[Freeipa-devel] [PATCH 0052] Create server-dns sub-package
Petr Spacek
pspacek at redhat.com
Thu Jul 16 14:35:59 UTC 2015
On 16.7.2015 13:47, Petr Spacek wrote:
> On 16.7.2015 08:33, Alexander Bokovoy wrote:
>> On Thu, 16 Jul 2015, Jan Cholasta wrote:
>>> Dne 15.7.2015 v 19:39 Simo Sorce napsal(a):
>>>> ----- Original Message -----
>>>>> From: "Petr Spacek" <pspacek at redhat.com>
>>>>> To: "Jan Cholasta" <jcholast at redhat.com>, freeipa-devel at redhat.com,
>>>>> "Alexander Bokovoy" <abokovoy at redhat.com>
>>>>> Cc: "Simo Sorce" <simo at redhat.com>
>>>>> Sent: Tuesday, July 14, 2015 10:33:41 AM
>>>>> Subject: Re: [Freeipa-devel] [PATCH 0052] Create server-dns sub-package
>>>>>
>>>>> On 14.7.2015 16:29, Jan Cholasta wrote:
>>>>>> Dne 14.7.2015 v 14:33 Petr Spacek napsal(a):
>>>>>>> On 2.7.2015 09:56, Petr Spacek wrote:
>>>>>>>> On 2.7.2015 09:36, Alexander Bokovoy wrote:
>>>>>>>>> On Thu, 02 Jul 2015, Jan Cholasta wrote:
>>>>>>>>>>>>>> Can this be done without adding server-core?
>>>>>>>>>>>>> I'm not aware of such method (except of adding all DNS dependencies
>>>>>>>>>>>>> as
>>>>>>>>>>>>> Requires straight into freeipa-server package).
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Because it's not server core,
>>>>>>>>>>>>>> it's the whole thing! Or maybe just rename it to server-common?
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'm fine with 'common'. Ticket 4058 calls for sub-package for CA too
>>>>>>>>>>>>> so my
>>>>>>>>>>>>> idea was to create 'core' package which will be gradually reduced
>>>>>>>>>>>>> more and more.
>>>>>>>>>>>>
>>>>>>>>>>>> Well, I don't like the fact that in order to install IPA server
>>>>>>>>>>>> without DNS you have to install freeipa-server-core instead of just
>>>>>>>>>>>> freeipa-server. Fedora packaging guidelines [1] state that the
>>>>>>>>>>>> metapackage should be named freeipa-server-compat, so I guess
>>>>>>>>>>>> renaming
>>>>>>>>>>>> freeipa-server to freeipa-server-compat and freeipa-server-core to
>>>>>>>>>>>> freeipa-server is good enough.
>>>>>>>>>>> I think you are misunderstanding what the guidelines say. -compat
>>>>>>>>>>> subpackage is something that only contains Requires: and Obsoletes:,
>>>>>>>>>>> to
>>>>>>>>>>> help to pull the right packages. It is not supposed to be a
>>>>>>>>>>> full-featured package with content.
>>>>>>>>>>
>>>>>>>>>> With Petr's patch, freeipa-server is exactly that - a metapackage with
>>>>>>>>>> requires and obsoletes only - hence my suggestion to rename it
>>>>>>>>>> according to
>>>>>>>>>> the guidelines.
>>>>>>>>> That's not good.
>>>>>>>>>
>>>>>>>>>>> I think we are good enough with freeipa-server-dns. We have the same
>>>>>>>>>>> situation with freeipa-server-trust-ad -- it is not required by the
>>>>>>>>>>> main
>>>>>>>>>>> package and pulls in Samba-related bits. We also don't have any
>>>>>>>>>>> -compat
>>>>>>>>>>> or metapackage for it.
>>>>>>>>>>
>>>>>>>>>> freeipa-server-dns is fine, what is IMO not fine is that it *is*
>>>>>>>>>> required by
>>>>>>>>>> the main freeipa-server package, *unlike* freeipa-server-trust-ad.
>>>>>>>>>>
>>>>>>>>>> We don't have a compat metapackage for freeipa-server-trust-ad, because
>>>>>>>>>> there are no upgrade issues with it, which is what Petr is trying to
>>>>>>>>>> solve
>>>>>>>>>> with his patch.
