On Thu, 12 Mar 2015, Alexander Bokovoy wrote:
On Thu, 12 Mar 2015, Petr Vobornik wrote:
On 03/06/2015 03:13 PM, Alexander Bokovoy wrote:
On Fri, 06 Mar 2015, Lukas Slebodnik wrote:
On (05/03/15 16:20), Petr Vobornik wrote:
On 03/05/2015 11:23 AM, Lukas Slebodnik wrote:
On (05/03/15 08:54), Petr Vobornik wrote:
On 02/27/2015 09:50 PM, Lukas Slebodnik wrote:

Please review attached patches and fix freeipa in fedora 22 ASAP.

I think the most critical is 1st patch

sh$ git grep "SSSDConfig"  | grep import
install/tools/ipa-upgradeconfig:import SSSDConfig
ipa-client/ipa-install/ipa-client-automount:import SSSDConfig
ipa-client/ipa-install/ipa-client-install:    import SSSDConfig

BTW package python-sssdconfig is provides since sssd-1.10.0alpha1
but it was not explicitely required.

The latest python3 changes in sssd (fedora 22) is just a result of
packaging of freeipa.


Fedora 22 was amended.

Patch 1: ACK

Patch 2: ACK

the package name is libsss_nss_idmap-python not
which already is required in adtrust package
In sssd upstream we decided to rename package
libsss_nss_idmap-python to
python-libsss_nss_idmap according to new rpm python guidelines.
The python3 version has alredy correct name.

We will rename package in downstream with next major release (1.13).
Of course it we will add "Provides: libsss_nss_idmap-python".

We can push 3rd patch later or I can update 3rd patch.
What do you prefer?

Than you very much for review.


Patch 3 should be updated to not forget the remaining change in

It then should be updated downstream and master when 1.13 is released in
Fedora, or in master sooner if SSSD 1.13 becomes the minimal version
by master.


BTW Why ther is a pylint comment for some sssd modules
I did not kave any pylint problems after removing comment.

ipalib/plugins/trust.py:32:    import pysss_murmur #pylint: disable=F0401
ipalib/plugins/trust.py:38:    import pysss_nss_idmap #pylint:

And why are these modules optional (try except)
Because they are needed to properly load in the case trust subpackages
are not installed, to generate proper messages to users who will try
these commands, like 'ipa trust-add' while the infrastructure is not in

pylint is dumb for such cases.

Alexander, the point was not to require python_nss_idmap and python-sss-murmur on ipa clients?
Pylint is not used on ipa clients. The import statements do protection
against failed import and that's what we use on the client side.

If so python-sss-murmur should be required only by trust-ad package and not python package (patch2). And patch 3 (adding libsss_nss_idmap-python to python package) should not be used.
We already have dependencies in trust-ad subpackage:
%package server-trust-ad
Summary: Virtual package to install packages required for Active Directory 
Group: System Environment/Base
Requires: %{name}-server = %version-%release
Requires: m2crypto
Requires: samba-python
Requires: samba >= %{samba_version}
Requires: samba-winbind
Requires: libsss_idmap
Requires: libsss_nss_idmap-python

However, we don't ship the original plugins in this package because
otherwise you wouldn't be able to use 'ipa trust*' from any machine
other than those where trust-ad subpackage is installed. That's why we
use import statements and catch the import exceptions.
Sent too early.

... and python-sss-murmur shoudl be required by trust-ad subpackage,

/ Alexander Bokovoy

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to