openldap/openldap.spec@0ba300bdf30a
openldap/openldap.spec
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- child 184
- f035b8d886ac
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
1 ##
2 ## openldap.spec -- OpenPKG RPM Package Specification
3 ## Copyright (c) 2000-2009 OpenPKG Foundation e.V. <http://openpkg.net/>
4 ##
5 ## Permission to use, copy, modify, and distribute this software for
6 ## any purpose with or without fee is hereby granted, provided that
7 ## the above copyright notice and this permission notice appear in all
8 ## copies.
9 ##
10 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
11 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
12 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
13 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
14 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
16 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
17 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
18 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
19 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
20 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
21 ## SUCH DAMAGE.
22 ##
24 # package information
25 Name: openldap
26 Summary: Lightweight Directory Access Protocol (LDAP) Toolkit
27 URL: http://www.openldap.org/
28 Vendor: OpenLDAP Project
29 Packager: OpenPKG Foundation e.V.
30 Distribution: OpenPKG Community
31 Class: BASE
32 Group: LDAP
33 License: GPL
34 Version: 2.4.16
35 Release: 20090406
37 # package options
38 %option with_server yes
39 %option with_fsl yes
40 %option with_crypt yes
41 %option with_overlays yes
42 %option with_pth yes
43 %option with_pthreads no
44 %option with_sasl no
45 %option with_perl no
46 %option with_odbc no
48 # list of sources
49 Source0: ftp://ftp.openldap.org/pub/openldap/openldap-release/openldap-%{version}.tgz
50 Source1: rc.openldap
51 Source2: fsl.openldap
52 Source3: openldap.pc
53 Patch0: openldap.patch
55 # build information
56 Prefix: %{l_prefix}
57 BuildRoot: %{l_buildroot}
58 BuildPreReq: OpenPKG, openpkg >= 20060823, make, gcc
59 PreReq: OpenPKG, openpkg >= 20060823
60 BuildPreReq: openssl, db >= 4.5
61 PreReq: openssl, db >= 4.5
62 %if "%{with_server}" == "yes" && "%{with_fsl}" == "yes"
63 BuildPreReq: fsl
64 PreReq: fsl
65 %endif
66 %if "%{with_server}" == "yes" && "%{with_pthreads}" == "yes"
67 BuildPreReq: db::with_pthreads = yes
68 PreReq: db::with_pthreads = yes
69 %endif
70 %if "%{with_server}" == "yes" && "%{with_pth}" == "yes"
71 BuildPreReq: pth
72 PreReq: pth
73 %endif
74 %if "%{with_sasl}" == "yes"
75 BuildPreReq: sasl
76 PreReq: sasl
77 %endif
78 %if "%{with_server}" == "yes" && "%{with_odbc}" == "yes"
79 BuildPreReq: ODBC
80 PreReq: ODBC
81 %endif
82 AutoReq: no
83 AutoReqProv: no
85 %description
86 OpenLDAP is an open source implementation of the Lightweight
87 Directory Access Protocol (LDAP). The suite includes libraries
88 implementing the LDAP protocol plus a stand-alone LDAP server
89 slapd(8).
