Bug 2379490

Summary:	With rpm-5.99.91-1.fc43.x86_64, dnf installation of freeipa-server-trust-ad-4.12.2-14.fc43.x86_64 now fails
Product:	[Fedora] Fedora	Reporter:	Jan Pazdziora <adelton>
Component:	freeipa	Assignee:	IPA Maintainers <ipa-maint>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	abokovoy, ftrivino, ipa-maint, mhjacks, rcritten, ssorce, twoerner
Target Milestone:	---	Keywords:	Regression
Target Release:	---
Hardware:	Unspecified
OS:	Linux
Whiteboard:
Fixed In Version:	freeipa-4.12.2-17.fc44 freeipa-4.12.2-17.fc43	Doc Type:	---
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2025-08-25 08:05:25 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Jan Pazdziora 2025-07-11 06:04:53 UTC

When building container images in the https://github.com/freeipa/freeipa-container/ project, we want the individual steps in the Dockerfile to pass to make sure there aren't any unexpected errors.

For quite some time, even as early as with Fedora 37, we had

  Running scriptlet: freeipa-server-trust-ad-4.10.1-1.fc37.x86_64                                                           338/343 
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
warning: %post(freeipa-server-trust-ad-4.10.1-1.fc37.x86_64) scriptlet failed, exit status 1

Error in POSTIN scriptlet in rpm package freeipa-server-trust-ad

when installing freeipa-server-trust-ad, but the whole rpm transaction passed and the dnf command returned with exit 0. So we did not care about that failure because, well, it did not get reported in any way it could be caught.

This has changed with recent registry.fedoraproject.org/fedora:rawhide image which seem so have rpm-5.99.91-1.fc43.x86_64. Now instead of exiting with 0 as with previous registry.fedoraproject.org/fedora:rawhide images, the dnf exits with 1, even if the version freeipa-server-trust-ad-4.12.2-14.fc43.x86_64 is the same in both cases.

Reproducible: Always

Steps to Reproduce:
1. podman run --rm registry.fedoraproject.org/fedora:rawhide dnf install -y --setopt=install_weak_deps=False freeipa-server-trust-ad
2. echo $?
Actual Results:
>>> [RPM] %post(freeipa-server-trust-ad-4.12.2-14.fc43.x86_64) scriptlet failed,
[366/366] Installing rpm-plugin-selinux 100% |   1.8 KiB/s |  13.0 KiB |  00m07s
>>> Running %triggerin scriptlet: systemd-0:257.7-1.fc43.x86_64                 
>>> Finished %triggerin scriptlet: systemd-0:257.7-1.fc43.x86_64                
>>> Scriptlet output:                                                           
>>> Failed to connect to audit log, ignoring: Invalid argument                  
>>>                                                                             
Transaction failed: Rpm transaction failed.

and exit status 1

Expected Results:
No error.

Exit status 0.

Comment 1 Jan Pazdziora 2025-07-11 06:05:48 UTC

Originally noticed in https://github.com/freeipa/freeipa-container/issues/690.

Comment 2 Alexander Bokovoy 2025-07-11 07:58:04 UTC

Upstream PR: https://github.com/freeipa/freeipa/pull/7876

Comment 3 Jan Pazdziora 2025-07-30 08:20:22 UTC

I can see that both this PR and the backport to the ipa-4-12 branch https://github.com/freeipa/freeipa/pull/7877 were already merged. Will a cherry-pick to https://src.fedoraproject.org/rpms/freeipa be needed as the next step to get the Fedora builds fixed?

Comment 4 Alexander Bokovoy 2025-08-04 06:07:18 UTC

(In reply to Jan Pazdziora from comment #3)
> I can see that both this PR and the backport to the ipa-4-12 branch
> https://github.com/freeipa/freeipa/pull/7877 were already merged. Will a
> cherry-pick to https://src.fedoraproject.org/rpms/freeipa be needed as the
> next step to get the Fedora builds fixed?

We are currently trying to land Tomcat 10 support in a sidetag via https://bodhi.fedoraproject.org/updates/FEDORA-2025-634fec6b6c. Once that is done, we can integrate the fix.

Comment 5 Fedora Update System 2025-08-25 07:21:02 UTC

FEDORA-2025-054fe5a58f (freeipa-4.12.2-17.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-054fe5a58f

Comment 6 Fedora Update System 2025-08-25 07:22:54 UTC

FEDORA-2025-77d6f1b848 (freeipa-4.12.2-17.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-77d6f1b848

Comment 7 Fedora Update System 2025-08-25 08:05:25 UTC

FEDORA-2025-77d6f1b848 (freeipa-4.12.2-17.fc44) has been pushed to the Fedora 44 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 8 Fedora Update System 2025-08-25 08:11:25 UTC

FEDORA-2025-054fe5a58f (freeipa-4.12.2-17.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.