[Freeipa-devel] [SSSD] FreeIPA on Debian

Timo Aaltonen tjaalton at ubuntu.com
Sun Sep 1 18:20:30 UTC 2013 

On 31.08.2013 00:04, Dmitri Pal wrote:
> Hello,
> 
> Sorry for cross posting to 4 different lists but it seems that this is
> the best way to include most of people who might be interested in this
> discussion.
> 
> The question of "When FreeIPA will be available on Debian?" has been
> coming up periodically on the list(s) without any resolution. However it
> is clear that it would be beneficial for the community and the project.

Hi,

As you know, I've been packaging stuff for the past two years with the
goal of eventually having FreeIPA server on Debian/Ubuntu. A lot has
been accomplished, but quite a bit is still missing too..

> May be it is time to try again?
> Let us see why it yet has not happened?
> 
> 1) Some components need to be ported to Debian especially Dogtag and a
> slew of its new RESTEasy dependencies. This requires time and quite an
> effort from someone familiar with the domain.

Yes, this is the biggest blocker. Dogtag 9 is packaged in git and
working, but I'm not going to push that to the distro. It can be used
for testing the IPA server though, before we have Dogtag 10. Once the
prereqs are in place the Dogtag git should be easy to rebase with 10.x.

I did start packaging some of the dependencies, but hit a wall when some
maven component needed a different release than another one.. AIUI this
is a known issue with maven based projects..

Other blockers off the top of my head include:

- support for shared certificate database in NSS
  * patches sent to the Debian bug (#537866), maintainer isn't too
    responsive
- dyndb support in bind
  * haven't asked the maintainer to add it to bind9, it might happen
- porting the IPA server installer for Debian
  * this has been discussed on the list at some point, and I guess
    upstream knows best how the code needs to be organized to make it
    happen..

> 2) The code needs to be changed in installer and potentially in other
> places as it might have had some Fedorizms blended in

yep, and I need to send the platform module for the client soon, the
latest version seems to be working fine.

> 3) Someone needs to own packages in Debian and maintain them, someone
> with good knowledge of the distro and time to take ownership of about 50
> packages.

I'm doing this on my spare time, which has meant obvious delays in
shipping something. Would be great to have more skillful people (pun
intended) on the pkg-freeipa team..

> Can we pull it off together this time?
> Say we plan for some Dogtag and IPA domain experts to work on the port
> during Nov 13 - Feb 14 and address 1) and 2). Would there be any
> interest to join forces with them? Would there be anyone to take on item
> 3) from the list above?

I could send an email to debian-devel@ asking if someone is interested
in helping us out. And maybe blog about it too (on planet.ubuntu.com)..


-- 
t

More information about the Freeipa-devel mailing list