https://bugzilla.redhat.com/show_bug.cgi?id=766328 - Tracks the upgrades
User reported issue with certificates in version 2.0.0 trying to get openvpn working.
Turned out they needed the Client usage bit set.
We set that in 2.1.x so I suggested he upgrade. He did and it made no difference. He ended up having to manually update the IPA cert profile in dogtag.
I'm not sure if this was a fluke or a deeper problem but it should be investigated.
This may be tackled as a general upgrading dogtag in IPA patch. F-16 requires some changes to jar files as well.
These:
/var/lib/pki-ca/common/lib/jss4.jar /var/lib/pki-ca/webapps/ca/WEB-INF/lib/osutil.jar /var/lib/pki-ca/webapps/ca/WEB-INF/lib/symkey.jar
were pointing to /usr/lib. They needed to be pointing to /usr/lib64
I did a new install of F-15 + FreeIPA server configuration + upgrade to F-16. All symlinks migrated properly as during upgrade their old targets were moved and new symlinks were created instead of those to point to proper place.
For example, /var/lib/pki-ca/common/lib/jss4.jar pointed to /usr/lib/jss/jss4.jar. After upgrade the latter became a symlink and pointed to /usr/lib64/jss/jss4.jar. No broken symlinks, after all.
However, I saw similar breakage with F-16 to Rawhide upgrade with general Java infrastructure where part of /etc/alternatives/java* symlinks started pointing to Java 1.6 and another part pointed to Java 1.7. I don't think we can fix such cases within the scope of FreeIPA.
I'm adding a case of symlink conversion for jss4.jar (/usr/lib/jss -> /usr/lib64/jss) for 64-bit platform but that is going to be very rare case.
The script is available as part of solution to #2103 (attached there).
Changes required are integrated into freeipa-2.1.3-6.fc16. The package is currently cannot be built due to Fedora build system errors. I filed https://bugzilla.redhat.com/show_bug.cgi?id=758671 against gcc to track the issue.
I have submitted 2.1.3-7.fc17 to Rawhide. Fedora 16 build is not possible because there is issue with F16 buildroot in Koji -- broken version of glibc is still available there that causes crashes in compiler.
The glibc package that fixes it is in F16 stable repo but buildroot for f16-candidate is still using the old one and it is affecting unknown number of packages.
Stephen is looking into the issue with Fedora Infra team.
An update to freeipa package in Fedora 16 is submitted with this fix and is available at https://admin.fedoraproject.org/updates/freeipa-2.1.4-5.fc16
Moving to next month iteration.
Committed 3 patches: - Add management of inifiles to allow manipulation of systemd units - Handle upgrade issues with systemd in Fedora 16 and above - Adopt to python-ldap 2.4.6 by removing unused references which are not available in python-ldap anymore
master:[[br]] 2978e72[[br]] 8bba212[[br]] af18771[[br]]
ipa-2-1:[[br]] afaf7da[[br]] bb7a844[[br]] 50776ad[[br]]
ipa-2-2:[[br]] 9078efe[[br]] bcad489[[br]] 3fa3860[[br]]
Metadata Update from @rcritten: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.