OpenPKG Specs / annotate

openldap/openldap.spec@0ba300bdf30a (annotated)

openldap/openldap.spec

Mon, 20 Apr 2009 19:22:00 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Mon, 20 Apr 2009 19:22:00 +0200
changeset 178
0ba300bdf30a
child 184
f035b8d886ac
permissions
-rw-r--r--

Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.

michael@174 1 ##
michael@174 2 ## openldap.spec -- OpenPKG RPM Package Specification
michael@174 3 ## Copyright (c) 2000-2009 OpenPKG Foundation e.V. <http://openpkg.net/>
michael@174 4 ##
michael@174 5 ## Permission to use, copy, modify, and distribute this software for
michael@174 6 ## any purpose with or without fee is hereby granted, provided that
michael@174 7 ## the above copyright notice and this permission notice appear in all
michael@174 8 ## copies.
michael@174 9 ##
michael@174 10 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
michael@174 11 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
michael@174 12 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
michael@174 13 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
michael@174 14 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
michael@174 15 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
michael@174 16 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
michael@174 17 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
michael@174 18 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
michael@174 19 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
michael@174 20 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
michael@174 21 ## SUCH DAMAGE.
michael@174 22 ##
michael@174 23
michael@174 24 # package information
michael@174 25 Name: openldap
michael@174 26 Summary: Lightweight Directory Access Protocol (LDAP) Toolkit
michael@174 27 URL: http://www.openldap.org/
michael@174 28 Vendor: OpenLDAP Project
michael@174 29 Packager: OpenPKG Foundation e.V.
michael@174 30 Distribution: OpenPKG Community
michael@174 31 Class: BASE
michael@174 32 Group: LDAP
michael@174 33 License: GPL
michael@174 34 Version: 2.4.16
michael@174 35 Release: 20090406
michael@174 36
michael@174 37 # package options
michael@174 38 %option with_server yes
michael@174 39 %option with_fsl yes
michael@174 40 %option with_crypt yes
michael@174 41 %option with_overlays yes
michael@174 42 %option with_pth yes
michael@174 43 %option with_pthreads no
michael@174 44 %option with_sasl no
michael@174 45 %option with_perl no
michael@174 46 %option with_odbc no
michael@174 47
michael@174 48 # list of sources
michael@174 49 Source0: ftp://ftp.openldap.org/pub/openldap/openldap-release/openldap-%{version}.tgz
michael@174 50 Source1: rc.openldap
michael@174 51 Source2: fsl.openldap
michael@174 52 Source3: openldap.pc
michael@174 53 Patch0: openldap.patch
michael@174 54
michael@174 55 # build information
michael@174 56 Prefix: %{l_prefix}
michael@174 57 BuildRoot: %{l_buildroot}
michael@174 58 BuildPreReq: OpenPKG, openpkg >= 20060823, make, gcc
michael@174 59 PreReq: OpenPKG, openpkg >= 20060823
michael@174 60 BuildPreReq: openssl, db >= 4.5
michael@174 61 PreReq: openssl, db >= 4.5
michael@174 62 %if "%{with_server}" == "yes" && "%{with_fsl}" == "yes"
michael@174 63 BuildPreReq: fsl
michael@174 64 PreReq: fsl
michael@174 65 %endif
michael@174 66 %if "%{with_server}" == "yes" && "%{with_pthreads}" == "yes"
michael@174 67 BuildPreReq: db::with_pthreads = yes
michael@174 68 PreReq: db::with_pthreads = yes
michael@174 69 %endif
michael@174 70 %if "%{with_server}" == "yes" && "%{with_pth}" == "yes"
michael@174 71 BuildPreReq: pth
michael@174 72 PreReq: pth
michael@174 73 %endif
michael@174 74 %if "%{with_sasl}" == "yes"
michael@174 75 BuildPreReq: sasl
michael@174 76 PreReq: sasl
michael@174 77 %endif
michael@174 78 %if "%{with_server}" == "yes" && "%{with_odbc}" == "yes"
michael@174 79 BuildPreReq: ODBC
michael@174 80 PreReq: ODBC
michael@174 81 %endif
michael@174 82 AutoReq: no
michael@174 83 AutoReqProv: no
michael@174 84
michael@174 85 %description
michael@174 86 OpenLDAP is an open source implementation of the Lightweight
michael@174 87 Directory Access Protocol (LDAP). The suite includes libraries
michael@174 88 implementing the LDAP protocol plus a stand-alone LDAP server
michael@174 89 slapd(8).
