commit c3bc46faa338a614be02c3b4d3ce6531458fc7a3 Author: CentOS Sources Date: Tue May 16 06:06:54 2023 +0000 import 389-ds-base-1.4.3.32-3.module+el8.8.0+17706+8ab0c717 diff --git a/.389-ds-base.metadata b/.389-ds-base.metadata new file mode 100644 index 0000000..5ad189d --- /dev/null +++ b/.389-ds-base.metadata @@ -0,0 +1,3 @@ +6dd2b4523735ae964fa5a8519ccd5be258a947c9 SOURCES/389-ds-base-1.4.3.32.tar.bz2 +1c8f2d0dfbf39fa8cd86363bf3314351ab21f8d4 SOURCES/jemalloc-5.3.0.tar.bz2 +44d04546a521aee1e09e85924e08cbd67d0a2d0c SOURCES/vendor-1.4.3.32-1.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..604ccb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +SOURCES/389-ds-base-1.4.3.32.tar.bz2 +SOURCES/jemalloc-5.3.0.tar.bz2 +SOURCES/vendor-1.4.3.32-1.tar.gz diff --git a/SOURCES/0001-Issue-5532-Make-db-compaction-TOD-day-more-robust.patch b/SOURCES/0001-Issue-5532-Make-db-compaction-TOD-day-more-robust.patch new file mode 100644 index 0000000..ce1aeea --- /dev/null +++ b/SOURCES/0001-Issue-5532-Make-db-compaction-TOD-day-more-robust.patch @@ -0,0 +1,440 @@ +From 9cdb6cb41b9c87c44e788cd1e354b14dbf4eb5f7 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 16 Nov 2022 16:37:05 -0500 +Subject: [PATCH 1/3] Issue 5532 - Make db compaction TOD day more robust. + +Bug Description: + +The time of day compaction setting does not promise that the compaction +will happen as configured. This is becuase the compaction interval +starts when the server is started. Once it wakes up and we are "past" +the TOD setting then we compact, but it can happen at any time +once the TOD has passed. + +Fix Description: + +Once the compaction interval is hit we create an "event" with the +exact time the compaction should start. + +relates: #5532 + +Reviewed by: tbordaz & spichugi(Thanks!!) +--- + .../tests/suites/config/compact_test.py | 29 +++-- + ldap/servers/plugins/replication/cl5_api.c | 58 +++++---- + .../slapd/back-ldbm/db-bdb/bdb_layer.c | 118 ++++++++++++------ + .../slapd/back-ldbm/db-bdb/bdb_layer.h | 2 +- + 4 files changed, 136 insertions(+), 71 deletions(-) + +diff --git a/dirsrvtests/tests/suites/config/compact_test.py b/dirsrvtests/tests/suites/config/compact_test.py +index 1f1c097e4..2e8dee4bb 100644 +--- a/dirsrvtests/tests/suites/config/compact_test.py ++++ b/dirsrvtests/tests/suites/config/compact_test.py +@@ -2,6 +2,7 @@ import logging + import pytest + import os + import time ++import datetime + from lib389.tasks import DBCompactTask + from lib389.backend import DatabaseConfig + from lib389.replica import Changelog5 +@@ -53,22 +54,34 @@ def test_compaction_interval_and_time(topo): + + inst = topo.ms["supplier1"] + +- # Configure DB compaction +- config = DatabaseConfig(inst) +- config.set([('nsslapd-db-compactdb-interval', '2'), ('nsslapd-db-compactdb-time', '00:01')]) ++ # Calculate the compaction time (2 minutes from now) ++ now = datetime.datetime.now() ++ current_hour = now.hour ++ current_minute = now.minute + 2 ++ if current_hour < 10: ++ hour = "0" + str(current_hour) ++ else: ++ hour = str(current_hour) ++ if current_minute < 10: ++ minute = "0" + str(current_minute) ++ else: ++ minute = str(current_minute) ++ compact_time = hour + ":" + minute + + # Configure changelog compaction + cl5 = Changelog5(inst) + cl5.replace_many( + ('nsslapd-changelogcompactdb-interval', '2'), +- ('nsslapd-changelogcompactdb-time', '00:01'), +- ('nsslapd-changelogtrim-interval', '2') ++ ('nsslapd-changelogcompactdb-time', compact_time), ++ ('nsslapd-changelogtrim-interval', '2') + ) + inst.deleteErrorLogs() + +- # Check is compaction occurred +- time.sleep(6) +- assert inst.searchErrorsLog("Compacting databases") ++ # Check compaction occurred as expected ++ time.sleep(60) ++ assert not inst.searchErrorsLog("compacting replication changelogs") ++ ++ time.sleep(61) + assert inst.searchErrorsLog("compacting replication changelogs") + inst.deleteErrorLogs(restart=False) + +diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c +index 43fa5bd46..5d4edea92 100644 +--- a/ldap/servers/plugins/replication/cl5_api.c ++++ b/ldap/servers/plugins/replication/cl5_api.c +@@ -103,6 +103,7 @@ + + #define NO_DISK_SPACE 1024 + #define MIN_DISK_SPACE 10485760 /* 10 MB */ ++#define _SEC_PER_DAY 86400 + + /***** Data Definitions *****/ + +@@ -293,6 +294,7 @@ static int _cl5FileEndsWith(const char *filename, const char *ext); + + static PRLock *cl5_diskfull_lock = NULL; + static int cl5_diskfull_flag = 0; ++static PRBool compacting = PR_FALSE; + + static void cl5_set_diskfull(void); + static void cl5_set_no_diskfull(void); +@@ -3099,7 +3101,7 @@ _cl5TrimCleanup(void) + static time_t + _cl5_get_tod_expiration(char *expire_time) + { +- time_t start_time, todays_elapsed_time, now = time(NULL); ++ time_t todays_elapsed_time, now = time(NULL); + struct tm *tm_struct = localtime(&now); + char hour_str[3] = {0}; + char min_str[3] = {0}; +@@ -3109,9 +3111,8 @@ _cl5_get_tod_expiration(char *expire_time) + + /* Get today's start time */ + todays_elapsed_time = (tm_struct->tm_hour * 3600) + (tm_struct->tm_min * 60) + (tm_struct->tm_sec); +- start_time = slapi_current_utc_time() - todays_elapsed_time; + +- /* Get the hour and minute and calculate the expiring time. The time was ++ /* Get the hour and minute and calculate the expiring TOD. The time was + * already validated in bdb_config.c: HH:MM */ + hour_str[0] = *s++; + hour_str[1] = *s++; +@@ -3122,7 +3123,34 @@ _cl5_get_tod_expiration(char *expire_time) + min = strtoll(min_str, &endp, 10); + expiring_time = (hour * 60 * 60) + (min * 60); + +- return start_time + expiring_time; ++ /* Calculate the time in seconds when the compaction should start, midnight ++ * requires special treatment (for both current time and configured TOD) */ ++ if (expiring_time == 0) { ++ /* Compaction TOD configured for midnight */ ++ if (todays_elapsed_time == 0) { ++ /* It's currently midnight, compact now! */ ++ return 0; ++ } else { ++ /* Return the time until it's midnight */ ++ return _SEC_PER_DAY - todays_elapsed_time; ++ } ++ } else if (todays_elapsed_time == 0) { ++ /* It's currently midnight, just use the configured TOD */ ++ return expiring_time; ++ } else if (todays_elapsed_time > expiring_time) { ++ /* We missed TOD today, do it tomorrow */ ++ return _SEC_PER_DAY - (todays_elapsed_time - expiring_time); ++ } else { ++ /* Compaction is coming up */ ++ return expiring_time - todays_elapsed_time; ++ } ++} ++ ++static void ++do_cl_compact(time_t when, void *arg) ++{ ++ cl5CompactDBs(); ++ compacting = PR_FALSE; + } + + static int +@@ -3131,7 +3159,6 @@ _cl5TrimMain(void *param __attribute__((unused))) + time_t timePrev = slapi_current_utc_time(); + time_t timeCompactPrev = slapi_current_utc_time(); + time_t timeNow; +- PRBool compacting = PR_FALSE; + int32_t compactdb_time = 0; + + PR_AtomicIncrement(&s_cl5Desc.threadCount); +@@ -3144,25 +3171,14 @@ _cl5TrimMain(void *param __attribute__((unused))) + _cl5DoTrimming(); + } + +- if (!compacting) { +- /* Once we know we want to compact we need to stop refreshing the +- * TOD expiration. Otherwise if the compact time is close to +- * midnight we could roll over past midnight during the checkpoint +- * sleep interval, and we'd never actually compact the databases. +- * We also need to get this value before the sleep. +- */ +- compactdb_time = _cl5_get_tod_expiration(s_cl5Desc.dbTrim.compactTime); +- } + if ((s_cl5Desc.dbTrim.compactInterval > 0) && +- (timeNow - timeCompactPrev >= s_cl5Desc.dbTrim.compactInterval)) ++ (timeNow - timeCompactPrev >= s_cl5Desc.dbTrim.compactInterval) && ++ !compacting) + { + compacting = PR_TRUE; +- if (slapi_current_utc_time() > compactdb_time) { +- /* time to trim */ +- timeCompactPrev = timeNow; +- cl5CompactDBs(); +- compacting = PR_FALSE; +- } ++ compactdb_time = _cl5_get_tod_expiration(s_cl5Desc.dbTrim.compactTime); ++ slapi_eq_once_rel(do_cl_compact, NULL, slapi_current_rel_time_t() + compactdb_time); ++ timeCompactPrev = timeNow; + } + if (NULL == s_cl5Desc.clLock) { + /* most likely, emergency */ +diff --git a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c +index 3e29feb50..b433fa919 100644 +--- a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c ++++ b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c +@@ -95,6 +95,7 @@ static int trans_batch_txn_max_sleep = 50; + static PRBool log_flush_thread = PR_FALSE; + static int txn_in_progress_count = 0; + static int *txn_log_flush_pending = NULL; ++static PRBool compacting = PR_FALSE; + + static pthread_mutex_t sync_txn_log_flush; + static pthread_cond_t sync_txn_log_flush_done; +@@ -3646,13 +3647,12 @@ log_flush_threadmain(void *param) + } + + /* +- * This refreshes the TOD expiration. So live changes to the configuration +- * will take effect immediately. ++ * Get the time in seconds when the compaction should occur + */ + static time_t + bdb_get_tod_expiration(char *expire_time) + { +- time_t start_time, todays_elapsed_time, now = time(NULL); ++ time_t todays_elapsed_time, now = time(NULL); + struct tm *tm_struct = localtime(&now); + char hour_str[3] = {0}; + char min_str[3] = {0}; +@@ -3662,9 +3662,8 @@ bdb_get_tod_expiration(char *expire_time) + + /* Get today's start time */ + todays_elapsed_time = (tm_struct->tm_hour * 3600) + (tm_struct->tm_min * 60) + (tm_struct->tm_sec); +- start_time = slapi_current_utc_time() - todays_elapsed_time; + +- /* Get the hour and minute and calculate the expiring time. The time was ++ /* Get the hour and minute and calculate the expiring TOD. The time was + * already validated in bdb_config.c: HH:MM */ + hour_str[0] = *s++; + hour_str[1] = *s++; +@@ -3675,7 +3674,55 @@ bdb_get_tod_expiration(char *expire_time) + min = strtoll(min_str, &endp, 10); + expiring_time = (hour * 60 * 60) + (min * 60); + +- return start_time + expiring_time; ++ /* Calculate the time in seconds when the compaction should start, midnight ++ * requires special treatment (for both current time and configured TOD) */ ++ if (expiring_time == 0) { ++ /* Compaction TOD configured for midnight */ ++ if (todays_elapsed_time == 0) { ++ /* It's currently midnight, compact now! */ ++ return 0; ++ } else { ++ /* Return the time until it's midnight */ ++ return _SEC_PER_DAY - todays_elapsed_time; ++ } ++ } else if (todays_elapsed_time == 0) { ++ /* It's currently midnight, just use the configured TOD */ ++ return expiring_time; ++ } else if (todays_elapsed_time > expiring_time) { ++ /* We missed TOD today, do it tomorrow */ ++ return _SEC_PER_DAY - (todays_elapsed_time - expiring_time); ++ } else { ++ /* Compaction is coming up */ ++ return expiring_time - todays_elapsed_time; ++ } ++} ++ ++static void ++bdb_compact(time_t when, void *arg) ++{ ++ struct ldbminfo *li = (struct ldbminfo *)arg; ++ Object *inst_obj; ++ ldbm_instance *inst; ++ DB *db = NULL; ++ int rc = 0; ++ ++ for (inst_obj = objset_first_obj(li->li_instance_set); ++ inst_obj; ++ inst_obj = objset_next_obj(li->li_instance_set, inst_obj)) ++ { ++ inst = (ldbm_instance *)object_get_data(inst_obj); ++ rc = dblayer_get_id2entry(inst->inst_be, &db); ++ if (!db || rc) { ++ continue; ++ } ++ slapi_log_err(SLAPI_LOG_NOTICE, "bdb_compact", "Compacting DB start: %s\n", ++ inst->inst_name); ++ /* Time to compact the DB's */ ++ dblayer_force_checkpoint(li); ++ bdb_do_compact(li); ++ dblayer_force_checkpoint(li); ++ } ++ compacting = PR_FALSE; + } + + /* +@@ -3763,15 +3810,6 @@ checkpoint_threadmain(void *param) + PR_Lock(li->li_config_mutex); + checkpoint_interval_update = (time_t)BDB_CONFIG(li)->bdb_checkpoint_interval; + compactdb_interval_update = (time_t)BDB_CONFIG(li)->bdb_compactdb_interval; +- if (!compacting) { +- /* Once we know we want to compact we need to stop refreshing the +- * TOD expiration. Otherwise if the compact time is close to +- * midnight we could roll over past midnight during the checkpoint +- * sleep interval, and we'd never actually compact the databases. +- * We also need to get this value before the sleep. +- */ +- compactdb_time = bdb_get_tod_expiration((char *)BDB_CONFIG(li)->bdb_compactdb_time); +- } + PR_Unlock(li->li_config_mutex); + + if (compactdb_interval_update != compactdb_interval) { +@@ -3861,23 +3899,21 @@ checkpoint_threadmain(void *param) + * this could have been a bug in fact, where compactdb_interval + * was 0, if you change while running it would never take effect .... + */ +- if (slapi_timespec_expire_check(&compactdb_expire) == TIMER_EXPIRED) { +- compacting = PR_TRUE; +- if (slapi_current_utc_time() < compactdb_time) { +- /* We have passed the interval, but we need to wait for a +- * particular TOD to pass before compacting */ +- continue; +- } ++ if (compactdb_interval_update != compactdb_interval || ++ (slapi_timespec_expire_check(&compactdb_expire) == TIMER_EXPIRED && !compacting)) ++ { ++ /* Get the time in second when the compaction should occur */ ++ PR_Lock(li->li_config_mutex); ++ compactdb_time = bdb_get_tod_expiration((char *)BDB_CONFIG(li)->bdb_compactdb_time); ++ PR_Unlock(li->li_config_mutex); + +- /* Time to compact the DB's */ +- dblayer_force_checkpoint(li); +- bdb_compact(li); +- dblayer_force_checkpoint(li); ++ /* Start compaction event */ ++ compacting = PR_TRUE; ++ slapi_eq_once_rel(bdb_compact, (void *)li, slapi_current_rel_time_t() + compactdb_time); + +- /* Now reset the timer and compacting flag */ ++ /* reset interval timer */ + compactdb_interval = compactdb_interval_update; + slapi_timespec_expire_at(compactdb_interval, &compactdb_expire); +- compacting = PR_FALSE; + } + } + slapi_log_err(SLAPI_LOG_HOUSE, "checkpoint_threadmain", "Check point before leaving\n"); +@@ -6210,14 +6246,14 @@ ldbm_back_compact(Slapi_Backend *be) + + li = (struct ldbminfo *)be->be_database->plg_private; + dblayer_force_checkpoint(li); +- rc = bdb_compact(li); ++ rc = bdb_do_compact(li); + dblayer_force_checkpoint(li); + return rc; + } + + + int32_t +-bdb_compact(struct ldbminfo *li) ++bdb_do_compact(struct ldbminfo *li) + { + Object *inst_obj; + ldbm_instance *inst; +@@ -6237,7 +6273,7 @@ bdb_compact(struct ldbminfo *li) + if (!db || rc) { + continue; + } +- slapi_log_err(SLAPI_LOG_NOTICE, "bdb_compact", "Compacting DB start: %s\n", ++ slapi_log_err(SLAPI_LOG_NOTICE, "bdb_do_compact", "Compacting DB start: %s\n", + inst->inst_name); + + /* +@@ -6249,15 +6285,15 @@ bdb_compact(struct ldbminfo *li) + DBTYPE type; + rc = db->get_type(db, &type); + if (rc) { +- slapi_log_err(SLAPI_LOG_ERR, "bdb_compact", +- "compactdb: failed to determine db type for %s: db error - %d %s\n", ++ slapi_log_err(SLAPI_LOG_ERR, "bdb_do_compact", ++ "Failed to determine db type for %s: db error - %d %s\n", + inst->inst_name, rc, db_strerror(rc)); + continue; + } + + rc = dblayer_txn_begin(inst->inst_be, NULL, &txn); + if (rc) { +- slapi_log_err(SLAPI_LOG_ERR, "bdb_compact", "compactdb: transaction begin failed: %d\n", rc); ++ slapi_log_err(SLAPI_LOG_ERR, "bdb_do_compact", "Transaction begin failed: %d\n", rc); + break; + } + /* +@@ -6274,26 +6310,26 @@ bdb_compact(struct ldbminfo *li) + rc = db->compact(db, txn.back_txn_txn, NULL /*start*/, NULL /*stop*/, + &c_data, compact_flags, NULL /*end*/); + if (rc) { +- slapi_log_err(SLAPI_LOG_ERR, "bdb_compact", +- "compactdb: failed to compact %s; db error - %d %s\n", ++ slapi_log_err(SLAPI_LOG_ERR, "bdb_do_compact", ++ "Failed to compact %s; db error - %d %s\n", + inst->inst_name, rc, db_strerror(rc)); + if ((rc = dblayer_txn_abort(inst->inst_be, &txn))) { +- slapi_log_err(SLAPI_LOG_ERR, "bdb_compact", "compactdb: failed to abort txn (%s) db error - %d %s\n", ++ slapi_log_err(SLAPI_LOG_ERR, "bdb_do_compact", "Failed to abort txn (%s) db error - %d %s\n", + inst->inst_name, rc, db_strerror(rc)); + break; + } + } else { +- slapi_log_err(SLAPI_LOG_NOTICE, "bdb_compact", +- "compactdb: compact %s - %d pages freed\n", ++ slapi_log_err(SLAPI_LOG_NOTICE, "bdb_do_compact", ++ "compact %s - %d pages freed\n", + inst->inst_name, c_data.compact_pages_free); + if ((rc = dblayer_txn_commit(inst->inst_be, &txn))) { +- slapi_log_err(SLAPI_LOG_ERR, "bdb_compact", "compactdb: failed to commit txn (%s) db error - %d %s\n", ++ slapi_log_err(SLAPI_LOG_ERR, "bdb_do_compact", "failed to commit txn (%s) db error - %d %s\n", + inst->inst_name, rc, db_strerror(rc)); + break; + } + } + } +- slapi_log_err(SLAPI_LOG_NOTICE, "bdb_compact", "Compacting databases finished.\n"); ++ slapi_log_err(SLAPI_LOG_NOTICE, "bdb_do_compact", "Compacting databases finished.\n"); + + return rc; + } +diff --git a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.h b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.h +index e3a49dbac..65a633193 100644 +--- a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.h ++++ b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.h +@@ -97,7 +97,7 @@ int bdb_db_size(Slapi_PBlock *pb); + int bdb_upgradedb(Slapi_PBlock *pb); + int bdb_upgradednformat(Slapi_PBlock *pb); + int bdb_upgradeddformat(Slapi_PBlock *pb); +-int32_t bdb_compact(struct ldbminfo *li); ++int32_t bdb_do_compact(struct ldbminfo *li); + int bdb_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task); + int bdb_cleanup(struct ldbminfo *li); + int bdb_txn_begin(struct ldbminfo *li, back_txnid parent_txn, back_txn *txn, PRBool use_lock); +-- +2.38.1 + diff --git a/SOURCES/0002-Issue-5544-Increase-default-task-TTL.patch b/SOURCES/0002-Issue-5544-Increase-default-task-TTL.patch new file mode 100644 index 0000000..542358c --- /dev/null +++ b/SOURCES/0002-Issue-5544-Increase-default-task-TTL.patch @@ -0,0 +1,30 @@ +From adb1baa6fd9fcfa0ca6d4a84d918e25adc405afd Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Mon, 28 Nov 2022 09:47:09 -0500 +Subject: [PATCH 2/3] Issue 5544 - Increase default task TTL + +Description: Increase the Time To Live of tasks from 1 hour to 12 hours + +relates: https://github.com/389ds/389-ds-base/issues/5544 + +Reviewed by: progier(Thanks!) +--- + ldap/servers/slapd/task.