[Freeipa-devel] [PATCH] 0086 Make sure samba{, 4}-winbind-krb5-locator package is not installed when trusts are in use
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator package
when -server-trust-ad subpackage is installed.
Please note that since feature-wise the two packages would be
conflicting in use, one has to play tricks with rpm to enforce
automatic removal of the samba{,4}-winbind-krb5-locator with Obsoletes:
in addtion to Conflicts: tag. This allows to ensure the two packages
never installed together:
Conflicts: tag would prevent installing samba{,4}-winbind-krb5-locator after
freeipa-server-trust-ad subpackage is installed.
Obsoletes: tag would force removal of samba{,4}-winbind-krb5-locator
during the install of freeipa-server-trust-ad.
https://fedorahosted.org/freeipa/ticket/3102
--
/ Alexander Bokovoy
From 81f31e5fef0e21cc256bd8f8bffa6e551b72da89 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Wed, 10 Oct 2012 09:46:08 +0300
Subject: [PATCH 3/5] Make sure samba{,4}-winbind-krb5-locator package is not
installed when trusts are in use
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting
with krb5 locator based on winbind, make sure there is conflict that will force
removing
samba{,4}-winbind-krb5-locator package when -server-trust-ad subpackage is
installed.
https://fedorahosted.org/freeipa/ticket/3102
---
freeipa.spec.in | 9 +
1 file changed, 9 insertions(+)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index
cc27ffe43758eaedcaaf31b7f55d35d689cec0ae..a9cb05002831cb85f3446b70572828e6f60c7649
100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -230,6 +230,12 @@ Requires: samba4
Requires: samba4-winbind
%endif
Requires: libsss_idmap
+# There should be no winbind-based krb5 locator plugin installed on the server
where
+# trusts are configured since the configurations basically contradict each
other
+Conflicts: samba4-winbind-krb5-locator
+Conflicts: samba-winbind-krb5-locator
+Obsoletes: samba4-winbind-krb5-locator
+Obsoletes: samba-winbind-krb5-locator
%description server-trust-ad
Cross-realm trusts with Active Directory in IPA require working Samba 4
installation.
@@ -786,6 +792,9 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Wed Oct 10 2012 Alexander Bokovoy aboko...@redhat.com - 2.99.0-49
+- Make sure server-trust-ad subpackage conflicts with
samba{,4}-winbind-krb5-locator
+
* Mon Oct 8 2012 Martin Kosek mko...@redhat.com - 2.99.0-48
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
--
1.7.12
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0086 Make sure samba{, 4}-winbind-krb5-locator package is not installed when trusts are in use
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator package
when -server-trust-ad subpackage is installed.
Please note that since feature-wise the two packages would be
conflicting in use, one has to play tricks with rpm to enforce
automatic removal of the samba{,4}-winbind-krb5-locator with Obsoletes:
in addtion to Conflicts: tag. This allows to ensure the two packages
never installed together:
Conflicts: tag would prevent installing samba{,4}-winbind-krb5-locator after
freeipa-server-trust-ad subpackage is installed.
Obsoletes: tag would force removal of samba{,4}-winbind-krb5-locator
during the install of freeipa-server-trust-ad.
Unfortunately, the side-effect of the Obsoletes: tag is that
freeipa-server-trust-ad would always be selected from the repository
whenever one wants to install samba{,4}-winbind-krb5-locator, so this
approach does not work.
We can keep pure Conflicts: tags because they would prevent co-install
of the packages. They alone would not be able to provide way to solve
conflicts.
I'm working on a bit more complex variant with alternatives.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0086 Make sure samba{, 4}-winbind-krb5-locator package is not installed when trusts are in use
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator package
when -server-trust-ad subpackage is installed.
Please note that since feature-wise the two packages would be
conflicting in use, one has to play tricks with rpm to enforce
automatic removal of the samba{,4}-winbind-krb5-locator with Obsoletes:
in addtion to Conflicts: tag. This allows to ensure the two packages
never installed together:
Conflicts: tag would prevent installing samba{,4}-winbind-krb5-locator after
freeipa-server-trust-ad subpackage is installed.
Obsoletes: tag would force removal of samba{,4}-winbind-krb5-locator
during the install of freeipa-server-trust-ad.
Unfortunately, the side-effect of the Obsoletes: tag is that
freeipa-server-trust-ad would always be selected from the repository
whenever one wants to install samba{,4}-winbind-krb5-locator, so this
approach does not work.
We can keep pure Conflicts: tags because they would prevent co-install
of the packages. They alone would not be able to provide way to solve
conflicts.
