May 2019 - FreeIPA-devel - Fedora mailing-lists

[freeipa PR#3216][opened] fix LWCA key retrieval on f30
by frasertweedale 13 Jun '19

13 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3216 Author: frasertweedale Title: #3216: fix LWCA key retrieval on f30 Action: opened PR body: """ This PR includes fixes for LWCA key retrieval on f30 and fixes for handling of missing LWCA keys in the ca_find and ca_show commands. Is is based upon https://github.com/freeipa/freeipa/pull/3210 which updates PR-CI to f30. (This PR revealed the issue on f30; the tests are not passing hence it has been merged yet.) ``` f029a6e3b (Fraser Tweedale, 7 hours ago) ipa-pki-retrieve-key: set KRB5CCNAME On Fedora 30, for some reason LDAP GSS-API bind now fails in the ipa-pki-retrieve-key program. The Dogtag keytab credential acquisition does succeed, but those credentials are not used for the LDAP bind. Update CustodiaClient to support setting KRB5CCNAME when it creates credentials. This behaviour is optional and disabled by default (no behavioural change for other use cases). But enable this behaviour in ipa-pki-retrieve-key so the Dogtag credentials are used for the LDAP bind. Fixes: https://pagure.io/freeipa/issue/7964 fff5119cd (Fraser Tweedale, 85 minutes ago) Handle missing LWCA certificate or chain If lightweight CA key replication has not completed, requests for the certificate or chain will return 404**. This can occur in normal operation, and should be a temporary condition. Detect this case and handle it by simply omitting the 'certificate' and/or 'certificate_out' fields in the response, and add a warning message to the response. Also update the client-side plugin that handles the --certificate-out option. Because the CLI will automatically print the warning message, if the expected field is missing from the response, just ignore it and continue processing. ** after the Dogtag NullPointerException gets fixed! Part of: https://pagure.io/freeipa/issue/7964 b59c49351 (Armando Neto, 2 days ago) Add Fedora 30 test definitions and bump template version Signed-off-by: Armando Neto <abiagion(a)redhat.com> ``` """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3216/head:pr3216 git checkout pr3216

1 1

[freeipa PR#3158][opened] admintool: don't display log file on errors unless logging is setup
by rcritten 11 Jun '19

11 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3158 Author: rcritten Title: #3158: admintool: don't display log file on errors unless logging is setup Action: opened PR body: """ The admintool will display the message when something goes wrong: See %s for more information" % self.log_file_name This is handy except when finally logging setup is not done yet so the log file doesn't actually get written to. This can happen if validation catches and raises an exception. The workaround is to save off and remove the log_file_name value before calling validation, then restore it if successful. This will suppress the above error message. Fixes: https://pagure.io/freeipa/issue/7952 Signed-off-by: Rob Crittenden <rcritten(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3158/head:pr3158 git checkout pr3158

2 1

[freeipa PR#3212][opened] dn: sort AVAs when converting from x509.Name
by frasertweedale 11 Jun '19

11 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3212 Author: frasertweedale Title: #3212: dn: sort AVAs when converting from x509.Name Action: opened PR body: """ Equal DNs with multi-valued RDNs can compare inequal if one (or both) is constructed from a cryptography.x509.Name, because the AVAs in the multi-valued RDNs are not being sorted. Sort the AVAs when constructing from Name and add test cases for equality checks on multi-valued RDNs constructed from inputs with permuted AVA order. Part of: https://pagure.io/freeipa/issue/7963 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3212/head:pr3212 git checkout pr3212

1 1

[freeipa PR#3219][opened] .gitignore: add ipa-cert-fix program
by frasertweedale 11 Jun '19

11 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3219 Author: frasertweedale Title: #3219: .gitignore: add ipa-cert-fix program Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3219/head:pr3219 git checkout pr3219

1 1

[freeipa PR#3162][opened] Tests for autounmembership feature
by kaleemsiddiqu 06 Jun '19

06 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3162 Author: kaleemsiddiqu Title: #3162: Tests for autounmembership feature Action: opened PR body: """ New feature of autounmembership added in 389-ds-base https://pagure.io/389-ds-base/issue/50077 Signed-off-by: Kaleemullah Siddiqui <ksiddiqu(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3162/head:pr3162 git checkout pr3162

2 3

[freeipa PR#3217][opened] ipatests: allow to relax security of LDAP connection from controller to IPA host
by wladich 05 Jun '19

05 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3217 Author: wladich Title: #3217: ipatests: allow to relax security of LDAP connection from controller to IPA host Action: opened PR body: """ The Host.ldap_connect() method uses LDAPClient from ipapython package. In a3934a21 we started to use secure connection from tests controller to ipa server. And also 5be9341f changed the LDAPClient.simple_bind method to forbid password based authentiction over insecure connection. This makes it imposible to establish ldap connection in some test configurations where hostnames known to ipa server do not match ones known to tests controller (i.e. when host.hostname != host.external_hostname) because TLS certificate is issued for host.hostname and test controller tries to verify it against host.external_hostname. A sublass of LDAPClient is provided which allows to skip certificate check. Fixes: https://pagure.io/freeipa/issue/7960 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3217/head:pr3217 git checkout pr3217

1 1

[freeipa PR#3218][opened] [testing_f28] Nightly PR
by freeipa-pr-ci 04 Jun '19

04 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3218 Author: freeipa-pr-ci Title: #3218: [testing_f28] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3218/head:pr3218 git checkout pr3218

1 1

[freeipa PR#3220][opened] [testing_master] Nightly PR
by freeipa-pr-ci 03 Jun '19

03 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3220 Author: freeipa-pr-ci Title: #3220: [testing_master] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3220/head:pr3220 git checkout pr3220

1 1

[freeipa PR#3189][opened] [testing_ipa-4.6] Nightly PR
by freeipa-pr-ci 02 Jun '19

02 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3189 Author: freeipa-pr-ci Title: #3189: [testing_ipa-4.6] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3189/head:pr3189 git checkout pr3189

1 1

[freeipa PR#3188][opened] [testing_ipa-4.7] Nightly PR
by freeipa-pr-ci 02 Jun '19

02 Jun '19

URL: https://github.com/freeipa/freeipa/pull/3188 Author: freeipa-pr-ci Title: #3188: [testing_ipa-4.7] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3188/head:pr3188 git checkout pr3188

1 1

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel May 2019