[Freeipa-devel] [PATCH 0052] Create server-dns sub-package

Fri Jul 17 03:46:43 UTC 2015

Dne 16.7.2015 v 16:50 Alexander Bokovoy napsal(a):
> On Thu, 16 Jul 2015, Petr Spacek wrote:
>> Third version of the patch is attached, please view.
>>
>> Behavior:
>> - freeipa-server package continues to exist and does not include DNS
>> dependencies
>> - freeipa-server-dns package is new and requires all DNS dependencies
>> - install freeipa-server will not pull DNS dependencies
>> - upgrade from freeipa-server < 4.2.0 will pull freeipa-server-dns
>> package
>>
>> It turns out that nobody noticed missing Obsoletes in freeipa-server
>> package.
>>
>> Please review.
> I like this. Looks clean and does keep previous behavior. I think we can
> live with upgrade pulling freeipa-server-dns even in the environments
> where DNS wasn't really used.
>
>>
>> Note: Condition "Obsoletes: %{name}-server < 4.2.0"
>> should be amended per-distro/per-repo so it contains latest version
>> number
>> which was available in form of RPM packages for that distro/repo (COPR).
>
> May be just add the comment above into commit message? This and we'll
> need to add an entry into RPM changelog in the actual Fedora package
> that upgrade from pre-4.2.0 will pull freeipa-server-dns even if
> integrated DNS server is not used and recommend people to remove the
> package is they are not interested.
>
> ACK.

+1

>
>> From c8486993b0b624ab7aa7b118e8ee7e420dd97891 Mon Sep 17 00:00:00 2001
>> From: Petr Spacek <pspacek at redhat.com>
>> Date: Thu, 16 Jul 2015 15:09:45 +0200
>> Subject: [PATCH] Create server-dns sub-package.
>>
>> This allows us to automatically pull in package bind-pkcs11
>> and thus create upgrade path for on CentOS 7.1 -> 7.2.
>>
>> IPA previously had no requires on BIND packages and these had to be
>> installed manually before first ipa-dns-install run.
>> We need to pull additional bind-pkcs11 package during RPM upgrade
>> so ipa-dns-install cannot help with this.
>>
>> https://fedorahosted.org/freeipa/ticket/4058
>> ---
>> freeipa.spec.in | 51 +++++++++++++++++++++++++++++++++++----------------
>> 1 file changed, 35 insertions(+), 16 deletions(-)
>>
>> diff --git a/freeipa.spec.in b/freeipa.spec.in
>> index
>> fabfaee619d4cf0203b2f87d7fe804c2e72026f3..60c28fd5d8b4c14f5fd583735db469a65cdb5331
>> 100644
>> --- a/freeipa.spec.in
>> +++ b/freeipa.spec.in
>> @@ -165,25 +165,13 @@ Requires: %{etc_systemd_dir}
>>
>> Conflicts: %{alt_name}-server
>> Obsoletes: %{alt_name}-server < %{version}
>> +# upgrade path from monolithic -server to -server + -server-dns
>> +Obsoletes: %{name}-server < 4.2.0

Nitpick: I'd like to keep this visually separate from the alt_name 
bussiness, please move it below the "Obsoletes: freeipa-server-selinux < 
3.3.0" line and separate them with an empty line.

>>
>> # With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
>> # entire SELinux policy is stored in the system policy
>> Obsoletes: freeipa-server-selinux < 3.3.0
>>
>> -# We have a soft-requires on bind. It is an optional part of
>> -# IPA but if it is configured we need a way to require versions
>> -# that work for us.
>> -Conflicts: bind-dyndb-ldap < 6.0-4
>> -%if 0%{?fedora} >= 21
>> -Conflicts: bind < 9.9.6-3
>> -Conflicts: bind-utils < 9.9.6-3
>> -%else
>> -Conflicts: bind < 9.9.4-21
>> -Conflicts: bind-utils < 9.9.4-21
>> -%endif
>> -# DNSSEC
>> -Conflicts: opendnssec < 1.4.6-4
>> -
>> # Versions of nss-pam-ldapd < 0.8.4 require a mapping from
>> uniqueMember to
>> # member.
>> Conflicts: nss-pam-ldapd < 0.8.4
>> @@ -197,6 +185,35 @@ to install this package (in other words, most
>> people should NOT install
>> this package).
>>
>>
>> +%package server-dns
>> +Summary: IPA integrated DNS server with support for automatic DNSSEC
>> signing
>> +Group: System Environment/Base
>> +Requires: %{name}-server = %{version}-%{release}
>> +Requires: bind-dyndb-ldap >= 6.0-4
>> +%if 0%{?fedora} >= 21
>> +Requires: bind >= 9.9.6-3
>> +Requires: bind-utils >= 9.9.6-3
>> +Requires: bind-pkcs11 >= 9.9.6-3
>> +Requires: bind-pkcs11-utils >= 9.9.6-3
>> +%else
>> +Requires: bind >= 9.9.4-21
>> +Requires: bind-utils >= 9.9.4-21
>> +Requires: bind-pkcs11 >= 9.9.4-21
>> +Requires: bind-pkcs11-utils >= 9.9.4-21
>> +%endif
>> +Requires: opendnssec >= 1.4.6-4
>> +
>> +Conflicts: %{alt_name}-server-dns
>> +Obsoletes: %{alt_name}-server-dns < %{version}
>> +
>> +# upgrade path from monolithic -server to -server + -server-dns
>> +Obsoletes: %{name}-server < 4.2.0
>> +
>> +%description server-dns
>> +IPA integrated DNS server with support for automatic DNSSEC signing.
>> +Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
>> +
>> +
>> %package server-trust-ad
>> Summary: Virtual package to install packages required for Active
>> Directory trusts
>> Group: System Environment/Base
>> @@ -683,7 +700,6 @@ fi
>> %{_sbindir}/ipa-backup
>> %{_sbindir}/ipa-restore
>> %{_sbindir}/ipa-ca-install
>> -%{_sbindir}/ipa-dns-install
>> %{_sbindir}/ipa-kra-install
>> %{_sbindir}/ipa-server-install
>> %{_sbindir}/ipa-replica-conncheck
>> @@ -857,7 +873,6 @@ fi
>> %{_mandir}/man1/ipa-server-certinstall.1.gz
>> %{_mandir}/man1/ipa-server-install.1.gz
>> %{_mandir}/man1/ipa-server-upgrade.1.gz
>> -%{_mandir}/man1/ipa-dns-install.1.gz
>> %{_mandir}/man1/ipa-ca-install.1.gz
>> %{_mandir}/man1/ipa-kra-install.1.gz
>> %{_mandir}/man1/ipa-compat-manage.1.gz
>> @@ -873,6 +888,10 @@ fi
>> %{_mandir}/man1/ipa-cacert-manage.1.gz
>> %{_mandir}/man1/ipa-winsync-migrate.1.gz
>>
>> +%files server-dns
>> +%{_sbindir}/ipa-dns-install
>> +%{_mandir}/man1/ipa-dns-install.1.gz
>> +
>> %files server-trust-ad
>> %{_sbindir}/ipa-adtrust-install
>> %{_usr}/share/ipa/smb.conf.empty
>> --
>> 2.4.3
>>
>
>

-- 
Jan Cholasta