[Pkg-freeipa-devel] Looking for info on freeipa status

Timo Aaltonen tjaalton at debian.org
Thu Mar 15 11:59:17 GMT 2018

On 14.03.2018 02:00, Philippe Clérié wrote:
> Hello,
> I just got bit by an upgrade to Ubuntu/Bionic that does not contain
> Freeipa. Then I find out that the packages are no longer in
> Debian/Testing but are present in Sid. In addition, there are packages
> in bionic-proposed. So it looks like Freeipa will eventually get there
> but I am still concerned. Could you please clarify Freeipa status please?
> Thanks in advance.

Hi, here's something.

Dogtag still needs temporary tomcat8.0 and resteasy3.0 packages to work.
Upstream is about to release 10.6 which will work with tomcat 8.5 and
allows us to get rid of tomcat8.0. RESTEasy upstream recently released
3.5 which is backwards compatible with 3.0.x series, but also added a
bunch of new dependencies which would need to be packaged.

Even with both of these sorted out ipa-server-install needs libnsspem to
finish (bug #855879). IPA client would need that as well, or certmonger
wouldn't be able to refresh certificates. Getting libnsspem packaged
needs changes to src:nss which the maintainer refuses to add. So this is
probably something that the Debian technical committee needs to weigh in.

For bionic, the plan was to fix all of above. That doesn't look likely
anymore, so plan-b would be to provide freeipa-client only..

IPA has never been in Debian testing IIRC, btw.


More information about the Pkg-freeipa-devel mailing list