[Freeipa-devel] [PATCH 0052] Create server-dns sub-package
Jan Cholasta
jcholast at redhat.com
Thu Jul 2 06:57:00 UTC 2015
Dne 1.7.2015 v 15:25 Petr Spacek napsal(a):
> On 1.7.2015 15:13, Jan Cholasta wrote:
>> Hi,
>>
>> Dne 1.7.2015 v 14:12 Petr Spacek napsal(a):
>>> Hello,
>>>
>>> Create server-dns sub-package.
>>>
>>> This allows us to automatically pull in package bind-pkcs11
>>> and thus create upgrade path for on CentOS 7.1 -> 7.2.
>>>
>>> IPA previously had no requires on BIND packages and these had to be
>>> installed manually before first ipa-dns-install run.
>>> We need to pull additional bind-pkcs11 package during RPM upgrade
>>> so ipa-dns-install cannot help with this.
>>>
>>> https://fedorahosted.org/freeipa/ticket/4058
>>
>> Can this be done without adding server-core?
> I'm not aware of such method (except of adding all DNS dependencies as
> Requires straight into freeipa-server package).
>
>> Because it's not server core,
>> it's the whole thing! Or maybe just rename it to server-common?
>
> I'm fine with 'common'. Ticket 4058 calls for sub-package for CA too so my
> idea was to create 'core' package which will be gradually reduced more and more.
Well, I don't like the fact that in order to install IPA server without
DNS you have to install freeipa-server-core instead of just
freeipa-server. Fedora packaging guidelines [1] state that the
metapackage should be named freeipa-server-compat, so I guess renaming
freeipa-server to freeipa-server-compat and freeipa-server-core to
freeipa-server is good enough.
>
>> To me it seems that the real problem is that IPA should continue to work with
>> plain bind after upgrade, without DNSSEC which is optional anyway, but it does
>> not. Why not fix that instead?
>
> Because it is impossible to support and debug. Differences between bind and
> bind-pkcs11 are quite subtle and I'm not willing to spend my and support's
> time on debugging subtle bugs in someone's deployment.
OK. I was under the impression that it only adds bits required for
DNSSEC. What are the other differences BTW?
>
> We do not need more newspapers to hide our packaging problems, we need to get
> rid of them.
Predending we got rid of them does not exactly mean we actually got rid
of them. It's the pretense I don't like.
Anyway, if we add DNS subpackage, we should add subpackages for the
other optional components (CA, KRA) as well, to at least be self-consistent.
[1]
<https://fedoraproject.org/wiki/Upgrade_paths_%E2%80%94_renaming_or_splitting_packages>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list