[Samba] classifying samba componens and sorting into debian binary packages

Michael Tokarev mjt at tls.msk.ru
Sat May 25 14:39:57 UTC 2024


Hi!

I'm evaluating how various binaries and components are split into different
binary packages in Debian.  And am having issues classifying these.

Initially there has been request to remove dependency on python3-samba
package (this is AD-related stuff) from samba-the-file-server package,
to be able to use it on smaller devices.  And at the same time, there
has been another request to move samba-gpupdate binary from samba to
samba-common-bin, since it can be used independently of the file server
(but it requires python3-samba).  So these are conflicting requests.


Here are the review with many comments and questions and plans to do.
I would appreciate any clarification.

====================
   samba-common  - basically smb.conf only, arch-indep, used by smbclient,
       winbind, samba, etc.

====================
   samba-common-bin - common binaries in /usr/bin:
       net
       testparm - it probably should come together with smb.conf but ok
       nmblookup - should it be part of smbclient? Probably irrelevant at this time.
       samba-tool - is about AD, I plan to move it to samba-ad-client pkg.
       samba-regedit - should it be part of the file server?
       smbpasswd - should it be part of the file server? But I guess it can be
           used to change password on another server too, so let it stay.
           Or should it be part of smbclient?
       dbwrap_tool - should it be part of ctdb?
       samba-log-parser

     also a few rpcd daemons used by samba and winbindd:
       /usr/libexec/samba/rpcd_*.

     samba-common-bin is not used by smbclient or libsmbclient (but samba-common is).

     This package used to depend on python components (due to samba-tool), but
     with it moved elsewhere, python is not longer needed.

     Just with samba-common-bin and winbind it should be possible to join a
     linux system to a domain (including AD, b/c `net ads join`) and do user
     auth without using remote files, or maybe cifs-clients can be used for that too.

====================
   smbclient - client for the file server:
       smbclient, rpcclient, smbcacls, smbget, smbspool, smbtar, ...

====================
   samba - the main file server part, including some remnants of AD functions.
       smbd, nmbd, smbstatus - the file server components
       samba - ad-dc, it is going into samba-ad-dc package
       samba-gpupdate - will go into samba-ad-client
       samba_dnsupdate, samba_spnupdate - should these go to samba-ad-client?
       samba_upgradedns - samba-ad-client or samba-ad-dc? Or is it used at all
         outside of selftests and testprogs?

     Other files in there:
       profiles
       dumpmscat
       mvxattr
       oLschema2ldif
       pdbedit
       sharesec
       smbcontrol - this one should probably be moved to samba-common-bin
        (it can control winbindd too)

     This package used to depend on python

====================
   winbind - winbindd, wbinfo and ntlm_auth

====================
   samba-ad-dc - a relatively new package aimed to provide ad-dc functionality.
     I plan to move a few items here (maybe), including the samba binary from samba
     package.  A new samba-ad-client will be a dependency, also samba (fileserver)
     package.  Right now it is just a metapackage.

====================
   samba-ad-client - new package with basic ad client functionality.  This receives
     the following files (from samba-common-bin or samba):
       samba-tool
       samba-gpupdate
       samba_dnsupdate, samba_spnupdate - can these be run w/o samba-the-file-server?
       samba_downgrade_db ?


There's some confusion between the split between samba and (new) samba-ad-client.
One one hand, samba the file server does not need AD functionality for the stand-
alone usage, so it can be quite lean.  So I'm moving AD-related binaries (which
depend on python) to samba-ad-client.  On another hand, some of the tools currently
within samba-the-file-server package can be used without the file server but as
part of an AD, like samba-gpupdate.  Maybe dnsupdate and spnupdate too, when a
server isn't a file server?  So samba-ad-client can be either a stand-alone pkg
or a package "enhancing" samba-the-file-server with the AD functionality (domain
member server) (so as the `net' command from samba-common-bin).  On the other
hand, there are a few commands (samba_downgrade_db, samba_upgradedns) which don't
fit neither in samba (due to python deps and not being relevant to standalone
server use case) nor in samba-ad-client package (due to being impractical without
the file server component).

I don't see how it can be split better.  Maybe an interesting way would be to
move some files to samba-ad-dc and rename it to samba-ad, so that it can be used
either as a domain controller or a member server.  In this case things like
samba_downgrade_db will go there.  Or maybe just introduce samba-ad pkg which
depends on samba and samba-ad-client, and includes python-based ad-specific
file server components.

BTW, do we really need samba_downgrade_db these days?  Changing format to the
one used by samba 4.7, srsly?  I'd just remove this one :)


Do we really need samba-vfs-modules package?  It looks like it should be just
part of the file server (with optional dependencies), since it's almost always
required.  It's not the same situation as with samba-dsdb-modules.


Another big question is about python3-samba and samba-ad-provision packages.
Right now these receives basically everything samba build procedure puts into
python subdir.  But it turned out some of that stuff is only needed by the
smbtorture tool (samba-testsuite package).  Also there are a few libs with
unknown purpose, - I already asked about libsamba-policy python C lib.  I'd
love to reduce the amount of files we ship further.


I'm sorry for this become such large.  It's been something I've been looking
for quite some time. Samba has grown to a lot of various components, and I
need help sorting these out.. :)

Thanks,

/mjt
-- 
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt



More information about the samba mailing list