This update has been unpushed.

This update has been unpushed.

This update has been unpushed.

This update has been unpushed.

User Icon tkrizek commented & provided feedback on bolt-0.2-1.fc27 2 years ago

Devices have to be re-enrolled, because DB location changed [1]. Once I did that everything seems to be working.

It'd be nice to move the database automatically in a scriptlet if it's only its location that has changed.

[1] -

@lewassec That's correct. I've marked this build as security update, because 1.5.3 never made it to stable. There are no new CVEs.

Also fixes #1366968, thanks!

UDP socket still can't be activated for port 53. Only TCP was fixed.

BZ#1366968 SELinux does not allow systemd to create a TCP/UDP socket on port 53 (DNS)

Works well, thanks!

BZ#1502238 The provider 'libvirt' could not be found

The issue is fixed.

The update works when 389-ds-base- is used ( ) and when selinux is turned off (

BZ#1455561 ipa-server-install fails to obtain RA certificate from CA (CA_UNREACHABLE)

This update has been unpushed.

The above is caused by missing custodia >= 0.3.1, there's already a bodhi update for it:

The build is now available for Fedora 26 as well.


The Fedora 26 build is blocked by

Hopefully we can resolve this ASAP, but we require a fix on the 389-ds side.

Fixes the alpha blockers, but introduced: #1432917

However, FreeIPA server with DNS works despite the mentioned bug.

BZ#1404409 DS returns inconsistent data with an error when using GSSAPI
BZ#1430250 bind-pkcs11 keeps failing to connect to LDAP server during FreeIPA server deployment on current Rawhide
BZ#1403352 FreeIPA server install fails (and existing servers probably fail to start) due to changes in 'dyndb' feature on merge to upstream BIND
BZ#1165796 bind-dyndb-ldap crashes if server is shutting down and connection to LDAP is down

freeipa-server-dns can be installed now -> also fixes #1430406

BZ#1424019 opendnssec: FTBFS in rawhide
BZ#1427094 CVE-2017-2590 freeipa: ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands [fedora-all]