%global pkgname dirsrv %global srcname 389-ds-base # Exclude i686 bit arches ExcludeArch: i686 # for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release # also remove the space between % and global - this space is needed because # fedpkg verrel stupidly ignores comment lines #% global prerel .rc3 # also need the relprefix field for a pre-release e.g. .0 - also comment out for official release #% global relprefix 0. # If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. %global use_Socket6 0 %global use_asan 0 %global use_rust 0 %global use_legacy 1 %global bundle_jemalloc 1 %if %{use_asan} %global bundle_jemalloc 0 %endif %if %{bundle_jemalloc} %global jemalloc_name jemalloc %global jemalloc_ver 5.2.1 %global __provides_exclude ^libjemalloc\\.so.*$ %endif # Use Clang instead of GCC %global use_clang 0 # fedora 15 and later uses tmpfiles.d # otherwise, comment this out %{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} # systemd support %global groupname %{pkgname}.target # set PIE flag %global _hardened_build 1 Summary: 389 Directory Server (base) Name: 389-ds-base Version: 1.4.3.16 Release: %{?relprefix}11%{?prerel}%{?dist} License: GPLv3+ URL: https://www.port389.org Group: System Environment/Daemons Conflicts: selinux-policy-base < 3.9.8 Conflicts: freeipa-server < 4.0.3 Obsoletes: %{name} <= 1.4.0.9 Provides: ldif2ldbm >= 0 BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.34 BuildRequires: perl-generators BuildRequires: openldap-devel BuildRequires: libdb-devel BuildRequires: cyrus-sasl-devel BuildRequires: icu BuildRequires: libicu-devel BuildRequires: pcre-devel BuildRequires: cracklib-devel %if %{use_clang} BuildRequires: libatomic BuildRequires: clang %else BuildRequires: gcc BuildRequires: gcc-c++ %endif # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel BuildRequires: lm_sensors-devel BuildRequires: bzip2-devel BuildRequires: zlib-devel BuildRequires: openssl-devel # the following is for the pam passthru auth plug-in BuildRequires: pam-devel BuildRequires: systemd-units BuildRequires: systemd-devel %if %{use_asan} BuildRequires: libasan %endif # If rust is enabled %if %{use_rust} BuildRequires: cargo BuildRequires: rust %endif BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(krb5) # Needed to support regeneration of the autotool artifacts. BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool # For our documentation BuildRequires: doxygen # For tests! BuildRequires: libcmocka-devel BuildRequires: libevent-devel # For lib389 and related components BuildRequires: python%{python3_pkgversion} BuildRequires: python%{python3_pkgversion}-devel BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python%{python3_pkgversion}-ldap BuildRequires: python%{python3_pkgversion}-six BuildRequires: python%{python3_pkgversion}-pyasn1 BuildRequires: python%{python3_pkgversion}-pyasn1-modules BuildRequires: python%{python3_pkgversion}-dateutil BuildRequires: python%{python3_pkgversion}-argcomplete BuildRequires: python%{python3_pkgversion}-argparse-manpage BuildRequires: python%{python3_pkgversion}-policycoreutils BuildRequires: python%{python3_pkgversion}-libselinux # For cockpit BuildRequires: rsync Requires: %{name}-libs = %{version}-%{release} Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} # this is needed for using semanage from our setup scripts Requires: policycoreutils-python-utils Requires: /usr/sbin/semanage Requires: libsemanage-python%{python3_pkgversion} Requires: selinux-policy >= 3.14.1-29 # the following are needed for some of our scripts Requires: openldap-clients Requires: openssl-perl Requires: python%{python3_pkgversion}-ldap # this is needed to setup SSL if you are not using the # administration server package Requires: nss-tools Requires: nss >= 3.34 # these are not found by the auto-dependency method # they are required to support the mandatory LDAP SASL mechs Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-md5 Requires: cyrus-sasl-plain # this is needed for verify-db.pl Requires: libdb-utils # Needed for password dictionary checks Requires: cracklib-dicts # This picks up libperl.so as a Requires, so we add this versioned one Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: