Comments

88 Comments

Everybody, please give NEGATIVE Karma to this update request.

cryptography 35.0.0 is causing a breaking change with FreeIPA. I'm unable to retract the update although I created it. I assume it's related to @zbyszek push and submisssion.

@kevin Could you please build python-jwt-2.1.0-3.fc35? I'll add the build to this update.

I asked upstream to drop or at least relax the upper bound, https://github.com/GehirnInc/python-jwt/issues/46 . It doesn't make sense with new version scheme.

The issue is fixed by jwt upstream commit https://github.com/GehirnInc/python-jwt/pull/45 and release 1.3.0.

Python 3.10b2 works as expected. _decimal.cpython-310-x86_64-linux-gnu.so is linked against libmpdec.so.3.

BZ#1943359 Unbundle libmpdec/mpdecimal (or at least provide bundled(libmpdec)/bundled(mpdecimal))

Thanks Adam!

I have created https://src.fedoraproject.org/rpms/389-ds-base/pull-request/13 with backport of rawhide patch and with correct patching of DNA plugin.

I made a mistake and forgot to hook up autosetup for F33 branch: https://src.fedoraproject.org/rpms/389-ds-base/pull-request/12

Update works for me with FreeIPA.

# dnf upgrade --enablerepo=updates-testing bind-dyndb-ldap
# rpm -qa bind-dyndb-ldap bind
bind-9.11.27-1.fc33.x86_64
bind-dyndb-ldap-11.3-6.fc33.x86_64

+1, works for me

New LDAPI autobind rewriter feature also works.

karma

+1 for Adam's last proposal. Let's land this update while we work on a new update for #1880628

BZ#1883005 freeipa-selinux drags in server components on client
BZ#1886205 FreeIPA server upgrade from F32 to F33 doesn't work any more because F32's FreeIPA is newer

/etc/systemd/resolved.conf.d was not accessible by systemd-resolved. PR https://github.com/freeipa/freeipa/pull/5156 fixes the problem.

karma

FreeIPA server installation works for me.

Client-only installation does not pull in FreeIPA server packages.

systemd-resolved integration does not work correctly. resolved ignores the new drop-in configuration file.

# cat /etc/systemd/resolved.conf.d/zzz-ipa.conf 

# auto-generated by IPA installer
[Resolve]
# use local BIND instance
DNS=127.0.0.1
# make local BIND default DNS server, add search suffixes
Domains=~. ipa.example

resolvectl does neither show default DNS server 127.0.0.1 nor ipa.example default search domain.

# resolvectl 
Global
       LLMNR setting: resolve             
MulticastDNS setting: no                  
  DNSOverTLS setting: no                  
      DNSSEC setting: no                  
    DNSSEC supported: no                  
Fallback DNS Servers: 1.1.1.1             
                      8.8.8.8             
                      1.0.0.1             
                      8.8.4.4             
                      2606:4700:4700::1111
                      2001:4860:4860::8888
                      2606:4700:4700::1001
                      2001:4860:4860::8844
...

DNS lookup of ipa-ca alias with default resolver systemd-resolved does not work either:

# dig +nocomments ipa-ca.ipa.example.

; <<>> DiG 9.11.23-RedHat-9.11.23-1.fc33 <<>> +nocomments ipa-ca.ipa.example.
;; global options: +cmd
;ipa-ca.ipa.example.            IN      A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Sep 28 05:45:42 EDT 2020
;; MSG SIZE  rcvd: 47
# dig +nocomments @127.0.0.1 ipa-ca.ipa.example.

; <<>> DiG 9.11.23-RedHat-9.11.23-1.fc33 <<>> +nocomments @127.0.0.1 ipa-ca.ipa.example.
; (1 server found)
;; global options: +cmd
;ipa-ca.ipa.example.            IN      A
ipa-ca.ipa.example.     86400   IN      A       10.0.139.100
ipa.example.            86400   IN      NS      host-10-0-139-100.ipa.example.
host-10-0-139-100.ipa.example. 86400 IN A       10.0.139.100
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 28 05:46:01 EDT 2020
;; MSG SIZE  rcvd: 139
# rpm -qa systemd freeipa-server
systemd-246.4-2.fc33.x86_64
freeipa-server-4.8.10-3.fc33.x86_64
BZ#1880628 FreeIPA server doesn't get along well with systemd-resolved (need to manually disable it)
BZ#1883005 freeipa-selinux drags in server components on client
karma

FreeIPA server installation works for me.

Client-only installation does not pull in FreeIPA server packages.

BZ#1883005 freeipa-selinux drags in server components on client