>>>>>>>>> So, the issue is that for installed bind+bind-dyndb-ldap combination we
>>>>>>>>> need to switch to bind-pkcs11+bind-dyndb-ldap. Maybe instead of
>>>>>>>>> modifying main freeipa package we could modify bind-dyndb-ldap package
>>>>>>>>> to require bind-pkcs11 and corresponding bits of freeipa packages?
>>>>>>>>
>>>>>>>> Unfortunately, no.
>>>>>>>> - bind-dyndb-ldap itself is used & supported even without FreeIPA.
>>>>>>>> - bind-pkcs11 depends on properly configured SoftHSM (or other PKCS#11
>>>>>>>> provider)
>>>>>>>> => upgrade could break non-FreeIPA installations.
>>>>>>>>
>>>>>>>> I'm attempting to rework the patch now, stay tuned.
>>>>>>>
>>>>>>> Apparently this thread was abandoned during my PTO so I'm sending new
>>>>>>> patch
>>>>>>> here. It includes the -compat package and works with YUM and DNF.
>>>>>>
>>>>>> I don't like that freeipa-server got renamed to freeipa-server-core, but I
>>>>>> won't push against it if Alexander and others (CCing Simo) are OK with it.
>>>>>
>>>>> For the record, I was not able to make it work without the rename.
>>>>
>>>> My opinion is that if we run dnf install freeipa-server, then we need to
>>>> get freeipa server packages.
>>>> If this is what happens I am ok with patches, otherwise I am not.
>>>
>>> Without the patch, "dnf install freeipa-server" installs freeipa server
>>> without DNS dependencies.
>>>
>>> With the first version of the patch, "dnf install freeipa-server" installs
>>> freeipa server with all DNS dependencies. To install freeipa server without
>>> DNS dependencies, you need to run "dnf install freeipa-server-core". (Note
>>> that with this patch freeipa-server is a meta-package with no files.)
>>>
>>> With the second version of the patch, "dnf install freeipa-server" fails,
>>> because there is no freeipa-server anymore. To install freeipa server
>>> without DNS dependencies, you need to run "dnf install freeipa-server-core".
>> Can we do
>> Provides: freeipa-server
>> in freeipa-server-compat?
>
> If I understood Honza correctly, he was objecting to this alias because it
> would pull in DNS dependencies.
>
> So I tried to add this Provides to freeipa-server-core package but I'm not
> able to make this alias to work with DNF at all. With old Yum it pulls in
> freeipa-server-dns instead of -core because the "Obsoletes" apparently has
> higher priority than Provides. (No, "Provides" with explicit version does not
> change anything.)
>
> The only text I found about this is the advice 'do not do it' :-)
>
> https://fedoraproject.org/wiki/Upgrade_paths_%E2%80%94_renaming_or_splitting_packages#Do_I_need_to_Provide_my_old_package_names.3F
>
> In other words, I'm not able to make to make the alias freeipa-server working
> with the second version of my patch.
>
> Again, this problem is related only to the second/alternative version of the
> patch where freeipa-server package does not pull in DNS dependencies. "dnf
> install freeipa-server" works with first version of my patch which pulls in
> DNS depencies.
>
>
> I'm more than happy to take advice how to fix that. For now I would say that
> first version of the patch is okay. It will solve the upgrade and we can
> remove the 'Requires' in the next release because it will not be necessary for
> upgrade anymore.
Third version of the patch is attached, please view.
Behavior:
- freeipa-server package continues to exist and does not include DNS dependencies
- freeipa-server-dns package is new and requires all DNS dependencies
- install freeipa-server will not pull DNS dependencies
- upgrade from freeipa-server < 4.2.0 will pull freeipa-server-dns package
It turns out that nobody noticed missing Obsoletes in freeipa-server package.
Please review.
Note: Condition "Obsoletes: %{name}-server < 4.2.0"
should be amended per-distro/per-repo so it contains latest version number
which was available in form of RPM packages for that distro/repo (COPR).
--
Petr^2 Spacek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pspacek-0052-3-Create-server-dns-sub-package.patch
Type: text/x-patch
Size: 3817 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150716/29f2b828/attachment.bin>
More information about the Freeipa-devel
mailing list