[Freeipa-devel] [PATCH 0052] Create server-dns sub-package
Petr Spacek
pspacek at redhat.com
Tue Jul 14 12:33:01 UTC 2015
On 2.7.2015 09:56, Petr Spacek wrote:
> On 2.7.2015 09:36, Alexander Bokovoy wrote:
>> On Thu, 02 Jul 2015, Jan Cholasta wrote:
>>>>>>> Can this be done without adding server-core?
>>>>>> I'm not aware of such method (except of adding all DNS dependencies as
>>>>>> Requires straight into freeipa-server package).
>>>>>>
>>>>>>> Because it's not server core,
>>>>>>> it's the whole thing! Or maybe just rename it to server-common?
>>>>>>
>>>>>> I'm fine with 'common'. Ticket 4058 calls for sub-package for CA too
>>>>>> so my
>>>>>> idea was to create 'core' package which will be gradually reduced
>>>>>> more and more.
>>>>>
>>>>> Well, I don't like the fact that in order to install IPA server
>>>>> without DNS you have to install freeipa-server-core instead of just
>>>>> freeipa-server. Fedora packaging guidelines [1] state that the
>>>>> metapackage should be named freeipa-server-compat, so I guess renaming
>>>>> freeipa-server to freeipa-server-compat and freeipa-server-core to
>>>>> freeipa-server is good enough.
>>>> I think you are misunderstanding what the guidelines say. -compat
>>>> subpackage is something that only contains Requires: and Obsoletes:, to
>>>> help to pull the right packages. It is not supposed to be a
>>>> full-featured package with content.
>>>
>>> With Petr's patch, freeipa-server is exactly that - a metapackage with
>>> requires and obsoletes only - hence my suggestion to rename it according to
>>> the guidelines.
>> That's not good.
>>
>>>> I think we are good enough with freeipa-server-dns. We have the same
>>>> situation with freeipa-server-trust-ad -- it is not required by the main
>>>> package and pulls in Samba-related bits. We also don't have any -compat
>>>> or metapackage for it.
>>>
>>> freeipa-server-dns is fine, what is IMO not fine is that it *is* required by
>>> the main freeipa-server package, *unlike* freeipa-server-trust-ad.
>>>
>>> We don't have a compat metapackage for freeipa-server-trust-ad, because
>>> there are no upgrade issues with it, which is what Petr is trying to solve
>>> with his patch.
>> So, the issue is that for installed bind+bind-dyndb-ldap combination we
>> need to switch to bind-pkcs11+bind-dyndb-ldap. Maybe instead of
>> modifying main freeipa package we could modify bind-dyndb-ldap package
>> to require bind-pkcs11 and corresponding bits of freeipa packages?
>
> Unfortunately, no.
> - bind-dyndb-ldap itself is used & supported even without FreeIPA.
> - bind-pkcs11 depends on properly configured SoftHSM (or other PKCS#11 provider)
> => upgrade could break non-FreeIPA installations.
>
> I'm attempting to rework the patch now, stay tuned.
Apparently this thread was abandoned during my PTO so I'm sending new patch
here. It includes the -compat package and works with YUM and DNF.
--
Petr^2 Spacek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pspacek-0052-2-Create-server-dns-sub-package.patch
Type: text/x-patch
Size: 6472 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150714/185dc1c6/attachment.bin>
More information about the Freeipa-devel
mailing list