%global pkgname dirsrv
# for a pre-release, define the prerel field - comment out for official release
# % global prerel .a1
# also need the relprefix 0. field for a pre-release - also comment out for official release
# % global relprefix 0.
%global selinux_variants strict targeted
Summary: 389 Administration Server (admin)
Name: 389-admin
Version: 1.1.29
Release: %{?relprefix}1%{?prerel}%{?dist}
License: GPLv2 and ASL 2.0
URL: http://port389.org/
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Provides: fedora-ds-admin = %{version}-%{release}
Obsoletes: fedora-ds-admin < 1.1.8-1
Obsoletes: %{name}-selinux
BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: svrcore-devel
BuildRequires: mozldap-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: icu
BuildRequires: libicu-devel
BuildRequires: httpd-devel
BuildRequires: apr-devel
BuildRequires: mod_nss
BuildRequires: 389-adminutil-devel
# The following are needed to build the SELinux policy
BuildRequires: checkpolicy
BuildRequires: selinux-policy-devel
BuildRequires: /usr/share/selinux/devel/Makefile
BuildRequires: 389-ds-base-selinux-devel
Requires: 389-ds-base
Requires: mod_nss
# this is needed for using semanage from our setup scripts
Requires: policycoreutils
# this is needed to load and unload the policy module
Requires(post): policycoreutils
Requires(preun): policycoreutils
Requires(postun): policycoreutils
# the following are needed for some of our scripts
Requires: perl-Mozilla-LDAP
Requires: nss-tools
# for the init script
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
# 389-admin-git.sh should be used to generate the source tarball from git
Source1: %{name}-git.sh
Patch1: selinux-policy.patch
%description
389 Administration Server is an HTTP agent that provides management features
for 389 Directory Server. It provides some management web apps that can
be used through a web browser. It provides the authentication, access control,
and CGI utilities used by the console.
%prep
%setup -q -n %{name}-%{version}%{?prerel}
%patch1
%build
%configure --disable-rpath --with-selinux --enable-service
# Generate symbolic info for debuggers
export XCFLAGS=$RPM_OPT_FLAGS
%ifarch x86_64 ppc64 ia64 s390x sparc64
export USE_64=1
%endif
make %{?_smp_mflags}
# Build the SELinux policy module for each variant
cd selinux-built
cp %{_datadir}/%{pkgname}-selinux/%{pkgname}.if .
cp %{_datadir}/%{pkgname}-selinux/%{pkgname}.te .
for selinuxvariant in %{selinux_variants}
do
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
mv %{pkgname}-admin.pp %{pkgname}-admin.pp.${selinuxvariant}
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
done
cd -
%install
rm -rf $RPM_BUILD_ROOT
make DESTDIR="$RPM_BUILD_ROOT" install
# make console jars directory
mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/html/java
#remove libtool and static libs
rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/*.so
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/modules/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/modules/*.la
# Install the SELinux policy
cd selinux-built
for selinuxvariant in %{selinux_variants}
do
install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
install -p -m 644 %{pkgname}-admin.pp.${selinuxvariant} \
%{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp
done
cd -
%clean
rm -rf $RPM_BUILD_ROOT
%pre -p <lua>
-- save ownership/permissions on the dirs/files that rpm changes
-- if these don't exist, the vars will be nil
%{pkgname}admin_adminserv = posix.stat('%{_sysconfdir}/%{pkgname}/admin-serv')
%{pkgname}admin_consoleconf = posix.stat('%{_sysconfdir}/%{pkgname}/admin-serv/console.conf')
-- save the run level configuration, if any
rc = os.execute('rpm --quiet -q fedora-ds-admin')
if rc == 0 then
%{pkgname}admin_exists = true
%{pkgname}admin_savelinks = {}
for dir in posix.files("%{_sysconfdir}/rc.d") do
if string.find(dir, "rc%d.d") then
-- print("looking in %{_sysconfdir}/rc.d/"..dir)
for link in posix.files("%{_sysconfdir}/rc.d/"..dir) do
if string.find(link, "[SK]%d%d%{pkgname}-admin") then
fullname = "%{_sysconfdir}/rc.d/"..dir.."/"..link
linked = posix.readlink(fullname)
-- print(fullname.." is linked to "..linked)
%{pkgname}_savelinks[fullname] = linked
end
end
end
end
end
%post -p <lua>
-- do the usual daemon post setup stuff
os.execute('/sbin/chkconfig --add %{pkgname}-admin')
os.execute('/sbin/ldconfig')
-- restore permissions if upgrading
if %{pkgname}admin_adminserv then
posix.chmod('%{_sysconfdir}/%{pkgname}/admin-serv', %{pkgname}admin_adminserv.mode)
posix.chown('%{_sysconfdir}/%{pkgname}/admin-serv', %{pkgname}admin_adminserv.uid, %{pkgname}admin_adminserv.gid)
end
if %{pkgname}admin_consoleconf then
posix.chmod('%{_sysconfdir}/%{pkgname}/admin-serv/console.conf', %{pkgname}admin_consoleconf.mode)
