FEDORA-2020-e3a79248dc created by abbra 10 months ago for Fedora 32
stable

New upstream release. Please see release notest at https://www.freeipa.org/page/Releases/4.8.6 and https://www.freeipa.org/page/Releases/4.8.5

Major highlights:

  • openDNSSEC 2.1 support
  • AJP connector protection for Dogtag/FreeIPA communication for CVE-2020-1938 mitigation. Fedora and RHEL do not force encrypted AJP connector by default with 9.0.31 but FreeIPA 4.8.5 will convert to encrypted AJP channel on upgrade or at a new deployment. Use of AJP is limited to localhost connections with integrated CA already.
  • Default authentication indicators are now documented in FreeIPA workshop, https://freeipa.readthedocs.io/en/latest/workshop/11-kerberos-ticket-policy.html
  • FreeIPA SELinux policy is now part of the upstream packaging and replaces distribution-wide policies.
  • New internal mechanism to promote Trust Agents in ipa-adtrust-install, to allow configuring schema compatibility plugin on remote replicas.
  • New "ipa-cacert-manage delete" command to allow pruning a CA certificate from LDAP store

How to install

sudo dnf upgrade --advisory=FEDORA-2020-e3a79248dc

This update has been submitted for testing by abbra.

10 months ago

This update's test gating status has been changed to 'waiting'.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago

This update has been pushed to testing.

10 months ago
User Icon adamwill commented & provided feedback 10 months ago
karma

openQA tests are failing. See bug report.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

10 months ago

abbra edited this update.

New build(s):

  • freeipa-4.8.6-1.fc32

Removed build(s):

  • freeipa-4.8.5-2.fc32

Karma has been reset.

10 months ago

This update has been submitted for testing by abbra.

10 months ago
User Icon abbra commented & provided feedback 10 months ago

OpenQA tests passed. There is one AVC related to pcscd, not connected to FreeIPA at all.

abbra edited this update.

10 months ago
User Icon adamwill commented & provided feedback 10 months ago
karma

yeah, that's happening on all tests, so this LGTM to now. Thanks!

BZ#1810963 Support OpenDNSSEC 2.1 in FreeIPA
BZ#1812169 Running ipa-replica-install fails with Certificate issuance failed (CA_UNREACHABLE: Server at https://ipa-master.example.test/ipa/xml failed request, will retry: 4016 (RPC failed at server. Failed to authenticate to CA REST API).)

This update has been pushed to testing.

10 months ago

This update's test gating status has been changed to 'greenwave_failed'.

9 months ago

This update's test gating status has been changed to 'ignored'.

9 months ago
User Icon kuosmanen commented & provided feedback 9 months ago
karma

basic funtionality tested. Works fine.

This update can be pushed to stable now if the maintainer wishes

9 months ago

This update has been submitted for stable by abbra.

9 months ago

This update has been pushed to stable.

9 months ago

Please login to add feedback.

Metadata
Type
enhancement
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 months ago
in testing
10 months ago
in stable
9 months ago
modified
10 months ago
BZ#1810963 Support OpenDNSSEC 2.1 in FreeIPA
0
1
BZ#1812169 Running ipa-replica-install fails with Certificate issuance failed (CA_UNREACHABLE: Server at https://ipa-master.example.test/ipa/xml failed request, will retry: 4016 (RPC failed at server. Failed to authenticate to CA REST API).)
0
1

Automated Test Results