On 10/16/2015 06:41 PM, Endi Sukma Dewata wrote:
On 10/15/2015 9:54 AM, Simo Sorce wrote:
3) ipa-ca-install fails with:

Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 445, in start_creation
     run_step(full_msg, method)
   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 435, in run_step
     method()
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
631, in __spawn_instance
     DogtagInstance.spawn_instance(self, cfg_file)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 185, in spawn_instance
     self.handle_setup_error(e)
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 448, in handle_setup_error
     raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.

I guess I'm hitting the authentication bug in Dogtag. It is supposed to
be fixed in pki-core-10.2.6-10, but is it fixed in pki-core-10.2.7-0.2?
We might need a new 10.2.7 build.

I am not sure which version has it fixed, Endi ?

PKI ticket #1580 was fixed in pki-core-10.2.6-10 for F23 and F24. We
never released a pki-core-10.2.7. I suppose that is a custom build?


Yes it is a custom build[4].

It was advertised that #1414[1] will be in PKI 10.2.7 but it was laterincluded into 10.2.6-5. I don't know what's a plan for 10.2.7.

Required patch for the discussed issue #1580[2] is included in 10.2.6-10

So I propose to change requires - patch attached, remove 10.2.7 custom build from mkosek/freeipa-master repo and add new build(for f22) based on pki-core-10.2.6-10.fc23 from koji[3]


[1] https://fedorahosted.org/pki/ticket/1414
[2] https://fedorahosted.org/pki/ticket/1580
[3] http://koji.fedoraproject.org/koji/buildinfo?buildID=689985
[4] https://copr.fedoraproject.org/coprs/mkosek/freeipa-master/build/121544/
--
Petr Vobornik
From 2be7d8462fcebe4685288be8f8f5575bec108ed3 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 22 Oct 2015 12:55:54 +0200
Subject: [PATCH] change pki-core required version for replica promotion

Required PKI changes, namely:
  https://fedorahosted.org/pki/ticket/1414
  https://fedorahosted.org/pki/ticket/1580

Are included in pki-core 10.2.6-5 reps. 10.2.6-10

10.2.7 does not exist yet.
---
 freeipa.spec.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 6e8b74a70fe678ec53da0fb03196846093910720..6a993088b16d6af9cb967775e145b712e9414b75 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -141,8 +141,8 @@ Requires(post): systemd-units
 Requires: selinux-policy >= %{selinux_policy_version}
 Requires(post): selinux-policy-base >= %{selinux_policy_version}
 Requires: slapi-nis >= 0.54.2-1
-Requires: pki-ca >= 10.2.7
-Requires: pki-kra >= 10.2.7
+Requires: pki-ca >= 10.2.6-10
+Requires: pki-kra >= 10.2.6-10
 Requires(preun): python systemd-units
 Requires(postun): python systemd-units
 Requires: python-dns >= 1.11.1
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to