OpenLDAP upgrade from version 2.4.59 to the latest upstream version 2.5.8 in Fedora.
- Name: Simon Pichugin
- Email: firstname.lastname@example.org
- Targeted release: Fedora Linux 36
- Last updated: 2021-10-29
- FESCo issue: #2682
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Upgrading OpenLDAP from version 2.4.59 to version 2.5.8 according to the new upstream release. Years of development differ between these two releases, so problems are expected.
This change might cause failures during builds of multiple packages. These two versions have slight ABI incompatibility even though it's easily fixable. This step must be properly discussed with maintainers of dependent packages, which should forward this change proposal to their upstream projects.
Benefit to Fedora
Brings a stable and up-to-date version of OpenLDAP according to upsteam release. OpenLDAP 2.4 will be out of support as soon as OpenLDAP 2.6 is released which is planned for this year. Fedora will be prepared for such a step.
- Proposal owners:
- Prepare openldap-2.5.8 as RPM package for Fedora Rawhide
- Check software that requires
openldapand rebuild it with openldap-2.5.8
- Build openldap-2.5.8 to Rawhide in a side-tag (https://fedoraproject.org/wiki/Package_update_HOWTO#Creating_a_side-tag)
- Rebuild depended packages with openldap-2.5.8 in the side-tag
- Merge the side-tag to Rawhide
- Other developers: Check if their packages can be build with openldap-2.5.8, if not, they are required to make the appropriate changes to their packages.
- Release engineering: #10349
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives:
Problems during build can appear in multiple packages what can lead to build failure, as multiple packages require OpenLDAP as their upstream dependency. These problems have to be resolved before adding openldap-2.5.8 into Fedora. It seems aprox. 10% of dependent packages are having problems during build, which could be caused by a problem with same pattern.
Full ABI Compatibility Report: https://spichugi.fedorapeople.org/ol_24_25_abi_check/compat_report.html
How To Test
Rebuilding your packages with openldap-2.5.8 dependency in copr (https://copr.fedorainfracloud.org/coprs/spichugi/openldap-2.5/).
The best way to rebuild new version of package against openldap-2.5.8 is to create a pull-request against your dist-git repository (against rawhide branch). After that, you package will be automatically rebuild in the mentioned copr. Please find your package in the "Builds" tab and search in the various sub-tabs for your build.
If possible, please prepare a pull-request, so you can easily merge it, when the change will be executed.
For local testing and building, please download mock-config from the given copr repository and use it with your mock:
copr mock-config spichugi/openldap-2.5 fedora-rawhide-x86_64 > spichugi-openldap-2.5_fedora-rawhide-x86_64.cfg
mv spichugi-openldap-2.5_fedora-rawhide-x86_64.cfg /etc/mock
Now we may run:
mock -r spichugi-openldap-2.5_fedora-rawhide-x86_64 --rebuild <package-1.0-1.src.rpm>
Users will be able to use the newer version (2.5) of OpenLDAP, and building packages with openldap-2.4 won't be available, as it won't be present on the specific fedora version. This can affect 3rd partly packages, which are not part of Fedora.
To remediate the impact of the change the post-installation script will be run with the package installation. And in case the openldap-servers package is installed on the system,
dnf will halt the upgrade and notify the user with a message describing what and why happened, and what steps to take to mitigate the issue.
The user will have to follow the Upstream upgrading guide and only then concisely continue the upgrade: https://www.openldap.org/doc/admin25/appendix-upgrading.html
Tens of packages have build dependency on OpenLDAP, so they should be properly notified and the upgradeshould be carefully tested. List of dependent packages with their ability to be built with openldap-2.5 can be found in the given copr project (https://copr.fedorainfracloud.org/coprs/spichugi/openldap-2.5/packages/)
- Contingency mechanism: moving this change to Fedora 37, if not successfully finished until Fedora 36 branching from Rawhide
- Contingency deadline: Fedora 36 branching from Rawhide (2022-02-08)
- Blocks release? No
Latest OpenLDAP documentation: https://www.openldap.org/doc/admin25/