[Freeipa-devel] [PATCH 0052] Create server-dns sub-package

Alexander Bokovoy abokovoy at redhat.com
Thu Jul 16 06:33:44 UTC 2015 

On Thu, 16 Jul 2015, Jan Cholasta wrote:
>Dne 15.7.2015 v 19:39 Simo Sorce napsal(a):
>>----- Original Message -----
>>>From: "Petr Spacek" <pspacek at redhat.com>
>>>To: "Jan Cholasta" <jcholast at redhat.com>, freeipa-devel at redhat.com, "Alexander Bokovoy" <abokovoy at redhat.com>
>>>Cc: "Simo Sorce" <simo at redhat.com>
>>>Sent: Tuesday, July 14, 2015 10:33:41 AM
>>>Subject: Re: [Freeipa-devel] [PATCH 0052] Create server-dns sub-package
>>>
>>>On 14.7.2015 16:29, Jan Cholasta wrote:
>>>>Dne 14.7.2015 v 14:33 Petr Spacek napsal(a):
>>>>>On 2.7.2015 09:56, Petr Spacek wrote:
>>>>>>On 2.7.2015 09:36, Alexander Bokovoy wrote:
>>>>>>>On Thu, 02 Jul 2015, Jan Cholasta wrote:
>>>>>>>>>>>>Can this be done without adding server-core?
>>>>>>>>>>>I'm not aware of such method (except of adding all DNS dependencies
>>>>>>>>>>>as
>>>>>>>>>>>Requires straight into freeipa-server package).
>>>>>>>>>>>
>>>>>>>>>>>>Because it's not server core,
>>>>>>>>>>>>it's the whole thing! Or maybe just rename it to server-common?
>>>>>>>>>>>
>>>>>>>>>>>I'm fine with 'common'. Ticket 4058 calls for sub-package for CA too
>>>>>>>>>>>so my
>>>>>>>>>>>idea was to create 'core' package which will be gradually reduced
>>>>>>>>>>>more and more.
>>>>>>>>>>
>>>>>>>>>>Well, I don't like the fact that in order to install IPA server
>>>>>>>>>>without DNS you have to install freeipa-server-core instead of just
>>>>>>>>>>freeipa-server. Fedora packaging guidelines [1] state that the
>>>>>>>>>>metapackage should be named freeipa-server-compat, so I guess
>>>>>>>>>>renaming
>>>>>>>>>>freeipa-server to freeipa-server-compat and freeipa-server-core to
>>>>>>>>>>freeipa-server is good enough.
>>>>>>>>>I think you are misunderstanding what the guidelines say. -compat
>>>>>>>>>subpackage is something that only contains Requires: and Obsoletes:,
>>>>>>>>>to
>>>>>>>>>help to pull the right packages. It is not supposed to be a
>>>>>>>>>full-featured package with content.
>>>>>>>>
>>>>>>>>With Petr's patch, freeipa-server is exactly that - a metapackage with
>>>>>>>>requires and obsoletes only - hence my suggestion to rename it
>>>>>>>>according to
>>>>>>>>the guidelines.
>>>>>>>That's not good.
>>>>>>>
>>>>>>>>>I think we are good enough with freeipa-server-dns. We have the same
>>>>>>>>>situation with freeipa-server-trust-ad -- it is not required by the
>>>>>>>>>main
>>>>>>>>>package and pulls in Samba-related bits. We also don't have any
>>>>>>>>>-compat
>>>>>>>>>or metapackage for it.
>>>>>>>>
>>>>>>>>freeipa-server-dns is fine, what is IMO not fine is that it *is*
>>>>>>>>required by
>>>>>>>>the main freeipa-server package, *unlike* freeipa-server-trust-ad.
>>>>>>>>
>>>>>>>>We don't have a compat metapackage for freeipa-server-trust-ad, because
>>>>>>>>there are no upgrade issues with it, which is what Petr is trying to
>>>>>>>>solve
>>>>>>>>with his patch.
>>>>>>>So, the issue is that for installed bind+bind-dyndb-ldap combination we
>>>>>>>need to switch to bind-pkcs11+bind-dyndb-ldap. Maybe instead of
>>>>>>>modifying main freeipa package we could modify bind-dyndb-ldap package
>>>>>>>to require bind-pkcs11 and corresponding bits of freeipa packages?
>>>>>>
>>>>>>Unfortunately, no.
>>>>>>- bind-dyndb-ldap itself is used & supported even without FreeIPA.
>>>>>>- bind-pkcs11 depends on properly configured SoftHSM (or other PKCS#11
>>>>>>provider)
>>>>>>=> upgrade could break non-FreeIPA installations.
>>>>>>
>>>>>>I'm attempting to rework the patch now, stay tuned.
>>>>>
>>>>>Apparently this thread was abandoned during my PTO so I'm sending new
>>>>>patch
>>>>>here. It includes the -compat package and works with YUM and DNF.
>>>>
>>>>I don't like that freeipa-server got renamed to freeipa-server-core, but I
>>>>won't push against it if Alexander and others (CCing Simo) are OK with it.
>>>
>>>For the record, I was not able to make it work without the rename.
>>
>>My opinion is that if we run dnf install freeipa-server, then we need to get freeipa server packages.
>>If this is what happens I am ok with patches, otherwise I am not.
>
>Without the patch, "dnf install freeipa-server" installs freeipa 
>server without DNS dependencies.
>
>With the first version of the patch, "dnf install freeipa-server" 
>installs freeipa server with all DNS dependencies. To install freeipa 
>server without DNS dependencies, you need to run "dnf install 
>freeipa-server-core". (Note that with this patch freeipa-server is a 
>meta-package with no files.)
>
>With the second version of the patch, "dnf install freeipa-server" 
>fails, because there is no freeipa-server anymore. To install freeipa 
>server without DNS dependencies, you need to run "dnf install 
>freeipa-server-core".
Can we do
 Provides: freeipa-server
in freeipa-server-compat?
-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list