erthink · erthink · Jan 7, 2019 · May 7, 2017 · May 18, 2017 · May 18, 2017
diff --git a/contrib/README b/contrib/README
@@ -43,6 +43,9 @@ Current contributions:
 	slapi-plugins
 		SLAPI plugins
 
+        packaging/CentOS/7
+                Files required to perform RPM packaging for the whole project.
+
 
 OpenLDAP Contributing Guidelines are available at:
   <http://www.openldap.org/devel/contributing.html>.

diff --git a/contrib/packaging/CentOS/7/DB_CONFIG.example b/contrib/packaging/CentOS/7/DB_CONFIG.example
@@ -0,0 +1,28 @@
+# $OpenLDAP$
+# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
+#
+# See the Oracle Berkeley DB documentation
+#   <http://www.oracle.com/technology/documentation/berkeley-db/db/ref/env/db_config.html>
+# for detail description of DB_CONFIG syntax and semantics.
+#
+# Hints can also be found in the OpenLDAP Software FAQ
+#   <http://www.openldap.org/faq/index.cgi?file=2>
+# in particular:
+#   <http://www.openldap.org/faq/index.cgi?file=1075>
+
+# Note: most DB_CONFIG settings will take effect only upon rebuilding
+# the DB environment.
+
+# one 0.25 GB cache
+set_cachesize 0 268435456 1
+
+# Data Directory
+#set_data_dir db
+
+# Transaction Log settings
+set_lg_regionmax 262144
+set_lg_bsize 2097152
+#set_lg_dir logs
+
+# Note: special DB_CONFIG flags are no longer needed for "quick"
+# slapadd(8) or slapindex(8) access (see their -q option).
diff --git a/contrib/packaging/CentOS/7/README.md b/contrib/packaging/CentOS/7/README.md
@@ -0,0 +1,37 @@
+# RPM packaging specfile for CentOS 7
+
+## Overview
+This is bootstrapping specfile. It is able to
+determine git repo owner, branch, tag and commit, then
+reuse this information during package build.
+
+## Requirements
+You should have **rpm-devel** package installed,
+also all those packages which are required by ReOpenLDAP
+itself.
+
+## Usage
+A couple of commands is required to build the package:
+
+>spectool -R -g reopenldap.spec  
+>rpmbuild -bb reopenldap.spec
+
+First command downloads source file to the directory
+where rpmbuild expects to find it. Second command builds
+a set of binary packages.
+
+##Tips and tricks
+If you ever need to find out
+package file paths, you could use this command:
+>spectool -R -g reopenldap.spec  
+>rpmbuild -bb reopenldap.spec 2>&1 | tee /tmp/build.log  
+>grep -n -E '(Wrote: )(.+)$' /tmp/build.log | awk '{print $2;}'
+
+## Authors
+  Specfile initially has been contributed by Ivan Viktorov
+  (https://github.com/Ivan-Viktorov) as a comment on issue #34
+  of original project
+  (https://github.com/ReOpen/ReOpenLDAP/issues/33#issuecomment-249861076).