posix.chown('%{_sysconfdir}/%{pkgname}/admin-serv/console.conf', %{pkgname}admin_consoleconf.uid, %{pkgname}admin_consoleconf.gid)
end
-- load the selinux policy module
variants = "%{selinux_variants}"
for selinuxvariant in string.gfind(variants, "%a+") do
os.execute('semodule -s '..selinuxvariant..' -i %{_datadir}/selinux/'..selinuxvariant..'/%{pkgname}-admin.pp > /dev/null 2>&1')
end
-- label the files installed by this package
os.execute('fixfiles -R %{name} restore > /dev/null 2>&1')
%preun
if [ $1 = 0 ]; then
/sbin/service %{pkgname}-admin stop >/dev/null 2>&1 || :
/sbin/chkconfig --del %{pkgname}-admin
for selinuxvariant in %{selinux_variants}
do
semodule -s ${selinuxvariant} -r %{pkgname}-admin 2>/dev/null || :
done
fi
%postun
/sbin/ldconfig
if [ "$1" -ge "1" ]; then # Upgrade
for selinuxvariant in %{selinux_variants}
do
semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp 2>/dev/null || :
done
fi
%posttrans -p <lua>
-- if we saved the run level configuration in %pre, restore it now
-- we can get rid of this code once Fedora 11 becomes obsolete
if %{pkgname}admin_savelinks then
for fullpath,link in pairs(%{pkgname}admin_savelinks) do
posix.symlink(link,fullpath)
-- print("posttrans - restored run level "..fullpath.." to "..link)
end
end
if %{pkgname}admin_exists then
os.execute('/sbin/service %{pkgname}-admin start >/dev/null 2>&1')
end
%files
%defattr(-,root,root,-)
%doc LICENSE
%dir %{_sysconfdir}/%{pkgname}/admin-serv
%config(noreplace)%{_sysconfdir}/%{pkgname}/admin-serv/*.conf
%{_datadir}/%{pkgname}
%{_datadir}/selinux/*/%{pkgname}-admin.pp
%{_sysconfdir}/rc.d/init.d/%{pkgname}-admin
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}-admin
%{_sbindir}/*
%{_libdir}/*.so.*
%{_libdir}/%{pkgname}
%{_mandir}/man8/*
%changelog
* Tue Mar 27 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.29-1
- 4ec23c0 If htmladmin fails to connect to the server, the cgi could crash.
* Thu Mar 22 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.28-1
- Ticket #307 - htmladmin keeps segfaulting
- Ticket #286 - compilation fixes for 'format-security'
* Fri Feb 3 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.27-1
- Ticket #281 - TLS not working with latest openldap
- Ticket #161 - Review and address latest Coverity issues
* Wed Jan 25 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.26-1
- Bug 767823 - selinux: need to allow admin server to connect to ldap port
* Fri Oct 28 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.25-1
- Bug 740959 - 389-console put CA certificates into wrong database
* Wed Sep 21 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.24-1
- Bug 695741 - Providing native systemd file
* Thu Aug 11 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.23-1
- Bug 730079 - Update SELinux policy during upgrades
* Thu Aug 11 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.22-1
- Bug 724808 - startup CGIs write temp file to /
- add man pages for ds_removal and ds_unregister
- fixes for the makeUpgradeTar.sh script
* Tue Aug 2 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.21-1
- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
* Tue Jul 5 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.20-1
- Bug 719056 - migrate-ds-admin.pl needs to update SELinux policy
- Bug 718285 - AdminServer should use "service" command instead of start/stop/restart scripts
- Bug 718079 - Perl errors when running migrate-ds-admin.pl
- Bug 713000 - Migration stops if old admin server cannot be stopped
- added tests for the security cgi
- fix typo in NSS_Shutdown warning message
- better NSS error handling - reduce memory leaks
- Bug 710372 - Not able to open the Manage Certificate from DS-console
* Tue Jun 28 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.19-1
- look for separate openldap ldif library
* Tue Jun 21 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.18-1
- skip rebranding current brand
- support for skins
* Fri May 13 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.17-1
- 1.1.17
- support "in-place" upgrade and rebranding from Red Hat to 389
- many fixes for coverity issues
* Tue Mar 29 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.16-1
- 389-admin-1.1.16
- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
- Bug 614690 - Don't use exec to call genrb
- Bug 158926 - Unable to install CA certificate when using
- hardware token ( LunaSA )
- Bug 211296 - Clean up all HTML pages (Admin Express, Repl Monitor, etc)
* Wed Feb 23 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.15-1
- 1.1.15 release - git tag 389-admin-1.1.15
- Bug 493424 - remove unneeded modules for admin server apache config
- Bug 618897 - Wrong permissions when creating instance from Console
- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
- Bug 245278 - Changing to a password with a single quote does not work
- Bug 604881 - admin server log files have incorrect permissions/ownerships
