[Freeipa-users] Re: Fedora 40/FreeIPA 4.12

Mon, 10 Jun 2024 10:42:19 -0700 

Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
writes:

> Jochen Kellner via FreeIPA-users wrote:
>> 
>> Hi,
>> 
>> I've re-installed my test system with Fedora 40. ipa-healthcheck says:
>> 
>>   {
>>     "source": "ipahealthcheck.ipa.files",
>>     "check": "TomcatFileCheck",
>>     "result": "WARNING",
>>     "uuid": "0cad1a21-d450-4c68-845f-e72a640af360",
>>     "when": "20240610020014Z",
>>     "duration": "0.000986",
>>     "kw": {
>>       "key": "_var_lib_pki_pki-tomcat_conf_ca_CS.cfg_mode",
>>       "path": "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg",
>>       "type": "mode",
>>       "expected": "0660",
>>       "got": "0664",
>>       "msg": "Permissions of /var/lib/pki/pki-tomcat/conf/ca/CS.cfg are too 
>> permissive: 0664 and should be 0660"
>>     }
>>   },
>> 
>> Otherwise the system seems to run fine. Might be a packaging problem...
>
> Were only IPA packages updated or also dogtag-pki* or tomcat? I assume
> healthcheck output was clean prior to upgrading? I'm trying to narrow
> down where to look for the root cause.

The system had been newly installed. The first entry in dnf.rpm.log is
from 2024-06-04T21:02:05+0200.

These are the entries for 'grep -E "(ipa|pki)" /var/log/dnf.rpm.log':

2024-06-04T21:53:06+0200 SUBDEBUG Installed: 
freeipa-client-common-4.12.0-1.fc40.noarch
2024-06-04T21:53:06+0200 SUBDEBUG Installed: krb5-pkinit-1.21.2-5.fc40.x86_64
2024-06-04T21:53:07+0200 SUBDEBUG Installed: libipa_hbac-2.9.5-1.fc40.x86_64
2024-06-04T21:53:07+0200 SUBDEBUG Installed: 
python3-dogtag-pki-11.5.0-3.fc40.noarch
2024-06-04T21:53:07+0200 SUBDEBUG Installed: 
dogtag-pki-base-11.5.0-3.fc40.noarch
2024-06-04T21:53:08+0200 SUBDEBUG Installed: 
python3-libipa_hbac-2.9.5-1.fc40.x86_64
2024-06-04T21:53:09+0200 SUBDEBUG Installed: sssd-ipa-2.9.5-1.fc40.x86_64
2024-06-04T21:53:10+0200 SUBDEBUG Installed: 
freeipa-server-common-4.12.0-1.fc40.noarch
2024-06-04T21:53:10+0200 SUBDEBUG Installed: 
freeipa-selinux-4.12.0-1.fc40.noarch
2024-06-04T21:53:23+0200 SUBDEBUG Installed: freeipa-common-4.12.0-1.fc40.noarch
2024-06-04T21:53:24+0200 SUBDEBUG Installed: python3-ipalib-4.12.0-1.fc40.noarch
2024-06-04T21:53:24+0200 SUBDEBUG Installed: 
python3-ipaclient-4.12.0-1.fc40.noarch
2024-06-04T21:53:25+0200 SUBDEBUG Installed: 
python3-ipaserver-4.12.0-1.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed: 
pki-resteasy-jackson2-provider-3.0.26-29.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed: 
pki-resteasy-core-3.0.26-29.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed: 
pki-resteasy-client-3.0.26-29.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed: 
pki-resteasy-servlet-initializer-3.0.26-29.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed: 
dogtag-pki-java-11.5.0-3.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed: 
dogtag-pki-tools-11.5.0-3.fc40.x86_64
2024-06-04T21:53:30+0200 SUBDEBUG Installed: 
freeipa-healthcheck-core-0.16-5.fc40.noarch
2024-06-04T21:53:32+0200 SUBDEBUG Installed: 
dogtag-pki-server-11.5.0-3.fc40.noarch
2024-06-04T21:53:33+0200 SUBDEBUG Installed: 
dogtag-pki-acme-11.5.0-3.fc40.noarch
2024-06-04T21:53:33+0200 SUBDEBUG Installed: dogtag-pki-ca-11.5.0-3.fc40.noarch
2024-06-04T21:53:33+0200 SUBDEBUG Installed: dogtag-pki-kra-11.5.0-3.fc40.noarch
2024-06-04T21:53:33+0200 SUBDEBUG Installed: freeipa-client-4.12.0-1.fc40.x86_64
2024-06-04T21:53:33+0200 SUBDEBUG Installed: freeipa-server-4.12.0-1.fc40.x86_64
2024-06-04T21:53:42+0200 SUBDEBUG Installed: 
freeipa-server-dns-4.12.0-1.fc40.noarch
2024-06-05T06:51:41+0200 SUBDEBUG Installed: 
freeipa-server-trust-ad-4.12.0-1.fc40.x86_64
2024-06-05T06:51:53+0200 SUBDEBUG Installed: 
freeipa-healthcheck-0.16-5.fc40.noarch

