FEDORA-2017-8bb5a83e04

bugfix update in Fedora 25 for 389-ds-base

Status: obsolete

Bump version to 1.3.5.17-2


Bump version to 1.3.5.17

Comments 11

This update has been submitted for testing by mreynolds.

This update has obsoleted 389-ds-base-1.3.5.17-1.fc25, and has inherited its bugs and notes.

This update has been pushed to testing.

This update breaks development versions of FreeIPA since it now relies on RPM installs to create system users like dirsrv. The new update no longer adds this user, however:

[root@replica1 ~]# getent passwd dirsrv
[root@replica1 ~]# rpm -q 389-ds-base
389-ds-base-1.3.5.17-2.fc25.x86_64

Subsequent installation of 4.5 FreeIPA server/replica from git fails on missing user:

Checking DNS forwarders, please wait ...
Run connection check to master
Connection check OK
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 30 seconds
  [1/40]: creating directory server instance
  [error] KeyError: 'getpwnam(): name not found: dirsrv'
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    'getpwnam(): name not found: dirsrv'
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

After downgrading to latest stable version I can see the dirsrv user appearing again:

[root@replica1 ~]# getent passwd dirsrv 
dirsrv:x:389:389:389-ds-base:/usr/share/dirsrv:/sbin/nologin
[root@replica1 ~]# rpm -q 389-ds-base
389-ds-base-1.3.5.16-1.fc25.x86_64
karma: -1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

Just for info from a f25 (where freeipa was configured) before 389-ds upgrade, I am seeing 'dirsrv' user

[root@vm1 ~]# rpm -q 389-ds-base
389-ds-base-1.3.5.16-1.fc25.x86_64
[root@vm1 ~]# getent passwd dirsrv
dirsrv:x:389:389:389-ds-base:/usr/share/dirsrv:/sbin/nologin

What FreeIPA version did you install? FreeIPA 4.4 and earlier added the required system users dynamically during server/replica install. Commit https://github.com/freeipa/freeipa/commit/e8a429d9e170955919f2e53e66b580be95e908d9 removed this behavior and we now rely on system users provided by RPM installation. That's why FreeIPA 4.4 will work but 4.5 development version would not.

So basically older IPA covered the packaging errors/bugs of its dependencies, newer versions will not.

Does IPA not see any problem with 389-ds-base-1.3.6 though? That version also has the same specfile changes as 1.3.5.

That is correct, I was running FreeIPA 4.4, that explains existence of 'dirsrv' user

I found the issue, a specfile change was not properly backported. I need to respin 1.3.5 and 1.3.6

This update has been obsoleted by 389-ds-base-1.3.5.17-3.fc25.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
bugfix
Update Severity
unspecified
Karma
-1
stable threshold: 1
unstable threshold: -1
Autopush
Disabled
Dates
submitted 2 years ago
in testing 2 years ago

Related Bugs 1

00 #1391728 %post enumerates groups many times, refers to undefined macros

Automated Test Results