[Pkg-freeipa-devel] [Git][freeipa-team/freeipa][master-next] 390 commits: VERSION.m4: Set back to git snapshot
Timo Aaltonen
gitlab at salsa.debian.org
Sun Feb 10 10:14:29 GMT 2019
Timo Aaltonen pushed to branch master-next at FreeIPA packaging / freeipa
Commits:
dc5370fb by Rob Crittenden at 2018-07-19T16:54:11Z
VERSION.m4: Set back to git snapshot
- - - - -
28573111 by Rob Crittenden at 2018-07-23T19:02:20Z
Set zanata branch to ipa-4-7
- - - - -
2438c331 by Petr Vobornik at 2018-07-25T08:05:33Z
webui: change indentation of freeipa/_base/debug.js
Change to use spaces for indentation as it was the the only file
which uses tabs and not spaces.
Signed-off-by: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
84e48df9 by Petr Vobornik at 2018-07-25T08:05:33Z
webui: remove mixed indentation in App and LoginScreen
Only spaces should be used for indentation.
It was introduced in commits:
* 7f9f59bae2a362ce945c49ad8342393b7a5c024f
* 5d8fde0ac1a43c8f3dbc53b44d69f3663a8b36fb
Related to: https://pagure.io/freeipa/issue/7559
Signed-off-by: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
8699fb73 by Ganna Kaihorodova at 2018-07-25T18:04:43Z
Add check for occuring traceback during uninstallation ipa master
Modified master uninstall task for traceback check
That approach give us wide coverage and multiple scenarious
to catch traceback during uninstallation process
Add verbose option to uninstall server and set to False
Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1480502
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
Reviewed-By: Petr Cech <pcech at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
52fa23c0 by Christian Heimes at 2018-07-31T11:40:13Z
Add convenient template for temp commits
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>
- - - - -
e44af227 by Christian Heimes at 2018-07-31T11:40:13Z
Fix topology configuration of nightly runs
Some nightly runs didn't have enough resources configured.
See: https://pagure.io/freeipa/issue/7638
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>
- - - - -
43dde143 by Felipe Barreto at 2018-07-31T11:40:13Z
Making nigthly test definition editable by FreeIPA's contributors
Now the test definition of nightly tests will be on freeipa repo. The
definition that's used on every PR (previously as .freeipa-pr-ci.yaml)
is in ipatests/prci_definitions/gating and the .freeipa-pr-ci.yaml file
is just a symlink to the real file.
In the same dir there is also nightly_master and nightly_rawhide, both
to be used in nightly tests.
Divided test_topology.py into 3 subtests.
Bumped vagrant template to version 0.1.6
This PR is the result of discussion on freeipa-devel mailing list [1].
[1] https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/4VAWJ4SFKKBFFICDLQCTXJWRRQHIYJLL/
Reviewed-By: Michal Reznik <mreznik at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>
- - - - -
dc5df243 by Orion Poplawski at 2018-07-31T11:44:01Z
ipaclient-install: chmod needs octal permissions
Fixes incorrect usage introduced in 792adebfabb456d154164387fb7e60acb30f4325
https://pagure.io/freeipa/issue/7650
Signed-off-by: Orion Poplawski <orion at nwra.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
39c6d2a4 by Thomas Woerner at 2018-07-31T11:46:14Z
Fix $-style format string in ipa_ldap_init (util/ipa_ldap.c)
The second argument was not used, but the first one was used twice.
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
e0a8a296 by Christian Heimes at 2018-08-03T09:37:50Z
Rename pytest_plugins to ipatests.pytest_ipa
pytest 3.7.0 doesn't like ipatests.pytest_plugins package. The string
"pytest_plugins" is used as marker to load plugins. By populare vote and
to avoid future conflicts, we decided to rename the directory to pytest_ipa.
Fixes: https://pagure.io/freeipa/issue/7663
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
b7db3ec5 by Thomas Woerner at 2018-08-03T14:27:38Z
ipaserver/plugins/cert.py: Added reason to raise of errors.NotFound
In the case that enabledService is not found ipaConfigString kdc entry, a
NotFound error was raised without setting the reason. This resulted in a
traceback.
