[Freeipa-devel] import rpm causes failure during IPA caless install

Fri Jan 8 13:48:48 UTC 2016

On 8.1.2016 14:34, Martin Kosek wrote:
> On 01/08/2016 02:32 PM, Martin Kosek wrote:
>> On 01/08/2016 02:22 PM, Jan Cholasta wrote:
>>> On 8.1.2016 14:13, Martin Basti wrote:
>>>>
>>>>
>>>> On 08.01.2016 14:14, Jan Cholasta wrote:
>>>>> On 8.1.2016 14:09, Martin Basti wrote:
>>>>>>
>>>>>>
>>>>>> On 08.01.2016 14:00, Martin Kosek wrote:
>>>>>>> On 01/08/2016 01:45 PM, Martin Basti wrote:
>>>>>>>> Hello all,
>>>>>>>>
>>>>>>>> fix for ticket https://fedorahosted.org/freeipa/ticket/5535
>>>>>>>> requires to import rpm module
>>>>>>>>
>>>>>>>> This import somehow breaks nsslib in IPA
>>>>>>>> https://fedorahosted.org/freeipa/ticket/5572
>>>>>>>>
>>>>>>>>
>>>>>>>> We have 2 ways how to fix it:
>>>>>>>>
>>>>>>>> 1) move import rpm to body of methods (attached patch)
>>>>>>>> We are not sure how stable is this solution.
>>>>>>>>
>>>>>>>> 2) use solution with rpmdevtools proposed here:
>>>>>>>> https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
>>>>>>>>
>>>>>>>> This should be rock stable but it needs many dependencies (rpm-python
>>>>>>>> too, perl)
>>>>>>>>
>>>>>>>> The second way looks safer, so I would like to reimplement it, do you
>>>>>>>> all agree
>>>>>>>> or do you have better idea?
>>>>>>>> Feedback welcome, please ASAP.
>>>>>>>>
>>>>>>>> Martin^2
>>>>>>> Since it's Friday, I invested 15 minutes to practice my C skills and
>>>>>>> use the
>>>>>>> python-cffi library to call rpm rpmvercmp library call directly
>>>>>>> (attached):
>>>>>>>
>>>>>>> $ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
>>>>>>> 4.2.0-15.el7 < 4.2.0-15.el7_2.3
>>>>>>>
>>>>>>> This would not introduce any additional dependency besides rpm-devel,
>>>>>>> right? :-)
>>>>>
>>>>> Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").
>>>>>
>>>>>> I'm afraid that this can cause the same issue as import rpm, because the
>>>>>> nsslib is used from C library
>>>>>
>>>>> I would be surprised if NSS was used in this particular function.
>>>>>
>>>> I will try it
>>>
>>> No NSS here:
>>> <https://github.com/rpm-software-management/rpm/blob/master/lib/rpmvercmp.c>
>>
>> What line? I must miss something...
>
> Please ignore the above, I somehow read it as "No, NSS here" :-)
>
>>
>>> Anyway, the function looks simple, so it might be safer to just rewrite it to
>>> Python, with no new dependencies.
>>
>> I would personally rather use the first proposal of rpmdevtools, rather than
>> rewriting it ourselves. IMO, rewriting the function is the worst option actually.
>
> Still, how is reimplementing NSS function safer than calling their library
> function? I checked that rpm-devel is not required, BTW.

Loading a library and going through cffi just to call ~20 lines of code 
seems like an overkill to me.

(TBH I don't care how this is implemented, relying on linear versioning 
is broken by design, one way or another.)

-- 
Jan Cholasta