Discussion:
BP build OpenLDAP and lmdb packages
(too old to reply)
Michael Ströder
2015-09-26 17:11:40 UTC
Permalink
HI!

I wonder what's considered best practice for building OpenLDAP and lmdb
packages e.g. for a Linux distribution.

Fortunately lmdb seems to be leveraged by more and more other software. So
Linux distributions start to ship lmdb libs and tools as separate packages.

1. Do I have a chance to build OpenLDAP against those packages? Which releases
have to be aligned?

2. Or should I link back-mdb statically into slapd when producing OpenLDAP
packages? This would probably also require to build separate version of the
mdb tools.

Of course personally I'd prefer 1.

Ciao, Michael.
Quanah Gibson-Mount
2015-09-26 18:39:06 UTC
Permalink
Content preview: --On Saturday, September 26, 2015 8:11 PM +0200 Michael Ströder
<***@stroeder.com> wrote: > HI! > > I wonder what's considered best practice
for building OpenLDAP and lmdb > packages e.g. for a Linux distribution.
Post by Michael Ströder
Post by Michael Ströder
Fortunately lmdb seems to be leveraged by more and more other software.
So > Linux distributions start to ship lmdb libs and tools as separate >
packages. > > 1. Do I have a chance to build OpenLDAP against those packages?
Which > releases have to be aligned? > > 2. Or should I link back-mdb statically
into slapd when producing OpenLDAP > packages? This would probably also require
to build separate version of > the mdb tools. [...]

Content analysis details: (-2.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: zimbra.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-BeenThere: openldap-***@openldap.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenLDAP Technical Discussion list <openldap-technical.openldap.org>
List-Unsubscribe: <http://www.openldap.org/lists/mm/options/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=unsubscribe>
List-Archive: <http://www.openldap.org/lists/openldap-technical/>
List-Post: <mailto:openldap-***@openldap.org>
List-Help: <mailto:openldap-technical-***@openldap.org?subject=help>
List-Subscribe: <http://www.openldap.org/lists/mm/listinfo/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=subscribe>
Errors-To: openldap-technical-***@openldap.org
Sender: "openldap-technical" <openldap-technical-***@openldap.org>
X-Spam-Score: -2.0 (--)
X-Spam-Report: Spam detection software, running on the system "gauss.openldap.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: --On Saturday, September 26, 2015 8:11 PM +0200 Michael Ströder
<***@stroeder.com> wrote: > HI! > > I wonder what's considered best practice
for building OpenLDAP and lmdb > packages e.g. for a Linux distribution.
Post by Michael Ströder
Post by Michael Ströder
Fortunately lmdb seems to be leveraged by more and more other software.
So > Linux distributions start to ship lmdb libs and tools as separate >
packages. > > 1. Do I have a chance to build OpenLDAP against those packages?
Which > releases have to be aligned? > > 2. Or should I link back-mdb statically
into slapd when producing OpenLDAP > packages? This would probably also require
to build separate version of > the mdb tools. [...]

Content analysis details: (-2.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: zimbra.com]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

