Looking to once again re-bundle LDB
Michael Tokarev
mjt at tls.msk.ru
Wed Feb 14 13:09:21 UTC 2024
14.02.2024 03:45, Andrew Bartlett via samba-technical:
...
>>> We would change the ldb modules dir to have the version string in it,
>>> so that modules are not installed for the wrong version.
>>
>> Sounds good.
>
> I've chickened out of this small aspect.
>
> It would mean a repackage of sssd for every single Samba version (well,
> LDB version, but they change pretty often), and that would make Samba
> security releases more painful, not less.
If ldb interface changes in the next version, it becomes incompatible with
existing sssd. Moving ldb modules into version-specific subdir makes it
explicit, - user gets more friendly error message (at the very least,
something like "can't find modules") instead of a crash.
If, on the other hand, the version-specific subdir is changed in every
release no matter if the interface actually changed or not, that will be
more difficult indeed for no visible gain.
I don't think there will be real issues either way, - we'll sort it out
one way or another. It's already impossible to provide "more recent
samba" to older release of a distribution without either breaking sssd
or providing sssd together with the new samba, it just has to be made
more explicit in the downstream packages.
BTW, there's also freeipa now, but I don't know if that one is possible
to use with samba compiled with (bundled) heimdal, - last time I come
across this (someone else mentioned it, I haven't looked myself), they
required samba built with MIT Kerberos.
Thanks,
/mjt
More information about the samba-technical
mailing list