Comments
cheimes
cryptography 35.0.0 is also causing issues with FreeIPA and Certmonger.
@kevin Could you please build python-jwt-2.1.0-3.fc35? I'll add the build to this update.
I asked upstream to drop or at least relax the upper bound, https://github.com/GehirnInc/python-jwt/issues/46 . It doesn't make sense with new version scheme.
The issue is fixed by jwt upstream commit https://github.com/GehirnInc/python-jwt/pull/45 and release 1.3.0.
Python 3.10b2 works as expected. _decimal.cpython-310-x86_64-linux-gnu.so is linked against libmpdec.so.3.
Thanks Adam!
I have created https://src.fedoraproject.org/rpms/389-ds-base/pull-request/13 with backport of rawhide patch and with correct patching of DNA plugin.
I made a mistake and forgot to hook up autosetup for F33 branch: https://src.fedoraproject.org/rpms/389-ds-base/pull-request/12
The update hasn't reached all mirrors yet. I worked around the problem by installing from Koji:
dnf install -y https://kojipkgs.fedoraproject.org//packages/mock-core-configs/34.1/1.fc33/noarch/mock-core-configs-34.1-1.fc33.noarch.rpm https://kojipkgs.fedoraproject.org//packages/distribution-gpg-keys/1.48/1.fc33/noarch/distribution-gpg-keys-1.48-1.fc33.noarch.rpm
Update works for me with FreeIPA.
# dnf upgrade --enablerepo=updates-testing bind-dyndb-ldap
# rpm -qa bind-dyndb-ldap bind
bind-9.11.27-1.fc33.x86_64
bind-dyndb-ldap-11.3-6.fc33.x86_64
+1, works for me
New LDAPI autobind rewriter feature also works.
FreeIPA CI is passing with python-ldap 3.3.1, https://github.com/freeipa/freeipa/pull/5204
FreeIPA CI is passing with python-ldap 3.3.1, https://github.com/freeipa/freeipa/pull/5204
+1 for Adam's last proposal. Let's land this update while we work on a new update for #1880628
/etc/systemd/resolved.conf.d was not accessible by systemd-resolved. PR https://github.com/freeipa/freeipa/pull/5156 fixes the problem.
FreeIPA server installation works for me.
Client-only installation does not pull in FreeIPA server packages.
systemd-resolved integration does not work correctly. resolved ignores the new drop-in configuration file.
# cat /etc/systemd/resolved.conf.d/zzz-ipa.conf
# auto-generated by IPA installer
[Resolve]
# use local BIND instance
DNS=127.0.0.1
# make local BIND default DNS server, add search suffixes
Domains=~. ipa.example
resolvectl does neither show default DNS server 127.0.0.1 nor ipa.example default search domain.
# resolvectl
Global
LLMNR setting: resolve
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Fallback DNS Servers: 1.1.1.1
8.8.8.8
1.0.0.1
8.8.4.4
2606:4700:4700::1111
2001:4860:4860::8888
2606:4700:4700::1001
2001:4860:4860::8844
...
DNS lookup of ipa-ca alias with default resolver systemd-resolved does not work either:
# dig +nocomments ipa-ca.ipa.example.
; <<>> DiG 9.11.23-RedHat-9.11.23-1.fc33 <<>> +nocomments ipa-ca.ipa.example.
;; global options: +cmd
;ipa-ca.ipa.example. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Sep 28 05:45:42 EDT 2020
;; MSG SIZE rcvd: 47
# dig +nocomments @127.0.0.1 ipa-ca.ipa.example.
; <<>> DiG 9.11.23-RedHat-9.11.23-1.fc33 <<>> +nocomments @127.0.0.1 ipa-ca.ipa.example.
; (1 server found)
;; global options: +cmd
;ipa-ca.ipa.example. IN A
ipa-ca.ipa.example. 86400 IN A 10.0.139.100
ipa.example. 86400 IN NS host-10-0-139-100.ipa.example.
host-10-0-139-100.ipa.example. 86400 IN A 10.0.139.100
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 28 05:46:01 EDT 2020
;; MSG SIZE rcvd: 139
# rpm -qa systemd freeipa-server
systemd-246.4-2.fc33.x86_64
freeipa-server-4.8.10-3.fc33.x86_64
FreeIPA server installation works for me.
Client-only installation does not pull in FreeIPA server packages.
Everybody, please give NEGATIVE Karma to this update request.
cryptography 35.0.0 is causing a breaking change with FreeIPA. I'm unable to retract the update although I created it. I assume it's related to @zbyszek push and submisssion.