Hi, sorry for bumping this bug, but I'm using the latest version of bind
(1:9.11.3+dfsg-1ubuntu1.3) for Bionic, which should contain the fix, but
named-pkcs11 is still crashing for me.
It crashes at:
26-Dec-2018 12:11:07.639 ../../../lib/isc-pkcs11/md5.c:93: fatal error:
26-Dec-2018 12:11:07.639 R
This bug was fixed in the package bind9 - 1:9.11.3+dfsg-1ubuntu1.3
---
bind9 (1:9.11.3+dfsg-1ubuntu1.3) bionic; urgency=medium
[ Karl Stenerud ]
* d/p/skip-rtld-deepbind-for-dyndb.diff: fix named-pkcs11 crashing on
startup. Thanks to Petr Menšík (LP: #1769440)
-- Andreas Ha
Package version 1:9.11.3+dfsg-1ubuntu1.3 in -proposed also works for me.
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bu
I've installed proposed packages for bind. Now service is working for me.
After install proposed package:
# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Starting httpd Service
Starting ipa-custodia Service
Starting pki-tom
I'm having a hard time reproducing the bug in bionic nowadays. It feels
like a timing issue, because right after it complains about a connection
refused, I can connect just fine:
(...)
[24/28]: migrating certificate profiles to LDAP
[error] NetworkError: cannot connect to
'https://bionic-free
Hello keestux, or anyone else affected,
Accepted bind9 into bionic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-
1ubuntu1.3 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
h
It's this one:
bind9 (1:9.11.3+dfsg-1ubuntu1.3) bionic; urgency=medium
[ Karl Stenerud ]
* d/p/skip-rtld-deepbind-for-dyndb.diff: fix named-pkcs11 crashing on
startup. Thanks to Petr Menšík (LP: #1769440)
-- Andreas Hasenack Wed, 10 Oct 2018 14:33:34
-0300
It's still in the unapprove
@ahasenack When you said "Uploaded to bionic unapproved", did you mean
1:9.11.3+dfsg-1ubuntu1.3?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkc
Uploaded to bionic unapproved, waiting for SRU team's approval.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage notif
** Merge proposal linked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/bind9/+git/bind9/+merge/356439
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install
I'll take care of this for bionic.
** Changed in: bind9 (Ubuntu Bionic)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: bind9 (Ubuntu Bionic)
Importance: Undecided => High
** Changed in: bind9 (Ubuntu Bionic)
Status: Confirmed => In Progress
--
You received
A new bind has been pushed to bionic (1:9.11.3+dfsg-1ubuntu1.2). This is
newer than bind9 in ppa:freeipa/ppa, but does not contain the fix for
this bug. Therefore, bind9 upgrade should be prevented by helding the
ppa package, or bind9-pkcs11 will stop working.
--
You received this bug notificatio
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: bind9 (Ubuntu Bionic)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
Can we have this fix in bionic, please.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage notifications about this bug
** Also affects: bind9 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: freeipa (Ubuntu Bionic)
Importance: Undecided
Status: New
** No longer affects: freeipa (Ubuntu Bionic)
--
You received this bug notification because you are a member of Ubuntu
Bugs, wh
Will this be fixed in bionic where IPA is currently broken and unusable?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To man
This bug was fixed in the package bind9 - 1:9.11.4+dfsg-3ubuntu2
---
bind9 (1:9.11.4+dfsg-3ubuntu2) cosmic; urgency=medium
* d/p/skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
crashing on startup. (LP: #1769440)
-- Karl Stenerud Thu, 30 Aug 2018
07:11:39
** Description changed:
[Impact]
Using RTLD_DEEPBIND in bind9 causes the FreeIPA serve install to fail.
- This patch, also applied in fedora, disables use of RTLD_DEEPBIND.
+ This patch, also applied in fedora and debian, disables use of RTLD_DEEPBIND.
https://src.fedoraproject.org/rp
** Description changed:
+ [Impact]
+
+ Using RTLD_DEEPBIND in bind9 causes the FreeIPA serve install to fail.
+
+ This patch, also applied in fedora, disables use of RTLD_DEEPBIND.
+
https://src.fedoraproject.org/rpms/bind/c/3d5ea105bd877f0069452e450320f8877b01cb52?branch=master
+
+ [Test Case
** Merge proposal linked:
https://code.launchpad.net/~kstenerud/ubuntu/+source/bind9/+git/bind9/+merge/354002
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install
** Changed in: bind9 (Ubuntu)
Assignee: (unassigned) => Karl Stenerud (kstenerud)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails
bah, looks like I didn't push it back then.. is pushed now
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage notificati
I don't think there is anything to do here for freeipa itself, just
bind9. Marking the freeipa task as invalid.
** Changed in: freeipa (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:
I wonder if this patch shouldn't be applied only when doing the -pkcs11
rebuild
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
Timo, where is the patch in debian git? I'm looking at
g...@salsa.debian.org:dns-team/bind9.git (https://salsa.debian.org/dns-
team/bind9) but can't find it. It's currently at debian/1%9.11.4+dfsg-4
which is what was released last.
