Re: OpenLDAP 2.5 - Fedora Release - Help Needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2021-06-18 at 16:27 +0200, Simon Pichugin wrote:
> Hi folks,
> my name is Simon Pichugin and I am a maintainer for OpenLDAP.
> 
> Recently, OpenLDAP has released 2.5 version.
> It has quite a big amount of changes -
> https://www.openldap.org/software/release/announce.html
> And it includes a pretty important "Upgrading from 2.4.x" section -
> https://www.openldap.org/doc/admin25/guide.html#Upgrading%20from%202.4.x
> Also, OpenLDAP on Fedora currently has links to a versioned library:
> 
>     ❯ ldconfig -p | grep libldap
>     libldap_r-2.4.so.2 (libc6,x86-64) => /lib64/libldap_r-2.4.so.2
>     libldap-2.4.so.2 (libc6,x86-64) => /lib64/libldap-2.4.so.2
> 

Hi Simon,
is upstream releasing libraries with the versioned name in?
Or was this a Fedora packaging decision?

Are they actually breaking ABI between 2.4 and 2.5 ?

> This makes it harder to upgrade as a lot of packages depend on the
> versioned one (and the new package has only libldap-2.5.so.2 library. (I
> even filed an issue to sudo but I think it's not related to them much -
> https://github.com/sudo-project/sudo/issues/105 )
> 

I suggest carefully reading the sections that talk about SONAME in
here: https://docs.fedoraproject.org/en-US/packaging-guidelines/

> I came here for advice as the upgrade can be a sensitive subject for many
> users.
> 
> What I think can be done:
> 
>    - Rework openldap-compat package for openldap 2.5, so it will include
>    libldap-2.4 libs (both with and without '_r'). I am not exactly sure what's
>    the proper way to do this (make a tarball with the compiled libldap-2.4
>    libs and place it to the repo - would be okay?)

No, you would probably want to have a separate package with its own
sources.

>    - Openldap 2.5 package will include only libldap-2.5.so.2 library and
>    while testing we will tag it with some build tag so we can make sure that
>    everything builds with it successfully.

Are there any API changes in 2.5 ?
I am wondering, is this just a gratuitous rename from upstream? Or will
there be issues building code because API changed? What about the ABI?

If the ABI hasn't changes we could even think about just providing
symlinks ...

> I am not sure how we can help openldap-servers package users. Should we
> create a change proposal that will include all of the information about the
> upgrade (from the OpenLDAP Upstream guide)? And hope that they will read it
> before the package upgrade? Is there any other way to notify them during
> 'dnf update'?

One way to deal with this, if you create a compat package, is to
provide the 2.4 slapcat tool that is needed to perform the database
conversion. Then create an UPGRADE file with pointers in it to the
relevant documentation and *copy* it to the config directory (or
somwhere appropriate)  in the pre-upgrade script if the package we are
upgrading to is from < 2.5 version.
Then add a check in the systemd unit file that will *prevent* the
server from being started if that file is present.

Inside the file the last instruction will be to delete the file.

This means the upgrade will not be seamless as the ldap server will not
restart until manually fixed, but at least it will be manageable by
admins.

> Please, share any of your thoughts on this issue. I'll come to a decision
> sometime soon as we need to get OpenLDAP 2.5 at least in some state to the
> Fedora Rawhide so it can be properly tested.
> 
> Thank you for all of your great work on our awesome Fedora!
> 
> Sincerely,
> Simon
> 
> P.S. the PR for 2.5 change was filed by a community member and we already
> have some discussion there -
> https://src.fedoraproject.org/rpms/openldap/pull-request/6

Thanks for bringing this up, I do not envy the position you are in,
hairy upgrades are hairy.

Have you checked if debian or any other distro already have something.
We may want to look at other people's clever ideas, and if good it may
make sense to align so we have similar way to handle upgrades and users
using multiple distributions will find it easier.

HTH,
Simo.

> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc



_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux