[Samba] Samba 4.16 and 4.17 ubuntu focal and jammy packages
Kees van Vloten
keesvanvloten at gmail.com
Fri Oct 28 09:30:56 UTC 2022
On 28-10-2022 10:57, Michael Tokarev wrote:
> 28.10.2022 11:40, Kees van Vloten wrote:
>> Hi Michael,
>> I just checked the repos you recently made available for Ubuntu. You
>> have separate repos for Ubuntu versions and also for Samba versions.
>> This approach mimics the structure Louis has.
> I don't really know about the structure of Louis repository - I never
> looked there.
Well, it is identical to the structure on corpit.ru/mjt
>> I know the the Debian packages are available in the Debian repos, for
>> Buster mainly backports for a recent version. But Debian has a single
>> repo with a single Samba version. Would it be possible to publish the
>> Debian packages (similar to Ubuntu) in a repo per Samba version on
>> corpit.ru/mjt ?
> It is not really like this on Debian.
> The thing is that for Debian stable, we have 2 versions available: the
> shipped with bullseye (with most updates, at least the ones which didn't
> require painful backporting), and the one available in the backports.
> For bookworm, it will be bookworm release and bookworm-backports too
> hopefully anyway). If bookworm were released earlier this year, it would
> be 4.16 in bookworm and 4.17 in bpo, or something like that.
Generally a next Debian release does not have usable packages for the
current release, because of dependencies on newer package versions of
almost everything including things like libc.
> So that's two. It's possible to support buster-backports-sloppy as well,
> and bullseye-backports-sloppy once bookworm will be out.
> For debian unstable, there are again - for now - two version of samba
> to choose from: it is unstable version, and it is experimental version.
> Currently 4.17 is in experimental, and it is not available for debian
> bullseye (current stable), -- this is because I'm not confident with
> 4.17 yet, myself. See the recent 4.17.2 bugfix release, - the CVE issue
> with directory escape via symlinks. If it were not that, I'd move to
> 4.17 for unstable too, and stop providing 4.16 packages completely.
> I don't want to publish two versions of samba for any of the "supported"
> distributions. Once I'm confident enough with 4.17, I will stop 4.16
> packaging completely, and will focus on 4.17 entirely, for everything
> including ubuntu and debian stable and debian unstable.
> There's just no reason - in my opinion anyway - to provide packages for
> older releases of samba. I can branch the debian developer repository's
> master branch in the point where we'll finally switch to 4.17, and it
> should be easy to create subsequent releases of 4.16.x from there,
> without touching any packaging stuff, just importing new upstream
> versions and building new binaries. Especially once the dust settles
> after the (minor) ubuntu changes I made in the packaging.
> Also, Debian discourages using external repositories, and I understand
> very well where this comes from, and support it.
> My goal is to support single "good" current samba version for various
> distributions. It is already happening for Debian, and it will happen
> for Ubuntu as well. It is doable from a single line of development.
I understand this completely and generally I want as little custom repos
as possible and let Debian manage the upgrade process. It is reliable,
enhances security, saves me a lot of time, etc., etc. (lots of reasons :-) )
The notable exception is Samba (especially the domain controllers), I
want to manage the upgrade moment of those. I do not want to upgrade all
of them at the same time, I want to move the fsmo roles before upgrade
and so on. In other words I want a very controlled manual process here,
because a failure would lock out all users on all machines.
This works only if the repos have the packages of a version available
until I decide to switch, the easiest way out is then to have a repo
bullseye/samba-4.16 and bullseye/samba-4.17, etc.
Since you have already done the work for Ubuntu, it is probably not a
lot of work to provide the same for Bullseye and as said it does provide
a lot of value in the upgrade process of this critical piece of software.
> I provided 4.17 packages in there as experimental, to see if whole
> thing actually works. It is the same as with experimental 4.17 for
> Debian. I hope to switch to 4.17 entirely in a near future.
More information about the samba