ipa-server-install.log starts at 2024-06-04T20:34:53Z, there is no file
ipaupgrade.log.

These are the only updates applied since installation:

root@freeipa:/var/log# grep Upgrade dnf.rpm.log
2024-06-06T06:37:56+0200 SUBDEBUG Upgrade: qt5-srpm-macros-5.15.14-1.fc40.noarch
2024-06-06T06:37:56+0200 SUBDEBUG Upgrade: git-core-2.45.2-2.fc40.x86_64
2024-06-06T06:37:56+0200 SUBDEBUG Upgrade: 
apache-commons-io-1:2.16.1-1.fc40.noarch
2024-06-06T06:37:56+0200 SUBDEBUG Upgraded: 
qt5-srpm-macros-5.15.13-1.fc40.noarch
2024-06-06T06:37:56+0200 SUBDEBUG Upgraded: 
apache-commons-io-1:2.13.0-8.fc40.noarch
2024-06-06T06:37:56+0200 SUBDEBUG Upgraded: git-core-2.45.1-1.fc40.x86_64
2024-06-07T17:04:15+0200 SUBDEBUG Upgrade: iproute-6.7.0-2.fc40.x86_64
2024-06-07T17:04:15+0200 SUBDEBUG Upgraded: iproute-6.7.0-1.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgrade: 
rsvg-pixbuf-loader-2.57.1-6.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgrade: librsvg2-2.57.1-6.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgrade: libdrm-2.4.121-1.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgraded: librsvg2-2.57.1-4.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgraded: 
rsvg-pixbuf-loader-2.57.1-4.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgraded: libdrm-2.4.120-3.fc40.x86_64
2024-06-10T06:21:12+0200 SUBDEBUG Upgrade: mesa-filesystem-24.0.9-1.fc40.x86_64
2024-06-10T06:21:12+0200 SUBDEBUG Upgrade: mesa-va-drivers-24.0.9-1.fc40.x86_64
2024-06-10T06:21:12+0200 SUBDEBUG Upgrade: mesa-libglapi-24.0.9-1.fc40.x86_64
2024-06-10T06:21:12+0200 SUBDEBUG Upgrade: mesa-dri-drivers-24.0.9-1.fc40.x86_64
2024-06-10T06:21:13+0200 SUBDEBUG Upgrade: mesa-libgbm-24.0.9-1.fc40.x86_64
2024-06-10T06:21:13+0200 SUBDEBUG Upgrade: mesa-libEGL-24.0.9-1.fc40.x86_64
2024-06-10T06:21:13+0200 SUBDEBUG Upgrade: mesa-libGL-24.0.9-1.fc40.x86_64
2024-06-10T06:21:13+0200 SUBDEBUG Upgrade: fontconfig-2.15.0-6.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-libEGL-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-libGL-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-libgbm-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-libglapi-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: 
mesa-dri-drivers-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-va-drivers-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-filesystem-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: fontconfig-2.15.0-4.fc40.x86_64

> In any case I'd heed the warning and tighten up the perms.

Thanks a lot.

> Thanks for the report.

You're welcome!

Jochen

-- 
This space is intentionally left blank.
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to