perl-Errno >= 1.23-360 # Needed by logconv.pl Requires: perl-DB_File Requires: perl-Archive-Tar # Needed for password dictionary checks Requires: cracklib-dicts # Picks up our systemd deps. %{?systemd_requires} Obsoletes: %{name} <= 1.3.5.4 Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2 # 389-ds-git.sh should be used to generate the source tarball from git Source1: %{name}-git.sh Source2: %{name}-devel.README %if %{bundle_jemalloc} Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 %endif Patch01: 0001-Issue-4383-Do-not-normalize-escaped-spaces-in-a-DN.patch Patch02: 0002-ticket-2058-Add-keep-alive-entry-after-on-line-initi.patch Patch03: 0003-do-not-add-referrals-for-masters-with-different-data.patch Patch04: 0004-Ticket-50933-Update-2307compat.ldif.patch Patch05: 0005-Issue-50933-Fix-OID-change-between-10rfc2307-and-10r.patch Patch06: 0006-Ticket-51131-improve-mutex-alloc-in-conntable.patch Patch07: 0007-Issue-4297-2nd-fix-for-on-ADD-replication-URP-issue-.patch Patch08: 0008-Issue-3657-Add-options-to-dsctl-for-dsrc-file.patch Patch09: 0009-Issue-4440-BUG-ldifgen-with-start-idx-option-fails-w.patch Patch10: 0010-Issue-4449-dsconf-replication-monitor-fails-to-retri.patch Patch11: 0011-Issue-4243-Fix-test-SyncRepl-plugin-provides-a-wrong.patch Patch12: 0012-Add-dsconf-replication-monitor-test-case-gitHub-issu.patch Patch13: 0013-Issue-4460-BUG-lib389-should-use-system-tls-policy.patch Patch14: 0014-Issue-4428-BUG-Paged-Results-with-critical-false-cau.patch Patch15: 0015-Issue-4315-performance-search-rate-nagle-triggers-hi.patch Patch16: 0016-Issue-4460-BUG-add-machine-name-to-subject-alt-names.patch Patch17: 0017-Issue-4483-heap-use-after-free-in-slapi_be_getsuffix.patch Patch18: 0018-Issue-4480-Unexpected-info-returned-to-ldap-request-.patch Patch19: 0019-Issue-4504-Fix-pytest-test_dsconf_replication_monito.patch Patch20: 0020-Issue-4418-ldif2db-offline.-Warn-the-user-of-skipped.patch Patch21: 0021-Issue-4418-ldif2db-offline.-Warn-the-user-of-skipped.patch Patch22: 0022-Fix-cherry-pick-erorr.patch Patch23: 0023-Issue-4419-Warn-users-of-skipped-entries-during-ldif.patch Patch24: 0024-Issue-4480-Unexpected-info-returned-to-ldap-request-.patch Patch25: 0025-Issue-4414-disk-monitoring-prevent-division-by-zero-.patch Patch26: 0026-Issue-4504-Insure-ldapi-is-enabled-in-repl_monitor_t.patch Patch27: 0027-Issue-4315-performance-search-rate-nagle-triggers-hi.patch Patch28: 0028-Issue-4504-insure-that-repl_monitor_test-use-ldapi-f.patch Patch29: 0029-Issue-4528-Fix-cn-monitor-SCOPE_ONE-search-4529.patch Patch30: 0030-Issue-4384-Use-MONOTONIC-clock-for-all-timing-events.patch Patch31: 0031-Issue-4384-Separate-eventq-into-REALTIME-and-MONOTON.patch Patch32: 0032-Backport-tests-from-master-branch-fix-failing-tests-.patch Patch33: 0033-Issue-5442-Search-results-are-different-between-RHDS.patch Patch34: 0034-Issue-4526-sync_repl-when-completing-an-operation-in.patch Patch35: 0035-Issue-4581-A-failed-re-indexing-leaves-the-database-.patch Patch36: 0036-Issue-4513-CI-Tests-fix-test-failures.patch # Patch37: 0037-Issue-4609-CVE-info-disclosure-when-authenticating.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. %if %{use_asan} WARNING! This build is linked to Address Sanitisation libraries. This probably isn't what you want. Please contact support immediately. Please see http://seclists.org/oss-sec/2016/q1/363 for more information. %endif %package libs Summary: Core libraries for 389 Directory Server Group: System Environment/Daemons BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.34 BuildRequires: openldap-devel BuildRequires: libdb-devel BuildRequires: cyrus-sasl-devel BuildRequires: libicu-devel BuildRequires: pcre-devel BuildRequires: libtalloc-devel BuildRequires: libevent-devel BuildRequires: libtevent-devel Requires: krb5-libs Requires: libevent BuildRequires: systemd-devel Provides: svrcore = 4.1.4 Conflicts: svrcore Obsoletes: svrcore <= 4.1.3 %description libs Core libraries for the 389 Directory Server base package. These libraries are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package. %if %{use_legacy} %package legacy-tools Summary: Legacy utilities for 389 Directory Server Group: System