On Thu, 16 Jul 2015, Jan Cholasta wrote:
Dne 15.7.2015 v 19:39 Simo Sorce napsal(a):
----- Original Message -----
From: "Petr Spacek" <pspa...@redhat.com>
To: "Jan Cholasta" <jchol...@redhat.com>, freeipa-devel@redhat.com, "Alexander 
Bokovoy" <aboko...@redhat.com>
Cc: "Simo Sorce" <s...@redhat.com>
Sent: Tuesday, July 14, 2015 10:33:41 AM
Subject: Re: [Freeipa-devel] [PATCH 0052] Create server-dns sub-package

On 14.7.2015 16:29, Jan Cholasta wrote:
Dne 14.7.2015 v 14:33 Petr Spacek napsal(a):
On 2.7.2015 09:56, Petr Spacek wrote:
On 2.7.2015 09:36, Alexander Bokovoy wrote:
On Thu, 02 Jul 2015, Jan Cholasta wrote:
Can this be done without adding server-core?
I'm not aware of such method (except of adding all DNS dependencies
Requires straight into freeipa-server package).

Because it's not server core,
it's the whole thing! Or maybe just rename it to server-common?

I'm fine with 'common'. Ticket 4058 calls for sub-package for CA too
so my
idea was to create 'core' package which will be gradually reduced
more and more.

Well, I don't like the fact that in order to install IPA server
without DNS you have to install freeipa-server-core instead of just
freeipa-server. Fedora packaging guidelines [1] state that the
metapackage should be named freeipa-server-compat, so I guess
freeipa-server to freeipa-server-compat and freeipa-server-core to
freeipa-server is good enough.
I think you are misunderstanding what the guidelines say. -compat
subpackage is something that only contains Requires: and Obsoletes:,
help to pull the right packages. It is not supposed to be a
full-featured package with content.

With Petr's patch, freeipa-server is exactly that - a metapackage with
requires and obsoletes only - hence my suggestion to rename it
according to
the guidelines.
That's not good.

I think we are good enough with freeipa-server-dns. We have the same
situation with freeipa-server-trust-ad -- it is not required by the
package and pulls in Samba-related bits. We also don't have any
or metapackage for it.

freeipa-server-dns is fine, what is IMO not fine is that it *is*
required by
the main freeipa-server package, *unlike* freeipa-server-trust-ad.

We don't have a compat metapackage for freeipa-server-trust-ad, because
there are no upgrade issues with it, which is what Petr is trying to
with his patch.
So, the issue is that for installed bind+bind-dyndb-ldap combination we
need to switch to bind-pkcs11+bind-dyndb-ldap. Maybe instead of
modifying main freeipa package we could modify bind-dyndb-ldap package
to require bind-pkcs11 and corresponding bits of freeipa packages?

Unfortunately, no.
- bind-dyndb-ldap itself is used & supported even without FreeIPA.
- bind-pkcs11 depends on properly configured SoftHSM (or other PKCS#11
=> upgrade could break non-FreeIPA installations.

I'm attempting to rework the patch now, stay tuned.

Apparently this thread was abandoned during my PTO so I'm sending new
here. It includes the -compat package and works with YUM and DNF.

I don't like that freeipa-server got renamed to freeipa-server-core, but I
won't push against it if Alexander and others (CCing Simo) are OK with it.

For the record, I was not able to make it work without the rename.

My opinion is that if we run dnf install freeipa-server, then we need to get 
freeipa server packages.
If this is what happens I am ok with patches, otherwise I am not.

Without the patch, "dnf install freeipa-server" installs freeipa server without DNS dependencies.

With the first version of the patch, "dnf install freeipa-server" installs freeipa server with all DNS dependencies. To install freeipa server without DNS dependencies, you need to run "dnf install freeipa-server-core". (Note that with this patch freeipa-server is a meta-package with no files.)

With the second version of the patch, "dnf install freeipa-server" fails, because there is no freeipa-server anymore. To install freeipa server without DNS dependencies, you need to run "dnf install freeipa-server-core".
Can we do
Provides: freeipa-server
in freeipa-server-compat?
/ Alexander Bokovoy

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to