[Freeipa-devel] [SSSD] FreeIPA on Debian

Dmitri Pal dpal at redhat.com
Sun Sep 1 18:43:05 UTC 2013


On 09/01/2013 02:20 PM, Timo Aaltonen wrote:
> On 31.08.2013 00:04, Dmitri Pal wrote:
>> Hello,
>>
>> Sorry for cross posting to 4 different lists but it seems that this is
>> the best way to include most of people who might be interested in this
>> discussion.
>>
>> The question of "When FreeIPA will be available on Debian?" has been
>> coming up periodically on the list(s) without any resolution. However it
>> is clear that it would be beneficial for the community and the project.
> Hi,
>
> As you know, I've been packaging stuff for the past two years with the
> goal of eventually having FreeIPA server on Debian/Ubuntu. A lot has
> been accomplished, but quite a bit is still missing too..
>
>> May be it is time to try again?
>> Let us see why it yet has not happened?
>>
>> 1) Some components need to be ported to Debian especially Dogtag and a
>> slew of its new RESTEasy dependencies. This requires time and quite an
>> effort from someone familiar with the domain.
> Yes, this is the biggest blocker. Dogtag 9 is packaged in git and
> working, but I'm not going to push that to the distro. It can be used
> for testing the IPA server though, before we have Dogtag 10. Once the
> prereqs are in place the Dogtag git should be easy to rebase with 10.x.
>
> I did start packaging some of the dependencies, but hit a wall when some
> maven component needed a different release than another one.. AIUI this
> is a known issue with maven based projects..
>
> Other blockers off the top of my head include:
>
> - support for shared certificate database in NSS
>   * patches sent to the Debian bug (#537866), maintainer isn't too
>     responsive

How can we help?

> - dyndb support in bind
>   * haven't asked the maintainer to add it to bind9, it might happen

Are you talking about byndb maintainer or bind9 Debian maintainer?
May be we should connect the two?

> - porting the IPA server installer for Debian
>   * this has been discussed on the list at some point, and I guess
>     upstream knows best how the code needs to be organized to make it
>     happen..

Yes I how so too.

>
>> 2) The code needs to be changed in installer and potentially in other
>> places as it might have had some Fedorizms blended in
> yep, and I need to send the platform module for the client soon, the
> latest version seems to be working fine.

This is great.

>
>> 3) Someone needs to own packages in Debian and maintain them, someone
>> with good knowledge of the distro and time to take ownership of about 50
>> packages.
> I'm doing this on my spare time, which has meant obvious delays in
> shipping something. Would be great to have more skillful people (pun
> intended) on the pkg-freeipa team..

Are you the only person there so far?

>
>> Can we pull it off together this time?
>> Say we plan for some Dogtag and IPA domain experts to work on the port
>> during Nov 13 - Feb 14 and address 1) and 2). Would there be any
>> interest to join forces with them? Would there be anyone to take on item
>> 3) from the list above?
> I could send an email to debian-devel@ asking if someone is interested
> in helping us out. And maybe blog about it too (on planet.ubuntu.com)..
>
>
Yes that would help.

Thank you very much for your efforts!

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/






More information about the Freeipa-devel mailing list