[Freeipa-devel] Q: dnsclient portability

Alexander Bokovoy abokovoy at redhat.com
Fri Dec 2 12:58:37 UTC 2011 

Hi,

I'm working on ticket https://fedorahosted.org/freeipa/ticket/1837 
which concerns portability of ipapython.dnsclient module.

ipapython.dnsclient module uses acutil module to perform 'res_send(3)' 
call provided by libresolv. acutil implements bindings to two system 
calls (res_send() and getusershell()) and belongs to authconfig 
package. The total size of acutil module source code is ~100 lines of 
C code.

Now, authconfig package is not available beyond Fedora/RHEL 
distributions and, in particular, it is not available in 
Ubuntu / GNU/Debian Linux. It means ipapython.dnsclient will fail on 
those platforms and a way of getting around the issue needs to be 
found.

So far, there are two options:

1. Extract acutil module from authconfig and supply it with 
freeipa-python in a manner similar to default_encoding module. This is 
'cheapest' solution in a sense we only interested in bindings to 
res_send(3). FreeIPA client code then will be self-contained and would 
not depend on authconfig availability (platform portability code 
already allows to re-implement authconfig implementation).

2. Port ipapython.dnsclient to use dnspython module if acutil is not 
available. This module, available from http://www.dnspython.org/, can 
be found in Fedora, GNU/Debian Linux, Ubuntu and many other 
distributions. It is python-only resolver providing a super-set of 
ipapython.dnsclient features.

The downside of the first approach is a need to distribute and 
maintain another CPython extension. Though the code is straight 
forward and simple enough, it is still a separate maintenance burden.

The downside of the second approach is to write a bridge code between 
ipapython.dnsclient API and dnspython API. They are different enough 
so that remapping of fields in objects resulting from a query is 
needed.

I've started to implement the bridge code myself but it is quickly 
getting to the level of effort original ipapython.dnsclient has 
(due to API differences in attributes names) and that means it is 
probably not worth it.

What do you think?

-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list