--On Saturday, September 26, 2015 8:11 PM +0200 Michael Ströder
Post by Michael Ströder
HI!
I wonder what's considered best practice for building OpenLDAP and lmdb
packages e.g. for a Linux distribution.
Fortunately lmdb seems to be leveraged by more and more other software. So
Linux distributions start to ship lmdb libs and tools as separate packages.
1. Do I have a chance to build OpenLDAP against those packages? Which
releases have to be aligned?
2. Or should I link back-mdb statically into slapd when producing OpenLDAP
packages? This would probably also require to build separate version of
the mdb tools.
OpenLDAP should only ever be statically linked to the version of liblmdb it
ships with.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Abdelhamid Meddeb
2015-09-27 06:26:57 UTC
Permalink
Content preview: Hi, +1 Statically link is a bad idea in this case, IMHO. Le
26/09/2015 20:39, Quanah Gibson-Mount a écrit : > --On Saturday, September
Post by Quanah Gibson-Mount
HI! >> >> I wonder what's considered best practice for building OpenLDAP
and lmdb >> packages e.g. for a Linux distribution. >> >> Fortunately lmdb
seems to be leveraged by more and more other >> software. So >> Linux distributions
start to ship lmdb libs and tools as separate >> packages. >> >> 1. Do I
have a chance to build OpenLDAP against those packages? Which >> releases
have to be aligned? >> >> 2. Or should I link back-mdb statically into slapd
when producing >> OpenLDAP >> packages? This would probably also require
to build separate version of >> the mdb tools. > > OpenLDAP should only ever
be statically linked to the version of liblmdb > it ships with. > > --Quanah
Post by Quanah Gibson-Mount
-- > > Quanah Gibson-Mount > Platform Architect > Zimbra, Inc. > > Zimbra
:: the leader in open source messaging and collaboration > > [...]

Content analysis details: (-2.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: stroeder.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-BeenThere: openldap-***@openldap.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenLDAP Technical Discussion list <openldap-technical.openldap.org>
List-Unsubscribe: <http://www.openldap.org/lists/mm/options/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=unsubscribe>
List-Archive: <http://www.openldap.org/lists/openldap-technical/>
List-Post: <mailto:openldap-***@openldap.org>
List-Help: <mailto:openldap-technical-***@openldap.org?subject=help>
List-Subscribe: <http://www.openldap.org/lists/mm/listinfo/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=subscribe>
Errors-To: openldap-technical-***@openldap.org
Sender: "openldap-technical" <openldap-technical-***@openldap.org>
X-Spam-Score: -1.8 (-)
X-Spam-Report: Spam detection software, running on the system "gauss.openldap.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Hi, +1 Statically link is a bad idea in this case, IMHO. Le
26/09/2015 20:39, Quanah Gibson-Mount a écrit : > --On Saturday, September
Post by Quanah Gibson-Mount
HI! >> >> I wonder what's considered best practice for building OpenLDAP
and lmdb >> packages e.g. for a Linux distribution. >> >> Fortunately lmdb
seems to be leveraged by more and more other >> software. So >> Linux distributions
start to ship lmdb libs and tools as separate >> packages. >> >> 1. Do I
have a chance to build OpenLDAP against those packages? Which >> releases
have to be aligned? >> >> 2. Or should I link back-mdb statically into slapd
when producing >> OpenLDAP >> packages? This would probably also require
to build separate version of >> the mdb tools. > > OpenLDAP should only ever
be statically linked to the version of liblmdb > it ships with. > > --Quanah
Post by Quanah Gibson-Mount
-- > > Quanah Gibson-Mount > Platform Architect > Zimbra, Inc. > > Zimbra
:: the leader in open source messaging and collaboration > > [...]

Content analysis details: (-1.8 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: meddeb.net]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Hi,

+1
Statically link is a bad idea in this case, IMHO.
Post by Quanah Gibson-Mount
--On Saturday, September 26, 2015 8:11 PM +0200 Michael Ströder
HI!
I wonder what's considered best practice for building OpenLDAP and lmdb
packages e.g. for a Linux distribution.
Fortunately lmdb seems to be leveraged by more and more other
software. So
Linux distributions start to ship lmdb libs and tools as separate packages.
1. Do I have a chance to build OpenLDAP against those packages? Which
releases have to be aligned?
2. Or should I link back-mdb statically into slapd when producing OpenLDAP
packages? This would probably also require to build separate version of
the mdb tools.
OpenLDAP should only ever be statically linked to the version of liblmdb
it ships with.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
*Abdelhamid Meddeb*
http://www.meddeb.net
Quanah Gibson-Mount
2015-09-27 19:33:24 UTC
Permalink
Content preview: --On Sunday, September 27, 2015 9:26 AM +0200 Abdelhamid Meddeb
<***@meddeb.net> wrote: > Hi, > > +1 > Statically link is a bad idea
in this case, IMHO. Nope, statically linked is the only supported method.
Any given OpenLDAP release is designed specifically to work with the LMDB
version it ships with. Dynamically linking it where the LMDB version could
be changed underneath OpenLDAP is not supported. [...]