Fixes: https://pagure.io/freeipa/issue/7652
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
5f373629 by Timo Aaltonen at 2018-08-03T21:53:42Z
mark some bugs as not upstreamable
- - - - -
de8e4125 by Timo Aaltonen at 2018-08-03T22:13:31Z
control, rules: Switch rhino to nodejs for ui build.
- - - - -
e9f54876 by Timo Aaltonen at 2018-08-03T22:14:03Z
d/s/local-options: Add some files to ignore.
- - - - -
d55b7ce7 by Timo Aaltonen at 2018-08-03T22:21:56Z
control, copyright: Add libjs-uglify to build-depends, the embedded copy was removed.
- - - - -
514fca12 by Timo Aaltonen at 2018-08-03T22:30:35Z
fix uglify deps, drop librhino-java too
- - - - -
29ef2c15 by Timo Aaltonen at 2018-08-03T22:42:11Z
control, fix-py3-lesscpy-name.diff: Add python3-lesscpy to build- depends, call the binary with the correct name.
- - - - -
7da8315a by Timo Aaltonen at 2018-08-03T22:52:48Z
control: Add python3-pkg-resources to build-depends.
- - - - -
4fd17917 by Timo Aaltonen at 2018-08-04T07:38:19Z
client.install: Add new template.
- - - - -
bc405b38 by Timo Aaltonen at 2018-08-04T07:44:18Z
control: Update vcs urls.
- - - - -
ac53bcf3 by Timo Aaltonen at 2018-08-04T07:45:01Z
control: Mark priority as optional.
- - - - -
949e6e96 by Timo Aaltonen at 2018-08-04T07:57:40Z
control, rules: Bump dh to 11.
- - - - -
bc60eea0 by Timo Aaltonen at 2018-08-04T08:01:31Z
control: Add adduser to server depends.
- - - - -
c089f4c4 by Timo Aaltonen at 2018-08-04T08:04:02Z
source/lintian-overrides: Updated.
- - - - -
a5fa72c7 by Timo Aaltonen at 2018-08-04T08:04:55Z
control: Bump policy to 4.1.5.
- - - - -
9cc49cda by Michal Reznik at 2018-08-06T14:48:58Z
prci_definitions: fix wrong indentation in the nightly yaml
TestLineTopologyWithoutCA definition has wrong indentation.
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
890d7739 by Thierry Bordaz at 2018-08-06T14:50:07Z
In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange
When making ipa-pwd-extop TXN aware, some callbacks are call twice.
Particularily
ipapwd_pre_add is called during PRE_ADD and TXN_PRE_ADD
ipapwd_pre_mod is called during PRE_MOD and TXN_PRE_MOD
ipapwd_post_modadd is called during POST_ADD and TXN_POST_ADD
ipapwd_post_modadd is called during POST_MOD and TXN_POST_MOD
It is not the expected behavior and it results on some skipped updates krbPasswordExpiration
and krbLastPwdChange
https://pagure.io/freeipa/issue/7601
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
7d40c66e by Florence Blanc-Renaud at 2018-08-07T12:55:23Z
Tests: add integration test for password changes by dir mgr
Add a test for issue 7601:
- add a user, perform kinit user to modify the password, read krblastpwdchange
and krbpasswordexpiration.
- perform a ldapmodify on the password as dir mgr
- make sure that krblastpwdchange and krbpasswordexpiration have been modified
- perform the same check with ldappasswd
Related to:
https://pagure.io/freeipa/issue/7601
Reviewed-By: Thierry Bordaz <tbordaz at redhat.com>
- - - - -
efd85b74 by Thomas Woerner at 2018-08-07T14:27:42Z
httpinstance: Restore SELinux context of session_dir /etc/httpd/alias
The session directory /etc/httpd/alias/ could be created with the wrong
SELinux context. Therefore httpd was not able to write to this directory.
Fixes: https://pagure.io/freeipa/issue/7662
Related-to: 49b4a057f1b0459331bcec2c8d760627d00e4571 (Create missing
/etc/httpd/alias for ipasession.key)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
54d41564 by Thomas Woerner at 2018-08-07T14:27:42Z
ipa_restore: Restore SELinux context of template_dir /var/log/dirsrv/slapd-X
The template directory /var/log/dirsrv/slapd-X could be created with the
wrong SELinux context.