Environment/Daemons Obsoletes: %{name} <= 1.4.0.9 Requires: %{name}-libs = %{version}-%{release} # for setup-ds.pl to support ipv6 %if %{use_Socket6} Requires: perl-Socket6 %else Requires: perl-Socket %endif Requires: perl-NetAddr-IP # use_openldap assumes perl-Mozilla-LDAP is built with openldap support Requires: perl-Mozilla-LDAP # for setup-ds.pl Requires: bind-utils %global __provides_exclude_from %{_libdir}/%{pkgname}/perl %global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog) %{?perl_default_filter} %description legacy-tools Legacy (and deprecated) utilities for 389 Directory Server. This includes the old account management and task scripts. These are deprecated in favour of the dscreate, dsctl, dsconf and dsidm tools. %endif %package devel Summary: Development libraries for 389 Directory Server Group: Development/Libraries Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig Requires: nspr-devel Requires: nss-devel >= 3.34 Requires: openldap-devel Requires: libtalloc Requires: libevent Requires: libtevent Requires: systemd-libs Provides: svrcore-devel = 4.1.4 Conflicts: svrcore-devel Obsoletes: svrcore-devel <= 4.1.3 %description devel Development Libraries and headers for the 389 Directory Server base package. %package snmp Summary: SNMP Agent for 389 Directory Server Group: System Environment/Daemons Requires: %{name} = %{version}-%{release} Obsoletes: %{name} <= 1.4.0.0 %description snmp SNMP Agent for the 389 Directory Server base package. %package -n python%{python3_pkgversion}-lib389 Summary: A library for accessing, testing, and configuring the 389 Directory Server BuildArch: noarch Group: Development/Libraries Requires: openssl Requires: iproute Requires: platform-python Recommends: bash-completion Requires: python%{python3_pkgversion}-ldap Requires: python%{python3_pkgversion}-six Requires: python%{python3_pkgversion}-pyasn1 Requires: python%{python3_pkgversion}-pyasn1-modules Requires: python%{python3_pkgversion}-dateutil Requires: python%{python3_pkgversion}-argcomplete Requires: python%{python3_pkgversion}-libselinux Requires: python%{python3_pkgversion}-setuptools Requires: python%{python3_pkgversion}-distro %{?python_provide:%python_provide python%{python3_pkgversion}-lib389} %description -n python%{python3_pkgversion}-lib389 This module contains tools and libraries for accessing, testing, and configuring the 389 Directory Server. %package -n cockpit-389-ds Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server BuildArch: noarch Requires: cockpit Requires: platform-python Requires: python%{python3_pkgversion}-lib389 %description -n cockpit-389-ds A cockpit UI Plugin for configuring and administering the 389 Directory Server %prep %autosetup -p1 -v -n %{name}-%{version}%{?prerel} %if %{bundle_jemalloc} %setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3 %endif cp %{SOURCE2} README.devel %build OPENLDAP_FLAG="--with-openldap" %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} # hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" %if %{use_asan} ASAN_FLAGS="--enable-asan --enable-debug" %endif %if %{use_rust} RUST_FLAGS="--enable-rust" %endif %if %{use_legacy} LEGACY_FLAGS="--enable-legacy --enable-perl" %else LEGACY_FLAGS="--disable-legacy --disable-perl" %endif %if %{use_clang} export CC=clang export CXX=clang++ CLANG_FLAGS="--enable-clang" %endif %if %{bundle_jemalloc} # Override page size, bz #1545539 # 4K %ifarch %ix86 %arm x86_64 s390x %define lg_page --with-lg-page=12 %endif # 64K %ifarch ppc64 ppc64le aarch64 %define lg_page --with-lg-page=16 %endif # Override huge page size on aarch64 # 2M instead of 512M %ifarch aarch64 %define lg_hugepage --with-lg-hugepage=21 %endif # Build jemalloc pushd ../%{jemalloc_name}-%{jemalloc_ver} %configure \ --libdir=%{_libdir}/%{pkgname}/lib \ --bindir=%{_libdir}/%{pkgname}/bin \ --enable-prof make %{?