Michael Tokarev
2024-May-25 14:39 UTC
[Samba] classifying samba componens and sorting into debian binary packages
Hi! I'm evaluating how various binaries and components are split into different binary packages in Debian. And am having issues classifying these. Initially there has been request to remove dependency on python3-samba package (this is AD-related stuff) from samba-the-file-server package, to be able to use it on smaller devices. And at the same time, there has been another request to move samba-gpupdate binary from samba to samba-common-bin, since it can be used independently of the file server (but it requires python3-samba). So these are conflicting requests. Here are the review with many comments and questions and plans to do. I would appreciate any clarification. =================== samba-common - basically smb.conf only, arch-indep, used by smbclient, winbind, samba, etc. =================== samba-common-bin - common binaries in /usr/bin: net testparm - it probably should come together with smb.conf but ok nmblookup - should it be part of smbclient? Probably irrelevant at this time. samba-tool - is about AD, I plan to move it to samba-ad-client pkg. samba-regedit - should it be part of the file server? smbpasswd - should it be part of the file server? But I guess it can be used to change password on another server too, so let it stay. Or should it be part of smbclient? dbwrap_tool - should it be part of ctdb? samba-log-parser also a few rpcd daemons used by samba and winbindd: /usr/libexec/samba/rpcd_*. samba-common-bin is not used by smbclient or libsmbclient (but samba-common is). This package used to depend on python components (due to samba-tool), but with it moved elsewhere, python is not longer needed. Just with samba-common-bin and winbind it should be possible to join a linux system to a domain (including AD, b/c `net ads join`) and do user auth without using remote files, or maybe cifs-clients can be used for that too. =================== smbclient - client for the file server: smbclient, rpcclient, smbcacls, smbget, smbspool, smbtar, ... =================== samba - the main file server part, including some remnants of AD functions. smbd, nmbd, smbstatus - the file server components samba - ad-dc, it is going into samba-ad-dc package samba-gpupdate - will go into samba-ad-client samba_dnsupdate, samba_spnupdate - should these go to samba-ad-client? samba_upgradedns - samba-ad-client or samba-ad-dc? Or is it used at all outside of selftests and testprogs? Other files in there: profiles dumpmscat mvxattr oLschema2ldif pdbedit sharesec smbcontrol - this one should probably be moved to samba-common-bin (it can control winbindd too) This package used to depend on python =================== winbind - winbindd, wbinfo and ntlm_auth =================== samba-ad-dc - a relatively new package aimed to provide ad-dc functionality. I plan to move a few items here (maybe), including the samba binary from samba package. A new samba-ad-client will be a dependency, also samba (fileserver) package. Right now it is just a metapackage. =================== samba-ad-client - new package with basic ad client functionality. This receives the following files (from samba-common-bin or samba): samba-tool samba-gpupdate samba_dnsupdate, samba_spnupdate - can these be run w/o samba-the-file-server? samba_downgrade_db ? There's some confusion between the split between samba and (new) samba-ad-client. One one hand, samba the file server does not need AD functionality for the stand- alone usage, so it can be quite lean. So I'm moving AD-related binaries (which depend on python) to samba-ad-client. On another hand, some of the tools currently within samba-the-file-server package can be used without the file server but as part of an AD, like samba-gpupdate. Maybe dnsupdate and spnupdate too, when a server isn't a file server? So samba-ad-client can be either a stand-alone pkg or a package "enhancing" samba-the-file-server with the AD functionality (domain member server) (so as the `net' command from samba-common-bin). On the other hand, there are a few commands (samba_downgrade_db, samba_upgradedns) which don't fit neither in samba (due to python deps and not being relevant to standalone server use case) nor in samba-ad-client package (due to being impractical without the file server component). I don't see how it can be split better. Maybe an interesting way would be to move some files to samba-ad-dc and rename it to samba-ad, so that it can be used either as a domain controller or a member server. In this case things like samba_downgrade_db will go there. Or maybe just