[Freeipa-devel] [PATCH 0052] Create server-dns sub-package

Fri Jul 17 08:42:55 UTC 2015

On 07/17/2015 05:46 AM, Jan Cholasta wrote:
> Dne 16.7.2015 v 16:50 Alexander Bokovoy napsal(a):
>> On Thu, 16 Jul 2015, Petr Spacek wrote:
>>> Third version of the patch is attached, please view.
>>>
>>> Behavior:
>>> - freeipa-server package continues to exist and does not include DNS
>>> dependencies
>>> - freeipa-server-dns package is new and requires all DNS dependencies
>>> - install freeipa-server will not pull DNS dependencies
>>> - upgrade from freeipa-server < 4.2.0 will pull freeipa-server-dns
>>> package
>>>
>>> It turns out that nobody noticed missing Obsoletes in freeipa-server
>>> package.
>>>
>>> Please review.
>> I like this. Looks clean and does keep previous behavior. I think we can
>> live with upgrade pulling freeipa-server-dns even in the environments
>> where DNS wasn't really used.
>>
>>>
>>> Note: Condition "Obsoletes: %{name}-server < 4.2.0"
>>> should be amended per-distro/per-repo so it contains latest version
>>> number
>>> which was available in form of RPM packages for that distro/repo (COPR).
>>
>> May be just add the comment above into commit message? This and we'll
>> need to add an entry into RPM changelog in the actual Fedora package
>> that upgrade from pre-4.2.0 will pull freeipa-server-dns even if
>> integrated DNS server is not used and recommend people to remove the
>> package is they are not interested.
>>
>> ACK.
> 
> +1
> 
>>
>>> From c8486993b0b624ab7aa7b118e8ee7e420dd97891 Mon Sep 17 00:00:00 2001
>>> From: Petr Spacek <pspacek at redhat.com>
>>> Date: Thu, 16 Jul 2015 15:09:45 +0200
>>> Subject: [PATCH] Create server-dns sub-package.
>>>
>>> This allows us to automatically pull in package bind-pkcs11
>>> and thus create upgrade path for on CentOS 7.1 -> 7.2.
>>>
>>> IPA previously had no requires on BIND packages and these had to be
>>> installed manually before first ipa-dns-install run.
>>> We need to pull additional bind-pkcs11 package during RPM upgrade
>>> so ipa-dns-install cannot help with this.
>>>
>>> https://fedorahosted.org/freeipa/ticket/4058
>>> ---
>>> freeipa.spec.in | 51 +++++++++++++++++++++++++++++++++++----------------
>>> 1 file changed, 35 insertions(+), 16 deletions(-)
>>>
>>> diff --git a/freeipa.spec.in b/freeipa.spec.in
>>> index
>>> fabfaee619d4cf0203b2f87d7fe804c2e72026f3..60c28fd5d8b4c14f5fd583735db469a65cdb5331
>>>
>>> 100644
>>> --- a/freeipa.spec.in
>>> +++ b/freeipa.spec.in
>>> @@ -165,25 +165,13 @@ Requires: %{etc_systemd_dir}
>>>
>>> Conflicts: %{alt_name}-server
>>> Obsoletes: %{alt_name}-server < %{version}
>>> +# upgrade path from monolithic -server to -server + -server-dns
>>> +Obsoletes: %{name}-server < 4.2.0
> 
> Nitpick: I'd like to keep this visually separate from the alt_name
> bussiness, please move it below the "Obsoletes: freeipa-server-selinux <
> 3.3.0" line and separate them with an empty line.
> 
>>>
>>> # With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
>>> # entire SELinux policy is stored in the system policy
