The attached branch has the right bugfix.
I tested in on my local installations and it works like a charm.
Certutil call of ipa-client-install won't fail anymore on this missing
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
ipa-client-install failes at certutil stage because /etc/pki doesn't
Status in “freeipa” package in Ubuntu:
ipa-client-install fails at the import stage of the freeipa server
New SSSD config will be created.
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1292, in <module>
File "/usr/sbin/ipa-client-install", line 1279, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1124, in install
run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA",
"-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in
raise CalledProcessError(p.returncode, args)
subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d
/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero
exit status 255
It looks like the patch create_client_dirs.patch needs to be refreshed to:
1. check if /etc/pki exists
2. if not, create it
this is important especially for debian and ubuntu, because /etc/pki
is/was fedora/rhel specific
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~freeipa
Post to : email@example.com
Unsubscribe : https://launchpad.net/~freeipa
More help : https://help.launchpad.net/ListHelp