Bug 1720380
| Summary: | wrong files in sub package bind-dnssec-utils | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Paul Wouters <pwouters> |
| Component: | bind | Assignee: | Petr Menšík <pemensik> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 31 | CC: | anon.amish, mruprich, msehnout, pemensik, pzhukov, thozza, vonsch, zdohnal |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | bind-9.11.11-1.fc31 bind-9.11.11-1.fc30 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-10-08 00:26:54 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The move was important especially because two dnssec utils are python based. That way, bind-utils bring python3 into containers that needs only dig and host tools installed. That was the main reason for the split. When examining requirements of bind-utils, I found all packages that needs bind-utils needs just dig, host or nslookup. Only freeipa-server requires also bind-pkcs11-utils. I admit I did not choose best name for new subpackage. tsig-keygen and ddns-confgen are usually required just with bind package installed. I admit more tools are included that are not really DNSSEC related. But they are all kind of administrator utilities only useful for DNS server operators. Not client utilities bind-utils usually provides. I wil not move it all back because of python dependency. I may move back named-checkzone and named-compilezone with ddns-confgen tools, since they do not bring any new dependency. I thought they make more sense together with administrator related things, but lacked idea for a better name. The only single package that uses named-compilezone is nsdiff I made. I do not know any other packages. Do you know any other projects that need any mentioned tools but do not require bind package? I am thinking about moving them back to bind package like they were long time ago. I admit Debian has similar split of utilities as I did, but bind-utils are dnsutils package, where bind9utils are more server centric. They have better named (sub)packages, but moving dig to different package is not an option. I needed some different name and chosen DNSSEC as main difference. Not the great option, but does not make any conflicts or unnecessary conflicts. Altogether, they have just not a great name, but the split makes sense to me. This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to '31'. This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to 31. Fixed in rawhide build, not yet in stable branches. FEDORA-2019-3405ab3960 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-3405ab3960 FEDORA-2019-a2be1cb2e4 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-a2be1cb2e4 bind-9.11.11-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-a2be1cb2e4 bind-9.11.11-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-3405ab3960 bind-9.11.11-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report. bind-9.11.11-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report. |
Note that I think the split out of bind-utils and bind-dnssec-utils is wrong. Ignoring the man pages for now, I see: %files dnssec-utils %{_sbindir}/ddns-confgen %{_sbindir}/tsig-keygen %{_sbindir}/genrandom %{_sbindir}/nsec3hash %{_sbindir}/dnssec* %if %{with PKCS11} %exclude %{_sbindir}/dnssec*pkcs11 %endif %{_sbindir}/isc-hmac-fixup %{_sbindir}/named-checkzone %{_sbindir}/named-compilezone %if %{with LMDB} %{_sbindir}/named-nzd2nzf %endif tsig-keygen and ddns-confgen is used for Dynamic Updates and for AXFR/IXFR protection. Neither is related to DNSSEC and these should be moved back to bind-utils since these are used for both named server and dhcp Dynamic Updates client operations. I dont know which tools call genrandom, it is likely more than just the dnssec* tools, so this tool too should move back into bind-utils named-checkzone and named-compilezone and isc-hmac-fixup and named-nzd2nzf are also needed for all non-dnssec operations, and are often run on scripts on the primary nameserver to verify zonefiles before loading them in the primary server. Again, not related to dnssec. If you want to move these out of bind-utils, they should go into the package that has the bind daemon, not in a -utils package. Personally, I think the split from bind-utils makes little sense and prefer it would be moved back into a single package bind-utils package again.