[Freeipa-devel] [PATCH] 285 CRL publishing
Rob Crittenden
rcritten at redhat.com
Wed Nov 25 20:09:37 UTC 2009
Jason Gerard DeRose wrote:
> On Wed, 2009-11-25 at 13:45 -0500, Rob Crittenden wrote:
>> Jason Gerard DeRose wrote:
>>> On Tue, 2009-11-17 at 15:06 -0500, Rob Crittenden wrote:
>>>> This enables CRL publishing by dogtag to a place where Apache can get
>>>> the files.
>>>>
>>>> I have to do a couple of tricks here because dogtag is an optional
>>>> component. This is why in the installer I first see if the dogtag
>>>> SELinux policy is installed and if not add it. Similarly the installer
>>>> will remove it upon uninstall.
>>>>
>>>> The policy itself just lets dogtag write to some Apache-labeled
>>>> directories. dogtag uses symlinks to mark the latest CRL hence the
>>>> permissions for links.
>>>>
>>>> rob
>>> can't get this to apply:
>>>
>>> Applying: Add SELinux policy for CRL file publishing.
>>> error: patch failed: ipa.spec.in:379
>>> error: ipa.spec.in: patch does not apply
>>> error: patch failed: selinux/Makefile:1
>>> error: selinux/Makefile: patch does not apply
>>> Patch failed at 0001 Add SELinux policy for CRL file publishing.
>>> When you have resolved this problem run "git am --resolved".
>>> If you would prefer to skip this patch, instead run "git am --skip".
>>> To restore the original branch and stop patching run "git am --abort".
>>>
>>>
>> Rebased patch attached.
>>
>
> nack. This seems to be breaking the installer. This was a clean build
> and install:
>
> Failed to populate the realm structure in kerberos Command
> '/usr/kerberos/sbin/kdb5_ldap_util -D
> uid=kdc,cn=sysaccounts,cn=etc,dc=example,dc=com -w Xl"t%3j8}VX create
> -s -P >grbc"/F+Sh` -r EXAMPLE.COM -subtrees dc=example,dc=com -sscope
> sub' returned non-zero exit status 1
> [6/13]: adding default keytypes
> root : CRITICAL Failed to load default-keytypes.ldif: Command
> '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
> -y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
> ipa: CRITICAL: Failed to load default-keytypes.ldif: Command
> '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
> -y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
> [7/13]: creating a keytab for the directory
> Unexpected error - see ipaserver-install.log for details:
> Command '/usr/kerberos/sbin/kadmin.local -q addprinc -randkey
> ldap/fedora11.example.com at EXAMPLE.COM' returned non-zero exit status 1
>
> I attached the log.
>
>
Very strange, I can't reproduce this. What release are you on? What
version of krb5-server do you have installed?
rob
More information about the Freeipa-devel
mailing list