91 %track
92 prog openldap = {
93 version = %{version}
94 url = ftp://ftp.openldap.org/pub/openldap/openldap-release/
95 regex = openldap-(__VER__)\.tgz
96 }
98 %prep
99 %setup -q
100 %patch -p0
101 %{l_shtool} subst \
102 -e 's;-ldb-4\.[1-9];-ldb;g' \
103 -e 's;-ldb-4-[1-9];-ldb;g' \
104 -e 's;-ldb-4[1-9];-ldb;g' \
105 -e 's;-ldb-4;-ldb;g' \
106 configure
108 %build
109 cp /dev/null config.cache
111 # configuration: standard build flags
112 export CC="%{l_cc}"
113 export CFLAGS="%{l_cflags -O}"
114 export CPPFLAGS="%{l_cppflags}"
115 export LDFLAGS="%{l_ldflags}"
116 export LIBS=""
117 export ARGS=""
118 ARGS="$ARGS --prefix=%{l_prefix}"
119 ARGS="$ARGS --libexecdir=%{l_prefix}/libexec/openldap"
120 ARGS="$ARGS --localstatedir=%{l_prefix}/var/openldap"
121 ARGS="$ARGS --enable-syslog"
122 ARGS="$ARGS --with-tls"
123 ARGS="$ARGS --without-fetch"
124 ARGS="$ARGS --disable-dynamic"
125 ARGS="$ARGS --disable-shared"
126 %if "%{with_server}" == "yes"
127 ARGS="$ARGS --enable-slapd"
128 ARGS="$ARGS --disable-modules"
129 ARGS="$ARGS --enable-local"
130 ARGS="$ARGS --enable-bdb"
131 ARGS="$ARGS --enable-hdb"
132 ARGS="$ARGS --enable-rewrite"
133 ARGS="$ARGS --enable-ldap"
134 ARGS="$ARGS --enable-meta"
135 ARGS="$ARGS --enable-monitor"
136 ARGS="$ARGS --enable-dnssrv"
137 ARGS="$ARGS --enable-null"
138 ARGS="$ARGS --enable-shell"
139 ARGS="$ARGS --with-proxycache"
140 %else
141 ARGS="$ARGS --disable-slapd"
142 ARGS="$ARGS --disable-modules"
143 %endif
145 # configuration: force to use OSSP fsl
146 %if "%{with_server}" == "yes"
147 LDFLAGS="$LDFLAGS %{l_fsl_ldflags}"
148 LIBS="$LIBS %{l_fsl_libs}"
149 %endif
151 # configuration: force to use GNU pth if enabled
152 %if "%{with_server}" == "yes"
153 %if "%{with_pth}" == "yes"
154 CFLAGS="$CFLAGS `%{l_prefix}/bin/pth-config --cflags`"
155 CPPFLAGS="$CPPFLAGS -I`%{l_prefix}/bin/pth-config --includedir`"
156 LDFLAGS="$LDFLAGS `%{l_prefix}/bin/pth-config --ldflags`"
157 LIBS="`%{l_prefix}/bin/pth-config --libs` $LIBS"
158 ARGS="$ARGS --with-threads=pth"
159 ( echo "ac_cv_header_sys_devpoll_h=no"
160 echo "ac_cv_header_sys_epoll_h=no"
161 ) >>config.cache
162 %else
163 %if "%{with_pthreads}" == "yes"
164 ARGS="$ARGS --with-threads=posix"
165 %else
166 ARGS="$ARGS --with-threads=no"
167 %endif
168 %endif
169 %endif
171 # configuration: optional overlay support
172 %if "%{with_server}" == "yes" && "%{with_overlays}" == "yes"
173 ARGS="$ARGS --enable-overlays=yes"
174 %endif
176 # configuration: optional SASL support
177 %if "%{with_sasl}" == "yes"
178 ( echo "ac_cv_lib_sasl2_sasl_client_init=yes"
179 ) >>config.cache
180 CPPFLAGS="%{l_cppflags sasl} $CPPFLAGS"
181 ARGS="$ARGS --with-cyrus-sasl --enable-spasswd"
182 %else
183 ARGS="$ARGS --without-cyrus-sasl --disable-spasswd"
184 %endif
186 # configuration: optional crypt(3) support
187 %if "%{with_crypt}" == "yes"
188 ARGS="$ARGS --enable-crypt"
189 %endif
191 # configuration: optional Perl support
192 %if "%{with_server}" == "yes" && "%{with_perl}" == "yes"
193 ARGS="$ARGS --enable-perl"
194 %endif
196 # configuration: optional ODBC-based RDBMS support
197 %if "%{with_server}" == "yes" && "%{with_odbc}" == "yes"
198 ARGS="$ARGS --enable-sql"
199 %endif
201 # configuration: special platform support
202 case "%{l_platform -t}" in
203 *-sunos* ) CFLAGS="$CFLAGS -D_AVL_H"; LIBS="$LIBS -lrt" ;;
204 esac
206 # configuration: use hard-links and make sure our Berkeley-DB is picked up first
207 %{l_shtool} subst \
208 -e 's;ln -s;ln;g' \
209 -e 's;-ldb4[1-9];%{l_prefix}/lib/libdb.a;g' \
210 -e 's;<db\.h>;"db.h";g' \
211 configure
213 # configuration
214 ./configure --cache-file=./config.cache $ARGS
216 # build toolkit
217 %{l_make} %{l_mflags} depend
218 %{l_make} %{l_mflags}
220 %install
221 # install toolkit
222 rm -rf $RPM_BUILD_ROOT