Content analysis details: (-4.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[162.209.122.174 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: meddeb.net]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

--On Sunday, September 27, 2015 9:26 AM +0200 Abdelhamid Meddeb
Post by Abdelhamid Meddeb
Hi,
+1
Statically link is a bad idea in this case, IMHO.
Nope, statically linked is the only supported method. Any given OpenLDAP
release is designed specifically to work with the LMDB version it ships
with. Dynamically linking it where the LMDB version could be changed
underneath OpenLDAP is not supported.

--Quanah



--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Howard Chu
2015-09-27 21:07:21 UTC
Permalink
Content preview: Abdelhamid Meddeb wrote: > Hi, > > +1 > Statically link is
a bad idea in this case, IMHO. OpenLDAP source code is released as a single
unit. This situation is no different than building slapd itself against libldap_r.
If you split things apart and mix versions, you can potentially break them.
[...]

Content analysis details: (-4.2 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[69.43.206.106 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: highlandsun.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
Post by Abdelhamid Meddeb
Hi,
+1
Statically link is a bad idea in this case, IMHO.
OpenLDAP source code is released as a single unit. This situation is no
different than building slapd itself against libldap_r. If you split things
apart and mix versions, you can potentially break them.
Post by Abdelhamid Meddeb
Post by Quanah Gibson-Mount
--On Saturday, September 26, 2015 8:11 PM +0200 Michael Ströder
Post by Michael Ströder
HI!
I wonder what's considered best practice for building OpenLDAP and lmdb
packages e.g. for a Linux distribution.
Fortunately lmdb seems to be leveraged by more and more other software. So
Linux distributions start to ship lmdb libs and tools as separate packages.
1. Do I have a chance to build OpenLDAP against those packages? Which
releases have to be aligned?
2. Or should I link back-mdb statically into slapd when producing OpenLDAP
packages? This would probably also require to build separate version of
the mdb tools.
OpenLDAP should only ever be statically linked to the version of liblmdb
it ships with.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Geert Hendrickx
2015-09-28 07:08:02 UTC
Permalink
OpenLDAP source code is released as a single unit. This situation is > no
different than building slapd itself against libldap_r. If you > split things
apart and mix versions, you can potentially break them. [...]

Content analysis details: (-1.8 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: hendrickx.be]
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
OpenLDAP source code is released as a single unit. This situation is
no different than building slapd itself against libldap_r. If you
split things apart and mix versions, you can potentially break them.
Would it be possible to install the mdb_* tools by default with a
standard OpenLDAP build/install, so they don't have to be built and
packaged separately either?


Geert
--
geert.hendrickx.be :: ***@hendrickx.be :: PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
Michael Ströder
2015-09-28 07:26:06 UTC
Permalink
Post by Geert Hendrickx
Post by Howard Chu
OpenLDAP source code is released as a single unit. This situation is
no different than building slapd itself against libldap_r. If you
split things apart and mix versions, you can potentially break them.
Would it be possible to install the mdb_* tools by default with a
standard OpenLDAP build/install, so they don't have to be built and
packaged separately either?
If the tools built from OpenLDAP sources depend on a specific library version
(I assume they do) then one would have to use another path prefix when
installing them.

Hmm, in the long run I'd like to see a single liblmdb being installed with the
accompanying tools system-wide just like the BDB libs/tools. I understand that
this would limit the freedom of developing/shipping an OpenLDAP-specific
"fork" in the OpenLDAP sources.

