Re: [Freeipa-devel] contribution policy update, what's next

[Simo Sorce]

On Mon, 2009-08-31 at 18:50 -0600, Rich Megginson wrote:
 Simo Sorce wrote:
  On Mon, 2009-08-31 at 13:23 -0700, Karsten Wade wrote:

  Richard looked at the license-specific version, made some suggestions,
  then asked if there is a reason for being GPLv2 only as a project and
  codebase.  For example, many projects are licensed GPLv2 or later,
  yet there was some confusion around the time that GPLv3 came out if
  that was advisable.  Is this project GPLv2-specific on purpose?
  
 
  No there isn't a specific reason IPA is GPLv2 Only, at the time when we
  started I actually proposed to use the brand new GPLv3 or later diction,
  but legal was not yet comfortable with GPLv3 so we went the default RH
  license at the time which was GPLv2 only.
 
  I would actually like to move to GPLv2 or later or even GPLv3 or later
  if our external code dependencies allows it without trouble.
 
  I think the only code that we may not be able to move to GPLv3 is the
  directory server plugins as DS is GPLv2+exceptions, but I have no
  problem in clearly spelling out that plugins have a different license
  because of their dependency and move on with the rest of the code.

 The directory server license allows for plugins to be released under 
 different licenses, provided the plugin uses only the public API 
 (defined in slapi-plugin.h).

Yes, but that not what I am concerned about.
I am not sure a plugin licensed under the GPLvX can be linked to the
Directory Server without any exception.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] contribution policy update, what's next

[Dmitri Pal]

Simo Sorce wrote:
 On Mon, 2009-08-31 at 18:50 -0600, Rich Megginson wrote:
   
 Simo Sorce wrote:
 
 On Mon, 2009-08-31 at 13:23 -0700, Karsten Wade wrote:
   
   
 Richard looked at the license-specific version, made some suggestions,
 then asked if there is a reason for being GPLv2 only as a project and
 codebase.  For example, many projects are licensed GPLv2 or later,
 yet there was some confusion around the time that GPLv3 came out if
 that was advisable.  Is this project GPLv2-specific on purpose?
 
 
 No there isn't a specific reason IPA is GPLv2 Only, at the time when we
 started I actually proposed to use the brand new GPLv3 or later diction,
 but legal was not yet comfortable with GPLv3 so we went the default RH
 license at the time which was GPLv2 only.

 I would actually like to move to GPLv2 or later or even GPLv3 or later
 if our external code dependencies allows it without trouble.

 I think the only code that we may not be able to move to GPLv3 is the
 directory server plugins as DS is GPLv2+exceptions, but I have no
 problem in clearly spelling out that plugins have a different license
 because of their dependency and move on with the rest of the code.
   
   
 The directory server license allows for plugins to be released under 
 different licenses, provided the plugin uses only the public API 
 (defined in slapi-plugin.h).
 

 Yes, but that not what I am concerned about.
 I am not sure a plugin licensed under the GPLvX can be linked to the
 Directory Server without any exception.

 Simo.

   
I think what Rich said means that DS plugins can be licensed as we think
appropriate without any special exception for DS itself.

-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] Use DNS forwarders in /etc/named.conf

[Martin Nagy]

Hi,
This patch adds options --forwarder and --no-forwarders. At least one of
them must be used if you are doing a setup with DNS server. They are
also mutually exclusive. The --forwarder option can be used more than
once to specify more servers. If the installer runs in interactive mode,
it will prompt the user if none of these option was given at the command

MartinFrom 2dbd272bdbd366c4e1fc9a1b7456c5c6d12377ab Mon Sep 17 00:00:00 2001
From: Martin Nagy mn...@redhat.com
Date: Tue, 1 Sep 2009 23:28:52 +0200
Subject: [PATCH] Use DNS forwarders in /etc/named.conf

This patch adds options --forwarder and --no-forwarders. At least one of
them must be used if you are doing a setup with DNS server. They are
also mutually exclusive. The --forwarder option can be used more than
once to specify more servers. If the installer runs in interactive mode,
it will prompt the user if none of these option was given at the command
line.
---
 install/share/bind.named.conf.template |3 ++
 install/tools/ipa-server-install   |   46 +++-
 install/tools/man/ipa-server-install.1 |   12 +++-
 ipaserver/install/bindinstance.py  |   13 -
 4 files changed, 71 insertions(+), 3 deletions(-)

diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index 69bd86b..8b5fac2 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -5,6 +5,9 @@ options {
 	statistics-file		data/named_stats.txt;
 	memstatistics-file	data/named_mem_stats.txt;
 
+	forward first;
+	forwarders {$FORWARDERS};
+
 	tkey-gssapi-credential DNS/$FQDN;
 	tkey-domain $REALM;
 };
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index d0e9397..2c890b4 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -84,6 +84,10 @@ def parse_options():
   default=False, help=configure bind with our zone file)
 parser.add_option(--setup-dns, dest=setup_dns, action=store_true,
   default=False, help=configure bind with our zone)
+parser.add_option(--forwarder, dest=forwarders, action=append,
+  help=Add a DNS forwarder)
+parser.add_option(--no-forwarders, dest=no_forwarders, action=store_true,
+  default=False, help=Do not add any DNS forwarders, use root servers instead)
 parser.add_option(-U, --unattended, dest=unattended, action=store_true,
   default=False, help=unattended installation never prompts the user)
 parser.add_option(, --uninstall, dest=uninstall, action=store_true,
@@ -108,6 +112,14 @@ def parse_options():
   help=The starting gid value (default random))
 options, args = parser.parse_args()
 
+if not options.setup_dns:
+if options.forwarders:
+parser.error(You cannot specify a --forwarder option without the --setup-dns option)
+if options.no_forwarders:
+parser.error(You cannot specify a --no-forwarders option without the --setup-dns option)
+elif options.forwarders and options.no_forwarders:
+parser.error(You cannot specify a --forwarder option together with --no-forwarders)
+
 if options.uninstall:
 if (options.ds_user or options.realm_name or
 options.dm_password or options.admin_password or
@@ -117,6 +129,9 @@ def parse_options():
 if (not options.ds_user or not options.realm_name or
 not options.dm_password or not options.admin_password):
 parser.error(error: In unattended mode you need to provide at least -u, -r, -p and -a options)
+if options.setup_dns:
+if not options.forwarders and not options.no_forwarders:
+parser.error(You must specify at least one --forwarder option or --no-forwarders option)
 
 # If any of the PKCS#12 options are selected, all are required. Create a
 # list of the options and count it to enforce that all are required without
@@ -210,6 +225,27 @@ def read_ip_address(host_name):
 
 return ip
 
+def read_dns_forwarders():
+addrs = []
+while True:
+ip = user_input(Enter IP address for a DNS forwarder (empty to stop), allow_empty=True)
+
+if not ip:
+break
+if ip == 127.0.0.1 or ip == ::1:
+print You cannot use localhost as a DNS forwarder
+continue
+if not verify_ip_address(ip):
+continue
+
+print DNS forwarder %s added % ip
+addrs.append(ip)
+
+if not addrs:
+print No DNS forwarders configured
+
+return addrs
+
 def read_ds_user():
 print The server must run as a specific user in a specific group.
 print It is strongly recommended that this user should have no privileges
@@ -504,6 +540,14 @@ def main():
 else:
 admin_password = options.admin_password
 
+if options.setup_dns:
+if