_smp_mflags} popd %endif # Enforce strict linking %define _strict_symbol_defs_build 1 # Rebuild the autotool artifacts now. autoreconf -fiv %configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \ --with-systemd \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ --with-systemdgroupname=%{groupname} \ --libexecdir=%{_libexecdir}/%{pkgname} \ $NSSARGS $ASAN_FLAGS $RUST_FLAGS $LEGACY_FLAGS $CLANG_FLAGS \ --enable-cmocka # lib389 pushd ./src/lib389 %py3_build popd # argparse-manpage dynamic man pages have hardcoded man v1 in header, # need to change it to v8 sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8 sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8 sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8 sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8 # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS #make %{?_smp_mflags} make %install mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} mkdir -p %{buildroot}%{_datadir}/cockpit make DESTDIR="$RPM_BUILD_ROOT" install # Cockpit file list find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list # Copy in our docs from doxygen. cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 # lib389 pushd src/lib389 %py3_install popd mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/3lock/%{pkgname} # for systemd mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants #remove libtool archives and static libs find %{buildroot} -type f -name "*.la" -delete find %{buildroot} -type f -name "*.a" -delete %if %{use_legacy} # make sure perl scripts have a proper shebang sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl %endif %if %{bundle_jemalloc} pushd ../%{jemalloc_name}-%{jemalloc_ver} make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc popd %endif %check # This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi %clean rm -rf $RPM_BUILD_ROOT %post if [ -n "$DEBUGPOSTTRANS" ] ; then output=$DEBUGPOSTTRANS output2=${DEBUGPOSTTRANS}.upgrade else output=/dev/null output2=/dev/null fi # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >$output 2>&1 || : # https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation # Soft static allocation for UID and GID USERNAME="dirsrv" ALLOCATED_UID=389 GROUPNAME="dirsrv" ALLOCATED_GID=389 HOMEDIR="/usr/share/dirsrv" getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME if ! getent passwd $USERNAME >/dev/null ; then if ! getent passwd $ALLOCATED_UID >/dev/null ; then /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME else /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME fi fi # Reload our sysctl before we restart (if we can) sysctl --system &> $output; true %preun if [ $1 -eq 0 ]; then # Final removal # remove instance specific service files/links rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : fi %postun if [ $1 = 0 ]; then # Final removal rm -rf /var/run/%{pkgname} fi %post snmp %systemd_post %{pkgname}-snmp.service %preun snmp %systemd_preun %{pkgname}-snmp.service %{groupname} %postun snmp %systemd_postun_with_restart %{pkgname}-snmp.service %if %{use_legacy} %post legacy-tools # START UPGRADE SCRIPT if [ -n "$DEBUGPOSTTRANS" ] ; then output=$DEBUGPOSTTRANS output2=${DEBUGPOSTTRANS}.upgrade else output=/dev/null output2=/dev/null fi # find all instances instances="" # instances that require a restart after upgrade ninst=0 # number of instances found in total echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || : instbase="%{_sysconfdir}/%{pkgname}" for dir in $instbase/slapd-* ; do echo dir = $dir >> $output 2>&1 || : if [ ! -d "$dir" ] ; then continue ; fi case "$dir" in *.removed) continue ;; esac basename=`basename $dir` inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" echo found instance $inst - getting status >> $output 2>&1 || : if /bin/systemctl -q is-active $inst ; then echo instance $inst is running >> $output 2>&1 || : instances="$instances $inst" else echo instance $inst is not running >> $output 2>&1 || : fi ninst=`expr $ninst + 1` done if [ $ninst -eq 0 ] ; then echo no instances to upgrade >> $output 2>&1 || : exit 0 # have no instances to upgrade - just skip the rest fi # shutdown all instances echo shutting down all instances . . . >> $output 2>&1 || : for inst in $instances ; do echo stopping instance $inst >> $output 2>&1 || : /bin/systemctl stop $inst >> $output 2>&1 || : done echo remove pid files . . . >> $output 2>&1 || : /bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid # do the upgrade echo upgrading instances . . . >> $output 2>&1 || : DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"` if [ -n "$DEBUGPOSTSETUPOPT" ] ; then %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : else %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || : fi # restart instances that require it for inst in $instances ; do echo restarting instance $inst >> $output 2>&1 || : /bin/systemctl start $inst >> $output 2>&1 || : done #END UPGRADE %endif exit 0 %files %if %{bundle_jemalloc} %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc %license COPYING.jemalloc %else %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl %endif %dir %{_sysconfdir}/%{pkgname} %dir %{_sysconfdir}/%{pkgname}/schema %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif %dir %{_sysconfdir}/%{pkgname}/config %dir %{_sysconfdir}/systemd/system/%{groupname}.wants %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf %{_datadir}/%{pkgname} %{_datadir}/gdb/auto-load/* %{_unitdir} %{_bindir}/dbscan %{_mandir}/man1/dbscan.1.gz %{_bindir}/ds-replcheck %{_mandir}/man1/ds-replcheck.1.gz %{_bindir}/ds-logpipe.py %{_mandir}/man1/ds-logpipe.py.1.gz %{_bindir}/ldclt %{_mandir}/man1/ldclt.1.gz %{_sbindir}/ldif2ldap %{_mandir}/man8/ldif2ldap.8.gz %{_bindir}/logconv.pl %{_mandir}/man1/logconv.pl.1.gz %{_bindir}/pwdhash %{_mandir}/man1/pwdhash.1.gz %{_bindir}/readnsstate %{_mandir}/man1/readnsstate.1.gz # Remove for now: %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd %{_sbindir}/ns-slapd %{_mandir}/man8/ns-slapd.8.gz %{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl %{_mandir}/man5/99user.ldif.5.gz %{_mandir}/man5/certmap.conf.5.gz %{_mandir}/man5/slapd-collations.conf.5.gz %{_mandir}/man5/dirsrv.5.gz %{_mandir}/man5/dirsrv.systemd.5.gz %{_libdir}/%{pkgname}/python %dir %{_libdir}/%{pkgname}/plugins %{_libdir}/%{pkgname}/plugins/*.so # This has to be hardcoded to /lib - $libdir changes between lib/lib64, but # sysctl.d is always in /lib. %{_prefix}/lib/sysctl.d/* %dir %{_localstatedir}/lib/%{pkgname} %dir %{_localstatedir}/log/%{pkgname} %ghost %dir %{_localstatedir}/lock/%{pkgname} %exclude %{_sbindir}/ldap-agent* %exclude %{_mandir}/man1/ldap-agent.1.gz %exclude %{_unitdir}/%{pkgname}-snmp.service %if %{bundle_jemalloc} %{_libdir}/%{pkgname}/lib/ %{_libdir}/%{pkgname}/bin/ %exclude %{_libdir}/%{pkgname}/bin/jemalloc-config %exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh %exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a %exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so %exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a %exclude %{_libdir}/%{pkgname}/lib/pkgconfig %endif %files devel %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %{_mandir}/man3/* %{_includedir}/svrcore.h %{_includedir}/%{pkgname} %{_libdir}/libsvrcore.so %{_libdir}/%{pkgname}/libslapd.so %{_libdir}/%{pkgname}/libns-dshttpd.so %{_libdir}/%{pkgname}/libsds.so %{_libdir}/%{pkgname}/libldaputil.so %{_libdir}/pkgconfig/svrcore.pc %{_libdir}/pkgconfig/dirsrv.pc %{_libdir}/pkgconfig/libsds.pc %files libs %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %dir %{_libdir}/%{pkgname} %{_libdir}/libsvrcore.so.* %{_libdir}/%{pkgname}/libslapd.so.* %{_libdir}/%{pkgname}/libns-dshttpd-*.so %{_libdir}/%{pkgname}/libsds.so.* %{_libdir}/%{pkgname}/libldaputil.so.* %{_libdir}/%{pkgname}/librewriters.so* %if %{bundle_jemalloc} %{_libdir}/%{pkgname}/lib/libjemalloc.so.2 %endif %if %{use_rust} %{_libdir}/%{pkgname}/librsds.so %endif %if %{use_legacy} %files legacy-tools %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %{_bindir}/infadd %{_mandir}/man1/infadd.1.gz %{_bindir}/ldif %{_mandir}/man1/ldif.1.gz %{_bindir}/migratecred %{_mandir}/man1/migratecred.1.gz %{_bindir}/mmldif %{_mandir}/man1/mmldif.1.gz %{_bindir}/rsearch %{_mandir}/man1/rsearch.1.gz %{_libexecdir}/%{pkgname}/ds_selinux_enabled %{_libexecdir}/%{pkgname}/ds_selinux_port_query %config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig %{_mandir}/man5/template-initconfig.5.gz %{_datadir}/%{pkgname}/properties/*.res %{_datadir}/%{pkgname}/script-templates %{_datadir}/%{pkgname}/updates %{_sbindir}/ldif2ldap %{_mandir}/man8/ldif2ldap.8.gz %{_sbindir}/bak2db %{_mandir}/man8/bak2db.8.gz %{_sbindir}/db2bak %{_mandir}/man8/db2bak.8.gz %{_sbindir}/db2index %{_mandir}/man8/db2index.8.gz %{_sbindir}/db2ldif %{_mandir}/man8/db2ldif.8.gz %{_sbindir}/dbverify %{_mandir}/man8/dbverify.8.gz %{_sbindir}/ldif2db %{_mandir}/man8/ldif2db.8.gz %{_sbindir}/restart-dirsrv %{_mandir}/man8/restart-dirsrv.8.gz %{_sbindir}/start-dirsrv %{_mandir}/man8/start-dirsrv.8.gz %{_sbindir}/status-dirsrv %{_mandir}/man8/status-dirsrv.8.gz %{_sbindir}/stop-dirsrv %{_mandir}/man8/stop-dirsrv.8.gz %{_sbindir}/upgradedb %{_mandir}/man8/upgradedb.8.gz %{_sbindir}/vlvindex %{_mandir}/man8/vlvindex.8.gz %{_sbindir}/monitor %{_mandir}/man8/monitor.8.gz %{_sbindir}/dbmon.sh %{_mandir}/man8/dbmon.sh.8.gz %{_sbindir}/dn2rdn %{_mandir}/man8/dn2rdn.8.gz %{_sbindir}/restoreconfig %{_mandir}/man8/restoreconfig.8.gz %{_sbindir}/saveconfig %{_mandir}/man8/saveconfig.8.gz %{_sbindir}/suffix2instance %{_mandir}/man8/suffix2instance.8.gz %{_sbindir}/upgradednformat %{_mandir}/man8/upgradednformat.8.gz %{_mandir}/man1/dbgen.pl.1.gz %{_bindir}/repl-monitor %{_mandir}/man1/repl-monitor.1.gz %{_bindir}/repl-monitor.pl %{_mandir}/man1/repl-monitor.pl.1.gz %{_bindir}/cl-dump %{_mandir}/man1/cl-dump.1.gz %{_bindir}/cl-dump.pl %{_mandir}/man1/cl-dump.pl.1.gz %{_bindir}/dbgen.pl %{_mandir}/man8/bak2db.pl.8.gz %{_sbindir}/bak2db.pl %{_sbindir}/cleanallruv.pl %{_mandir}/man8/cleanallruv.pl.8.gz %{_sbindir}/db2bak.pl %{_mandir}/man8/db2bak.pl.8.gz %{_sbindir}/db2index.pl %{_mandir}/man8/db2index.pl.8.gz %{_sbindir}/db2ldif.pl %{_mandir}/man8/db2ldif.pl.8.gz %{_sbindir}/fixup-linkedattrs.pl %{_mandir}/man8/fixup-linkedattrs.pl.8.gz %{_sbindir}/fixup-memberof.pl %{_mandir}/man8/fixup-memberof.pl.8.gz %{_sbindir}/ldif2db.pl %{_mandir}/man8/ldif2db.pl.8.gz %{_sbindir}/migrate-ds.pl %{_mandir}/man8/migrate-ds.pl.8.gz %{_sbindir}/ns-accountstatus.pl %{_mandir}/man8/ns-accountstatus.pl.8.gz %{_sbindir}/ns-activate.pl %{_mandir}/man8/ns-activate.pl.8.gz %{_sbindir}/ns-inactivate.pl %{_mandir}/man8/ns-inactivate.pl.8.gz %{_sbindir}/ns-newpwpolicy.pl %{_mandir}/man8/ns-newpwpolicy.pl.8.gz %{_sbindir}/remove-ds.pl %{_mandir}/man8/remove-ds.pl.8.gz %{_sbindir}/schema-reload.pl %{_mandir}/man8/schema-reload.pl.8.gz %{_sbindir}/setup-ds.pl %{_mandir}/man8/setup-ds.pl.8.gz %{_sbindir}/syntax-validate.pl %{_mandir}/man8/syntax-validate.pl.8.gz %{_sbindir}/usn-tombstone-cleanup.pl %{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz %{_sbindir}/verify-db.pl %{_mandir}/man8/verify-db.pl.8.gz %{_libdir}/%{pkgname}/perl %endif %files snmp %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf %{_sbindir}/ldap-agent* %{_mandir}/man1/ldap-agent.1.gz %{_unitdir}/%{pkgname}-snmp.service %files -n python%{python3_pkgversion}-lib389 %doc LICENSE LICENSE.GPLv3+ %{python3_sitelib}/lib389* %{_sbindir}/dsconf %{_mandir}/man8/dsconf.8.gz %{_sbindir}/dscreate %{_mandir}/man8/dscreate.8.gz %{_sbindir}/dsctl %{_mandir}/man8/dsctl.8.gz %{_sbindir}/dsidm %{_mandir}/man8/dsidm.8.gz %{_libexecdir}/%{pkgname}/dscontainer %files -n cockpit-389-ds -f cockpit.list %{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml %doc README.md %changelog * Mon Feb 15 2021 Mark Reynolds - 1.4.3.16-11 - Bump version to 1.4.3.16-11 - Resolves: Bug 1924130 - RHDS11: “write” permission of ACI changes ns-slapd’s behavior on search operation(remove patch as it breaks DogTag, will add this patch back after DogTag is fixed) * Wed Feb 10 2021 Mark Reynolds - 1.4.3.16-10 - Bump version to 1.4.3.16-10 - Resolves: Bug 1924130 - RHDS11: “write” permission of ACI changes ns-slapd’s behavior on search operation(part 2) * Tue Feb 2 2021 Mark Reynolds - 1.4.3.16-9 - Bump version to 1.4.3.16-9 - Resolves: Bug 1924130 - RHDS11: “write” permission of ACI changes ns-slapd’s behavior on search operation - Resolves: Bug 1916677 - A failed re-indexing leaves the database in broken state. - Resolves: Bug 1912822 - sync_repl: when completing an operation in the pending list, it can select the wrong operation * Wed Jan 13 2021 Mark Reynolds - 1.4.3.16-8 - Bump version to 1.4.3.16-8 - Resolves: Bug 1903539 - cn=monitor is throwing err=32 with scope: -s one - Resolves: Bug 1893870 - PR_WaitCondVar() issue causes replication delay when clock jumps backwards * Thu Jan 7 2021 Mark Reynolds - 1.4.3.16-7 - Bump version