On Thu, 16 Jul 2015, Petr Spacek wrote:
Third version of the patch is attached, please view.

- freeipa-server package continues to exist and does not include DNS 
- freeipa-server-dns package is new and requires all DNS dependencies
- install freeipa-server will not pull DNS dependencies
- upgrade from freeipa-server < 4.2.0 will pull freeipa-server-dns package

It turns out that nobody noticed missing Obsoletes in freeipa-server package.

Please review.
I like this. Looks clean and does keep previous behavior. I think we can
live with upgrade pulling freeipa-server-dns even in the environments
where DNS wasn't really used.

Note: Condition "Obsoletes: %{name}-server < 4.2.0"
should be amended per-distro/per-repo so it contains latest version number
which was available in form of RPM packages for that distro/repo (COPR).

May be just add the comment above into commit message? This and we'll
need to add an entry into RPM changelog in the actual Fedora package
that upgrade from pre-4.2.0 will pull freeipa-server-dns even if
integrated DNS server is not used and recommend people to remove the
package is they are not interested.


From c8486993b0b624ab7aa7b118e8ee7e420dd97891 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Thu, 16 Jul 2015 15:09:45 +0200
Subject: [PATCH] Create server-dns sub-package.

This allows us to automatically pull in package bind-pkcs11
and thus create upgrade path for on CentOS 7.1 -> 7.2.

IPA previously had no requires on BIND packages and these had to be
installed manually before first ipa-dns-install run.
We need to pull additional bind-pkcs11 package during RPM upgrade
so ipa-dns-install cannot help with this.

freeipa.spec.in | 51 +++++++++++++++++++++++++++++++++++----------------
1 file changed, 35 insertions(+), 16 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -165,25 +165,13 @@ Requires: %{etc_systemd_dir}

Conflicts: %{alt_name}-server
Obsoletes: %{alt_name}-server < %{version}
+# upgrade path from monolithic -server to -server + -server-dns
+Obsoletes: %{name}-server < 4.2.0

# With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
# entire SELinux policy is stored in the system policy
Obsoletes: freeipa-server-selinux < 3.3.0

-# We have a soft-requires on bind. It is an optional part of
-# IPA but if it is configured we need a way to require versions
-# that work for us.
-Conflicts: bind-dyndb-ldap < 6.0-4
-%if 0%{?fedora} >= 21
-Conflicts: bind < 9.9.6-3
-Conflicts: bind-utils < 9.9.6-3
-Conflicts: bind < 9.9.4-21
-Conflicts: bind-utils < 9.9.4-21
-Conflicts: opendnssec < 1.4.6-4
# Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to
# member.
Conflicts: nss-pam-ldapd < 0.8.4
@@ -197,6 +185,35 @@ to install this package (in other words, most people 
should NOT install
this package).

+%package server-dns
+Summary: IPA integrated DNS server with support for automatic DNSSEC signing
+Group: System Environment/Base
+Requires: %{name}-server = %{version}-%{release}
+Requires: bind-dyndb-ldap >= 6.0-4
+%if 0%{?fedora} >= 21
+Requires: bind >= 9.9.6-3
+Requires: bind-utils >= 9.9.6-3
+Requires: bind-pkcs11 >= 9.9.6-3
+Requires: bind-pkcs11-utils >= 9.9.6-3
+Requires: bind >= 9.9.4-21
+Requires: bind-utils >= 9.9.4-21
+Requires: bind-pkcs11 >= 9.9.4-21
+Requires: bind-pkcs11-utils >= 9.9.4-21
+Requires: opendnssec >= 1.4.6-4
+Conflicts: %{alt_name}-server-dns
+Obsoletes: %{alt_name}-server-dns < %{version}
+# upgrade path from monolithic -server to -server + -server-dns
+Obsoletes: %{name}-server < 4.2.0
+%description server-dns
+IPA integrated DNS server with support for automatic DNSSEC signing.
+Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
%package server-trust-ad
Summary: Virtual package to install packages required for Active Directory 
Group: System Environment/Base
@@ -683,7 +700,6 @@ fi
@@ -857,7 +873,6 @@ fi
@@ -873,6 +888,10 @@ fi

+%files server-dns
%files server-trust-ad

/ Alexander Bokovoy

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to