great that explains a lot! Thank you. My hunt for > 4.2.0 was just because in the release note for 4.2.1 it had:
- Various fixes for new Certificates Profiles feature So I immediately assumed the problem I might be experiencing could be fixed by an upgrade (I have tried everything else I know) But thank you this is already very helpful. I hope I can find some other pointed to understand my issue then. Regards Alessandro On 27 February 2016 at 21:25, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Sat, 27 Feb 2016, Alessandro De Maria wrote: > >> Hello list, >> >> I was running freeipa 4.1 on Centos 7.1. >> I wanted to upgrade to freeipa 4.2.x to make use of user certificates. >> >> Upgrade (through yum upgrade) went ok and I am now on version: >> Name : ipa-server >> Version : 4.2.0 >> Release : 15.el7_2.6 >> >> >> However I am unable to generate new certificates (this functionality was >> working perfectly before) >> >> When I use ipa-getcert request I get the following message (ipa-getcert >> list) >> >> *Failed request, will retry: 4001 (RPC failed at server. caIPAserviceCert: >> Certificate Profile not found* >> I read this blog: >> >> https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/ >> >> I tried the following: >> $ ipa certprofile-show caIPAserviceCert >> ipa: ERROR: caIPAserviceCert: Certificate Profile not found >> >> >> So i tried to download *caIPAserviceCert* from this url and importing it: >> >> $ wget >> >> https://raw.githubusercontent.com/encukou/freeipa/master/install/share/profiles/caIPAserviceCert.cfg >> >> $ ipa certprofile-import caIPAserviceCert --file caIPAserviceCert.cfg >> --desc "Default certificates" --store TRUE >> ipa: ERROR: Non-2xx response from CA REST API: 400 Bad Request. Profile >> already exists >> >> So I imported it with another profile name (caIPAserviceCert_new) and that >> worked (I can see it from the web interface, but I cannot see >> caIPAserviceCert >> there) >> >> I tried to use: >> ipa-getcert request -T caIPAserviceCert_new ... ... ... >> >> and that still gives the the infamous message above: >> *Failed request, will retry: 4001 (RPC failed at server. caIPAserviceCert: >> Certificate Profile not found* >> >> Could someone help me out please? I noticed that 4.2.3 is out with >> important bug fixes, is there a repository out there with Centos rmps? >> > I have no comments to your problem but wanted to comment on this > specific thing: > > When certain software is packaged as part of Red Hat Enterprise Linux, > there are rules its maintainers have to follow. One of these rules is to > be more strict with rebases and package versions. > When a rebase to newer version is not granted, any bugfixes/updates will > be managed as patches to the base version. This means that if you see > ipa-server-4.2.0-<something>.el7_2 in RHEL 7.2, this does not mean that > a particular package has only FreeIPA 4.2.0 version. It includes a > number of patches on top of it which make it equal to a certain 4.2.x > version at the time of a release of that package. These patches will > have to be carried as separate files until next package rebase. > > For example ipa-4.2.0-15.el7.centos.3.src.rpm has 170 patches on top of > 4.2.0 tarball. Some of these are downstream-specific like branding > changes but the rest are patches on top of 4.2.0 upstream version that > bring the package close to 4.2.3. > > This allows to be more explicit in what is added on top of a base > version and some Red Hat customers actually depend on such information > in their own software management processes. For maintainers this, of > course, creates a bit of overhead but it is better to be more explicit > here. The only inconvenience is that we have to explain the process > sometimes to people like you who think 4.2.0-<something>.el7_2 is older > than 4.2.3 upstream release. > > In fact, out of those 170 patches, there are patches which went into > upstream 4.3.0 release and weren't yet released in 4.2.x branch because > there wasn't any 4.2.x release after 4.2.3 yet. So in the case of > 4.2.0-<something>.el7_2 you are actually getting more than FreeIPA > 4.2.3. > > I hope this makes your hunt for '4.2.3' CentOS release less urgent. > > > -- > / Alexander Bokovoy > -- Alessandro De Maria alessandro.dema...@gmail.com
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project