freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #01308
[Bug 2055830] Re: please remove dogtag-pki from noble
Hang on, the bits it needs from tomcat9 can be vendored inside dogtag-
pki, and dependency for tomcat9-user dropped. But it would still need
libtomcat9-java to be available, which AIUI should be fine as Debian is
shipping it as well.
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to dogtag-pki in Ubuntu.
https://bugs.launchpad.net/bugs/2055830
Title:
please remove dogtag-pki from noble
Status in dogtag-pki package in Ubuntu:
New
Status in tomcat9 package in Ubuntu:
New
Bug description:
dogtag-pki fails to build due to the missing and obsolete dependency (python3-six, distutils).
After fixing the missing dependencies, the package fails to unpack with the following error message:
-----
Unpacking pki-server (11.2.1-2ubuntu1) ...
dpkg: error processing archive /tmp/apt-dpkg-install-V2J5IB/123-pki-server_11.2.1-2ubuntu1_amd64.deb (--unpack):
unable to open '/usr/lib/systemd/system/pki-tomcatd@xxxxxxxxxxxxx-new': No such file or directory
No apport report written because the error message indicates an issue on the local system
----
The package also attempts to install service file to /lib[3].
After working around those issues I was able to create a pki server
which started an empty tomcat instance.
tomcat9 migration to 9.0.70-2 is blocked by dogtag-pki.
dogtag-pki can not be trivially upgraded to tomcat10 because dogtag-pki upstream implementation depends on tomcat9 [1][2].
tomcat9 removal bug[4] states that `dogtag-pki` was removed from
bookworm[5]
reverse dependencies - no reverse dependenices found
$ reverse-depends -b src:dogtag-pki
No reverse dependencies found
$ reverse-depends src:dogtag-pki
$
The package contains a number of issues - it can not be built,
installed and used properly. More importantly it blocks tomcat9
migration which leaves users with tomcat 9.0.70 has a number of known
security issues[6]
Would it be possible to consider removing source and binaries of the
package from noble?
[1] https://github.com/dogtagpki/pki/blob/master/base/tomcat/pom.xml
[2] https://github.com/dogtagpki/pki/blob/master/base/tomcat-9.0/pom.xml
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054480
[4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034824
[5] https://tracker.debian.org/pkg/dogtag-pki
[6] https://tomcat.apache.org/security-9.html
Original description:
-----------
a -W /<<PKGBUILDDIR>>/base/common/python /<<PKGBUILDDIR>>/build/core/base/common/python/html
Running Sphinx v7.2.6
making output directory... done
building [mo]: all of 0 po files
writing output...
building [html]: all source files
updating environment: [new config] 2 added, 0 changed, 0 removed
�[2Kreading sources... [ 50%] index
�[2Kreading sources... [100%] pki
Warning, treated as error:
autodoc: failed to import module 'pki'; the following exception was raised:
No module named 'six'
make[4]: *** [base/common/python/CMakeFiles/dogtag_python_client_docs.dir/build.make:71: base/common/python/CMakeFiles/dogtag_python_client_docs] Error 2
make[4]: Leaving directory '/<<PKGBUILDDIR>>/build/core'
make[3]: *** [CMakeFiles/Makefile2:1361: base/common/python/CMakeFiles/dogtag_python_client_docs.dir/all] Error 2
make[3]: Leaving directory '/<<PKGBUILDDIR>>/build/core'
make[2]: *** [Makefile:156: all] Error 2
make[2]: Leaving directory '/<<PKGBUILDDIR>>/build/core'
make[1]: *** [debian/rules:66: debian/stamp/x86_64-linux-gnu-build-core] Error 2
----------
See[1]
https://launchpad.net/~vpa1977/+archive/ubuntu/october-21/+build/27797951/+files/buildlog_ubuntu-
noble-amd64.dogtag-pki_11.2.1-2_BUILDING.txt.gz
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dogtag-pki/+bug/2055830/+subscriptions
References