michael@174 90
michael@174 91 %track
michael@174 92 prog openldap = {
michael@174 93 version = %{version}
michael@174 94 url = ftp://ftp.openldap.org/pub/openldap/openldap-release/
michael@174 95 regex = openldap-(__VER__)\.tgz
michael@174 96 }
michael@174 97
michael@174 98 %prep
michael@174 99 %setup -q
michael@174 100 %patch -p0
michael@174 101 %{l_shtool} subst \
michael@174 102 -e 's;-ldb-4\.[1-9];-ldb;g' \
michael@174 103 -e 's;-ldb-4-[1-9];-ldb;g' \
michael@174 104 -e 's;-ldb-4[1-9];-ldb;g' \
michael@174 105 -e 's;-ldb-4;-ldb;g' \
michael@174 106 configure
michael@174 107
michael@174 108 %build
michael@174 109 cp /dev/null config.cache
michael@174 110
michael@174 111 # configuration: standard build flags
michael@174 112 export CC="%{l_cc}"
michael@174 113 export CFLAGS="%{l_cflags -O}"
michael@174 114 export CPPFLAGS="%{l_cppflags}"
michael@174 115 export LDFLAGS="%{l_ldflags}"
michael@174 116 export LIBS=""
michael@174 117 export ARGS=""
michael@174 118 ARGS="$ARGS --prefix=%{l_prefix}"
michael@174 119 ARGS="$ARGS --libexecdir=%{l_prefix}/libexec/openldap"
michael@174 120 ARGS="$ARGS --localstatedir=%{l_prefix}/var/openldap"
michael@174 121 ARGS="$ARGS --enable-syslog"
michael@174 122 ARGS="$ARGS --with-tls"
michael@174 123 ARGS="$ARGS --without-fetch"
michael@174 124 ARGS="$ARGS --disable-dynamic"
michael@174 125 ARGS="$ARGS --disable-shared"
michael@174 126 %if "%{with_server}" == "yes"
michael@174 127 ARGS="$ARGS --enable-slapd"
michael@174 128 ARGS="$ARGS --disable-modules"
michael@174 129 ARGS="$ARGS --enable-local"
michael@174 130 ARGS="$ARGS --enable-bdb"
michael@174 131 ARGS="$ARGS --enable-hdb"
michael@174 132 ARGS="$ARGS --enable-rewrite"
michael@174 133 ARGS="$ARGS --enable-ldap"
michael@174 134 ARGS="$ARGS --enable-meta"
michael@174 135 ARGS="$ARGS --enable-monitor"
michael@174 136 ARGS="$ARGS --enable-dnssrv"
michael@174 137 ARGS="$ARGS --enable-null"
michael@174 138 ARGS="$ARGS --enable-shell"
michael@174 139 ARGS="$ARGS --with-proxycache"
michael@174 140 %else
michael@174 141 ARGS="$ARGS --disable-slapd"
michael@174 142 ARGS="$ARGS --disable-modules"
michael@174 143 %endif
michael@174 144
michael@174 145 # configuration: force to use OSSP fsl
michael@174 146 %if "%{with_server}" == "yes"
michael@174 147 LDFLAGS="$LDFLAGS %{l_fsl_ldflags}"
michael@174 148 LIBS="$LIBS %{l_fsl_libs}"
michael@174 149 %endif
michael@174 150
michael@174 151 # configuration: force to use GNU pth if enabled
michael@174 152 %if "%{with_server}" == "yes"
michael@174 153 %if "%{with_pth}" == "yes"
michael@174 154 CFLAGS="$CFLAGS `%{l_prefix}/bin/pth-config --cflags`"
michael@174 155 CPPFLAGS="$CPPFLAGS -I`%{l_prefix}/bin/pth-config --includedir`"
michael@174 156 LDFLAGS="$LDFLAGS `%{l_prefix}/bin/pth-config --ldflags`"
michael@174 157 LIBS="`%{l_prefix}/bin/pth-config --libs` $LIBS"
michael@174 158 ARGS="$ARGS --with-threads=pth"
michael@174 159 ( echo "ac_cv_header_sys_devpoll_h=no"
michael@174 160 echo "ac_cv_header_sys_epoll_h=no"
michael@174 161 ) >>config.cache
michael@174 162 %else
michael@174 163 %if "%{with_pthreads}" == "yes"
michael@174 164 ARGS="$ARGS --with-threads=posix"
michael@174 165 %else
michael@174 166 ARGS="$ARGS --with-threads=no"
michael@174 167 %endif
michael@174 168 %endif
michael@174 169 %endif
michael@174 170
michael@174 171 # configuration: optional overlay support
michael@174 172 %if "%{with_server}" == "yes" && "%{with_overlays}" == "yes"
michael@174 173 ARGS="$ARGS --enable-overlays=yes"
michael@174 174 %endif
michael@174 175
michael@174 176 # configuration: optional SASL support