+
+  Tune-up and bootsrapping has been implemented by
+  Sergey Pechenko (https://github.com/tnt4brain/ReOpenLDAP/tree/devel)
diff --git a/contrib/packaging/CentOS/7/ldap.conf b/contrib/packaging/CentOS/7/ldap.conf
@@ -0,0 +1,17 @@
+# LDAP Defaults
+#
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE	dc=example,dc=com
+#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT	12
+#TIMELIMIT	15
+#DEREF		never
+
+#TLS_CACERT		/etc/reopenldap/certs/ca.crt
+TLS_CACERTDIR	/etc/reopenldap/certs
+
+# Turning this off breaks GSSAPI used with krb5 when rdns = false
+SASL_NOCANON	on
diff --git a/contrib/packaging/CentOS/7/libexec-check-config.sh b/contrib/packaging/CentOS/7/libexec-check-config.sh
@@ -0,0 +1,91 @@
+#!/bin/sh
+# Author: Jan Vcelak <[email protected]>
+
+. /usr/libexec/reopenldap/functions
+
+function check_config_syntax()
+{
+	retcode=0
+	tmp_slaptest=`mktemp --tmpdir=/var/run/reopenldap`
+	run_as_ldap "/usr/sbin/slaptest $SLAPD_GLOBAL_OPTIONS -u" &>$tmp_slaptest
+	if [ $? -ne 0 ]; then
+		error "Checking configuration file failed:"
+		cat $tmp_slaptest >&2
+		retcode=1
+	fi
+	rm $tmp_slaptest
+	return $retcode
+}
+
+function check_certs_perms()
+{
+	retcode=0
+	for cert in `certificates`; do
+		run_as_ldap "/usr/bin/test -e \"$cert\""
+		if [ $? -ne 0 ]; then
+			error "TLS certificate/key/DB '%s' was not found." "$cert"
+			retcoder=1
+			continue
+		fi
+		run_as_ldap "/usr/bin/test -r \"$cert\""
+		if [ $? -ne 0 ]; then
+			error "TLS certificate/key/DB '%s' is not readable." "$cert"
+			retcode=1
+		fi
+	done
+	return $retcode
+}
+
+function check_db_perms()
+{
+	retcode=0
+	for dbdir in `databases`; do
+		[ -d "$dbdir" ] || continue
+		for dbfile in `find ${dbdir} -maxdepth 1 -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name "alock"`; do
+			run_as_ldap "/usr/bin/test -r \"$dbfile\" -a -w \"$dbfile\""
+			if [ $? -ne 0 ]; then
+				error "Read/write permissions for DB file '%s' are required." "$dbfile"
+				retcode=1
+			fi
+		done
+	done
+	return $retcode
+}
+
+function check_everything()
+{
+	retcode=0
+	check_config_syntax || retcode=1
+	# TODO: need support for Mozilla NSS, disabling temporarily
+	#check_certs_perms || retcode=1
+	check_db_perms || retcode=1
+	return $retcode
+}
+
+if [ `id -u` -ne 0 ]; then
+	error "You have to be root to run this script."
+	exit 4
+fi
+
+load_sysconfig
+
+if [ -n "$SLAPD_CONFIG_DIR" ]; then
+	if [ ! -d "$SLAPD_CONFIG_DIR" ]; then
+		error "Configuration directory '%s' does not exist." "$SLAPD_CONFIG_DIR"
+	else
+		check_everything
+		exit $?
+	fi
+fi
+
+if [ -n "$SLAPD_CONFIG_FILE" ]; then
+	if [ ! -f "$SLAPD_CONFIG_FILE" ]; then
+		error "Configuration file '%s' does not exist." "$SLAPD_CONFIG_FILE"
+	else
+		error "Warning: Usage of a configuration file is obsolete!"
+		check_everything
+		exit $?
+	fi
+fi
+
+exit 1
diff --git a/contrib/packaging/CentOS/7/libexec-functions b/contrib/packaging/CentOS/7/libexec-functions
@@ -0,0 +1,134 @@
+# Author: Jan Vcelak <[email protected]>
+
+SLAPD_USER=
+SLAPD_CONFIG_FILE=
+SLAPD_CONFIG_DIR=
+SLAPD_CONFIG_CUSTOM=
+SLAPD_GLOBAL_OPTIONS=
+SLAPD_SYSCONFIG_FILE=
+
+function default_config()
+{
+	SLAPD_USER=ldap
+	SLAPD_CONFIG_FILE=/etc/reopenldap/slapd.conf
+	SLAPD_CONFIG_DIR=/etc/reopenldap/slapd.d
+	SLAPD_CONFIG_CUSTOM=
+	SLAPD_GLOBAL_OPTIONS=
+	SLAPD_SYSCONFIG_FILE=/etc/sysconfig/slapd
+}
+
+function parse_config_options()
+{
+	user=
+	config_file=
+	config_dir=
+	while getopts :u:f:F: opt; do
+		case "$opt" in
+		u)
+			user="$OPTARG"
+			;;
+		f)
+			config_file="$OPTARG"
+			;;
+		F)
+			config_dir="$OPTARG"
+			;;
+		esac
+	done
+
+	if [ -n "$user" ]; then
+		SLAPD_USER="$user"
+	fi
+
+	if [ -n "$config_dir" ]; then
+		SLAPD_CONFIG_DIR="$config_dir"
+		SLAPD_CONFIG_FILE=
+		SLAPD_CONFIG_CUSTOM=1
+		SLAPD_GLOBAL_OPTIONS="-F '$config_dir'"
+	elif [ -n "$config_file" ]; then
+		SLAPD_CONFIG_DIR=
+		SLAPD_CONFIG_FILE="$config_file"
+		SLAPD_CONFIG_CUSTOM=1
+		SLAPD_GLOBAL_OPTIONS="-f '$config_file'"
+	fi
+}
+
+function uses_new_config()
+{
+	[ -n "$SLAPD_CONFIG_DIR" ]
+	return $?
