Bug#740603: /etc/shibboleth not created when not using libapache2-mod-shib2

Russ Allbery rra at debian.org
Mon Mar 17 02:31:44 UTC 2014


"Cantor, Scott" <cantor.2 at osu.edu> writes:
> On 3/16/14, 5:48 PM, "Russ Allbery" <rra at debian.org> wrote:

>> libshibsp6 would depend on shibboleth-sp2-common.  libapache2-mod-shib2
>> would depend on shibboleth-sp2-utils.  Every other package would retain
>> its current contents and dependency structure.  (I know the authorizer
>> and responder need to be split off somehow eventually into a FastCGI
>> package, but I'll deal with that later.)

> Was going to mention that, ok.

On further thought, they probably make sense in the utils package,
actually.

> They're not linked to, they're plugin extension libraries that are
> specific to the ABI of the surrounding libraries they're built against.
> Nothing would ever link against them. They really belong with the
> library package, or if not, then in one or more extension packages
> representing the features they include.

Hm, okay, in that case I'm inclined to change the -common package to
-runtime (which is a more typical convention for arch-dependent supporting
files for libraries), put both the configuration and the plugins in that,
and have the library package depend on it.  Does that make sense?

> The ODBC plugin is the only thing that requires ODBC, for example, same
> for memcache.

Yeah, so having the library package depend on them needlessly pulls in
those shared libraries.  But I'm not sure further splitting is worth it to
avoid a few dependencies.  Debian tends to generate a lot of dependencies
on shared libraries and not worry about that too much.

> All of the utilities are fine together, but I can't really say for sure
> what to do with shibd. Based on what you're saying, it probably really
> is its own package if it can't be with the libraries, and the Apache
> package should depend on it. It's very unlike those utilities, none of
> which are in any way required to run all this.

Okay, that, plus your other response, makes me think that a better
approach would be something like this:

libapache2-mod-shib2
    Only the Apache module

shibd
    shibd and its init scripts

shibboleth-sp2-runtime
    configuration files
    plugins
    schema files

shibboleth-sp2-schemas
    becomes a transitional package and will go away in the next release

shibboleth-sp2-utils
    FastCGI programs
    all the other utilities

I kind of hate to add three more packages, but I think those all make
coherent sense, and in the long run its only an addition of two packages.
And that resolves the FastCGI program problem as well.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>



More information about the Pkg-shibboleth-devel mailing list