----- Original Message ----- > From: "Petr Spacek" <pspa...@redhat.com> > To: "Alexander Bokovoy" <aboko...@redhat.com>, "Jan Cholasta" > <jchol...@redhat.com> > Cc: "Simo Sorce" <s...@redhat.com>, freeipa-devel@redhat.com > Sent: Thursday, July 16, 2015 7:47:57 AM > Subject: Re: [Freeipa-devel] [PATCH 0052] Create server-dns sub-package > > On 16.7.2015 08:33, Alexander Bokovoy wrote: > > On Thu, 16 Jul 2015, Jan Cholasta wrote: > >> Dne 15.7.2015 v 19:39 Simo Sorce napsal(a): > >>> ----- Original Message ----- > >>>> From: "Petr Spacek" <pspa...@redhat.com> > >>>> To: "Jan Cholasta" <jchol...@redhat.com>, freeipa-devel@redhat.com, > >>>> "Alexander Bokovoy" <aboko...@redhat.com> > >>>> Cc: "Simo Sorce" <s...@redhat.com> > >>>> Sent: Tuesday, July 14, 2015 10:33:41 AM > >>>> Subject: Re: [Freeipa-devel] [PATCH 0052] Create server-dns sub-package > >>>> > >>>> On 14.7.2015 16:29, Jan Cholasta wrote: > >>>>> Dne 14.7.2015 v 14:33 Petr Spacek napsal(a): > >>>>>> On 2.7.2015 09:56, Petr Spacek wrote: > >>>>>>> On 2.7.2015 09:36, Alexander Bokovoy wrote: > >>>>>>>> On Thu, 02 Jul 2015, Jan Cholasta wrote: > >>>>>>>>>>>>> Can this be done without adding server-core? > >>>>>>>>>>>> I'm not aware of such method (except of adding all DNS > >>>>>>>>>>>> dependencies > >>>>>>>>>>>> as > >>>>>>>>>>>> Requires straight into freeipa-server package). > >>>>>>>>>>>> > >>>>>>>>>>>>> Because it's not server core, > >>>>>>>>>>>>> it's the whole thing! Or maybe just rename it to server-common? > >>>>>>>>>>>> > >>>>>>>>>>>> I'm fine with 'common'. Ticket 4058 calls for sub-package for CA > >>>>>>>>>>>> too > >>>>>>>>>>>> so my > >>>>>>>>>>>> idea was to create 'core' package which will be gradually > >>>>>>>>>>>> reduced > >>>>>>>>>>>> more and more. > >>>>>>>>>>> > >>>>>>>>>>> Well, I don't like the fact that in order to install IPA server > >>>>>>>>>>> without DNS you have to install freeipa-server-core instead of > >>>>>>>>>>> just > >>>>>>>>>>> freeipa-server. Fedora packaging guidelines [1] state that the > >>>>>>>>>>> metapackage should be named freeipa-server-compat, so I guess > >>>>>>>>>>> renaming > >>>>>>>>>>> freeipa-server to freeipa-server-compat and freeipa-server-core > >>>>>>>>>>> to > >>>>>>>>>>> freeipa-server is good enough. > >>>>>>>>>> I think you are misunderstanding what the guidelines say. -compat > >>>>>>>>>> subpackage is something that only contains Requires: and > >>>>>>>>>> Obsoletes:, > >>>>>>>>>> to > >>>>>>>>>> help to pull the right packages. It is not supposed to be a > >>>>>>>>>> full-featured package with content. > >>>>>>>>> > >>>>>>>>> With Petr's patch, freeipa-server is exactly that - a metapackage > >>>>>>>>> with > >>>>>>>>> requires and obsoletes only - hence my suggestion to rename it > >>>>>>>>> according to > >>>>>>>>> the guidelines. > >>>>>>>> That's not good. > >>>>>>>> > >>>>>>>>>> I think we are good enough with freeipa-server-dns. We have the > >>>>>>>>>> same > >>>>>>>>>> situation with freeipa-server-trust-ad -- it is not required by > >>>>>>>>>> the > >>>>>>>>>> main > >>>>>>>>>> package and pulls in Samba-related bits. We also don't have any > >>>>>>>>>> -compat > >>>>>>>>>> or metapackage for it. > >>>>>>>>> > >>>>>>>>> freeipa-server-dns is fine, what is IMO not fine is that it *is* > >>>>>>>>> required by > >>>>>>>>> the main freeipa-server package, *unlike* freeipa-server-trust-ad. > >>>>>>>>> > >>>>>>>>> We don't have a compat metapackage for freeipa-server-trust-ad, > >>>>>>>>> because > >>>>>>>>> there are no upgrade issues with it, which is what Petr is trying > >>>>>>>>> to > >>>>>>>>> solve > >>>>>>>>> with his patch. > >>>>>>>> So, the