Comments
adamwill
This failed its own test suite:
:: [ 02:24:27 ] :: [ FAIL ] :: Command 'su -c '/usr/bin/b2 -d1 --build-dir=/home/boost.kCe5Net2fE/test-build &>>/home/boost.kCe5Net2fE/testsuite.log' bstbld' (Expected 0, got 1)
testsuite.log is here, there's a ton of stuff in it, not sure what's relevant.
The tier0 failure is:
Did not find any plans. Command used 'tmt --root . -c arch=x86_64 -c distro=fedora-rawhide -c initiator=fedora-ci -c trigger=build plan ls --filter enabled:true'.
I wonder if the adjust stuff in the test plans is confusing it?
The scratch-build failure is because I broke scratch-build, sorry. https://github.com/fedora-ci/scratch-build-test/pull/14 should fix it (I hope) but nobody's merged it yet.
Not sure about the tier0 failure though.
This is because I broke scratch-build, sorry. https://github.com/fedora-ci/scratch-build-test/pull/14 should fix it (I hope) but nobody's merged it yet.
if we do have to change anaconda, I think this would be simplest?
diff --git a/pyanaconda/core/users.py b/pyanaconda/core/users.py
index b61cf26733..8729f6b89d 100644
--- a/pyanaconda/core/users.py
+++ b/pyanaconda/core/users.py
@@ -503,9 +503,10 @@ def set_user_password(username, password, is_crypted, lock, root="/"):
:param str root: target system sysroot path
"""
- # Only set the password if it is a string, including the empty string.
+ # Only set the password if it is a string, including the empty string
+ # *if* lock is false
# Otherwise leave it alone (defaults to locked for new users) and reset sp_lstchg
- if password or password == "":
+ if password or (password == "" and not lock):
if password == "":
log.info("user account %s setup with no password", username)
elif not is_crypted:
OK, so yes, it's basically that, but a variant which the upstream patches so far didn't cover: anaconda uses just ! as the password hash in some circumstances, most notably for the root password if you don't explicitly set one (which is the only choice on a default interactive Workstation install).
I've explained this at https://github.com/shadow-maint/shadow/issues/1483#issuecomment-3757398138 . I guess I'll send a PR that allows ! and we can see if upstream is OK with it; if yes, we can backport it, if no, we'll have to change anaconda?
I suspect we're running into the "it considered a leading ! invalid" part of the bug here, because I think it's failing on install paths where we don't explicitly set a root password, and so anaconda locks the account.
Tthat does look like a plausible suspect, it looks like anaconda is using yescrypt by preference for crypting the password. I'll do a scratch build with the fix backported and test that.
The tests indicate that this breaks FreeIPA server uninstall, during client uninstall:
2026-01-15T14:35:31Z DEBUG Starting external process
2026-01-15T14:35:31Z DEBUG args=['/usr/bin/authselect', 'backup-restore', 'pre_ipaclient_20260115085026']
2026-01-15T14:35:31Z DEBUG Process finished, return code=1
2026-01-15T14:35:31Z DEBUG stdout=
2026-01-15T14:35:31Z DEBUG stderr=[error] File [/var/lib/authselect/backups/pre_ipaclient_20260115085026/switchable-auth] should exist but is missing. It is not safe to delete [/etc/authselect/switchable-auth]. Aborting.
[error] Unable to copy files [1]: Operation not permitted
[error] Unable to restore [pre_ipaclient_20260115085026] [1]: Operation not permitted
Unable to restore backup [pre_ipaclient_20260115085026] [1]: Operation not permitted
I'm guessing this is maybe because the backup was created with an older authselect but we're trying to restore it with a newer authselect? Should newer authselect be compatible with older authselect's backup files?
Yes, I can test COPR builds, just give me the COPR details.
If you leave the boost soname bump committed to dist-git and don't fix libcmis and LO, yes.
It looks like the libreoffice COPR build failed because it buildrequires libcmis, so we could try building libcmis then libreoffice against it, I guess. But LO does also use boost directly so the chances of it also needing changes are relatively high.
On both Workstation and KDE, the important broken dependencies that are currently visible are libcmis and libreoffice.
The failures here were waived with:
"It is expected that some package dependencies will be broken by this update. Additional work will be needed to fix those packages so they can be built."
This is not a good or valid reason for a waiver. You have broken Rawhide thoroughly by doing this. I will request this entire update be untagged and ask you to please not do this in future.
Still the vmmouse panic on openQA. Justin is currently looking into that.
@ipedrosa I'm on vacation right now, back Wednesday. The install tests are failing with "Unable to set password for new user". In the journal there's a big traceback which basically boils down to "the installer tried to run chpasswd -R /mnt/sysroot -e and it exited 1". I'll look in more detail when I'm back.
