On Sat, 2007-06-02 at 08:54 +0200, Ralf S. Engelschall wrote: > On Fri, Jun 01, 2007, David Fetter wrote: > > > On Fri, 2007-06-01 at 22:39 +0200, Ralf S. Engelschall wrote: > > > On Thu, May 31, 2007, David M. Fetter wrote: > > > > > > > As I was building the latest samba rpm for the security issue, I noticed > > > > that there were a couple of incorrect dependencies... > > > > > > > > The first is that it required "openpkg >= 20060823", which is not true. > > > > It doesn't seem to have any specific relation to which version of > > > > openpkg that is being used. > > > > [...] > > > > > > IMHO the dependency is logically correct as rc.samba contains > > > "[EMAIL PROTECTED]@/bin/openpkg rc" which uses the "openpkg" frontend > > > (instead > > > of calling "rc" directly) and this went into SetUID mode on 20060823 > > > accrording to the HISTORY file of the "openpkg" package. So, you're > > > right: technically still still might work, but at least logically > > > packages using "openpkg rc" really do this because of the SetUID > > > functionality is now in effect. > > > > Ah, well then that makes sense. It isn't clear why it had this > > dependency when it did work under older version of openpkg. > > > > > > > > > [...] > > > > The second is that this new samba does require the latest kerberos-1.6 > > > > version, but this isn't listed as a requirement at all. It took me a > > > > little bit to determine that I should rebuild the latest kerberos from > > > > current prior to rebuilding the latest samba, which then in turn made > > > > samba build successfully. Including requirements such as this would be > > > > highly useful because it would eliminate time spent to troubleshoot why > > > > it isn't building when it's simply a BuildPreReq. > > > > > > Do you mean "samba" required "kerberos" if you have _NOT_ used > > > "kerberos::with_ads=yes"? If this is the case, then not the dependency > > > is missing but Samba accidental uses Kerberos now. Then we have not > > > to add the depdendency. Then we have to fix Samba. If it is just > > > under "with_ads=yes" everything is fine. > > > > Well, kerberos doesn't seem to have an option of > > "kerberos::with_ads=yes". It has the following option for the old 1.4 > > rpm: > > Err. sorry, I means samba::with_adns, of course. > > > > kerberos::with_fsl = yes > > > > and these options in the new 1.6 rpm: > > > > kerberos::with_fsl = yes > > kerberos::with_server = yes > > > > The options I built with samba are: > > > > samba::with_pam = yes > > samba::with_swat = yes > > samba::with_acl = yes > > samba::with_ldap = yes > > samba::with_ads = yes > > > > Without building the latest 1.6 version of kerberos, samba would not > > build. After building kerberos-1.6 and installing it, samba built, > > installed and worked fine. > > Ah, ok. So you really have with_ads=yes. Ok, this explains why Kerberos > is required. But your point is that really Kerberos __1.6__ is required, > right? And older 1.5 version doesn't work, right? So we have to make the > dependency stronger?
Correct. And this is also a bigger problem within the RPM realm essentially. By that, I mean that it goes beyond OpenPKG, but OpenPKG could take this dependency issue and address it thus making OpenPKG stronger in yet another facet. > > Ralf S. Engelschall > [EMAIL PROTECTED] > www.engelschall.com > > ______________________________________________________________________ > OpenPKG http://openpkg.org > User Communication List openpkg-users@openpkg.org > -- David M. Fetter - UNIX Systems Administrator Portland State University - www.oit.pdx.edu
signature.asc
Description: This is a digitally signed message part