to 1.4.3.16-7 - Resolves: Bug 1890118 - SIGFPE crash in rhds disk monitoring routine - Resolves: Bug 1904991 - 389-ds:1.4/389-ds-base: information disclosure during the binding of a DN - Resolves: Bug 1627645 - ldif2db does not change exit code when there are skipped entries * Wed Dec 16 2020 Mark Reynolds - 1.4.3.16-6 - Bump version to 1.4.3.16-6 - Resolves: Bug 1879386 - cli dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) State (green) Reason (error (0) - Resolves: Bug 1904991 - Unexpected info returned to ldap request - Resolves: Bug 1843838 - heap-use-after-free in slapi_be_getsuffix - Resolves: Bug 1903133 - Server-Cert.crt created using dscreate has Subject:CN =localhost instead of hostname. * Wed Dec 9 2020 Mark Reynolds - 1.4.3.16-5 - Bump version to 1.4.3.16-5 - Resolves: Bug 1879386 - cli dsconf replication monitor fails to retrieve database RUV - Resolves: Bug 1887449 - Sync repl: missing update because operation are erroneously stated as nested - Resolves: Bug 1887415 - Sync repl - if a series of updates target the same entry then the cookie get wrong changenumber - Resolves: Bug 1851978 - SyncRepl plugin provides a wrong cookie * Thu Dec 3 2020 Mark Reynolds - 1.4.3.16-4 - Bump version to 1.4.3.16-4 - Resolves: Bug 1843517 - Using ldifgen with --start-idx option fails with unsupported operand - Resolves: Bug 1801086 - [RFE] Generate dsrc file using dsconf - Resolves: Bug 1843838 - heap-use-after-free in slapi_be_getsuffix * Wed Nov 25 2020 Mark Reynolds - 1.4.3.16-3 - Bump version to 1.4.3.16-3 - Resolves: Bug 1859219 - rfc2307 and rfc2307bis compat schema - Resolves: Bug 1843604 - reduce the cost of allocation/free when open/close a connection - Resolves: Bug 1898850 - Entries conflict not resolved by replication * Thu Nov 19 2020 Mark Reynolds - 1.4.3.16-2 - Bump version to 1.4.3.16-2 - Resolves: Bug 1859227 - create keep alive entry after on line init - Resolves: Bug 1888863 - group rdn with leading space char and add fails error 21 invalid syntax and delete fails error 32 - Resolves: Bug 1859228 - do not add referrals for masters with different data generation * Mon Oct 26 2020 Mark Reynolds - 1.4.3.16-1 - Bump version to 1.4.3.16-1 - Resolves: Bug 1887415 - Sync repl - if a serie of updates target the same entry then the cookie get wrong changenumber - Resolves: Bug 1859225 - suffix management in backends incorrect * Mon Oct 26 2020 Mark Reynolds - 1.4.3.14-1 - Bump version to 1.4.3.14-1 - Resolves: Bug 1862529 - Rebase 389-ds-base-1.4.3 in RHEL 8.4 - Resolves: Bug 1859301 - Misleading message in access log for idle timeout - Resolves: Bug 1889782 - Missing closing quote when reporting the details of unindexed/paged search results - Resolves: Bug 1862971 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked' - Resolves: Bug 1859878 - Managed Entries configuration not being enforced - Resolves: Bug 1851973 - Duplicate entryUSN numbers for different LDAP entries in the same backend - Resolves: Bug 1851967 - if dbhome directory is set online backup fails - Resolves: Bug 1887449 - Sync repl: missing update because operation are erroneously stated as nested - Resolves: Bug 1887415 - Sync repl - if a serie of updates target the same entry then the cookie get wrong changenumber - Resolves: Bug 1851978 - SyncRepl plugin provides a wrong cookie - Resolves: Bug 1843604 - reduce the cost of allocation/free when open/close a connection - Resolves: Bug 1872930 - dscreate: Not possible to bind to a unix domain socket - Resolves: Bug 1861504 - ds-replcheck crashes in offline mode - Resolves: Bug 1859282 - remove ldbm_back_entry_release - Resolves: Bug 1859225 - suffix management in backends incorrect - Resolves: Bug 1859224 - remove unused or unnecessary database plugin functions - Resolves: Bug 1859219 - rfc2307 and rfc2307bis compat schema - Resolves: Bug 1851975 - Add option to reject internal unindexed searches - Resolves: Bug 1851972 - Remove code duplication from the BDB backend separation work - Resolves: Bug 1850275 - Add new access log keywords for time spent in work queue and actual operation time - Resolves: Bug 1848359 - Add failover credentials to replication agreement - Resolves: Bug 1837315 - Healthcheck