Arch Linux User Repository

Keys are in keys/pgp of this package.

Keys are in keys/pgp of this package.

gpg keys are still broken

At now I have problem only with building. pgp key must be imported manualy but then build and ipa-client-install works without problem.

Version 4.12 contain a fix for this exact issue: https://pagure.io/freeipa/c/a45a7a20d96af51d463a285cb9318582720be708?branch=master and some discussion here: https://www.mail-archive.com/freeipa-users@lists.fedorahosted.org/msg17613.html so I'm at a loss for what could be the problem. Can you try a clean build and also make sure you have the latest python-cryptography installed from system and not from pip?

@patlefort Still getting the same issue as @pavkamic with 4.12.

I've included the pgp keys in keys/pgp of this package. Let me know if it still happen on version 4.12.

With version 4.11.1-3 I have this problem with or without downgraded python-crypthography:

2024-06-02T11:57:11Z ERROR unable to convert the attribute 'cacertificate;binary' value b'0\x82\x04\x8b0\x82\x0......xe2' to type <class 'cryptography.x509.base.Certificate'>

Now is there newer version 4.12.0-2 which I cannot upgrade because unknown pgp key:

gpg: error reading key: No public key
pub   rsa4096 2017-11-28 [SC]
  0E63D716D76AC080A4A33513F40800B6298EB963
uid           [ unknown] FreeIPA Master Signing Key

:: PGP keys need importing:
-> D756764D4D7E297C6DAD117269876F72A6E2D34F, required by: freeipa
:: Import? [Y/n] 
:: Importing keys with gpg...
gpg: keyserver receive failed: No data
 -> problem importing keys

Hoping this may help other people. I've had a few problems with freeipa (specifically ipa-client-install) with the current python-cryptography package, 42.0.6-1 at the time of writing.

retrieving schema for SchemaCache url=ldap://xxx.xxx.xxx:389 conn=<ldap.ldapobject.SimpleLDAPObject object at 0x792aa8a01790>
unable to convert the attribute 'cacertificate;binary' value b'0\x82\x04\xac0\x82\x03\x14\xa0\x03\x02\x01\........

I forced a downgrade of python-cryptography and ipa-client-install then completed without issue.

python3 -m pip install --break-system-packages cryptography==37.0.4

Probably not the best solution but solved my immediate problem.

python-urllib3 is missing as a dependency. the ipa-client-install helper fails without it.

Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/ipalib/x509.py", line 56, in <module>
    from urllib3.util import ssl_match_hostname
ModuleNotFoundError: No module named 'urllib3'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/ipa-client-install", line 22, in <module>
    from ipaclient.install import ipa_client_install
  File "/usr/lib/python3.12/site-packages/ipaclient/install/ipa_client_install.py", line 7, in <module>
    from ipaclient.install import client
  File "/usr/lib/python3.12/site-packages/ipaclient/install/client.py", line 37, in <module>
    from ipalib import api, errors, x509
  File "/usr/lib/python3.12/site-packages/ipalib/__init__.py", line 921, in <module>
    from ipalib.frontend import Command, LocalOrRemote, Updater
  File "/usr/lib/python3.12/site-packages/ipalib/frontend.py", line 31, in <module>
    from ipalib.parameters import create_param, Param, Str, Flag
  File "/usr/lib/python3.12/site-packages/ipalib/parameters.py", line 125, in <module>
    from ipalib.x509 import (
  File "/usr/lib/python3.12/site-packages/ipalib/x509.py", line 58, in <module>
    from urllib3.packages import ssl_match_hostname
ModuleNotFoundError: No module named 'urllib3'

@patlefort Are you able to kindly bump the pkgrel for this package (and python-ipalib)?

The package needs rebuilding against python3.12 after its release, and bumping the pkgrel will trigger that for quite a few folks' workflows.