223 %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
225 # post adjustment: remove extra files
226 rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/*.default
227 rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/*/*.default
229 # post adjustment: move files
230 rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/DB_CONFIG.example
231 %if "%{with_server}" == "yes"
232 mv $RPM_BUILD_ROOT%{l_prefix}/var/openldap/openldap-data/DB_CONFIG.example \
233 $RPM_BUILD_ROOT%{l_prefix}/var/openldap/openldap-data/DB_CONFIG
234 %endif
236 # post adjustment: enable and correct slapd.pid
237 %if "%{with_server}" == "yes"
238 %{l_shtool} subst \
239 -e 's;^[ #]*\(pidfile \).*$;\1 %{l_prefix}/var/openldap/run/slapd.pid;' \
240 $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/slapd.conf
241 %endif
243 # post adjustment: remove OSSP fsl dependency from libtool files
244 %if "%{with_server}" == "yes"
245 %{l_shtool} subst \
246 -e 's;-lfsl *;;' \
247 $RPM_BUILD_ROOT%{l_prefix}/lib/*.la
248 %endif
250 # install run-command script
251 %if "%{with_server}" == "yes"
252 %{l_shtool} mkdir -f -p -m 755 \
253 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
254 %{l_shtool} install -c -m 755 %{l_value -s -a} \
255 %{SOURCE rc.openldap} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
256 %endif
258 # install OSSP fsl configuration
259 %if "%{with_server}" == "yes"
260 %{l_shtool} mkdir -f -p -m 755 \
261 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl
262 %{l_shtool} install -c -m 644 %{l_value -s -a} \
263 %{SOURCE fsl.openldap} \
264 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
265 %endif
267 # install pkg-config configuration
268 %{l_shtool} mkdir -f -p -m 755 \
269 $RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig
270 libs="-lldap -llber"
271 %if "%{with_sasl}" == "yes"
272 libs="$libs -lsasl2"
273 %endif
274 %{l_shtool} install -c -m 644 %{l_value -s -a} \
275 -e "s;@version@;%{version};" \
276 -e "s;@libs@;$libs;" \
277 %{SOURCE openldap.pc} \
278 $RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig/
280 # optionally remove server-components
281 %if "%{with_server}" != "yes"
282 rm -rf $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/schema
283 rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/openldap/slapd.conf
284 rm -rf $RPM_BUILD_ROOT%{l_prefix}/sbin
285 rm -rf $RPM_BUILD_ROOT%{l_prefix}/libexec/openldap
286 rm -f $RPM_BUILD_ROOT%{l_prefix}/include/slapi-plugin.h
287 rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man5/slap*
288 rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man8/slap*
289 %endif
291 # determine installation files
292 %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
293 %{l_files_std} \
294 %if "%{with_server}" == "yes"
295 '%config %{l_prefix}/etc/fsl/fsl.openldap' \
296 '%config %{l_prefix}/etc/openldap/schema/*.schema' \
297 '%config %{l_prefix}/etc/openldap/schema/*.ldif' \
298 %endif
299 '%config %{l_prefix}/etc/openldap/*.conf'
301 %files -f files
303 %clean
304 rm -rf $RPM_BUILD_ROOT
306 %pre
307 %if "%{with_server}" == "yes"
308 # before upgrade, save status and stop service
309 [ $1 -eq 2 ] || exit 0
310 eval `%{l_rc} openldap status 2>/dev/null | tee %{l_tmpfile}`
311 %{l_rc} openldap stop 2>/dev/null
312 exit 0
313 %endif
315 %post
316 # after upgrade, restore status
317 %if "%{with_server}" == "yes"
318 [ $1 -eq 2 ] || exit 0
319 { eval `cat %{l_tmpfile}`; rm -f %{l_tmpfile}; true; } >/dev/null 2>&1
320 [ ".$openldap_active" = .yes ] && %{l_rc} openldap start
321 exit 0
322 %endif
324 %preun
325 # before erase, stop service and remove log files
326 %if "%{with_server}" == "yes"
327 [ $1 -eq 0 ] || exit 0
328 %{l_rc} openldap stop 2>/dev/null
329 rm -f $RPM_INSTALL_PREFIX/var/openldap/openldap.log* >/dev/null 2>&1 || true
330 exit 0
331 %endif
