Bug(s) fixed: 182613

Bug Description: Upgrade wipes out sectool wrappers
Reviewed by: Pete and Nathan (Thanks!)
Fix Description: It's better if we just package those wrappers instead
of creating them on the fly.  The new file sec_tools_wrappers is a
simple shell script that assumes it's being run out of a parent/bin
directory which contains a program called $0-bin, and the shared libs it
needs are in parent/lib.  This shell script is copied to
shared/bin/certutil, shared/bin/modutil, etc.  I had to create another
makefile packaging macro to handle the case where you want to package a
file under a different name than the original. Also
1) Add Red Hat and Fedora DS to upgradeServer
2) adminutil property directory is now adminutil-properties instead of
property
3) General clean up of some upgrade install things
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no

components.mk

@@ -112,6 +112,14 @@ PACKAGE_UNDER_JAVA =
 # separate the src from the dest with a single space
 PACKAGE_SRC_DEST =
 
+# this macro contains a list of pairs of source and dest files, not directories
+# the source is where to find the item in the build tree, and the dest is
+# the place in the release to put the item, relative to the server root e.g.
+# nls locale files are in libnls31/locale, but for packaging they need to
+# go into lib/nls, not just lib; the destination should be a file name;
+# separate the src from the dest with a single space
+PACKAGE_SRC_DESTFILE =
+
 # these defs are useful for doing pattern search/replace
 COMMA := ,
 NULLSTRING :=
@@ -264,8 +272,10 @@ endif
 # we need to package the root cert file in the alias directory
 PACKAGE_SRC_DEST += $(SECURITY_LIBPATH)/$(LIB_PREFIX)nssckbi.$(DLL_SUFFIX) alias
 
-# need to package the sec tools in shared/bin
-BINS_TO_PKG_SHARED += $(SECURITY_TOOLS_FULLPATH)
+# the security tools are wrapped with shell scripts so that the correct ld libpath can be set
+# so, when we package them, we rename them with a -bin extension e.g. certutil -> shared/bin/certutil-bin
+# the actual certutil will be an executable shell script that points to certutil-bin
+PACKAGE_SRC_DESTFILE += $(foreach prog,$(SECURITY_TOOLS),$(SECURITY_BINPATH)/$(prog)$(SPACE)shared/bin/$(prog)-bin)
 
 ### SECURITY END #############################
 
@@ -531,7 +541,7 @@ else
   ADMINUTIL_INCPATH = $(ADMINUTIL_BUILD_DIR)/include/adminutil-$(ADMINUTIL_DOT_VER)
 endif
 
-PACKAGE_SRC_DEST += $(ADMINUTIL_LIBPATH)/property bin/slapd/lib
+PACKAGE_SRC_DEST += $(ADMINUTIL_LIBPATH)/adminutil-properties bin/slapd/lib
 LIBS_TO_PKG += $(wildcard $(ADMINUTIL_LIBPATH)/*.$(DLL_SUFFIX))
 LIBS_TO_PKG_CLIENTS += $(wildcard $(ADMINUTIL_LIBPATH)/*.$(DLL_SUFFIX))
 

ldap/admin/src/upgradeServer

@@ -326,7 +326,29 @@ sub getSlapdVersion {
   sleep(1); # allow some data to accumulate in the pipe
 #  print "Output from $prog -v:\n";
   while (<F>) {
-    if (/^Netscape-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) {
+    if (/^Red Hat-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) {
+      $version     = $1;
+      $minor       = $2;
+      if ($4) {
+        $subminor = $3;
+        $buildNumber = $4;
+      } else {
+        $buildNumber = $3;
+      }
+      last;
+    }
+    elsif (/^Fedora-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) {
+      $version     = $1;
+      $minor       = $2;
+      if ($4) {
+        $subminor = $3;
+        $buildNumber = $4;
+      } else {
+        $buildNumber = $3;
+      }
+      last;
+    }
+    elsif (/^Netscape-Directory\/(\d+)\.(\d+)(?:\.(\d+))?(?:b\d)*\s+(\S+)/) {
       $version     = $1;
       $minor       = $2;
       if ($4) {
@@ -414,7 +436,6 @@ sub instantiate_new_package_scripts {
     "$sroot/bin/slapd/admin/scripts/template-migrate5to7",
     "$sroot/bin/slapd/admin/scripts/template-migrate6to7",
     "$sroot/bin/slapd/admin/scripts/template-migrateInstance7",
-    "$sroot/bin/slapd/admin/scripts/template-migrateTo4",
     "$sroot/bin/slapd/admin/scripts/template-migrateTo7",
     "$sroot/bin/slapd/admin/scripts/template-repl-monitor-cgi.pl",
   );

