From b70739589cfaa7a8da3faffcc13465d521e7ad20 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Wed, 21 Apr 2010 13:55:33 -0700
Subject: Bug 584156 - Remove ldapi socket file during upgrade

The ldapi socket file is only removed when ns-slapd is started
since the server does not have permission to remove it at shutdown.
The causes issues when upgrading to a recetn version that has
SELinux policy since the newly confined ns-slapd daemon will not
be allowed to remove the old ldapi socket file since it doesn't
have a dirsrv specific label.  To deal with this, I've added an
upgrade scriptlet that will remove the ldapi socket file.  When
the newly confined ns-slapd starts up, it will create a new
socket file with the proper label.
---
 Makefile.am                              |  1 +
 Makefile.in                              |  3 ++-
 ldap/admin/src/scripts/10cleanupldapi.pl | 23 +++++++++++++++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 ldap/admin/src/scripts/10cleanupldapi.pl

diff --git a/Makefile.am b/Makefile.am
index 6cfbef8f..9d1bee6b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -407,6 +407,7 @@ dist_man_MANS = man/man1/dbscan.1 \
 #------------------------
 update_DATA = ldap/admin/src/scripts/exampleupdate.pl \
 	ldap/admin/src/scripts/exampleupdate.ldif \
+	ldap/admin/src/scripts/10cleanupldapi.pl \
 	ldap/admin/src/scripts/10delautodnsuffix.pl \
 	ldap/admin/src/scripts/10fixrundir.pl \
 	ldap/admin/src/scripts/50addchainingsaslpwroles.ldif \
diff --git a/Makefile.in b/Makefile.in
index f7c82fbe..4ecd1c5c 100755
--- a/Makefile.in
+++ b/Makefile.in
@@ -1489,6 +1489,7 @@ dist_man_MANS = man/man1/dbscan.1 \
 #------------------------
 update_DATA = ldap/admin/src/scripts/exampleupdate.pl \
 	ldap/admin/src/scripts/exampleupdate.ldif \
+	ldap/admin/src/scripts/10cleanupldapi.pl \
 	ldap/admin/src/scripts/10delautodnsuffix.pl \
 	ldap/admin/src/scripts/10fixrundir.pl \
 	ldap/admin/src/scripts/50addchainingsaslpwroles.ldif \
@@ -9685,7 +9686,7 @@ distdir: $(DISTFILES)
 	    || exit 1; \
 	  fi; \
 	done
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find $(distdir) -type d ! -perm -755 -exec chmod a+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
diff --git a/ldap/admin/src/scripts/10cleanupldapi.pl b/ldap/admin/src/scripts/10cleanupldapi.pl
new file mode 100644
index 00000000..a09abe67
--- /dev/null
+++ b/ldap/admin/src/scripts/10cleanupldapi.pl
@@ -0,0 +1,23 @@
+use Mozilla::LDAP::Conn;
+use Mozilla::LDAP::Utils qw(normalizeDN);
+use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn);
+
+sub runinst {
+    my ($inf, $inst, $dseldif, $conn) = @_;
+
+    my @errs;
+    my $ldapifile;
+
+    # see if nsslapd-rundir is defined
+    my $ent = $conn->search("cn=config", "base", "(objectclass=*)");
+    if (!$ent) {
+        return ('error_finding_config_entry', 'cn=config', $conn->getErrorString());
+    }
+
+    $ldapifile = $ent->getValues('nsslapd-ldapifilepath');
+    if ($ldapifile) {
+        unlink($ldapifile);
+    }
+
+    return ();
+}
-- 
cgit