I'm working on a bit more complex variant with alternatives.
New patch attached. I verified that it works but in order to make it
useful, samba{,4} package needs to be updated to include alternatives
for winbind_krb5_locator.so plugin. Working on that now.
--
/ Alexander Bokovoy
From ce35a07c652bfafd68c2be6878d92675f15d810c Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Wed, 10 Oct 2012 09:46:08 +0300
Subject: [PATCH 3/5] Make sure samba{,4}-winbind-krb5-locator package is not
used when trusts are in going to be configured
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting
with krb5 locator based on winbind, use alternatives mechanism to turn off the
locator
plugin by symlinking it to /dev/null.
https://fedorahosted.org/freeipa/ticket/3102
---
freeipa.spec.in | 30 ++
1 file changed, 30 insertions(+)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index
cc27ffe43758eaedcaaf31b7f55d35d689cec0ae..97aa501b3153243ddb213c1b6d85d7a46cc00b70
100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -230,6 +230,13 @@ Requires: samba4
Requires: samba4-winbind
%endif
Requires: libsss_idmap
+# We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5
+# on the installes where server-trust-ad subpackage is installed because
+# IPA AD trusts cannot be used at the same time with the locator plugin
+# since Winbindd will be configured in a different mode
+Requires(post): %{_sbindir}/update-alternatives
+Requires(postun): %{_sbindir}/update-alternatives
+Requires(preun): %{_sbindir}/update-alternatives
%description server-trust-ad
Cross-realm trusts with Active Directory in IPA require working Samba 4
installation.
@@ -438,6 +445,9 @@ install -m 0644 init/systemd/ipa.conf.tmpfiles
%{buildroot}%{_sysconfdir}/tmpfil
mkdir -p %{buildroot}%{_localstatedir}/run/
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
+mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
+touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
+
%if 0%{?fedora} = 16
# Default to systemd initscripts for F16 and above
mkdir -p %{buildroot}%{_unitdir}
@@ -568,6 +578,22 @@ if [ $? == 0 -a ${SELINUXTYPE} == targeted -a -f
${FILE_CONTEXT}.%{name} ]; t
rm -f ${FILE_CONTEXT}.%name
fi
fi
+
+%postun server-trust-ad
+if [ $1 -ge 1 ]; then
+ if [ `readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`
== /dev/null ]; then
+ %{_sbindir}/alternatives --set winbind_krb5_locator.so /dev/null
+ fi
+fi
+
+%post server-trust-ad
+%{_sbindir}/update-alternatives --install
%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so \
+ winbind_krb5_locator.so /dev/null 90
+
+%preun server-trust-ad
+if [ $1 -eq 0 ]; then
+ %{_sbindir}/update-alternatives --remove winbind_krb5_locator.so
/dev/null
+fi
%endif
@@ -733,6 +759,7 @@ fi
%{_mandir}/man1/ipa-adtrust-install.1.gz
%{python_sitelib}/ipaserver/dcerpc*
%{python_sitelib}/ipaserver/install/adtrustinstance*
+%ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
%endif
%files client
@@ -786,6 +813,10 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Wed Oct 10 2012 Alexander Bokovoy aboko...@redhat.com - 2.99.0-49
+- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
+ plugin to /dev/null since they cannot be used when trusts are configured
+
* Mon Oct 8 2012 Martin Kosek mko...@redhat.com - 2.99.0-48
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
--
1.7.12
___
Re: [Freeipa-devel] [PATCH] 0086 Make sure samba{, 4}-winbind-krb5-locator package is not installed when trusts are in use
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator package
when -server-trust-ad subpackage is installed.
Please note that since feature-wise the two packages would be
conflicting in use, one has to play tricks with rpm to enforce
automatic removal of the samba{,4}-winbind-krb5-locator with Obsoletes:
in addtion to Conflicts: tag. This allows to ensure the two packages
never installed together:
Conflicts: tag would prevent installing samba{,4}-winbind-krb5-locator after
freeipa-server-trust-ad subpackage is installed.
Obsoletes: tag would force removal of samba{,4}-winbind-krb5-locator
during the install of freeipa-server-trust-ad.
Unfortunately, the side-effect of the Obsoletes: tag is that
freeipa-server-trust-ad would always be selected from the repository
whenever one wants to install samba{,4}-winbind-krb5-locator, so this
approach does not work.
We can keep pure Conflicts: tags because they would prevent co-install
of the packages. They alone would not be able to provide way to solve
conflicts.
I'm working on a bit more complex variant with alternatives.
