On 12.01.2016 12:24, Jan Cholasta wrote:
On 12.1.2016 12:17, Martin Basti wrote:


On 12.01.2016 10:19, Jan Cholasta wrote:
On 12.1.2016 09:32, Martin Basti wrote:


On 07.01.2016 14:13, Jan Cholasta wrote:
On 7.1.2016 09:50, Jan Cholasta wrote:
Hi,

the attached patch ports the _ipap11helper module to python-cffi.

Combined with my patch 536 [1], this makes ipapython architecture
independent.

Updated patch attached.



I tried to run DNSSEC tests and it failed unexpectedly:

Jan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]:
Connected
Jan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]:
replica pub keys in LDAP: set(['0x51df7c70b9869a7dd2bbd27335dba3f8',
'0xd8538e634797420ca86cda420234443c'])
Jan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]: replica pub keys in SoftHSM: set(['0x51df7c70b9869a7dd2bbd27335dba3f8',
'0x1f7241a64d69ced6c0a14f6999410c59'])
Jan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]:
new replica keys in LDAP: set(['0xd8538e634797420ca86cda420234443c'])
Jan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]:
label=dnssec-replica:replica1.ipa.test.,
id=d8538e634797420ca86cda420234443c,
data=30820122300d06092a864886f70d01010105
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: Traceback (most
recent call last):
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: File
"/usr/libexec/ipa/ipa-ods-exporter", line 664, in <module>
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]:
ldap2master_replica_keys_sync(log, ldapkeydb, localhsm)
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: File
"/usr/libexec/ipa/ipa-ods-exporter", line 313, in
ldap2master_replica_keys_sync
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]:
localhsm.import_public_key(new_key_ldap, new_key_ldap['ipapublickey'])
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: File
"/usr/lib/python2.7/site-packages/ipapython/dnssec/localhsm.py", line
173, in import_public_key
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: h =
self.p11.import_public_key(**params)
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: File
"/usr/lib/python2.7/site-packages/ipapython/p11helper.py", line 1498, in
import_public_key
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: pkey =
d2i_PUBKEY(NULL, data_ptr, data_length)
Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: TypeError:
'int(*)(EVP_PKEY *, unsigned char * *)' expects 2 arguments, got 3
Jan 12 08:28:06 master.ipa.test systemd[1]: ipa-ods-exporter.service:
Main process exited, code=exited, status=1/FAILURE
Jan 12 08:28:06 master.ipa.test systemd[1]: ipa-ods-exporter.service:
Unit entered failed state.
Jan 12 08:28:06 master.ipa.test systemd[1]: ipa-ods-exporter.service:
Failed with result 'exit-code'.

I haven't seen any other errors

Updated patch attached. Added a patch which replaces calls to
libcrypto with calls to python-cryptography.


[ipa.ipatests.test_integration.host.Host.master.cmd10] Done configuring
DNS (named).
[ipa.ipatests.test_integration.host.Host.master.cmd10] Configuring DNS
key synchronization service (ipa-dnskeysyncd)
[ipa.ipatests.test_integration.host.Host.master.cmd10]   [1/7]: checking
status
[ipa.ipatests.test_integration.host.Host.master.cmd10]   [2/7]: setting
up bind-dyndb-ldap working directory
[ipa.ipatests.test_integration.host.Host.master.cmd10]   [3/7]: setting
up kerberos principal
[ipa.ipatests.test_integration.host.Host.master.cmd10]   [4/7]: setting
up SoftHSM
[ipa.ipatests.test_integration.host.Host.master.cmd10]   [5/7]: adding
DNSSEC containers
[ipa.ipatests.test_integration.host.Host.master.cmd10]   [6/7]: creating
replica keys
[ipa.ipatests.test_integration.host.Host.master.cmd10]   [error] Error:
export_RSA_public_key: internal error: EVP_PKEY_set1_RSA failed
[ipa.ipatests.test_integration.host.Host.master.cmd10]
ipa.ipapython.install.cli.install_tool(Server): ERROR
export_RSA_public_key: internal error: EVP_PKEY_set1_RSA failed
[ipa.ipatests.test_integration.host.Host.master.cmd10]
ipa.ipapython.install.cli.install_tool(Server): ERROR    The
ipa-server-install command failed. See /var/log/ipaserver-install.log
for more information
[ipa.ipatests.test_integration.host.Host.master.cmd10] Exit code: 1

ipa-server-install.log
....
   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 436, in run_step
     method()
   File
"/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",
line 342, in __setup_replica_keys
     public_key_blob = p11.export_public_key(public_key_handle)
   File "/usr/lib/python2.7/site-packages/ipapython/p11helper.py", line
1275, in export_public_key
     return self._export_RSA_public_key(object)
   File "/usr/lib/python2.7/site-packages/ipapython/p11helper.py", line
1240, in _export_RSA_public_key
     raise Error("export_RSA_public_key: internal error: "

2016-01-12T11:00:29Z DEBUG The ipa-server-install command failed,
exception: Error: export_RSA_public_key: internal error:
EVP_PKEY_set1_RSA failed
2016-01-12T11:00:29Z ERROR export_RSA_public_key: internal error:
EVP_PKEY_set1_RSA failed

Updated patch 538 attached.

Jan 12 12:31:43 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: Connected Jan 12 12:31:44 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: replica pub keys in LDAP: set(['0xf5edad67436d0ed36b75c3a70216fa43', '0x7164a931484d505f1e249e3dcbc313e2']) Jan 12 12:31:44 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: replica pub keys in SoftHSM: set(['0xf5edad67436d0ed36b75c3a70216fa43', '0x7164a931484d505f1e249e3dcbc313e2', '0x28e302ae6b6ee7e9284cd5f6 Jan 12 12:31:44 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: new replica keys in LDAP: set([]) Jan 12 12:31:44 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: obsolete replica keys in local HSM: set(['0x28e302ae6b6ee7e9284cd5f61aadbbe7']) Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: Traceback (most recent call last): Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: File "/usr/libexec/ipa/ipa-ods-exporter", line 664, in <module> Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: ldap2master_replica_keys_sync(log, ldapkeydb, localhsm) Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: File "/usr/libexec/ipa/ipa-ods-exporter", line 321, in ldap2master_replica_keys_sync Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: localhsm.replica_pubkeys_wrap[key_id]['ipk11wrap'] = False Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: File "/usr/lib/python2.7/site-packages/ipapython/dnssec/localhsm.py", line 65, in __setitem__ Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: return self.p11.set_attribute(self.handle, attrs_name2id[key], value) Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: File "/usr/lib/python2.7/site-packages/ipapython/p11helper.py", line 1661, in set_attribute Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: sizeof(CK_ATTRIBUTE))) Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: TypeError: an integer is required Jan 12 12:31:44 master.ipa.test systemd[1]: ipa-ods-exporter.service: Main process exited, code=exited, status=1/FAILURE

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to