Related to: https://pagure.io/freeipa/issue/7662
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
4c089836 by Florence Blanc-Renaud at 2018-08-09T07:33:28Z
PRCI: extend timeouts for gating
Some tests have been identified as frequently failing on timeouts. While
we are investigating PRCI potential issues, increase the timeouts to
make PRCI usable. The rule is to add 30min if the test involves CA/KRA
installation or 20min otherwise for the most problematic tests.
test_forced_client_enrolment: from 1h to 1h20
test_vault: from 1h15 to 1h45
external_ca_1: from 1h to 1h20
test_sudo: from 1h to 1h20
test_authconfig: from 1h to 1h20
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
d6bdfe41 by Michal Reznik at 2018-08-13T12:20:18Z
ipa_tests: test ssh keys login
Integration test for:
https://pagure.io/SSSD/sssd/issue/3747
IPA ticket: https://pagure.io/freeipa/issue/7664
Reviewed-By: Armando Neto <abiagion at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
b6e59754 by Alexander Bokovoy at 2018-08-13T13:28:08Z
ipa-extdom-extop: Update licenses to GPLv3 or later with exceptions
The code in question was supposed to have the same license as the
rest of the plugin. Fix it by updating the comment header.
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>
- - - - -
5e8bc96b by Alexander Bokovoy at 2018-08-13T14:57:39Z
Move fips_enabled to a common library to share across different plugins
Related: https://pagure.io/freeipa/issue/7659
Reviewed-By: Robbie Harwood <rharwood at redhat.com>
- - - - -
04c5798d by Alexander Bokovoy at 2018-08-13T14:57:39Z
ipasam: do not use RC4 in FIPS mode
When creating Kerberos keys for trusted domain object account, ipasam
module requests to generate keys using a series of well-known encryption
types. In FIPS mode it is not possible to generate RC4-HMAC key:
MIT Kerberos is using openssl crypto backend and openssl does not allow
use of RC4 in FIPS mode.
Thus, we have to filter out RC4-HMAC encryption type when running in
FIPS mode. A side-effect is that a trust to Active Directory running
with Windows Server 2003 will not be possible anymore in FIPS mode.
Resolves: https://pagure.io/freeipa/issue/7659
Reviewed-By: Robbie Harwood <rharwood at redhat.com>
- - - - -
4fa36abd by Serhii Tsymbaliuk at 2018-08-13T14:59:40Z
Replace logo images with new one (version 4.7)
Resolves: https://pagure.io/freeipa/issue/7362
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
1ef0bc2f by Stanislav Levin at 2018-08-15T07:05:58Z
Replace the direct URL with config's one
To be customizable URL should be placed to "config"
Fixes: https://pagure.io/freeipa/issue/7621
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
4e1bdff2 by Stanislav Levin at 2018-08-15T07:05:58Z
Fix translation of "sync_otp" plugin
To be translatable messages should be marked with '@i18n' and
present in "i18n_messages" dictionary.
Fixes: https://pagure.io/freeipa/issue/7621
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
6bc7ae07 by Stanislav Levin at 2018-08-15T07:05:58Z
Fix translation of "SyncOTPScreen" widget
To be translatable messages should be marked with '@i18n' and
present in "i18n_messages" dictionary.
Fixes: https://pagure.io/freeipa/issue/7621
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
208ae7aa by Rob Crittenden at 2018-08-15T12:19:38Z
Convert members into types in sudorule-*-option
The indirect members need to be calculated and the member
attributes converted. This is normally done in
baseldap::LDAPRetrieve but these methods provide their
own execute() in order to handle the option values.
Update sudorule_add|remove_option tests to include check
that converted user/group exists in the proper format.
https://pagure.io/freeipa/issue/7649
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
6daf4dad by Tibor Dudlák at 2018-08-16T12:46:11Z
Re-open the ldif file to prevent error message
There was an issue with ipa-server-upgrade and it was
showing an error while upgrading:
DN... does not exists or haven't been updated, caused
by not moving pointer to file begining when re-reading.
