Monday, August 15, 2022

[Test-Announce] Proposal to CANCEL: 2022-08-01 Fedora QA Meeting

Hi folks! Sorry for the late notice, but I'm proposing we cancel the
QA meeting today. I am going to be on a plane to devconf.us, so I
won't be able to run it.

Thanks folks!
--
Adam Williamson
Fedora QA
IRC: adamw | Twitter: adamw_ha
https://www.happyassassin.net

_______________________________________________
test-announce mailing list -- test-announce@lists.fedoraproject.org
To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Posted by at No comments:

Sunday, August 14, 2022

[389-users] Re: 389-ds-base/cockpit-389-ds on EL9

> What exactly were you trying to do?  Were you trying to change the server certificate name to a different one?

Correct, I was trying to set it to use a "proper" cert issued by LetsEncrypt
I imported the Lets Encrypt cert, that I had converted to pkcs12. Then tried via cockpit security settings, to select it from the drop down. It was listed, and let me save, but when I restarted the instance and refreshed cockpit it reverted to "Server-Cert"
I didn't notice anything at first in the error log, but after setting in dse.ldif I noticed this in errors.

"CERT_VerifyCertificateNow: verify certificate failed for cert MyCert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 - Peer's Certificate has expired"

This made me realise I'd used the older pkcs12I had lying about. At that point I used certultil to replace (i.e deleted it, and re-added it to the keystore) and restarted without issue.

I thought it may be because it was expired that it wasn't saving, but I've just tried doing the same thing with a new cert as a test and get the same result.


1) Covert LE to pkcs12

/usr/bin/openssl pkcs12 -export \
-in $LE_DIR/cert.pem \
-inkey $LE_DIR/privkey.pem \
-out $LE_DIR/$HOSTNAME.p12 -name $HOSTNAME \
-certfile $LE_DIR/chain.pem -caname LE-CHAIN\
-password pass:$P12_PWD

2) Import to keystore
pk12util -i $LE_DIR/$HOSTNAME.p12 -d /etc/dirsrv/slapd-<INSTANCE>/ -K $LDAP_STORE_PWD -W $P12_PWD

3) At this point I can see it and select it in cockpit security settings, and save. But after restarting the instance, it reverts to the previous cert that was selected (MyCert)

Tailing the log at the point of saving the setting in cockpit I have found just this

[14/Aug/2022:22:53:08.686135019 +0100] - DEBUG - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[14/Aug/2022:22:53:08.687311089 +0100] - DEBUG - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!
[14/Aug/2022:22:53:08.687839552 +0100] - DEBUG - modify_config_dse - Modification of attribute "modifiersname" is not allowed, ignoring!
[14/Aug/2022:22:53:08.688445652 +0100] - DEBUG - modify_config_dse - Modification of attribute "modifytimestamp" is not allowed, ignoring!

However, checking, I see that when I change other settings (for example Paged Search Size Limit) , but they seem to stick.

All the best
Dan
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Posted by at No comments:

[389-users] Re: 389-ds-base/cockpit-389-ds on EL9


On 8/14/22 11:10 AM, Daniel Bird wrote:

>>I will report back any issues as I test.

 

So far, no major issues. I've set up a supplier replica from our CentOS 7 service running 1.3.10 from EPEL 7 and all seems well. It did require a tweak to some legacy schema files that are still hanging round from when we used the "Sun Directory Server" way back in the day, that has been the case ever since we moved from the Sun DS server and upgraded to 389. At some point I'll clean up and remove the old data from the directory that references them.

 

I also had a small issue setting the SSL cert via cockpit, where it would keep reverting to the self-signed "Server-Cert" .

What exactly were you trying to do?  Were you trying to change the server certificate name to a different one?

Thanks,
Mark

On reflection, it could have been because I was trying to use an expired cert, rather than the current one, but it didn't say there was a problem. I set it manually via dse.ldif in the end.

 

Many thanks

 

Dan

 

 


_______________________________________________  389-users mailing list -- 389-users@lists.fedoraproject.org  To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org  Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/  List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines  List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org  Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue  
--   Directory Server Development Team
Posted by at No comments:

[Test-Announce] Kernel 5.19 Test Week is underway

Hey All,

I would like to invite all of you to participate in the Kernel 5.19
Test week is happening from 2022-08-14 to 2022-08-21. It's
fairly simple, head over to the wiki [0] and read in detail about the
test week and simply run the test case mentioned in[1] and enter your
results.

As usual, the Fedora QA team will hangout at #fedora-test-day@libera.chat
for question and discussion.

[0] http://fedoraproject.org/wiki/Test_Day:2022-08-14_Kernel_5.19_Test_Week
[1] https://testdays.fedoraproject.org/events/137


--
//sumantro
Fedora QE
TRIED AND PERSONALLY TESTED, ERGO TRUSTED
_______________________________________________
test-announce mailing list -- test-announce@lists.fedoraproject.org
To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Posted by at No comments:

[389-users] Re: 389-ds-base/cockpit-389-ds on EL9

>>I will report back any issues as I test.

 

So far, no major issues. I've set up a supplier replica from our CentOS 7 service running 1.3.10 from EPEL 7 and all seems well. It did require a tweak to some legacy schema files that are still hanging round from when we used the "Sun Directory Server" way back in the day, that has been the case ever since we moved from the Sun DS server and upgraded to 389. At some point I'll clean up and remove the old data from the directory that references them.

 

I also had a small issue setting the SSL cert via cockpit, where it would keep reverting to the self-signed "Server-Cert" . On reflection, it could have been because I was trying to use an expired cert, rather than the current one, but it didn't say there was a problem. I set it manually via dse.ldif in the end.

 

Many thanks

 

Dan

 

 

Posted by at No comments:

[fedora-arm] [Fedocal] Reminder meeting : Fedora ARM & AArch64 status meeting

Dear all,

You are kindly invited to the meeting:
Fedora ARM & AArch64 status meeting on 2022-08-16 from 15:00:00 to 16:00:00 UTC
At fedora-meeting-2@irc.libera.chat

The meeting will be about:
Fedora ARM & AArch64 weekly status meeting.

More information available at:
[https://fedoraproject.org/wiki/Architectures/ARM](https://fedoraproject.org/wiki/Architectures/ARM)


Source: https://calendar.fedoraproject.org//meeting/9910/

_______________________________________________
arm mailing list -- arm@lists.fedoraproject.org
To unsubscribe send an email to arm-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/arm@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Posted by at No comments:

Saturday, August 13, 2022

[Test-Announce] Fedora 37 Branched 20220813.n.0 nightly compose nominated for testing

Announcing the creation of a new nightly release validation test event
for Fedora 37 Branched 20220813.n.0. Please help run some tests for this
nightly compose if you have time. For more information on nightly
release validation testing, see:
https://fedoraproject.org/wiki/QA:Release_validation_test_plan

Notable package version changes:
pungi - 20220806.n.0: pungi-4.3.5-5.fc37.src, 20220813.n.0: pungi-4.3.5-8.fc37.src

Test coverage information for the current release can be seen at:
https://openqa.fedoraproject.org/testcase_stats/37

You can see all results, find testing instructions and image download
locations, and enter results on the Summary page:

https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220813.n.0_Summary

The individual test result pages are:

https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220813.n.0_Installation
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220813.n.0_Base
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220813.n.0_Server
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220813.n.0_Cloud
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220813.n.0_Desktop
https://fedoraproject.org/wiki/Test_Results:Fedora_37_Branched_20220813.n.0_Security_Lab

Thank you for testing!
--
Mail generated by relvalconsumer: https://pagure.io/fedora-qa/relvalconsumer
_______________________________________________
test-announce mailing list -- test-announce@lists.fedoraproject.org
To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Posted by at No comments:
Subscribe to: Posts (Atom)