+}
+
+function run_as_ldap()
+{
+	/sbin/runuser --shell /bin/sh --session-command "$1" "$SLAPD_USER"
+	return $?
+}
+
+function ldif_unbreak()
+{
+	sed ':a;N;s/\n //;ta;P;D'
+}
+
+function ldif_value()
+{
+	sed 's/^[^:]*: //'
+}
+
+function databases_new()
+{
+	slapcat $SLAPD_GLOBAL_OPTIONS -c \
+	-H 'ldap:///cn=config???(|(objectClass=olcBdbConfig)(objectClass=olcHdbConfig))' 2>/dev/null | \
+		ldif_unbreak | \
+		grep '^olcDbDirectory: ' | \
+		ldif_value
+}
+
+function databases_old()
+{
+	awk	'begin { database="" }
+		$1 == "database" { database=$2 }
+		$1 == "directory" { if (database == "bdb" || database == "hdb") print $2}' \
+		"$SLAPD_CONFIG_FILE"
+}
+
+function certificates_new()
+{
+	slapcat $SLAPD_GLOBAL_OPTIONS -c -H 'ldap:///cn=config???(cn=config)' 2>/dev/null | \
+		ldif_unbreak | \
+		grep '^olcTLS\(CACertificateFile\|CACertificatePath\|CertificateFile\|CertificateKeyFile\): ' | \
+		ldif_value
+}
+
+function certificates_old()
+{
+	awk '$1 ~ "^TLS(CACertificate(File|Path)|CertificateFile|CertificateKeyFile)$" { print $2 } ' \
+		"$SLAPD_CONFIG_FILE"
+}
+
+function certificates()
+{
+	uses_new_config && certificates_new || certificates_old
+}
+
+function databases()
+{
+	uses_new_config && databases_new || databases_old
+}
+
+
+function error()
+{
+	format="$1\n"; shift
+	printf "$format" $@ >&2
+}
+
+function load_sysconfig()
+{
+	[ -r "$SLAPD_SYSCONFIG_FILE" ] || return
+
+	. "$SLAPD_SYSCONFIG_FILE"
+	[ -n "$SLAPD_OPTIONS" ] && parse_config_options $SLAPD_OPTIONS
+}
+
+default_config
diff --git a/contrib/packaging/CentOS/7/libexec-upgrade-db.sh b/contrib/packaging/CentOS/7/libexec-upgrade-db.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Author: Jan Vcelak <[email protected]>
+
+. /usr/libexec/reopenldap/functions
+
+if [ `id -u` -ne 0 ]; then
+	error "You have to be root to run this command."
+	exit 4
+fi
+
+load_sysconfig
+retcode=0
+
+for dbdir in `databases`; do
+	upgrade_log="$dbdir/db_upgrade.`date +%Y%m%d%H%M%S`.log"
+	bdb_files=`find "$dbdir" -maxdepth 1 -name "*.bdb" -printf '"%f" '`
+
+	# skip uninitialized database
+	[ -z "$bdb_files"]  || continue
+
+	printf "Updating '%s', logging into '%s'\n" "$dbdir" "$upgrade_log"
+
+	# perform the update
+	for command in \
+		"/usr/bin/db_recover -v -h \"$dbdir\"" \
+		"/usr/bin/db_upgrade -v -h \"$dbdir\" $bdb_files" \
+		"/usr/bin/db_checkpoint -v -h \"$dbdir\" -1" \
+	; do
+		printf "Executing: %s\n" "$command" &>>$upgrade_log
+		run_as_ldap "$command" &>>$upgrade_log
+		result=$?
+		printf "Exit code: %d\n" $result >>"$upgrade_log"
+		if [ $result -ne 0 ]; then
+			printf "Upgrade failed: %d\n" $result
+			retcode=1
+		fi
+	done
+done
+
+exit $retcode