[Pkg-freeipa-devel] Bug#1016126: freeipa-server required libndr.so.1 and it's present only on Debian stable version
Michael Tokarev
mjt at tls.msk.ru
Sat Aug 3 15:57:28 BST 2024
On Wed, 27 Jul 2022 16:30:20 +0000 Lucas Castro <lucas at gnuabordo.com.br> wrote:
> Package: freeipa-server
> Version: 4.9.8-1+exp1
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: lucas at gnuabordo.com.br
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
> * What led up to the situation?
>
> I tried to install freeipa-server just for testing environment.
> The environment is Debian fresh installation in lxc container.
>
> Installation ends up with an error when it try to create the REALM
> kdb5_util: Unable to load requested database module 'ipadb.so': plugin symbol 'kdb_function_table' not found while creating database '/var/lib/krb5kdc/principal'
>
> So I investigated the library required by ipadb.so
> ldd /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/ipadb.so
> it's noticed libndr.so.1 is required and not present.
> The required library is present by samba-libs on Debian bullseye, the
> stable version by now.
>
> Unstable and Sid version install libndr.so.2 in turn.
This is an old issue.
libndr comes from samba, and there, it is NOT a public library.
However, several packages started using it, notable freeipa and sssd.
I knew about sssd, but didn't know about freeipa.
In debian bookworm, libndr was just one of many libraries in samba-libs
package. Upstream freely bumps soname of this library. And we never
noticed such updates, - when you build package with libndr from
bookworm, its dependency records "samba-libs (>= bookworm-version)",
which is obviously satisfyable with samba-libs from trixie with
libndr.so.2 or .3, - which is obviously wrong, since the package
needs libndr.so.1.
Later, with more recent samba versions, I made it more or less separate,
so if a package actually uses libndr, it gets recorded the correct
dependency. And a more recent samba might break such package, requiring
it to be rebuilt.
So today, just a rebuild of freeipa with current samba-libs (samba-dev)
will get the dependencies correctly. However, I can't retrospectively
rebuild freeipa in bookworm with correct deps (esp. since samba in
bookworm wont generate these deps anyway).
I guess I can add Breaks: freeipa (<= bookworm) to more recent samba-libs
to fix this.
/mjt
More information about the Pkg-freeipa-devel
mailing list