On Wed, 27 Jul 2022 16:30:20 +0000 Lucas Castro <lu...@gnuabordo.com.br> wrote:
Package: freeipa-server
Version: 4.9.8-1+exp1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: lu...@gnuabordo.com.br
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
I tried to install freeipa-server just for testing environment.
The environment is Debian fresh installation in lxc container.
Installation ends up with an error when it try to create the REALM
kdb5_util: Unable to load requested database module 'ipadb.so': plugin symbol 'kdb_function_table' not found while creating database '/var/lib/krb5kdc/principal'
So I investigated the library required by ipadb.so
ldd /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/ipadb.so
it's noticed libndr.so.1 is required and not present.
The required library is present by samba-libs on Debian bullseye, the
stable version by now.
Unstable and Sid version install libndr.so.2 in turn.
This is an old issue.
libndr comes from samba, and there, it is NOT a public library.
However, several packages started using it, notable freeipa and sssd.
I knew about sssd, but didn't know about freeipa.
In debian bookworm, libndr was just one of many libraries in samba-libs
package. Upstream freely bumps soname of this library. And we never
noticed such updates, - when you build package with libndr from
bookworm, its dependency records "samba-libs (>= bookworm-version)",
which is obviously satisfyable with samba-libs from trixie with
libndr.so.2 or .3, - which is obviously wrong, since the package
needs libndr.so.1.
Later, with more recent samba versions, I made it more or less separate,
so if a package actually uses libndr, it gets recorded the correct
dependency. And a more recent samba might break such package, requiring
it to be rebuilt.
So today, just a rebuild of freeipa with current samba-libs (samba-dev)
will get the dependencies correctly. However, I can't retrospectively
rebuild freeipa in bookworm with correct deps (esp. since samba in
bookworm wont generate these deps anyway).
I guess I can add Breaks: freeipa (<= bookworm) to more recent samba-libs
to fix this.
/mjt
