diff options
author | Rich Megginson <rmeggins@redhat.com> | 2006-02-23 19:30:41 +0000 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2006-02-23 19:30:41 +0000 |
commit | 797845db5ad09f0656bc954e335669603ef47a17 (patch) | |
tree | 7001a49061ce38fb15aa048722459d389a163ac0 | |
parent | fbb129c7dd1d30bc83e6576e3d8e507a0ec5b6a1 (diff) | |
download | ds-797845db5ad09f0656bc954e335669603ef47a17.tar.gz ds-797845db5ad09f0656bc954e335669603ef47a17.tar.xz ds-797845db5ad09f0656bc954e335669603ef47a17.zip |
Bug(s) fixed: 182613
Bug Description: Upgrade wipes out sectool wrappers
Reviewed by: Pete and Nathan (Thanks!)
Fix Description: It's better if we just package those wrappers instead
of creating them on the fly. The new file sec_tools_wrappers is a
simple shell script that assumes it's being run out of a parent/bin
directory which contains a program called $0-bin, and the shared libs it
needs are in parent/lib. This shell script is copied to
shared/bin/certutil, shared/bin/modutil, etc. I had to create another
makefile packaging macro to handle the case where you want to package a
file under a different name than the original. Also
1) Add Red Hat and Fedora DS to upgradeServer
2) adminutil property directory is now adminutil-properties instead of
property
3) General clean up of some upgrade install things
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
-rw-r--r-- | components.mk | 16 | ||||
-rwxr-xr-x | ldap/admin/src/upgradeServer | 25 | ||||
-rw-r--r-- | ldap/cm/Makefile | 14 | ||||
-rw-r--r-- | ldap/cm/newinst/Makefile | 10 | ||||
-rwxr-xr-x | ldap/cm/newinst/ns-update | 48 | ||||
-rw-r--r-- | ldap/cm/newinst/sec_tools_wrapper | 66 | ||||
-rwxr-xr-x | ldap/cm/newinst/setup | 8 | ||||
-rw-r--r-- | ldapserver.spec.tmpl | 9 |
8 files changed, 134 insertions, 62 deletions
diff --git a/components.mk b/components.mk index 3f59649a..3deb3482 100644 --- a/components.mk +++ b/components.mk @@ -112,6 +112,14 @@ PACKAGE_UNDER_JAVA = # separate the src from the dest with a single space PACKAGE_SRC_DEST = +# this macro contains a list of pairs of source and dest files, not directories +# the source is where to find the item in the build tree, and the dest is +# the place in the release to put the item, relative to the server root e.g. +# nls locale files are in libnls31/locale, but for packaging they need to +# go into lib/nls, not just lib; the destination should be a file name; +# separate the src from the dest with a single space +PACKAGE_SRC_DESTFILE = + # these defs are useful for doing pattern search/replace COMMA := , NULLSTRING := @@ -264,8 +272,10 @@ endif # we need to package the root cert file in the alias directory PACKAGE_SRC_DEST += $(SECURITY_LIBPATH)/$(LIB_PREFIX)nssckbi.$(DLL_SUFFIX) alias -# need to package the sec tools in shared/bin -BINS_TO_PKG_SHARED += $(SECURITY_TOOLS_FULLPATH) +# the security tools are wrapped with shell scripts so that the correct ld libpath can be set +# so, when we package them, we rename them with a -bin extension e.g. certutil -> shared/bin/certutil-bin +# the actual certutil will be an executable shell script that points to certutil-bin +PACKAGE_SRC_DESTFILE += $(foreach prog,$(SECURITY_TOOLS),$(SECURITY_BINPATH)/$(prog)$(SPACE)shared/bin/$(prog)-bin) ### SECURITY END ############################# @@ -531,7 +541,7 @@ else ADMINUTIL_INCPATH = $(ADMINUTIL_BUILD_DIR)/include/adminutil-$(ADMINUTIL_DOT_VER) endif -PACKAGE_SRC_DEST += $(ADMINUTIL_LIBPATH)/property bin/slapd/lib +PACKAGE_SRC_DEST += $(ADMINUTIL_LIBPATH)/adminutil-properties bin/slapd/lib LIBS_TO_PKG += $(wildcard $(ADMINUTIL_LIBPATH)/*.