Ciao, Michael.
Quanah Gibson-Mount
2015-09-28 15:58:24 UTC
Permalink
Content preview: --On Monday, September 28, 2015 10:26 AM +0200 Michael Ströder
<***@stroeder.com> wrote: > Hmm, in the long run I'd like to see a single
liblmdb being installed > with the accompanying tools system-wide just like
the BDB libs/tools. I > understand that this would limit the freedom of developing/shipping
an > OpenLDAP-specific "fork" in the OpenLDAP sources. [...]

Content analysis details: (-4.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[162.209.122.184 listed in list.dnswl.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: zimbra.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Cc: openldap-***@openldap.org
X-BeenThere: openldap-***@openldap.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenLDAP Technical Discussion list <openldap-technical.openldap.org>
List-Unsubscribe: <http://www.openldap.org/lists/mm/options/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=unsubscribe>
List-Archive: <http://www.openldap.org/lists/openldap-technical/>
List-Post: <mailto:openldap-***@openldap.org>
List-Help: <mailto:openldap-technical-***@openldap.org?subject=help>
List-Subscribe: <http://www.openldap.org/lists/mm/listinfo/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=subscribe>
Errors-To: openldap-technical-***@openldap.org
Sender: "openldap-technical" <openldap-technical-***@openldap.org>
X-Spam-Score: -4.3 (----)
X-Spam-Report: Spam detection software, running on the system "gauss.openldap.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: --On Monday, September 28, 2015 10:26 AM +0200 Michael Ströder
<***@stroeder.com> wrote: > Hmm, in the long run I'd like to see a single
liblmdb being installed > with the accompanying tools system-wide just like
the BDB libs/tools. I > understand that this would limit the freedom of developing/shipping
an > OpenLDAP-specific "fork" in the OpenLDAP sources. [...]

Content analysis details: (-4.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[162.209.122.184 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: zimbra.com]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

--On Monday, September 28, 2015 10:26 AM +0200 Michael Ströder
Post by Michael Ströder
Hmm, in the long run I'd like to see a single liblmdb being installed
with the accompanying tools system-wide just like the BDB libs/tools. I
understand that this would limit the freedom of developing/shipping an
OpenLDAP-specific "fork" in the OpenLDAP sources.
Can't say I've necessarily seen that done with BDB either... Like RHEL and
debian tend to have multiple bdb versions available, with the tools named
things like db42_dump etc, so that the version specific utilities can be
used.

On the LMDB side, we're missing things like libtool versioning that would
allow this to be more easily possible. Also, having it so 0.9.x is
backwards compatible with 0.9.y, y < x, would make things a bit easier to
deal with as well.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Abdelhamid Meddeb
2015-10-03 06:17:24 UTC
Permalink
Content preview: Hi, Thanks to all. Now I anderstand more about that It's a
bit unfortunate that it's so. But most important is reliability and performance.
Cheers. [...]

Content analysis details: (-1.8 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: meddeb.net]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Hi,

Thanks to all.
Now I anderstand more about that
It's a bit unfortunate that it's so. But most important is reliability
and performance.

Cheers.
Post by Howard Chu
OpenLDAP source code is released as a single unit. This situation is no
different than building slapd itself against libldap_r. If you split
things apart and mix versions, you can potentially break them.
--On Monday, September 28, 2015 10:26 AM +0200 Michael Ströder
Post by Michael Ströder
Hmm, in the long run I'd like to see a single liblmdb being installed
with the accompanying tools system-wide just like the BDB libs/tools. I
understand that this would limit the freedom of developing/shipping an
OpenLDAP-specific "fork" in the OpenLDAP sources.
Can't say I've necessarily seen that done with BDB either... Like RHEL
and debian tend to have multiple bdb versions available, with the tools
named things like db42_dump etc, so that the version specific utilities
can be used.
On the LMDB side, we're missing things like libtool versioning that
would allow this to be more easily possible. Also, having it so 0.9.x
is backwards compatible with 0.9.y, y < x, would make things a bit
easier to deal with as well.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
*Abdelhamid Meddeb*
http://www.meddeb.net
Loading...