freeipa

Clone
Source Code
GIT

#7135 Server deployment still sets up Firefox extension, this is no longer necessary and broken on F27+
Closed: fixed 6 years ago Opened 6 years ago by pvoborni.

Closed: fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1483159

There's a point during the ipa-server-install process where it tries to use
`/usr/bin/signtool` to sign a Firefox extension. According to rcrit, this
extension isn't even used any more.

In Fedora 27+, signtool is no longer supported:
https://fedoraproject.org/wiki/Changes/NSSSigntoolDeprecation

and the binary has been moved to `%{_libdir}/nss/unsupported-tools/` instead of
`/usr/bin/`, so the script will blow up as soon as it reaches this point.

It sounds like the 'correct' fix here is just to get rid of all the stuff
dealing with this extension, if it's really no longer used, rather than find a
different way to sign it.

Nominating as an F27 Beta blocker, as this breaks FreeIPA server deployment:
"Release-blocking roles and the supported role configuration interfaces must
meet the core functional Role Definition Requirements to the extent that
supported roles can be successfully deployed, started, stopped, brought to a
working configuration, and queried." - https://fedoraproject.org/wiki/Fedora_27
_Alpha_Release_Criteria#Role_definition_requirements . Domain controller is a
release-blocking role.

Note this change was also mistakenly sent to Fedora 26 in a candidate update,
but openQA caught the breakage of FreeIPA and we were able to avoid the update
going stable:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a#comment-648102 .
The update has now been revised so signtool is not moved (the change will
happen only in F27+).

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1483159
6 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1483159
6 years ago

last usage of signtool was removed in 6c53765 but there is still some garbage to remove

Metadata Update from @pvoborni:
- Issue assigned to pvoborni
6 years ago

Metadata Update from @pvoborni:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1034
6 years ago

Metadata Update from @pvoborni:
- Issue priority set to: major
6 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.6.1 (was: FreeIPA 4.6)
6 years ago

master:

  • b0184d1 browser config: cleanup after removal of Firefox extension

ipa-4-6:

  • 0e8e94a browser config: cleanup after removal of Firefox extension

Metadata Update from @tkrizek:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

See also https://pagure.io/freeipa/issue/7226 which removes remaining vestiges of
the Firefox plugin, JAR signing profile, etc.

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/1034
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1483159
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.