This bug was fixed in the package freeipa - 4.3.1-0ubuntu1

freeipa (4.3.1-0ubuntu1) xenial; urgency=medium

  * Sync from Debian.

freeipa (4.3.1-1) unstable; urgency=medium

  * New upstream release. (Closes: #781607, #786411) (LP: #1449304)
    - drop no-test-lang.diff, obsolete
  * fix-match-hostname.diff, control: Drop the patch and python-openssl
    deps, not needed anymore
  * rules, platform, server.dirs, server.install:
    Add support for DNSSEC.
  * control, rules: Add support for kdcproxy.
  * control, server: Migrate to mod-auth-gssapi.
  * control, rules, fix-ipa-conf.diff: Add support for custodia.
  * control:
    - Add python-cryptography to build-deps and python-freeipa deps.
    - Add libp11-kit-dev to build-deps, p11-kit to server deps.
    - Depend on python-gssapi instead of python-kerberos/-krbV.
    - Add libini-config-dev and python-dbus to build-deps, replace wget
      with curl.
    - Bump libkrb5-dev build-dep.
    - Add pki-base to build-deps and pki-kra to server deps, bump pki-ca
    - Drop python-m2crypto from deps, obsolete.
    - Bump sssd deps to 1.13.1.
    - Add python-six to build-deps and python-freeipa deps.
    - Split python stuff from server, client, tests to python-
      ipa{server,client,tests}, rename python-freeipa to match and move
      translations to freeipa-common. Mark them Arch:all where possible,
      and add Breaks/Replaces.
    - Add oddjob to server and oddjob-mkhomedir to client deps.
    - Add python-setuptools to python-ipalib deps.
    - Bump 389-ds-base* deps.
    - Bump server and python-ipaserver dependency on python-ldap to 2.4.22
      to fix a bug on ipa-server-upgrade.
    - Add pki-tools to python-ipaserver deps.
    - Add zip to python-ipaserver depends.
    - Add python-systemd to server depends.
    - Add opendnssec to freeipa-server-dns depends.
    - Add python-cffi to python-ipalib depends.
    - Bump dep on bind9-dyndb-ldap.
    - Bump certmonger dependency to version that has helpers in the correct
  * patches:
    - prefix.patch: Fix ipalib install too.
    - Drop bits of platform.diff and other patches that are now upstream.
    - fix-kdcproxy-paths.diff: Fix paths in kdcproxy configs.
    - fix-oddjobs.diff: Fix paths and uids in oddjob configs.
    - fix-replicainstall.diff: Use ldap instead of ldaps for conncheck.
    - fix-dnssec-services.diff: Debianize ipa-dnskeysyncd & ipa-ods-
      exporter units.
    - create-sysconfig-ods.diff: Create an empty file for opendnssec
      daemons, until opendnssec itself is fixed.
    - purge-firefox-extension.diff: Clean obsolete kerberosauth.xpi.
    - enable-mod-nss-during-setup.diff: Split from platform.diff, call
      a2enmod/a2dismod from
    - fix-memcached.diff: Split from platform.diff, debianize memcached
      conf & unit.
    - hack-libarch.diff: Don't use fedora libpaths.
  * add-debian-platform.diff:
    - Update to include all variables, comment out ones we don't
    - Use systemwide certificate store; put ipa-ca.crt in
      /usr/local/share/ca-certificates, and run update-ca-certificates
    - Map smb service to smbd (LP: #1543230)
    - Don't ship /var/cache/bind/data, fix named.conf a bit.
    - Use DebianNoService() for dbus. (LP: #1564981)
    - Add more constants
  * Split freeipa-server-dns from freeipa-server, add -dns to -server
  * server.postinst: Use ipa-server-upgrade.
  * admintools: Use the new location for bash completions.
  * rules: Remove obsolete configure.jar, preferences.html.
  * platform: Fix stdout handling, add support for systemd.
  * server.postinst, tmpfile: Create state directories for
  * rules, server.install: Install scripts under /usr/lib instead of
    multiarch path to avoid hacking the code too much.
  * fix-ipa-otpd-install.diff, rules, server.install: Put ipa-otpd in
    /usr/lib/ipa instead of directly under multiarch lib path.
  * control, server*.install: Move dirsrv plugins from server-trust-ad
    to server, needed on upgrades even if trust-ad isn't set up.
  * server: Enable mod_proxy_ajp and mod_proxy_http on postinst, disable
    on postrm.
  * rules: Add SKIP_API_VERSION_CHECK, and adjust directories to clean.
  * rules: Don't enable systemd units on install.
  * client: Don't create /etc/pki/nssdb on postinst, it's not used
  * platform.diff, rules, server.install: Drop, bind
    already generates the keyfile.

 -- Timo Aaltonen <>  Tue, 19 Apr 2016 00:15:05 +0300

** Changed in: freeipa (Ubuntu)
       Status: Triaged => Fix Released

You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.

  ipa-replica-prepare fails

Status in freeipa package in Ubuntu:
  Fix Released
Status in freeipa package in Debian:

Bug description:
  Running ipa-replica-prepare results in an error due to gnupg-agent

  # ipa-replica-prepare somehost
  Directory Manager (existing master) password:

  Preparing replica for somehost from someotherhost
  Creating SSL certificate for the Directory Server
  Creating SSL certificate for the dogtag Directory Server
  Saving dogtag Directory Server port
  Creating SSL certificate for the Web Server
  Exporting RA certificate
  Copying additional files
  Finalizing configuration
  Packaging replica information into /var/lib/ipa/replica-info-somehost.gpg
  [Errno 2] No such file or directory

  Installing the gnupg-agent package results in success. Seems like
  freeipa-server should depend on gnugp-agent.

  Package info:

    Installed: 4.0.5-3
    Candidate: 4.0.5-3
    Version table:
   *** 4.0.5-3 0
          500 vivid/universe 
amd64 Packages
          100 /var/lib/dpkg/status

  Platform info:

  Distributor ID:       Ubuntu
  Description:  Ubuntu 15.04
  Release:      15.04
  Codename:     vivid

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to