Package Details: python-ipaclient 4.12.2-3

Git Clone URL: https://aur.archlinux.org/freeipa.git (read-only, click to copy)
Package Base: freeipa
Description: Python libraries used by IPA client
Upstream URL: http://www.freeipa.org/
Keywords: freeipa identity management policy trusts
Licenses: GPL3
Submitter: chenxiaolong
Maintainer: patlefort
Last Packager: patlefort
Votes: 24
Popularity: 0.20
First Submitted: 2012-11-15 23:50 (UTC)
Last Updated: 2025-01-09 00:05 (UTC)

Pinned Comments

patlefort commented on 2024-07-23 11:37 (UTC)

Keys are in keys/pgp of this package.

Latest Comments

1 2 3 4 5 6 .. 10 Next › Last »

patlefort commented on 2025-01-09 00:09 (UTC)

I applied the PyCA 44.0 patches. Tell me if it's working.

derzahl commented on 2025-01-08 23:10 (UTC)

patlefort, TripleDES messages are gone but still get error

TypeError: type 'cryptography.hazmat.bindings._rust.x509.Certificate' is not an acceptable base type

Looks like applying the full PyCA 44 compatibility patch fixes it. See below for my working PKGBUILD diff you are free to use.

--- old/PKGBUILD    2025-01-08 17:02:37.707860718 -0600
+++ new/PKGBUILD    2025-01-08 17:02:11.441514733 -0600
@@ -12,7 +12,7 @@
          freeipa-client-common
          freeipa-client)
 pkgver=4.12.2
-pkgrel=2
+pkgrel=3
 pkgdesc='The Identity, Policy and Audit system'
 arch=('i686' 'x86_64')
 url='http://www.freeipa.org/'
@@ -38,19 +38,21 @@
    'D756764D4D7E297C6DAD117269876F72A6E2D34F'
    '0E63D716D76AC080A4A33513F40800B6298EB963')
 source=("https://releases.pagure.org/freeipa/freeipa-${pkgver}.tar.gz"{,.asc}
-        "${pkgbase}-tripledes.patch::https://pagure.io/freeipa/c/bc31c2700c3779cfad688eb098042060bf09df3c.patch"
+        "${pkgbase}-PyCA44-support.patch::https://github.com/freeipa/freeipa/pull/7614.patch"
         nis-domainname.service
         ipaplatform.tar.gz)
 sha256sums=('dc88f5404e7613eb6530d71142ef43a9f89019d59cdc6ec25b778413258c317f'
             'SKIP'
-            '2bdfbf4a96d4bbf80db5f04b29dd64d45306707af6daaa3cd3517985f80c9889'
+            '120ad08719e2c8bd3ed46b8e45c0c5f75e45e375510f1417c00810274c789075'
             '74a394af693e3677146eff18a770a4271fba961b2af93b15b8ae26157af1760a'
             '7e20412c9347106485adee06b5fcee174c67eb5a30b6730452e300dfc44faa5e')

 prepare() {
    cd freeipa-${pkgver}
-
-   patch -p1 -i "../${pkgbase}-tripledes.patch"
+        
+   for x in `ls ../*.patch`; do
+     patch -t -p1 -i "${x}"
+        done

    rm -rf ipaplatform/arch

@@ -268,4 +270,3 @@
        mv ../install/"$_file" "$pkgdir"/"$_file"
    done
 }
-

patlefort commented on 2024-12-23 11:51 (UTC)

I've cherry picked a patch that should fix the issue. Please tell me if it's working.

BPplays commented on 2024-12-23 11:37 (UTC)

a temp workaround for my issue is to install an older version of python-cryptography:

wget https://archive.archlinux.org/packages/p/python-cryptography/python-cryptography-43.0.3-2-x86_64.pkg.tar.zst
sudo pacman -U python-cryptography-43.0.3-2-x86_64.pkg.tar.zst 

and then add python-cryptography to HoldPkg

BPplays commented on 2024-12-23 11:19 (UTC)

im getting this when using ipa-client-install:

/usr/lib/python3.13/site-packages/ipalib/constants.py:392: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0.
  if getattr(algorithms, 'TripleDES', None):
/usr/lib/python3.13/site-packages/ipalib/constants.py:393: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0.
  if backend.cipher_supported(algorithms.TripleDES(
Traceback (most recent call last):
  File "/usr/bin/ipa-client-install", line 22, in <module>
    from ipaclient.install import ipa_client_install
  File "/usr/lib/python3.13/site-packages/ipaclient/install/ipa_client_install.py", line 7, in <module>
    from ipaclient.install import client
  File "/usr/lib/python3.13/site-packages/ipaclient/install/client.py", line 37, in <module>
    from ipalib import api, errors, x509
  File "/usr/lib/python3.13/site-packages/ipalib/__init__.py", line 921, in <module>
    from ipalib.frontend import Command, LocalOrRemote, Updater
  File "/usr/lib/python3.13/site-packages/ipalib/frontend.py", line 31, in <module>
    from ipalib.parameters import create_param, Param, Str, Flag
  File "/usr/lib/python3.13/site-packages/ipalib/parameters.py", line 125, in <module>
    from ipalib.x509 import (
        load_der_x509_certificate, IPACertificate, default_backend)
  File "/usr/lib/python3.13/site-packages/ipalib/x509.py", line 91, in <module>
    class IPACertificate(crypto_x509.Certificate):
    ...<358 lines>...
                return self._cert.verify_directly_issued_by(issuer)
TypeError: type 'cryptography.hazmat.bindings._rust.x509.Certificate' is not an acceptable base type

patlefort commented on 2024-09-02 17:52 (UTC)

@furbyhaxx: Only the server component use libpwquality. That error indicate that your PAM modules is using libpwquality module and that would be configured either manually or with authselect. Mine is setup with authselect and I only see pam_pwquality.so local_users_only lines. How did you configure your pam modules?

furbyhaxx commented on 2024-09-02 10:07 (UTC) (edited on 2024-09-02 10:07 (UTC) by furbyhaxx)

dependency "extra/libpwquality" is missing, not sure where exactly but on a freshly installed arch lxc with the freeipa-client installed, this module is missing and prevents changing passwords of remote users with error: "passwd: Module is unknown"