- Bug 387981 - plain files can be chosen on the Restore Directory dialog
- Bug 668950 - Add posix group support to Console
- Bug 618858 - move start-ds-admin env file into main admin server config path
- Bug 616260 - libds-admin-serv linking fails due to unresolved link-time depe
ndencies
- start-ds-admin.in -- replaced "return 1" with "exit 1"
- Bug 151705 - Need to update Console Cipher Preferences with new ciphers
- Bug 470576 - Migration could do addition checks before commiting actions
* Wed Jan 5 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.14-1
- 1.1.14 release
- Bug 664671 - Admin server segfault when full SSL access (http+ldap+console)
required
- Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled
* Tue Nov 23 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.13-1
- This is the final 1.1.13 release
- git tag 389-admin-1.1.13
- Bug 656441 - Missing library path entry causes LD_PRELOAD error
- setup-ds-admin.pl -u exits with ServerAdminID and as_uid related error
* Fri Nov 19 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.12-1
- This is the final 1.1.12 release
- git tag 389-admin-1.1.12
* Tue Oct 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.12-0.2.a2
- fix mozldap build breakage
* Tue Sep 28 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.12-0.1.a1
- This is the 1.1.12 alpha 1 release - with openldap support
* Thu Aug 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-1
- This is the final 1.1.11 release
* Wed Aug 4 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.6.rc2
- 1.1.11.rc2 release
- git tag 389-admin-1.1.11.rc2
- Bug 594745 - Get rid of dirsrv_lib_t label
* Wed Jun 9 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.5.rc1
- 1.1.11.rc1 release
* Wed May 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.4.a4
- 1.1.11.a4 release
* Tue Apr 7 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.11-0.3.a3
- 1.1.11.a3 release
- Bug 570912 - dirsrv-admin SELinux module fails to install
- Change parsing of start-slapd for instance name
- Bug 574233 - Updated requirements for selinux policy
- Moved selinux subpackage into base package
* Fri Feb 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11.a2-0.2
- the 1.1.11.a2 release
- Bug 460162 - FedoraDS "with-FHS" installs init.d StartupScript in wrong location
- Bug 460209 - Correct configure help message
- Bug 560827 - Admin Server: DistinguishName validation fails
- Make check for threaded httpd work with Apache 2.0
* Thu Jan 21 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.11.a1-0.1
- the 1.1.11.a1 release
- added SELinux subpackage
* Wed Jan 20 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.10-1
- the 1.1.10 release
- allow server to run unconfined if not built with selinux support
* Thu Jan 14 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.10.a3-0.3
- the 1.1.10.a3 release
- make sure we can find ICU genrb on all platforms
* Fri Dec 18 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.10.a2-0.2
- the 1.1.10.a2 release
- fix problem with genrb path on F-12 and later
* Thu Oct 8 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.10.a1-1
- the 1.1.10.a1 release
* Mon Sep 14 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.9-1
- the 1.1.9 release
* Tue Aug 25 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-6
- rewrite perm/owner preservation code to use lua
* Wed Aug 12 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-5
- final rebuild for 1.1.8 release
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue Jul 21 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-3
- bump rev for final rebuild
* Tue Jul 21 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-2
- change adminutil to 389-adminutil
* Thu Jun 18 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-1
- bump version to 1.1.8
- change license to GPLv2 + ASL 2.0
- changed files that were incorrectly licensed as GPLv2+ to plain GPLv2
* Wed May 13 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-5
- rename to 389
* Thu Apr 9 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-4
- Resolves: bug 493424
- Description: dirsrv-admin initscript looks for nonexistent library
- Added patch to remove those modules from the httpd.conf
* Wed Apr 8 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-3
- Resolves: bug 494980
- Description: setup-ds-admin.pl -u and silent setup complain about ServerIpAddress
- CVS tag FedoraDirSrvAdmin_1_1_7_RC3 FedoraDirSrvAdmin_1_1_7_RC3_20090408
* Fri Apr 3 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-2
- Resolves: bug 493989
- Description: Admin Server: valgrind invalid read in security.c when installing CRL
* Tue Mar 31 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-1
- this is the 1.1.7 release
- added man pages for setup, migration, remove commands
