[Freeipa-devel] [PATCH] 285 CRL publishing

Jason Gerard DeRose jderose at redhat.com
Wed Nov 25 19:23:54 UTC 2009 

On Wed, 2009-11-25 at 13:45 -0500, Rob Crittenden wrote:
> Jason Gerard DeRose wrote:
> > On Tue, 2009-11-17 at 15:06 -0500, Rob Crittenden wrote:
> >> This enables CRL publishing by dogtag to a place where Apache can get 
> >> the files.
> >>
> >> I have to do a couple of tricks here because dogtag is an optional 
> >> component. This is why in the installer I first see if the dogtag 
> >> SELinux policy is installed and if not add it. Similarly the installer 
> >> will remove it upon uninstall.
> >>
> >> The policy itself just lets dogtag write to some Apache-labeled 
> >> directories. dogtag uses symlinks to mark the latest CRL hence the 
> >> permissions for links.
> >>
> >> rob
> > 
> > can't get this to apply:
> > 
> > Applying: Add SELinux policy for CRL file publishing.
> > error: patch failed: ipa.spec.in:379
> > error: ipa.spec.in: patch does not apply
> > error: patch failed: selinux/Makefile:1
> > error: selinux/Makefile: patch does not apply
> > Patch failed at 0001 Add SELinux policy for CRL file publishing.
> > When you have resolved this problem run "git am --resolved".
> > If you would prefer to skip this patch, instead run "git am --skip".
> > To restore the original branch and stop patching run "git am --abort".
> > 
> > 
> 
> Rebased patch attached.
> 

nack.  This seems to be breaking the installer.  This was a clean build
and install:

Failed to populate the realm structure in kerberos Command
'/usr/kerberos/sbin/kdb5_ldap_util -D
uid=kdc,cn=sysaccounts,cn=etc,dc=example,dc=com -w  Xl"t%3j8}VX create
-s -P >grbc"/F+Sh` -r EXAMPLE.COM -subtrees dc=example,dc=com -sscope
sub' returned non-zero exit status 1
  [6/13]: adding default keytypes
root        : CRITICAL Failed to load default-keytypes.ldif: Command
'/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
-y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
ipa: CRITICAL: Failed to load default-keytypes.ldif: Command
'/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
-y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
  [7/13]: creating a keytab for the directory
Unexpected error - see ipaserver-install.log for details:
 Command '/usr/kerberos/sbin/kadmin.local -q addprinc -randkey
ldap/fedora11.example.com at EXAMPLE.COM' returned non-zero exit status 1

I attached the log.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipaserver-install.log
Type: text/x-log
Size: 40402 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091125/17f214b4/attachment.bin>

More information about the Freeipa-devel mailing list