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c +index 71d5a2fb5..1a8be6c85 100644 +--- a/ldap/servers/slapd/task.c ++++ b/ldap/servers/slapd/task.c +@@ -48,7 +48,7 @@ static uint64_t shutting_down = 0; + #define TASK_DATE_NAME "nsTaskCreated" + #define TASK_WARNING_NAME "nsTaskWarning" + +-#define DEFAULT_TTL "3600" /* seconds */ ++#define DEFAULT_TTL "43200" /* 12 hours in seconds */ + #define TASK_SYSCONFIG_FILE_ATTR "sysconfigfile" /* sysconfig reload task file attr */ + #define TASK_SYSCONFIG_LOGCHANGES_ATTR "logchanges" + #define TASK_TOMBSTONE_FIXUP "fixup tombstones task" +-- +2.38.1 + diff --git a/SOURCES/0003-Issue-5413-Allow-mutliple-MemberOf-fixup-tasks-with-.patch b/SOURCES/0003-Issue-5413-Allow-mutliple-MemberOf-fixup-tasks-with-.patch new file mode 100644 index 0000000..e238bb7 --- /dev/null +++ b/SOURCES/0003-Issue-5413-Allow-mutliple-MemberOf-fixup-tasks-with-.patch @@ -0,0 +1,219 @@ +From 59ebf6618126547f3861fbef0b9a268f40ccb2bd Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Tue, 13 Dec 2022 09:41:34 -0500 +Subject: [PATCH 3/3] Issue 5413 - Allow mutliple MemberOf fixup tasks with + different bases/filters + +Description: + +A change was made to only allow a single fixup task at a time, but there are +cases where you would want to run mutliple tasks but on different branches/filters. + +Now we maintain a linked list of bases/filters of the current running tasks to +monitor this. + +relates: https://github.com/389ds/389-ds-base/issues/5413 + +Reviewed by: tbordaz(Thanks!) +--- + .../suites/memberof_plugin/fixup_test.py | 5 +- + ldap/servers/plugins/memberof/memberof.c | 101 ++++++++++++++---- + 2 files changed, 85 insertions(+), 21 deletions(-) + +diff --git a/dirsrvtests/tests/suites/memberof_plugin/fixup_test.py b/dirsrvtests/tests/suites/memberof_plugin/fixup_test.py +index 9566e144c..d5369439f 100644 +--- a/dirsrvtests/tests/suites/memberof_plugin/fixup_test.py ++++ b/dirsrvtests/tests/suites/memberof_plugin/fixup_test.py +@@ -59,12 +59,15 @@ def test_fixup_task_limit(topo): + with pytest.raises(ldap.UNWILLING_TO_PERFORM): + memberof.fixup(DEFAULT_SUFFIX) + ++ # Add second task but on different suffix which should be allowed ++ memberof.fixup("ou=people," + DEFAULT_SUFFIX) ++ + # Wait for first task to complete + task.wait() + + # Add new task which should be allowed now + memberof.fixup(DEFAULT_SUFFIX) +- ++ + + if __name__ == '__main__': + # Run isolated +diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c +index f3f817f89..a5f48d2c0 100644 +--- a/ldap/servers/plugins/memberof/memberof.c ++++ b/ldap/servers/plugins/memberof/memberof.c +@@ -52,7 +52,6 @@ static Slapi_DN* _pluginDN = NULL; + MemberOfConfig *qsortConfig = 0; + static int usetxn = 0; + static int premodfn = 0; +-static PRBool fixup_running = PR_FALSE; + static PRLock *fixup_lock = NULL; + static int32_t fixup_progress_count = 0; + static int64_t fixup_progress_elapsed = 0; +@@ -65,6 +64,15 @@ typedef struct _memberofstringll + void *next; + } memberofstringll; + ++typedef struct _fixup_ll ++{ ++ Slapi_DN *sdn; ++ char *filter_str; ++ void *next; ++} mo_fixup_ll; ++ ++static mo_fixup_ll *fixup_list = NULL; ++ + typedef struct _memberof_get_groups_data + { + MemberOfConfig *config; +@@ -438,6 +446,15 @@ memberof_postop_close(Slapi_PBlock *pb __attribute__((unused))) + PR_DestroyLock(fixup_lock); + fixup_lock = NULL; + ++ mo_fixup_ll *fixup_task = fixup_list; ++ while (fixup_task != NULL) { ++ mo_fixup_ll *tmp = fixup_task; ++ fixup_task = fixup_task->next; ++ slapi_sdn_free(&tmp->sdn); ++ slapi_ch_free_string(&tmp->filter_str); ++ slapi_ch_free((void**)&tmp); ++ } ++ + slapi_log_err(SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, + "<-- memberof_postop_close\n"); + return 0; +@@ -2817,7 +2834,6 @@ memberof_fixup_task_thread(void *arg) + } + + PR_Lock(fixup_lock); +- fixup_running = PR_TRUE; + fixup_progress_count = 0; + fixup_progress_elapsed = slapi_current_rel_time_t(); + fixup_start_time = slapi_current_rel_time_t(); +@@ -2849,11 +2865,10 @@ memberof_fixup_task_thread(void *arg) + /* Mark this as a task operation */ + configCopy.fixup_task = 1; + configCopy.task = task; +- ++ Slapi_DN *sdn = slapi_sdn_new_dn_byref(td->dn); + if (usetxn) { +- Slapi_DN *sdn = slapi_sdn_new_dn_byref(td->dn); + Slapi_Backend *be = slapi_be_select_exact(sdn); +- slapi_sdn_free(&sdn); ++ + if (be) { + fixup_pb = slapi_pblock_new(); + slapi_pblock_set(fixup_pb, SLAPI_BACKEND, be); +@@ -2894,14 +2909,37 @@ done: + fixup_progress_count, slapi_current_rel_time_t() - fixup_start_time); + slapi_task_inc_progress(task); + ++ /* Cleanup task linked list */ ++ PR_Lock(fixup_lock); ++ mo_fixup_ll *prev = NULL; ++ for (mo_fixup_ll *curr = fixup_list; curr; curr = curr->next) { ++ mo_fixup_ll *next = curr->next; ++ if (slapi_sdn_compare(curr->sdn, sdn) == 0 && ++ strcasecmp(curr->filter_str, td->filter_str) == 0) ++ { ++ /* free current code */ ++ slapi_sdn_free(&curr->sdn); ++ slapi_ch_free_string(&curr->filter_str); ++ slapi_ch_free((void**)&curr); ++ ++ /* update linked list */ ++ if (prev == NULL) { ++ /* first node */ ++ fixup_list = next; ++ } else { ++ prev->next = next; ++ } ++ break; ++ } ++ prev = curr; ++ } ++ PR_Unlock(fixup_lock); ++ slapi_sdn_free(&sdn); ++ + /* this will queue the destruction of the task */ + slapi_task_finish(task, rc); + slapi_task_dec_refcount(task); + +- PR_Lock(fixup_lock); +- fixup_running = PR_FALSE; +- PR_Unlock(fixup_lock); +- + slapi_log_err(SLAPI_LOG_INFO, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_fixup_task_thread - Memberof task finished (processed %d entries in %ld seconds)\n", + fixup_progress_count, slapi_current_rel_time_t() - fixup_start_time); +@@ -2919,23 +2957,13 @@ memberof_task_add(Slapi_PBlock *pb, + int rv = SLAPI_DSE_CALLBACK_OK; + task_data *mytaskdata = NULL; + Slapi_Task *task = NULL; ++ Slapi_DN *sdn = NULL; + char *bind_dn; + const char *filter; + const char *dn = 0; + + *returncode = LDAP_SUCCESS; + +- PR_Lock(fixup_lock); +- if (fixup_running) { +- PR_Unlock(fixup_lock); +- *returncode = LDAP_UNWILLING_TO_PERFORM; +- slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, +- "memberof_task_add - there is already a fixup task running\n"); +- rv = SLAPI_DSE_CALLBACK_ERROR; +- goto out; +- } +- PR_Unlock(fixup_lock); +- + /* get arg(s) */ + if ((dn = slapi_entry_attr_get_ref(e, "basedn")) == NULL) { + *returncode = LDAP_OBJECT_CLASS_VIOLATION; +@@ -2949,6 +2977,39 @@ memberof_task_add(Slapi_PBlock *pb, + goto out; + } + ++ PR_Lock(fixup_lock); ++ sdn = slapi_sdn_new_dn_byval(dn); ++ if (fixup_list == NULL) { ++ fixup_list = (mo_fixup_ll *)slapi_ch_calloc(1, sizeof(mo_fixup_ll)); ++ fixup_list->sdn = sdn; ++ fixup_list->filter_str = slapi_ch_strdup(filter); ++ } else { ++ for (mo_fixup_ll *fixup_task = fixup_list; fixup_task; fixup_task = fixup_task->next) { ++ if (slapi_sdn_compare(sdn, fixup_task->sdn) == 0 && ++ strcasecmp(filter, fixup_task->filter_str) == 0) ++ { ++ /* Found an identical running task, reject it */ ++ PR_Unlock(fixup_lock); ++ slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, ++ "memberof_task_add - there is already an identical fixup task running: base: %s filter: %s\n", ++ slapi_sdn_get_dn(sdn), filter); ++ slapi_sdn_free(&sdn); ++ *returncode = LDAP_UNWILLING_TO_PERFORM; ++ rv = SLAPI_DSE_CALLBACK_ERROR; ++ goto out; ++ } ++ } ++ /* Add the new task DN to the top of the list */ ++ mo_fixup_ll *head = fixup_list; ++ mo_fixup_ll *new_task = (mo_fixup_ll *)slapi_ch_calloc(1, sizeof(mo_fixup_ll)); ++ new_task->sdn = sdn; ++ new_task->filter_str = slapi_ch_strdup(filter); ++ new_task->next = head; ++ fixup_list = new_task; ++ } ++ PR_Unlock(fixup_lock); ++ ++ + /* setup our task data */ + slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &bind_dn); + mytaskdata = (task_data *)slapi_ch_malloc(sizeof(task_data)); +-- +2.38.1 + diff --git a/SOURCES/0004-Issue-5505-Fix-compiler-warning-5506.patch b/SOURCES/0004-Issue-5505-Fix-compiler-warning-5506.patch new file mode 100644 index 0000000..4c67070 --- /dev/null +++ b/SOURCES/0004-Issue-5505-Fix-compiler-warning-5506.patch @@ -0,0 +1,28 @@ +From 7f0d007f3d15dec801acdaf3794f4e37db9c9875 Mon Sep 17 00:00:00 2001 +From: James Chapman +Date: Wed, 9 Nov 2022 09:49:47 +0000 +Subject: [PATCH 1/2] Issue 5505 - Fix compiler warning (#5506) + +relates: https://github.com/389ds/389-ds-base/issues/5505 + +Reviewed by: @Firstyear (Thanks) +--- + ldap/servers/plugins/retrocl/retrocl_trim.