I applied the PyCA 44.0 patches. Tell me if it's working.
Search Criteria
Package Details: python-ipaclient 4.12.2-3
Package Actions
Git Clone URL: | https://aur.archlinux.org/freeipa.git (read-only, click to copy) |
---|---|
Package Base: | freeipa |
Description: | Python libraries used by IPA client |
Upstream URL: | http://www.freeipa.org/ |
Keywords: | freeipa identity management policy trusts |
Licenses: | GPL3 |
Submitter: | chenxiaolong |
Maintainer: | patlefort |
Last Packager: | patlefort |
Votes: | 24 |
Popularity: | 0.177707 |
First Submitted: | 2012-11-15 23:50 (UTC) |
Last Updated: | 2025-01-09 00:05 (UTC) |
Dependencies (22)
- freeipa-client-commonAUR
- freeipa-commonAUR
- python-dnspython (python-dnspython-gitAUR)
- python-ipalibAUR
- python-jinja
- ding-libs (make)
- gettext (gettext-gitAUR) (make)
- krb5 (krb5-gitAUR) (make)
- libsasl (make)
- libxmlrpc (make)
- nspr (nspr-hgAUR) (make)
- nss (nss-hgAUR) (make)
- openldap (openldap-gnutlsAUR) (make)
- openssl (openssl-gitAUR, openssl-staticAUR) (make)
- popt (popt-gitAUR) (make)
- python (python37AUR, python311AUR, python310AUR) (make)
- python-jinja (make)
- python-pyasn1-modules (make)
- python-setuptools (make)
- python-systemd (make)
- sssd (sssd-gitAUR, sssd-nosmbAUR) (make)
- oddjob-selinuxAUR (optional) – mkhomedir support
Required by (1)
Sources (6)
patlefort commented on 2025-01-09 00:09 (UTC)
derzahl commented on 2025-01-08 23:10 (UTC)
patlefort, TripleDES messages are gone but still get error
TypeError: type 'cryptography.hazmat.bindings._rust.x509.Certificate' is not an acceptable base type
Looks like applying the full PyCA 44 compatibility patch fixes it. See below for my working PKGBUILD diff you are free to use.
--- old/PKGBUILD 2025-01-08 17:02:37.707860718 -0600
+++ new/PKGBUILD 2025-01-08 17:02:11.441514733 -0600
@@ -12,7 +12,7 @@
freeipa-client-common
freeipa-client)
pkgver=4.12.2
-pkgrel=2
+pkgrel=3
pkgdesc='The Identity, Policy and Audit system'
arch=('i686' 'x86_64')
url='http://www.freeipa.org/'
@@ -38,19 +38,21 @@
'D756764D4D7E297C6DAD117269876F72A6E2D34F'
'0E63D716D76AC080A4A33513F40800B6298EB963')
source=("https://releases.pagure.org/freeipa/freeipa-${pkgver}.tar.gz"{,.asc}
- "${pkgbase}-tripledes.patch::https://pagure.io/freeipa/c/bc31c2700c3779cfad688eb098042060bf09df3c.patch"
+ "${pkgbase}-PyCA44-support.patch::https://github.com/freeipa/freeipa/pull/7614.patch"
nis-domainname.service
ipaplatform.tar.gz)
sha256sums=('dc88f5404e7613eb6530d71142ef43a9f89019d59cdc6ec25b778413258c317f'
'SKIP'
- '2bdfbf4a96d4bbf80db5f04b29dd64d45306707af6daaa3cd3517985f80c9889'
+ '120ad08719e2c8bd3ed46b8e45c0c5f75e45e375510f1417c00810274c789075'
'74a394af693e3677146eff18a770a4271fba961b2af93b15b8ae26157af1760a'
'7e20412c9347106485adee06b5fcee174c67eb5a30b6730452e300dfc44faa5e')
prepare() {
cd freeipa-${pkgver}
-
- patch -p1 -i "../${pkgbase}-tripledes.patch"
+
+ for x in `ls ../*.patch`; do
+ patch -t -p1 -i "${x}"
+ done
rm -rf ipaplatform/arch
@@ -268,4 +270,3 @@
mv ../install/"$_file" "$pkgdir"/"$_file"
done
}
-
patlefort commented on 2024-12-23 11:51 (UTC)
I've cherry picked a patch that should fix the issue. Please tell me if it's working.
BPplays commented on 2024-12-23 11:37 (UTC)
a temp workaround for my issue is to install an older version of python-cryptography:
wget https://archive.archlinux.org/packages/p/python-cryptography/python-cryptography-43.0.3-2-x86_64.pkg.tar.zst
sudo pacman -U python-cryptography-43.0.3-2-x86_64.pkg.tar.zst
and then add python-cryptography to HoldPkg
BPplays commented on 2024-12-23 11:19 (UTC)
im getting this when using ipa-client-install
:
/usr/lib/python3.13/site-packages/ipalib/constants.py:392: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0.
if getattr(algorithms, 'TripleDES', None):
/usr/lib/python3.13/site-packages/ipalib/constants.py:393: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0.
if backend.cipher_supported(algorithms.TripleDES(
Traceback (most recent call last):
File "/usr/bin/ipa-client-install", line 22, in <module>
from ipaclient.install import ipa_client_install
File "/usr/lib/python3.13/site-packages/ipaclient/install/ipa_client_install.py", line 7, in <module>
from ipaclient.install import client
File "/usr/lib/python3.13/site-packages/ipaclient/install/client.py", line 37, in <module>
from ipalib import api, errors, x509
File "/usr/lib/python3.13/site-packages/ipalib/__init__.py", line 921, in <module>
from ipalib.frontend import Command, LocalOrRemote, Updater
File "/usr/lib/python3.13/site-packages/ipalib/frontend.py", line 31, in <module>
from ipalib.parameters import create_param, Param, Str, Flag
File "/usr/lib/python3.13/site-packages/ipalib/parameters.py", line 125, in <module>
from ipalib.x509 import (
load_der_x509_certificate, IPACertificate, default_backend)
File "/usr/lib/python3.13/site-packages/ipalib/x509.py", line 91, in <module>
class IPACertificate(crypto_x509.Certificate):
...<358 lines>...
return self._cert.verify_directly_issued_by(issuer)
TypeError: type 'cryptography.hazmat.bindings._rust.x509.Certificate' is not an acceptable base type
patlefort commented on 2024-09-02 17:52 (UTC)
@furbyhaxx: Only the server component use libpwquality. That error indicate that your PAM modules is using libpwquality module and that would be configured either manually or with authselect. Mine is setup with authselect and I only see pam_pwquality.so local_users_only
lines. How did you configure your pam modules?
furbyhaxx commented on 2024-09-02 10:07 (UTC) (edited on 2024-09-02 10:07 (UTC) by furbyhaxx)
dependency "extra/libpwquality" is missing, not sure where exactly but on a freshly installed arch lxc with the freeipa-client installed, this module is missing and prevents changing passwords of remote users with error: "passwd: Module is unknown"
Pinned Comments
patlefort commented on 2024-07-23 11:37 (UTC)
Keys are in
keys/pgp
of this package.