New patch attached. I verified that it works but in order to make it
useful, samba{,4} package needs to be updated to include alternatives
for winbind_krb5_locator.so plugin. Working on that now.
Attached is the patch for samba (f18, rawhide).
--
/ Alexander Bokovoy
From a78139d777deab75e3bf500472d88cba6a720484 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Wed, 10 Oct 2012 12:21:42 +0300
Subject: [PATCH] Move winbind_krb5_locator.so to back to %_libdir and use
alternatives instead
This is required to support IPA AD trusts where winbind_krb5_locator.so should
be disabled. The only way to disable it without uninstalling the package is to
make it configurable via alternatives system.
---
samba.spec | 36
1 file changed, 32 insertions(+), 4 deletions(-)
diff --git a/samba.spec b/samba.spec
index
292fd7e90221795982788dc7a7606fa907dfa4e3..a3cc66b326f7cf83b4c81939aa70d35b80fcae0b
100644
--- a/samba.spec
+++ b/samba.spec
@@ -1,4 +1,4 @@
-%define main_release 152
+%define main_release 153
%define samba_version 4.0.0
%define talloc_version 2.0.7
@@ -279,6 +279,14 @@ Requires: %{name}-libs = %{samba_depver}
Provides: samba4-winbind-krb5-locator = %{samba_depver}
Obsoletes: samba4-winbind-krb5-locator %{samba_depver}
+# Handle winbind_krb5_locator.so as alternatives to allow
+# IPA AD trusts case where it should not be used by libkrb5
+# The plugin will be diverted to /dev/null by the FreeIPA
+# freeipa-server-trust-ad subpackage due to higher priority
+# and restored to the proper one on uninstall
+Requires(post): %{_sbindir}/update-alternatives
+Requires(postun): %{_sbindir}/update-alternatives
+Requires(preun): %{_sbindir}/update-alternatives
%description winbind-krb5-locator
The winbind krb5 locator is a plugin for the system kerberos library to allow
@@ -538,8 +546,7 @@ done
# winbind krb5 locator
install -d -m 0755 %{buildroot}%{_libdir}/krb5/plugins/libkrb5
-install -m 755 %{buildroot}/%{_libdir}/winbind_krb5_locator.so
%{buildroot}/%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
-rm -f %{buildroot}/%{_libdir}/winbind_krb5_locator.so
+touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
# cleanup stuff that does not belong here
rm -f %{buildroot}/%{_mandir}/man3/ldb.3*
@@ -557,6 +564,7 @@ rm -rf %{buildroot}%{perl_vendorlib}/Parse/Yapp
# Fix up permission on perl install.
%{_fixperms} %{buildroot}%{perl_vendorlib}
+
# Remove stuff the buildsystem did not handle correctly
rm -f %{buildroot}%{_libdir}/security/pam_smbpass.so
rm -f %{buildroot}%{python_sitelib}/tevent.py
@@ -622,6 +630,22 @@ rm -f %{buildroot}%{python_sitelib}/tevent.py
%postun -n libwbclient -p /sbin/ldconfig
%endif # with_libwbclient
+%postun winbind-krb5-locator
+if [ $1 -ge 1 ]; then
+if [ `readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`
== %{_libdir}/winbind_krb5_locator.so ]; then
+%{_sbindir}/alternatives --set winbind_krb5_locator
%{_libdir}/winbind_krb5_locator.so
+fi
+fi
+
+%post winbind-krb5-locator
+%{_sbindir}/update-alternatives --install
%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so \
+winbind_krb5_locator.so
%{_libdir}/winbind_krb5_locator.so 10
+
+%preun winbind-krb5-locator
+if [ $1 -eq 0 ]; then
+%{_sbindir}/update-alternatives --remove winbind_krb5_locator.so
%{_libdir}/winbind_krb5_locator.so
+fi
+
%clean
rm -rf %{buildroot}
@@ -905,7 +929,8 @@ rm -rf %{buildroot}
%files winbind-krb5-locator
%defattr(-,root,root)
Re: [Freeipa-devel] [PATCH] 0086 Make sure samba{, 4}-winbind-krb5-locator package is not installed when trusts are in use
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator package
when -server-trust-ad subpackage is installed.
Please note that since feature-wise the two packages would be
conflicting in use, one has to play tricks with rpm to enforce
automatic removal of the samba{,4}-winbind-krb5-locator with Obsoletes:
in addtion to Conflicts: tag. This allows to ensure the two packages
never installed together:
Conflicts: tag would prevent installing samba{,4}-winbind-krb5-locator after
freeipa-server-trust-ad subpackage is installed.
