Bug 1574711 - pki-tools cannot be installed on current Rawhide (due to tomcat version bump)
Summary: pki-tools cannot be installed on current Rawhide (due to tomcat version bump)
Alias: None
Product: Fedora
Classification: Fedora
Component: pki-core
Version: 29
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Endi Sukma Dewata
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: F29BetaBlocker
TreeView+ depends on / blocked
Reported: 2018-05-03 21:24 UTC by Adam Williamson
Modified: 2019-06-01 00:26 UTC (History)
6 users (show)

Fixed In Version: pki-core-10.6.1-2.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-05-14 17:01:41 UTC

Attachments (Terms of Use)

Description Adam Williamson 2018-05-03 21:24:48 UTC
tomcat was recently bumped to 9.0 in Rawhide:


it now provides tomcat-servlet-4.0-api , not tomcat-servlet-3.1-api . But pki-core has not been updated for this change: pki-tools still requires tomcat-servlet-3.1-api . As a result, pki-tools cannot be installed, which means pki-server cannot be installed, which means freeipa-server cannot be installed, which means FreeIPA doesn't work.

This is a clear Beta blocker, per Basic criterion "Release-blocking roles and the supported role configuration interfaces must meet the core functional Role Definition Requirements to the extent that supported roles can be successfully deployed, started, stopped, brought to a working configuration, and queried", as 'domain controller' is a release-blocking role.

Comment 1 Matthew Harmsen 2018-05-03 21:29:32 UTC
Endi, I am certain that you are aware of this issue as it looks like Coty finally released Tomcat 9 on rawhide:

* https://koji.fedoraproject.org/koji/buildinfo?buildID=1078072

I suspect that the new builds will address this issue.

Comment 2 Matthew Harmsen 2018-05-03 21:41:22 UTC

The PKI Team have been working with the Tomcat team, and knew that release of this component was coming (we did not know the exact day).

In bodhi, there is a method whereby disparate components which rely on each other can be tied together such that they are released at the same time.

Other than closer coordination between teams, is there anything in rawhide to help prevent this sort of issue in the future?

-- Matt

Comment 3 Adam Williamson 2018-05-04 05:05:28 UTC
Hey Matthew - sadly right now there really isn't; all you can really do is co-ordinate between maintainers and try to make sure you do the related builds on the same day. There's some planning going on at present around gating Rawhide builds on automated testing; as part of that, this problem would probably have to get solved, so it may happen soonish. For now, though...nope. Sorry!

Comment 4 Coty Sutherland 2018-05-04 11:34:51 UTC
This was totally my fault. We (myself and the FreeIPA team) talked about the need to build tomcat 9.0 and I had a minute to update to it. I actually only meant to push the commit, not build (I did it by habit while building the updates for fc27 and fc28). I sent an email out the next day to fedora-devel, but neglected to inform the FreeIPA folks.

This was my first major update...sorry :/ I'll do better with Tomcat 10!

Comment 5 Adam Williamson 2018-05-04 16:33:25 UTC
So a new build of pki-core was sent out:


but it didn't actually change the requirement:


in there, you can still see "tomcat-servlet-3.1-api" in the list of requirements. I guess this has to be bumped manually in the spec, it doesn't just magically get changed with a package rebuild?

Comment 6 Endi Sukma Dewata 2018-05-04 16:35:17 UTC
Right, it will be fixed in 10.6.1-2.fc29.

Comment 7 Endi Sukma Dewata 2018-05-04 18:44:24 UTC
Here is the new build:

Comment 8 Adam Williamson 2018-05-14 17:01:41 UTC
All openQA FreeIPA tests on current Rawhide are passing, indicating this is no longer a problem. Thanks!

Note You need to log in before you can comment on or make changes to this bug.