[Freeipa-devel] [PATCHES] SPEC: Require python2 version of sssd bindings

Thu Mar 12 12:58:17 UTC 2015

On Thu, 12 Mar 2015, Alexander Bokovoy wrote:
>On Thu, 12 Mar 2015, Petr Vobornik wrote:
>>On 03/06/2015 03:13 PM, Alexander Bokovoy wrote:
>>>On Fri, 06 Mar 2015, Lukas Slebodnik wrote:
>>>>On (05/03/15 16:20), Petr Vobornik wrote:
>>>>>On 03/05/2015 11:23 AM, Lukas Slebodnik wrote:
>>>>>>On (05/03/15 08:54), Petr Vobornik wrote:
>>>>>>>On 02/27/2015 09:50 PM, Lukas Slebodnik wrote:
>>>>>>>>ehlo,
>>>>>>>>
>>>>>>>>Please review attached patches and fix freeipa in fedora 22 ASAP.
>>>>>>>>
>>>>>>>>I think the most critical is 1st patch
>>>>>>>>
>>>>>>>>sh$ git grep "SSSDConfig"  | grep import
>>>>>>>>install/tools/ipa-upgradeconfig:import SSSDConfig
>>>>>>>>ipa-client/ipa-install/ipa-client-automount:import SSSDConfig
>>>>>>>>ipa-client/ipa-install/ipa-client-install:    import SSSDConfig
>>>>>>>>
>>>>>>>>BTW package python-sssdconfig is provides since sssd-1.10.0alpha1
>>>>>>>>(2013-04-02)
>>>>>>>>but it was not explicitely required.
>>>>>>>>
>>>>>>>>The latest python3 changes in sssd (fedora 22) is just a result of
>>>>>>>>negligent
>>>>>>>>packaging of freeipa.
>>>>>>>>
>>>>>>>>LS
>>>>>>>>
>>>>>>>
>>>>>>>Fedora 22 was amended.
>>>>>>>
>>>>>>>Patch 1: ACK
>>>>>>>
>>>>>>>Patch 2: ACK
>>>>>>>
>>>>>>>Patch3:
>>>>>>>the package name is libsss_nss_idmap-python not
>>>>>>>python-libsss_nss_idmap
>>>>>>>which already is required in adtrust package
>>>>>>In sssd upstream we decided to rename package
>>>>>>libsss_nss_idmap-python to
>>>>>>python-libsss_nss_idmap according to new rpm python guidelines.
>>>>>>The python3 version has alredy correct name.
>>>>>>
>>>>>>We will rename package in downstream with next major release (1.13).
>>>>>>Of course it we will add "Provides: libsss_nss_idmap-python".
>>>>>>
>>>>>>We can push 3rd patch later or I can update 3rd patch.
>>>>>>What do you prefer?
>>>>>>
>>>>>>Than you very much for review.
>>>>>>
>>>>>>LS
>>>>>>
>>>>>
>>>>>Patch 3 should be updated to not forget the remaining change in
>>>>>ipa-python
>>>>>package.
>>>>>
>>>>>It then should be updated downstream and master when 1.13 is released in
>>>>>Fedora, or in master sooner if SSSD 1.13 becomes the minimal version
>>>>>required
>>>>>by master.
>>>>
>>>>Fixed.
>>>>
>>>>BTW Why ther is a pylint comment for some sssd modules
>>>>I did not kave any pylint problems after removing comment.
>>>>
>>>>ipalib/plugins/trust.py:32:    import pysss_murmur #pylint: disable=F0401
>>>>ipalib/plugins/trust.py:38:    import pysss_nss_idmap #pylint:
>>>>disable=F0401
>>>>
>>>>
>>>>And why are these modules optional (try except)
>>>Because they are needed to properly load in the case trust subpackages
>>>are not installed, to generate proper messages to users who will try
>>>these commands, like 'ipa trust-add' while the infrastructure is not in
>>>place.
>>>
>>>pylint is dumb for such cases.
>>>
>>>
>>
>>Alexander, the point was not to require python_nss_idmap and 
>>python-sss-murmur on ipa clients?
>Pylint is not used on ipa clients. The import statements do protection
>against failed import and that's what we use on the client side.
>
>>If so python-sss-murmur should be required only by trust-ad package 
>>and not python package (patch2). And patch 3 (adding 
>>libsss_nss_idmap-python to python package)  should not be used.
>We already have dependencies in trust-ad subpackage:
>%package server-trust-ad
>Summary: Virtual package to install packages required for Active Directory trusts
>Group: System Environment/Base
>Requires: %{name}-server = %version-%release
>Requires: m2crypto
>Requires: samba-python
>Requires: samba >= %{samba_version}
>Requires: samba-winbind
>Requires: libsss_idmap
>Requires: libsss_nss_idmap-python
>
>However, we don't ship the original plugins in this package because
>otherwise you wouldn't be able to use 'ipa trust*' from any machine
>other than those where trust-ad subpackage is installed. That's why we
>use import statements and catch the import exceptions.
Sent too early.

... and python-sss-murmur shoudl be required by trust-ad subpackage,
yes.

-- 
/ Alexander Bokovoy