DevHeads.net

NSS package consolidation

Hello,

We currently have 3 source packages for NSS (nss-util, nss-softokn, and
nss), split from upstream release tarball. This splitting was
introduced for FIPS certification purposes in RHEL, where only
nss-softokn part is certified.

In Fedora, however, this doesn't apply (as we don't certify), and had
rather caused troubles, such as upgrade path issues, incomplete
buildroot overrides, etc.

Therefore we are considering merging those source packages back into a
single package[1]. The same set of binary packages will still be
produced and they should be compatible with the current ones.

The question is, is there any documented procedure to do this kind of
package merge safely? I guess at least the unnecessary packages
(nss-util and nss-softokn) would need to be retired.

Suggestions appreciated.

Footnotes:
[1] <a href="https://src.fedoraproject.org/rpms/nss/pull-request/3" title="https://src.fedoraproject.org/rpms/nss/pull-request/3">https://src.fedoraproject.org/rpms/nss/pull-request/3</a>

Regards,

Comments

Re: NSS package consolidation

By Tom Hughes at 11/08/2018 - 07:04

Just follow the normal procedures for replacing packages:

<a href="https://fedoraproject.org/wiki/Packaging:Guidelines#Renaming.2FReplacing_Existing_Packages" title="https://fedoraproject.org/wiki/Packaging:Guidelines#Renaming.2FReplacing_Existing_Packages">https://fedoraproject.org/wiki/Packaging:Guidelines#Renaming.2FReplacing...</a>

So have the new merged nss obsolete the old versions of
nss-util and nss-softokn and then retire them.

Tom

Re: NSS package consolidation

By =?ISO-8859-1?Q?... at 11/08/2018 - 09:00

Dne 08. 11. 18 v 13:04 Tom Hughes napsal(a):

I don't see any reason why the old versions should be explicitly
obsoleted, if the nss package is going to provide precisely the same
packages set. Just retiring should be fine IMO.

V.

Re: NSS package consolidation

By Tom Hughes at 11/08/2018 - 09:05

On 08/11/2018 14:00, Vít Ondruch wrote:
Oh sorry I misread the message and thought the goal was to produce
one binary rpm.

If it's going to one source rpm producing the same three binary
rpms then you are indeed correct.

Tom