michael@174 177 %if "%{with_sasl}" == "yes"
michael@174 178 ( echo "ac_cv_lib_sasl2_sasl_client_init=yes"
michael@174 179 ) >>config.cache
michael@174 180 CPPFLAGS="%{l_cppflags sasl} $CPPFLAGS"
michael@174 181 ARGS="$ARGS --with-cyrus-sasl --enable-spasswd"
michael@174 182 %else
michael@174 183 ARGS="$ARGS --without-cyrus-sasl --disable-spasswd"
michael@174 184 %endif
michael@174 185
michael@174 186 # configuration: optional crypt(3) support
michael@174 187 %if "%{with_crypt}" == "yes"
michael@174 188 ARGS="$ARGS --enable-crypt"
michael@174 189 %endif
michael@174 190
michael@174 191 # configuration: optional Perl support
michael@174 192 %if "%{with_server}" == "yes" && "%{with_perl}" == "yes"
michael@174 193 ARGS="$ARGS --enable-perl"
michael@174 194 %endif
michael@174 195
michael@174 196 # configuration: optional ODBC-based RDBMS support
michael@174 197 %if "%{with_server}" == "yes" && "%{with_odbc}" == "yes"
michael@174 198 ARGS="$ARGS --enable-sql"
michael@174 199 %endif
michael@174 200
michael@174 201 # configuration: special platform support
michael@174 202 case "%{l_platform -t}" in
michael@174 203 *-sunos* ) CFLAGS="$CFLAGS -D_AVL_H"; LIBS="$LIBS -lrt" ;;
michael@174 204 esac
michael@174 205
michael@174 206 # configuration: use hard-links and make sure our Berkeley-DB is picked up first
michael@174 207 %{l_shtool} subst \
michael@174 208 -e 's;ln -s;ln;g' \
michael@174 209 -e 's;-ldb4[1-9];%{l_prefix}/lib/libdb.a;g' \
michael@174 210 -e 's;<db\.h>;"db.h";g' \
michael@174 211 configure
michael@174 212
michael@174 213 # configuration
michael@174 214 ./configure --cache-file=./config.cache $ARGS
michael@174 215
michael@174 216 # build toolkit
michael@174 217 %{l_make} %{l_mflags} depend
michael@174 218 %{l_make} %{l_mflags}
michael@174 219
michael@174 220 %install
michael@174 221 # install toolkit
michael@174 222 rm -rf $RPM_BUILD_ROOT
michael@174 223 %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
michael@174 224
michael@174 225 # post adjustment: remove extra files
michael@174 226 rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/*.default
michael@174 227 rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/*/*.default
michael@174 228
michael@174 229 # post adjustment: move files
michael@174 230 rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/DB_CONFIG.example
michael@174 231 %if "%{with_server}" == "yes"
michael@174 232 mv $RPM_BUILD_ROOT%{l_prefix}/var/openldap/openldap-data/DB_CONFIG.example \
michael@174 233 $RPM_BUILD_ROOT%{l_prefix}/var/openldap/openldap-data/DB_CONFIG
michael@174 234 %endif
michael@174 235
michael@174 236 # post adjustment: enable and correct slapd.pid
michael@174 237 %if "%{with_server}" == "yes"
michael@174 238 %{l_shtool} subst \
michael@174 239 -e 's;^[ #]*\(pidfile \).*$;\1 %{l_prefix}/var/openldap/run/slapd.pid;' \
michael@174 240 $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/slapd.conf
michael@174 241 %endif
michael@174 242
michael@174 243 # post adjustment: remove OSSP fsl dependency from libtool files
michael@174 244 %if "%{with_server}" == "yes"
michael@174 245 %{l_shtool} subst \
michael@174 246 -e 's;-lfsl *;;' \
michael@174 247 $RPM_BUILD_ROOT%{l_prefix}/lib/*.la
michael@174 248 %endif
michael@174 249
michael@174 250 # install run-command script
michael@174 251 %if "%{with_server}" == "yes"
michael@174 252 %{l_shtool} mkdir -f -p -m 755 \
michael@174 253 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
michael@174 254 %{l_shtool} install -c -m 755 %{l_value -s -a} \
michael@174 255 %{SOURCE rc.openldap} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