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/servers/plugins/retrocl/retrocl_trim.c b/ldap/servers/plugins/retrocl/retrocl_trim.c +index 37e5fbea7..d6b24c8bf 100644 +--- a/ldap/servers/plugins/retrocl/retrocl_trim.c ++++ b/ldap/servers/plugins/retrocl/retrocl_trim.c +@@ -23,7 +23,7 @@ typedef struct _trim_status + int ts_s_trimming; /* non-zero if trimming in progress */ + PRLock *ts_s_trim_mutex; /* protects ts_s_trimming */ + } trim_status; +-static trim_status ts = {0L, 0L, 0, 0, NULL}; ++static trim_status ts = {0}; + + /* + * All standard changeLogEntry attributes (initialized in get_cleattrs) +-- +2.38.1 + diff --git a/SOURCES/0005-Issue-5565-Change-default-password-storage-scheme.patch b/SOURCES/0005-Issue-5565-Change-default-password-storage-scheme.patch new file mode 100644 index 0000000..98c83b4 --- /dev/null +++ b/SOURCES/0005-Issue-5565-Change-default-password-storage-scheme.patch @@ -0,0 +1,85 @@ +From 1a192048a49fcdfa8bcfe79e2fa86153b339fac1 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Tue, 13 Dec 2022 17:00:28 -0500 +Subject: [PATCH 2/2] Issue 5565 - Change default password storage scheme + +Descriptrion: Becuase of replication we need to use a default storage scheme +that works on 389-ds-base-1.3.10 + +relates: https://github.com/389ds/389-ds-base/issues/5565 + +Reviewed by: spichugi & firstyear(thanks!!) +--- + .../tests/suites/healthcheck/health_security_test.py | 8 ++++---- + dirsrvtests/tests/suites/password/pwp_test.py | 2 +- + ldap/servers/slapd/pw.c | 3 ++- + src/lib389/lib389/config.py | 2 +- + 4 files changed, 8 insertions(+), 7 deletions(-) + +diff --git a/dirsrvtests/tests/suites/healthcheck/health_security_test.py b/dirsrvtests/tests/suites/healthcheck/health_security_test.py +index 519107365..d14b52c7a 100644 +--- a/dirsrvtests/tests/suites/healthcheck/health_security_test.py ++++ b/dirsrvtests/tests/suites/healthcheck/health_security_test.py +@@ -1,5 +1,5 @@ + # --- BEGIN COPYRIGHT BLOCK --- +-# Copyright (C) 2020 Red Hat, Inc. ++# Copyright (C) 2022 Red Hat, Inc. + # All rights reserved. + # + # License: GPL (version 3 or any later version). +@@ -113,9 +113,9 @@ def test_healthcheck_insecure_pwd_hash_configured(topology_st): + standalone.config.set('passwordStorageScheme', 'SSHA512') + standalone.config.set('nsslapd-rootpwstoragescheme', 'SSHA512') + else: +- log.info('Set passwordStorageScheme and nsslapd-rootpwstoragescheme to PBKDF2-SHA512') +- standalone.config.set('passwordStorageScheme', 'PBKDF2-SHA512') +- standalone.config.set('nsslapd-rootpwstoragescheme', 'PBKDF2-SHA512') ++ log.info('Set passwordStorageScheme and nsslapd-rootpwstoragescheme to PBKDF2_SHA256') ++ standalone.config.set('passwordStorageScheme', 'PBKDF2_SHA256') ++ standalone.config.set('nsslapd-rootpwstoragescheme', 'PBKDF2_SHA256') + + run_healthcheck_and_flush_log(topology_st, standalone, json=False, searched_code=CMD_OUTPUT) + run_healthcheck_and_flush_log(topology_st, standalone, json=True, searched_code=JSON_OUTPUT) +diff --git a/dirsrvtests/tests/suites/password/pwp_test.py b/dirsrvtests/tests/suites/password/pwp_test.py +index ce45bc364..190881222 100644 +--- a/dirsrvtests/tests/suites/password/pwp_test.py ++++ b/dirsrvtests/tests/suites/password/pwp_test.py +@@ -27,7 +27,7 @@ else: + if is_fips(): + DEFAULT_PASSWORD_STORAGE_SCHEME = 'SSHA512' + else: +- DEFAULT_PASSWORD_STORAGE_SCHEME = 'PBKDF2-SHA512' ++ DEFAULT_PASSWORD_STORAGE_SCHEME = 'PBKDF2_SHA256' + + + def _create_user(topo, uid, cn, uidNumber, userpassword): +diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c +index 825498858..566ba87dd 100644 +--- a/ldap/servers/slapd/pw.c ++++ b/ldap/servers/slapd/pw.c +@@ -280,7 +280,8 @@ pw_name2scheme(char *name) + } else { + /* if not, let's setup pbkdf2 */ + #ifdef RUST_ENABLE +- char *pbkdf = "PBKDF2-SHA512"; ++ /* until 1.3.10 supports Rust hashers we can't use PBKDF2-SHA512 by default */ ++ char *pbkdf = "PBKDF2_SHA256"; + #else + char *pbkdf = "PBKDF2_SHA256"; + #endif +diff --git a/src/lib389/lib389/config.py b/src/lib389/lib389/config.py +index c7abdf778..c178eb02f 100644 +--- a/src/lib389/lib389/config.py ++++ b/src/lib389/lib389/config.py +@@ -209,7 +209,7 @@ class Config(DSLdapObject): + yield report + + def _lint_passwordscheme(self): +- allowed_schemes = ['SSHA512', 'PBKDF2-SHA512', 'GOST_YESCRYPT'] ++ allowed_schemes = ['SSHA512', 'PBKDF2_SHA256', 'GOST_YESCRYPT'] + u_password_scheme = self.get_attr_val_utf8('passwordStorageScheme') + u_root_scheme = self.get_attr_val_utf8('nsslapd-rootpwstoragescheme') + if u_root_scheme not in allowed_schemes or u_password_scheme not in allowed_schemes: +-- +2.38.1 + diff --git a/SOURCES/389-ds-base-devel.README b/SOURCES/389-ds-base-devel.README new file mode 100644 index 0000000..190c874 --- /dev/null +++ b/SOURCES/389-ds-base-devel.README @@ -0,0 +1,4 @@ +For detailed information on developing plugins for +389 Directory Server visit. + +http://port389/wiki/Plugins diff --git a/SOURCES/389-ds-base-git.sh b/SOURCES/389-ds-base-git.sh new file mode 100644 index 0000000..0043901 --- /dev/null +++ b/SOURCES/389-ds-base-git.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +DATE=`date +%Y%m%d` +# use a real tag name here +VERSION=1.3.5.14 +PKGNAME=389-ds-base +TAG=${TAG:-$PKGNAME-$VERSION} +URL="https://git.fedorahosted.org/git/?p=389/ds.git;a=snapshot;h=$TAG;sf=tgz" +SRCNAME=$PKGNAME-$VERSION + +wget -O $SRCNAME.tar.gz "$URL" + +echo convert tgz format to tar.bz2 format + +gunzip $PKGNAME-$VERSION.tar.gz +bzip2 $PKGNAME-$VERSION.tar diff --git a/SOURCES/Cargo.lock b/SOURCES/Cargo.lock new file mode 100644 index 0000000..18078a8 --- /dev/null +++ b/SOURCES/Cargo.lock @@ -0,0 +1,801 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "ahash" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" +dependencies = [ + "getrandom", + "once_cell", + "version_check", +] + +[[package]] +name = "ansi_term" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" +dependencies = [ + "winapi", +] + +[[package]] +name = "atty" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" +dependencies = [ + "hermit-abi", + "libc", + "winapi", +] + +[[package]] +name = "autocfg" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + +[[package]] +name = "base64" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" + +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "cbindgen" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9daec6140ab4dcd38c3dd57e580b59a621172a526ac79f1527af760a55afeafd" +dependencies = [ + "clap", + "log", + "proc-macro2", + "quote", + "serde", + "serde_json", + "syn", + "tempfile", + "toml", +] + +[[package]] +name = "cc" +version = "1.0.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76a284da2e6fe2092f2353e51713435363112dfd60030e22add80be333fb928f" +dependencies = [ + "jobserver", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "clap" +version = "2.34.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" +dependencies = [ + "ansi_term", + "atty", + "bitflags", + "strsim", + "textwrap", + "unicode-width", + "vec_map", +] + +[[package]] +name = "concread" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcc9816f5ac93ebd51c37f7f9a6bf2b40dfcd42978ad2aea5d542016e9244cf6" +dependencies = [ + "ahash", + "crossbeam", + "crossbeam-epoch", + "crossbeam-utils", + "lru", + "parking_lot", + "rand", + "smallvec", + "tokio", +] + +[[package]] +name = "crossbeam" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2801af0d36612ae591caa9568261fddce32ce6e08a7275ea334a06a4ad021a2c" +dependencies = [ + "cfg-if", + "crossbeam-channel", + "crossbeam-deque", + "crossbeam-epoch", + "crossbeam-queue", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-channel" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2dd04ddaf88237dc3b8d8f9a3c1004b506b54b3313403944054d23c0870c521" +dependencies = [ + "cfg-if", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "715e8152b692bba2d374b53d4875445368fdf21a94751410af607a5ac677d1fc" +dependencies = [ + "cfg-if", + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f916dfc5d356b0ed9dae65f1db9fc9770aa2851d2662b988ccf4fe3516e86348" +dependencies = [ + "autocfg", + "cfg-if", + "crossbeam-utils", + "memoffset", + "scopeguard", +] + +[[package]] +name = "crossbeam-queue" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1cd42583b04998a5363558e5f9291ee5a5ff6b49944332103f251e7479a82aa7" +dependencies = [ + "cfg-if", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edbafec5fa1f196ca66527c1b12c2ec4745ca14b50f1ad8f9f6f720b55d11fac" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "entryuuid" +version = "0.1.0" +dependencies = [ + "cc", + "libc", + "paste", + "slapi_r_plugin", + "uuid", +] + +[[package]] +name = "entryuuid_syntax" +version = "0.1.0" +dependencies = [ + "cc", + "libc", + "paste", + "slapi_r_plugin", + "uuid", +] + +[[package]] +name = "fastrand" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7a407cfaa3385c4ae6b23e84623d48c2798d06e3e6a1878f7f59f17b3f86499" +dependencies = [ + "instant", +] + +[[package]] +name = "fernet" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93804560e638370a8be6d59ce71ed803e55e230abdbf42598e666b41adda9b1f" +dependencies = [ + "base64", + "byteorder", + "getrandom", + "openssl", + "zeroize", +] + +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + +[[package]] +name = "getrandom" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" +dependencies = [ + "ahash", +] + +[[package]] +name = "hermit-abi" +version = "0.1.