[Freeipa-devel] [PATCH] 285 CRL publishing

Rob Crittenden rcritten at redhat.com
Wed Nov 25 20:09:37 UTC 2009 

Jason Gerard DeRose wrote:
> On Wed, 2009-11-25 at 13:45 -0500, Rob Crittenden wrote:
>> Jason Gerard DeRose wrote:
>>> On Tue, 2009-11-17 at 15:06 -0500, Rob Crittenden wrote:
>>>> This enables CRL publishing by dogtag to a place where Apache can get 
>>>> the files.
>>>>
>>>> I have to do a couple of tricks here because dogtag is an optional 
>>>> component. This is why in the installer I first see if the dogtag 
>>>> SELinux policy is installed and if not add it. Similarly the installer 
>>>> will remove it upon uninstall.
>>>>
>>>> The policy itself just lets dogtag write to some Apache-labeled 
>>>> directories. dogtag uses symlinks to mark the latest CRL hence the 
>>>> permissions for links.
>>>>
>>>> rob
>>> can't get this to apply:
>>>
>>> Applying: Add SELinux policy for CRL file publishing.
>>> error: patch failed: ipa.spec.in:379
>>> error: ipa.spec.in: patch does not apply
>>> error: patch failed: selinux/Makefile:1
>>> error: selinux/Makefile: patch does not apply
>>> Patch failed at 0001 Add SELinux policy for CRL file publishing.
>>> When you have resolved this problem run "git am --resolved".
>>> If you would prefer to skip this patch, instead run "git am --skip".
>>> To restore the original branch and stop patching run "git am --abort".
>>>
>>>
>> Rebased patch attached.
>>
> 
> nack.  This seems to be breaking the installer.  This was a clean build
> and install:
> 
> Failed to populate the realm structure in kerberos Command
> '/usr/kerberos/sbin/kdb5_ldap_util -D
> uid=kdc,cn=sysaccounts,cn=etc,dc=example,dc=com -w  Xl"t%3j8}VX create
> -s -P >grbc"/F+Sh` -r EXAMPLE.COM -subtrees dc=example,dc=com -sscope
> sub' returned non-zero exit status 1
>   [6/13]: adding default keytypes
> root        : CRITICAL Failed to load default-keytypes.ldif: Command
> '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
> -y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
> ipa: CRITICAL: Failed to load default-keytypes.ldif: Command
> '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
> -y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
>   [7/13]: creating a keytab for the directory
> Unexpected error - see ipaserver-install.log for details:
>  Command '/usr/kerberos/sbin/kadmin.local -q addprinc -randkey
> ldap/fedora11.example.com at EXAMPLE.COM' returned non-zero exit status 1
> 
> I attached the log.
> 
> 

Very strange, I can't reproduce this. What release are you on? What 
version of krb5-server do you have installed?

rob

More information about the Freeipa-devel mailing list