[Freeipa-devel] [SSSD] FreeIPA on Debian

[Nathan Kinder]

On 09/01/2013 01:35 PM, Timo Aaltonen wrote:
> On 01.09.2013 21:43, Dmitri Pal wrote:
>> On 09/01/2013 02:20 PM, Timo Aaltonen wrote:
>>> On 31.08.2013 00:04, Dmitri Pal wrote:
>>>> Hello,
>>>>
>>>> Sorry for cross posting to 4 different lists but it seems that this is
>>>> the best way to include most of people who might be interested in this
>>>> discussion.
>>>>
>>>> The question of "When FreeIPA will be available on Debian?" has been
>>>> coming up periodically on the list(s) without any resolution. However it
>>>> is clear that it would be beneficial for the community and the project.
>>> Hi,
>>>
>>> As you know, I've been packaging stuff for the past two years with the
>>> goal of eventually having FreeIPA server on Debian/Ubuntu. A lot has
>>> been accomplished, but quite a bit is still missing too..
>>>
>>>> May be it is time to try again?
>>>> Let us see why it yet has not happened?
>>>>
>>>> 1) Some components need to be ported to Debian especially Dogtag and a
>>>> slew of its new RESTEasy dependencies. This requires time and quite an
>>>> effort from someone familiar with the domain.
>>> Yes, this is the biggest blocker. Dogtag 9 is packaged in git and
>>> working, but I'm not going to push that to the distro. It can be used
>>> for testing the IPA server though, before we have Dogtag 10. Once the
>>> prereqs are in place the Dogtag git should be easy to rebase with 10.x.
>>>
>>> I did start packaging some of the dependencies, but hit a wall when some
>>> maven component needed a different release than another one.. AIUI this
>>> is a known issue with maven based projects..
I would like to organize the effort to get Dogtag 10 ported to Debian.  
I know that there are a lot of dependencies needed for this to happen.  
I can create and maintain a wiki page to track all of the work that is 
needed to get this porting done.  Do you have a list of Dogtag 10 
dependencies that are not currently packaged for Debian that I can use 
as a starting point?  Once we have a clear outline of what is needed, we 
can start trying to divide up and schedule the work.

Do you have more details on the maven issue you were running up against?

Thanks,
-NGK
>>>
>>> Other blockers off the top of my head include:
>>>
>>> - support for shared certificate database in NSS
>>>    * patches sent to the Debian bug (#537866), maintainer isn't too
>>>      responsive
>> How can we help?
> I don't think you can, guess it just needs some perseverance on my side..
>
>>> - dyndb support in bind
>>>    * haven't asked the maintainer to add it to bind9, it might happen
>> Are you talking about byndb maintainer or bind9 Debian maintainer?
>> May be we should connect the two?
> the debian bind maintainer, I heard from the dyndb maintainer that
> bind10 might support it natively, but getting that in Debian might still
> be further in the future, so if we'd need dyndb by early next year it's
> probably needed to have it via bind9 first.
>
>>>> 3) Someone needs to own packages in Debian and maintain them, someone
>>>> with good knowledge of the distro and time to take ownership of about 50
>>>> packages.
>>> I'm doing this on my spare time, which has meant obvious delays in
>>> shipping something. Would be great to have more skillful people (pun
>>> intended) on the pkg-freeipa team..
>> Are you the only person there so far?
> pretty much, there have been some debian developers sponsoring packages
> to the distro (I'm not a DD yet), but they've all fled before too long :)
>