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" +dependencies = [ + "libc", +] + +[[package]] +name = "instant" +version = "0.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "itoa" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4217ad341ebadf8d8e724e264f13e593e0648f5b3e94b3896a5df283be015ecc" + +[[package]] +name = "jobserver" +version = "0.1.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "068b1ee6743e4d11fb9c6a1e6064b3693a1b600e7f5f5988047d98b3dc9fb90b" +dependencies = [ + "libc", +] + +[[package]] +name = "libc" +version = "0.2.137" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc7fcc620a3bff7cdd7a365be3376c97191aeaccc2a603e600951e452615bf89" + +[[package]] +name = "librnsslapd" +version = "0.1.0" +dependencies = [ + "cbindgen", + "libc", + "slapd", +] + +[[package]] +name = "librslapd" +version = "0.1.0" +dependencies = [ + "cbindgen", + "concread", + "libc", + "slapd", +] + +[[package]] +name = "lock_api" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" +dependencies = [ + "autocfg", + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "lru" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e999beba7b6e8345721bd280141ed958096a2e4abdf74f67ff4ce49b4b54e47a" +dependencies = [ + "hashbrown", +] + +[[package]] +name = "memoffset" +version = "0.6.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860" + +[[package]] +name = "openssl" +version = "0.10.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12fc0523e3bd51a692c8850d075d74dc062ccf251c0110668cbd921917118a13" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "openssl-sys" +version = "0.9.77" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b03b84c3b2d099b81f0953422b4d4ad58761589d0229b5506356afca05a3670a" +dependencies = [ + "autocfg", + "cc", + "libc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "parking_lot" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" +dependencies = [ + "instant", + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d76e8e1493bcac0d2766c42737f34458f1c8c50c0d23bcb24ea953affb273216" +dependencies = [ + "cfg-if", + "instant", + "libc", + "redox_syscall", + "smallvec", + "winapi", +] + +[[package]] +name = "paste" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880" +dependencies = [ + "paste-impl", + "proc-macro-hack", +] + +[[package]] +name = "paste-impl" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6" +dependencies = [ + "proc-macro-hack", +] + +[[package]] +name = "pin-project-lite" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116" + +[[package]] +name = "pkg-config" +version = "0.3.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160" + +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + +[[package]] +name = "proc-macro-hack" +version = "0.5.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" + +[[package]] +name = "proc-macro2" +version = "1.0.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ea3d908b0e36316caf9e9e2c4625cdde190a7e6f440d794667ed17a1855e725" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "pwdchan" +version = "0.1.0" +dependencies = [ + "base64", + "cc", + "libc", + "openssl", + "paste", + "slapi_r_plugin", + "uuid", +] + +[[package]] +name = "quote" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "redox_syscall" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" +dependencies = [ + "bitflags", +] + +[[package]] +name = "remove_dir_all" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" +dependencies = [ + "winapi", +] + +[[package]] +name = "rsds" +version = "0.1.0" + +[[package]] +name = "ryu" +version = "1.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4501abdff3ae82a1c1b477a17252eb69cee9e66eb915c1abaa4f44d873df9f09" + +[[package]] +name = "scopeguard" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" + +[[package]] +name = "serde" +version = "1.0.147" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d193d69bae983fc11a79df82342761dfbf28a99fc8d203dca4c3c1b590948965" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.147" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4f1d362ca8fc9c3e3a7484440752472d68a6caa98f1ab81d99b5dfe517cec852" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce777b7b150d76b9cf60d28b55f5847135a003f7d7350c6be7a773508ce7d45" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "slapd" +version = "0.1.0" +dependencies = [ + "fernet", +] + +[[package]] +name = "slapi_r_plugin" +version = "0.1.0" +dependencies = [ + "libc", + "paste", + "uuid", +] + +[[package]] +name = "smallvec" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" + +[[package]] +name = "strsim" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" + +[[package]] +name = "syn" +version = "1.0.103" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a864042229133ada95abf3b54fdc62ef5ccabe9515b64717bcb9a1919e59445d" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "synstructure" +version = "0.12.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "unicode-xid", +] + +[[package]] +name = "tempfile" +version = "3.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4" +dependencies = [ + "cfg-if", + "fastrand", + "libc", + "redox_syscall", + "remove_dir_all", + "winapi", +] + +[[package]] +name = "textwrap" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" +dependencies = [ + "unicode-width", +] + +[[package]] +name = "tokio" +version = "1.21.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9e03c497dc955702ba729190dc4aac6f2a0ce97f913e5b1b5912fc5039d9099" +dependencies = [ + "autocfg", + "pin-project-lite", + "tokio-macros", +] + +[[package]] +name = "tokio-macros" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9724f9a975fb987ef7a3cd9be0350edcbe130698af5b8f7a631e23d42d052484" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "toml" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d82e1a7758622a465f8cee077614c73484dac5b836c02ff6a40d5d1010324d7" +dependencies = [ + "serde", +] + +[[package]] +name = "unicode-ident" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ceab39d59e4c9499d4e5a8ee0e2735b891bb7308ac83dfb4e80cad195c9f6f3" + +[[package]] +name = "unicode-width" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" + +[[package]] +name = "unicode-xid" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" + +[[package]] +name = "uuid" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7" +dependencies = [ + "getrandom", +] + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "vec_map" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "zeroize" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f8f187641dad4f680d25c4bfc4225b418165984179f26ca76ec4fb6441d3a17" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec new file mode 100644 index 0000000..80ac92e --- /dev/null +++ b/SPECS/389-ds-base.spec @@ -0,0 +1,916 @@ + +%global pkgname dirsrv +%global srcname 389-ds-base + +# Exclude i686 bit arches +ExcludeArch: i686 + +# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release +# also remove the space between % and global - this space is needed because +# fedpkg verrel stupidly ignores comment lines +#% global prerel .rc3 +# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release +#% global relprefix 0. + +# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. +%global use_Socket6 0 + +%global use_asan 0 +%global use_rust 1 +%global use_legacy 1 +%global bundle_jemalloc 1 +%if %{use_asan} +%global bundle_jemalloc 0 +%endif + +%if %{bundle_jemalloc} +%global jemalloc_name jemalloc +%global jemalloc_ver 5.3.0 +%global __provides_exclude ^libjemalloc\\.so.*$ +%endif + +# Use Clang instead of GCC +%global use_clang 0 + +# fedora 15 and later uses tmpfiles.d +# otherwise, comment this out +%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} + +# systemd support +%global groupname %{pkgname}.target + +# set PIE flag +%global _hardened_build 1 + +# Filter argparse-manpage from autogenerated package Requires +%global __requires_exclude ^python.