diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..9b7c16d48bd159875d83e4763fc63b46ce1bd58f --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.bz2 filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..086dbeb7251987fb0ae5d6b812acfe8e9549e997 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/three-eight-nine-ds-base diff --git a/389-ds-base-3.1.1.tar.bz2 b/389-ds-base-3.1.1.tar.bz2 index 8cf38b53d265664d97ce63476109bca9fc35805b..2469f8676ea7bff8d1961b8df1ae13c929dcfd10 100644 Binary files a/389-ds-base-3.1.1.tar.bz2 and b/389-ds-base-3.1.1.tar.bz2 differ diff --git a/389-ds-base.spec b/389-ds-base.spec index 03649468284e727e2ab433062a4bf66ccc7e4969..b9e0a8c4d8a3d7cfde4e8c124ef9ef05bc1557db 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -6,12 +6,13 @@ ExcludeArch: i686 Name: 389-ds-base Summary: Base 389 Directory Server Version: 3.1.1 -Release: 6 +Release: 7 License: GPL-3.0-or-later URL: https://www.port389.org Source0: https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2 Source1: 389-ds-base-git.sh Source2: 389-ds-base-devel.README +Source4: 389-ds-base.sysusers # Refer: https://github.com/389ds/389-ds-base/pull/5374 Patch0: fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch @@ -20,18 +21,23 @@ Patch2: fix-dsidm-role-subtree-status-fails-with-TypeError.patch # https://github.com/sfackler/rust-openssl/commit/f014afb230de4d77bc79dea60e7e58c2f47b60f2 Patch3: CVE-2025-24898.patch Patch4: CVE-2025-2487.patch +Patch5: backport-drop-python-setup-tools-dep.patch BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel BuildRequires: zlib-devel openssl-devel pam-devel systemd-units systemd-devel pkgconfig pkgconfig(systemd) BuildRequires: pkgconfig(krb5) autoconf automake libtool doxygen libcmocka-devel libevent-devel chrpath -BuildRequires: python%{python3_pkgversion} python%{python3_pkgversion}-devel python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-ldap python%{python3_pkgversion}-six python%{python3_pkgversion}-pyasn1 -BuildRequires: python%{python3_pkgversion}-pyasn1-modules python%{python3_pkgversion}-dateutil -BuildRequires: python%{python3_pkgversion}-argcomplete python%{python3_pkgversion}-argparse-manpage +BuildRequires: rsync npm nodejs libtalloc-devel libtevent-devel +BuildRequires: python3dist(pyasn1) +BuildRequires: python3dist(pyasn1-modules) +BuildRequires: python3dist(python-dateutil) +BuildRequires: python3dist(argcomplete) +BuildRequires: python3dist(argparse-manpage) +BuildRequires: python3dist(python-ldap) +BuildRequires: python3dist(distro) +BuildRequires: python3dist(cryptography) BuildRequires: python%{python3_pkgversion}-libselinux python%{python3_pkgversion}-policycoreutils -BuildRequires: python%{python3_pkgversion}-packaging rsync npm nodejs libtalloc-devel libtevent-devel -BuildRequires: lmdb-devel json-c-devel cargo python3-cryptography +BuildRequires: lmdb-devel json-c-devel cargo Requires: 389-ds-base-libs = %{version}-%{release} Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} Requires: policycoreutils-python-utils /usr/sbin/semanage libsemanage-python%{python3_pkgversion} @@ -39,6 +45,7 @@ Requires: selinux-policy >= 3.14.1-29 openldap-clients openssl-perl python% Requires: nss-tools nss >= 3.34 krb5-libs libevent cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain Requires: libdb-utils Requires: perl-Errno >= 1.23-360 perl-DB_File perl-Archive-Tar cracklib-dicts +%{?sysusers_requires_compat} %{?systemd_requires} Provides: 389-ds-base-libs = %{version}-%{release} svrcore = 4.1.4 ldif2ldbm >= 0 @@ -73,9 +80,14 @@ SNMP Agent for the 389 Directory Server. Summary: Library for accessing, testing, and configuring 389 Directory Server BuildArch: noarch Requires: krb5-workstation krb5-server openssl iproute python%{python3_pkgversion} -Requires: python%{python3_pkgversion}-ldap python%{python3_pkgversion}-six -Requires: python%{python3_pkgversion}-pyasn1 python%{python3_pkgversion}-pyasn1-modules -Requires: python%{python3_pkgversion}-dateutil python%{python3_pkgversion}-argcomplete +Requires: python3dist(pyasn1) +Requires: python3dist(pyasn1-modules) +Requires: python3dist(python-dateutil) +Requires: python3dist(argcomplete) +Requires: python3dist(argparse-manpage) +Requires: python3dist(python-ldap) +Requires: python3dist(distro) +Requires: python3dist(cryptography) Requires: python%{python3_pkgversion}-libselinux %{?python_provide:%python_provide python%{python3_pkgversion}-lib389} @@ -152,6 +164,8 @@ done install -d $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/dirsrv.target.wants +install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/389-ds-base.conf + %delete_la cd $RPM_BUILD_ROOT/usr @@ -171,6 +185,9 @@ if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi +%pre +%sysusers_create_compat %{SOURCE4} + %post /sbin/ldconfig if [ -n "$DEBUGPOSTTRANS" ] ; then @@ -183,21 +200,6 @@ fi /bin/systemctl daemon-reload >$output 2>&1 || : -USERNAME="dirsrv" -ALLOCATED_UID=389 -GROUPNAME="dirsrv" -ALLOCATED_GID=389 -HOMEDIR="/usr/share/dirsrv" - -getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME -if ! getent passwd $USERNAME >/dev/null ; then - if ! getent passwd $ALLOCATED_UID >/dev/null ; then - /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - else - /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - fi -fi - sysctl --system &> $output; true instances="" @@ -278,6 +280,7 @@ exit 0 %config(noreplace)%{_sysconfdir}/dirsrv/schema/*.ldif %dir %{_sysconfdir}/dirsrv/config %dir %{_sysconfdir}/systemd/system/dirsrv.target.wants +%{_sysusersdir}/389-ds-base.conf %config(noreplace)%{_sysconfdir}/dirsrv/config/{slapd-collations.conf,certmap.conf,template-initconfig} %{_datadir}/dirsrv %{_datadir}/gdb/auto-load/* @@ -329,6 +332,10 @@ exit 0 %{_mandir}/*/* %changelog +* Sun Aug 03 2025 Funda Wang - 3.1.1-7 +- cleanup python requirements, python-six is not needed any more +- use systemd to create users and groups + * Mon Mar 31 2025 wangkai <13474090681@163.com> - 3.1.1-6 - Fix CVE-2025-2487 diff --git a/389-ds-base.sysusers b/389-ds-base.sysusers new file mode 100644 index 0000000000000000000000000000000000000000..32a3452dae420786e6178fc4641f1b6f8d628bb5 --- /dev/null +++ b/389-ds-base.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g dirsrv 389 +u dirsrv 389:389 "user for 389-ds-base" /usr/share/dirsrv/ /sbin/nologin diff --git a/backport-drop-python-setup-tools-dep.patch b/backport-drop-python-setup-tools-dep.patch new file mode 100644 index 0000000000000000000000000000000000000000..2427810a4b578227cbbe1a35b15553fea811b843 --- /dev/null +++ b/backport-drop-python-setup-tools-dep.patch @@ -0,0 +1,40 @@ +From d3be668e668a18b6215c14327c54f56e1b5f4cd2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Thu, 3 Apr 2025 15:09:27 +0200 +Subject: [PATCH] lib389: Remove unused runtime requirement on setuptools + (#6719) + +Remove unused runtime requirement on setuptools +The dependency was dropped in c0e2f68423ddde9bb91250d3f96dfc8617889514 + +Issue: #5642 + +Reviewed by: @progier389 (Thanks!) +--- + src/lib389/requirements.txt | 1 - + src/lib389/setup.py.in | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/src/lib389/requirements.txt b/src/lib389/requirements.txt +index 0a95185..732c5dc 100644 +--- a/src/lib389/requirements.txt ++++ b/src/lib389/requirements.txt +@@ -4,6 +4,5 @@ python-dateutil + argcomplete + argparse-manpage + python-ldap +-setuptools + distro + cryptography +diff --git a/src/lib389/setup.py.in b/src/lib389/setup.py.in +index 2175fe3..b1f1284 100644 +--- a/src/lib389/setup.py.in ++++ b/src/lib389/setup.py.in +@@ -96,7 +96,6 @@ setup( + 'argcomplete', + 'argparse-manpage', + 'python-ldap', +- 'setuptools', + 'distro', + 'cryptography' + ],