I also checked https://salsa.debian.org/dns-team/bind
--
You rec
I just finished an ipa-server-install run on cosmic where I hit the
abort error. But when using the patched bind9 package from
https://launchpad.net/~kstenerud/+archive/ubuntu/bind9-rtld-
deepbind-1769440/ which has the patch from fedora and Timo, it worked.
--
You received this bug notification
the patch is on debian git, but hasn't been uploaded there yet it seems
and yes the server team is free to handle this, but I can step in too if
it helps
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
We can take on this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage notifications about this bug go to:
https://bugs
@Gabriel thanks, I follow now.
@Timo do you have plans on getting this landed please? Or do you want
the server team to do it?
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs
@garyx that is unrelated. Open a new bug and please fully post the debug
output and logs, rather than an out-of-context snippit.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa
Any ETA on when/if this will be fixed. I am trying to add a new freeipa
server running 18.04 by adding it as a replica to a current setup, but
it seems to fail on Bind and what is described here.
I tried the PPA listed above but when adding as a replica using those
packages Igot this error if anyo
@ahasenack is correct.
@racb, this bug is fixed in the sense that I found the appropriate
patches missing from bind9, and the staging version that @tjaalton built
and uploaded stops the crashes.
This is the patch applied
https://pagure.io/fedora-bind/c/3d5ea105bd877f0069452e450320f8877b01cb52?br
I think he means it was fixed with the package that Timo upload to the
ppa, not with the package in the archive.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install f
> Looks like bind9 is fixed! Install completes with no issues and named-
pks11 runs without crashing.
Great! Thank you for the report.
I'm not sure this bug was ever clear on exactly what the problem was
with bind9, in terms of bind9. And if it is now fixed, I don't know when
it was fixed. So I'l
Looks like bind9 is fixed! Install completes with no issues and named-
pks11 runs without crashing.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-
uploaded bind to the staging ppa, please test once it's built
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage notific
good catch.. I did have a look at the fedora patches there but didn't go
deep enough.. that's an old patch which never went upstream :/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
f
Here's the referenced commit for the fix for fedora's bind9 code:
https://pagure.io/fedora-bind/c/3d5ea105bd877f0069452e450320f8877b01cb52?branch=master
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/17
Some error documented here:
https://bugzilla.redhat.com/show_bug.cgi?id=1410433
** Bug watch added: Red Hat Bugzilla #1410433
https://bugzilla.redhat.com/show_bug.cgi?id=1410433
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http
Both bugs have been already reported: see
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772205 and
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450. The
freeipa/staging ppa
(https://launchpad.net/~freeipa/+archive/ubuntu/staging) contains a new
version of freeipa which fixes
I've installed FreeIPA server with all the patches mentioned here but
"sudo ipactl status" shows that kadmin services is stopped. I had to
create an empty file /etc/krb5kdc/kadm5.acl which looks like solved the
problem. Not sure if it is the right approach.
Another issue I have is that when in Web
and you can see from that bind-dyndb-ldap commit it's only about the rpm
dropping the dependency, we never had that anyway, since bind-pkcs11 is
not a separate package
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch
It's not useful to stuff every workaround on an unrelated bug, you
should've searched the existing ones first and file new bugs when
necessary:
fontawesome path: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772921
/var/lib/krb5kdc permissions
https://bugs.launchpad.net/ubuntu/+source/f
PPPS. You don't need the latest fontsawesome after all for the gui to
work. However, you do need:
apt install libjs-scriptaculous
and
The installed code expects fontawesome, not font-awesome in the truetype
directory.
cd /usr/share/fonts/truetype
ln -s font-awesome /usr/share/fonts/truetype/f
PPS. Freeipa needs fontawesome version 4 or you get unicode boxes.
Bionic ships v3. Attached find v4. put them in
/usr/share/fonts/fontawesome
** Attachment added: "fontawesome v4"
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440/+attachment/5156225/+files/fontawesome4.bz
--
P.S. After the systemctl disable commands, you may need to delete the
'/etc/resolv.conf' then make a new one with the simple content as it
could be a link to a stub for systemd-resolved.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This is a recipe with all the work-arounds needed to get a freeipa
server with integrated DNS going on Ubuntu bionic/18.04 LTS or later.
Without these workarounds, you will hit so many bugs the system is
uninstallable as of 6/23/18.
I chose Lubuntu as a platform as I wanted an integrated browser
Outside of freeipa, I can get it to crash with multiple different
assertion errors, just not yet the one we get when using it with
freeipa. It doesn't look like a very robust system.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http
Has anybody reproduced this on debian? I confirm it happening then
deploying freeipa, but I'm also looking at a simpler test case now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
fr
** Changed in: bind9 (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage notifi
I tried the new version of bind (1:9.11.3+dfsg-1ubuntu1.1) but the
-pkcs11 version still crashes with the ldap plugin.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server ins
Note that named-pkcs11 only crashes at startup when the section
dyndb "ipa" "/usr/lib/bind/ldap.so"
is present. If commented out, the daemon starts (although it becomes
useless in this context).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed t
Thanks, he definitely knows more about bind than I do :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage notification
** Changed in: freeipa (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage noti
I can ask Ondrej too
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage notifications about this bug go to:
https://bugs
I'll take a look
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
To manage notifications about this bug go to:
https://bugs.lau
56 matches
Mail list logo
