These methods were introduced in https://pagure.io/freeipa/c/0f9a8b7a15b911f443042061d795fcaa51f1a3c7 , and that triggers a strong déjà vu for me -- I've looked at this failure in a different context already.
But https://launchpad.net/ubuntu/+source/python-cryptography in oracular *is* version 42. Hmm.. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/2078034 Title: ipa-client-install fails with TypeError: Can't instantiate abstract class IPACertificate without an implementation for abstract methods 'not_valid_after_utc', 'not_valid_before_utc' Status in freeipa package in Ubuntu: New Bug description: I am currently enabling our Cockpit tests on oracular [1] (now after feature freeze and well before release is a good time). The main regression is with joining a FreeIPA domain. The server runs a standard quay.io/freeipa/freeipa- server:centos-9-stream container with a couple of standard options (ports, passwords, etc.) [2], but nothing spectacular. In particular, no customizations of the certificate. On the client (Ubuntu oracular) the test runs: echo foobarfoo | realm join -vU admin cockpit.lan This fails with unable to convert the attribute 'cacertificate;binary' value b'0\x82[...]xea9D#' to type <class 'cryptography.x509.base.Certificate'> Cannot obtain CA certificate 'ldap://f0.cockpit.lan' doesn't have a certificate. Installation failed. Rolling back changes. /var/log/ipaclient-install.log gives further details (I'm attaching that). It has a series of exceptions, but the important one seems to be File "/usr/lib/python3/dist-packages/ipapython/ipaldap.py", line 1031, in decode return x509.load_der_x509_certificate(val) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/ipalib/x509.py", line 445, in load_der_x509_certificate return IPACertificate( ^^^^^^^^^^^^^^^ TypeError: Can't instantiate abstract class IPACertificate without an implementation for abstract methods 'not_valid_after_utc', 'not_valid_before_utc' As the package is in sync with Debian unstable, this *probably* affects Debian as well. However, we run our CI on Debian testing, and freeipa has fallen out of testing 4 months ago[3], so we've skipped tests there. [1] https://github.com/cockpit-project/bots/pull/6799 [2] https://github.com/cockpit-project/bots/blob/main/images/scripts/services.setup#L24 [3] https://tracker.debian.org/pkg/freeipa DistroRelease: Ubuntu 24.10 PackageVersion: freeipa-client 4.11.1-2.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/2078034/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
