[Freeipa-devel] Remaining issues before adding Debian platform support

Timo Aaltonen tjaalton at ubuntu.com
Mon Oct 5 15:00:36 UTC 2015 

	Hi

  I'm not sure if the goal is to be able to build IPA on Debian from
git/tarballs, but here's a list of what would need to be fixed first to
get there:

- places where usernames have been hardcoded need something like
ipaplatform/base/paths.py:
  apache -> www-data in:
  * ipaserver/install/httpinstance.py
  * ipaserver/install/ipa_server_certinstall.py
  * ipaserver/install/cainstance.py
  * ipaserver/install/certs.py
  named -> bind in:
  * ipaserver/install/bindinstance.py

- config/service files that use hardcoded paths in them need to be moved
to a template, and use paths.py macros:
  * install/conf/ipa.conf
  * init/systemd/ipa_memcached.service

- same but with hardcoded usernames
  * init/ipa_memcached.conf

- ipaserver/install/httpinstance.py needs to run "a2enmod/a2dismod nss"
because libapache2-mod-nss doesn't enable it on install (can't remember
why, but there was a good reason..)

- various places using Fedora-specific libpaths (/usr/lib vs.
/usr/lib64), whereas on Debian these are /usr/lib/<tuple>, see
https://wiki.debian.org/Multiarch/Tuples
  * ipaserver/install/ldapupdate.py
  * ipapython/certmonger.py
  * ipaserver/install/certs.py
  * ipaserver/install/ipa_backup.py
  * ipaserver/install/ipa_restore.py

- ntp daemon defaults use a different variable name (OPTIONS vs
NTPD_OPTS), and quotes (" vs. ')
  * ipaserver/install/ntpinstance.py

- "Include conf.d/ipa-rewrite.conf" in httpinstance.py needs to use an
absolute path with HTTPD_CONF_D, or HTTPD_CONF_D repurposed to only have
'conf.d' on Fedora and then conf-enabled on Debian

- install/share/bind.named.conf.template needs to drop the default zone
on Debian, since that's already configured via includes (-> bind fails
to start), so a template file with an exception for Debian would fix it

- Makefile needs to use --install-layout=deb for setup.py

- ipa-client/ipa-install/ipa-client-automount needs to check for
variable named 'NEED_GSSD' on debian, so ipaplatform/base/vars.py? (same
for NTPD_OPTS)


There.. that should be all I think :) Oh, forgot that currently dnssec
needs to be disabled by some heavy patching, because 9.10.x isn't
packaged yet..


-- 
t

More information about the Freeipa-devel mailing list