ldap/cm/Makefile

@@ -346,6 +346,20 @@ endif
 	fi ; \
 	done
 
+# PACKAGE_SRC_DESTFILE is defined in components.mk - these are component files and directories to install
+# with the other component files that we don't necessarily pick up from the admin server build
+# these can go in any directory - this differs from PACKAGE_SRC_DEST above in that in this case, the
+# destination is a _file_, not a directory, and src must be a filename, not a directory
+	for destfile in $(PACKAGE_SRC_DESTFILE) ; \
+	do if [ "$$src" ] ; \
+	then destdir=`dirname $$destfile` ; \
+		if [ ! -d $(RELDIR)/$$destdir ] ; then mkdir -p $(RELDIR)/$$destdir ; fi ; \
+		$(CP) $$src $(RELDIR)/$$destfile ; \
+		src= ; \
+	else src=$$destfile ; \
+	fi ; \
+	done
+
 # install the DSMLGW into the client directory
 # the following DSML files must be packaged separately:
 # web-app_2_3.dtd, activation.jar, saaj.jar - due to Sun license

ldap/cm/newinst/Makefile

@@ -95,10 +95,13 @@ PATCHINFO= $(ABS_OBJDIR)/$(DIR)
 # Source for staged installation utilities
 INCDIR=$(SETUPUTIL_INCLUDE) -I$(LDAP_SRC)/admin/include -I$(LDAP_SRC)/admin/lib -I$(LDAP_SRC)/admin/src
 
+# we wrap the security tools with a shell script wrapper for their ld libpath
+PACKAGE_SEC_T0OLS = $(addprefix $(RELDIR)/shared/bin/,$(SECURITY_TOOLS))
+
 # ADM_VERSDIR = admserv40
 # ADM_RELDATE = 19980112
 
-all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP)  $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall
+all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP)  $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall $(PACKAGE_SEC_T0OLS)
 # removed ns-keygen from build - it was only used for Dir Lite
 # $(BINDEST)/ns-keygen 
 ifeq ($(ARCH), BSDI)
@@ -170,6 +173,11 @@ $(BINDEST)/ns-config: $(OBJS1) $(OBJS2)
 		-o $(BINDEST)/ns-config $(RPATHFLAG_PREFIX)$(RPATHFLAG)$(RPATHFLAG_EXTRAS) $(OBJS1) $(OBJS2) $(SETUPUTILLINK) $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) \
 	       $(EXTRA_LIBS) $(CURSES)
 
+$(RELDIR)/shared/bin/%: sec_tools_wrapper $(RELDIR)/shared/bin
+	-@$(RM) $@
+	$(CP) $< $@
+	chmod +x $@
+
 ifeq ($(ARCH), WINNT)
 $(INFO):
 	$(PERL) fixINF.pl $(BUILD_MODULE) $(NOSP_DIR_VERSION) $(BUILD_ROOT)/$(BUILD_ARCH)/buildnum.dat slapd.inf $(SECURITY) $(PRODUCT) $(IS_DIR_LITE) $(INSTANCE_NAME_PREFIX) [email protected] $(BUILD_BOMB) "bin/admin/ns-admin,bin/admin/ns-admin.so"

ldap/cm/newinst/ns-update

@@ -60,48 +60,6 @@ start_server()
 	cd $cwd
 }
 
-wrap_security_tools()
-{
-	cwd=`pwd`
-	SECURITY_BINNAMES="certutil derdump modutil pk12util pp ssltap shlibsign"
-	arch=`uname`
-	if [ $arch = HP-UX ]; then
-		env_ld_library_path=SHLIB_PATH
-	elif [ $arch = AIX ]; then
-		env_ld_library_path=LIBPATH
-	else
-		env_ld_library_path=LD_LIBRARY_PATH
-	fi
-	cd $sroot/shared/bin
-	for file in $SECURITY_BINNAMES
-	do
-		if [ -f $file -a ! -f $file-bin ]; then
-			mv $file $file-bin
-			echo "#!/bin/sh" > $file
-			echo $env_ld_library_path=$sroot/shared/lib >> $file
-			echo "export $env_ld_library_path" >> $file
-			echo "$sroot/shared/bin/$file-bin " '${1+"$@"}' >> $file
-			chmod 755 $file
-		fi
-	done
-
-	if [ -d $sroot/shared32/bin ] ; then
-		cd $sroot/shared32/bin
-		for file in modutil
-		do
-			if [ -f $file -a ! -f $file-bin ]; then
-				mv $file $file-bin
-				echo "#!/bin/sh" > $file
-				echo $env_ld_library_path=$sroot/shared32/lib >> $file
-				echo "export $env_ld_library_path" >> $file
-				echo "$sroot/shared32/bin/$file-bin " '${1+"$@"}' >> $file
-				chmod 755 $file
-			fi
-		done
-	fi
-	cd $cwd
-}
-
 # if the -r flag is present, this means we're doing a
 # reinstall or an upgrade, so restart the servers
 for arg in $* ; do
@@ -161,8 +119,6 @@ if [ $reconfig ] ; then
 	$PERL $sroot/bin/slapd/admin/bin/upgradeServer $sroot
 fi
 
-wrap_security_tools $sroot
-
 cd `dirname $0`
 
 # we need to make sure the alias directory is owned by the server user/group
@@ -196,10 +152,6 @@ rc=0
 ./ds_create $* $extraflags
 rc=$?
 
