[Freeipa-devel] [PATCHES] SPEC: Require python2 version of sssd bindings

Thu Mar 12 12:53:18 UTC 2015

On Thu, 12 Mar 2015, Petr Vobornik wrote:
>On 03/06/2015 03:13 PM, Alexander Bokovoy wrote:
>>On Fri, 06 Mar 2015, Lukas Slebodnik wrote:
>>>On (05/03/15 16:20), Petr Vobornik wrote:
>>>>On 03/05/2015 11:23 AM, Lukas Slebodnik wrote:
>>>>>On (05/03/15 08:54), Petr Vobornik wrote:
>>>>>>On 02/27/2015 09:50 PM, Lukas Slebodnik wrote:
>>>>>>>ehlo,
>>>>>>>
>>>>>>>Please review attached patches and fix freeipa in fedora 22 ASAP.
>>>>>>>
>>>>>>>I think the most critical is 1st patch
>>>>>>>
>>>>>>>sh$ git grep "SSSDConfig"  | grep import
>>>>>>>install/tools/ipa-upgradeconfig:import SSSDConfig
>>>>>>>ipa-client/ipa-install/ipa-client-automount:import SSSDConfig
>>>>>>>ipa-client/ipa-install/ipa-client-install:    import SSSDConfig
>>>>>>>
>>>>>>>BTW package python-sssdconfig is provides since sssd-1.10.0alpha1
>>>>>>>(2013-04-02)
>>>>>>>but it was not explicitely required.
>>>>>>>
>>>>>>>The latest python3 changes in sssd (fedora 22) is just a result of
>>>>>>>negligent
>>>>>>>packaging of freeipa.
>>>>>>>
>>>>>>>LS
>>>>>>>
>>>>>>
>>>>>>Fedora 22 was amended.
>>>>>>
>>>>>>Patch 1: ACK
>>>>>>
>>>>>>Patch 2: ACK
>>>>>>
>>>>>>Patch3:
>>>>>>the package name is libsss_nss_idmap-python not
>>>>>>python-libsss_nss_idmap
>>>>>>which already is required in adtrust package
>>>>>In sssd upstream we decided to rename package
>>>>>libsss_nss_idmap-python to
>>>>>python-libsss_nss_idmap according to new rpm python guidelines.
>>>>>The python3 version has alredy correct name.
>>>>>
>>>>>We will rename package in downstream with next major release (1.13).
>>>>>Of course it we will add "Provides: libsss_nss_idmap-python".
>>>>>
>>>>>We can push 3rd patch later or I can update 3rd patch.
>>>>>What do you prefer?
>>>>>
>>>>>Than you very much for review.
>>>>>
>>>>>LS
>>>>>
>>>>
>>>>Patch 3 should be updated to not forget the remaining change in
>>>>ipa-python
>>>>package.
>>>>
>>>>It then should be updated downstream and master when 1.13 is released in
>>>>Fedora, or in master sooner if SSSD 1.13 becomes the minimal version
>>>>required
>>>>by master.
>>>
>>>Fixed.
>>>
>>>BTW Why ther is a pylint comment for some sssd modules
>>>I did not kave any pylint problems after removing comment.
>>>
>>>ipalib/plugins/trust.py:32:    import pysss_murmur #pylint: disable=F0401
>>>ipalib/plugins/trust.py:38:    import pysss_nss_idmap #pylint:
>>>disable=F0401
>>>
>>>
>>>And why are these modules optional (try except)
>>Because they are needed to properly load in the case trust subpackages
>>are not installed, to generate proper messages to users who will try
>>these commands, like 'ipa trust-add' while the infrastructure is not in
>>place.
>>
>>pylint is dumb for such cases.
>>
>>
>
>Alexander, the point was not to require python_nss_idmap and 
>python-sss-murmur on ipa clients?
Pylint is not used on ipa clients. The import statements do protection
against failed import and that's what we use on the client side.

>If so python-sss-murmur should be required only by trust-ad package 
>and not python package (patch2). And patch 3 (adding 
>libsss_nss_idmap-python to python package)  should not be used.
We already have dependencies in trust-ad subpackage:
%package server-trust-ad
Summary: Virtual package to install packages required for Active Directory trusts
Group: System Environment/Base
Requires: %{name}-server = %version-%release
Requires: m2crypto
Requires: samba-python
Requires: samba >= %{samba_version}
Requires: samba-winbind
Requires: libsss_idmap
Requires: libsss_nss_idmap-python

However, we don't ship the original plugins in this package because
otherwise you wouldn't be able to use 'ipa trust*' from any machine
other than those where trust-ad subpackage is installed. That's why we
use import statements and catch the import exceptions.

-- 
/ Alexander Bokovoy