Bug 658314 - Dependency to krb5-pkinit-openssl missing in ipa-devel-fedora.repo
Summary: Dependency to krb5-pkinit-openssl missing in ipa-devel-fedora.repo
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: unspecified
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-30 00:27 UTC by Pierre Carrier
Modified: 2015-01-04 23:45 UTC (History)
4 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-28 09:39:13 UTC
Embargoed:


Attachments (Terms of Use)

Description Pierre Carrier 2010-11-30 00:27:34 UTC
Description of problem:
- Installing ipa-server misses a dependency.

Version-Release number of selected component (if applicable):
- As per http://jdennis.fedorapeople.org/ipa-devel/ipa-devel-fedora.repo on Tue Nov 30, 2010, 00:23 UTC
- In particular, ipa-server-1.91-0.2010113002gitdf48c9c.fc14

How reproducible:
- Only tried once.


Steps to Reproduce:
1. On a minimal F14 install (no updates, very few extra packages installed):
2. as per bug 657598, # yum install mx4j
3. added http://jdennis.fedorapeople.org/ipa-devel/ipa-devel-fedora.repo in /etc/yum.repos.d
3. # yum install ipa-server
4. in /etc/hosts:
127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain
8.8.8.8 main.beurk
5. HOSTNAME=main.beurk in /etc/sysconfig/network
6. # hostname main.beurk
7. # ipa-server-install --selfsign
  
Actual results:
- 'ipa-server-install --selfsign' displays before it returns 1:
-- 8< --
[...]
To accept the default shown in brackets, press the Enter key.

The pkinit plugin is missing
Please install the 'krb5-pkinit-openssl' package and start the installation again
Aborting installation
-- >8 --

Expected results:
- I suppose it would make sense to install it as a dep.


Additional info:
Feel free to NEEDINFO(prc) if there's anything else I can do.

Comment 1 Rob Crittenden 2010-11-30 02:49:22 UTC
This package is optional which is why we don't enforce it until run time. Pass the --no-pkinit flag to the installer to avoid the need for the package.

Simo, we should probably bite the bullet on this and do one of the following:

- always require the package even though there is no dogtag support yet
- make it off by default for both dogtag and selfsign

I think it is enabled now by default so it can be exercised.

Comment 2 Jenny Severance 2010-11-30 13:10:49 UTC
Maybe this should be a man page bug?  Since man ipa-server-install makes no mention of --no-pkinit as an option and what it is for ...

Comment 3 Simo Sorce 2010-11-30 13:24:38 UTC
(In reply to comment #1)
> This package is optional which is why we don't enforce it until run time. Pass
> the --no-pkinit flag to the installer to avoid the need for the package.
> 
> Simo, we should probably bite the bullet on this and do one of the following:
> 
> - always require the package even though there is no dogtag support yet

I'd go with this one, the package is small enough it's not a big deal to require it always.

> - make it off by default for both dogtag and selfsign
> 
> I think it is enabled now by default so it can be exercised.

Yes.

Comment 4 Dmitri Pal 2010-12-08 16:54:55 UTC
https://fedorahosted.org/freeipa/ticket/599

Comment 5 Dmitri Pal 2011-02-10 19:52:28 UTC
master: 8f87aa1288fcb00607430de0bc707682c689a335


Note You need to log in before you can comment on or make changes to this bug.