[Freeipa-devel] master is broken on F18
Alexander Bokovoy
abokovoy at redhat.com
Mon Mar 18 15:32:05 UTC 2013
On Mon, 18 Mar 2013, Alexander Bokovoy wrote:
>On Mon, 18 Mar 2013, Martin Kosek wrote:
>>On 03/17/2013 02:42 PM, John Dennis wrote:
>>>On 03/16/2013 05:19 PM, Kai Engert wrote:
>>>>On Fri, 2013-03-15 at 16:07 -0400, John Dennis wrote:
>>>>>On 03/15/2013 12:56 PM, Alexander Bokovoy wrote:
>>>>>>Hi!
>>>>>>
>>>>>>I was investigating why installing master fails on F18 +
>>>>>>updates-testing and found out that install fails with
>>>>>>freeipa-server-3.1.99-0.20130313T1838Zgit158bf45.fc18.x86_64 from
>>>>>>ipa-devel repo
>>>>>>
>>>>>>2013-03-15T16:17:40Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias
>>>>>>-R -s CN=jano.ipa.team,O=IPA.TEAM -o
>>>>>>/var/lib/ipa/ipa-aza7Wg/tmpcertreq -k rsa -g 2048 -z
>>>>>>/etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt -a
>>>>>>2013-03-15T16:17:41Z DEBUG Process finished, return code=0
>>>>>>2013-03-15T16:17:41Z DEBUG stdout= 2013-03-15T16:17:41Z DEBUG
>>>>>>stderr=
>>>>>>
>>>>>>Generating key. This may take a few moments...
>>>>>
>>>>>I believe this is a known problem in certutil where it writes data to
>>>>>the wrong file descriptor. The problem was fixed upstream about 10 days
>>>>>ago, I'm not sure if Fedora has the fix yet or not. Kai would know, I've
>>>>>added him on the cc list.
>>>>
>>>>
>>>>Hi John,
>>>>
>>>>in the above cited message, you didn't include the failure you were
>>>>seeing, so I have to guess.
>>>>
>>>>This one is the only functional patch to certutil during the last 8-9
>>>>weeks that I could find. Do you refer to this one?
>>>>
>>>>Bug 840714 - certutil -a does not produce ASCII output
>>>>https://bugzilla.mozilla.org/show_bug.cgi?id=840714
>>>>
>>>>It was a regression in NSS 3.14.2, and it got fixed in 3.14.3. Fedora 18
>>>>apparently received that update on Feb 24.
>>>>http://tinyurl.com/bym4rlh
>>>>
>>>>If the above didn't help, please send more details or ping me on IRC.
>>>
>>>Thank you Kai. Yes, that was the regression I was referring to. It's good to
>>>know when the fix appeared because we've had a number of folks report problems
>>>due to it. However Alexander's issue may be something else. In any event, thank
>>>you.
>>>
>>
>>Alexander, any luck with resolving this issue? I just tested current Freeipa
>>master branch with up-to-date Fedora 18 and installation worked for me. I do
>>not have updates-testing enabled though. I am still not convinced this is
>>caused by latest patches that were pushed.
>No, there is no change in behavior.
>
>Even with latest updates to tomcat6 from updates-testing HEAD on master
>fails when installing on F18+updates-testing. The same machine happily
>installs code before LDAP restructuring patches applied.
>
>Unfortunately, I cannot experiment to find out exact failing patch right
>now but we should aim for working F18+updates-testing setup if possible.
Now I did create fresh VM with F18 and applied all updates-testing +
updates repo changes, enabled ipa-devel and installed the server
successfully.
I guess there is something we mess in existing install and don't remove
properly data from certificate databases during uninstall after package
upgrades. This is just a guess, though.
I have working F18 machine and can continue trust work in master...
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list