*argparse-manpage + +Summary: 389 Directory Server (base) +Name: 389-ds-base +Version: 1.4.3.32 +Release: %{?relprefix}3%{?prerel}%{?dist} +License: GPLv3+ and ASL 2.0 and MIT +URL: https://www.port389.org +Group: System Environment/Daemons +Conflicts: selinux-policy-base < 3.9.8 +Conflicts: freeipa-server < 4.0.3 +Obsoletes: %{name} <= 1.4.0.9 +Provides: ldif2ldbm >= 0 + +##### Bundled cargo crates list - START ##### +Provides: bundled(crate(ahash)) = 0.7.6 +Provides: bundled(crate(ansi_term)) = 0.12.1 +Provides: bundled(crate(atty)) = 0.2.14 +Provides: bundled(crate(autocfg)) = 1.1.0 +Provides: bundled(crate(base64)) = 0.13.1 +Provides: bundled(crate(bitflags)) = 1.3.2 +Provides: bundled(crate(byteorder)) = 1.4.3 +Provides: bundled(crate(cbindgen)) = 0.9.1 +Provides: bundled(crate(cc)) = 1.0.76 +Provides: bundled(crate(cfg-if)) = 1.0.0 +Provides: bundled(crate(clap)) = 2.34.0 +Provides: bundled(crate(concread)) = 0.2.21 +Provides: bundled(crate(crossbeam)) = 0.8.2 +Provides: bundled(crate(crossbeam-channel)) = 0.5.6 +Provides: bundled(crate(crossbeam-deque)) = 0.8.2 +Provides: bundled(crate(crossbeam-epoch)) = 0.9.11 +Provides: bundled(crate(crossbeam-queue)) = 0.3.6 +Provides: bundled(crate(crossbeam-utils)) = 0.8.12 +Provides: bundled(crate(entryuuid)) = 0.1.0 +Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 +Provides: bundled(crate(fastrand)) = 1.8.0 +Provides: bundled(crate(fernet)) = 0.1.4 +Provides: bundled(crate(foreign-types)) = 0.3.2 +Provides: bundled(crate(foreign-types-shared)) = 0.1.1 +Provides: bundled(crate(getrandom)) = 0.2.8 +Provides: bundled(crate(hashbrown)) = 0.12.3 +Provides: bundled(crate(hermit-abi)) = 0.1.19 +Provides: bundled(crate(instant)) = 0.1.12 +Provides: bundled(crate(itoa)) = 1.0.4 +Provides: bundled(crate(jobserver)) = 0.1.25 +Provides: bundled(crate(libc)) = 0.2.137 +Provides: bundled(crate(librnsslapd)) = 0.1.0 +Provides: bundled(crate(librslapd)) = 0.1.0 +Provides: bundled(crate(lock_api)) = 0.4.9 +Provides: bundled(crate(log)) = 0.4.17 +Provides: bundled(crate(lru)) = 0.7.8 +Provides: bundled(crate(memoffset)) = 0.6.5 +Provides: bundled(crate(once_cell)) = 1.16.0 +Provides: bundled(crate(openssl)) = 0.10.42 +Provides: bundled(crate(openssl-macros)) = 0.1.0 +Provides: bundled(crate(openssl-sys)) = 0.9.77 +Provides: bundled(crate(parking_lot)) = 0.11.2 +Provides: bundled(crate(parking_lot_core)) = 0.8.5 +Provides: bundled(crate(paste)) = 0.1.18 +Provides: bundled(crate(paste-impl)) = 0.1.18 +Provides: bundled(crate(pin-project-lite)) = 0.2.9 +Provides: bundled(crate(pkg-config)) = 0.3.26 +Provides: bundled(crate(ppv-lite86)) = 0.2.17 +Provides: bundled(crate(proc-macro-hack)) = 0.5.19 +Provides: bundled(crate(proc-macro2)) = 1.0.47 +Provides: bundled(crate(pwdchan)) = 0.1.0 +Provides: bundled(crate(quote)) = 1.0.21 +Provides: bundled(crate(rand)) = 0.8.5 +Provides: bundled(crate(rand_chacha)) = 0.3.1 +Provides: bundled(crate(rand_core)) = 0.6.4 +Provides: bundled(crate(redox_syscall)) = 0.2.16 +Provides: bundled(crate(remove_dir_all)) = 0.5.3 +Provides: bundled(crate(rsds)) = 0.1.0 +Provides: bundled(crate(ryu)) = 1.0.11 +Provides: bundled(crate(scopeguard)) = 1.1.0 +Provides: bundled(crate(serde)) = 1.0.147 +Provides: bundled(crate(serde_derive)) = 1.0.147 +Provides: bundled(crate(serde_json)) = 1.0.87 +Provides: bundled(crate(slapd)) = 0.1.0 +Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 +Provides: bundled(crate(smallvec)) = 1.10.0 +Provides: bundled(crate(strsim)) = 0.8.0 +Provides: bundled(crate(syn)) = 1.0.103 +Provides: bundled(crate(synstructure)) = 0.12.6 +Provides: bundled(crate(tempfile)) = 3.3.0 +Provides: bundled(crate(textwrap)) = 0.11.0 +Provides: bundled(crate(tokio)) = 1.21.2 +Provides: bundled(crate(tokio-macros)) = 1.8.0 +Provides: bundled(crate(toml)) = 0.5.9 +Provides: bundled(crate(unicode-ident)) = 1.0.5 +Provides: bundled(crate(unicode-width)) = 0.1.10 +Provides: bundled(crate(unicode-xid)) = 0.2.4 +Provides: bundled(crate(uuid)) = 0.8.2 +Provides: bundled(crate(vcpkg)) = 0.2.15 +Provides: bundled(crate(vec_map)) = 0.8.2 +Provides: bundled(crate(version_check)) = 0.9.4 +Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1 +Provides: bundled(crate(winapi)) = 0.3.9 +Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(zeroize)) = 1.5.7 +Provides: bundled(crate(zeroize_derive)) = 1.3.2 +##### Bundled cargo crates list - END ##### + +BuildRequires: nspr-devel >= 4.32 +BuildRequires: nss-devel >= 3.67.0-7 +BuildRequires: perl-generators +BuildRequires: openldap-devel +BuildRequires: libdb-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: icu +BuildRequires: libicu-devel +BuildRequires: pcre-devel +BuildRequires: cracklib-devel +%if %{use_clang} +BuildRequires: libatomic +BuildRequires: clang +%else +BuildRequires: gcc +BuildRequires: gcc-c++ +%endif +# The following are needed to build the snmp ldap-agent +BuildRequires: net-snmp-devel +BuildRequires: lm_sensors-devel +BuildRequires: bzip2-devel +BuildRequires: zlib-devel +BuildRequires: openssl-devel +# the following is for the pam passthru auth plug-in +BuildRequires: pam-devel +BuildRequires: systemd-units +BuildRequires: systemd-devel +%if %{use_asan} +BuildRequires: libasan +%endif +# If rust is enabled +%if %{use_rust} +BuildRequires: cargo +BuildRequires: rust +%endif +BuildRequires: pkgconfig +BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(krb5) + +# Needed to support regeneration of the autotool artifacts. +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +# For our documentation +BuildRequires: doxygen +# For tests! +BuildRequires: libcmocka-devel +BuildRequires: libevent-devel +# For lib389 and related components +BuildRequires: python%{python3_pkgversion} +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-ldap +BuildRequires: python%{python3_pkgversion}-six +BuildRequires: python%{python3_pkgversion}-pyasn1 +BuildRequires: python%{python3_pkgversion}-pyasn1-modules +BuildRequires: python%{python3_pkgversion}-dateutil +BuildRequires: python%{python3_pkgversion}-argcomplete +BuildRequires: python%{python3_pkgversion}-argparse-manpage +BuildRequires: python%{python3_pkgversion}-policycoreutils +BuildRequires: python%{python3_pkgversion}-libselinux + +# For cockpit +BuildRequires: rsync + +Requires: %{name}-libs = %{version}-%{release} +Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} + +# this is needed for using semanage from our setup scripts +Requires: policycoreutils-python-utils +Requires: /usr/sbin/semanage +Requires: libsemanage-python%{python3_pkgversion} + +Requires: selinux-policy >= 3.14.1-29 + +# the following are needed for some of our scripts +Requires: openldap-clients +Requires: openssl-perl +Requires: python%{python3_pkgversion}-ldap + +# this is needed to setup SSL if you are not using the +# administration server package +Requires: nss-tools +Requires: nspr >= 4.32 +Requires: nss >= 3.67.0-7 + +# these are not found by the auto-dependency method +# they are required to support the mandatory LDAP SASL mechs +Requires: cyrus-sasl-gssapi +Requires: cyrus-sasl-md5 +Requires: cyrus-sasl-plain + +# this is needed for verify-db.pl +Requires: libdb-utils + +# Needed for password dictionary checks +Requires: cracklib-dicts + +# This picks up libperl.so as a Requires, so we add this versioned one +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Requires: perl-Errno >= 1.23-360 + +# Needed by logconv.pl +Requires: perl-DB_File +Requires: perl-Archive-Tar + +# Needed for password dictionary checks +Requires: cracklib-dicts + +# Picks up our systemd deps. +%{?systemd_requires} + +Obsoletes: %{name} <= 1.3.5.4 + +Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2 +# 389-ds-git.sh should be used to generate the source tarball from git +Source1: %{name}-git.sh +Source2: %{name}-devel.README +%if %{bundle_jemalloc} +Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 +%endif +%if %{use_rust} +Source4: vendor-%{version}-1.tar.gz +Source5: Cargo.lock +%endif +Patch01: 0001-Issue-5532-Make-db-compaction-TOD-day-more-robust.patch +Patch02: 0002-Issue-5544-Increase-default-task-TTL.patch +Patch03: 0003-Issue-5413-Allow-mutliple-MemberOf-fixup-tasks-with-.patch +Patch04: 0004-Issue-5505-Fix-compiler-warning-5506.patch +Patch05: 0005-Issue-5565-Change-default-password-storage-scheme.patch + + +%description +389 Directory Server is an LDAPv3 compliant server. The base package includes +the LDAP server and command line utilities for server administration. +%if %{use_asan} +WARNING! This build is linked to Address Sanitisation libraries. This probably +isn't what you want. Please contact support immediately. +Please see http://seclists.org/oss-sec/2016/q1/363 for more information. +%endif + +%package libs +Summary: Core libraries for 389 Directory Server +Group: System Environment/Daemons +BuildRequires: nspr-devel >= 4.32 +BuildRequires: nss-devel >= 3.67.0-7 +BuildRequires: openldap-devel +BuildRequires: libdb-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: libicu-devel +BuildRequires: pcre-devel +BuildRequires: libtalloc-devel +BuildRequires: libevent-devel +BuildRequires: libtevent-devel +Requires: krb5-libs +Requires: libevent +BuildRequires: systemd-devel +Provides: svrcore = 4.1.4 +Conflicts: svrcore +Obsoletes: svrcore <= 4.1.3 + +%description libs +Core libraries for the 389 Directory Server base package. These libraries +are used