$(DLL_SUFFIX)) LIBS_TO_PKG_CLIENTS += $(wildcard $(ADMINUTIL_LIBPATH)/*.$(DLL_SUFFIX)) diff --git a/ldap/admin/src/upgradeServer b/ldap/admin/src/upgradeServer index afc26606..18005096 100755 --- a/ldap/admin/src/upgradeServer +++ b/ldap/admin/src/upgradeServer @@ -326,7 +326,29 @@ sub getSlapdVersion { sleep(1); # allow some data to accumulate in the pipe # print "Output from $prog -v:\n"; while (<F>) { - if (/^Netscape-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { + if (/^Red Hat-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { + $version = $1; + $minor = $2; + if ($4) { + $subminor = $3; + $buildNumber = $4; + } else { + $buildNumber = $3; + } + last; + } + elsif (/^Fedora-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { + $version = $1; + $minor = $2; + if ($4) { + $subminor = $3; + $buildNumber = $4; + } else { + $buildNumber = $3; + } + last; + } + elsif (/^Netscape-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) { $version = $1; $minor = $2; if ($4) { @@ -414,7 +436,6 @@ sub instantiate_new_package_scripts { "$sroot/bin/slapd/admin/scripts/template-migrate5to7", "$sroot/bin/slapd/admin/scripts/template-migrate6to7", "$sroot/bin/slapd/admin/scripts/template-migrateInstance7", - "$sroot/bin/slapd/admin/scripts/template-migrateTo4", "$sroot/bin/slapd/admin/scripts/template-migrateTo7", "$sroot/bin/slapd/admin/scripts/template-repl-monitor-cgi.pl", ); diff --git a/ldap/cm/Makefile b/ldap/cm/Makefile index ea495c15..a8606498 100644 --- a/ldap/cm/Makefile +++ b/ldap/cm/Makefile @@ -346,6 +346,20 @@ endif fi ; \ done +# PACKAGE_SRC_DESTFILE is defined in components.mk - these are component files and directories to install +# with the other component files that we don't necessarily pick up from the admin server build +# these can go in any directory - this differs from PACKAGE_SRC_DEST above in that in this case, the +# destination is a _file_, not a directory, and src must be a filename, not a directory + for destfile in $(PACKAGE_SRC_DESTFILE) ; \ + do if [ "$$src" ] ; \ + then destdir=`dirname $$destfile` ; \ + if [ ! -d $(RELDIR)/$$destdir ] ; then mkdir -p $(RELDIR)/$$destdir ; fi ; \ + $(CP) $$src $(RELDIR)/$$destfile ; \ + src= ; \ + else src=$$destfile ; \ + fi ; \ + done + # install the DSMLGW into the client directory # the following DSML files must be packaged separately: # web-app_2_3.dtd, activation.jar, saaj.jar - due to Sun license diff --git a/ldap/cm/newinst/Makefile b/ldap/cm/newinst/Makefile index bc51e922..890f8375 100644 --- a/ldap/cm/newinst/Makefile +++ b/ldap/cm/newinst/Makefile @@ -95,10 +95,13 @@ PATCHINFO= $(ABS_OBJDIR)/$(DIR) # Source for staged installation utilities INCDIR=$(SETUPUTIL_INCLUDE) -I$(LDAP_SRC)/admin/include -I$(LDAP_SRC)/admin/lib -I$(LDAP_SRC)/admin/src +# we wrap the security tools with a shell script wrapper for their ld libpath +PACKAGE_SEC_T0OLS = $(addprefix $(RELDIR)/shared/bin/,$(SECURITY_TOOLS)) + # ADM_VERSDIR = admserv40 # ADM_RELDATE = 19980112 -all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP) $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall +all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP) $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall $(PACKAGE_SEC_T0OLS) # removed ns-keygen from build - it was only used for Dir Lite # $(BINDEST)/ns-keygen ifeq ($(ARCH), BSDI) @@ -170,6 +173,11 @@ $(BINDEST)/ns-config: $(OBJS1) $(OBJS2) -o $(BINDEST)/ns-config $(RPATHFLAG_PREFIX)$(RPATHFLAG)$(RPATHFLAG_EXTRAS) $(OBJS1) $(OBJS2) $(SETUPUTILLINK) $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) \ $(EXTRA_LIBS) $(CURSES) +$(RELDIR)/shared/bin/%: sec_tools_wrapper $(RELDIR)/shared/bin + -@$(RM) $@ + $(CP) $< $@ + chmod +x $@ + ifeq ($(ARCH), WINNT) $(INFO): $(PERL) fixINF.pl $(BUILD_MODULE) $(NOSP_DIR_VERSION) $(BUILD_ROOT)/$(BUILD_ARCH)/buildnum.dat slapd.inf $(SECURITY) $(PRODUCT) $(IS_DIR_LITE) $(INSTANCE_NAME_PREFIX) $@.inf $(BUILD_BOMB) "bin/admin/ns-admin,bin/admin/ns-admin.so" diff --git a/ldap/cm/newinst/ns-update b/ldap/cm/newinst/ns-update index 16f92f38..dd16a36a 100755 --- a/ldap/cm/newinst/ns-update +++ b/ldap/cm/newinst/ns-update @@ -60,48 +60,6 @@ start_server() cd $cwd } -wrap_security_tools() -{ - cwd=`pwd` - SECURITY_BINNAMES="certutil derdump modutil pk12util pp ssltap shlibsign" - arch=`uname` - if [ $arch = HP-UX ]; then - env_ld_library_path=SHLIB_PATH - elif [ $arch = AIX ]; then - env_ld_library_path=LIBPATH - else - env_ld_library_path=LD_LIBRARY_PATH - fi - cd $sroot/shared/bin - for file in $SECURITY_BINNAMES - do - if [ -f $file -a ! -f $file-bin ]; then - mv $file $file-bin - echo "#!/bin/sh" > $file - echo $env_ld_library_path=$sroot/shared/lib >> $file - echo "export $env_ld_library_path" >> $file - echo "$sroot/shared/bin/$file-bin " '${1+"$@"}' >> $file - chmod 755 $file - fi - done - - if [ -d $sroot/shared32/bin ] ; then - cd $sroot/shared32/bin - for file in modutil - do - if [ -f $file -a ! -f $file-bin ]; then - mv $file $file-bin - echo "#!/bin/sh" > $file - echo $env_ld_library_path=$sroot/shared32/lib >> $file - echo "export $env_ld_library_path" >> $file - echo "$sroot/shared32/bin/$file-bin " '${1+"$@"}' >> $file - chmod 755 $file - fi - done - fi - cd $cwd -} - # if the -r flag is present, this means we're doing a # reinstall or an upgrade, so restart the servers for arg in $* ; do @@ -161,8 +119,6 @@ if [ $reconfig ] ; then $PERL $sroot/bin/slapd/admin/bin/upgradeServer $sroot fi -wrap_security_tools $sroot - cd `dirname $0` # we need to make sure the alias directory is owned by the server user/group @@ -196,10 +152,6 @@ rc=0 ./ds_create $* $extraflags rc=$? -if [ -f fix_secmod_db_64 ]; then - ./fix_secmod_db_64 $sroot/alias $sroot/shared32/bin -fi - # chown the cookie directory - bug 175098 if [ "$ssuser" ] ; then if [ "$ssgrp" ] ; then diff --git a/ldap/cm/newinst/sec_tools_wrapper b/ldap/cm/newinst/sec_tools_wrapper new file mode 100644 index 00000000..338a1569 --- /dev/null +++ b/ldap/cm/newinst/sec_tools_wrapper @@ -0,0 +1,66 @@ +#!/bin/sh +# +# BEGIN COPYRIGHT BLOCK +# This Program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; version 2 of the License. +# +# This Program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple +# Place, Suite 330, Boston, MA 02111-1307 USA. +# +# In addition, as a special exception, Red Hat, Inc. gives You the additional +# right to link the code of this Program with code not covered under the GNU +# General Public License ("Non-GPL Code") and to distribute linked combinations +# including the two, subject to the limitations in this paragraph. Non-GPL Code +# permitted under this exception must only link to the code of this Program +# through those well defined interfaces identified in the file named EXCEPTION +# found in the source code files (the "Approved Interfaces"). The files of +# Non-GPL Code may instantiate templates or use macros