From a4fc16de1f7ae032e9380ebf3f499966a86b7662 Mon Sep 17 00:00:00 2001 From: Timo Aaltonen Date: Wed, 15 Dec 2021 21:23:15 +0000 Subject: [PATCH 1/1] Import 389-ds-base_2.0.11-2.debian.tar.xz [dgit import tarball 389-ds-base 2.0.11-2 389-ds-base_2.0.11-2.debian.tar.xz] --- 389-ds-base-dev.install | 8 + 389-ds-base-libs.install | 6 + 389-ds-base-libs.lintian-overrides | 1 + 389-ds-base.default | 6 + 389-ds-base.dirs | 2 + 389-ds-base.install | 36 + 389-ds-base.links | 1 + 389-ds-base.lintian-overrides | 5 + 389-ds-base.postinst | 35 + 389-ds-base.postrm | 16 + 389-ds-base.prerm | 14 + README.Debian | 12 + changelog | 1021 +++++++++++++++++ cockpit-389-ds.install | 2 + control | 181 +++ copyright | 575 ++++++++++ gitlab-ci.yml | 6 + ...4-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch | 348 ++++++ patches/fix-saslpath.diff | 57 + patches/series | 2 + python3-lib389.install | 10 + rules | 81 ++ source/format | 1 + source/lintian-overrides | 2 + tests/control | 6 + tests/setup | 36 + watch | 3 + 27 files changed, 2473 insertions(+) create mode 100644 389-ds-base-dev.install create mode 100644 389-ds-base-libs.install create mode 100644 389-ds-base-libs.lintian-overrides create mode 100644 389-ds-base.default create mode 100644 389-ds-base.dirs create mode 100644 389-ds-base.install create mode 100644 389-ds-base.links create mode 100644 389-ds-base.lintian-overrides create mode 100644 389-ds-base.postinst create mode 100644 389-ds-base.postrm create mode 100644 389-ds-base.prerm create mode 100644 README.Debian create mode 100644 changelog create mode 100644 cockpit-389-ds.install create mode 100644 control create mode 100644 copyright create mode 100644 gitlab-ci.yml create mode 100644 patches/0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch create mode 100644 patches/fix-saslpath.diff create mode 100644 patches/series create mode 100644 python3-lib389.install create mode 100755 rules create mode 100644 source/format create mode 100644 source/lintian-overrides create mode 100644 tests/control create mode 100644 tests/setup create mode 100644 watch diff --git a/389-ds-base-dev.install b/389-ds-base-dev.install new file mode 100644 index 0000000..6f305f1 --- /dev/null +++ b/389-ds-base-dev.install @@ -0,0 +1,8 @@ +usr/include/dirsrv/* +usr/include/svrcore.h +usr/lib/*/dirsrv/libldaputil.so +usr/lib/*/dirsrv/libns-dshttpd.so +usr/lib/*/dirsrv/librewriters.so +usr/lib/*/dirsrv/libslapd.so +usr/lib/*/libsvrcore.so +usr/lib/*/pkgconfig/* diff --git a/389-ds-base-libs.install b/389-ds-base-libs.install new file mode 100644 index 0000000..d072a44 --- /dev/null +++ b/389-ds-base-libs.install @@ -0,0 +1,6 @@ +usr/lib/*/dirsrv/lib/libjemalloc.so.* +usr/lib/*/dirsrv/libldaputil.so.* +usr/lib/*/dirsrv/libns-dshttpd.so.* +usr/lib/*/dirsrv/librewriters.so.* +usr/lib/*/dirsrv/libslapd.so.* +usr/lib/*/libsvrcore.so.* diff --git a/389-ds-base-libs.lintian-overrides b/389-ds-base-libs.lintian-overrides new file mode 100644 index 0000000..e4a0c15 --- /dev/null +++ b/389-ds-base-libs.lintian-overrides @@ -0,0 +1 @@ +custom-library-search-path diff --git a/389-ds-base.default b/389-ds-base.default new file mode 100644 index 0000000..14beb77 --- /dev/null +++ b/389-ds-base.default @@ -0,0 +1,6 @@ +# Defaults for dirsrv +# +# This is a POSIX shell fragment + +# Enable bindnow hardening +LD_BIND_NOW=1 diff --git a/389-ds-base.dirs b/389-ds-base.dirs new file mode 100644 index 0000000..f12d71e --- /dev/null +++ b/389-ds-base.dirs @@ -0,0 +1,2 @@ +var/log/dirsrv +var/lib/dirsrv diff --git a/389-ds-base.install b/389-ds-base.install new file mode 100644 index 0000000..58178de --- /dev/null +++ b/389-ds-base.install @@ -0,0 +1,36 @@ +etc/dirsrv/config/ +etc/dirsrv/schema/*.ldif +etc/systemd/ +lib/systemd/system/dirsrv-snmp.service +lib/systemd/system/dirsrv.target +lib/systemd/system/dirsrv@.service +lib/systemd/system/dirsrv@.service.d/custom.conf +usr/bin/dbscan +usr/bin/ds-logpipe +usr/bin/ds-replcheck +usr/bin/ldclt +usr/bin/logconv +usr/bin/pwdhash +usr/lib/*/dirsrv/plugins/*.so +usr/lib/*/dirsrv/python/ +usr/libexec/dirsrv/dscontainer +usr/libexec/ds_systemd_ask_password_acl +usr/lib/sysctl.d/70-dirsrv.conf +usr/sbin/ldap-agent +usr/sbin/ns-slapd +usr/sbin/openldap_to_ds +usr/share/dirsrv/data +usr/share/dirsrv/inf +usr/share/dirsrv/mibs +usr/share/dirsrv/schema +usr/share/gdb/auto-load/usr/sbin/ns-slapd-gdb.py +usr/share/man/man1/dbscan.1 +usr/share/man/man1/ds-logpipe.1 +usr/share/man/man1/ds-replcheck.1 +usr/share/man/man1/ldap-agent.1 +usr/share/man/man1/ldclt.1 +usr/share/man/man1/logconv.1 +usr/share/man/man1/pwdhash.1 +usr/share/man/man5/*.5 +usr/share/man/man8/ns-slapd.8 +usr/share/man/man8/openldap_to_ds.8 diff --git a/389-ds-base.links b/389-ds-base.links new file mode 100644 index 0000000..2f83bc6 --- /dev/null +++ b/389-ds-base.links @@ -0,0 +1 @@ +/dev/null lib/systemd/system/dirsrv.service diff --git a/389-ds-base.lintian-overrides b/389-ds-base.lintian-overrides new file mode 100644 index 0000000..693de7c --- /dev/null +++ b/389-ds-base.lintian-overrides @@ -0,0 +1,5 @@ +# these are bogus warnings, no libs shipped in a public libdir +unused-shlib-entry-in-control-file + +# plugins +custom-library-search-path diff --git a/389-ds-base.postinst b/389-ds-base.postinst new file mode 100644 index 0000000..413fb60 --- /dev/null +++ b/389-ds-base.postinst @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +. /usr/share/debconf/confmodule + +CONFIG_DIR=/etc/dirsrv +OUT=/dev/null +INSTANCES=`ls -d /etc/dirsrv/slapd-* 2>/dev/null | grep -v removed | sed 's/.*slapd-//'` + +if [ "$1" = configure ]; then + # lets give them a user/group in all cases. + if ! getent passwd dirsrv > $OUT; then + adduser --quiet --system --home /var/lib/dirsrv \ + --disabled-password --group \ + --gecos "389 Directory Server user" \ + --no-create-home \ + dirsrv > $OUT + fi + + chown -R dirsrv:dirsrv /etc/dirsrv/ /var/log/dirsrv/ /var/lib/dirsrv/ > $OUT || true + chmod 750 /etc/dirsrv/ /var/log/dirsrv/ /var/lib/dirsrv/ > $OUT || true +fi + +invoke_failure() { + # invoke-rc.d failed, likely because no instance has been configured yet + # but exit with an error if an instance is configured and the invoke failed + if [ -z $INSTANCES ]; then + echo "... because no instance has been configured yet." + else + exit 1 + fi +} + + +#DEBHELPER# diff --git a/389-ds-base.postrm b/389-ds-base.postrm new file mode 100644 index 0000000..0a70e0e --- /dev/null +++ b/389-ds-base.postrm @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +. /usr/share/debconf/confmodule + +if [ "$1" = "purge" ]; then + if getent group dirsrv > /dev/null; then + deluser --system dirsrv || true + fi + rm -f /etc/systemd/system/dirsrv.target.wants/dirsrv@*.service + rm -rf /etc/dirsrv + rm -rf /var/lib/dirsrv + rm -rf /var/log/dirsrv +fi + +#DEBHELPER# diff --git a/389-ds-base.prerm b/389-ds-base.prerm new file mode 100644 index 0000000..bfa9c61 --- /dev/null +++ b/389-ds-base.prerm @@ -0,0 +1,14 @@ +#!/bin/sh -e +set -e + +#DEBHELPER# + +if [ "$1" = "purge" ]; then + # remove all installed instances + for FILE in `ls -d /etc/dirsrv/slapd-* 2>/dev/null | sed -n '/\.removed$/!$'` + do + if [ -d "$FILE" ] ; then + dsctl $FILE remove --do-it + fi + done +fi diff --git a/README.Debian b/README.Debian new file mode 100644 index 0000000..eba838e --- /dev/null +++ b/README.Debian @@ -0,0 +1,12 @@ +To complete the 389 Directory Server installation just run /usr/sbin/setup-ds. + +If you experience problems accessing the Directory Server, check with +"netstat -tapen |grep 389" and verify that the server is not listening only +to ipv6 (check for ^tcp6). In such case you will need to tweak the cn=config +DIT with something like the following: + +dn: cn=config +changetype: modify +add: nsslapd-listenhost +nsslapd-listenhost: + diff --git a/changelog b/changelog new file mode 100644 index 0000000..12f0155 --- /dev/null +++ b/changelog @@ -0,0 +1,1021 @@ +389-ds-base (2.0.11-2) unstable; urgency=medium + + * Revert a commit that makes dscreate to fail. + + -- Timo Aaltonen Wed, 15 Dec 2021 23:23:15 +0200 + +389-ds-base (2.0.11-1) unstable; urgency=medium + + * New upstream release. + * missing-sources: Removed, all the minified javascript files were + removed upstream some time ago. + * install: Updated. + * control: Bump debhelper to 13. + * Override some lintian errors. + * watch: Update the url. + + -- Timo Aaltonen Wed, 15 Dec 2021 21:03:20 +0200 + +389-ds-base (1.4.4.17-1) unstable; urgency=medium + + * New upstream release. + - CVE-2021-3652 (Closes: #991405) + * tests: Add isolation-container to restrictions. + * Add a dependency to libjemalloc2, and add a symlink to it so the + preload works. (Closes: #992696) + * CVE-2017-15135.patch: Dropped, fixed by upstream issue #4817. + + -- Timo Aaltonen Mon, 18 Oct 2021 18:36:30 +0300 + +389-ds-base (1.4.4.16-1) unstable; urgency=medium + + * New upstream release. + * fix-s390x-failure.diff: Dropped, upstream. + * watch: Updated to use github. + * copyright: Fix 'globbing-patterns-out-of-order'. + + -- Timo Aaltonen Mon, 16 Aug 2021 09:54:52 +0300 + +389-ds-base (1.4.4.11-1) unstable; urgency=medium + + * New upstream release. + * fix-s390x-failure.diff: Fix a crash on big-endian architectures like + s390x. + + -- Timo Aaltonen Thu, 28 Jan 2021 13:03:32 +0200 + +389-ds-base (1.4.4.10-1) unstable; urgency=medium + + * New upstream release. + * CVE-2017-15135.patch: Refreshed. + * source: Update diff-ignore. + * install: Drop libsds which got removed. + * control: Add libnss3-tools to cockpit-389-ds Depends. (Closes: + #965004) + * control: Drop python3-six from depends. + + -- Timo Aaltonen Thu, 21 Jan 2021 22:16:28 +0200 + +389-ds-base (1.4.4.9-1) unstable; urgency=medium + + * New upstream release. + * fix-prlog-include.diff: Dropped, upstream. + + -- Timo Aaltonen Fri, 18 Dec 2020 15:29:20 +0200 + +389-ds-base (1.4.4.8-1) unstable; urgency=medium + + * New upstream release. + * fix-systemctl-path.diff, drop-old-man.diff: Dropped, obsolete. + * fix-prlog-include.diff: Fix build by dropping nspr4/ prefix. + * install, rules: Clean up perl cruft that got removed upstream. + * install: Add openldap_to_ds. + * watch: Follow 1.4.4.x. + + -- Timo Aaltonen Thu, 12 Nov 2020 15:57:11 +0200 + +389-ds-base (1.4.4.4-1) unstable; urgency=medium + + * New upstream release. + * watch: Update upstream git repo url. + * control: Add python3-dateutil to build-depends. + * copyright: Drop duplicate globbing patterns. + * lintian: Drop obsolete overrides. + * postinst: Drop obsolete rule to upgrade the instances. + * prerm: Use dsctl instead of remove-ds. + + -- Timo Aaltonen Tue, 22 Sep 2020 09:23:30 +0300 + +389-ds-base (1.4.4.3-1) unstable; urgency=medium + + * New upstream release. + * fix-db-home-dir.diff: Dropped, upstream. + + -- Timo Aaltonen Tue, 02 Jun 2020 11:33:44 +0300 + +389-ds-base (1.4.3.6-2) unstable; urgency=medium + + * fix-db-home-dir.diff: Set db_home_dir same as db_dir to fix an issue + starting a newly created instance. + + -- Timo Aaltonen Tue, 21 Apr 2020 20:19:06 +0300 + +389-ds-base (1.4.3.6-1) unstable; urgency=medium + + * New upstream release. + * install: Updated. + + -- Timo Aaltonen Mon, 20 Apr 2020 15:01:35 +0300 + +389-ds-base (1.4.3.4-1) unstable; urgency=medium + + * New upstream release. + * Add debian/gitlab-ci.yml. + - allow blhc to fail + * control: Bump policy to 4.5.0. + * control: Use https url for upstream. + * control: Use canonical URL in Vcs-Browser. + * copyright: Use spaces rather than tabs to start continuation lines. + * Add lintian-overrides for the source, cockpit index.js has long lines. + + -- Timo Aaltonen Wed, 18 Mar 2020 08:47:32 +0200 + +389-ds-base (1.4.3.2-1) unstable; urgency=medium + + * New upstream release. + * prerm: Fix slapd install path. (Closes: #945583) + * install: Updated. + * control: Use debhelper-compat. + + -- Timo Aaltonen Wed, 12 Feb 2020 19:39:22 +0200 + +389-ds-base (1.4.2.4-1) unstable; urgency=medium + + * New upstream release. + - CVE-2019-14824 deref plugin displays restricted attributes + (Closes: #944150) + * fix-obsolete-target.diff: Dropped, obsolete + drop-old-man.diff: Refreshed + * control: Add python3-packaging to build-depends and python3-lib389 depends. + * dev,libs.install: Nunc-stans got dropped. + * source/local-options: Add some files to diff-ignore. + * rules: Refresh list of files to purge. + * rules: Update dh_auto_clean override. + + -- Timo Aaltonen Wed, 27 Nov 2019 00:00:59 +0200 + +389-ds-base (1.4.1.6-4) unstable; urgency=medium + + * tests: Redirect stderr to stdout. + + -- Timo Aaltonen Tue, 17 Sep 2019 01:37:39 +0300 + +389-ds-base (1.4.1.6-3) unstable; urgency=medium + + * control: Add openssl to python3-lib389 depends. + + -- Timo Aaltonen Fri, 13 Sep 2019 07:32:27 +0300 + +389-ds-base (1.4.1.6-2) unstable; urgency=medium + + * Restore perl build partly, setup-ds is still needed for upgrades + until Ubuntu 20.04 is released (for versions << 1.4.0.9). + + -- Timo Aaltonen Thu, 12 Sep 2019 14:50:36 +0300 + +389-ds-base (1.4.1.6-1) unstable; urgency=medium + + * New upstream release. + * control: Drop direct depends on python from 389-ds-base. (Closes: + #936102) + * Drop -legacy-tools and other obsolete scripts. + * use-bash-instead-of-sh.diff, rename-online-scripts.diff, perl-use- + move-instead-of-rename.diff: Dropped, obsolete. + * rules: Fix dsconf/dscreate/dsctl/dsidm manpage section. + * tests/setup: Migrate to dscreate. + * control: Add libnss3-tools to python3-lib389 depends. (Closes: #920025) + + -- Timo Aaltonen Wed, 11 Sep 2019 17:01:03 +0300 + +389-ds-base (1.4.1.5-1) unstable; urgency=medium + + * New upstream release. + * watch: Use https. + * control: Bump policy to 4.4.0. + * Bump debhelper to 12. + * patches: fix-dsctl-remove.diff, fix-nss-path.diff, icu_pkg-config.patch + removed, upstream. Others refreshed. + * rules: Pass --enable-perl, we still need the perl tools. + * *.install: Updated. + + -- Timo Aaltonen Wed, 10 Jul 2019 10:05:31 +0300 + +389-ds-base (1.4.0.22-1) unstable; urgency=medium + + * New upstream bugfix release. + * control: Drop 389-ds-base from -legacy-tools Depends. (Closes: + #924265) + * fix-dsctl-remove.diff: Don't hardcode sysconfig. (Closes: #925221) + + -- Timo Aaltonen Sat, 06 Apr 2019 00:32:06 +0300 + +389-ds-base (1.4.0.21-1) unstable; urgency=medium + + * New upstream release. + * Run offline upgrade only when upgrading from versions below 1.4.0.9, + ns-slapd itself handles upgrades in newer versions. + * rules: Actually install the minified javascript files. (Closes: + #913820) + + -- Timo Aaltonen Tue, 12 Feb 2019 16:28:15 +0200 + +389-ds-base (1.4.0.20-3) unstable; urgency=medium + + * control: 389-ds-base should depend on the legacy tools for now. + (Closes: #919420) + + -- Timo Aaltonen Wed, 16 Jan 2019 11:30:51 +0200 + +389-ds-base (1.4.0.20-2) unstable; urgency=medium + + * Upload to unstable. + + -- Timo Aaltonen Mon, 14 Jan 2019 20:03:58 +0200 + +389-ds-base (1.4.0.20-1) experimental; urgency=medium + + * New upstream release. (Closes: #913821) + * fix-nss-path.diff: Fix includes. + * Build ds* manpages, add missing build-depends. + * Move deprecated tools in a new subpackage. + * control: Add python3-lib389 to 389-ds-base depends. + + -- Timo Aaltonen Sun, 13 Jan 2019 21:13:22 +0200 + +389-ds-base (1.4.0.19-3) unstable; urgency=medium + + [ Jelmer Vernooij ] + * Use secure copyright file specification URI. + * Trim trailing whitespace. + * Use secure URI in Vcs control header. + + [ Hugh McMaster ] + * control: Mark 389-ds-base-libs{,-dev} M-A: same, cockpit-389-ds M-A: + foreign and arch:all. (Closes: #916118) + * Use pkg-config to detect icu. (Closes: #916115) + + -- Timo Aaltonen Wed, 02 Jan 2019 12:43:23 +0200 + +389-ds-base (1.4.0.19-2) unstable; urgency=medium + + * rules: Add -latomic to LDFLAGS on archs failing to build. (Closes: + #910982) + + -- Timo Aaltonen Thu, 06 Dec 2018 01:06:37 +0200 + +389-ds-base (1.4.0.19-1) unstable; urgency=medium + + * New upstream release. + * control: Make C/R backports-compatible. (Closes: #910796) + * use-packaged-js.diff: Dropped, packaged versions don't work. + (Closes: #913820) + * Follow upstream, and drop python3-dirsrvtests. + * cockpit-389-ds.install: Updated. + + -- Timo Aaltonen Mon, 03 Dec 2018 15:56:40 +0200 + +389-ds-base (1.4.0.18-1) unstable; urgency=medium + + * New upstream release. + - CVE-2018-14624 (Closes: #907778) + - CVE-2018-14638 (Closes: #908859) + * control: Build on any arch again. + * perl-use-move-instead-of-rename.diff: Use copy instead of move, + except when restoring files in case of an error. + * Move the new utils (dsconf, dscreate, dsctl, dsidm) to python3- + lib389. + * control: Add python3-argcomplete to python3-lib389 depends. (Closes: + #910761) + + -- Timo Aaltonen Thu, 11 Oct 2018 00:56:02 +0300 + +389-ds-base (1.4.0.16-1) unstable; urgency=medium + + * New upstream release. + * control: 389-ds-base-dev provides libsvrcore-dev. (Closes: #907140) + * perl-use-move-instead-of-rename.diff: Fix upgrade on systems where + /var is on a separate partition: (Closes: #905184) + + -- Timo Aaltonen Thu, 27 Sep 2018 22:39:34 +0300 + +389-ds-base (1.4.0.15-2) unstable; urgency=medium + + * control: Build cockpit-389-ds only on 64bit and i386. + + -- Timo Aaltonen Thu, 23 Aug 2018 08:54:06 +0300 + +389-ds-base (1.4.0.15-1) unstable; urgency=medium + + * New upstream release + - CVE-2018-10935 (Closes: #906985) + * control: Add libcrack2-dev to build-depends. + + -- Timo Aaltonen Thu, 23 Aug 2018 00:46:45 +0300 + +389-ds-base (1.4.0.13-1) experimental; urgency=medium + + * New upstream release. + - CVE-2018-10850 (Closes: #903501) + * control: Update maintainer address. + * control: Upstream dropped support for non-64bit architectures, so + build only on supported 64bit archs (amd64, arm64, mips64el, + ppc64el, s390x). + * control: svrcore got merged here, drop it from build-depends. + * ftbs_lsoftotkn3.diff: Dropped, obsolete. + * control: Add rsync to build-depends. + * libs, dev, control: Add libsvrcore files, replace old package. + * base: Add new scripts, add python3-selinux, -semanage, -sepolicy to + depends. + * Add a package for cockpit-389-ds. + * rules: Clean up cruft left after build. + * control: Drop dh_systemd from build-depends, bump debhelper to 11. + * Add varions libjs packages to cockpit-389-ds Depends, add the rest + to d/missing-sources. + * copyright: Updated. (Closes: #904760) + * control: Modify 389-ds to depend on cockpit-389-ds and drop the old + GUI packages which are deprecated upstream. + * dont-build-new-manpages.diff: Debian doesn't have argparse-manpage, + so in order to not FTBFS don't build new manpages. + * base.install: Add man5/*. + + -- Timo Aaltonen Tue, 31 Jul 2018 23:46:17 +0300 + +389-ds-base (1.3.8.2-1) unstable; urgency=medium + + * New upstream release. + * fix-saslpath.diff: Updated to support ppc64el and s390x. (LP: + #1764744) + * CVE-2017-15135.patch: Refreshed + + -- Timo Aaltonen Fri, 01 Jun 2018 11:21:19 +0300 + +389-ds-base (1.3.7.10-1) unstable; urgency=medium + + * New upstream release. + - fix CVE-2018-1054 (Closes: #892124) + * control: Update maintainer address, freeipa-team handles this from + now on. Drop kklimonda from uploaders. + * control: Update VCS urls. + + -- Timo Aaltonen Tue, 13 Mar 2018 11:32:29 +0200 + +389-ds-base (1.3.7.9-1) unstable; urgency=medium + + * New upstream release. + - CVE-2017-15134 (Closes: #888452) + * patches: Fix CVE-2017-15135. (Closes: #888451) + * tests: Add some debug output. + + -- Timo Aaltonen Mon, 05 Feb 2018 16:25:09 +0200 + +389-ds-base (1.3.7.8-4) unstable; urgency=medium + + * tests: Drop python3-lib389 from depends, it's not used currently + anyway. + + -- Timo Aaltonen Thu, 21 Dec 2017 15:42:04 +0200 + +389-ds-base (1.3.7.8-3) unstable; urgency=medium + + * tests/control: Depend on python3-lib389. + + -- Timo Aaltonen Wed, 20 Dec 2017 23:54:43 +0200 + +389-ds-base (1.3.7.8-2) unstable; urgency=medium + + * Fix autopkgtest to be robust in the face of changed iproute2 output. + + -- Timo Aaltonen Wed, 20 Dec 2017 15:57:26 +0200 + +389-ds-base (1.3.7.8-1) unstable; urgency=medium + + * New upstream release. + * Package python3-lib389 and python3-dirsrvtests. + * control: Add python3 depends to 389-ds-base, since it ships a few + python scripts. + + -- Timo Aaltonen Tue, 12 Dec 2017 17:32:27 +0200 + +389-ds-base (1.3.7.5-1) unstable; urgency=medium + + * New upstream release. + * patches: ftbfs-fix.diff, reproducible-build.diff dropped (upstream) + others refreshed. + * *.install: Updated. + + -- Timo Aaltonen Wed, 04 Oct 2017 10:33:45 +0300 + +389-ds-base (1.3.6.7-5) unstable; urgency=medium + + * Move all libs from base to -libs, add B/R. (Closes: #874764) + + -- Timo Aaltonen Thu, 21 Sep 2017 16:44:13 +0300 + +389-ds-base (1.3.6.7-4) unstable; urgency=medium + + * control, install: Fix library/dev-link installs, add Breaks/Replaces + to fit, and drop obsolete B/R. + + -- Timo Aaltonen Wed, 30 Aug 2017 00:19:41 +0300 + +389-ds-base (1.3.6.7-3) unstable; urgency=medium + + * ftbfs-fix.diff: Fix build. (Closes: #873120) + + -- Timo Aaltonen Mon, 28 Aug 2017 15:09:02 +0300 + +389-ds-base (1.3.6.7-2) unstable; urgency=medium + + * control: Bump policy to 4.1.0, no changes. + * rules: Override dh_missing. + * control: Add libltdl-dev to build-depends. (Closes: #872979) + + -- Timo Aaltonen Thu, 24 Aug 2017 12:15:03 +0300 + +389-ds-base (1.3.6.7-1) unstable; urgency=medium + + * New upstream release + - fix CVE-2017-7551 (Closes: #870752) + * fix-tests.diff: Dropped, fixed upstream. + + -- Timo Aaltonen Tue, 22 Aug 2017 16:30:11 +0300 + +389-ds-base (1.3.6.5-1) experimental; urgency=medium + + * New upstream release. + - fix-bsd.patch, support-kfreebsd.patch, fix-48986-cve-2017-2591.diff: + Dropped, upstream. + * *.install: Updated. + * control: Add doxygen, libcmocka-dev, libevent-dev to build-deps. + * rules: Enable cmocka tests. + * fix-tests.diff: Fix building the tests. + + -- Timo Aaltonen Wed, 10 May 2017 09:38:30 +0300 + +389-ds-base (1.3.5.17-2) unstable; urgency=medium + + * fix-upstream-49245.diff: Pull commits from upstream 1.3.5.x, which + remove rest of the asm code. (Closes: #862194) + + -- Timo Aaltonen Wed, 10 May 2017 09:25:03 +0300 + +389-ds-base (1.3.5.17-1) unstable; urgency=medium + + * New upstream bugfix release. + - CVE-2017-2668 (Closes: #860125) + * watch: Updated. + + -- Timo Aaltonen Tue, 09 May 2017 11:06:14 +0300 + +389-ds-base (1.3.5.15-2) unstable; urgency=medium + + * fix-48986-cve-2017-2591.diff: Fix upstream ticket 48986, + CVE-2017-2591. (Closes: #851769) + + -- Timo Aaltonen Fri, 27 Jan 2017 00:01:53 +0200 + +389-ds-base (1.3.5.15-1) unstable; urgency=medium + + * New upstream release. + - CVE-2016-5405 (Closes: #842121) + + -- Timo Aaltonen Wed, 16 Nov 2016 11:01:00 +0200 + +389-ds-base (1.3.5.14-1) unstable; urgency=medium + + * New upstream release. + * postrm: Remove /etc/dirsrv, /var/lib/dirsrv and /var/log/dirsrv on + purge. + * control: Bump build-dep on libsvrcore-dev to ensure it has support + for systemd password agent. + + -- Timo Aaltonen Fri, 28 Oct 2016 01:42:27 +0300 + +389-ds-base (1.3.5.13-1) unstable; urgency=medium + + * New upstream release. + * control: Bump policy to 3.9.8, no changes. + * patches/default_user: Dropped, upstream. + * support-non-nss-libldap.diff: Dropped, upstream. + * fix-obsolete-target.diff: Updated. + * patches: Refreshed. + * control: Add libsystemd-dev to build-deps. + * control: Add acl to -base depends. + + -- Timo Aaltonen Wed, 12 Oct 2016 11:11:20 +0300 + +389-ds-base (1.3.4.14-2) unstable; urgency=medium + + * tests: Add simple autopkgtests. + * postinst: Start instances after offline update. + * control, rules: Drop -dbg packages. + * control: Drop conflicts on slapd. (Closes: #822532) + + -- Timo Aaltonen Mon, 03 Oct 2016 17:53:26 +0300 + +389-ds-base (1.3.4.14-1) unstable; urgency=medium + + * New upstream release. + * support-non-nss-libldap.diff: Refreshed. + + -- Timo Aaltonen Mon, 29 Aug 2016 10:17:41 +0300 + +389-ds-base (1.3.4.9-1) unstable; urgency=medium + + * New upstream release. + * support-non-nss-libldap.diff: Support libldap built against gnutls. + (LP: #1564179) + + -- Timo Aaltonen Mon, 18 Apr 2016 18:08:14 +0300 + +389-ds-base (1.3.4.8-4) unstable; urgency=medium + + * use-perl-move.diff: Dropped, 'rename' is more reliable. + + -- Timo Aaltonen Wed, 30 Mar 2016 08:38:24 +0300 + +389-ds-base (1.3.4.8-3) unstable; urgency=medium + + * use-perl-move.diff: Fix 60upgradeschemafiles.pl to use File::Copy. + (Closes: #818578) + + -- Timo Aaltonen Fri, 18 Mar 2016 11:15:23 +0200 + +389-ds-base (1.3.4.8-2) unstable; urgency=medium + + * postinst: Silence ls and adduser. + * Drop the init file, we depend on systemd anyway. + * rules: Don't enable dirsrv-snmp.service by default. + * postrm: Clean up /var/lib/dirsrv/scripts-* on purge. + * user-perl-move.diff: Use move instead of rename during upgrade. + (Closes: #775550) + + -- Timo Aaltonen Thu, 17 Mar 2016 08:13:38 +0200 + +389-ds-base (1.3.4.8-1) unstable; urgency=medium + + * New upstream release. + + -- Timo Aaltonen Mon, 22 Feb 2016 07:58:40 +0200 + +389-ds-base (1.3.4.5-2) unstable; urgency=medium + + * fix-systemctl-path.diff: Use correct path to /bin/systemctl. + (Closes: #779653) + + -- Timo Aaltonen Wed, 09 Dec 2015 08:31:20 +0200 + +389-ds-base (1.3.4.5-1) unstable; urgency=medium + + * New upstream release. + * patches: Refreshed. + + -- Timo Aaltonen Wed, 09 Dec 2015 08:14:56 +0200 + +389-ds-base (1.3.3.13-1) unstable; urgency=medium + + * New upstream release. + * control: Add systemd to 389-ds-base Depends. (Closes: #794301) + * postrm: Clean target.wants in postrm. + * reproducible-build.diff: Make builds reproducible. Thanks, Chris + Lamb! (Closes: #799010) + + -- Timo Aaltonen Tue, 20 Oct 2015 14:25:05 +0300 + +389-ds-base (1.3.3.12-1) unstable; urgency=medium + + * New upstream release + - fix CVE-2015-3230 (Closes: #789202) + + -- Timo Aaltonen Wed, 24 Jun 2015 11:47:50 +0300 + +389-ds-base (1.3.3.10-1) unstable; urgency=medium + + * New upstream release + - fix CVE-2015-1854 (Closes: #783923) + * postinst: Stop actual instances instead of 'dirsrv' on upgrade, and + use service(8) instead of invoke-rc.d. + + -- Timo Aaltonen Thu, 07 May 2015 07:58:35 +0300 + +389-ds-base (1.3.3.9-1) experimental; urgency=medium + + * New upstream bugfix release. + - Drop cve-2014-8*.diff, upstream. + + -- Timo Aaltonen Thu, 02 Apr 2015 14:47:20 +0300 + +389-ds-base (1.3.3.5-4) unstable; urgency=medium + + * Security fixes (Closes: #779909) + - cve-2014-8105.diff: Fix for CVE-2014-8105 + - cve-2014-8112.diff: Fix for CVE-2014-8112 + + -- Timo Aaltonen Mon, 09 Mar 2015 10:53:03 +0200 + +389-ds-base (1.3.3.5-3) unstable; urgency=medium + + * use-bash-instead-of-sh.diff: Drop admin_scripts.diff and patch the + scripts to use bash instead of trying to fix bashisms. (Closes: + #772195) + + -- Timo Aaltonen Fri, 16 Jan 2015 15:40:23 +0200 + +389-ds-base (1.3.3.5-2) unstable; urgency=medium + + * fix-saslpath.diff: Fix SASL library path. + + -- Timo Aaltonen Sat, 25 Oct 2014 01:48:34 +0300 + +389-ds-base (1.3.3.5-1) unstable; urgency=medium + + * New upstream bugfix release. + * control: Bump policy, no changes. + + -- Timo Aaltonen Mon, 20 Oct 2014 09:57:14 +0300 + +389-ds-base (1.3.3.3-1) unstable; urgency=medium + + * New upstream release. + * Dropped upstreamed patches, refresh others. + * control, rules, 389-ds-base.install: Add support for systemd. + * fix-obsolete-target.diff: Drop syslog.target from the service files. + * 389-ds-base.links: Mask the initscript so that it's not used with systemd. + + -- Timo Aaltonen Mon, 06 Oct 2014 17:13:01 +0300 + +389-ds-base (1.3.2.23-2) unstable; urgency=medium + + * Team upload. + * Add fix-bsd.patch and support-kfreebsd.patch to fix the build failure + on kFreeBSD. + + -- Benjamin Drung Wed, 03 Sep 2014 15:32:22 +0200 + +389-ds-base (1.3.2.23-1) unstable; urgency=medium + + * New bugfix release. + * watch: Update the url. + * control: Update Vcs-Browser url to use cgit. + + -- Timo Aaltonen Mon, 01 Sep 2014 13:32:59 +0300 + +389-ds-base (1.3.2.21-1) unstable; urgency=medium + + * New upstream release. + - CVE-2014-3562 (Closes: #757437) + + -- Timo Aaltonen Fri, 08 Aug 2014 10:48:55 +0300 + +389-ds-base (1.3.2.19-1) unstable; urgency=medium + + * New upstream release. + * admin_scripts.diff: Updated to fix more bashisms. + * watch: Update the url. + * Install failedbinds.py and logregex.py scripts. + * init: Use status from init-functions. + * control: Update my email. + + -- Timo Aaltonen Tue, 08 Jul 2014 15:50:11 +0300 + +389-ds-base (1.3.2.9-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Apply fix for CVE-2014-0132, see like named patch (Closes: 741600) + * Fix m4-macro for libsrvcore and add missing B-D on libpci-dev + (Closes: #745821) + + -- Tobias Frost Fri, 25 Apr 2014 15:11:16 +0200 + +389-ds-base (1.3.2.9-1) unstable; urgency=low + + * New upstream release. + - fixes CVE-2013-0336 (Closes: #704077) + - fixes CVE-2013-1897 (Closes: #704421) + - fixes CVE-2013-2219 (Closes: #718325) + - fixes CVE-2013-4283 (Closes: #721222) + - fixes CVE-2013-4485 (Closes: #730115) + * Drop fix-CVE-2013-0312.diff, upstream. + * rules: Add new scripts to rename. + * fix-sasl-path.diff: Use a triplet path to find libsasl2. (LP: + #1088822) + * admin_scripts.diff: Add patch from upstream #47511 to fix bashisms. + * control: Add ldap-utils to -base depends. + * rules, rename-online-scripts.diff: Some scripts with .pl suffix are + meant for an online server, so instead of overwriting the offline + scripts use -online suffix. + * rules: Enable parallel build, but limit the jobs to 1 for + dh_auto_install. + * control: Bump policy to 3.9.5, no changes. + * rules: Add get-orig-source target. + * lintian-overrides: Drop obsolete entries, add comments for the rest. + + -- Timo Aaltonen Mon, 03 Feb 2014 11:08:50 +0200 + +389-ds-base (1.3.0.3-1) unstable; urgency=low + + * New upstream release. + * control: Bump the policy to 3.9.4, no changes. + * fix-CVE-2013-0312.diff: Patch to fix handling LDAPv3 control data. + + -- Timo Aaltonen Mon, 11 Mar 2013 14:23:20 +0200 + +389-ds-base (1.2.11.17-1) UNRELEASED; urgency=low + + * New upstream release. + * watch: Add a comment about the upstream git tree. + * fix-cve-2012-4450.diff: Remove, upstream. + + -- Timo Aaltonen Sat, 01 Dec 2012 14:22:13 +0200 + +389-ds-base (1.2.11.15-1) unstable; urgency=low + + * New upstream release. + * Add fix-cve-2012-4450.diff. (Closes: #688942) + * dirsrv.init: Fix stop() to remove the pidfile only when the process + is finished. (Closes: #689389) + * copyright: Update the source url. + * control: Drop quilt from build-depends, since using 3.0 (quilt) + * lintian-overrides: Add an override for hardening-no-fortify- + functions, since it's a false positive in this case. + * control: Drop dpkg-dev from build-depends, no need to specify it + directly. + * copyright: Add myself as a copyright holder for debian/*. + * 389-ds-base.prerm: Add 'set -e'. + * rules: drop DEB_HOST_MULTIARCH, dh9 handles it. + + -- Timo Aaltonen Wed, 03 Oct 2012 19:33:52 +0300 + +389-ds-base (1.2.11.7-5) unstable; urgency=low + + * control: Drop debconf-utils and po-debconf from build-depends. + * control: Add libnetaddr-ip-perl and libsocket-getaddrinfo-perl to + 389-ds-base Depends for ipv6 support. (Closes: #682847) + + -- Timo Aaltonen Mon, 30 Jul 2012 13:12:23 +0200 + +389-ds-base (1.2.11.7-4) unstable; urgency=low + + * debian/po: Remove, leftover from the template purge. (Closes: #681543) + + -- Timo Aaltonen Thu, 19 Jul 2012 23:12:01 +0300 + +389-ds-base (1.2.11.7-3) unstable; urgency=low + + * 389-ds-base.config: Removed, the debconf template is no more. + (Closes: #680351) + * control: Remove duplicate 'the' from the 389-ds description. + + -- Timo Aaltonen Wed, 11 Jul 2012 11:59:36 +0300 + +389-ds-base (1.2.11.7-2) unstable; urgency=low + + * control: Stop hardcoding libs to binary depends. (Closes: #679790) + * control: Add libnspr4-dev and libldap2-dev to 389-ds-base-dev + Depends. (Closes: #679742) + * l10n review (Closes: #679870) : + - Drop the debconf template, and rewrap README.Debian. + - control: Update the descriptions + + -- Timo Aaltonen Tue, 03 Jul 2012 17:58:20 +0300 + +389-ds-base (1.2.11.7-1) unstable; urgency=low + + [ Timo Aaltonen ] + * New upstream release. + * watch: Fix the url. + * patches/remove_license_prompt: Dropped, included upstream. + * patches/default_user: Refreshed. + * control: Change the VCS header to point to the git repository. + * control: Rename last remnants of Fedora to 389. + * changelog, control: Be consistent with the naming; renamed the source + to just '389-ds-base', which matches upstream tarball naming. + * control: Wrap Depends. + * compat, control: Bump compat to 9, and debhelper build-dep to (>= 9). + * rules: Switch to dh. + * Move dirsrv.lintian to dirsrv.lintian-overrides, adjust dirsrv.install. + * *.dirs: Clean up. + * control: Build-depend on dh-autoreconf, drop duplicate bdeps. + * Fold dirsrv-tools into the main package. + * Build