On Срд, 10 сту 2024, Finn Fysj via FreeIPA-users wrote:
I've recently tried to run an upgrade of my IPA server (4.10.2) because
of some CVE fix for 4.10.3. At the end of upgrade the IPA server tries
to run: CalledProcessError(Command ['/usr/bin/authselect', 'select',
'sssd', 'with-sudo', '--force'], why does it do this?
It should tell you what upgrade step is that prior to running the
command.
I think this is about migration to authselect. Upgrade code considers
whether migration from authconfig is needed and if we didn't record that
migration already happened, we perform it. The default configuration is
'authselect select sssd with-sudo --force'.
You can avoid re-running this upgrade part by adding a section
[authcfg]
migrated_to_authselect = True
to /var/lib/ipa/sysupgrade/sysupgrade.state
and rerunning the upgrade.
The upgrade in my case fails because I've set made following files immutable:
/etc/authselect/{password-auth,system-auth}.
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
