Urgent: today's F14 catastrophe with openldap-servers update

Panu Matilainen pmatilai at laiskiainen.org
Tue Nov 23 18:13:09 UTC 2010

On Tue, 23 Nov 2010, Ralf Corsepius wrote:

> On 11/23/2010 05:30 PM, Jesse Keating wrote:
>> On 11/23/10 5:55 AM, Jan Vcelak wrote:
>>> Hi!
>>> Currently, the upgrade process in openldap looks like this:
>>> * during db4 package upgrade run db_upgrade (%triggerin and %triggerun)
>>> * if minor version of openldap changes (e.g. 2.3 ->  2.4), export the database,
>>>    delete it and import it back (which is recommended by maintanence guide, as
>>>    Panu mentioned)
>>> We didn't wanted to do the export+import during each upgrade, as it takes
>>> quite a long time if you have large database. But it seems that current
>>> process doesn't work and that doing it every time will be the safest way.
>>> (Maybe we can ignore epoch changes.)
>>> Thanks for suggestions. I will fix it today and push an update.
>>> Patric, thank you for reporting this. And sorry for the difficulties.
>> Why was this update made on F14 in the first place?
> IMO, this is the wrong question.
> The better questions would be - How could it happen, this package made
> it into updates, dispite all this QA bureaucracy is in place?

Like Adam already pointed out, it appears that it was mostly the client 
parts that got tested. Bodhi makes no difference between simple packages 
vs those that have half a dozen different subpackages consisting of wildly 
different functionality (such as client and server parts) that need 
completely different testing methods. Requiring separate 
acks/karma/whatever for each sub-package would be a huge overkill in most 
cases but then there are cases like this...

Another related thing is that Berkeley DB which openldap uses is 
notoriously picky about getting updated. I'm fairly certain openldap does 
not update their bundled BDB version to prevent issues like this on minor 
updates, and AFAICT (based on a quick lookaround at the changelogs etc) in 
this case it was this fix to comply with our own policies (no bundled 
libraries) that bit us when synced with rawhide version:

* Fri Aug 27 2010 Jan Vcelak <jvcelak at redhat.com> 2.4.23-1
- rebase to 2.4.23
- embeded db4 library removed

 	- Panu -

More information about the devel mailing list