2014658 – certificate operations fail with Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1)

Bug 2014658 - certificate operations fail with Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1)

Summary: certificate operations fail with Unable to communicate with CMS (Start tag ex...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	freeipa
Sub Component:
Version:	35
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	AcceptedBlocker
Depends On:
Blocks:	F35FinalBlocker
TreeView+	depends on / blocked

Reported:	2021-10-15 18:16 UTC by Rob Crittenden
Modified:	2021-10-21 00:55 UTC (History)
CC List:	13 users (show)
Fixed In Version:	freeipa-4.9.7-2.fc35
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-21 00:55:03 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	FREEIPA-7093	0	None	None	None	2021-10-15 18:17:33 UTC

Description Rob Crittenden 2021-10-15 18:16:27 UTC

Description of problem:

pki-ca recently dropped its dependency on jaxb which it used to provide an XML-based RPC. It switched to using JSON only.

IPA in Fedora still relies on the XML API. 

This was addressed in freeIPA upstream in https://pagure.io/freeipa/issue/8980 but is currently unreleased.

This patch needs to be backported to Fedora.

master: d43b513927d6dd0a12464dd24287ce40ccaf33e4
ipa-4-9: bbda3590bb20a2915261f2fd9b8a8e0b169f93f4

Version-Release number of selected component (if applicable):

freeipa-server-4.9.7-1.fc35
dogtag-pki-ca-11.0.0-1.fc35.noarch

Comment 1 Fedora Blocker Bugs Application 2021-10-15 18:33:23 UTC

Proposed as a Blocker for 35-final by Fedora user abbra using the blocker tracking app because:

 Dogtag PKI did reduce own Java dependencies and dropped support for XML-RPC interface. This broke installation of FreeIPA CA, enabled by default. This violates Fedora Server release criteria.

A fix is available upstream (mentioned in the bug) and needs just a rebuild of Fedora package 'freeipa'.

Comment 2 Alexander Bokovoy 2021-10-15 18:37:01 UTC

Details reported in https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/YQFBNRTBEXBW6XCNIO422PUCXFVJE2EZ/#YQFBNRTBEXBW6XCNIO422PUCXFVJE2EZ

Comment 3 Fedora Update System 2021-10-15 19:13:19 UTC

FEDORA-2021-e930bd54b2 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-e930bd54b2

Comment 4 Fedora Update System 2021-10-15 20:52:22 UTC

FEDORA-2021-e930bd54b2 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-e930bd54b2`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-e930bd54b2

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Adam Williamson 2021-10-16 19:26:03 UTC

+3 in https://pagure.io/fedora-qa/blocker-review/issue/553 , marking accepted.

Comment 6 Alexander Bokovoy 2021-10-18 12:10:42 UTC

*** Bug 2015102 has been marked as a duplicate of this bug. ***

Comment 7 Fedora Update System 2021-10-21 00:55:03 UTC

FEDORA-2021-e930bd54b2 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.