On Fri, 2021-06-18 at 16:27 +0200, Simon Pichugin wrote: > Hi folks, > my name is Simon Pichugin and I am a maintainer for OpenLDAP. > > Recently, OpenLDAP has released 2.5 version. > It has quite a big amount of changes - > https://www.openldap.org/software/release/announce.html > And it includes a pretty important "Upgrading from 2.4.x" section - > https://www.openldap.org/doc/admin25/guide.html#Upgrading%20from%202.4.x > Also, OpenLDAP on Fedora currently has links to a versioned library: > > ❯ ldconfig -p | grep libldap > libldap_r-2.4.so.2 (libc6,x86-64) => /lib64/libldap_r-2.4.so.2 > libldap-2.4.so.2 (libc6,x86-64) => /lib64/libldap-2.4.so.2 > Hi Simon, is upstream releasing libraries with the versioned name in? Or was this a Fedora packaging decision? Are they actually breaking ABI between 2.4 and 2.5 ? > This makes it harder to upgrade as a lot of packages depend on the > versioned one (and the new package has only libldap-2.5.so.2 library. (I > even filed an issue to sudo but I think it's not related to them much - > https://github.com/sudo-project/sudo/issues/105 ) > I suggest carefully reading the sections that talk about SONAME in here: https://docs.fedoraproject.org/en-US/packaging-guidelines/ > I came here for advice as the upgrade can be a sensitive subject for many > users. > > What I think can be done: > > - Rework openldap-compat package for openldap 2.5, so it will include > libldap-2.4 libs (both with and without '_r'). I am not exactly sure what's > the proper way to do this (make a tarball with the compiled libldap-2.4 > libs and place it to the repo - would be okay?) No, you would probably want to have a separate package with its own sources. > - Openldap 2.5 package will include only libldap-2.5.so.2 library and > while testing we will tag it with some build tag so we can make sure that > everything builds with it successfully. Are there any API changes in 2.5 ? I am wondering, is this just a gratuitous rename from upstream? Or will there be issues building code because API changed? What about the ABI? If the ABI hasn't changes we could even think about just providing symlinks ... > I am not sure how we can help openldap-servers package users. Should we > create a change proposal that will include all of the information about the > upgrade (from the OpenLDAP Upstream guide)? And hope that they will read it > before the package upgrade? Is there any other way to notify them during > 'dnf update'? One way to deal with this, if you create a compat package, is to provide the 2.4 slapcat tool that is needed to perform the database conversion. Then create an UPGRADE file with pointers in it to the relevant documentation and *copy* it to the config directory (or somwhere appropriate) in the pre-upgrade script if the package we are upgrading to is from < 2.5 version. Then add a check in the systemd unit file that will *prevent* the server from being started if that file is present. Inside the file the last instruction will be to delete the file. This means the upgrade will not be seamless as the ldap server will not restart until manually fixed, but at least it will be manageable by admins. > Please, share any of your thoughts on this issue. I'll come to a decision > sometime soon as we need to get OpenLDAP 2.5 at least in some state to the > Fedora Rawhide so it can be properly tested. > > Thank you for all of your great work on our awesome Fedora! > > Sincerely, > Simon > > P.S. the PR for 2.5 change was filed by a community member and we already > have some discussion there - > https://src.fedoraproject.org/rpms/openldap/pull-request/6 Thanks for bringing this up, I do not envy the position you are in, hairy upgrades are hairy. Have you checked if debian or any other distro already have something. We may want to look at other people's clever ideas, and if good it may make sense to align so we have similar way to handle upgrades and users using multiple distributions will find it easier. HTH, Simo. > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure