diff --git a/0020-ipatests-pruning-is-enabled-when-RSN-is-enabled.patch b/0020-ipatests-pruning-is-enabled-when-RSN-is-enabled.patch new file mode 100644 index 0000000..88a5d7d --- /dev/null +++ b/0020-ipatests-pruning-is-enabled-when-RSN-is-enabled.patch @@ -0,0 +1,39 @@ +From d5efb4decb74b50c05b1d252add1c075e660d154 Mon Sep 17 00:00:00 2001 +From: Florence Blanc-Renaud +Date: Wed, 11 Feb 2026 10:23:36 +0100 +Subject: [PATCH] ipatests: pruning is enabled when RSN is enabled + +The test TestACMEPrune installs the server with --random-serial-numbers +but expects pruning to be disabled if the 389ds backend is BDB. + +This is a wrong expectation as pruning is enabled as soon as RSN +are enabled (since commit 3777d2b). +Fix the test expectation. + +Signed-off-by: Florence Blanc-Renaud +--- + ipatests/test_integration/test_acme.py | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/ipatests/test_integration/test_acme.py b/ipatests/test_integration/test_acme.py +index 4c66e4348beeaca95577a786a46e53fdc1532ef7..bedec9d1f9f0c168c11aceb155978b6a0dae8dd7 100644 +--- a/ipatests/test_integration/test_acme.py ++++ b/ipatests/test_integration/test_acme.py +@@ -718,12 +718,8 @@ class TestACMEPrune(IntegrationTest): + < tasks.parse_version('11.3.0')): + raise pytest.skip("Certificate pruning is not available") + +- # Pruning is enabled by default when the host supports lmdb +- if get_389ds_backend(self.master) == 'bdb': +- cs_cfg = self.master.get_file_contents(paths.CA_CS_CFG_PATH) +- assert "jobsScheduler.job.pruning.enabled=false".encode() in cs_cfg +- self.master.run_command(['ipa-acme-manage', 'pruning', '--enable']) +- ++ # Pruning is enabled by default when server is installed ++ # with --random-serial-numbers + cs_cfg = self.master.get_file_contents(paths.CA_CS_CFG_PATH) + assert "jobsScheduler.enabled=true".encode() in cs_cfg + assert "jobsScheduler.job.pruning.enabled=true".encode() in cs_cfg +-- +2.52.0 + diff --git a/freeipa.spec b/freeipa.spec index 0771e25..7704463 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -229,7 +229,7 @@ Name: %{package_name} Version: %{IPA_VERSION} -Release: 2%{?rc_version:.%rc_version}%{?dist} +Release: 3%{?rc_version:.%rc_version}%{?dist} Summary: The Identity, Policy and Audit system License: GPL-3.0-or-later @@ -266,6 +266,7 @@ Patch0016: 0016-Handle-IPACertificate-types-in-xmlrpc.patch Patch0017: 0017-Replace-None-with-when-uninstalling-CA.patch Patch0018: 0018-ipatests-Add-xmlrpc-tests-for-ipa-delegation-cli.patch Patch0019: 0019-ipa-join-initialize-pointer.patch +Patch0020: 0020-ipatests-pruning-is-enabled-when-RSN-is-enabled.patch Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch %endif %endif @@ -1243,6 +1244,9 @@ mkdir -p %{buildroot}%{_sysconfdir}/cron.d %if ! %{ONLY_CLIENT} %post server +# Drop the systemd users file BEFORE restarting dbus and oddjob +# Otherwise dbus doesn't recognize ipaapi user +%sysusers_create %{_sysusersdir}/ipa.conf # NOTE: systemd specific section /bin/systemctl --system daemon-reload 2>&1 || : # END @@ -1252,7 +1256,6 @@ fi /bin/systemctl reload-or-try-restart dbus /bin/systemctl reload-or-try-restart oddjobd -%sysusers_create %{_sysusersdir}/ipa.conf %tmpfiles_create ipa.conf %journal_catalog_update @@ -1976,6 +1979,10 @@ fi %endif %changelog +* Tue Feb 10 2026 Florence Blanc-Renaud - 4.13.1-3 +- RHEL-148282 ipa-replica-conncheck fails with "an internal error has occured" +- RHEL-148481 Pruning is enabled by default with RSN on RHEL 9.8 + * Fri Feb 6 2026 Florence Blanc-Renaud - 4.13.1-2 - RHEL-147191 ipa uninstallation is failing with message "'NoneType' object has no attribute 'lower'" - RHEL-146185 Names of domains from a trusted forest should be compared case-insentive