issue is that for installed bind+bind-dyndb-ldap combination > >>>>>>>> we > >>>>>>>> need to switch to bind-pkcs11+bind-dyndb-ldap. Maybe instead of > >>>>>>>> modifying main freeipa package we could modify bind-dyndb-ldap > >>>>>>>> package > >>>>>>>> to require bind-pkcs11 and corresponding bits of freeipa packages? > >>>>>>> > >>>>>>> Unfortunately, no. > >>>>>>> - bind-dyndb-ldap itself is used & supported even without FreeIPA. > >>>>>>> - bind-pkcs11 depends on properly configured SoftHSM (or other > >>>>>>> PKCS#11 > >>>>>>> provider) > >>>>>>> => upgrade could break non-FreeIPA installations. > >>>>>>> > >>>>>>> I'm attempting to rework the patch now, stay tuned. > >>>>>> > >>>>>> Apparently this thread was abandoned during my PTO so I'm sending new > >>>>>> patch > >>>>>> here. It includes the -compat package and works with YUM and DNF. > >>>>> > >>>>> I don't like that freeipa-server got renamed to freeipa-server-core, > >>>>> but I > >>>>> won't push against it if Alexander and others (CCing Simo) are OK with > >>>>> it. > >>>> > >>>> For the record, I was not able to make it work without the rename. > >>> > >>> My opinion is that if we run dnf install freeipa-server, then we need to > >>> get freeipa server packages. > >>> If this is what happens I am ok with patches, otherwise I am not. > >> > >> Without the patch, "dnf install freeipa-server" installs freeipa server > >> without DNS dependencies. > >> > >> With the first version of the patch, "dnf install freeipa-server" installs > >> freeipa server with all DNS dependencies. To install freeipa server > >> without > >> DNS dependencies, you need to run "dnf install freeipa-server-core". (Note > >> that with this patch freeipa-server is a meta-package with no files.) > >> > >> With the second version of the patch, "dnf install freeipa-server" fails, > >> because there is no freeipa-server anymore. To install freeipa server > >> without DNS dependencies, you need to run "dnf install > >> freeipa-server-core". > > Can we do > > Provides: freeipa-server > > in freeipa-server-compat? > > If I understood Honza correctly, he was objecting to this alias because it > would pull in DNS dependencies. > > So I tried to add this Provides to freeipa-server-core package but I'm not > able to make this alias to work with DNF at all. With old Yum it pulls in > freeipa-server-dns instead of -core because the "Obsoletes" apparently has > higher priority than Provides. (No, "Provides" with explicit version does not > change anything.) > > The only text I found about this is the advice 'do not do it' :-) > > https://fedoraproject.org/wiki/Upgrade_paths_%E2%80%94_renaming_or_splitting_packages#Do_I_need_to_Provide_my_old_package_names.3F > > In other words, I'm not able to make to make the alias freeipa-server working > with the second version of my patch. > > Again, this problem is related only to the second/alternative version of the > patch where freeipa-server package does not pull in DNS dependencies. "dnf > install freeipa-server" works with first version of my patch which pulls in > DNS depencies. > > > I'm more than happy to take advice how to fix that. For now I would say that > first version of the patch is okay. It will solve the upgrade and we can > remove the 'Requires' in the next release because it will not be necessary > for > upgrade anymore.
This would be wrong, if someone skips a version than all breaks. Lot's of people skip an interim Fedora version in order to update only once a year, so this is common. We should not break these cases. Simo. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code