[Freeipa-devel] [PATCH] 285 CRL publishing
Jason Gerard DeRose
jderose at redhat.com
Thu Nov 26 07:38:32 UTC 2009
On Wed, 2009-11-25 at 15:09 -0500, Rob Crittenden wrote:
> Jason Gerard DeRose wrote:
> > On Wed, 2009-11-25 at 13:45 -0500, Rob Crittenden wrote:
> >> Jason Gerard DeRose wrote:
> >>> On Tue, 2009-11-17 at 15:06 -0500, Rob Crittenden wrote:
> >>>> This enables CRL publishing by dogtag to a place where Apache can get
> >>>> the files.
> >>>>
> >>>> I have to do a couple of tricks here because dogtag is an optional
> >>>> component. This is why in the installer I first see if the dogtag
> >>>> SELinux policy is installed and if not add it. Similarly the installer
> >>>> will remove it upon uninstall.
> >>>>
> >>>> The policy itself just lets dogtag write to some Apache-labeled
> >>>> directories. dogtag uses symlinks to mark the latest CRL hence the
> >>>> permissions for links.
> >>>>
> >>>> rob
> >>> can't get this to apply:
> >>>
> >>> Applying: Add SELinux policy for CRL file publishing.
> >>> error: patch failed: ipa.spec.in:379
> >>> error: ipa.spec.in: patch does not apply
> >>> error: patch failed: selinux/Makefile:1
> >>> error: selinux/Makefile: patch does not apply
> >>> Patch failed at 0001 Add SELinux policy for CRL file publishing.
> >>> When you have resolved this problem run "git am --resolved".
> >>> If you would prefer to skip this patch, instead run "git am --skip".
> >>> To restore the original branch and stop patching run "git am --abort".
> >>>
> >>>
> >> Rebased patch attached.
> >>
> >
> > nack. This seems to be breaking the installer. This was a clean build
> > and install:
> >
> > Failed to populate the realm structure in kerberos Command
> > '/usr/kerberos/sbin/kdb5_ldap_util -D
> > uid=kdc,cn=sysaccounts,cn=etc,dc=example,dc=com -w Xl"t%3j8}VX create
> > -s -P >grbc"/F+Sh` -r EXAMPLE.COM -subtrees dc=example,dc=com -sscope
> > sub' returned non-zero exit status 1
> > [6/13]: adding default keytypes
> > root : CRITICAL Failed to load default-keytypes.ldif: Command
> > '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
> > -y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
> > ipa: CRITICAL: Failed to load default-keytypes.ldif: Command
> > '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
> > -y /tmp/tmpdRo9BD -f /tmp/tmpdls3uk' returned non-zero exit status 32
> > [7/13]: creating a keytab for the directory
> > Unexpected error - see ipaserver-install.log for details:
> > Command '/usr/kerberos/sbin/kadmin.local -q addprinc -randkey
> > ldap/fedora11.example.com at EXAMPLE.COM' returned non-zero exit status 1
> >
> > I attached the log.
> >
> >
>
> Very strange, I can't reproduce this. What release are you on? What
> version of krb5-server do you have installed?
>
> rob
Hmm, I must have had something weird in my tree. I just did two clean
build and installs without error.
ack. pushed to master.
More information about the Freeipa-devel
mailing list