[Freeipa-devel] [PATCHES] SPEC: Require python2 version of sssd bindings

Wed Mar 18 11:49:15 UTC 2015

On 03/12/2015 01:58 PM, Alexander Bokovoy wrote:
> On Thu, 12 Mar 2015, Alexander Bokovoy wrote:
>> On Thu, 12 Mar 2015, Petr Vobornik wrote:
>>> On 03/06/2015 03:13 PM, Alexander Bokovoy wrote:
>>>> On Fri, 06 Mar 2015, Lukas Slebodnik wrote:
>>>>> On (05/03/15 16:20), Petr Vobornik wrote:
>>>>>> On 03/05/2015 11:23 AM, Lukas Slebodnik wrote:
>>>>>>> On (05/03/15 08:54), Petr Vobornik wrote:
>>>>>>>> On 02/27/2015 09:50 PM, Lukas Slebodnik wrote:
>>>>>>>>> ehlo,
>>>>>>>>>
>>>>>>>>> Please review attached patches and fix freeipa in fedora 22 ASAP.
>>>>>>>>>
>>>>>>>>> I think the most critical is 1st patch
>>>>>>>>>
>>>>>>>>> sh$ git grep "SSSDConfig"  | grep import
>>>>>>>>> install/tools/ipa-upgradeconfig:import SSSDConfig
>>>>>>>>> ipa-client/ipa-install/ipa-client-automount:import SSSDConfig
>>>>>>>>> ipa-client/ipa-install/ipa-client-install: import SSSDConfig
>>>>>>>>>
>>>>>>>>> BTW package python-sssdconfig is provides since sssd-1.10.0alpha1
>>>>>>>>> (2013-04-02)
>>>>>>>>> but it was not explicitely required.
>>>>>>>>>
>>>>>>>>> The latest python3 changes in sssd (fedora 22) is just a 
>>>>>>>>> result of
>>>>>>>>> negligent
>>>>>>>>> packaging of freeipa.
>>>>>>>>>
>>>>>>>>> LS
>>>>>>>>>
>>>>>>>>
>>>>>>>> Fedora 22 was amended.
>>>>>>>>
>>>>>>>> Patch 1: ACK
>>>>>>>>
>>>>>>>> Patch 2: ACK
>>>>>>>>
>>>>>>>> Patch3:
>>>>>>>> the package name is libsss_nss_idmap-python not
>>>>>>>> python-libsss_nss_idmap
>>>>>>>> which already is required in adtrust package
>>>>>>> In sssd upstream we decided to rename package
>>>>>>> libsss_nss_idmap-python to
>>>>>>> python-libsss_nss_idmap according to new rpm python guidelines.
>>>>>>> The python3 version has alredy correct name.
>>>>>>>
>>>>>>> We will rename package in downstream with next major release 
>>>>>>> (1.13).
>>>>>>> Of course it we will add "Provides: libsss_nss_idmap-python".
>>>>>>>
>>>>>>> We can push 3rd patch later or I can update 3rd patch.
>>>>>>> What do you prefer?
>>>>>>>
>>>>>>> Than you very much for review.
>>>>>>>
>>>>>>> LS
>>>>>>>
>>>>>>
>>>>>> Patch 3 should be updated to not forget the remaining change in
>>>>>> ipa-python
>>>>>> package.
>>>>>>
>>>>>> It then should be updated downstream and master when 1.13 is 
>>>>>> released in
>>>>>> Fedora, or in master sooner if SSSD 1.13 becomes the minimal version
>>>>>> required
>>>>>> by master.
>>>>>
>>>>> Fixed.
>>>>>
>>>>> BTW Why ther is a pylint comment for some sssd modules
>>>>> I did not kave any pylint problems after removing comment.
>>>>>
>>>>> ipalib/plugins/trust.py:32:    import pysss_murmur #pylint: 
>>>>> disable=F0401
>>>>> ipalib/plugins/trust.py:38:    import pysss_nss_idmap #pylint:
>>>>> disable=F0401
>>>>>
>>>>>
>>>>> And why are these modules optional (try except)
>>>> Because they are needed to properly load in the case trust subpackages
>>>> are not installed, to generate proper messages to users who will try
>>>> these commands, like 'ipa trust-add' while the infrastructure is 
>>>> not in
>>>> place.
>>>>
>>>> pylint is dumb for such cases.
>>>>
>>>>
>>>
>>> Alexander, the point was not to require python_nss_idmap and 
>>> python-sss-murmur on ipa clients?
>> Pylint is not used on ipa clients. The import statements do protection
>> against failed import and that's what we use on the client side.
>>
>>> If so python-sss-murmur should be required only by trust-ad package 
>>> and not python package (patch2). And patch 3 (adding 
>>> libsss_nss_idmap-python to python package)  should not be used.
>> We already have dependencies in trust-ad subpackage:
>> %package server-trust-ad
>> Summary: Virtual package to install packages required for Active 
>> Directory trusts
>> Group: System Environment/Base
>> Requires: %{name}-server = %version-%release
>> Requires: m2crypto
>> Requires: samba-python
>> Requires: samba >= %{samba_version}
>> Requires: samba-winbind
>> Requires: libsss_idmap
>> Requires: libsss_nss_idmap-python
>>
>> However, we don't ship the original plugins in this package because
>> otherwise you wouldn't be able to use 'ipa trust*' from any machine
>> other than those where trust-ad subpackage is installed. That's why we
>> use import statements and catch the import exceptions.
> Sent too early.
>
> ... and python-sss-murmur shoudl be required by trust-ad subpackage,
> yes.
>

So what is the resolution here? Can we push patches 1 & 2?

Tomas