Bug#767470: unblock: freeipa/4.0.4-2
On 2014-11-01 15:01, Timo Aaltonen wrote: [...] Well, I hope you can reconsider. I've been working on FreeIPA for three years now, and the biggest blocker for getting it in shape was Dogtag which got in sid a week+ before (didn't want to push v9 back in 2012 because it was native code and being rewritten to java for v10). Getting this far took almost a year, packaging all the dependencies for RESTEasy, and then when Dogtag v10.2 was determined to be the best choice for jessie it meant adding some new jackson-* love in the mix.. FreeIPA itself is little else than a bunch of plugins for 389-ds-base, wrappers for setting up 389/Bind/Apache/Dogtag/NTP/MIT-KDC/SSSD/Certmonger, and a web-based UI for all of this. So my devbox had the python crap already on it because of the build-deps and I forgot to add them to the server package too. I still think it's a bit harsh to not let it in jessie because of this. In fact it could be one of the killer-features of jessie, since Debian would be the first distro to have the server ported from Fedora. And to get there it took some effort to persuade upstream to add the necessary plumbing so that the port was possible without (too) crazy distro patches. HTH Hi Timo, I realise that this may be quite frustrating to you. However, I cannot give you special treatment in this regard without extending the same courtesy to several others. I hope you can understand that this is very undesirable to us as it would effectively push back the announced freeze date. Yours truly, ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767470: unblock: freeipa/4.0.4-2
On 31.10.2014 23:03, Niels Thykier wrote: Control: tags -1 wontfix On 2014-10-31 11:11, Timo Aaltonen wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package freeipa So I forgot to check that the packages install on a fresh sid install, added three missing python module deps. [...] Hi Timo, Your request do not exactly inspire confidence. My key concerns: * We are dealing with an apparently completely new package, which /barely/ was accepted in sid in time for Jessie[1]. * Your message suggest the package lacked basic QA'ing like checking it installs and works in a chroot prior to your upload. It pains me to do this, but I am declining the unblock. Despite the fact that you did the right thing by fixing the bug immediately rather than trying to sneak it into to testing (and then fixing it afterwards), I feel freeipa leaves too much to be wanted in the beginning of a freeze. ~Niels [1] I know that processing time of the NEW queue is beyond your control. But it is not an argument for a freeze exception. Well, I hope you can reconsider. I've been working on FreeIPA for three years now, and the biggest blocker for getting it in shape was Dogtag which got in sid a week+ before (didn't want to push v9 back in 2012 because it was native code and being rewritten to java for v10). Getting this far took almost a year, packaging all the dependencies for RESTEasy, and then when Dogtag v10.2 was determined to be the best choice for jessie it meant adding some new jackson-* love in the mix.. FreeIPA itself is little else than a bunch of plugins for 389-ds-base, wrappers for setting up 389/Bind/Apache/Dogtag/NTP/MIT-KDC/SSSD/Certmonger, and a web-based UI for all of this. So my devbox had the python crap already on it because of the build-deps and I forgot to add them to the server package too. I still think it's a bit harsh to not let it in jessie because of this. In fact it could be one of the killer-features of jessie, since Debian would be the first distro to have the server ported from Fedora. And to get there it took some effort to persuade upstream to add the necessary plumbing so that the port was possible without (too) crazy distro patches. HTH -- t -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767470: unblock: freeipa/4.0.4-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package freeipa So I forgot to check that the packages install on a fresh sid install, added three missing python module deps. Current default apache2 install enables mod_authz_user and mod_deflat, but old installations might not have them, so enable them on postinst but don't disable on prerm. Also bump the libapache2-mod-nss dependency to match the version which doesn't enable the module by default. diff --git a/debian/changelog b/debian/changelog index ac68a28..dabda80 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +freeipa (4.0.4-2) unstable; urgency=medium + + * control: Add python-qrcode, python-selinux, python-yubico +to freeipa-server dependencies. (Closes: #767427) + * freeipa-server.postinst: Enable mod_authz_user and mod_deflate too, +but since they should be part of the default apache2 install, don't +disable them on uninstall like the other modules. (Closes: #767425) + * control: Bump server dependency on -mod-nss to 1.0.10-2 which +doesn't enable the module by default. + + -- Timo Aaltonen tjaal...@debian.org Fri, 31 Oct 2014 11:36:51 +0200 + freeipa (4.0.4-1) unstable; urgency=medium * Initial release (Closes: #734703) diff --git a/debian/control b/debian/control index 30b57d1..4b5aa92 100644 --- a/debian/control +++ b/debian/control @@ -78,7 +78,7 @@ Depends: krb5-pkinit, ldap-utils, libapache2-mod-auth-kerb (= 5.4-2.2~), - libapache2-mod-nss, + libapache2-mod-nss (= 1.0.10-2~), libapache2-mod-wsgi, libjs-dojo-core, libjs-jquery, @@ -91,6 +91,9 @@ Depends: python-krbv, python-ldap, python-pyasn1, + python-qrcode (= 5.0.0), + python-selinux, + python-yubico, slapi-nis (= 0.54), ${misc:Depends}, ${python:Depends}, diff --git a/debian/freeipa-server.postinst b/debian/freeipa-server.postinst index a7b485f..7c4aab4 100644 --- a/debian/freeipa-server.postinst +++ b/debian/freeipa-server.postinst @@ -7,6 +7,12 @@ if [ $1 = configure ]; then if [ ! -e /etc/apache2/mods-enabled/auth_kerb.load ]; then apache2_invoke enmod auth_kerb || exit $? fi + if [ ! -e /etc/apache2/mods-enabled/authz_user.load ]; then +apache2_invoke enmod authz_user || exit $? +fi + if [ ! -e /etc/apache2/mods-enabled/deflate.load ]; then +apache2_invoke enmod deflate || exit $? +fi if [ ! -e /etc/apache2/mods-enabled/expires.load ]; then apache2_invoke enmod expires || exit $? fi unblock freeipa/4.0.4-2 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org