[Freeipa-devel] FreeIPA 4.0.3?
Nathaniel McCallum
npmccallum at redhat.com
Thu Sep 11 14:50:34 UTC 2014
On Thu, 2014-09-11 at 10:43 -0400, Nathaniel McCallum wrote:
> On Thu, 2014-09-11 at 16:39 +0200, Petr Viktorin wrote:
> > On 09/11/2014 04:38 PM, Ludwig Krispenz wrote:
> > >
> > > On 09/11/2014 04:31 PM, Petr Viktorin wrote:
> > >> On 09/11/2014 04:26 PM, Martin Kosek wrote:
> > ...
> > >>> Also, we will need to add the F21 389-ds-base build to FreeIPA Copr:
> > >>> http://copr.fedoraproject.org/coprs/mkosek/freeipa/
> > >>> so that F20 users can upgrade to the newest FreeIPA. Are there any
> > >>> known issues
> > >>> in the F21 389-ds-base build that would prevent upstream FreeIPA
> > >>> 4.0.x to be
> > >>> based on it?
> > >>>
> > >>> If yes, we may need to include the patch in Fedora 21 downstream only
> > >>> after all..
> > >>
> > >> We're basing the Fedora 21 Alpha downstream on FreeIPA 4.0.3, so we
> > >> couldn't include the patch even there.
> > >> There better be no such issues.
> > > what do you mean by "no such issues" ? I don't think that 389/F21 will
> > > be the first bug free software. At the moment Thierry is investigating a
> > > crash in dna-plugin and Noriko a memory leak, which could be in F21 -
> > >
> >
> > any known issues in the F21 389-ds-base build that would prevent
> > upstream FreeIPA 4.0.x to be based on it
>
> Yes. 389 will not start if weak ciphers are specified. Currently,
> FreeIPA specifies weak ciphers. This means that FreeIPA in F21 doesn't
> work at all because the DS will never start.
>
> We need this patch merged: https://fedorahosted.org/389/ticket/47838
>
> Then, we need an F21 build of 389-ds-base.
>
> Then we need to merge Ludwig's IPA patch from this thread with a
> versioned dependency on the new 389-ds-base build.
>
> Then we release 4.0.3.
>
> > Plugin crashes or memory leaks are bad, but we can release with them.
>
> +1. The real problem is that without the above fixes, IPA doesn't work
> at all.
I can confirm that with the COPR build of 389 including the above patch
and Ludwig's patch to FreeIPA, everything is working again in F21.
Nathaniel
More information about the Freeipa-devel
mailing list