introduce samba-ad pkg which depends on samba and samba-ad-client, and includes python-based ad-specific file server components. BTW, do we really need samba_downgrade_db these days? Changing format to the one used by samba 4.7, srsly? I'd just remove this one :) Do we really need samba-vfs-modules package? It looks like it should be just part of the file server (with optional dependencies), since it's almost always required. It's not the same situation as with samba-dsdb-modules. Another big question is about python3-samba and samba-ad-provision packages. Right now these receives basically everything samba build procedure puts into python subdir. But it turned out some of that stuff is only needed by the smbtorture tool (samba-testsuite package). Also there are a few libs with unknown purpose, - I already asked about libsamba-policy python C lib. I'd love to reduce the amount of files we ship further. I'm sorry for this become such large. It's been something I've been looking for quite some time. Samba has grown to a lot of various components, and I need help sorting these out.. :) Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Michael Tokarev
2024-May-25 15:00 UTC
[Samba] classifying samba componens and sorting into debian binary packages
25.05.2024 17:39, Michael Tokarev via samba wrote:> ===================> ? samba-common-bin - common binaries in /usr/bin: > ????? net > ????? testparm - it probably should come together with smb.conf but ok > ????? nmblookup - should it be part of smbclient? Probably irrelevant at this time. > ????? samba-tool - is about AD, I plan to move it to samba-ad-client pkg. > ????? samba-regedit - should it be part of the file server? > ????? smbpasswd - should it be part of the file server? But I guess it can be > ????????? used to change password on another server too, so let it stay. > ????????? Or should it be part of smbclient? > ????? dbwrap_tool - should it be part of ctdb? > ????? samba-log-parserThere's also /usr/sbin/samba_kcc in there, - should go either to samba-ad-client or samba-ad-dc, I can't understand which one.> ??? also a few rpcd daemons used by samba and winbindd: > ????? /usr/libexec/samba/rpcd_*. > > ??? samba-common-bin is not used by smbclient or libsmbclient (but samba-common is). > > ??? This package used to depend on python components (due to samba-tool), but > ??? with it moved elsewhere, python is not longer needed. > > ??? Just with samba-common-bin and winbind it should be possible to join a > ??? linux system to a domain (including AD, b/c `net ads join`) and do user > ??? auth without using remote files, or maybe cifs-clients can be used for that too. > > ===================> ? smbclient - client for the file server: > ????? smbclient, rpcclient, smbcacls, smbget, smbspool, smbtar, ...Actually maybe whole samba-common-bin isn't really necessary, and all remaining files can be moved to smbclient (with it being required by the file server). samba-common-bin is a badly named package which has its own functionality which is partly related to smbclient, and it also has unrelated-to-client files which are used by server packages (samba and winbind).> .....? On the other > hand, there are a few commands (samba_downgrade_db, samba_upgradedns) which don't > fit neither in samba (due to python deps and not being relevant to standalone > server use case) nor in samba-ad-client package (due to being impractical without > the file server component). > > I don't see how it can be split better.? Maybe an interesting way would be to > move some files to samba-ad-dc and rename it to samba-ad, so that it can be used > either as a domain controller or a member server.? In this case things like > samba_downgrade_db will go there.? Or maybe just introduce samba-ad pkg which > depends on samba and samba-ad-client, and includes python-based ad-specific > file server components. > > BTW, do we really need samba_downgrade_db these days?? Changing format to the > one used by samba 4.7, srsly?? I'd just remove this one :)Both samba_downgrade_db (if this one is really needed still) and samba_upgradedns (I found a reference to it in the wiki) can be part of samba-ad-dc package. Maybe together with samba_kcc (if it is not going to samba-ad-client). Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Reasonably Related Threads
- classifying samba componens and sorting into debian binary packages
- classifying samba componens and sorting into debian binary packages
- [LLVMdev] Questions about llvm/Object/COFF.h
- Samba AD/DC crashed again, third time in as many months
- replPropertyMetaData & KCC issues after updating to Samba 4.5.0