Obsoletes: tag would force removal of samba{,4}-winbind-krb5-locator
during the install of freeipa-server-trust-ad.
Unfortunately, the side-effect of the Obsoletes: tag is that
freeipa-server-trust-ad would always be selected from the repository
whenever one wants to install samba{,4}-winbind-krb5-locator, so this
approach does not work.
We can keep pure Conflicts: tags because they would prevent co-install
of the packages. They alone would not be able to provide way to solve
conflicts.
I'm working on a bit more complex variant with alternatives.
New patch attached. I verified that it works but in order to make it
useful, samba{,4} package needs to be updated to include alternatives
for winbind_krb5_locator.so plugin. Working on that now.
--
/ Alexander Bokovoy
it works for me as well, so ACK. But I think we should add some minimal version
to 'Requires: samba4' as well to make sure that it will work with the
installed samba version. Shall we add this with a second patch later
when the packages are available or hold the whole patch?
bye,
Sumit
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0086 Make sure samba{, 4}-winbind-krb5-locator package is not installed when trusts are in use
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator package
when -server-trust-ad subpackage is installed.
Please note that since feature-wise the two packages would be
conflicting in use, one has to play tricks with rpm to enforce
automatic removal of the samba{,4}-winbind-krb5-locator with Obsoletes:
in addtion to Conflicts: tag. This allows to ensure the two packages
never installed together:
Conflicts: tag would prevent installing samba{,4}-winbind-krb5-locator after
freeipa-server-trust-ad subpackage is installed.
Obsoletes: tag would force removal of samba{,4}-winbind-krb5-locator
during the install of freeipa-server-trust-ad.
Unfortunately, the side-effect of the Obsoletes: tag is that
freeipa-server-trust-ad would always be selected from the repository
whenever one wants to install samba{,4}-winbind-krb5-locator, so this
approach does not work.
We can keep pure Conflicts: tags because they would prevent co-install
of the packages. They alone would not be able to provide way to solve
conflicts.
I'm working on a bit more complex variant with alternatives.
New patch attached. I verified that it works but in order to make it
useful, samba{,4} package needs to be updated to include alternatives
for winbind_krb5_locator.so plugin. Working on that now.
--
/ Alexander Bokovoy
it works for me as well, so ACK. But I think we should add some minimal version
to 'Requires: samba4' as well to make sure that it will work with the
installed samba version. Shall we add this with a second patch later
when the packages are available or hold the whole patch?
Since alternatives do not change the target if it is not a symlink, we
can safely make a second patch once Andreas makes new packages
available.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0086 Make sure samba{, 4}-winbind-krb5-locator package is not installed when trusts are in use
On Wednesday 10 October 2012 15:40:17 Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts
is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator
package
when -server-trust-ad subpackage is installed.
Please note that since feature-wise the two packages would be
conflicting in use, one has to play tricks with rpm to enforce
automatic removal of the samba{,4}-winbind-krb5-locator with Obsoletes:
in addtion to Conflicts: tag. This allows to ensure the two packages
never installed together:
Conflicts: tag would prevent installing samba{,4}-winbind-krb5-locator
after freeipa-server-trust-ad subpackage is installed.
Obsoletes: tag would force removal of samba{,4}-winbind-krb5-locator
during the install of freeipa-server-trust-ad.
Unfortunately, the side-effect of the Obsoletes: tag is that
freeipa-server-trust-ad would always be selected from the repository
whenever one wants to install samba{,4}-winbind-krb5-locator, so this
approach does not work.
We can keep pure Conflicts: tags because they would prevent co-install
of the packages. They alone would not be able to provide way to solve
conflicts.
I'm working on a bit more complex variant with alternatives.
New patch attached. I verified that it works but in order to make it
useful, samba{,4} package needs to be updated to include alternatives
for winbind_krb5_locator.so plugin. Working on that now.
--
/ Alexander Bokovoy
it works for me as well, so ACK. But I think we should add some minimal
version to 'Requires: samba4' as well to make sure that it will work with
the installed samba version. Shall we add this with a second patch later
when the packages are available or hold the whole patch?
Since alternatives do not change the target if it is not a symlink, we
can safely make a second patch once Andreas makes new packages
available.
Packages with the patch are build and available at:
https://admin.fedoraproject.org/updates/samba-4.0.0-153.fc18.rc2
RHEL6 packages are building and will be available in a few hours.
