PKI 10.6 Python 3 Support

From Dogtag
Revision as of 00:39, 30 June 2018 by Mharmsen (talk | contribs) (References)

Jump to: navigation, search


FINISHED Dogtag 10.6 on Fedora 28 will use Python 3 by default


The change is motivation by Fedora's Switch to Python 3 and Fedora's packaging guidelines for Python. Fedora is slowly deprecating Python 2 support in favor of Python 3. FreeIPA is also turning a Python 3-only package. For 4.7-dev, all Python 2 dependencies have been removed -- except for Dogtag. Only Dogtag pulls in Python 2.7 for pkispawn, pkidestroy, upgrade script and pki client command.

Python dependency

provides /usr/sbin/pki-upgrade and /etc/pki/pki.conf
pki-base-python2 (virtual package in Dogtag 10.5)
provides pki client package for Python 2
provides pki client package for Python 3
provides /usr/sbin/pkispawn, /usr/sbin/pkidestroy and pki.server package (currently Python 2)

Fedora 27

For Fedora 27 and Dogtag 10.5, it should be possible to build Dogtag packages with Python 3 as default for all commands. At the moment, pki-base-10.5.1 depends on Python 2.7. This would help freeIPA to test Python 3-only supporting with a custom build of Dogtag 10.5.

Although Python 3 support has seen some testing already, it might be too risky to change the default packages in Fedora 27 to Python 3.

Fedora 28

Starting with Fedora 28, freeIPA must not depend on Python 2 at all. This means pki-base and all Dogtag commands like pkispawn must use Python 3. The Python 2 client package pki, provided by package name pki-base-python2, must still be available for legacy support.

changed to Python 3 / pki-base-python3
changed to Python 3

Fedora 29+

For Fedora 29 and later, it should be possible to build Dogtag without Python 2 in build root. The cmake build system and RPM spec file should no longer assume that python or python2 commands are available.

The pki-base-python2 package should still be available and packaged for Fedora 29 when the build root contains Python 2.

Packaging guideline violations

Dogtag's Python package names violate the Fedora packaging guidelines. During the RPM spec file update, we should also update the package names.

pki-base-python2 -> python2-pki
rename Package to python2-pki that provides a virtual package pki-base-python2
requires: pki-base
pki-base-python3 -> python3-pki
rename Package to python3-pki that provides a virtual package pki-base-python3
requires: pki-base
contains only scripts and configs
requires either python2-pki or python3-pki depending on WITH_PYTHON3_DEFAULT

We should also look into using macros like %{?python_provide:%python_provide python3-%{srcname}}

Replaces hard-coded python with dynamic cmake variable @PYTHON_EXECUTABLE@ in scripts pkispawn, pkidestroy, pki-server-upgrade, pki, and pki-upgrade
Commit in master:
Add flags WITH_PYTHON2, WITH_PYTHON3, and WITH_PYTHON3_DEFAULT. The last flags switches all commands and pki.server to Python 3.
Commit in master:
[PoC] Add Python 3 default to pki-core.spec
Commit in master: