[Freeipa-devel] Re: FreeIPA Installation Issues
Mauricio Tavares kirjoitti 10.5.2024 klo 19.01: On May 8, 2024 12:34:01 PM EDT, Timo Aaltonen wrote: Rob Crittenden kirjoitti 8.5.2024 klo 17.29: Mauricio Tavares via FreeIPA-devel wrote: Veera K via FreeIPA-devel wrote: You didn't include an attachment. I don't know the current status of Ubuntu as an IPA server but in the past it has not worked well. There are a lot of moving parts in IPA and there is basically one maintainer in Debian trying to herd all the cats. rob Given that I also use Debian (and Ubuntu at times), how can I help? Oh cool, thanks. I've cc'd Timo. He is the Debian/Ubuntu maintainer. rob Ah, sadly my favourite topic :) The blockers right now are: * bind-dyndb-ldap doesn't support bind9 9.19.x [1] * bind-dyndb-ldap also needs to be rebuilt for every bind9 upload, and it might also break when bind9 is updated, which makes it unreleaseable on Debian. The solution to this would be to release it with a license which is compatible with upstream, which should allow merging it upstream (and fix the first issue) [2] * tomcat9 is basically gone from Debian/Ubuntu, but jss (which merged tomcatjss) or dogtag itself don't support 10.x yet [3]. I was told 10.1 should be in rawhide by now-ish, but it's still not there, so porting is blocked AIUI. In the past I've run the azure test suite on an older Debian/Ubuntu release with select backports (bypassing the above issues), and the pass rate of all the tests was > 90%, so it's not perfect. To get to full 100% there are still things to skip or rework to pass on a .deb distro. But it's rather pointless to work on a frankendistro, I don't have time for that. So it's client only for now, and 389 and others are available waiting for a brighter (unrealistic?) future to arrive... HTH [1] https://pagure.io/bind-dyndb-ldap/issue/222 [2] https://pagure.io/bind-dyndb-ldap/issue/225 [3] https://github.com/dogtagpki/pki/issues/4551 What have I got involved into?! Well, I am here for the entertainment (even if I learn something(!) in the process); let me build a test environment so I can understand it better; it does seem this will require helping other stuff to work the way we need before actually building it. Yeah, I realized that I didn't actually answer your question. It could be useful to have an environment where dogtag & bind-dyndb-ldap are able to work, and then sort out any integration issues there might still be. -- t -- ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Freeipa-devel] Re: FreeIPA Installation Issues
Rob Crittenden kirjoitti 8.5.2024 klo 17.29: Mauricio Tavares via FreeIPA-devel wrote: Veera K via FreeIPA-devel wrote: You didn't include an attachment. I don't know the current status of Ubuntu as an IPA server but in the past it has not worked well. There are a lot of moving parts in IPA and there is basically one maintainer in Debian trying to herd all the cats. rob Given that I also use Debian (and Ubuntu at times), how can I help? Oh cool, thanks. I've cc'd Timo. He is the Debian/Ubuntu maintainer. rob Ah, sadly my favourite topic :) The blockers right now are: * bind-dyndb-ldap doesn't support bind9 9.19.x [1] * bind-dyndb-ldap also needs to be rebuilt for every bind9 upload, and it might also break when bind9 is updated, which makes it unreleaseable on Debian. The solution to this would be to release it with a license which is compatible with upstream, which should allow merging it upstream (and fix the first issue) [2] * tomcat9 is basically gone from Debian/Ubuntu, but jss (which merged tomcatjss) or dogtag itself don't support 10.x yet [3]. I was told 10.1 should be in rawhide by now-ish, but it's still not there, so porting is blocked AIUI. In the past I've run the azure test suite on an older Debian/Ubuntu release with select backports (bypassing the above issues), and the pass rate of all the tests was > 90%, so it's not perfect. To get to full 100% there are still things to skip or rework to pass on a .deb distro. But it's rather pointless to work on a frankendistro, I don't have time for that. So it's client only for now, and 389 and others are available waiting for a brighter (unrealistic?) future to arrive... HTH [1] https://pagure.io/bind-dyndb-ldap/issue/222 [2] https://pagure.io/bind-dyndb-ldap/issue/225 [3] https://github.com/dogtagpki/pki/issues/4551 -- t -- ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Freeipa-devel] Re: Release planning