-- andreas
--
Andreas Schneider GPG-ID: 8B7EB4B8
Red Hat a...@redhat.com
Samba Team a...@samba.org
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0086 Make sure samba{, 4}-winbind-krb5-locator package is not installed when trusts are in use
On Wed, 2012-10-10 at 17:57 +0200, Andreas Schneider wrote:
On Wednesday 10 October 2012 15:40:17 Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts
is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator
package
when -server-trust-ad subpackage is installed.
Please note that since feature-wise the two packages would be
conflicting in use, one has to play tricks with rpm to enforce
automatic removal of the samba{,4}-winbind-krb5-locator with Obsoletes:
in addtion to Conflicts: tag. This allows to ensure the two packages
never installed together:
Conflicts: tag would prevent installing samba{,4}-winbind-krb5-locator
after freeipa-server-trust-ad subpackage is installed.
Obsoletes: tag would force removal of samba{,4}-winbind-krb5-locator
during the install of freeipa-server-trust-ad.
Unfortunately, the side-effect of the Obsoletes: tag is that
freeipa-server-trust-ad would always be selected from the repository
whenever one wants to install samba{,4}-winbind-krb5-locator, so this
approach does not work.
We can keep pure Conflicts: tags because they would prevent co-install
of the packages. They alone would not be able to provide way to solve
conflicts.
I'm working on a bit more complex variant with alternatives.
New patch attached. I verified that it works but in order to make it
useful, samba{,4} package needs to be updated to include alternatives
for winbind_krb5_locator.so plugin. Working on that now.
--
/ Alexander Bokovoy
it works for me as well, so ACK. But I think we should add some minimal
version to 'Requires: samba4' as well to make sure that it will work with
the installed samba version. Shall we add this with a second patch later
when the packages are available or hold the whole patch?
Since alternatives do not change the target if it is not a symlink, we
can safely make a second patch once Andreas makes new packages
available.
Packages with the patch are build and available at:
https://admin.fedoraproject.org/updates/samba-4.0.0-153.fc18.rc2
RHEL6 packages are building and will be available in a few hours.
Tested with all packages in place and after an upgrade from 2.2.0 to 3.0
ACK all around.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0086 Make sure samba{, 4}-winbind-krb5-locator package is not installed when trusts are in use
Simo Sorce wrote:
On Wed, 2012-10-10 at 17:57 +0200, Andreas Schneider wrote:
On Wednesday 10 October 2012 15:40:17 Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Sumit Bose wrote:
On Wed, Oct 10, 2012 at 12:04:06PM +0300, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
On Wed, 10 Oct 2012, Alexander Bokovoy wrote:
Hi,
Since use of winbind on FreeIPA server that is configured with trusts
is
conflicting with krb5 locator based on winbind, make sure there is
conflict that will force removing samba{,4}-winbind-krb5-locator
package
when -server-trust-ad subpackage is installed.
Please note that since feature-wise the two packages would be
conflicting in use, one has to play tricks with rpm to enforce
automatic removal of the samba{,4}-winbind-krb5-locator with Obsoletes:
in addtion to Conflicts: tag. This allows to ensure the two packages
never installed together:
Conflicts: tag would prevent installing samba{,4}-winbind-krb5-locator
after freeipa-server-trust-ad subpackage is installed.
Obsoletes: tag would force removal of samba{,4}-winbind-krb5-locator
during the install of freeipa-server-trust-ad.
Unfortunately, the side-effect of the Obsoletes: tag is that
freeipa-server-trust-ad would always be selected from the repository
whenever one wants to install samba{,4}-winbind-krb5-locator, so this
approach does not work.
We can keep pure Conflicts: tags because they would prevent co-install
of the packages. They alone would not be able to provide way to solve
conflicts.
I'm working on a bit more complex variant with alternatives.
New patch attached. I verified that it works but in order to make it
useful, samba{,4} package needs to be updated to include alternatives
for winbind_krb5_locator.so plugin. Working on that now.
--
/ Alexander Bokovoy
it works for me as well, so ACK. But I think we should add some minimal
version to 'Requires: samba4' as well to make sure that it will work with
the installed samba version. Shall we add this with a second patch later
when the packages are available or hold the whole patch?
Since alternatives do not change the target if it is not a symlink, we
can safely make a second patch once Andreas makes new packages
available.
Packages with the patch are build and available at:
https://admin.fedoraproject.org/updates/samba-4.0.0-153.fc18.rc2
RHEL6 packages are building and will be available in a few hours.
Tested with all packages in place and after an upgrade from 2.2.0 to 3.0
ACK all around.
Simo.
Pushed Alexander's patch to master and ipa-3-0
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
