[Freeipa-devel] [PATCH 0052] Create server-dns sub-package
Jan Cholasta
jcholast at redhat.com
Thu Jul 2 07:17:44 UTC 2015
Dne 2.7.2015 v 09:06 Alexander Bokovoy napsal(a):
> On Thu, 02 Jul 2015, Jan Cholasta wrote:
>> Dne 1.7.2015 v 15:25 Petr Spacek napsal(a):
>>> On 1.7.2015 15:13, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> Dne 1.7.2015 v 14:12 Petr Spacek napsal(a):
>>>>> Hello,
>>>>>
>>>>> Create server-dns sub-package.
>>>>>
>>>>> This allows us to automatically pull in package bind-pkcs11
>>>>> and thus create upgrade path for on CentOS 7.1 -> 7.2.
>>>>>
>>>>> IPA previously had no requires on BIND packages and these had to be
>>>>> installed manually before first ipa-dns-install run.
>>>>> We need to pull additional bind-pkcs11 package during RPM upgrade
>>>>> so ipa-dns-install cannot help with this.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/4058
>>>>
>>>> Can this be done without adding server-core?
>>> I'm not aware of such method (except of adding all DNS dependencies as
>>> Requires straight into freeipa-server package).
>>>
>>>> Because it's not server core,
>>>> it's the whole thing! Or maybe just rename it to server-common?
>>>
>>> I'm fine with 'common'. Ticket 4058 calls for sub-package for CA too
>>> so my
>>> idea was to create 'core' package which will be gradually reduced
>>> more and more.
>>
>> Well, I don't like the fact that in order to install IPA server
>> without DNS you have to install freeipa-server-core instead of just
>> freeipa-server. Fedora packaging guidelines [1] state that the
>> metapackage should be named freeipa-server-compat, so I guess renaming
>> freeipa-server to freeipa-server-compat and freeipa-server-core to
>> freeipa-server is good enough.
> I think you are misunderstanding what the guidelines say. -compat
> subpackage is something that only contains Requires: and Obsoletes:, to
> help to pull the right packages. It is not supposed to be a
> full-featured package with content.
With Petr's patch, freeipa-server is exactly that - a metapackage with
requires and obsoletes only - hence my suggestion to rename it according
to the guidelines.
>
> I think we are good enough with freeipa-server-dns. We have the same
> situation with freeipa-server-trust-ad -- it is not required by the main
> package and pulls in Samba-related bits. We also don't have any -compat
> or metapackage for it.
freeipa-server-dns is fine, what is IMO not fine is that it *is*
required by the main freeipa-server package, *unlike*
freeipa-server-trust-ad.
We don't have a compat metapackage for freeipa-server-trust-ad, because
there are no upgrade issues with it, which is what Petr is trying to
solve with his patch.
>
>
>> Anyway, if we add DNS subpackage, we should add subpackages for the
>> other optional components (CA, KRA) as well, to at least be
>> self-consistent.
> Yes, in the cases where they are really optional. For example, CA is
> installed by default, so claiming it is optional would require us to
> change the default to always install without CA or this split wouldn't
> have much sense. Perhaps, splitting out CA subpackage is fine for future
> when we would be OK to default to not installing CA but until that it is
> just a complication.
Makes sense, but KRA is still optional.
--
Jan Cholasta
More information about the Freeipa-devel
mailing list