-if [ -f fix_secmod_db_64 ]; then
-    ./fix_secmod_db_64 $sroot/alias $sroot/shared32/bin
-fi
-
 # chown the cookie directory - bug 175098
 if [ "$ssuser" ] ; then
     if [ "$ssgrp" ] ; then

ldap/cm/newinst/sec_tools_wrapper

@@ -0,0 +1,66 @@
+#!/bin/sh
+#
+# BEGIN COPYRIGHT BLOCK
+# This Program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; version 2 of the License.
+# 
+# This Program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA.
+# 
+# In addition, as a special exception, Red Hat, Inc. gives You the additional
+# right to link the code of this Program with code not covered under the GNU
+# General Public License ("Non-GPL Code") and to distribute linked combinations
+# including the two, subject to the limitations in this paragraph. Non-GPL Code
+# permitted under this exception must only link to the code of this Program
+# through those well defined interfaces identified in the file named EXCEPTION
+# found in the source code files (the "Approved Interfaces"). The files of
+# Non-GPL Code may instantiate templates or use macros or inline functions from
+# the Approved Interfaces without causing the resulting work to be covered by
+# the GNU General Public License. Only Red Hat, Inc. may make changes or
+# additions to the list of Approved Interfaces. You must obey the GNU General
+# Public License in all respects for all of the Program code and other code used
+# in conjunction with the Program except the Non-GPL Code covered by this
+# exception. If you modify this file, you may extend this exception to your
+# version of the file, but you are not obligated to do so. If you do not wish to
+# provide this exception without modification, you must delete this exception
+# statement from your version and license this file solely under the GPL without
+# exception. 
+# 
+# Copyright (C) 2006 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+# This file is the wrapper around the security tools.  It just sets the
+# runtime library lookup path and invokes the actual binary with the given
+# arguments.  This file is copied to the actual name of the command e.g.
+# we get the binary certutil program from the NSS package.  When we package
+# it, we rename it to certutil-bin e.g. cp $(NSS)/certutil shared/bin/certutil-bin
+# This file is copied to certutil e.g. cp sec_tools_wrapper shared/bin/certutil
+
+# figure out where the libdir is based on the location of this shell script
+savedir=`pwd`
+bindir=`dirname $0`
+if test -n "$bindir" ; then
+    cd $bindir/../lib
+else
+# could be running as e.g. ./certutil or certutil if current dir is in PATH
+    cd ../lib
+fi
+# assume the libdir is ../lib from the bindir e.g. sroot/shared/bin and sroot/shared/lib
+libdir=`pwd`
+cd $savedir
+
+# cover our bases on ld libpaths
+SHLIB_PATH=$libdir
+LIBPATH=$libdir
+LD_LIBRARY_PATH=$libdir
+DYLD_PATH=$libdir
+export SHLIB_PATH LIBPATH LD_LIBRARY_PATH DYLD_PATH
+
+$0-bin ${1+"$@"}

ldap/cm/newinst/setup

@@ -289,8 +289,12 @@ SSLOff() {
 	if [ -d $sroot/admin-serv/config ]; then
 		adminSSLOff $sroot/admin-serv/config/adm.conf security: assecure.txt
 		adminSSLOff $sroot/admin-serv/config/local.conf configuration.nsServerSecurity: assecure.txt
-		adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt
-		adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt
+        if [ -f $sroot/admin-serv/config/magnus.conf ] ; then
+            adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt
+        fi
+        if [ -f $sroot/admin-serv/config/server.xml ] ; then
+            adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt
+        fi
 
 		if [ $isadminsslon -ne 0 ]; then
 			$sroot/start-admin

ldapserver.spec.tmpl

@@ -156,13 +156,10 @@ if [ "$1" -gt 1 ] ; then
             chown $usergroup $RPM_INSTALL_PREFIX/alias
         fi
     fi
-    for instance in `ls -d $RPM_INSTALL_PREFIX/slapd-*`
-    do
-      cp $RPM_INSTALL_PREFIX/bin/slapd/install/schema/00core.ldif $instance/config/schema
-    done
-    echo "Upgrade complete.  Please restart slapd then admin."
+    echo "Upgrade finished.  Please run $RPM_INSTALL_PREFIX/setup/setup to complete the upgrade." 
+else
+    echo "Install finished.  Please run $RPM_INSTALL_PREFIX/setup/setup to complete installation and set up the servers."
 fi
-echo "Install finished.  Please run $RPM_INSTALL_PREFIX/setup/setup to set up the servers."
 
 %preun
 # only run uninstall if this is the last version of the package