On 31.10.2013 21:19, Adam Young wrote:
> I'm about to take off for a week, and want to make sure that I don't
> lose the momentum I've put in so far.  I spent agood portion of
> yesterday and today trying to get a Debian build going, and I think that
> this is worth sharing with the larger team.  Since FreeIPA has been RPM
> focused thus far,  I suspect that there is a need to prime-the-pump on
> Debian development.

Thanks! The debian packaging of 2.2.x managed to compile the server bits
too, but I hadn't tested any newer versions, just built the client for
those.. so it bitrot over the time.

> 1.  Installed Debian testing in a VM via an ISO.  I've had this VM for a
> while, so really just had to clone it and boot it.
> 2.  Set the repos to be the sid (unstable) repos instead of Jessie
> (testing)  by editing the file /etc/apt/sources.list  and replacing
> jessie with sid
> 3.  created a file /etc/apt/apt.conf with just the following line:
> APT::Default-Release "unstable";
> 4.apt-get dist-upgrade
> 5. Reboot.
> 6. Loggd in and cloned the debian repo:
>  git clone git://anonscm.debian.org/git/pkg-freeipa/freeipa.git
> Technically, that is a lie...I had another FreeIPA repo already cloned,
> so instead I edited the .git/config file to add support for the above
> repo, and then did a fetch and checkout of the debian-unstable branch.
> OK...now I am in trial and error state.  I've tried doing two different
> tasks, both related, but I am not sure how.
> I used this as a guide
> http://www.debian.org/doc/manuals/maint-guide/build.en.html
> To build the package I ran:
> dpkg-buildpackage

You can limit building just the binaries by giving it '-b' argument,
then it won't complain about the missing tarball either.

also, 'debuild' is a wrapper for dpkg-buildpackage which is what I'm
using.. and then there's git-buildpackage but I've still not 'migrated'
to that, but it does have some features to overcome the usual errors
when working with a git repo (not having a clean tree, uncommitted
changes etc). Just running debuild/dpkg-buildpackage is enough for
quick'n'dirty testing though.

> Which told me about all of the missing packages.  I had to modify the
> control file as some of the packages are no longer supporting the same
> files.  Onechange I made, which is suspect is shown here:
> diff --git a/debian/control b/debian/control
> index 66aedb4..e69cf6c 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -33,9 +33,7 @@ Build-Depends: quilt, debhelper (>= 9), dh-autoreconf,
>   python-support,
>  # server
>   389-ds-base-dev (>= 1.1.3),
> - libndr-dev,
> - libndr-standard-dev,
> - libsamba-util-dev,
> + samba-dev,
>   libsvrcore-dev,
>   libtevent-dev,
>   uuid-dev,

I've updated the git repo with various changes, including the above. Too
bad the machine hosting the repos will be down for maintenance for some
days since it had some disk issues corrupting the RAID.. I'll probably
push it to github or sth so we can work on stuff until alioth.d.o is fixed.

> Eventully this failed because I need a tarball to build a package. In
> FreeIPA, this is done via
> make  tarballs
> but that failed early on.  Rob's suggestion was to run
> make version-update tarballs
> which seemed to fix the issue somewhat.

You can also use 'uscan --download-current' to fetch the tarball.

> The dpkg-buildpackage seems to be applying patches in place in the git
> repo.  I suspect that I should be running it with different command line
> switches telling it where to put the interim files etc.
> I was able to fake out the process above by doing
> cd ..
> tar -zcf freeipa_3.2.1.orig.tar.gz freeipa
> and re-running dpkg-buildpackage.  That was how I identified that the
> the krad.h files were not in libkrb-dev.  I comment them out with the
> below patch:

I've pushed an updated krb5 package to the freeipa team PPA (for
'trusty') that should work just fine on sid too:


ok I lied, the upload got rejected for some reason but I'll sort it out..

Also, something I had completely forgotten since two years ago..
xmlrpc-c in Debian is obsolete (1.16.xx), and the package is pretty much
abandoned by the maintainer (who also went AWOL since) so I updated it
to 1.33.06 and pushed to the PPA. Hopefully it'll get sponsored to sid

> And...that was pretty much as far as I got.

with the updated repo + updates from the ppa the build succeeds but
tests fail, and those are harder for me to parse. Full build log at


> Once we get a working process we can clean up the documentation.
> Looks like we need 1.12 of Kerberos to get Radius support, worth pinging
> the Debian krb supporters to see if they have a package in the works.

I filed a bug about it, we'll see how it goes. Maybe 1.12 is ready soon


Also, since I submitted the patches for client support I did work on
them to fix the issues I found, but never sent any status update to the
previous thread. IIRC there is one issue left with how to handle
updating pam configs, or maybe just leave it up to the package to deal
instead of ipa-client-install.. (since enabling them by default on
package install isn't a huge deal)


Freeipa-devel mailing list

Reply via email to