freeipa

Clone
Source Code
GIT

#2537 Limit version dependencies
Closed: Fixed None Opened 13 years ago by rcritten.

Closed: Fixed
Reopen Issue

In order to provide a more stable environment for IPA Simo proposed that we severely limit what versions of some dependencies we allow to a single version.

For example, we would allow any release of 389-ds-base 1.2.10 but not 1.2.11.

This would apply at first to the following major dependencies:

- 389-ds-base
- pki-*
- krb5-*

I'm not sure how practical this is going to be with 389-ds-base.

Their numbering scheme looks like 1.2.11.4 where 1.2.11 is the major version and 4 is the minor. AFAICT we can't limit to 1.2.11.*.

Simo, was your original idea to limit to 389-ds-base versions like 1.2.11.4?

This is my proposal for rawhide:

diff --git a/freeipa.spec b/freeipa.spec
index 120e87c..598a29f 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -15,7 +15,7 @@ distutils.sysconfig import get_python_lib; print(get_python_li
b(1))")}

 Name:           freeipa
 Version:        3.0.0
-Release:        0.1%{?dist}
+Release:        0.2%{?dist}
 Summary:        The Identity, Policy and Audit system

 Group:          System Environment/Base
@@ -25,7 +25,7 @@ Source0:        http://www.freeipa.org/downloads/src/freeipa-%
{VERSION}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

 %if ! %{ONLY_CLIENT}
-BuildRequires:  389-ds-base-devel >= 1.2.10.4
+BuildRequires:  389-ds-base-devel = 1.2.11.7
 BuildRequires:  svrcore-devel
 BuildRequires:  /usr/share/selinux/devel/Makefile
 BuildRequires:  policycoreutils >= %{POLICYCOREUTILSVER}
@@ -82,11 +82,11 @@ Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
 Requires: %{name}-server-selinux = %{version}-%{release}
-Requires(pre): 389-ds-base >= 1.2.11.7-2
+Requires(pre): 389-ds-base = 1.2.11.7
 Requires: openldap-clients
 Requires: nss
 Requires: nss-tools
-Requires: krb5-server >= 1.10-2
+Requires: krb5-server = 1.10.2
 Requires: krb5-pkinit-openssl
 Requires: cyrus-sasl-gssapi%{?_isa}
 Requires: ntp
@@ -106,9 +106,9 @@ Requires(post): systemd-units
 Requires: selinux-policy >= 3.11.0-4
 Requires(post): selinux-policy-base
 Requires: slapi-nis >= 0.40
-Requires: pki-ca
-Requires: pki-silent
-Requires: pki-setup
+Requires: pki-ca = 9.0.20
+Requires: pki-silent = 9.0.20
+Requires: pki-setup = 9.0.20
 # Only tomcat6 greater than this version provides proper systemd support
 Requires: tomcat6 >= 6.0.35-4
 Requires: dogtag-pki-common-theme
@@ -637,6 +637,12 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt

 %changelog
+* Tue Jul 17 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.2
+- Make some dependencies more version-specific to prevent upgrade issues.
+- 389-ds-base: 1.2.11.7
+- krb5-server: 1.10.2
+- pki-*: 9.0.20
+
 * Mon Jul  2 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.1
 - Updated to upstream 3.0.0 beta 1

Simo had the idea of creating an optional sub-package that had the strict dependencies.

We would recommend having this installed on production servers, but if one needed to upgrade a specific package they could uninstall this meta package and be allowed to upgrade as needed.

I don't think this is going to work. Because other sub-packages have >= package requirements those are honored over one with strict requirements.

strict sub-package added to Fedora 18 and rawhide in 3.0.0.

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 3.0 GA
8 years ago

Log in to comment on this ticket.

Metadata
None
None
None
low
None
None
None
None
task
None
None
IPA
None
0
None
None
None
None
None
None
None
0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.