Subtasks:
More points:
ds-seen
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1115294 (Red Hat Enterprise Linux 7)
master:
ipa-4-1:
It seems that FreeIPA<=3.3.5+bind-dyndb-ldap<6.0 created /var/named/dyndb-ldap/ipa/ directory owned by named:named with permissions set to rwx------ which prevents ipa-dnskeysyncd from working correctly.
/var/named/dyndb-ldap/ipa/
named:named
rwx------
ipa-dnskeysyncd
I propose to line
add `%dir %attr(0770,named,named) %{_localstatedir}/named/dyndb-ldap/ipa/
to freeipa.spec so RPM will fix the problem automatically.
freeipa.spec
Nice side-effect is that rpm -qf will show that the directory is owned by freeipa-server.
rpm -qf
FreeIPA 4.1.1 was released.
Compiler warnings:
Got: [error] Error: Error at log in: 0xa0 when testing backup&restore after some combination of install / uninstall / install /backup / update / uninstall / install / restore / uninstall / install (don't remember exactly)
[error] Error: Error at log in: 0xa0
The rpm update in the middle was in ipa-4-1 branch aprox. -10, +2 commits around commit 1b5cd5b
2014-11-21T14:47:17Z DEBUG [6/7]: creating replica keys 2014-11-21T14:47:17Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 382, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 372, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", line 306, in __setup_replica_keys p11 = _ipap11helper.P11_Helper(softhsm_slot, pin, paths.LIBSOFTHSM2_SO) Error: Error at log in: 0xa0 2014-11-21T14:47:17Z DEBUG [error] Error: Error at log in: 0xa0 2014-11-21T14:47:17Z DEBUG File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 642, in run_script return_value = main_function() File "/sbin/ipa-server-install", line 1300, in main dnskeysyncd.create_instance(api.env.host, api.env.realm) File "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", line 146, in create_instance self.start_creation() File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 382, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 372, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", line 306, in __setup_replica_keys p11 = _ipap11helper.P11_Helper(softhsm_slot, pin, paths.LIBSOFTHSM2_SO) 2014-11-21T14:47:17Z DEBUG The ipa-server-install command failed, exception: Error: Error at log in: 0xa0
4.1.2 was released.
Martin2 is the primary contact for this one.
Another improvement:
RSA_PKCS1_OAEP_PADDING
PKCS#11
CKM_RSA_PKCS_OAEP
Fix reference counting in pkcs11 extension
4.1.3 was released.
Next SoftHSMv2 rebase will require change to PKCS#11 constants to reflect: https://github.com/opendnssec/SoftHSMv2/pull/110
4.1.4 was released, moving to new milestone
Majority of work was finished and fixed upstream, we can close this ticket now. I would suggest opening separate tickets for any problems we find in the future.
Metadata Update from @mbasti: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.1.5
Login to comment on this ticket.