[Freeipa-devel] [PATCH 0052] Create server-dns sub-package

Thu Jul 16 14:50:46 UTC 2015

On Thu, 16 Jul 2015, Petr Spacek wrote:
>Third version of the patch is attached, please view.
>
>Behavior:
>- freeipa-server package continues to exist and does not include DNS dependencies
>- freeipa-server-dns package is new and requires all DNS dependencies
>- install freeipa-server will not pull DNS dependencies
>- upgrade from freeipa-server < 4.2.0 will pull freeipa-server-dns package
>
>It turns out that nobody noticed missing Obsoletes in freeipa-server package.
>
>Please review.
I like this. Looks clean and does keep previous behavior. I think we can
live with upgrade pulling freeipa-server-dns even in the environments
where DNS wasn't really used.

>
>Note: Condition "Obsoletes: %{name}-server < 4.2.0"
>should be amended per-distro/per-repo so it contains latest version number
>which was available in form of RPM packages for that distro/repo (COPR).

May be just add the comment above into commit message? This and we'll
need to add an entry into RPM changelog in the actual Fedora package
that upgrade from pre-4.2.0 will pull freeipa-server-dns even if
integrated DNS server is not used and recommend people to remove the
package is they are not interested.

ACK.

>From c8486993b0b624ab7aa7b118e8ee7e420dd97891 Mon Sep 17 00:00:00 2001
>From: Petr Spacek <pspacek at redhat.com>
>Date: Thu, 16 Jul 2015 15:09:45 +0200
>Subject: [PATCH] Create server-dns sub-package.
>
>This allows us to automatically pull in package bind-pkcs11
>and thus create upgrade path for on CentOS 7.1 -> 7.2.
>
>IPA previously had no requires on BIND packages and these had to be
>installed manually before first ipa-dns-install run.
>We need to pull additional bind-pkcs11 package during RPM upgrade
>so ipa-dns-install cannot help with this.
>
>https://fedorahosted.org/freeipa/ticket/4058
>---
> freeipa.spec.in | 51 +++++++++++++++++++++++++++++++++++----------------
> 1 file changed, 35 insertions(+), 16 deletions(-)
>
>diff --git a/freeipa.spec.in b/freeipa.spec.in
>index fabfaee619d4cf0203b2f87d7fe804c2e72026f3..60c28fd5d8b4c14f5fd583735db469a65cdb5331 100644
>--- a/freeipa.spec.in
>+++ b/freeipa.spec.in
>@@ -165,25 +165,13 @@ Requires: %{etc_systemd_dir}
> 
> Conflicts: %{alt_name}-server
> Obsoletes: %{alt_name}-server < %{version}
>+# upgrade path from monolithic -server to -server + -server-dns
>+Obsoletes: %{name}-server < 4.2.0
> 
> # With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
> # entire SELinux policy is stored in the system policy
> Obsoletes: freeipa-server-selinux < 3.3.0
> 
>-# We have a soft-requires on bind. It is an optional part of
>-# IPA but if it is configured we need a way to require versions
>-# that work for us.
>-Conflicts: bind-dyndb-ldap < 6.0-4
>-%if 0%{?fedora} >= 21
>-Conflicts: bind < 9.9.6-3
>-Conflicts: bind-utils < 9.9.6-3
>-%else
>-Conflicts: bind < 9.9.4-21
>-Conflicts: bind-utils < 9.9.4-21
>-%endif
>-# DNSSEC
>-Conflicts: opendnssec < 1.4.6-4
>-
> # Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to
> # member.
> Conflicts: nss-pam-ldapd < 0.8.4
>@@ -197,6 +185,35 @@ to install this package (in other words, most people should NOT install
> this package).
> 
> 
>+%package server-dns
>+Summary: IPA integrated DNS server with support for automatic DNSSEC signing
>+Group: System Environment/Base
>+Requires: %{name}-server = %{version}-%{release}
>+Requires: bind-dyndb-ldap >= 6.0-4
>+%if 0%{?fedora} >= 21
>+Requires: bind >= 9.9.6-3
>+Requires: bind-utils >= 9.9.6-3
>+Requires: bind-pkcs11 >= 9.9.6-3
>+Requires: bind-pkcs11-utils >= 9.9.6-3
>+%else
>+Requires: bind >= 9.9.4-21
>+Requires: bind-utils >= 9.9.4-21
>+Requires: bind-pkcs11 >= 9.9.4-21
>+Requires: bind-pkcs11-utils >= 9.9.4-21
>+%endif
>+Requires: opendnssec >= 1.4.6-4
>+
>+Conflicts: %{alt_name}-server-dns
>+Obsoletes: %{alt_name}-server-dns < %{version}
>+
>+# upgrade path from monolithic -server to -server + -server-dns
>+Obsoletes: %{name}-server < 4.2.0
>+
>+%description server-dns
>+IPA integrated DNS server with support for automatic DNSSEC signing.
>+Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
>+
>+
> %package server-trust-ad
> Summary: Virtual package to install packages required for Active Directory trusts
> Group: System Environment/Base
>@@ -683,7 +700,6 @@ fi
> %{_sbindir}/ipa-backup
> %{_sbindir}/ipa-restore
> %{_sbindir}/ipa-ca-install
>-%{_sbindir}/ipa-dns-install
> %{_sbindir}/ipa-kra-install
> %{_sbindir}/ipa-server-install
> %{_sbindir}/ipa-replica-conncheck
>@@ -857,7 +873,6 @@ fi
> %{_mandir}/man1/ipa-server-certinstall.1.gz
> %{_mandir}/man1/ipa-server-install.1.gz
> %{_mandir}/man1/ipa-server-upgrade.1.gz
>-%{_mandir}/man1/ipa-dns-install.1.gz
> %{_mandir}/man1/ipa-ca-install.1.gz
> %{_mandir}/man1/ipa-kra-install.1.gz
> %{_mandir}/man1/ipa-compat-manage.1.gz
>@@ -873,6 +888,10 @@ fi
> %{_mandir}/man1/ipa-cacert-manage.1.gz
> %{_mandir}/man1/ipa-winsync-migrate.1.gz
> 
>+%files server-dns
>+%{_sbindir}/ipa-dns-install
>+%{_mandir}/man1/ipa-dns-install.1.gz
>+
> %files server-trust-ad
> %{_sbindir}/ipa-adtrust-install
> %{_usr}/share/ipa/smb.conf.empty
>-- 
>2.4.3
>

-- 
/ Alexander Bokovoy