Comments

21 Comments

This update has been unpushed.

This update has been unpushed.

This update has been unpushed.

This update has been unpushed.

User Icon tkrizek commented & provided feedback on bolt-0.2-1.fc27 2 years ago
karma

Devices have to be re-enrolled, because DB location changed [1]. Once I did that everything seems to be working.

It'd be nice to move the database automatically in a scriptlet if it's only its location that has changed.

[1] - https://github.com/gicmo/bolt/releases/tag/0.2

@lewassec That's correct. I've marked this build as security update, because 1.5.3 never made it to stable. There are no new CVEs.

Also fixes #1366968, thanks!

UDP socket still can't be activated for port 53. Only TCP was fixed.

BZ#1366968 SELinux does not allow systemd to create a TCP/UDP socket on port 53 (DNS)
karma

Works well, thanks!

BZ#1502238 The provider 'libvirt' could not be found

The issue is fixed.

The update works when 389-ds-base-1.3.7.3-1 is used (https://bugzilla.redhat.com/show_bug.cgi?id=1488295 ) and when selinux is turned off (https://bugzilla.redhat.com/show_bug.cgi?id=1488404)

BZ#1455561 ipa-server-install fails to obtain RA certificate from CA (CA_UNREACHABLE)

This update has been unpushed.

The above is caused by missing custodia >= 0.3.1, there's already a bodhi update for it:

https://bodhi.fedoraproject.org/updates/custodia-0.3.1-2.fc26

The build is now available for Fedora 26 as well. https://bodhi.fedoraproject.org/updates/freeipa-4.4.4-2.fc26

@pbrobinson

The Fedora 26 build is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=1451860

Hopefully we can resolve this ASAP, but we require a fix on the 389-ds side.

Fixes the alpha blockers, but introduced: #1432917

However, FreeIPA server with DNS works despite the mentioned bug.

BZ#1404409 DS returns inconsistent data with an error when using GSSAPI
BZ#1430250 bind-pkcs11 keeps failing to connect to LDAP server during FreeIPA server deployment on current Rawhide
BZ#1403352 FreeIPA server install fails (and existing servers probably fail to start) due to changes in 'dyndb' feature on merge to upstream BIND
BZ#1165796 bind-dyndb-ldap crashes if server is shutting down and connection to LDAP is down
karma

freeipa-server-dns can be installed now -> also fixes #1430406

BZ#1424019 opendnssec: FTBFS in rawhide
BZ#1427094 CVE-2017-2590 freeipa: ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands [fedora-all]