @@ fi
 
 # db4 upgrade (see %triggerun)
 if [ $2 -eq 2 ]; then
-	pushd %{_sharedstatedir}/ldap
+	pushd %{_sharedstatedir}/ldap &>/dev/null
 
 	# we are interested in minor version changes (both versions of db4 are installed at this moment)
 	if [ "$(rpm -q --qf="%%{version}\n" db4 | sed 's/\.[0-9]*$//' | sort -u | wc -l)" != "1" ]; then
@@ -555,7 +561,7 @@ if [ $2 -eq 2 ]; then
 		rm -f upgrade_db4
 	fi
 
-	popd
+	popd &>/dev/null
 fi
 
 exit 0
@@ -564,7 +570,7 @@ exit 0
 
 # db4 upgrade (see %triggerin)
 if [ -f %{_sharedstatedir}/ldap/upgrade_db4 ]; then
-	pushd %{_sharedstatedir}/ldap
+	pushd %{_sharedstatedir}/ldap &>/dev/null
 
 	# perform the upgrade
 	if ls *.bdb &>/dev/null; then
@@ -579,7 +585,7 @@ if [ -f %{_sharedstatedir}/ldap/upgrade_db4 ]; then
 	fi
 
 	rm -f upgrade_db4
-	popd
+	popd &>/dev/null
 fi
 
 exit 0
@@ -658,6 +664,7 @@ exit 0
 - Mozilla NSS - implement full non-blocking semantics
   ldapsearch -Z hangs server if starttls fails (#652822)
 - updated list of all overlays in slapd.conf (#655899)
+- fix database upgrade process (#656257)
 
 * Thu Nov 18 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.23-3
 - add support for multiple prefixed Mozilla NSS database files in TLS_CACERTDIR