For a better overview and to make a decision (as a +really version always sucks
to some extend) I did some tests:
- built nss 3.34 with the freebl3 change in ppa [1] as
2:3.35-2ubuntu1+really3.34-1ubuntu2
- set up some containers to test
- ran the sequence of installs/commands that freeipa tests would do
I did so in different combinations:
1. freeipa 4.4.4 + nss 3.34-1ubuntu1 (as bionic is)
2. freeipa 4.6.3 + nss 3.35-1ubuntu1 (full bionic proposed)
3. freeipa 4.4.4 + nss 3.35-1ubuntu1 (as tested by autopkgtest by pinning)
4. freeipa 4.4.4 + nss 3.35-2ubuntu1+really3.34-1ubuntu2 (ppa)
5. freeipa 4.6.3 + nss 3.35-2ubuntu1+really3.34-1ubuntu2 (proposed + ppa)
I tested:
- the install that fails in the autopkgtest
$ apt install freeipa-server freeipa-server-dns freeipa-server-trust-ad
freeipa-common
freeipa-client freeipa-admintools freeipa-tests python-ipaclient
python-ipalib
python-ipaserver python-ipatests
- the python call that fails (old & new form of it as it needs an additional
import in 4.6.2)
python2 -c 'from ipapython.certdb import update_ipa_nssdb; update_ipa_nssdb()'
python2 -c 'from ipaclient.install.client import update_ipa_nssdb;
update_ipa_nssdb()'
#1 install #2 old python #3 new python
1. ok ok fail (4.4 has only old
import)
2. ok (skip) fail (4.6 need new import) ok
3. fail fail (nss format) fail (4.4 has only old
import)
4. ok ok fail (4.4 has only old
import)
5. ok (skip) fail (4.6 need new import) ok
So an nss upload should work as planned with both verserions:
- freeipa 4.4 (case 4. #2)
- freeipa 4.6 (case 5. #3)
- and both cases would install (4./5. #1).
Due to the hint by Timo (thanks) I found [1] which explains a bit what is going
on.
That is a nice change to be made in nss, but not unplanned and unprepared.
Some consuming packages need to be adapted first, and that was not what I
intended by picking a new minor version. So that as well points to an upload
reverting the move to 3.35.
Get me right - the move to 3.35 and the new file format should be done
at some point, but not now unplanned (it accidentally slipped in by the
merge) - so I'm uploading 2:3.35-2ubuntu1+really3.34-1ubuntu2 to un-
break it for now.
[1]: https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1746947
Title:
failing autopkgtest due to password issue by nss
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1746947/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