code DSBLE0002 not returned on disabled suffix * Wed Aug 5 2020 Mark Reynolds - 1.4.3.8-5 - Bump version to 1.4.3.8-5 - Resolves: Bug 1841086 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version - Resolves: Bug 1800529 - Memory leaks in disk monitoring - Resolves: Bug 1748227 - Instance name length is not enforced - Resolves: Bug 1849418 - python3-lib389 pulls unnecessary bash-completion package * Fri Jun 26 2020 Mark Reynolds - 1.4.3.8-4 - Bump version to 1.4.3.8-4 - Resolves: Bug 1806978 - ns-slapd crashes during db2ldif - Resolves: Bug 1450863 - Log warning when tuning of nsslapd-threadnumber above or below the optimal value - Resolves: Bug 1647017 - A distinguished value of a single valued attribute can be missing in an entry - Resolves: Bug 1806573 - Dsctl healthcheck doesn't work when using instance name with 'slapd-' - Resolves: Bug 1807773 - dsctl healthcheck : typo in DSREPLLE0002 Lint error suggested resolution commands - Resolves: Bug 1843567 - Healthcheck to find notes=F - Resolves: Bug 1845094 - User/Directory Manager can modify Password Policy attribute "pwdReset" - Resolves: Bug 1850275 - Add new access log keywords for time spent in work queue and actual operation time - Resolves: Bug 1442386 - Recreating an index while changing case will create an indexfile with the old name (different case) and after restart the indexfile is abandoned - Resolves: Bug 1672574 - nsIndexIDListScanLimit accepts any value - Resolves: Bug 1800529 - Memory leaks in disk monitoring * Fri Jun 5 2020 Mark Reynolds - 1.4.3.8-3 - Bump version to 1.4.3.8-3 - Resolves: Bug 1835619 - Healthcheck with --json option reports "Object of type 'bytes' is not JSON serializable" when mapping tree is deleted - Resolves: Bug 1836428 - Directory Server ds-replcheck RFE to add a timeout command-line arg/value to wait longer when connecting to a replica server - Resolves: Bug 1843090 - abort when a empty valueset is freed - Resolves: Bug 1843156 - Prevent unnecessarily duplication of the target entry - Resolves: Bug 1843157 - Check for clock errors and time skew - Resolves: Bug 1843159 - RFE AD filter rewriter for ObjectCategory - Resolves: Bug 1843162 - Creating Replication Manager fails if uid=repman is used - Resolves: Bug 1816851 - Add option to healthcheck to list all the lint reports - Resolves: Bug 1748227 - Instance name length is not enforced - Resolves: Bug 1748244 - dscreate doesn't sanitize instance name * Mon May 11 2020 Mark Reynolds - 1.4.3.8-2 - Bump version to 1.4.3.8-2 - Resolves: Bug 1833350 - Remove cockpit dependancies that are breaking builds * Mon May 11 2020 Mark Reynolds - 1.4.3.8-1 - Bump version to 1.4.3.8-1 - Resolves: Bug 1833350 - Rebase 389-ds-base for RHEL 8.3 - Resolves: Bug 1728943 - [RFE] Advance options in RHDS Disk Monitoring Framework - Resolves: Bug 1775285 - [RFE] Implement the Password Policy attribute "pwdReset" - Resolves: Bug 1638875 - [RFE] extract key/certs pem file into a private namespace - Resolves: Bug 1758478 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev - Resolves: Bug 1795943 - Port dbmon.sh from legacy tools package - Resolves: Bug 1798394 - Port dbgen from legacy tools package - Resolves: Bug 1800529 - Memory leaks in disk monitoring - Resolves: Bug 1807419 - Unable to create a suffix with countryName either via dscreate or the admin console - Resolves: Bug 1816848 - Database links: get_monitor() takes 1 positional argument but 2 were given - Resolves: Bug 1816854 - Setting nsslapd-allowed-sasl-mechanisms truncates the value - Resolves: Bug 1816857 - Searches on cn=config takes values with spaces and makes multiple attributes out of them - Resolves: Bug 1816859 - lib389 - Replace exec() with setattr() - Resolves: Bug 1816862 - Memory leak in indirect COS - Resolves: Bug 1829071 - Installation of RHDS 11 fails on RHEL8 server with IPv6 disabled - Resolves: Bug 1833515 - set 'nsslapd-enable-upgrade-hash: off' as this raises warnings in IPA - Resolves: Bug 1790986 - cenotaph errors on modrdn operations - Resolves: Bug 1769734 - Heavy StartTLS connection load can randomly fail with err=1 - Resolves: Bug 1758501 - LeakSanitizer: detected memory leaks in changelog5_init and perfctrs_init