Bug#767470: unblock: freeipa/4.0.4-2

2014-11-03 Thread Niels Thykier 
On 2014-11-01 15:01, Timo Aaltonen wrote:
 [...]
 
 Well, I hope you can reconsider. I've been working on FreeIPA for three
 years now, and the biggest blocker for getting it in shape was Dogtag
 which got in sid a week+ before (didn't want to push v9 back in 2012
 because it was native code and being rewritten to java for v10). Getting
 this far took almost a year, packaging all the dependencies for
 RESTEasy, and then when Dogtag v10.2 was determined to be the best
 choice for jessie it meant adding some new jackson-* love in the mix..
 
 FreeIPA itself is little else than a bunch of plugins for 389-ds-base,
 wrappers for setting up
 389/Bind/Apache/Dogtag/NTP/MIT-KDC/SSSD/Certmonger, and a web-based UI
 for all of this. So my devbox had the python crap already on it because
 of the build-deps and I forgot to add them to the server package too. I
 still think it's a bit harsh to not let it in jessie because of this. In
 fact it could be one of the killer-features of jessie, since Debian
 would be the first distro to have the server ported from Fedora. And to
 get there it took some effort to persuade upstream to add the necessary
 plumbing so that the port was possible without (too) crazy distro patches.
 
 HTH
 

Hi Timo,

I realise that this may be quite frustrating to you.  However, I cannot
give you special treatment in this regard without extending the same
courtesy to several others.  I hope you can understand that this is
very undesirable to us as it would effectively push back the announced
freeze date.

Yours truly,
~Niels


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#767470: unblock: freeipa/4.0.4-2

2014-11-01 Thread Timo Aaltonen 
On 31.10.2014 23:03, Niels Thykier wrote:
 Control: tags -1 wontfix
 
 On 2014-10-31 11:11, Timo Aaltonen wrote:
 Package: release.debian.org
 Severity: normal
 User: release.debian@packages.debian.org
 Usertags: unblock

 Please unblock package freeipa

 So I forgot to check that the packages install on a fresh sid install,
 added three missing python module deps.

 [...]
 
 
 Hi Timo,
 
 Your request do not exactly inspire confidence.  My key concerns:
 
  * We are dealing with an apparently completely new package, which
/barely/ was accepted in sid in time for Jessie[1].
 
  * Your message suggest the package lacked basic QA'ing like checking
it installs and works in a chroot prior to your upload.
 
 
 It pains me to do this, but I am declining the unblock.  Despite the
 fact that you did the right thing by fixing the bug immediately rather
 than trying to sneak it into to testing (and then fixing it
 afterwards), I feel freeipa leaves too much to be wanted in the
 beginning of a freeze.
 
 ~Niels
 
 [1] I know that processing time of the NEW queue is beyond your control.
  But it is not an argument for a freeze exception.

Well, I hope you can reconsider. I've been working on FreeIPA for three
years now, and the biggest blocker for getting it in shape was Dogtag
which got in sid a week+ before (didn't want to push v9 back in 2012
because it was native code and being rewritten to java for v10). Getting
this far took almost a year, packaging all the dependencies for
RESTEasy, and then when Dogtag v10.2 was determined to be the best
choice for jessie it meant adding some new jackson-* love in the mix..

FreeIPA itself is little else than a bunch of plugins for 389-ds-base,
wrappers for setting up
389/Bind/Apache/Dogtag/NTP/MIT-KDC/SSSD/Certmonger, and a web-based UI
for all of this. So my devbox had the python crap already on it because
of the build-deps and I forgot to add them to the server package too. I
still think it's a bit harsh to not let it in jessie because of this. In
fact it could be one of the killer-features of jessie, since Debian
would be the first distro to have the server ported from Fedora. And to
get there it took some effort to persuade upstream to add the necessary
plumbing so that the port was possible without (too) crazy distro patches.

HTH

-- 
t


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#767470: unblock: freeipa/4.0.4-2

2014-10-31 Thread Timo Aaltonen 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package freeipa

So I forgot to check that the packages install on a fresh sid install,
added three missing python module deps.

Current default apache2 install enables mod_authz_user and mod_deflat,
but old installations might not have them, so enable them on postinst
but don't disable on prerm.

Also bump the libapache2-mod-nss dependency to match the version which
doesn't enable the module by default.

diff --git a/debian/changelog b/debian/changelog
index ac68a28..dabda80 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+freeipa (4.0.4-2) unstable; urgency=medium
+
+  * control: Add python-qrcode, python-selinux, python-yubico
+to freeipa-server dependencies. (Closes: #767427)
+  * freeipa-server.postinst: Enable mod_authz_user and mod_deflate too,
+but since they should be part of the default apache2 install, don't
+disable them on uninstall like the other modules. (Closes: #767425)
+  * control: Bump server dependency on -mod-nss to 1.0.10-2 which
+doesn't enable the module by default.
+
+ -- Timo Aaltonen tjaal...@debian.org  Fri, 31 Oct 2014 11:36:51 +0200
+
 freeipa (4.0.4-1) unstable; urgency=medium
 
   * Initial release (Closes: #734703)
diff --git a/debian/control b/debian/control
index 30b57d1..4b5aa92 100644
--- a/debian/control
+++ b/debian/control
@@ -78,7 +78,7 @@ Depends:
  krb5-pkinit,
  ldap-utils,
  libapache2-mod-auth-kerb (= 5.4-2.2~),
- libapache2-mod-nss,
+ libapache2-mod-nss (= 1.0.10-2~),
  libapache2-mod-wsgi,
  libjs-dojo-core,
  libjs-jquery,
@@ -91,6 +91,9 @@ Depends:
  python-krbv,
  python-ldap,
  python-pyasn1,
+ python-qrcode (= 5.0.0),
+ python-selinux,
+ python-yubico,
  slapi-nis (= 0.54),
  ${misc:Depends},
  ${python:Depends},
diff --git a/debian/freeipa-server.postinst b/debian/freeipa-server.postinst
index a7b485f..7c4aab4 100644
--- a/debian/freeipa-server.postinst
+++ b/debian/freeipa-server.postinst
@@ -7,6 +7,12 @@ if [ $1 = configure ]; then
if [ ! -e /etc/apache2/mods-enabled/auth_kerb.load ]; then
 apache2_invoke enmod auth_kerb || exit $?
 fi
+   if [ ! -e /etc/apache2/mods-enabled/authz_user.load ]; then
+apache2_invoke enmod authz_user || exit $?
+fi
+   if [ ! -e /etc/apache2/mods-enabled/deflate.load ]; then
+apache2_invoke enmod deflate || exit $?
+fi
if [ ! -e /etc/apache2/mods-enabled/expires.load ]; then
 apache2_invoke enmod expires || exit $?
 fi


unblock freeipa/4.0.4-2


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org