Bug 1486870

Summary: Lightweight CA key replication fails (regressions) [RHEL 7.4.z]
Product: Red Hat Enterprise Linux 7 Reporter: Tom Lavigne <tlavigne>
Component: pki-coreAssignee: Fraser Tweedale <ftweedal>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: urgent Docs Contact: Petr Bokoc <pbokoc>
Priority: urgent    
Version: 7.4CC: akasurde, ftweedal, ksiddiqu, mharmsen, pbokoc, tlavigne, tscherf
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pki-core-10.4.1-14.el7_4 Doc Type: Bug Fix
Doc Text:
A previous update to one of the key unwrapping functions introduced a requirement for a key usage parameter which was not being supplied at the call site, which caused lightweight CA key replication to fail. This bug has been fixed by modifying the call site so that it supplies the key usage parameter, and lightweight CA key replication now works as expected.
 Story Points: ---
Clone Of: 1484359 Environment:
Last Closed: 2017-11-30 15:32:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1484359    
Bug Blocks:    
Attachments:
Description Flags
console.log none

Description Tom Lavigne 2017-08-30 16:24:56 UTC 
This bug has been copied from bug #1484359 and has been proposed
to be backported to 7.4 z-stream (EUS).
Comment 6 Fraser Tweedale 2017-09-22 06:50:31 UTC 
Add doc text.
Comment 7 Abhijeet Kasurde 2017-09-25 06:47:41 UTC 
Verified using IPA and PKI version::

# rpm -qa ipa-server selinux-policy pki-*
ipa-server-4.5.0-21.el7_4.2.2.x86_64
pki-kra-10.4.1-15.el7_4.noarch
selinux-policy-3.13.1-166.el7_4.5.noarch
pki-base-java-10.4.1-15.el7_4.noarch
pki-tools-10.4.1-15.el7_4.x86_64
pki-server-10.4.1-15.el7_4.noarch
pki-base-10.4.1-15.el7_4.noarch
pki-ca-10.4.1-15.el7_4.noarch

Marking BZ as verified. Please see attachment for console log.
Comment 8 Abhijeet Kasurde 2017-09-25 06:48:12 UTC 
Created attachment 1330369 [details]
console.log
Comment 11 errata-xmlrpc 2017-11-30 15:32:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3301