This seems to break FreeIPA upgrade from F42 to F43. After installing the upgrade, including this package, and rebooting, ipa.service is failed on the server. ipaupgrade.log shows:
2026-01-09T21:18:34Z DEBUG Unhandled LDAPError: OPERATIONS_ERROR: {'msgtype': 105, 'msgid': 766, 'result': 1, 'desc': 'Operations error', 'ctrls': []}
2026-01-09T21:18:34Z DEBUG Destroyed connection context.ldap2_281473151816464
2026-01-09T21:18:34Z ERROR Upgrade failed with Operations error:
2026-01-09T21:18:34Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1095, in error_handler
yield
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1679, in add_entry
self.conn.add_s(str(entry.dn), list(attrs.items()))
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 236, in add_s
return self.add_ext_s(dn,modlist,None,None)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 222, in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 543, in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
~~~~~~~~~~~~^
msgid,all,timeout,
^^^^^^^^^^^^^^^^^^
add_ctrls=0,add_intermediates=0,add_extop=0,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
resp_ctrl_classes=resp_ctrl_classes
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 553, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
result = func(*args,**kwargs)
ldap.OPERATIONS_ERROR: {'msgtype': 105, 'msgid': 766, 'result': 1, 'desc': 'Operations error', 'ctrls': []}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.14/site-packages/ipaserver/install/upgradeinstance.py", line 291, in __upgrade
self.modified = (ld.update(self.files) or self.modified)
~~~~~~~~~^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/ldapupdate.py", line 1057, in update
self._run_updates(all_updates)
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/ldapupdate.py", line 1008, in _run_updates
self._run_update_plugin(update['plugin'])
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/ldapupdate.py", line 984, in _run_update_plugin
restart_ds, updates = self.api.Updater[plugin_name]()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.14/site-packages/ipalib/frontend.py", line 1560, in __call__
return self.execute(**options)
~~~~~~~~~~~~^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/plugins/update_managed_permissions.py", line 377, in execute
self.update_permission(ldap,
~~~~~~~~~~~~~~~~~~~~~~^^^^^^
obj,
^^^^
unicode(name),
^^^^^^^^^^^^^^
template,
^^^^^^^^^
anonymous_read_aci)
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/plugins/update_managed_permissions.py", line 474, in update_permission
ldap.add_entry(entry)
~~~~~~~~~~~~~~^^^^^^^
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1913, in add_entry
super(LDAPCache, self).add_entry(entry)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1677, in add_entry
with self.error_handler():
~~~~~~~~~~~~~~~~~~^^
File "/usr/lib64/python3.14/contextlib.py", line 162, in __exit__
self.gen.throw(value)
~~~~~~~~~~~~~~^^^^^^^
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1166, in error_handler
raise errors.DatabaseError(desc=desc, info=info)
ipalib.errors.DatabaseError: Operations error:
2026-01-09T21:18:34Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1095, in error_handler
yield
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1679, in add_entry
self.conn.add_s(str(entry.dn), list(attrs.items()))
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 236, in add_s
return self.add_ext_s(dn,modlist,None,None)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 222, in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 543, in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
~~~~~~~~~~~~^
msgid,all,timeout,
^^^^^^^^^^^^^^^^^^
add_ctrls=0,add_intermediates=0,add_extop=0,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
resp_ctrl_classes=resp_ctrl_classes
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 553, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib64/python3.14/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
result = func(*args,**kwargs)
ldap.OPERATIONS_ERROR: {'msgtype': 105, 'msgid': 766, 'result': 1, 'desc': 'Operations error', 'ctrls': []}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.14/site-packages/ipaserver/install/upgradeinstance.py", line 291, in __upgrade
self.modified = (ld.update(self.files) or self.modified)
~~~~~~~~~^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/ldapupdate.py", line 1057, in update
self._run_updates(all_updates)
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/ldapupdate.py", line 1008, in _run_updates
self._run_update_plugin(update['plugin'])
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/ldapupdate.py", line 984, in _run_update_plugin
restart_ds, updates = self.api.Updater[plugin_name]()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.14/site-packages/ipalib/frontend.py", line 1560, in __call__
return self.execute(**options)
~~~~~~~~~~~~^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/plugins/update_managed_permissions.py", line 377, in execute
self.update_permission(ldap,
~~~~~~~~~~~~~~~~~~~~~~^^^^^^
obj,
^^^^
unicode(name),
^^^^^^^^^^^^^^
template,
^^^^^^^^^
anonymous_read_aci)
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/plugins/update_managed_permissions.py", line 474, in update_permission
ldap.add_entry(entry)
~~~~~~~~~~~~~~^^^^^^^
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1913, in add_entry
super(LDAPCache, self).add_entry(entry)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1677, in add_entry
with self.error_handler():
~~~~~~~~~~~~~~~~~~^^
File "/usr/lib64/python3.14/contextlib.py", line 162, in __exit__
self.gen.throw(value)
~~~~~~~~~~~~~~^^^^^^^
File "/usr/lib/python3.14/site-packages/ipapython/ipaldap.py", line 1166, in error_handler
raise errors.DatabaseError(desc=desc, info=info)
ipalib.errors.DatabaseError: Operations error:
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.14/site-packages/ipaserver/install/service.py", line 688, in start_creation
run_step(full_msg, method)
~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/service.py", line 674, in run_step
method()
~~~~~~^^
File "/usr/lib/python3.14/site-packages/ipaserver/install/upgradeinstance.py", line 299, in __upgrade
raise RuntimeError(e)
RuntimeError: Operations error:
2026-01-09T21:18:34Z DEBUG [error] RuntimeError: Operations error:
2026-01-09T21:18:34Z DEBUG [cleanup]: stopping directory server
This looks like it breaks FreeIPA upgrade from F43. After installing the F44 upgrade (including this package) and rebooting, it looks like networking isn't working on the upgraded system at all. I'll try and get more details tomorrow or Monday.
So, hum. It looks like all the test failures happen when something expects there to be a binary called
node, which there isn't, in this package.A good example is the npm-integration-global-install test, which basically does
/usr/bin/npm-24 install coffeescript --globaland then runs various checks of thecoffeecommand that results from doing that. All thosecoffeecommands fail because it's expecting anodeexecutable, but there isn't one.I'm not sure what to take from this. Is
npm-24expected to install things that are "aware" of the versioned nodejs binary name? If not, tests that expect this should be disabled for the versioned package, I guess?