jwcrypto library changed its JWK object interface to behave like a dictionary in 2020. Old property wrappers are deprecated. Replace their usage with a proper dictionary lookup.
# /usr/libexec/ipa/ipa-custodia-check `hostname` [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Platform: Linux-6.7.7-200.fc39.x86_64-x86_64-with-glibc2.38 [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: IPA version: 4.12.0.dev202403201320+git [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: IPA vendor version: 4.12.0.dev202403201320+git-0.fc39 [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Realm: IPA1.TEST [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Host: master1.ipa1.test [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Remote server: master1.ipa1.test [2024-05-22T10:36:35 ipa-custodia-tester] <WARNING>: Performing self-test only. [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: File '/etc/ipa/default.conf' exists. [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: File '/etc/krb5.keytab' exists. [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: File '/etc/ipa/custodia/custodia.conf' exists. [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: File '/etc/ipa/custodia/server.keys' exists. [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Custodia client created. [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Loaded key for usage 'sig' from '/etc/ipa/custodia/server.keys'. /usr/libexec/ipa/ipa-custodia-check:195: DeprecationWarning: Call to deprecated function (or staticmethod) key_id. if pkey.key_id != self.host_spn: [2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: JWK KID matches host's service principal name 'host/master1.ipa1.test@IPA1.TEST'. [2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Checked host LDAP keys 'host/master1.ipa1.test@IPA1.TEST' for usage sig. [2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Local key for usage 'sig' matches key in LDAP. [2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Checked server LDAP keys 'host/master1.ipa1.test@IPA1.TEST' for usage sig. [2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Loaded key for usage 'enc' from '/etc/ipa/custodia/server.keys'. [2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: JWK KID matches host's service principal name 'host/master1.ipa1.test@IPA1.TEST'. [2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Checked host LDAP keys 'host/master1.ipa1.test@IPA1.TEST' for usage enc. [2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Local key for usage 'enc' matches key in LDAP. [2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Checked server LDAP keys 'host/master1.ipa1.test@IPA1.TEST' for usage enc. /usr/lib/python3.12/site-packages/ipaserver/custodia/message/kem.py:227: DeprecationWarning: Call to deprecated function (or staticmethod) key_id. header = {'kid': key.key_id, 'alg': alg} /usr/lib/python3.12/site-packages/ipaserver/custodia/message/kem.py:238: DeprecationWarning: Call to deprecated function (or staticmethod) key_id. eprot = {'kid': enc_key.key_id, 'alg': enc[0], 'enc': enc[1]} [2024-05-22T10:36:37 ipa-custodia-tester] <INFO>: Successfully retrieved 'dm/DMHash'. [2024-05-22T10:36:37 ipa-custodia-tester] <INFO>: Successfully retrieved 'ra/ipaCert'. [2024-05-22T10:36:39 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca/auditSigningCert cert-pki-ca'. [2024-05-22T10:36:41 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca_wrapped/auditSigningCert cert-pki-ca'. [2024-05-22T10:36:42 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca_wrapped/auditSigningCert cert-pki-ca/1.2.840.113549.3.7'. [2024-05-22T10:36:43 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca/caSigningCert cert-pki-ca'. [2024-05-22T10:36:44 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca/ocspSigningCert cert-pki-ca'. [2024-05-22T10:36:46 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca/subsystemCert cert-pki-ca'. All tests have passed successfully.
PR: https://github.com/freeipa/freeipa/pull/7363
master:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.