[Freeipa-devel] [PATCHES] SPEC: Require python2 version of sssd bindings

Wed Mar 18 12:10:09 UTC 2015

On Wed, 18 Mar 2015, Tomas Babej wrote:
>
>
>On 03/12/2015 01:58 PM, Alexander Bokovoy wrote:
>>On Thu, 12 Mar 2015, Alexander Bokovoy wrote:
>>>On Thu, 12 Mar 2015, Petr Vobornik wrote:
>>>>On 03/06/2015 03:13 PM, Alexander Bokovoy wrote:
>>>>>On Fri, 06 Mar 2015, Lukas Slebodnik wrote:
>>>>>>On (05/03/15 16:20), Petr Vobornik wrote:
>>>>>>>On 03/05/2015 11:23 AM, Lukas Slebodnik wrote:
>>>>>>>>On (05/03/15 08:54), Petr Vobornik wrote:
>>>>>>>>>On 02/27/2015 09:50 PM, Lukas Slebodnik wrote:
>>>>>>>>>>ehlo,
>>>>>>>>>>
>>>>>>>>>>Please review attached patches and fix freeipa in fedora 22 ASAP.
>>>>>>>>>>
>>>>>>>>>>I think the most critical is 1st patch
>>>>>>>>>>
>>>>>>>>>>sh$ git grep "SSSDConfig"  | grep import
>>>>>>>>>>install/tools/ipa-upgradeconfig:import SSSDConfig
>>>>>>>>>>ipa-client/ipa-install/ipa-client-automount:import SSSDConfig
>>>>>>>>>>ipa-client/ipa-install/ipa-client-install: import SSSDConfig
>>>>>>>>>>
>>>>>>>>>>BTW package python-sssdconfig is provides since sssd-1.10.0alpha1
>>>>>>>>>>(2013-04-02)
>>>>>>>>>>but it was not explicitely required.
>>>>>>>>>>
>>>>>>>>>>The latest python3 changes in sssd (fedora 22) is 
>>>>>>>>>>just a result of
>>>>>>>>>>negligent
>>>>>>>>>>packaging of freeipa.
>>>>>>>>>>
>>>>>>>>>>LS
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>Fedora 22 was amended.
>>>>>>>>>
>>>>>>>>>Patch 1: ACK
>>>>>>>>>
>>>>>>>>>Patch 2: ACK
>>>>>>>>>
>>>>>>>>>Patch3:
>>>>>>>>>the package name is libsss_nss_idmap-python not
>>>>>>>>>python-libsss_nss_idmap
>>>>>>>>>which already is required in adtrust package
>>>>>>>>In sssd upstream we decided to rename package
>>>>>>>>libsss_nss_idmap-python to
>>>>>>>>python-libsss_nss_idmap according to new rpm python guidelines.
>>>>>>>>The python3 version has alredy correct name.
>>>>>>>>
>>>>>>>>We will rename package in downstream with next major 
>>>>>>>>release (1.13).
>>>>>>>>Of course it we will add "Provides: libsss_nss_idmap-python".
>>>>>>>>
>>>>>>>>We can push 3rd patch later or I can update 3rd patch.
>>>>>>>>What do you prefer?
>>>>>>>>
>>>>>>>>Than you very much for review.
>>>>>>>>
>>>>>>>>LS
>>>>>>>>
>>>>>>>
>>>>>>>Patch 3 should be updated to not forget the remaining change in
>>>>>>>ipa-python
>>>>>>>package.
>>>>>>>
>>>>>>>It then should be updated downstream and master when 1.13 
>>>>>>>is released in
>>>>>>>Fedora, or in master sooner if SSSD 1.13 becomes the minimal version
>>>>>>>required
>>>>>>>by master.
>>>>>>
>>>>>>Fixed.
>>>>>>
>>>>>>BTW Why ther is a pylint comment for some sssd modules
>>>>>>I did not kave any pylint problems after removing comment.
>>>>>>
>>>>>>ipalib/plugins/trust.py:32:    import pysss_murmur #pylint: 
>>>>>>disable=F0401
>>>>>>ipalib/plugins/trust.py:38:    import pysss_nss_idmap #pylint:
>>>>>>disable=F0401
>>>>>>
>>>>>>
>>>>>>And why are these modules optional (try except)
>>>>>Because they are needed to properly load in the case trust subpackages
>>>>>are not installed, to generate proper messages to users who will try
>>>>>these commands, like 'ipa trust-add' while the infrastructure 
>>>>>is not in
>>>>>place.
>>>>>
>>>>>pylint is dumb for such cases.
>>>>>
>>>>>
>>>>
>>>>Alexander, the point was not to require python_nss_idmap and 
>>>>python-sss-murmur on ipa clients?
>>>Pylint is not used on ipa clients. The import statements do protection
>>>against failed import and that's what we use on the client side.
>>>
>>>>If so python-sss-murmur should be required only by trust-ad 
>>>>package and not python package (patch2). And patch 3 (adding 
>>>>libsss_nss_idmap-python to python package)  should not be used.
>>>We already have dependencies in trust-ad subpackage:
>>>%package server-trust-ad
>>>Summary: Virtual package to install packages required for Active 
>>>Directory trusts
>>>Group: System Environment/Base
>>>Requires: %{name}-server = %version-%release
>>>Requires: m2crypto
>>>Requires: samba-python
>>>Requires: samba >= %{samba_version}
>>>Requires: samba-winbind
>>>Requires: libsss_idmap
>>>Requires: libsss_nss_idmap-python
>>>
>>>However, we don't ship the original plugins in this package because
>>>otherwise you wouldn't be able to use 'ipa trust*' from any machine
>>>other than those where trust-ad subpackage is installed. That's why we
>>>use import statements and catch the import exceptions.
>>Sent too early.
>>
>>... and python-sss-murmur shoudl be required by trust-ad subpackage,
>>yes.
>>
>
>So what is the resolution here? Can we push patches 1 & 2?
ACK to patches 1 and 2.
-- 
/ Alexander Bokovoy