against libldap2-dev (>= 2.4.28). + * Rename binary package to 389-ds-base. + * -dev.install: Install the pkgconfig file. + * rules: Enable PIE hardening. + * Add a default file, currently sets LD_BIND_NOW=1. + * control: 'dbgen' uses old perl libs, add libperl4-corelibs-perl + dependency to 389-ds-base. + * rules: Add --fail-missing for dh_install, remove files not needed + and make sure to install the rest. + * rules, control: Fix the installation name of ds-logpipe.py, add + python dependency to 389-ds-base.. + * libns-dshttpd is internal to the server, ship it in 389-ds-base. + * Rename libdirsrv{-dev,0} -> 389-ds-base-{dev,libs}, includes only + libslapd and headers for external plugin development. + * control: Breaks/Replaces old libdirsrv-dev/libdirsrv0/dirsrv. + * Drop hyphen_used_as_minus, applied upstream. + * copyright: Use DEP5 format. + * Cherry-pick upstream commit ee320163c6 to get rid of unnecessary + and non-free MIB's from the tree, and build a dfsg compliant tarball. + * lintian-overrides: Update, create one for -libs. + * Fix the initscript to create the lockdir, and refactor code into separate + functions. + * Drop obsolete entries from copyright, and make it lintian clean. + * debian/po: Refer to the correct file after rename. + * control: Bump Standards-Version to 3.9.3, no changes. + * postinst: Drop unused 'lastversion'. + * patches: Add DEP3 compliant headers. + * rules, postinst: Add an error handler function for dh_installinit, so + that clean installs don't fail due to missing configuration. + * postinst: Run the update tool. + * dirsrv.init: + - Make the start and stop functions much simpler and LSB compliant + - Fix starting multiple instances + - Use '-b' for start-stop-daemon, since ns-slapd doesn't detach properly + * control: Add 389-ds metapackage. + * control: Change libdb4.8-dev build-depends to libdb-dev, since this version + supports db5.x. + * 389-ds-base.prerm: Add prerm script for removing installed instances on + purge. + + [ Krzysztof Klimonda ] + * dirsrv.init: + - return 0 code if there are no instances configured and tweak message + so it doesn't indicate a failure. + + -- Krzysztof Klimonda Tue, 27 Mar 2012 14:26:16 +0200 + +389-directory-server (1.2.6.1-5) unstable; urgency=low + + * Removed db_stop from dirsrv.postinst + * Fix short description in libdirsrv0-dbg + + -- Michele Baldessari Wed, 20 Oct 2010 20:24:20 +0200 + +389-directory-server (1.2.6.1-4) unstable; urgency=low + + * Make libicu dep dependent on dpkg-vendor + + -- Michele Baldessari Mon, 18 Oct 2010 21:21:52 +0200 + +389-directory-server (1.2.6.1-3) unstable; urgency=low + + * Remove dirsrv user and group in postrm + * Clean up postrm and postinst + + -- Michele Baldessari Sun, 17 Oct 2010 21:54:08 +0200 + +389-directory-server (1.2.6.1-2) unstable; urgency=low + + * Fix QUILT_STAMPFN + + -- Michele Baldessari Sun, 17 Oct 2010 15:03:34 +0200 + +389-directory-server (1.2.6.1-1) unstable; urgency=low + + * New upstream + + -- Michele Baldessari Sat, 16 Oct 2010 23:08:09 +0200 + +389-directory-server (1.2.6-2) unstable; urgency=low + + * Update my email address + + -- Michele Baldessari Sat, 16 Oct 2010 22:34:19 +0200 + +389-directory-server (1.2.6-1) unstable; urgency=low + + * New upstream + * s/Fedora/389/g to clean up the branding + * Remove automatic configuration (breaks too often with every update) + * Remove dirsrv.config translation, no questions are asked anymore + * Fix old changelog versions with proper ~ on rc versions + * Update policy to 3.9.1 + * Improve README.Debian + * Depend on libicu44 + * Remove /var/run/dirsrv from the postinst scripts (managed by init script) + + -- Michele Baldessari Sat, 04 Sep 2010 11:58:21 +0200 + +389-directory-server (1.2.6~rc7-1) unstable; urgency=low + + * New upstream + + -- Michele Baldessari Fri, 03 Sep 2010 20:06:08 +0200 + +389-directory-server (1.2.6~a3-1) unstable; urgency=low + + * New upstream + * Rename man page remove-ds.pl in remove-ds + * Removed Debian.source + + -- Michele Baldessari Sun, 23 May 2010 22:12:13 +0200 + +389-directory-server (1.2.6~a2-1) unstable; urgency=low + + * New upstream + * Removed speling_fixes patch, applied upstream + + -- Michele Baldessari Sun, 23 May 2010 13:36:25 +0200 + +389-directory-server (1.2.5-1) unstable; urgency=low + + * New upstream + * Add libpcre3-dev Build-dep + * ldap-agent moved ti /usr/sbin + * Fix spelling errors in code and manpages + * Fix some lintian warnings + * Bump policy to 3.8.3 + * Ignore lintian warning pkg-has-shlibs-control-file-but-no-actual-shared-libs + as the shlibs file is for dirsrv plugins + * Upgraded deps to libicu42 and libdb4.8 + * Do create /var/lib/dirsrv as dirsrv user's home + * Added libsasl2-modules-gssapi-mit as a dependency for dirsrv (needed by + mandatory LDAP SASL mechs) + * Install all files of etc/dirsrv/config + * Add some missing start scripts in usr/sbin + * Fixed a bug in the dirsrv.init script + * Switch to dpkg-source 3.0 (quilt) format + * Bump policy to 3.8.4 + + -- Michele Baldessari Sun, 23 May 2010 12:31:24 +0200 + +389-directory-server (1.2.1-0) unstable; urgency=low + + * Rename of source package (note, since this is still staging work no + replace or upgrade is in place) + * Update watch file + * New Upstream + + -- Michele Baldessari Fri, 12 Jun 2009 22:08:42 +0200 + +fedora-directory-server (1.2.0-1) unstable; urgency=low + + * New upstream release + * Add missing libkrb5-dev dependency + * Fix section of -dbg packages + * Fix all "dpatch-missing-description" lintian warnings + + -- Michele Baldessari Wed, 22 Apr 2009 23:36:22 +0200 + +fedora-directory-server (1.1.3-1) unstable; urgency=low + + * New upstream + * Added watch file + * Make setup-ds use dirsrv:dirsrv user/group as defaults + * Added VCS-* fields + * --enable-autobind + * Add ldap/servers/plugins/replication/winsync-plugin.h to libdirsrv-dev + + -- Michele Baldessari Mon, 24 Nov 2008 22:42:26 +0100 + +fedora-directory-server (1.1.2-2) unstable; urgency=low + + * Fixed build+configure twice issue + * Added Conflicts: slapd (thanks Alessandro) + + -- Michele Baldessari Tue, 23 Sep 2008 21:12:44 +0200 + +fedora-directory-server (1.1.2-1) unstable; urgency=low + + * New upstream + * Removed /usr/sbin PATH from postinst script + + -- Michele Baldessari Sat, 20 Sep 2008 20:10:52 +0000 + +fedora-directory-server (1.1.1-0) unstable; urgency=low + + * New upstream + * Don't apply patch for 439829, fixed upstream + * Bump to policy 3.8.0 + * Added README.source + + -- Michele Baldessari Fri, 22 Aug 2008 00:09:40 +0200 + +fedora-directory-server (1.1.0-4) unstable; urgency=low + + * dirsrv should depend on libmozilla-ldap-perl (thanks Mathias Kaufmann + ) + + -- Michele Baldessari Sun, 20 Jul 2008 18:41:58 +0200 + +fedora-directory-server (1.1.0-3) unstable; urgency=low + + * Fix up some descriptions + + -- Michele Baldessari Sun, 25 May 2008 21:36:32 +0200 + +fedora-directory-server (1.1.0-2) unstable; urgency=low + + * Silenced init warning messages when chowning pid directory + + -- Michele Baldessari Wed, 21 May 2008 23:08:32 +0200 + +fedora-directory-server (1.1.0-1) unstable; urgency=low + + * Removed template lintian warning + * Cleaned up manpages + + -- Michele Baldessari Sun, 18 May 2008 13:39:58 +0200 + +fedora-directory-server (1.1.0-0) unstable; urgency=low + + * Initial release (Closes: #497098). + * Fixed postinst after renaming setup-ds.pl to setup-ds + * Applied patch from https://bugzilla.redhat.com/show_bug.cgi?id=439829 to + fix segfault against late NSS versions + * Switched to parseable copyright format + * Source package is lintian clean now + * Added initial manpage patch + * Switched to dh_install + + -- Michele Baldessari Thu, 27 Mar 2008 23:56:17 +0200 diff --git a/cockpit-389-ds.install b/cockpit-389-ds.install new file mode 100644 index 0000000..d3f77dc --- /dev/null +++ b/cockpit-389-ds.install @@ -0,0 +1,2 @@ +usr/share/cockpit/389-console/ +usr/share/metainfo/389-console/org.port389.cockpit_console.metainfo.xml diff --git a/control b/control new file mode 100644 index 0000000..e69d09c --- /dev/null +++ b/control @@ -0,0 +1,181 @@ +Source: 389-ds-base +Section: net +Priority: optional +Maintainer: Debian FreeIPA Team +Uploaders: + Timo Aaltonen , +Build-Depends: + libcmocka-dev, + debhelper-compat (= 13), + dh-python, + doxygen, + libbz2-dev, + libcrack2-dev, + libdb-dev, + libevent-dev, + libicu-dev, + libkrb5-dev, + libldap2-dev (>= 2.4.28), + libltdl-dev, + libnspr4-dev, + libnss3-dev, + libpam0g-dev, + libpci-dev, + libpcre3-dev, + libperl-dev, + libsasl2-dev, + libsnmp-dev, + libssl-dev, + libsystemd-dev, + pkg-config, + python3-all-dev, + python3-argcomplete, + python3-argparse-manpage, + python3-dateutil, + python3-ldap, + python3-packaging, + python3-selinux, + python3-sepolicy, + python3-setuptools, + rsync, + zlib1g-dev, +Standards-Version: 4.5.0 +Vcs-Git: https://salsa.debian.org/freeipa-team/389-ds-base.git +Vcs-Browser: https://salsa.debian.org/freeipa-team/389-ds-base +Homepage: https://directory.fedoraproject.org + +Package: 389-ds +Architecture: all +Depends: + 389-ds-base, + cockpit-389-ds, + ${misc:Depends}, +Description: 389 Directory Server suite - metapackage + Based on the Lightweight Directory Access Protocol (LDAP), the 389 + Directory Server is designed to manage large directories of users and + resources robustly and scalably. + . + This is a metapackage depending on the LDAPv3 server and a Cockpit UI plugin + for administration. + +Package: 389-ds-base-libs +Section: libs +Architecture: any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, ${shlibs:Depends}, + libjemalloc2, +Breaks: 389-ds-base (<< 1.3.6.7-5), + 389-ds-base-dev (<< 1.3.6.7-4), + libsvrcore0, +Replaces: 389-ds-base (<< 1.3.6.7-5), + 389-ds-base-dev (<< 1.3.6.7-4), + libsvrcore0, +Description: 389 Directory Server suite - libraries + Based on the Lightweight Directory Access Protocol (LDAP), the 389 + Directory Server is designed to manage large directories of users and + resources robustly and scalably. + . + This package contains core libraries for the 389 Directory Server. + +Package: 389-ds-base-dev +Section: libdevel +Architecture: any +Multi-Arch: same +Depends: + 389-ds-base-libs (= ${binary:Version}), + libldap2-dev, + libnspr4-dev, + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: 389-ds-base (<< 1.3.6.7-4), + libsvrcore-dev, +Replaces: 389-ds-base (<< 1.3.6.7-4), + libsvrcore-dev, +Provides: + libsvrcore-dev, +Description: 389 Directory Server suite - development files + Based on the Lightweight Directory Access Protocol (LDAP), the 389 + Directory Server is designed to manage large directories of users and + resources robustly and scalably. + . + This package contains development headers for the core libraries + of the 389 Directory Server, useful for developing plugins without + having to install the server itself. + +Package: 389-ds-base +Architecture: any +Pre-Depends: debconf (>= 0.5) | debconf-2.0 +Depends: + 389-ds-base-libs (= ${binary:Version}), + adduser, + acl, + ldap-utils, + libmozilla-ldap-perl, + libnetaddr-ip-perl, + libsocket-getaddrinfo-perl, + libsasl2-modules-gssapi-mit, + perl, + python3-lib389, + python3-selinux, + python3-semanage, + python3-sepolicy, + systemd, + ${misc:Depends}, + ${shlibs:Depends}, + ${python3:Depends}, +Replaces: 389-ds-base-legacy-tools +Description: 389 Directory Server suite - server + Based on the Lightweight Directory Access Protocol (LDAP), the 389 + Directory Server is designed to manage large directories of users and + resources robustly and scalably. + . + Its key features include: + * four-way multi-master replication; + * great scalability; + * extensive documentation; + * Active Directory user and group synchronization; + * secure authentication and transport; + * support for LDAPv3; + * graphical management console; + * on-line, zero downtime update of schema, configuration, and + in-tree Access Control Information. + +Package: python3-lib389 +Architecture: all +Depends: ${misc:Depends}, ${python3:Depends}, + libnss3-tools, + openssl, + python3-argcomplete, + python3-dateutil, + python3-ldap, + python3-packaging, + python3-pyasn1, + python3-pyasn1-modules, + python3-pytest, +Conflicts: python-lib389 (<< 1.3.7.8), + 389-ds-base (<< 1.4.0.18-1~), +Replaces: python-lib389 (<< 1.3.7.8), + 389-ds-base (<< 1.4.0.18-1~), +Description: Python3 module for accessing and configuring the 389 Directory Server + This Python3 module contains tools and libraries for accessing, testing, + and configuring the 389 Directory Server. + +Package: cockpit-389-ds +Architecture: all +Multi-Arch: foreign +Depends: ${misc:Depends}, + cockpit, + libjs-bootstrap, + libjs-c3, + libjs-d3, + libjs-jquery-datatables, + libjs-jquery-datatables-extensions, + libjs-jquery-jstree, + libjs-moment, + libnss3-tools, + python3, + python3-lib389, +Description: Cockpit user interface for 389 Directory Server + This package includes a Cockpit UI plugin for configuring and administering + the 389 Directory Server. diff --git a/copyright b/copyright new file mode 100644 index 0000000..87df3aa --- /dev/null +++ b/copyright @@ -0,0 +1,575 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-name: 389-ds-base +Source: http://directory.fedoraproject.org/wiki/Source + +Files: * +Copyright: 2001 Sun Microsystems, Inc. + 2005 Red Hat, Inc. +License: GPL-3+ and Other + +Files: ldap/libraries/libavl/*.[ch] ldap/servers/slapd/abandon.c + ldap/servers/slapd/add.c ldap/servers/slapd/bind.c + ldap/servers/slapd/bulk_import.c ldap/servers/slapd/compare.c + ldap/servers/slapd/delete.c ldap/servers/slapd/detach.c + ldap/servers/slapd/globals.c ldap/servers/slapd/modify.c + ldap/servers/slapd/modrdn.c ldap/servers/slapd/monitor.c + ldap/servers/slapd/search.c ldap/servers/slapd/unbind.c +Copyright: 1993 Regents of the University of Michigan + 2001 Sun Microsystems, Inc. + 2005 Red Hat, Inc. +License: GPL-3+ and Other + +Files: ldap/servers/slapd/tools/ldaptool.h +Copyright: 1998 Netscape Communication Corporation +License: GPL-2+ or LGPL-2.1 or MPL-1.1 + +Files: ldap/servers/slapd/tools/ldaptool-sasl.c + ldap/servers/slapd/tools/ldaptool-sasl.h +Copyright: 2005 Sun Microsystems, Inc. +License: GPL-2+ or LGPL-2.1 or MPL-1.1 + +Files: m4/* +Copyright: 2006-2017 Red Hat, Inc. + 2016 William Brown +License: GPL-3+ + +Files: src/svrcore/* +Copyright: 2016 Red Hat, Inc. +License: MPL-2.0 + +Files: debian/* +Copyright: 2008 Michele Baldessari + 2012 Timo Aaltonen +License: GPL-2+ or LGPL-2.1 or MPL-1.1 + +License: Other + In addition, as a special exception, Red Hat, Inc. gives You the additional + right to link the code of this Program with code not covered under the GNU + General Public License ("Non-GPL Code") and to distribute linked combinations + including the two, subject to the limitations in this paragraph. Non-GPL Code + permitted under this exception must only link to the code of this Program + through those well defined interfaces identified in the file named EXCEPTION + found in the source code files (the "Approved Interfaces"). The files of + Non-GPL Code may instantiate templates or use macros or inline functions from + the Approved Interfaces without causing the resulting work to be covered by + the GNU General Public License. Only Red Hat, Inc. may make changes or + additions to the list of Approved Interfaces. You must obey the GNU General + Public License in all respects for all of the Program code and other code used + in conjunction with the Program except the Non-GPL Code covered by this + exception. If you modify this file, you may extend this exception to your + version of the file, but you are not obligated to do so. If you do not wish to + provide this exception without modification, you must delete this exception + statement from your version and license this file solely under the GPL without + exception. + +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the name of the Dojo Foundation nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +License: GPL-2 or GPL-2+ + On Debian machines the full text of the GNU General Public License + can be found in the file /usr/share/common-licenses/GPL-2. + +License: GPL-3+ + On Debian machines the full text of the GNU General Public License v3 + can be found in the file /usr/share/common-licenses/GPL-3. + +License: LGPL-2.1 + On Debian machines the full text of the GNU General Public License + can be found in the file /usr/share/common-licenses/LGPL-2.1. + +License: MPL-1.1 + MOZILLA PUBLIC LICENSE + Version 1.1 + . + --------------- + . + 1. Definitions. + . + 1.0.1. "Commercial Use" means distribution or otherwise making the + Covered Code available to a third party. + . + 1.1. "Contributor" means each entity that creates or contributes to + the creation of Modifications. + . + 1.2. "Contributor Version" means the combination of the Original + Code, prior Modifications used by a Contributor, and the Modifications + made by that particular Contributor. + . + 1.3. "Covered Code" means the Original Code or Modifications or the + combination of the Original Code and Modifications, in each case + including portions thereof. + . + 1.4. "Electronic Distribution Mechanism" means a mechanism generally + accepted in the software development community for the electronic + transfer of data. + . + 1.5. "Executable" means Covered Code in any form other than Source + Code. + . + 1.6. "Initial Developer" means the individual or entity identified + as the Initial Developer in the Source Code notice required by Exhibit + A. + . + 1.7. "Larger Work" means a work which combines Covered Code or + portions thereof with code not governed by the terms of this License. + . + 1.8. "License" means this document. + . + 1.8.1. "Licensable" means having the right to grant, to the maximum + extent possible, whether at the time of the initial grant or + subsequently acquired, any and all of the rights conveyed herein. + . + 1.9. "Modifications" means any addition to or deletion from the + substance or structure of either the Original Code or any previous + Modifications. When Covered Code is released as a series of files, a + Modification is: + A. Any addition to or deletion from the contents of a file + containing Original Code or previous Modifications. + . + B. Any new file that contains any part of the Original Code or + previous Modifications. + . + 1.10. "Original Code" means Source Code of computer software code + which is described in the Source Code notice required by Exhibit A as + Original Code, and which, at the time of its release under this + License is not already Covered Code governed by this License. + . + 1.10.1. "Patent Claims" means any patent claim(s), now owned or + hereafter acquired, including without limitation, method, process, + and apparatus claims, in any patent Licensable by grantor. + . + 1.11. "Source Code" means the preferred form of the Covered Code for + making modifications to it, including all modules it contains, plus + any associated interface definition files, scripts used to control + compilation and installation of an Executable, or source code + differential comparisons against either the Original Code or another + well known, available Covered Code of the Contributor's choice. The + Source Code can be in a compressed or archival form, provided the + appropriate decompression or de-archiving software is widely available + for no charge. + . + 1.12. "You" (or "Your") means an individual or a legal entity + exercising rights under, and complying with all of the terms of, this + License or a future version of this License issued under Section 6.1. + For legal entities, "You" includes any entity which controls, is + controlled by, or is under common control with You. For purposes of + this definition, "control" means (a) the power, direct or indirect, + to cause the direction or management of such entity, whether by + contract or otherwise, or (b) ownership of more than fifty percent + (50%) of the outstanding shares or beneficial ownership of such + entity. + . + 2. Source Code License. + . + 2.1. The Initial Developer Grant. + The Initial Developer hereby grants You a world-wide, royalty-free, + non-exclusive license, subject to third party intellectual property + claims: + (a) under intellectual property rights (other than patent or + trademark) Licensable by Initial Developer to use, reproduce, + modify, display, perform, sublicense and distribute the Original + Code (or portions thereof) with or without Modifications, and/or + as part of a Larger Work; and + . + (b) under Patents Claims infringed by the making, using or + selling of Original Code, to make, have made, use, practice, + sell, and offer for sale, and/or otherwise dispose of the + Original Code (or portions thereof). + . + (c) the licenses granted in this Section 2.1(a) and (b) are + effective on the date Initial Developer first distributes + Original Code under the terms of this License. + . + (d) Notwithstanding Section 2.1(b) above, no patent license is + granted: 1) for code that You delete from the Original Code; 2) + separate from the Original Code; or 3) for infringements caused + by: i) the modification of the Original Code or ii) the + combination of the Original Code with other software or devices. + . + 2.2. Contributor Grant. + Subject to third party intellectual property claims, each Contributor + hereby grants You a world-wide, royalty-free, non-exclusive license + . + (a) under intellectual property rights (other than patent or + trademark) Licensable by Contributor, to use, reproduce, modify, + display, perform, sublicense and distribute the Modifications + created by such Contributor (or portions thereof) either on an + unmodified basis, with other Modifications, as Covered Code + and/or as part of a Larger Work; and + . + (b) under Patent Claims infringed by the making, using, or + selling of Modifications made by that Contributor either alone + and/or in combination with its Contributor Version (or portions + of such combination), to make, use, sell, offer for sale, have + made, and/or otherwise dispose of: 1) Modifications made by that + Contributor (or portions thereof); and 2) the combination of + Modifications made by that Contributor with its Contributor + Version (or portions of such combination). + . + (c) the licenses granted in Sections 2.2(a) and 2.2(b) are + effective on the date Contributor first makes Commercial Use of + the Covered Code. + . + (d) Notwithstanding Section 2.2(b) above, no patent license is + granted: 1) for any code that Contributor has deleted from the + Contributor Version; 2) separate from the Contributor Version; + 3) for infringements caused by: i) third party modifications of + Contributor Version or ii) the combination of Modifications made + by that Contributor with other software (except as part of the + Contributor Version) or other devices; or 4) under Patent Claims + infringed by Covered Code in the absence of Modifications made by + that Contributor. + . + 3. Distribution Obligations. + . + 3.1. Application of License. + The Modifications which You create or to which You contribute are + governed by the terms of this License, including without limitation + Section 2.2. The Source Code version of Covered Code may be + distributed only under the terms of this License or a future version + of this License released under Section 6.1, and You must include a + copy of this License with every copy of the Source Code You + distribute. You may not offer or impose any terms on any Source Code + version that alters or restricts the applicable version of this + License or the recipients' rights hereunder. However, You may include + an additional document offering the additional rights described in + Section 3.5. + . + 3.2. Availability of Source Code. + Any Modification which You create or to which You contribute must be + made available in Source Code form under the terms of this License + either on the same media as an Executable version or via an accepted + Electronic Distribution Mechanism to anyone to whom you made an + Executable version available; and if made available via Electronic + Distribution Mechanism, must remain available for at least twelve (12) + months after the date it initially became available, or at least six + (6) months after a subsequent version of that particular Modification + has been made available to such recipients. You are responsible for + ensuring that the Source Code version remains available even if the + Electronic Distribution Mechanism is maintained by a third party. + . + 3.3. Description of Modifications. + You must cause all Covered Code to which You contribute to contain a + file documenting the changes You made to create that Covered Code and + the date of any change. You must include a prominent statement that + the Modification is derived, directly or indirectly, from Original + Code provided by the Initial Developer and including the name of the + Initial Developer in (a) the Source Code, and (b) in any notice in an + Executable version or related documentation in which You describe the + origin or ownership of the Covered Code. + . + 3.4. Intellectual Property Matters + (a) Third Party Claims. + If Contributor has knowledge that a license under a third party's + intellectual property rights is required to exercise the rights + granted by such Contributor under Sections 2.1 or 2.2, + Contributor must include a text file with the Source Code + distribution titled "LEGAL" which describes the claim and the + party making the claim in sufficient detail that a recipient will + know whom to contact. If Contributor obtains such knowledge after + the Modification is made available as described in Section 3.2, + Contributor shall promptly modify the LEGAL file in all copies + Contributor makes available thereafter and shall take other steps + (such as notifying appropriate mailing lists or newsgroups) + reasonably calculated to inform those who received the Covered + Code that new knowledge has been obtained. + . + (b) Contributor APIs. + If Contributor's Modifications include an application programming + interface and Contributor has knowledge of patent licenses which + are reasonably necessary to implement that API, Contributor must + also include this information in the LEGAL file. + . + (c) Representations. + Contributor represents that, except as disclosed pursuant to + Section 3.4(a) above, Contributor believes that Contributor's + Modifications are Contributor's original creation(s) and/or + Contributor has sufficient rights to grant the rights conveyed by + this License. + . + 3.5. Required Notices. + You must duplicate the notice in Exhibit A in each file of the Source + Code. If it is not possible to put such notice in a particular Source + Code file due to its structure, then You must include such notice in a + location (such as a relevant directory) where a user would be likely + to look for such a notice. If You created one or more Modification(s) + You may add your name as a Contributor to the notice described in + Exhibit A. You must also duplicate this License in any documentation + for the Source Code where You describe recipients' rights or ownership + rights relating to Covered Code. You may choose to offer, and to + charge a fee for, warranty, support, indemnity or liability + obligations to one or more recipients of Covered Code. However, You + may do so only on Your own behalf, and not on behalf of the Initial + Developer or any Contributor. You must make it absolutely clear than + any such warranty, support, indemnity or liability obligation is + offered by You alone, and You hereby agree to indemnify the Initial + Developer and every Contributor for any liability incurred by the + Initial Developer or such Contributor as a result of warranty, + support, indemnity or liability terms You offer. + . + 3.6. Distribution of Executable Versions. + You may distribute Covered Code in Executable form only if the + requirements of Section 3.1-3.5 have been met for that Covered Code, + and if You include a notice stating that the Source Code version of + the Covered Code is available under the terms of this License, + including a description of how and where You have fulfilled the + obligations of Section 3.2. The notice must be conspicuously included + in any notice in an Executable version, related documentation or + collateral in which You describe recipients' rights relating to the + Covered Code. You may distribute the Executable version of Covered + Code or ownership rights under a license of Your choice, which may + contain terms different from this License, provided that You are in + compliance with the terms of this License and that the license for the + Executable version does not attempt to limit or alter the recipient's + rights in the Source Code version from the rights set forth in this + License. If You distribute the Executable version under a different + license You must make it absolutely clear that any terms which differ + from this License are offered by You alone, not by the Initial + Developer or any Contributor. You hereby agree to indemnify the + Initial Developer and every Contributor for any liability incurred by + the Initial Developer or such Contributor as a result of any such + terms You offer. + . + 3.7. Larger Works. + You may create a Larger Work by combining Covered Code with other code + not governed by the terms of this License and distribute the Larger + Work as a single product. In such a case, You must make sure the + requirements of this License are fulfilled for the Covered Code. + . + 4. Inability to Comply Due to Statute or Regulation. + . + If it is impossible for You to comply with any of the terms of this + License with respect to some or all of the Covered Code due to + statute, judicial order, or regulation then You must: (a) comply with + the terms of this License to the maximum extent possible; and (b) + describe the limitations and the code they affect. Such description + must be included in the LEGAL file described in Section 3.4 and must + be included with all distributions of the Source Code. Except to the + extent prohibited by statute or regulation, such description must be + sufficiently detailed for a recipient of ordinary skill to be able to + understand it. + . + 5. Application of this License. + . + This License applies to code to which the Initial Developer has + attached the notice in Exhibit A and to related Covered Code. + . + 6. Versions of the License. + . + 6.1. New Versions. + Netscape Communications Corporation ("Netscape") may publish revised + and/or new versions of the License from time to time. Each version + will be given a distinguishing version number. + . + 6.2. Effect of New Versions. + Once Covered Code has been published under a particular version of the + License, You may always continue to use it under the terms of that + version. You may also choose to use such Covered Code under the terms + of any subsequent version of the License published by Netscape. No one + other than Netscape has the right to modify the terms applicable to + Covered Code created under this License. + . + 6.3. Derivative Works. + If You create or use a modified version of this License (which you may + only do in order to apply it to code which is not already Covered Code + governed by this License), You must (a) rename Your license so that + the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", + "MPL", "NPL" or any confusingly similar phrase do not appear in your + license (except to note that your license differs from this License) + and (b) otherwise make it clear that Your version of the license + contains terms which differ from the Mozilla Public License and + Netscape Public License. (Filling in the name of the Initial + Developer, Original Code or Contributor in the notice described in + Exhibit A shall not of themselves be deemed to be modifications of + this License.) + . + 7. DISCLAIMER OF WARRANTY. + . + COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, + WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF + DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. + THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE + IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, + YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE + COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER + OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF + ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. + . + 8. TERMINATION. + . + 8.1. This License and the rights granted hereunder will terminate + automatically if You fail to comply with terms herein and fail to cure + such breach within 30 days of becoming aware of the breach. All + sublicenses to the Covered Code which are properly granted shall + survive any termination of this License. Provisions which, by their + nature, must remain in effect beyond the termination of this License + shall survive. + . + 8.2. If You initiate litigation by asserting a patent infringement + claim (excluding declatory judgment actions) against Initial Developer + or a Contributor (the Initial Developer or Contributor against whom + You file such action is referred to as "Participant") alleging that: + . + (a) such Participant's Contributor Version directly or indirectly + infringes any patent, then any and all rights granted by such + Participant to You under Sections 2.1 and/or 2.2 of this License + shall, upon 60 days notice from Participant terminate prospectively, + unless if within 60 days after receipt of notice You either: (i) + agree in writing to pay Participant a mutually agreeable reasonable + royalty for Your past and future use of Modifications made by such + Participant, or (ii) withdraw Your litigation claim with respect to + the Contributor Version against such Participant. If within 60 days + of notice, a reasonable royalty and payment arrangement are not + mutually agreed upon in writing by the parties or the litigation claim + is not withdrawn, the rights granted by Participant to You under + Sections 2.1 and/or 2.2 automatically terminate at the expiration of + the 60 day notice period specified above. + . + (b) any software, hardware, or device, other than such Participant's + Contributor Version, directly or indirectly infringes any patent, then + any rights granted to You by such Participant under Sections 2.1(b) + and 2.2(b) are revoked effective as of the date You first made, used, + sold, distributed, or had made, Modifications made by that + Participant. + . + 8.3. If You assert a patent infringement claim against Participant + alleging that such Participant's Contributor Version directly or + indirectly infringes any patent where such claim is resolved (such as + by license or settlement) prior to the initiation of patent + infringement litigation, then the reasonable value of the licenses + granted by such Participant under Sections 2.1 or 2.2 shall be taken + into account in determining the amount or value of any payment or + license. + . + 8.4. In the event of termination under Sections 8.1 or 8.2 above, + all end user license agreements (excluding distributors and resellers) + which have been validly granted by You or any distributor hereunder + prior to termination shall survive termination. + . + 9. LIMITATION OF LIABILITY. + . + UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT + (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL + DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, + OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR + ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY + CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, + WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER + COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN + INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF + LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY + RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW + PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE + EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO + THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. + . + 10. U.S. GOVERNMENT END USERS. + . + The Covered Code is a "commercial item," as that term is defined in + 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer + software" and "commercial computer software documentation," as such + terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 + C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), + all U.S. Government End Users acquire Covered Code with only those + rights set forth herein. + . + 11. MISCELLANEOUS. + . + This License represents the complete agreement concerning subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. This License shall be governed by + California law provisions (except to the extent applicable law, if + any, provides otherwise), excluding its conflict-of-law provisions. + With respect to disputes in which at least one party is a citizen of, + or an entity chartered or registered to do business in the United + States of America, any litigation relating to this License shall be + subject to the jurisdiction of the Federal Courts of the Northern + District of California, with venue lying in Santa Clara County, + California, with the losing party responsible for costs, including + without limitation, court costs and reasonable attorneys' fees and + expenses. The application of the United Nations Convention on + Contracts for the International Sale of Goods is expressly excluded. + Any law or regulation which provides that the language of a contract + shall be construed against the drafter shall not apply to this + License. + . + 12. RESPONSIBILITY FOR CLAIMS. + . + As between Initial Developer and the Contributors, each party is + responsible for claims and damages arising, directly or indirectly, + out of its utilization of rights under this License and You agree to + work with Initial Developer and Contributors to distribute such + responsibility on an equitable basis. Nothing herein is intended or + shall be deemed to constitute any admission of liability. + . + 13. MULTIPLE-LICENSED CODE. + . + Initial Developer may designate portions of the Covered Code as + "Multiple-Licensed". "Multiple-Licensed" means that the Initial + Developer permits you to utilize portions of the Covered Code under + Your choice of the NPL or the alternative licenses, if any, specified + by the Initial Developer in the file described in Exhibit A. + . + EXHIBIT A -Mozilla Public License. + . + ``The contents of this file are subject to the Mozilla Public License + Version 1.1 (the "License"); you may not use this file except in + compliance with the License. You may obtain a copy of the License at + http://www.mozilla.org/MPL/ + . + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the + License for the specific language governing rights and limitations + under the License. + . + The Original Code is ______________________________________. + . + The Initial Developer of the Original Code is ________________________. + Portions created by ______________________ are Copyright (C) ______ + _______________________. All Rights Reserved. + . + Contributor(s): ______________________________________. + . + Alternatively, the contents of this file may be used under the terms + of the _____ license (the "[___] License"), in which case the + provisions of [______] License are applicable instead of those + above. If you wish to allow use of your version of this file only + under the terms of the [____] License and not to allow others to use + your version of this file under the MPL, indicate your decision by + deleting the provisions above and replace them with the notice and + other provisions required by the [___] License. If you do not delete + the provisions above, a recipient may use your version of this file + under either the MPL or the [___] License." + . + [NOTE: The text of this Exhibit A may differ slightly from the text of + the notices in the Source Code files of the Original Code. You should + use the text of this Exhibit A rather than the text found in the + Original Code Source Code for Your Modifications.] + +License: MPL-2.0 + On Debian machines the full text of the Mozilla Public License version 2.0 + can be found in the file /usr/share/common-licenses/MPL-2.0. diff --git a/gitlab-ci.yml b/gitlab-ci.yml new file mode 100644 index 0000000..4545f3e --- /dev/null +++ b/gitlab-ci.yml @@ -0,0 +1,6 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +blhc: + allow_failure: true diff --git a/patches/0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch b/patches/0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch new file mode 100644 index 0000000..351c1e9 --- /dev/null +++ b/patches/0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch @@ -0,0 +1,348 @@ +From 85d06aba6cb874958e9583d84bbd83ffe8bc40f6 Mon Sep 17 00:00:00 2001 +From: Timo Aaltonen +Date: Wed, 15 Dec 2021 21:40:38 +0200 +Subject: [PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode + (#4949)" + +This reverts commit b0d06615e1117799ec156d51489cd49c92635cca. +--- + .../healthcheck/health_security_test.py | 10 +++ + ldap/ldif/template-dse-minimal.ldif.in | 52 ---------------- + ldap/ldif/template-dse.ldif.in | 52 ---------------- + ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c | 62 +++---------------- + ldap/servers/slapd/main.c | 12 ---- + src/lib389/lib389/__init__.py | 4 -- + src/lib389/lib389/topologies.py | 6 +- + src/lib389/lib389/utils.py | 13 ---- + 8 files changed, 21 insertions(+), 190 deletions(-) + +diff --git a/dirsrvtests/tests/suites/healthcheck/health_security_test.py b/dirsrvtests/tests/suites/healthcheck/health_security_test.py +index fa3c28615..a07371e0e 100644 +--- a/dirsrvtests/tests/suites/healthcheck/health_security_test.py ++++ b/dirsrvtests/tests/suites/healthcheck/health_security_test.py +@@ -31,6 +31,16 @@ libfaketime.reexec_if_needed() + log = logging.getLogger(__name__) + + ++def is_fips(): ++ if os.path.exists('/proc/sys/crypto/fips_enabled'): ++ with open('/proc/sys/crypto/fips_enabled', 'r') as f: ++ state = f.readline().strip() ++ if state == '1': ++ return True ++ else: ++ return False ++ ++ + def run_healthcheck_and_flush_log(topology, instance, searched_code, json, searched_code2=None): + args = FakeArgs() + args.instance = instance.serverid +diff --git a/ldap/ldif/template-dse-minimal.ldif.in b/ldap/ldif/template-dse-minimal.ldif.in +index a1700a2da..5d424fbf5 100644 +--- a/ldap/ldif/template-dse-minimal.ldif.in ++++ b/ldap/ldif/template-dse-minimal.ldif.in +@@ -185,58 +185,6 @@ nsslapd-plugininitfunc: pbkdf2_sha256_pwd_storage_scheme_init + nsslapd-plugintype: pwdstoragescheme + nsslapd-pluginenabled: on + +-dn: cn=PBKDF2,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: PBKDF2 +-nsslapd-pluginpath: libpwdchan-plugin +-nsslapd-plugininitfunc: pwdchan_pbkdf2_plugin_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +-nsslapd-pluginId: PBKDF2 +-nsslapd-pluginVersion: none +-nsslapd-pluginVendor: 389 Project +-nsslapd-pluginDescription: PBKDF2 +- +-dn: cn=PBKDF2-SHA1,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: PBKDF2-SHA1 +-nsslapd-pluginpath: libpwdchan-plugin +-nsslapd-plugininitfunc: pwdchan_pbkdf2_sha1_plugin_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +-nsslapd-pluginId: PBKDF2-SHA1 +-nsslapd-pluginVersion: none +-nsslapd-pluginVendor: 389 Project +-nsslapd-pluginDescription: PBKDF2-SHA1\ +- +-dn: cn=PBKDF2-SHA256,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: PBKDF2-SHA256 +-nsslapd-pluginpath: libpwdchan-plugin +-nsslapd-plugininitfunc: pwdchan_pbkdf2_sha256_plugin_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +-nsslapd-pluginId: PBKDF2-SHA256 +-nsslapd-pluginVersion: none +-nsslapd-pluginVendor: 389 Project +-nsslapd-pluginDescription: PBKDF2-SHA256\ +- +-dn: cn=PBKDF2-SHA512,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: PBKDF2-SHA512 +-nsslapd-pluginpath: libpwdchan-plugin +-nsslapd-plugininitfunc: pwdchan_pbkdf2_sha512_plugin_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +-nsslapd-pluginId: PBKDF2-SHA512 +-nsslapd-pluginVersion: none +-nsslapd-pluginVendor: 389 Project +-nsslapd-pluginDescription: PBKDF2-SHA512 +- + dn: cn=AES,cn=Password Storage Schemes,cn=plugins,cn=config + objectclass: top + objectclass: nsSlapdPlugin +diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in +index 1456761e5..892f62c6b 100644 +--- a/ldap/ldif/template-dse.ldif.in ++++ b/ldap/ldif/template-dse.ldif.in +@@ -232,58 +232,6 @@ nsslapd-plugininitfunc: pbkdf2_sha256_pwd_storage_scheme_init + nsslapd-plugintype: pwdstoragescheme + nsslapd-pluginenabled: on + +-dn: cn=PBKDF2,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: PBKDF2 +-nsslapd-pluginpath: libpwdchan-plugin +-nsslapd-plugininitfunc: pwdchan_pbkdf2_plugin_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +-nsslapd-pluginId: PBKDF2 +-nsslapd-pluginVersion: none +-nsslapd-pluginVendor: 389 Project +-nsslapd-pluginDescription: PBKDF2 +- +-dn: cn=PBKDF2-SHA1,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: PBKDF2-SHA1 +-nsslapd-pluginpath: libpwdchan-plugin +-nsslapd-plugininitfunc: pwdchan_pbkdf2_sha1_plugin_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +-nsslapd-pluginId: PBKDF2-SHA1 +-nsslapd-pluginVersion: none +-nsslapd-pluginVendor: 389 Project +-nsslapd-pluginDescription: PBKDF2-SHA1\ +- +-dn: cn=PBKDF2-SHA256,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: PBKDF2-SHA256 +-nsslapd-pluginpath: libpwdchan-plugin +-nsslapd-plugininitfunc: pwdchan_pbkdf2_sha256_plugin_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +-nsslapd-pluginId: PBKDF2-SHA256 +-nsslapd-pluginVersion: none +-nsslapd-pluginVendor: 389 Project +-nsslapd-pluginDescription: PBKDF2-SHA256\ +- +-dn: cn=PBKDF2-SHA512,cn=Password Storage Schemes,cn=plugins,cn=config +-objectclass: top +-objectclass: nsSlapdPlugin +-cn: PBKDF2-SHA512 +-nsslapd-pluginpath: libpwdchan-plugin +-nsslapd-plugininitfunc: pwdchan_pbkdf2_sha512_plugin_init +-nsslapd-plugintype: pwdstoragescheme +-nsslapd-pluginenabled: on +-nsslapd-pluginId: PBKDF2-SHA512 +-nsslapd-pluginVersion: none +-nsslapd-pluginVendor: 389 Project +-nsslapd-pluginDescription: PBKDF2-SHA512 +- + dn: cn=AES,cn=Password Storage Schemes,cn=plugins,cn=config + objectclass: top + objectclass: nsSlapdPlugin +diff --git a/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c b/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c +index dcac4fcdd..d310dc792 100644 +--- a/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c ++++ b/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c +@@ -91,11 +91,10 @@ pbkdf2_sha256_extract(char *hash_in, SECItem *salt, uint32_t *iterations) + SECStatus + pbkdf2_sha256_hash(char *hash_out, size_t hash_out_len, SECItem *pwd, SECItem *salt, uint32_t iterations) + { ++ SECItem *result = NULL; + SECAlgorithmID *algid = NULL; + PK11SlotInfo *slot = NULL; + PK11SymKey *symkey = NULL; +- SECItem *wrapKeyData = NULL; +- SECStatus rv = SECFailure; + + /* We assume that NSS is already started. */ + algid = PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, SEC_OID_HMAC_SHA256, SEC_OID_HMAC_SHA256, hash_out_len, iterations, salt); +@@ -105,6 +104,7 @@ pbkdf2_sha256_hash(char *hash_out, size_t hash_out_len, SECItem *pwd, SECItem *s + slot = PK11_GetBestSlotMultiple(mechanism_array, 2, NULL); + if (slot != NULL) { + symkey = PK11_PBEKeyGen(slot, algid, pwd, PR_FALSE, NULL); ++ PK11_FreeSlot(slot); + if (symkey == NULL) { + /* We try to get the Error here but NSS has two or more error interfaces, and sometimes it uses none of them. */ + int32_t status = PORT_GetError(); +@@ -123,60 +123,18 @@ pbkdf2_sha256_hash(char *hash_out, size_t hash_out_len, SECItem *pwd, SECItem *s + return SECFailure; + } + +- /* +- * First, we need to generate a wrapped key for PK11_Decrypt call: +- * slot is the same slot we used in PK11_PBEKeyGen() +- * 256 bits / 8 bit per byte +- */ +- PK11SymKey *wrapKey = PK11_KeyGen(slot, CKM_AES_ECB, NULL, 256/8, NULL); +- PK11_FreeSlot(slot); +- if (wrapKey == NULL) { +- slapi_log_err(SLAPI_LOG_ERR, "pbkdf2_sha256_hash", "Unable to generate a wrapped key.\n"); +- return SECFailure; +- } +- +- wrapKeyData = (SECItem *)PORT_Alloc(sizeof(SECItem)); +- /* Align the wrapped key with 32 bytes. */ +- wrapKeyData->len = (PK11_GetKeyLength(symkey) + 31) & ~31; +- /* Allocate the aligned space for pkc5PBE key plus AESKey block */ +- wrapKeyData->data = (unsigned char *)slapi_ch_calloc(wrapKeyData->len, sizeof(unsigned char)); +- +- /* Get symkey wrapped with wrapKey - required for PK11_Decrypt call */ +- rv = PK11_WrapSymKey(CKM_AES_ECB, NULL, wrapKey, symkey, wrapKeyData); +- if (rv != SECSuccess) { +- PK11_FreeSymKey(symkey); +- PK11_FreeSymKey(wrapKey); +- SECITEM_FreeItem(wrapKeyData, PR_TRUE); +- slapi_log_err(SLAPI_LOG_ERR, "pbkdf2_sha256_hash", "Unable to wrap the symkey. (%d)\n", rv); +- return SECFailure; +- } +- +- /* Allocate the space for our result */ +- void *result = (char *)slapi_ch_calloc(wrapKeyData->len, sizeof(char)); +- unsigned int result_len = 0; +- +- /* User wrapKey to decrypt the wrapped contents. +- * result is the hash that we need; +- * result_len is the actual lengh of the data; +- * has_out_len is the maximum (the space we allocted for hash_out) +- */ +- rv = PK11_Decrypt(wrapKey, CKM_AES_ECB, NULL, result, &result_len, hash_out_len, wrapKeyData->data, wrapKeyData->len); +- PK11_FreeSymKey(symkey); +- PK11_FreeSymKey(wrapKey); +- SECITEM_FreeItem(wrapKeyData, PR_TRUE); +- +- if (rv == SECSuccess) { +- if (result != NULL && result_len <= hash_out_len) { +- memcpy(hash_out, result, result_len); +- slapi_ch_free((void **)&result); ++ if (PK11_ExtractKeyValue(symkey) == SECSuccess) { ++ result = PK11_GetKeyData(symkey); ++ if (result != NULL && result->len <= hash_out_len) { ++ memcpy(hash_out, result->data, result->len); ++ PK11_FreeSymKey(symkey); + } else { +- slapi_log_err(SLAPI_LOG_ERR, "pbkdf2_sha256_hash", "Unable to retrieve (get) hash output.\n"); +- slapi_ch_free((void **)&result); ++ PK11_FreeSymKey(symkey); ++ slapi_log_err(SLAPI_LOG_ERR, (char *)schemeName, "Unable to retrieve (get) hash output.\n"); + return SECFailure; + } + } else { +- slapi_log_err(SLAPI_LOG_ERR, "pbkdf2_sha256_hash", "Unable to extract hash output. (%d)\n", rv); +- slapi_ch_free((void **)&result); ++ slapi_log_err(SLAPI_LOG_ERR, (char *)schemeName, "Unable to extract hash output.\n"); + return SECFailure; + } + +diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c +index 7b3dc848f..9f99f6154 100644 +--- a/ldap/servers/slapd/main.c ++++ b/ldap/servers/slapd/main.c +@@ -2931,21 +2931,9 @@ slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt, int s_por + * is enabled or not. We use NSS for random number generation and + * other things even if we are not going to accept SSL connections. + * We also need NSS for attribute encryption/decryption on import and export. +- * +- * It's important to remember that while in FIPS mode the administrator should always enable +- * the security, otherwise we don't call slapd_pk11_authenticate which is a requirement for FIPS mode + */ +- PRBool isFIPS = slapd_pk11_isFIPS(); + int init_ssl = config_get_security(); + +- if (isFIPS && !init_ssl) { +- slapi_log_err(SLAPI_LOG_WARNING, "slapd_do_all_nss_ssl_init", +- "ERROR: TLS is not enabled, and the machine is in FIPS mode. " +- "Some functionality won't work correctly (for example, " +- "users with PBKDF2_SHA256 password scheme won't be able to log in). " +- "It's highly advisable to enable TLS on this instance.\n"); +- } +- + if (slapd_exemode == SLAPD_EXEMODE_SLAPD) { + init_ssl = init_ssl && (0 != s_port) && (s_port <= LDAP_PORT_MAX); + } else { +diff --git a/src/lib389/lib389/__init__.py b/src/lib389/lib389/__init__.py +index 15ac50b7d..d4473dfd1 100644 +--- a/src/lib389/lib389/__init__.py ++++ b/src/lib389/lib389/__init__.py +@@ -1533,10 +1533,6 @@ class DirSrv(SimpleLDAPObject, object): + :param post_open: Open the server connection after restart. + :type post_open: bool + """ +- if self.config.get_attr_val_utf8_l("nsslapd-security") == 'on': +- self.restart(post_open=post_open) +- return +- + # If it doesn't exist, create a cadb. + ssca = NssSsl(dbpath=self.get_ssca_dir()) + if not ssca._db_exists(): +diff --git a/src/lib389/lib389/topologies.py b/src/lib389/lib389/topologies.py +index 569818fc1..db505535f 100644 +--- a/src/lib389/lib389/topologies.py ++++ b/src/lib389/lib389/topologies.py +@@ -11,7 +11,7 @@ import logging + import socket # For hostname detection for GSSAPI tests + import pytest + from lib389 import DirSrv +-from lib389.utils import generate_ds_params, is_fips ++from lib389.utils import generate_ds_params + from lib389.mit_krb5 import MitKrb5 + from lib389.saslmap import SaslMappings + from lib389.replica import ReplicationManager, Replicas +@@ -103,10 +103,6 @@ def _create_instances(topo_dict, suffix): + if role == ReplicaRole.HUB: + hs[instance.serverid] = instance + instances.update(hs) +- # We should always enable TLS while in FIPS mode because otherwise NSS database won't be +- # configured in a FIPS compliant way +- if is_fips(): +- instance.enable_tls() + if DEBUGGING: + instance.config.set('nsslapd-errorlog-level','8192') + instance.config.set('nsslapd-accesslog-level','260') +diff --git a/src/lib389/lib389/utils.py b/src/lib389/lib389/utils.py +index 5445aa7b0..37eeda273 100644 +--- a/src/lib389/lib389/utils.py ++++ b/src/lib389/lib389/utils.py +@@ -1434,16 +1434,3 @@ def is_valid_hostname(hostname): + hostname = hostname[:-1] # strip exactly one dot from the right, if present + allowed = re.compile("(?!-)[A-Z\d-]{1,63}(?256) diff --git a/tests/control b/tests/control new file mode 100644 index 0000000..dc84954 --- /dev/null +++ b/tests/control @@ -0,0 +1,6 @@ +Tests: setup +Depends: + 389-ds-base, +Restrictions: + isolation-container, + needs-root, diff --git a/tests/setup b/tests/setup new file mode 100644 index 0000000..0ffa366 --- /dev/null +++ b/tests/setup @@ -0,0 +1,36 @@ +#!/bin/sh + +# hack for lxc +IP=`ip route get 1.1.1.1 | sed -n -e's/.*src //; s/ .*//; p; q'` +echo "IP address is $IP" + +HOSTNAME=`cat /etc/hosts| grep '127.0.1.1' | awk '{print $NF; exit}'` +echo "Hostname was: $HOSTNAME" + +if [ -z $HOSTNAME ]; then + HOSTNAME=autopkgtest + hostname $HOSTNAME + echo $HOSTNAME > /etc/hostname +fi + +echo "$IP $HOSTNAME.debci $HOSTNAME" >> /etc/hosts + +echo "/etc/hosts now has:" +cat /etc/hosts + +cat << EOF > /tmp/debci.inf +[general] +full_machine_name = $HOSTNAME.debci +strict_host_checking = False +[slapd] +group = dirsrv +instance_name = debci +port = 1389 +root_dn = cn=Directory Manager +root_password = Secret123 +user = dirsrv +[backend-userroot] +suffix = dc=example,dc=com +EOF + +/usr/sbin/dscreate from-file /tmp/debci.inf 2>&1 diff --git a/watch b/watch new file mode 100644 index 0000000..aceba88 --- /dev/null +++ b/watch @@ -0,0 +1,3 @@ +#git=https://github.com/389ds/389-ds-base +version=3 +https://github.com/389ds/389-ds-base/tags/ (?:.*?/)?389-ds-base-@ANY_VERSION@\.tar\.gz -- 2.30.2