Dne 2.7.2015 v 09:06 Alexander Bokovoy napsal(a):
On Thu, 02 Jul 2015, Jan Cholasta wrote:
Dne 1.7.2015 v 15:25 Petr Spacek napsal(a):
On 1.7.2015 15:13, Jan Cholasta wrote:

Dne 1.7.2015 v 14:12 Petr Spacek napsal(a):

Create server-dns sub-package.

This allows us to automatically pull in package bind-pkcs11
and thus create upgrade path for on CentOS 7.1 -> 7.2.

IPA previously had no requires on BIND packages and these had to be
installed manually before first ipa-dns-install run.
We need to pull additional bind-pkcs11 package during RPM upgrade
so ipa-dns-install cannot help with this.


Can this be done without adding server-core?
I'm not aware of such method (except of adding all DNS dependencies as
Requires straight into freeipa-server package).

Because it's not server core,
it's the whole thing! Or maybe just rename it to server-common?

I'm fine with 'common'. Ticket 4058 calls for sub-package for CA too
so my
idea was to create 'core' package which will be gradually reduced
more and more.

Well, I don't like the fact that in order to install IPA server
without DNS you have to install freeipa-server-core instead of just
freeipa-server. Fedora packaging guidelines [1] state that the
metapackage should be named freeipa-server-compat, so I guess renaming
freeipa-server to freeipa-server-compat and freeipa-server-core to
freeipa-server is good enough.
I think you are misunderstanding what the guidelines say. -compat
subpackage is something that only contains Requires: and Obsoletes:, to
help to pull the right packages. It is not supposed to be a
full-featured package with content.

With Petr's patch, freeipa-server is exactly that - a metapackage with requires and obsoletes only - hence my suggestion to rename it according to the guidelines.

I think we are good enough with freeipa-server-dns. We have the same
situation with freeipa-server-trust-ad -- it is not required by the main
package and pulls in Samba-related bits. We also don't have any -compat
or metapackage for it.

freeipa-server-dns is fine, what is IMO not fine is that it *is* required by the main freeipa-server package, *unlike* freeipa-server-trust-ad.

We don't have a compat metapackage for freeipa-server-trust-ad, because there are no upgrade issues with it, which is what Petr is trying to solve with his patch.

Anyway, if we add DNS subpackage, we should add subpackages for the
other optional components (CA, KRA) as well, to at least be
Yes, in the cases where they are really optional. For example, CA is
installed by default, so claiming it is optional would require us to
change the default to always install without CA or this split wouldn't
have much sense. Perhaps, splitting out CA subpackage is fine for future
when we would be OK to default to not installing CA but until that it is
just a complication.

Makes sense, but KRA is still optional.

Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to