[Freeipa-devel] [PATCH 0052] Create server-dns sub-package

Jan Cholasta jcholast at redhat.com
Thu Jul 2 06:57:00 UTC 2015 

Dne 1.7.2015 v 15:25 Petr Spacek napsal(a):
> On 1.7.2015 15:13, Jan Cholasta wrote:
>> Hi,
>>
>> Dne 1.7.2015 v 14:12 Petr Spacek napsal(a):
>>> Hello,
>>>
>>> Create server-dns sub-package.
>>>
>>> This allows us to automatically pull in package bind-pkcs11
>>> and thus create upgrade path for on CentOS 7.1 -> 7.2.
>>>
>>> IPA previously had no requires on BIND packages and these had to be
>>> installed manually before first ipa-dns-install run.
>>> We need to pull additional bind-pkcs11 package during RPM upgrade
>>> so ipa-dns-install cannot help with this.
>>>
>>> https://fedorahosted.org/freeipa/ticket/4058
>>
>> Can this be done without adding server-core?
> I'm not aware of such method (except of adding all DNS dependencies as
> Requires straight into freeipa-server package).
>
>> Because it's not server core,
>> it's the whole thing! Or maybe just rename it to server-common?
>
> I'm fine with 'common'. Ticket 4058 calls for sub-package for CA too so my
> idea was to create 'core' package which will be gradually reduced more and more.

Well, I don't like the fact that in order to install IPA server without 
DNS you have to install freeipa-server-core instead of just 
freeipa-server. Fedora packaging guidelines [1] state that the 
metapackage should be named freeipa-server-compat, so I guess renaming 
freeipa-server to freeipa-server-compat and freeipa-server-core to 
freeipa-server is good enough.

>
>> To me it seems that the real problem is that IPA should continue to work with
>> plain bind after upgrade, without DNSSEC which is optional anyway, but it does
>> not. Why not fix that instead?
>
> Because it is impossible to support and debug. Differences between bind and
> bind-pkcs11 are quite subtle and I'm not willing to spend my and support's
> time on debugging subtle bugs in someone's deployment.

OK. I was under the impression that it only adds bits required for 
DNSSEC. What are the other differences BTW?

>
> We do not need more newspapers to hide our packaging problems, we need to get
> rid of them.

Predending we got rid of them does not exactly mean we actually got rid 
of them. It's the pretense I don't like.

Anyway, if we add DNS subpackage, we should add subpackages for the 
other optional components (CA, KRA) as well, to at least be self-consistent.


[1] 
<https://fedoraproject.org/wiki/Upgrade_paths_%E2%80%94_renaming_or_splitting_packages>

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list