>>> Obsoletes: freeipa-server-selinux < 3.3.0
>>>
>>> -# We have a soft-requires on bind. It is an optional part of
>>> -# IPA but if it is configured we need a way to require versions
>>> -# that work for us.
>>> -Conflicts: bind-dyndb-ldap < 6.0-4
>>> -%if 0%{?fedora} >= 21
>>> -Conflicts: bind < 9.9.6-3
>>> -Conflicts: bind-utils < 9.9.6-3
>>> -%else
>>> -Conflicts: bind < 9.9.4-21
>>> -Conflicts: bind-utils < 9.9.4-21
>>> -%endif
>>> -# DNSSEC
>>> -Conflicts: opendnssec < 1.4.6-4
>>> -
>>> # Versions of nss-pam-ldapd < 0.8.4 require a mapping from
>>> uniqueMember to
>>> # member.
>>> Conflicts: nss-pam-ldapd < 0.8.4
>>> @@ -197,6 +185,35 @@ to install this package (in other words, most
>>> people should NOT install
>>> this package).
>>>
>>>
>>> +%package server-dns
>>> +Summary: IPA integrated DNS server with support for automatic DNSSEC
>>> signing
>>> +Group: System Environment/Base
>>> +Requires: %{name}-server = %{version}-%{release}
>>> +Requires: bind-dyndb-ldap >= 6.0-4
>>> +%if 0%{?fedora} >= 21
>>> +Requires: bind >= 9.9.6-3
>>> +Requires: bind-utils >= 9.9.6-3
>>> +Requires: bind-pkcs11 >= 9.9.6-3
>>> +Requires: bind-pkcs11-utils >= 9.9.6-3
>>> +%else
>>> +Requires: bind >= 9.9.4-21
>>> +Requires: bind-utils >= 9.9.4-21
>>> +Requires: bind-pkcs11 >= 9.9.4-21
>>> +Requires: bind-pkcs11-utils >= 9.9.4-21
>>> +%endif
>>> +Requires: opendnssec >= 1.4.6-4
>>> +
>>> +Conflicts: %{alt_name}-server-dns
>>> +Obsoletes: %{alt_name}-server-dns < %{version}
>>> +
>>> +# upgrade path from monolithic -server to -server + -server-dns
>>> +Obsoletes: %{name}-server < 4.2.0
>>> +
>>> +%description server-dns
>>> +IPA integrated DNS server with support for automatic DNSSEC signing.
>>> +Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
>>> +
>>> +
>>> %package server-trust-ad
>>> Summary: Virtual package to install packages required for Active
>>> Directory trusts
>>> Group: System Environment/Base
>>> @@ -683,7 +700,6 @@ fi
>>> %{_sbindir}/ipa-backup
>>> %{_sbindir}/ipa-restore
>>> %{_sbindir}/ipa-ca-install
>>> -%{_sbindir}/ipa-dns-install
>>> %{_sbindir}/ipa-kra-install
>>> %{_sbindir}/ipa-server-install
>>> %{_sbindir}/ipa-replica-conncheck
>>> @@ -857,7 +873,6 @@ fi
>>> %{_mandir}/man1/ipa-server-certinstall.1.gz
>>> %{_mandir}/man1/ipa-server-install.1.gz
>>> %{_mandir}/man1/ipa-server-upgrade.1.gz
>>> -%{_mandir}/man1/ipa-dns-install.1.gz
>>> %{_mandir}/man1/ipa-ca-install.1.gz
>>> %{_mandir}/man1/ipa-kra-install.1.gz
>>> %{_mandir}/man1/ipa-compat-manage.1.gz
>>> @@ -873,6 +888,10 @@ fi
>>> %{_mandir}/man1/ipa-cacert-manage.1.gz
>>> %{_mandir}/man1/ipa-winsync-migrate.1.gz
>>>
>>> +%files server-dns
>>> +%{_sbindir}/ipa-dns-install
>>> +%{_mandir}/man1/ipa-dns-install.1.gz
>>> +
>>> %files server-trust-ad
>>> %{_sbindir}/ipa-adtrust-install
>>> %{_usr}/share/ipa/smb.conf.empty
>>> -- 
>>> 2.4.3
>>>
>>
>>
> 
> 

I fixed the issues Honza had with formatting and changed the < 4.2.0 to
<= 4.2.0.

Pushed to:
master: f1f3ef478d8d2786269a919bb428cb2ee5372ba6
ipa-4-2: f555fe95dba9ec453fa10f160089dcc5404f724a