by the main package and the -devel package. This allows the -devel +package to be installed with just the -libs package and without the main package. + +%if %{use_legacy} +%package legacy-tools +Summary: Legacy utilities for 389 Directory Server +Group: System Environment/Daemons +Obsoletes: %{name} <= 1.4.0.9 +Requires: %{name}-libs = %{version}-%{release} +# for setup-ds.pl to support ipv6 +%if %{use_Socket6} +Requires: perl-Socket6 +%else +Requires: perl-Socket +%endif +Requires: perl-NetAddr-IP +# use_openldap assumes perl-Mozilla-LDAP is built with openldap support +Requires: perl-Mozilla-LDAP +# for setup-ds.pl +Requires: bind-utils +%global __provides_exclude_from %{_libdir}/%{pkgname}/perl +%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog) +%{?perl_default_filter} + +%description legacy-tools +Legacy (and deprecated) utilities for 389 Directory Server. This includes +the old account management and task scripts. These are deprecated in favour of +the dscreate, dsctl, dsconf and dsidm tools. +%endif + +%package devel +Summary: Development libraries for 389 Directory Server +Group: Development/Libraries +Requires: %{name}-libs = %{version}-%{release} +Requires: pkgconfig +Requires: nspr-devel >= 4.32 +Requires: nss-devel >= 3.67.0-7 +Requires: openldap-devel +Requires: libtalloc +Requires: libevent +Requires: libtevent +Requires: systemd-libs +Provides: svrcore-devel = 4.1.4 +Conflicts: svrcore-devel +Obsoletes: svrcore-devel <= 4.1.3 + +%description devel +Development Libraries and headers for the 389 Directory Server base package. + +%package snmp +Summary: SNMP Agent for 389 Directory Server +Group: System Environment/Daemons +Requires: %{name} = %{version}-%{release} + +Obsoletes: %{name} <= 1.4.0.0 + +%description snmp +SNMP Agent for the 389 Directory Server base package. + +%package -n python%{python3_pkgversion}-lib389 +Summary: A library for accessing, testing, and configuring the 389 Directory Server +BuildArch: noarch +Group: Development/Libraries +Requires: 389-ds-base +Requires: openssl +Requires: iproute +Requires: platform-python +Recommends: bash-completion +Requires: python%{python3_pkgversion}-ldap +Requires: python%{python3_pkgversion}-six +Requires: python%{python3_pkgversion}-pyasn1 +Requires: python%{python3_pkgversion}-pyasn1-modules +Requires: python%{python3_pkgversion}-dateutil +Requires: python%{python3_pkgversion}-argcomplete +Requires: python%{python3_pkgversion}-libselinux +Requires: python%{python3_pkgversion}-setuptools +Requires: python%{python3_pkgversion}-distro +%{?python_provide:%python_provide python%{python3_pkgversion}-lib389} + +%description -n python%{python3_pkgversion}-lib389 +This module contains tools and libraries for accessing, testing, + and configuring the 389 Directory Server. + +%package -n cockpit-389-ds +Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server +BuildArch: noarch +Requires: cockpit +Requires: platform-python +Requires: python%{python3_pkgversion}-lib389 + +%description -n cockpit-389-ds +A cockpit UI Plugin for configuring and administering the 389 Directory Server + +%prep +%autosetup -p1 -v -n %{name}-%{version}%{?prerel} +%if %{use_rust} +tar xvzf %{SOURCE4} +cp %{SOURCE5} src/ +%endif +%if %{bundle_jemalloc} +%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3 +%endif +cp %{SOURCE2} README.devel + +%build + +OPENLDAP_FLAG="--with-openldap" +%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} +# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 +NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" + +%if %{use_asan} +ASAN_FLAGS="--enable-asan --enable-debug" +%endif + +%if %{use_rust} +RUST_FLAGS="--enable-rust --enable-rust-offline" +%endif + +%if %{use_legacy} +LEGACY_FLAGS="--enable-legacy --enable-perl" +%else +LEGACY_FLAGS="--disable-legacy --disable-perl" +%endif + +%if %{use_clang} +export CC=clang +export CXX=clang++ +CLANG_FLAGS="--enable-clang" +%endif + +%if %{bundle_jemalloc} +# Override page size, bz #1545539 +# 4K +%ifarch %ix86 %arm x86_64 s390x +%define lg_page --with-lg-page=12 +%endif + +# 64K +%ifarch ppc64 ppc64le aarch64 +%define lg_page --with-lg-page=16 +%endif + +# Override huge page size on aarch64 +# 2M instead of 512M +%ifarch aarch64 +%define lg_hugepage --with-lg-hugepage=21 +%endif + +# Build jemalloc +pushd ../%{jemalloc_name}-%{jemalloc_ver} +%configure \ + --libdir=%{_libdir}/%{pkgname}/lib \ + --bindir=%{_libdir}/%{pkgname}/bin \ + --enable-prof +make %{?_smp_mflags} +popd +%endif + + +# Enforce strict linking +%define _strict_symbol_defs_build 1 + +# Rebuild the autotool artifacts now. +autoreconf -fiv + +%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \ + --with-systemd \ + --with-systemdsystemunitdir=%{_unitdir} \ + --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ + --with-systemdgroupname=%{groupname} \ + --libexecdir=%{_libexecdir}/%{pkgname} \ + $NSSARGS $ASAN_FLAGS $RUST_FLAGS $LEGACY_FLAGS $CLANG_FLAGS \ + --enable-cmocka + +# lib389 +pushd ./src/lib389 +%py3_build +popd +# argparse-manpage dynamic man pages have hardcoded man v1 in header, +# need to change it to v8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8 + +# Generate symbolic info for debuggers +export XCFLAGS=$RPM_OPT_FLAGS + +#make %{?_smp_mflags} +make + +%install + +mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} +mkdir -p %{buildroot}%{_datadir}/cockpit +make DESTDIR="$RPM_BUILD_ROOT" install + +# Cockpit file list +find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list +find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list + +# Copy in our docs from doxygen. +cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 + +# lib389 +pushd src/lib389 +%py3_install +popd + +mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/3lock/%{pkgname} + +# for systemd +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants + +#remove libtool archives and static libs +find %{buildroot} -type f -name "*.la" -delete +find %{buildroot} -type f -name "*.a" -delete + +%if %{use_legacy} +# make sure perl scripts have a proper shebang +sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl +%endif + +%if %{bundle_jemalloc} +pushd ../%{jemalloc_name}-%{jemalloc_ver} +make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin +cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc +cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc +popd +%endif + +%check +# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. +if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +if [ -n "$DEBUGPOSTTRANS" ] ; then + output=$DEBUGPOSTTRANS + output2=${DEBUGPOSTTRANS}.upgrade +else + output=/dev/null + output2=/dev/null +fi + +# reload to pick up any changes to systemd files +/bin/systemctl daemon-reload >$output 2>&1 || : + +# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation +# Soft static allocation for UID and GID +USERNAME="dirsrv" +ALLOCATED_UID=389 +GROUPNAME="dirsrv" +ALLOCATED_GID=389 +HOMEDIR="/usr/share/dirsrv" + +getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME +if ! getent passwd $USERNAME >/dev/null ; then + if ! getent passwd $ALLOCATED_UID >/dev/null ; then + /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME + else + /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME + fi +fi + +# Reload our sysctl before we restart (if we can) +sysctl --system &> $output; true + +%preun +if [ $1 -eq 0 ]; then # Final removal + # remove instance specific service files/links + rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : +fi + +%postun +if [ $1 = 0 ]; then # Final removal + rm -rf /var/run/%{pkgname} +fi + +%post snmp +%systemd_post %{pkgname}-snmp.service + +%preun snmp +%systemd_preun %{pkgname}-snmp.service %{groupname} + +%postun snmp +%systemd_postun_with_restart %{pkgname}-snmp.service + +%if %{use_legacy} +%post legacy-tools + +# START UPGRADE SCRIPT + +if [ -n "$DEBUGPOSTTRANS" ] ; then + output=$DEBUGPOSTTRANS + output2=${DEBUGPOSTTRANS}.upgrade +else + output=/dev/null + output2=/dev/null +fi + +# find all instances +instances="" # instances that require a restart after upgrade +ninst=0 # number of instances found in total + +echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || : +instbase="%{_sysconfdir}/%{pkgname}" +for dir in $instbase/slapd-* ; do + echo dir = $dir >> $output 2>&1 || : + if [ ! -d "$dir" ] ; then continue ; fi + case "$dir" in *.removed) continue ;; esac + basename=`basename $dir` + inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" + echo found instance $inst - getting status >> $output 2>&1 || : + if /bin/systemctl -q is-active $inst ; then + echo instance $inst is running >> $output 2>&1 || : + instances="$instances $inst" + else + echo instance $inst is not running >> $output 2>&1 || : + fi + ninst=`expr $ninst + 1` +done +if [ $ninst -eq 0 ] ; then + echo no instances to