Dne 1.7.2015 v 15:25 Petr Spacek napsal(a):
On 1.7.2015 15:13, Jan Cholasta wrote:
Dne 1.7.2015 v 14:12 Petr Spacek napsal(a):
Create server-dns sub-package.
This allows us to automatically pull in package bind-pkcs11
and thus create upgrade path for on CentOS 7.1 -> 7.2.
IPA previously had no requires on BIND packages and these had to be
installed manually before first ipa-dns-install run.
We need to pull additional bind-pkcs11 package during RPM upgrade
so ipa-dns-install cannot help with this.
Can this be done without adding server-core?
I'm not aware of such method (except of adding all DNS dependencies as
Requires straight into freeipa-server package).
Because it's not server core,
it's the whole thing! Or maybe just rename it to server-common?
I'm fine with 'common'. Ticket 4058 calls for sub-package for CA too so my
idea was to create 'core' package which will be gradually reduced more and more.
Well, I don't like the fact that in order to install IPA server without
DNS you have to install freeipa-server-core instead of just
freeipa-server. Fedora packaging guidelines  state that the
metapackage should be named freeipa-server-compat, so I guess renaming
freeipa-server to freeipa-server-compat and freeipa-server-core to
freeipa-server is good enough.
To me it seems that the real problem is that IPA should continue to work with
plain bind after upgrade, without DNSSEC which is optional anyway, but it does
not. Why not fix that instead?
Because it is impossible to support and debug. Differences between bind and
bind-pkcs11 are quite subtle and I'm not willing to spend my and support's
time on debugging subtle bugs in someone's deployment.
OK. I was under the impression that it only adds bits required for
DNSSEC. What are the other differences BTW?
We do not need more newspapers to hide our packaging problems, we need to get
rid of them.
Predending we got rid of them does not exactly mean we actually got rid
of them. It's the pretense I don't like.
Anyway, if we add DNS subpackage, we should add subpackages for the
other optional components (CA, KRA) as well, to at least be self-consistent.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code