[Freeipa-devel] FreeIPA 4.0.3?

Thu Sep 11 14:48:24 UTC 2014

On 09/11/2014 04:43 PM, Nathaniel McCallum wrote:
> On Thu, 2014-09-11 at 16:39 +0200, Petr Viktorin wrote:
>> On 09/11/2014 04:38 PM, Ludwig Krispenz wrote:
>>>
>>> On 09/11/2014 04:31 PM, Petr Viktorin wrote:
>>>> On 09/11/2014 04:26 PM, Martin Kosek wrote:
>> ...
>>>>> Also, we will need to add the F21 389-ds-base build to FreeIPA Copr:
>>>>> http://copr.fedoraproject.org/coprs/mkosek/freeipa/
>>>>> so that F20 users can upgrade to the newest FreeIPA. Are there any
>>>>> known issues
>>>>> in the F21 389-ds-base build that would prevent upstream FreeIPA
>>>>> 4.0.x to be
>>>>> based on it?
>>>>>
>>>>> If yes, we may need to include the patch in Fedora 21 downstream only
>>>>> after all..
>>>>
>>>> We're basing the Fedora 21 Alpha downstream on FreeIPA 4.0.3, so we
>>>> couldn't include the patch even there.
>>>> There better be no such issues.
>>> what do you mean by "no such issues" ? I don't think that 389/F21 will
>>> be the first bug free software. At the moment Thierry is investigating a
>>> crash in dna-plugin and Noriko a memory leak, which could be in F21 -
>>>
>>
>> any known issues in the F21 389-ds-base build that would prevent
>> upstream FreeIPA 4.0.x to be based on it
>
> Yes. 389 will not start if weak ciphers are specified. Currently,
> FreeIPA specifies weak ciphers. This means that FreeIPA in F21 doesn't
> work at all because the DS will never start.
>
> We need this patch merged: https://fedorahosted.org/389/ticket/47838
>
> Then, we need an F21 build of 389-ds-base.
>
> Then we need to merge Ludwig's IPA patch from this thread with a
> versioned dependency on the new 389-ds-base build.
>
> Then we release 4.0.3.

That's what I understood, but thanks for confirming.

We need to move fast; FreeIPA is an f21 alpha blocker.

>> Plugin crashes or memory leaks are bad, but we can release with them.
>
> +1. The real problem is that without the above fixes, IPA doesn't work
> at all.
>
> Nathaniel
>
>

-- 
Petr³