or inline functions from +# the Approved Interfaces without causing the resulting work to be covered by +# the GNU General Public License. Only Red Hat, Inc. may make changes or +# additions to the list of Approved Interfaces. You must obey the GNU General +# Public License in all respects for all of the Program code and other code used +# in conjunction with the Program except the Non-GPL Code covered by this +# exception. If you modify this file, you may extend this exception to your +# version of the file, but you are not obligated to do so. If you do not wish to +# provide this exception without modification, you must delete this exception +# statement from your version and license this file solely under the GPL without +# exception. +# +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# END COPYRIGHT BLOCK +# +# This file is the wrapper around the security tools. It just sets the +# runtime library lookup path and invokes the actual binary with the given +# arguments. This file is copied to the actual name of the command e.g. +# we get the binary certutil program from the NSS package. When we package +# it, we rename it to certutil-bin e.g. cp $(NSS)/certutil shared/bin/certutil-bin +# This file is copied to certutil e.g. cp sec_tools_wrapper shared/bin/certutil + +# figure out where the libdir is based on the location of this shell script +savedir=`pwd` +bindir=`dirname $0` +if test -n "$bindir" ; then + cd $bindir/../lib +else +# could be running as e.g. ./certutil or certutil if current dir is in PATH + cd ../lib +fi +# assume the libdir is ../lib from the bindir e.g. sroot/shared/bin and sroot/shared/lib +libdir=`pwd` +cd $savedir + +# cover our bases on ld libpaths +SHLIB_PATH=$libdir +LIBPATH=$libdir +LD_LIBRARY_PATH=$libdir +DYLD_PATH=$libdir +export SHLIB_PATH LIBPATH LD_LIBRARY_PATH DYLD_PATH + +$0-bin ${1+"$@"} diff --git a/ldap/cm/newinst/setup b/ldap/cm/newinst/setup index 87d27567..ac2d39e2 100755 --- a/ldap/cm/newinst/setup +++ b/ldap/cm/newinst/setup @@ -289,8 +289,12 @@ SSLOff() { if [ -d $sroot/admin-serv/config ]; then adminSSLOff $sroot/admin-serv/config/adm.conf security: assecure.txt adminSSLOff $sroot/admin-serv/config/local.conf configuration.nsServerSecurity: assecure.txt - adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt - adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt + if [ -f $sroot/admin-serv/config/magnus.conf ] ; then + adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt + fi + if [ -f $sroot/admin-serv/config/server.xml ] ; then + adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt + fi if [ $isadminsslon -ne 0 ]; then $sroot/start-admin diff --git a/ldapserver.spec.tmpl b/ldapserver.spec.tmpl index 1223ae5b..7b7b643c 100644 --- a/ldapserver.spec.tmpl +++ b/ldapserver.spec.tmpl @@ -156,13 +156,10 @@ if [ "$1" -gt 1 ] ; then chown $usergroup $RPM_INSTALL_PREFIX/alias fi fi - for instance in `ls -d $RPM_INSTALL_PREFIX/slapd-*` - do - cp $RPM_INSTALL_PREFIX/bin/slapd/install/schema/00core.ldif $instance/config/schema - done - echo "Upgrade complete. Please restart slapd then admin." + echo "Upgrade finished. Please run $RPM_INSTALL_PREFIX/setup/setup to complete the upgrade." +else + echo "Install finished. Please run $RPM_INSTALL_PREFIX/setup/setup to complete installation and set up the servers." fi -echo "Install finished. Please run $RPM_INSTALL_PREFIX/setup/setup to set up the servers." %preun # only run uninstall if this is the last version of the package |