- better error handling for command line utilities
- fixed remove from console
- added remove-ds-admin.pl
- added pre and post sections in order to preserve the permissions and ownerships
- CVS tag FedoraDirSrvAdmin_1_1_7_RC1 FedoraDirSrvAdmin_1_1_7_RC1_20090331
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Sep 15 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.6-2
- patch for bug 451702 not required anymore - in upstream now
* Wed Jul 2 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.6-1
- add patch for bug 451702
- The 1.1.6 release
* Fri Jun 6 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.5-1
- Resolves: Bug 448366
- genrb no longer supports -p option
* Tue Apr 15 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.4-1
- Resolves: Bug 437301
- Directory Server: shell command injection in CGI replication monitor
- Fix: rewrite the perl script to ignore all input parameters - replmon.conf
- file will have to be hard coded to be in the admin-serv directory
- Resolves: Bug 437320
- Directory Server: unrestricted access to CGI scripts
- Fix: remove script alias for /bin/admin/admin/bin/
* Wed Jan 9 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.2-1
- Fix issues associated with Fedora pkg review bug 249548
* Tue Dec 11 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.1-1
- this is the final GA candidate
* Tue Nov 6 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.16
- fix several beta blocker issues
* Mon Oct 15 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.15
- fix bogus dist macro
- change mozldap6 to mozldap
* Thu Oct 11 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.14
- make admin server work with SELinux enabled
- fix wording errors in setup
* Mon Oct 8 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.13
- added /etc/sysconfig/dirsrv-admin the file that allows you to set
- the environment used to start up the admin server (e.g. keytab, ulimit, etc.)
- the initscript and admin start script use this file now
- This version also has a fix to print the correct error message if the admin
- server cannot be contacted during setup or migration.
* Thu Sep 27 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.12
- fix a couple of migration issues, including the rpath $libdir problem
- allow ds_remove from console to remove instances
* Wed Sep 19 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.11
- one line fix to fix of 295001 - console.conf clobbered
* Tue Sep 18 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.10
- fixed migration issue bugzilla 295001 - console.conf clobbered
* Fri Sep 14 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.9
- fix several more migration problems
* Fri Sep 14 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.8
- fix migration - servers are started as they are migrated now
* Tue Aug 21 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.7
- Fix the with-fhs-opt configure flag
* Fri Aug 17 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.6
- remove curses
- make mod_admserv link against sasl
- add the usual .m4 files to mod_admserv instead of having all of
- the component logic in configure.in
* Thu Aug 16 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.5
- incorporate Noriko's migration fix
* Wed Aug 15 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.4
- address several migration issues
* Mon Aug 13 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.3
- there is no devel package, so remove unused .so files
* Mon Aug 13 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.2
- forgot to tag the modules
* Fri Aug 10 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.1
- get rid of cvsdate
- use pkgname of dirsrv for filesystem path naming
- get rid of devel package
- simplify files section
* Fri Aug 10 2007 Noriko Hosoi <nhosoi@redhat.com> - 1.1.0-0.3.20070810
- updated to latest sources
- upgraded the mozldap6 version to 6.0.4
* Wed Aug 8 2007 Noriko Hosoi <nhosoi@redhat.com> - 1.1.0-0.2.20070808
- updated to latest sources -- bug fixes in the setup scripts
* Mon Aug 6 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.1.20070806
- updated to latest sources
* Thu Aug 2 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.4.20070802
- There are no files in bindir anymore
* Thu Aug 2 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.3.20070802
- forgot to prepend build root to java dir creation
* Thu Aug 2 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.2.20070802
- forgot to add mod_admserv and mod_restartd to source
* Thu Aug 2 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.1.20070802
- updated to latest sources - fix build breakage
- add console jars dir under html
* Mon Jul 23 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.1.20070725
- Initial version based on fedora-ds-base.spec