RHEL, Centos, Fedora rpm 9.14.6
Petr Mensik
pemensik at redhat.com
Fri Oct 18 18:56:35 UTC 2019
Hello Jóhann,
I am packager of BIND in RHEL and Fedora. I would like everyone would
use our BIND packages. But we have some modifications, as was already
mentioned. Some of them are important for FreeIPA to work, some provide
bind-sdb build to use SDB features. Also some other changes that bound
dhcp package to bind libraries. The story short, our package is mostly
the same, but with nontrivial differences.
On 9/30/19 1:11 PM, Jóhann B. Guðmundsson wrote:
>> https://www.five-ten-sg.com/mapper/bind contains links to the source
>> rpms, and build instructions.
>
>
> Bind is already package and maintained in Fedora [1] and derivatives as
> well as ISC having it's ownspecific copr repo [2] in addition to that.
>
> Copr exist to overcome limitation in RHEL/CentOS as in RHEL/CentOS
> consumer wanting newer release then what's available in RHEL/CentOS
> while Fedora packages residing in copr repo would under normal
> circumstance only be needed to provide early testing of branches not yet
> suitable for rawhide ( read as 9.15.x branch of Bind would be made
> available in copr for Fedora while 9.14.x is what should be shipped in
> $CURRENT Fedora releases ).
Copr is used also for Fedora, usually testing rebases or preparing
packages that would not be useful for general audience. Or not yet ready
in good enough quality.
It is used for example for my build of 9.14 [3]. Unfortunately my build
fails to run on both normal variant and bind-pkcs11, which FreeIPA
requires. Until I fix it, new version would not be in Fedora. And
bind-sdb variant is turned off as well.
>
> Now the fact that the copr repo contains newer release of Bind compared
> to what's currently being shipped in Fedora indicates that there is some
> friction between the Fedora maintainer ( which in this case seems to be
> a Red Hat employee not an upstream ISC maintainer ) and ISC community
> about maintaining Bind in the distribution.
I hope there is no friction. I admit I had not enough time to finish
rebase of 9.14, Fedora still contains last 9.11 release. We decided long
ago to use bind dynamic libraries from DHCP. However, support for
singlethread libraries was dropped in 9.13. Sharing these libraries was
intended to save our maintenance for separate libraries. But now it
proved opossite. That was changed in Fedora 30, where dhcp again uses
original bind library shipped by ISC with it. Now just PKCS11 and SDB
variants are blocking new version.
Unfortunately, I am busy with some internal tasks, so I still had not
time to switch onto BIND 9.14 in Fedora, not even in Rawhide. Sorry for
that. That is all my fault, ISC is not involved anyhow.
On the other hand, having vanilla ISC package available is good. I can
test issues in vanilla ISC package and compare them to Fedora package. I
have plans to reduce differences to necessary minimum. But have more
important tasks for RHEL now. Sorry for keeping you waiting. It is on my
TODO list.
>
> That said removing patches implemented by Red Hat for Fedora or it's
> derivative ( RHEL/CentOS etc ) is usually not a smart thing to do and or
> not working with upstream community ( ISC ) to provide and help maintain
> releases for specific platform or downstream distribution in a package
> repository maintained by ISC and it's community ( be it a copr repo or
> repository hosted under the isc domain ) will only cause confusion and
> frustration of consumers of ISC components at the cost of the
> upstream/downstream community surrounding the relevant components.
>
> That said and given that there is no rocket science involved with
> removing patches and building packages I ask...
Well, this is more on side of Red Hat adding those patches on top of ISC
sources. I already mentioned few features that needs them. In general,
we at Red Hat try to push as much changes upstream as possible. BIND is
not great example, as its customization contains lot of changes. And we
support more combinations for each build. That also complicates new builds.
>
> What's the purpose with these builds, what problems do they solve which
> are unsolvable with upstream ( ISC ) or downstream ( Fedora/RHEL/CentOS
> ) and why announcing you are building it and how long are you intending
> to supporting those builds ( encase someone decides to use those builds
> instead of ISC or downstream distribution maintained ones )?
I think its purpose is to support just their own bugs, not Red Hat bugs.
And to provide ready to use packages soon after release. It is more
difficult for me to follow. As soon as normal variant is able to support
both SDB and PKCS11 variant by configuration/plugin, it should be easier
to maintain and release new version. I think we have an agreement in
that with ISC developers.
>
> Regards
>
> Jóhann B.
>
> 1. https://koji.fedoraproject.org/koji/packageinfo?packageID=314
>
> 2. https://copr.fedorainfracloud.org/coprs/isc/
Regards,
Petr
3. https://copr.fedorainfracloud.org/coprs/pemensik/bind-9.14/
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com PGP: 65C6C973
More information about the bind-users
mailing list