upgrade >> $output 2>&1 || : + exit 0 # have no instances to upgrade - just skip the rest +fi +# shutdown all instances +echo shutting down all instances . . . >> $output 2>&1 || : +for inst in $instances ; do + echo stopping instance $inst >> $output 2>&1 || : + /bin/systemctl stop $inst >> $output 2>&1 || : +done +echo remove pid files . . . >> $output 2>&1 || : +/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid +# do the upgrade +echo upgrading instances . . . >> $output 2>&1 || : +DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"` +if [ -n "$DEBUGPOSTSETUPOPT" ] ; then + %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : +else + %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || : +fi + +# restart instances that require it +for inst in $instances ; do + echo restarting instance $inst >> $output 2>&1 || : + /bin/systemctl start $inst >> $output 2>&1 || : +done +#END UPGRADE +%endif + +exit 0 + + +%files +%if %{bundle_jemalloc} +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc +%license COPYING.jemalloc +%else +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl +%endif +%dir %{_sysconfdir}/%{pkgname} +%dir %{_sysconfdir}/%{pkgname}/schema +%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif +%dir %{_sysconfdir}/%{pkgname}/config +%dir %{_sysconfdir}/systemd/system/%{groupname}.wants +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf +%{_datadir}/%{pkgname} +%{_datadir}/gdb/auto-load/* +%{_unitdir} +%{_bindir}/dbscan +%{_mandir}/man1/dbscan.1.gz +%{_bindir}/ds-replcheck +%{_mandir}/man1/ds-replcheck.1.gz +%{_bindir}/ds-logpipe.py +%{_mandir}/man1/ds-logpipe.py.1.gz +%{_bindir}/ldclt +%{_mandir}/man1/ldclt.1.gz +%{_sbindir}/ldif2ldap +%{_mandir}/man8/ldif2ldap.8.gz +%{_bindir}/logconv.pl +%{_mandir}/man1/logconv.pl.1.gz +%{_bindir}/pwdhash +%{_mandir}/man1/pwdhash.1.gz +%{_bindir}/readnsstate +%{_mandir}/man1/readnsstate.1.gz +# Remove for now: %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd +%{_sbindir}/ns-slapd +%{_mandir}/man8/ns-slapd.8.gz +%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl +%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh +%{_mandir}/man5/99user.ldif.5.gz +%{_mandir}/man5/certmap.conf.5.gz +%{_mandir}/man5/slapd-collations.conf.5.gz +%{_mandir}/man5/dirsrv.5.gz +%{_mandir}/man5/dirsrv.systemd.5.gz +%{_libdir}/%{pkgname}/python +%dir %{_libdir}/%{pkgname}/plugins +%{_libdir}/%{pkgname}/plugins/*.so +# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but +# sysctl.d is always in /lib. +%{_prefix}/lib/sysctl.d/* +%dir %{_localstatedir}/lib/%{pkgname} +%dir %{_localstatedir}/log/%{pkgname} +%ghost %dir %{_localstatedir}/lock/%{pkgname} +%exclude %{_sbindir}/ldap-agent* +%exclude %{_mandir}/man1/ldap-agent.1.gz +%exclude %{_unitdir}/%{pkgname}-snmp.service +%if %{bundle_jemalloc} +%{_libdir}/%{pkgname}/lib/ +%{_libdir}/%{pkgname}/bin/ +%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config +%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh +%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a +%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so +%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a +%exclude %{_libdir}/%{pkgname}/lib/pkgconfig +%endif + +%files devel +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%{_mandir}/man3/* +%{_includedir}/svrcore.h +%{_includedir}/%{pkgname} +%{_libdir}/libsvrcore.so +%{_libdir}/%{pkgname}/libslapd.so +%{_libdir}/%{pkgname}/libns-dshttpd.so +%{_libdir}/%{pkgname}/libsds.so +%{_libdir}/%{pkgname}/libldaputil.so +%{_libdir}/pkgconfig/svrcore.pc +%{_libdir}/pkgconfig/dirsrv.pc +%{_libdir}/pkgconfig/libsds.pc + +%files libs +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%dir %{_libdir}/%{pkgname} +%{_libdir}/libsvrcore.so.* +%{_libdir}/%{pkgname}/libslapd.so.* +%{_libdir}/%{pkgname}/libns-dshttpd-*.so +%{_libdir}/%{pkgname}/libsds.so.* +%{_libdir}/%{pkgname}/libldaputil.so.* +%{_libdir}/%{pkgname}/librewriters.so* +%if %{bundle_jemalloc} +%{_libdir}/%{pkgname}/lib/libjemalloc.so.2 +%endif + +%if %{use_legacy} +%files legacy-tools +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%{_bindir}/infadd +%{_mandir}/man1/infadd.1.gz +%{_bindir}/ldif +%{_mandir}/man1/ldif.1.gz +%{_bindir}/migratecred +%{_mandir}/man1/migratecred.1.gz +%{_bindir}/mmldif +%{_mandir}/man1/mmldif.1.gz +%{_bindir}/rsearch +%{_mandir}/man1/rsearch.1.gz +%{_libexecdir}/%{pkgname}/ds_selinux_enabled +%{_libexecdir}/%{pkgname}/ds_selinux_port_query +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig +%{_mandir}/man5/template-initconfig.5.gz +%{_datadir}/%{pkgname}/properties/*.res +%{_datadir}/%{pkgname}/script-templates +%{_datadir}/%{pkgname}/updates +%{_sbindir}/ldif2ldap +%{_mandir}/man8/ldif2ldap.8.gz +%{_sbindir}/bak2db +%{_mandir}/man8/bak2db.8.gz +%{_sbindir}/db2bak +%{_mandir}/man8/db2bak.8.gz +%{_sbindir}/db2index +%{_mandir}/man8/db2index.8.gz +%{_sbindir}/db2ldif +%{_mandir}/man8/db2ldif.8.gz +%{_sbindir}/dbverify +%{_mandir}/man8/dbverify.8.gz +%{_sbindir}/ldif2db +%{_mandir}/man8/ldif2db.8.gz +%{_sbindir}/restart-dirsrv +%{_mandir}/man8/restart-dirsrv.8.gz +%{_sbindir}/start-dirsrv +%{_mandir}/man8/start-dirsrv.8.gz +%{_sbindir}/status-dirsrv +%{_mandir}/man8/status-dirsrv.8.gz +%{_sbindir}/stop-dirsrv +%{_mandir}/man8/stop-dirsrv.8.gz +%{_sbindir}/upgradedb +%{_mandir}/man8/upgradedb.8.gz +%{_sbindir}/vlvindex +%{_mandir}/man8/vlvindex.8.gz +%{_sbindir}/monitor +%{_mandir}/man8/monitor.8.gz +%{_sbindir}/dbmon.sh +%{_mandir}/man8/dbmon.sh.8.gz +%{_sbindir}/dn2rdn +%{_mandir}/man8/dn2rdn.8.gz +%{_sbindir}/restoreconfig +%{_mandir}/man8/restoreconfig.8.gz +%{_sbindir}/saveconfig +%{_mandir}/man8/saveconfig.8.gz +%{_sbindir}/suffix2instance +%{_mandir}/man8/suffix2instance.8.gz +%{_sbindir}/upgradednformat +%{_mandir}/man8/upgradednformat.8.gz +%{_mandir}/man1/dbgen.pl.1.gz +%{_bindir}/repl-monitor +%{_mandir}/man1/repl-monitor.1.gz +%{_bindir}/repl-monitor.pl +%{_mandir}/man1/repl-monitor.pl.1.gz +%{_bindir}/cl-dump +%{_mandir}/man1/cl-dump.1.gz +%{_bindir}/cl-dump.pl +%{_mandir}/man1/cl-dump.pl.1.gz +%{_bindir}/dbgen.pl +%{_mandir}/man8/bak2db.pl.8.gz +%{_sbindir}/bak2db.pl +%{_sbindir}/cleanallruv.pl +%{_mandir}/man8/cleanallruv.pl.8.gz +%{_sbindir}/db2bak.pl +%{_mandir}/man8/db2bak.pl.8.gz +%{_sbindir}/db2index.pl +%{_mandir}/man8/db2index.pl.8.gz +%{_sbindir}/db2ldif.pl +%{_mandir}/man8/db2ldif.pl.8.gz +%{_sbindir}/fixup-linkedattrs.pl +%{_mandir}/man8/fixup-linkedattrs.pl.8.gz +%{_sbindir}/fixup-memberof.pl +%{_mandir}/man8/fixup-memberof.pl.8.gz +%{_sbindir}/ldif2db.pl +%{_mandir}/man8/ldif2db.pl.8.gz +%{_sbindir}/migrate-ds.pl +%{_mandir}/man8/migrate-ds.pl.8.gz +%{_sbindir}/ns-accountstatus.pl +%{_mandir}/man8/ns-accountstatus.pl.8.gz +%{_sbindir}/ns-activate.pl +%{_mandir}/man8/ns-activate.pl.8.gz +%{_sbindir}/ns-inactivate.pl +%{_mandir}/man8/ns-inactivate.pl.8.gz +%{_sbindir}/ns-newpwpolicy.pl +%{_mandir}/man8/ns-newpwpolicy.pl.8.gz +%{_sbindir}/remove-ds.pl +%{_mandir}/man8/remove-ds.pl.8.gz +%{_sbindir}/schema-reload.pl +%{_mandir}/man8/schema-reload.pl.8.gz +%{_sbindir}/setup-ds.pl +%{_mandir}/man8/setup-ds.pl.8.gz +%{_sbindir}/syntax-validate.pl +%{_mandir}/man8/syntax-validate.pl.8.gz +%{_sbindir}/usn-tombstone-cleanup.pl +%{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz +%{_sbindir}/verify-db.pl +%{_mandir}/man8/verify-db.pl.8.gz +%{_libdir}/%{pkgname}/perl +%endif + +%files snmp +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf +%{_sbindir}/ldap-agent* +%{_mandir}/man1/ldap-agent.1.gz +%{_unitdir}/%{pkgname}-snmp.service + +%files -n python%{python3_pkgversion}-lib389 +%doc LICENSE LICENSE.GPLv3+ +%{python3_sitelib}/lib389* +%{_sbindir}/dsconf +%{_mandir}/man8/dsconf.8.gz +%{_sbindir}/dscreate +%{_mandir}/man8/dscreate.8.gz +%{_sbindir}/dsctl +%{_mandir}/man8/dsctl.8.gz +%{_sbindir}/dsidm +%{_mandir}/man8/dsidm.8.gz +%{_libexecdir}/%{pkgname}/dscontainer + +%files -n cockpit-389-ds -f cockpit.list +%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml +%doc README.md + +%changelog +* Tue Dec 13 2022 Mark Reynolds - 1.4.3.32-3 +- Bump version to 1.4.3.32-3 +- Resolves: BugĀ 2149956 - change default password storage scheme to be backwards compatible with RHEL 7 + +* Tue Dec 13 2022 Mark Reynolds - 1.4.3.32-2 +- Bump version to 1.4.3.32-2 +- Resolves: BugĀ 2149956 - ipa-server-install displays mdd failure Server is unwilling to perform + +* Tue Nov 15 2022 Mark Reynolds - 1.4.3.32-1 +- Bump version to 1.4.3.32-1 +- Resolves: Bug 2098138 - broken nsslapd-subtree-rename-switch option in rhds11 +- Resolves: Bug 2119063 - entryuuid fixup tasks fails because entryUUID is not mutable +- Resolves: Bug 2136610 - [RFE] Add 'cn' attribute to IPA audit logs +- Resolves: Bug 2142638 - pam mutex lock causing high etimes, affecting red hat internal sso +- Resolves: Bug 2096795 - [RFE] Support ECDSA private keys for TLS +