On Mon, 18 Mar 2013, Martin Kosek wrote:
On 03/17/2013 02:42 PM, John Dennis wrote:
On 03/16/2013 05:19 PM, Kai Engert wrote:
On Fri, 2013-03-15 at 16:07 -0400, John Dennis wrote:
On 03/15/2013 12:56 PM, Alexander Bokovoy wrote:

I was investigating why installing master fails on F18 +
updates-testing and found out that install fails with
freeipa-server-3.1.99-0.20130313T1838Zgit158bf45.fc18.x86_64 from
ipa-devel repo

2013-03-15T16:17:40Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias
-R -s CN=jano.ipa.team,O=IPA.TEAM -o
/var/lib/ipa/ipa-aza7Wg/tmpcertreq -k rsa -g 2048 -z
/etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt -a
2013-03-15T16:17:41Z DEBUG Process finished, return code=0
2013-03-15T16:17:41Z DEBUG stdout= 2013-03-15T16:17:41Z DEBUG

Generating key.  This may take a few moments...

I believe this is a known problem in certutil where it writes data to
the wrong file descriptor. The problem was fixed upstream about 10 days
ago, I'm not sure if Fedora has the fix yet or not. Kai would know, I've
added him on the cc list.

Hi John,

in the above cited message, you didn't include the failure you were
seeing, so I have to guess.

This one is the only functional patch to certutil during the last 8-9
weeks that I could find. Do you refer to this one?

Bug 840714 - certutil -a does not produce ASCII output

It was a regression in NSS 3.14.2, and it got fixed in 3.14.3. Fedora 18
apparently received that update on Feb 24.

If the above didn't help, please send more details or ping me on IRC.

Thank you Kai. Yes, that was the regression I was referring to. It's good to
know when the fix appeared because we've had a number of folks report problems
due to it. However Alexander's issue may be something else. In any event, thank

Alexander, any luck with resolving this issue? I just tested current Freeipa
master branch with up-to-date Fedora 18 and installation worked for me. I do
not have updates-testing enabled though. I am still not convinced this is
caused by latest patches that were pushed.
No, there is no change in behavior.

Even with latest updates to tomcat6 from updates-testing HEAD on master
fails when installing on F18+updates-testing. The same machine happily
installs code before LDAP restructuring patches applied.

Unfortunately, I cannot experiment to find out exact failing patch right
now but we should aim for working F18+updates-testing setup if possible.

/ Alexander Bokovoy

Freeipa-devel mailing list

Reply via email to