[Pkg-openldap-devel] OpenLDAP packaging going forward
Russ Allbery
rra at debian.org
Wed May 23 18:37:55 UTC 2007
Well, it looks like I'm not going to have as much time to work on OpenLDAP
packaging as I was hoping, and it looks like Stanford will probably want
to maintain our own packages internally at least through the 2.4 release,
but I'm still hoping that Debian will be able to benefit from some of that
work.
The first step is to update the current tree in Subversion to 2.3.35, plus
a few fixes, which should bring us back up to date with upstream. We're
going to try to base our internal packages on the Debian packaging and
feed any fixes back that are general, so hopefully that will keep the
Debian packages in better shape. We're going to be starting that work
soon.
As the first step in that process, I started reviewing the current patches
in the Debian package with an eye for whether they should be kept as
Debian-specific patches, fed upstream, or dropped. Here's the results of
an initial look:
connection-race
fix-memleak-acls-uses-sets
fix-memleak-on-failed-bind
kbind-security-fix
I believe these are already included in the 2.3.35 package and can be
dropped from the repository once we upgrade.
adminguide-docfixes
Should be checked against the current upstream to see if it's still
relevant and either submitted upstream or dropped.
disable-epoll-system-call
Allowed an OpenLDAP package built on a 2.6 kernel to run on 2.4.
Since Debian has now dropped support for 2.4 kernels, I think we can
drop this patch.
add-autogen-sh
use-lpthreads
The -lpthreads patch should be discussed upstream to see if we can
make this not a Debian-specific patch. We added it because mipsel
didn't like -pthreads (is this still the case?). Upstream may be
preferring -pthreads over -lpthreads for other reasons. I'd really
rather not carry this around, since it's the only reason why we're
running Autoconf and friends at build time. If we could get rid of
it, we could drop add-autogen-sh.
ntlm-ldap_h-hack
ntlm_c
Upstream dropped this code long ago. Can we just do the same thing?
I don't think it makes a lot of sense for Debian to try to maintain it
separately.
libldap-makefile_in
Part of this is the NTLM stuff. The rest is linking the libraries
with the pthread library, which should be fed upstream.
index-files-created-as-root
This is Debian-specific in its current form, since it always warns if
slapindex is running as root. Ideally, this would figure out if slapd
is running as a non-root user and then only warn if that's the case
and slapindex is running as a different user. For right now, we
should carry this patch as-is but suggest upstream the better fix.
read-config-before-dropping-privileges
I'm not sure the history of this patch, but my guess is that the
config file may contain private information and this makes the
permissions easier to handle? The changelog is not informative.
Should be fed upstream if it's really useful.
sasl-default-path
Should be fed upstream, as this looks generally useful.
fixmanpages
Fixes a bug in the .TH line of slapo-retcode.5. Should be fed
upstream.
ldapi-socket-place
man-slapd
man-slurpd
slapi-errorlog-file
slurpd-in-spool
wrong-database-location
These are all path fixes specific to Debian.
Following what I've done with other packages, I'm going to start
annotating these patches with bug numbers (Debian and upstream) where
available and renaming the ones that are Debian-specific and not suitable
for feeding upstream to start with debian-. (I assume no one has
objections to that.) However, I'll start by updating to 2.3.35.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-openldap-devel
mailing list