On 13.11.2019 13.35, Alexander Bokovoy wrote: > Hi, > > Stanislav raised a good question of a release planning. I'll try to > cover my thoughts here. > > We are getting close to that time of year with many vacations so I'd > like to see us to release as much as possible before blending into white > (or blue, or green) serenity. > > Rob and I just released FreeIPA 4.8.2. There will probably be another > release in December to collect an expected set of bug-fixes as we work > on FIPS mode support across FreeIPA, MIT Kerberos, and Samba. > > FreeIPA presence in various distributions can be tracked with Repology > project: https://repology.org/project/freeipa/versions > > For FreeIPA 4.7 series, there are three major users: Fedora 29, > Debian-derivatives, and ALT Linux. RHEL 8 already moved to FreeIPA 4.8. > Fedora 29 will become unsupported in early December 2019 according to > the > https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule > > > As FreeIPA 4.7 was a transitional Python 3 release, we expect to focus > more on FreeIPA 4.8 and don't do much of backports to 4.7 branch going > forward. So the idea is to have one more FreeIPA 4.7 release and then > only do security-based releases. > > ipa-4-7 branch right now contains 65 commits on top of FreeIPA 4.7.3 > release. About 38% of them (25 out of 65) are related to tests and PR > CI. > > If distributions that keep working with FreeIPA 4.7 need to keep it > alive, I'd like to see more involvement upstream from those. But > probably moving to 4.8 is easier? > > For FreeIPA 4.6 series, one of the major users is RHEL 7. It is already > in a state where RHEL development cannot accept any requests for > enhancements (RFE) and there is little chance for any version rebase, so > picking up patches from upstream is OK there. > > On the other hand, FreeIPA 4.6 is the last Python 2 release. > > ipa-4-6 branch right now contains 57 commits on top of FreeIPA 4.6.6. > > We can release 4.6.7 version to collect the changes for those > distributions that need Python 2. It seems, AUR and Deepin are the most > affected here as other distros moved on to 4.7 and 4.8. Hi, Just having a release for 4.8.x is fine by me, it's what I care about at this point. Regarding the versions on the repology page: Debian stable - 4.7.2 was client only Deepin - synced from a Debian upload in Feb'18 Devuan - synced from Debian, 4.8 essentially needs systemd, which is amusing for Devuan.. Parrot/PureOS/Raspbian - 4.7.2 was client only Trisquel - ancient crap.. latest version based on Ubuntu 16.04 Ubuntu ->14.04, 18.10 - EOL Ubuntu 16.04 - meh Ubuntu 18.04 - probably will never be properly updated to 4.7.x since 20.04 is close, so meh Ubuntu 19.04 - client only, and soon EOL -- t ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] Re: Drop Python 2 support
On 04.09.2018 15:24, Alexander Bokovoy wrote: > On ma, 03 syys 2018, Timo Aaltonen via FreeIPA-devel wrote: >> On 03.09.2018 14:50, Christian Heimes wrote: >>> Further more, Debian and Ubuntu need to use Python 3.6 or newer instead >>> of Python 2.7. As far as I know, Samba is holding back FreeIPA on these >>> distributions. >> >> Right, the root reason is this: >> >> https://github.com/samba-team/samba/pull/110 >> >> same issue with src:talloc, so if there's anyone at RH who could help to >> fix this issue upstream then that would be great. > This is *not* a root reason for us not using Python 3 in Samba. A real > reason is that Samba AD DC code cannot be run with Python 3 yet at all, > as well as majority of the Samba test suite. No, but it's a problem for Debian/Ubuntu to provide py3 bindings which freeipa needs.. talloc et al. Having the multiarch string in the resulting library name is bad. This needs to be fixed upstream. -- t ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] Re: Drop Python 2 support
On 03.09.2018 14:50, Christian Heimes wrote: > Further more, Debian and Ubuntu need to use Python 3.6 or newer instead > of Python 2.7. As far as I know, Samba is holding back FreeIPA on these > distributions. Right, the root reason is this: https://github.com/samba-team/samba/pull/110 same issue with src:talloc, so if there's anyone at RH who could help to fix this issue upstream then that would be great. -- t signature.asc Description: OpenPGP digital signature ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