michael@174 256 %endif
michael@174 257
michael@174 258 # install OSSP fsl configuration
michael@174 259 %if "%{with_server}" == "yes"
michael@174 260 %{l_shtool} mkdir -f -p -m 755 \
michael@174 261 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl
michael@174 262 %{l_shtool} install -c -m 644 %{l_value -s -a} \
michael@174 263 %{SOURCE fsl.openldap} \
michael@174 264 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
michael@174 265 %endif
michael@174 266
michael@174 267 # install pkg-config configuration
michael@174 268 %{l_shtool} mkdir -f -p -m 755 \
michael@174 269 $RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig
michael@174 270 libs="-lldap -llber"
michael@174 271 %if "%{with_sasl}" == "yes"
michael@174 272 libs="$libs -lsasl2"
michael@174 273 %endif
michael@174 274 %{l_shtool} install -c -m 644 %{l_value -s -a} \
michael@174 275 -e "s;@version@;%{version};" \
michael@174 276 -e "s;@libs@;$libs;" \
michael@174 277 %{SOURCE openldap.pc} \
michael@174 278 $RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig/
michael@174 279
michael@174 280 # optionally remove server-components
michael@174 281 %if "%{with_server}" != "yes"
michael@174 282 rm -rf $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/schema
michael@174 283 rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/slapd.conf
michael@174 284 rm -rf $RPM_BUILD_ROOT%{l_prefix}/sbin
michael@174 285 rm -rf $RPM_BUILD_ROOT%{l_prefix}/libexec/openldap
michael@174 286 rm -f $RPM_BUILD_ROOT%{l_prefix}/include/slapi-plugin.h
michael@174 287 rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man5/slap*
michael@174 288 rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man8/slap*
michael@174 289 %endif
michael@174 290
michael@174 291 # determine installation files
michael@174 292 %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
michael@174 293 %{l_files_std} \
michael@174 294 %if "%{with_server}" == "yes"
michael@174 295 '%config %{l_prefix}/etc/fsl/fsl.openldap' \
michael@174 296 '%config %{l_prefix}/etc/openldap/schema/*.schema' \
michael@174 297 '%config %{l_prefix}/etc/openldap/schema/*.ldif' \
michael@174 298 %endif
michael@174 299 '%config %{l_prefix}/etc/openldap/*.conf'
michael@174 300
michael@174 301 %files -f files
michael@174 302
michael@174 303 %clean
michael@174 304 rm -rf $RPM_BUILD_ROOT
michael@174 305
michael@174 306 %pre
michael@174 307 %if "%{with_server}" == "yes"
michael@174 308 # before upgrade, save status and stop service
michael@174 309 [ $1 -eq 2 ] || exit 0
michael@174 310 eval `%{l_rc} openldap status 2>/dev/null | tee %{l_tmpfile}`
michael@174 311 %{l_rc} openldap stop 2>/dev/null
michael@174 312 exit 0
michael@174 313 %endif
michael@174 314
michael@174 315 %post
michael@174 316 # after upgrade, restore status
michael@174 317 %if "%{with_server}" == "yes"
michael@174 318 [ $1 -eq 2 ] || exit 0
michael@174 319 { eval `cat %{l_tmpfile}`; rm -f %{l_tmpfile}; true; } >/dev/null 2>&1
michael@174 320 [ ".$openldap_active" = .yes ] && %{l_rc} openldap start
michael@174 321 exit 0
michael@174 322 %endif
michael@174 323
michael@174 324 %preun
michael@174 325 # before erase, stop service and remove log files
michael@174 326 %if "%{with_server}" == "yes"
michael@174 327 [ $1 -eq 0 ] || exit 0
michael@174 328 %{l_rc} openldap stop 2>/dev/null
michael@174 329 rm -f $RPM_INSTALL_PREFIX/var/openldap/openldap.log* >/dev/null 2>&1 || true
michael@174 330 exit 0
michael@174 331 %endif
michael@174 332

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial