This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via c89accc1e85a5b25ad50bcb831b1b0d403265899 (commit) via 3bcf692bfd20594d7ee36ed7b5e14695d76b350a (commit) via e19edbfb7d978337986ed65eedae421e9c8541a0 (commit) via d236d00d831b5b4d6a01c16cc6de1bb64d7be811 (commit) via c20802e9595cc8da883d7499b8be82ef4b81b11e (commit) via 1711625317905fa85170f835c6aa9144c89e5669 (commit) from e9d66b05ec51dd1d461e8153e93b4516cfb0f69c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit c89accc1e85a5b25ad50bcb831b1b0d403265899 Merge: 3bcf692 d236d00 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jan 13 20:23:27 2013 +0100
Merge remote-tracking branch 'stevee/openldap-improvements'
commit 3bcf692bfd20594d7ee36ed7b5e14695d76b350a Merge: e19edbf c20802e Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jan 13 20:21:52 2013 +0100
Merge remote-tracking branch 'stevee/libuser-update'
commit e19edbfb7d978337986ed65eedae421e9c8541a0 Merge: e9d66b0 1711625 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jan 13 20:21:28 2013 +0100
Merge remote-tracking branch 'stevee/authconfig-fix'
commit d236d00d831b5b4d6a01c16cc6de1bb64d7be811 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 13 18:40:44 2013 +0100
openldap: A lot of improvements.
* Add openldap user and group. * Add a system tmpfile for /run/openldap directory. * Add /etc/openldap/slapd.d and /var/lib/ldap as datafiles, to be sure they never will be removed or overwritten by pakfire. * Add new permissions and owernships for ldap user.
* Run slapd as user "ldap".
* Add openldap.socket file to create and listen on the unix socket. This socket is placed in /run/openldap/ldapi.
* Enable ldapi ( the local ldap unix socket) on systemd service file. Also listen on the existing unix socket and use socket-based activation.
As a result of this kind of activation we do not have longer to enable the openldap service on startup and so I've removed lines on the service file for that.
Fixes #10224.
commit c20802e9595cc8da883d7499b8be82ef4b81b11e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 13 17:00:02 2013 +0100
libuser: Update to 0.58.
This is a major update to the latest stable version.
commit 1711625317905fa85170f835c6aa9144c89e5669 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 13 15:52:38 2013 +0100
authconfig: Add nss_ldap as runtime dependency.
-----------------------------------------------------------------------
Summary of changes: authconfig/authconfig.nm | 3 ++- libuser/libuser.nm | 9 ++++---- openldap/openldap.nm | 47 ++++++++++++++++++++++++++++++++++----- openldap/openldap.tmpfiles | 1 + openldap/systemd/openldap.service | 8 ++----- openldap/systemd/openldap.socket | 5 +++++ 6 files changed, 55 insertions(+), 18 deletions(-) create mode 100644 openldap/openldap.tmpfiles create mode 100644 openldap/systemd/openldap.socket
Difference in files: diff --git a/authconfig/authconfig.nm b/authconfig/authconfig.nm index 73db059..56f2f7b 100644 --- a/authconfig/authconfig.nm +++ b/authconfig/authconfig.nm @@ -5,7 +5,7 @@
name = authconfig version = 6.2.2 -release = 4 +release = 5
groups = System/Base url = https://fedorahosted.org/authconfig @@ -75,6 +75,7 @@ packages requires libpwquality newt-python + nss_ldap end
configfiles diff --git a/libuser/libuser.nm b/libuser/libuser.nm index cc2e961..f159482 100644 --- a/libuser/libuser.nm +++ b/libuser/libuser.nm @@ -4,7 +4,7 @@ ###############################################################################
name = libuser -version = 0.57.1 +version = 0.58 release = 1
groups = System/Libraries @@ -13,12 +13,12 @@ license = LGPLv2+ summary = A user and group account administration library.
description - The libuser library implements a standardized interface for \ - manipulating and administering user and group accounts. The \ + The libuser library implements a standardized interface for + manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. end
-source_dl = +source_dl = https://fedorahosted.org/releases/l/i/%%7Bname%7D/ sources = %{thisapp}.tar.xz
build @@ -46,7 +46,6 @@ end
packages package %{name} - end
package %{name}-devel template DEVEL diff --git a/openldap/openldap.nm b/openldap/openldap.nm index 1f80a01..f6979d3 100644 --- a/openldap/openldap.nm +++ b/openldap/openldap.nm @@ -5,7 +5,7 @@
name = openldap version = 2.4.32 -release = 1 +release = 2
groups = System/Daemons url = http://www.openldap.org/ @@ -33,6 +33,7 @@ build libtool-devel openssl-devel pth-devel + shadow-utils end
configure_options += \ @@ -51,6 +52,10 @@ build --enable-ndb=no \ --disable-static
+ prepare_cmds + %{create_user} + end + install_cmds mv -v %{BUILDROOT}%{libdir}/slapd %{BUILDROOT}/usr/sbin/slapd ln -svf slapd %{BUILDROOT}/usr/sbin/slapacl @@ -63,7 +68,9 @@ build ln -svf slapd %{BUILDROOT}/usr/sbin/slapschema ln -svf slapd %{BUILDROOT}/usr/sbin/slaptest
- rm -rvf %{BUILDROOT}/var/openldap-data + # Remove unneeded files. + rm -rvf %{BUILDROOT}%{localstatedir}/openldap-data + rm -rvf %{BUILDROOT}%{localstatedir}/run
for LINK in lber ldap ldap_r; do chmod -v 0755 %{BUILDROOT}%{libdir}/$(readlink %{BUILDROOT}%{libdir}/lib${LINK}.so) @@ -71,22 +78,50 @@ build
# Install configuration mkdir -pv %{BUILDROOT}/etc/%{name} - cp -vf %{DIR_SOURCE}/slapd.conf %{BUILDROOT}/etc/%{name}/slapd.conf - - mkdir -pv %{BUILDROOT}/var/lib/ldap - chmod 700 -Rv %{BUILDROOT}/var/lib/ldap + cp -vf %{DIR_SOURCE}/slapd.conf %{BUILDROOT}%{sysconfdir}/%{name}/slapd.conf + + # Create directoires. + mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/slapd.d + mkdir -pv %{BUILDROOT}%{localstatedir}/%{name} + mkdir -pv %{BUILDROOT}%{sharedstatedir}/ldap + + # Fix permissions and ownerships. + chown -Rv ldap:ldap %{BUILDROOT}%{sysconfdir}/%{name} + chown ldap:ldap %{BUILDROOT}/run/%{name} + chown ldap:ldap %{BUILDROOT}%{sharedstatedir}/ldap + chmod 700 -Rv %{BUILDROOT}%{sharedstatedir}/ldap end end
+create_user + getent group ldap >/dev/null || groupadd -r ldap + getent passwd ldap >/dev/null || useradd -r -g ldap \ + -d /var/lib/ldap -s /sbin/nologin -c "OpenLDAP server" ldap +end + packages package %{name} + prerequires += shadow-utils + + script prein + %{create_user} + end + + datafiles + %{sysconfdir}/%{name}/slapd.d + %{sharedstatedir}/ldap + end + script postin systemctl daemon-reload >/dev/null 2>&1 || : + systemctl enable openldap.socket >/dev/null 2>&1 || : end
script preun systemctl --no-reload disable openldap.service >/dev/null 2>&1 || : + systemctl --no-reload disable openldap.socket >/dev/null 2>&1 || : systemctl stop openldap.service >/dev/null 2>&1 || : + systemctl stop openldap.socket >/dev/null 2>&1 || : end
script postun diff --git a/openldap/openldap.tmpfiles b/openldap/openldap.tmpfiles new file mode 100644 index 0000000..8857aed --- /dev/null +++ b/openldap/openldap.tmpfiles @@ -0,0 +1 @@ +d /run/openldap 0755 ldap ldap - diff --git a/openldap/systemd/openldap.service b/openldap/systemd/openldap.service index 8c2c57b..9a6e53f 100644 --- a/openldap/systemd/openldap.service +++ b/openldap/systemd/openldap.service @@ -1,10 +1,6 @@ [Unit] Description=OpenLDAP -After=basic.target +After=basic.target sockets.target
[Service] -Type=forking -ExecStart=/usr/sbin/slapd - -[Install] -WantedBy=multi-user.target +ExecStart=/usr/sbin/slapd -u ldap -h 'ldapi://%2Frun%2Fopenldap%2Fldapi' diff --git a/openldap/systemd/openldap.socket b/openldap/systemd/openldap.socket new file mode 100644 index 0000000..1fe23ea --- /dev/null +++ b/openldap/systemd/openldap.socket @@ -0,0 +1,5 @@ +[Socket] +ListenStream=/run/openldap/ldapi + +[Install] +WantedBy=sockets.target
hooks/post-receive -- IPFire 3.x development tree