[Freeipa-devel] FreeIPA 4.0.3?

Petr Viktorin pviktori at redhat.com
Thu Sep 11 14:33:32 UTC 2014 

On 09/11/2014 04:28 PM, Nathaniel McCallum wrote:
> On Thu, 2014-09-11 at 16:25 +0200, Ludwig Krispenz wrote:
>> On 09/11/2014 04:22 PM, Nathaniel McCallum wrote:
>>> On Thu, 2014-09-11 at 16:21 +0200, Ludwig Krispenz wrote:
>>>> On 09/11/2014 04:17 PM, Nathaniel McCallum wrote:
>>>>> On Thu, 2014-09-11 at 16:09 +0200, Ludwig Krispenz wrote:
>>>>>> On 09/11/2014 04:04 PM, Martin Kosek wrote:
>>>>>>> On 09/11/2014 03:47 PM, Nathaniel McCallum wrote:
>>>>>>>> On Thu, 2014-09-11 at 15:46 +0200, Petr Viktorin wrote:
>>>>>>>>> On 09/11/2014 01:37 PM, Martin Kosek wrote:
>>>>>>>>>> Hi team,
>>>>>>>>>>
>>>>>>>>>> It seems we have pretty serious bug in our FreeIPA 4.0.2 release, breaking
>>>>>>>>>> upgrade from older releases:
>>>>>>>>>>
>>>>>>>>>> https://fedorahosted.org/freeipa/ticket/4529
>>>>>>>>>>
>>>>>>>>>> We also have packaging fix requested by Fedora Server roles group:
>>>>>>>>>>
>>>>>>>>>> https://fedorahosted.org/freeipa/ticket/4430
>>>>>>>>>>
>>>>>>>>>> It seems just these 2 bugs are enough for a quick FreeIPA 4.0.3 release...
>>>>>>>>>> Makes sense? Any other tickets or patches we would like to get in?
>>>>>>>>> Looks like it's just those two. I'll start releasing shortly.
>>>>>>>> I'd like to get a fix in for the missing ciphers in the new NSS. I can
>>>>>>>> have a patch on the list shortly.
>>>>>>>>
>>>>>>>> Nathaniel
>>>>>>> Isn't this related to
>>>>>>> https://fedorahosted.org/freeipa/ticket/4395
>>>>>>> ? I think we do not work with the newest DS which fixed the default ciphers.
>>>>>> yes
>>>>>>> Don't we need to set our SSL ciphers setting to
>>>>>>>
>>>>>>> https://fedorahosted.org/389/ticket/47838#comment:29
>>>>>> yes
>>>>>> tjhe attached patch tries this, but at the moment I failed to build and
>>>>>> also to upgrade to F21
>>>>> NACKallowweakcipher
>>>>>
>>>>>
>>>>> LDAP error: OBJECT_CLASS_VIOLATION
>>>>> attribute "allowweakcipher" not allowed
>>>>>
>>>>> I suspect we are missing a spec file requirement on a newer version of 389...
>>>> yes, you need the latest build of DS, Noriko added the allowweakcipher
>>>> only yesterday.
>>>> That's the problem, I wanted to wait with the ipa side patch until
>>>> allowweakcipher was implemented and then on F21 ipa and 389 no longer
>>>> played well and now there is a rush
>>> What is the status on the new 389 patch/build?
>> a build is here:
>> http://copr-be.cloud.fedoraproject.org/results/nhosoi/389-ds-f21/fedora-21-x86_64/389-ds-base-1.3.3.2-a1.fc21/
>
> The upstream patch is not merged yet. We need 389 to merge the patch, do
> a release and get an official Fedora 20/21 build.
>
> Just to be clear, Fedora 21 IPA doesn't work *at all*. So this is an
> urgent fix.
>
> Martin, can you coordinate with 389 to prioritize a release with this
> fix?

Hi! It looks like I'll be the release manager for FreeIPA 4.0.3.
Currently I'm waiting for the new build of 389 and possibly an updated 
IPA patch, when that's in I'll test and release.

-- 
Petr³

More information about the Freeipa-devel mailing list