Previous versions of dbus on Fedora had an alias. /usr/lib/systemd/system contained a symlink messagebus.service -> dbus.service. I would greatly appreciate if you could keep the alias in F29.

pki-core 10.6.7 causes some FreeIPA CI jobs to fail.

CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmplvg21m1f'] returned non-zero exit status 1: "pkispawn : ERROR ....... certutil: Missing '-h token' option!\n")

spawn log

2018-10-25 11:56:31 nssdb         : INFO     Creating NSS database
2018-10-25 11:56:31 pkispawn      : INFO     ....... generating '/etc/pki/pki-tomcat/password.conf'
2018-10-25 11:56:31 pkispawn      : INFO     ....... generating '/etc/pki/pki-tomcat/pfile'
2018-10-25 11:56:31 pkispawn      : INFO     ....... modifying '/etc/pki/pki-tomcat/password.conf'
2018-10-25 11:56:31 pkispawn      : DEBUG    ........... chmod 660 /etc/pki/pki-tomcat/password.conf
2018-10-25 11:56:31 pkispawn      : DEBUG    ........... chown 17:17 /etc/pki/pki-tomcat/password.conf
2018-10-25 11:56:31 pkispawn      : INFO     ....... executing 'certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile'
2018-10-25 11:56:31 pkispawn      : ERROR    ....... certutil:  Missing '-h token' option!
2018-10-25 11:56:31 pkispawn      : DEBUG    ....... Error Type: Exception
2018-10-25 11:56:31 pkispawn      : DEBUG    ....... Error Message: certutil:  Missing '-h token' option!
2018-10-25 11:56:31 pkispawn      : DEBUG    .......   File "/usr/lib/python3.6/site-packages/pki/server/", line 534, in main

Commit removed the token check from generate_self_signed_certificate but not from verify_certificate_exists.

Basic installation of a server with DNS works

BZ#1609475 SELinux is preventing /usr/sbin/httpd from getattr access on the file /usr/lib/systemd/system/fedora-domainname.service

FreeIPA tests are passing and bug is solved.

The update addressed the FreeIPA issue and missing dependency on six, thanks! Builds are passing,

The update fixes #1584773 but breaks because runtime dependency python[23]-six is not listed as requirement.


My reproducer script no longer crashes with python3-ldap-3.1.0-1.fc28.x86_64.rpm


Build works and resolves #1568271.

I'm able to install FreeIPA with external CA with nss-3.36.1-1.1.fc28.x86_64, nss-softokn-3.36.1-1.1.fc28.x86_64, and prebuilds of Dogtag and FreeIPA from master.

Works for me

With this build, strace -e statfs shows two statfs syscalls.




Updates works and fixes the issue with FreeIPA replica installation.

Fresh installation on F28 is working for me


4.6.3 works perfectly fine DNSSEC is functional with selinux-policy-3.13.1-283.24 from updates-testing

freeIPA DNSSEC is working again, thanks!

openldap-2.4.45-4.fc27 build contains the same fix as this build. The F27 build fixes #1520990. I'm assuming with reasonable confidence that the issue with NSS is resolved in F26, too.

BZ#1520990 [Fedora] openldap does not re-register nss shutdown callbacks after nss_Shutdown is called