https://bugzilla.redhat.com/show_bug.cgi?id=802832 (Red Hat Enterprise Linux 6)
Description of problem: install log :: 2012-03-13T15:17:38Z DEBUG stderr=[error] FAILED run_command("/sbin/service pki-cad restart pki-ca"), exit status=2 output="/var/lib/pki-ca/pki-ca: line 91: syntax error near unexpected token `(' /var/lib/pki-ca/pki-ca: line 91: `functonn version() {' /var/lib/pki-ca/pki-ca: line 91: syntax error near unexpected token `(' /var/lib/pki-ca/pki-ca: line 91: `functonn version() {'" 2012-03-13T15:17:38Z DEBUG duration: 9 seconds 2012-03-13T15:17:38Z DEBUG [3/17]: configuring certificate server instance 2012-03-13T15:17:39Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'ipaqa64vmd.testrelm.com' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-y2Xs2L' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'dM2tj9YMV8j9hrhwhqpI' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=TESTRELM.COM' '-ldap_host' 'ipaqa64vmd.testrelm.com' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=TESTRELM.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=TESTRELM.COM' '-ca_server_cert_subject_name' 'CN=ipaqa64vmd.testrelm.com,O=TESTRELM.COM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=TESTRELM.COM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=TESTRELM.COM' '-external' 'false' '-clone' 'false' 2012-03-13T15:17:39Z DEBUG stdout=libpath=/usr/lib64 ####################################################################### ####################################################################### 2012-03-13T15:17:39Z DEBUG stderr=Exception in thread "main" java.lang.NoClassDefFoundError: 'ConfigureCA' Caused by: java.lang.ClassNotFoundException: 'ConfigureCA' at java.net.URLClassLoader$1.run(URLClassLoader.java:217) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:321) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:266) Could not find the main class: 'ConfigureCA'. Program will exit. 2012-03-13T15:17:39Z CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'ipaqa64vmd.testrelm.com' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-y2Xs2L' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'dM2tj9YMV8j9hrhwhqpI' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=TESTRELM.COM' '-ldap_host' 'ipaqa64vmd.testrelm.com' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=TESTRELM.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=TESTRELM.COM' '-ca_server_cert_subject_name' 'CN=ipaqa64vmd.testrelm.com,O=TESTRELM.COM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=TESTRELM.COM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=TESTRELM.COM' '-external' 'false' '-clone' 'false'' returned non-zero exit status 255 2012-03-13T15:17:39Z DEBUG Configuration of CA failed File "/usr/sbin/ipa-server-install", line 1092, in <module> rval = main() File "/usr/sbin/ipa-server-install", line 883, in main subject_base=options.subject) File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 531, in configure_instance self.start_creation("Configuring certificate server", 210) File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 257, in start_creation method() File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 670, in __configure_instance raise RuntimeError('Configuration of CA failed') Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
attachment freeipa-rcrit-985-shellescape.patch
Apparently dogtag 9 bits that fix this in Fedora are pending push in bohdi (even though the rpm changelog doesn't mention this fix).
Please update upstream BZ with commit message even though it is already closed.
Will need to bump min n-v-r of pki-* too because this change is incompatible with older versions.
master: 8f71f42[[BR]] ipa-2-2: ab71482
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
Login to comment on this ticket.