Resolves: https://pagure.io/freeipa/issue/7644
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
421e61cf by Tibor Dudlák at 2018-08-16T12:46:11Z
Add assert to check output of upgrade
Ckeck the output of ipa-server-upgrade script for error.
Related to: https://pagure.io/freeipa/issue/7644
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
9d5cc29d by Mohammad Rizwan Yusuf at 2018-08-21T12:31:44Z
Check if user permssions and umask 0022 is set when executing ipa-restore
This test checks if the access rights for user/group
is set to 644 on /var/lib/dirsrv/slapd-TESTRELM-TEST/ldif/*
and umask 0022 set while restoring.
related ticket: https://pagure.io/freeipa/issue/6844
Signed-off-by: Mohammad Rizwan Yusuf <myusuf at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
85e18f8b by Serhii Tsymbaliuk at 2018-08-22T08:58:54Z
Replace old login screen logo with new one
Related: https://pagure.io/freeipa/issue/7362
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
ea865937 by Timo Aaltonen at 2018-08-23T04:46:31Z
control: Update maintainer list address.
- - - - -
b6f39968 by Michal Reznik at 2018-08-23T10:05:42Z
test: client uninstall fails when installed using non-existing hostname
https://pagure.io/freeipa/issue/7620
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
04845bad by Rob Crittenden at 2018-08-23T11:40:36Z
Honor no-host-dns when creating client host in replica install
--no-host-dns is supposed to avoid all DNS lookups so pass
this as the force value when creating the host in a replica
installation.
https://pagure.io/freeipa/issue/7656
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
cab3016e by Florence Blanc-Renaud at 2018-08-23T11:57:47Z
uninstall -v: remove Tracebacks
ipa-server-install --uninstall -v -U prints Traceback in its log file.
This issue happens because it calls subprocess.Popen with close_fds=True
(which closes all file descriptors in the child process)
but it is trying to use the file logger in the child process
(preexec_fn is called in the child just before the child is executed).
The fix is using the logger only in the parent process.
Fixes: https://pagure.io/freeipa/issue/7681
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
2d2549d1 by Florence Blanc-Renaud at 2018-08-23T11:57:47Z
ipautil.run: add test for runas parameter
Add a test for ipautil.run() method called with runas parameter.
The test is using ipautil.run() to execute /usr/bin/id and
checks that the uid/gid are consistent with the runas parameter.
Note that the test needs to be launched by the root user
(non-privileged user may not have the rights to execute ipautil.run()
with runas parameter).
Related to: https://pagure.io/freeipa/issue/7681
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
9f2d8f5b by Florence Blanc-Renaud at 2018-08-23T12:00:36Z
ipa commands: print 'IPA is not configured' when ipa is not setup
Some commands print tracebacks or unclear error message when
they are called on a machine where ipa packages are installed but
IPA is not configured.
Consistently report 'IPA is not configured on this system' in this
case.
Related to https://pagure.io/freeipa/issue/6261
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
8cf6b6ea by Florence Blanc-Renaud at 2018-08-23T12:00:36Z
Test: test ipa-* commands when IPA is not configured
Add a test checking that ipa-* commands properly display
'IPA is not configured on this system' when called on a
system without IPA.
Related to: https://pagure.io/freeipa/issue/6261
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
32c52db6 by Christian Heimes at 2018-08-24T10:15:52Z
Detect and prefer platform Python
A platform Python interpreter is a special variant of the interpreter,
that is only used for system software. It's located at
/usr/libexec/platform-python.
Fixes: https://pagure.io/freeipa/issue/7680
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
a29418ea by Christian Heimes at 2018-08-24T10:15:52Z
Rename Python scripts and add dynamic shebang
All Python scripts are now generated from a template with a dynamic
shebang.
ipatests/i18n.py is no longer an executable script with shebang. The
module is not executed as script directly, but rather as
$(PYTHON) ipatests/i18n.py
Fixes: https://pagure.io/freeipa/issue/7680
All Python scripts are now template files with a dynamic shebang line.
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
85dd29f1 by Christian Heimes at 2018-08-24T10:15:52Z
Generate scripts from templates
Python scripts are now generated from templates. The scripts are marked
as nodist (no distribution) but install targets. The templates for the
scripts are extra distribution data, no installation (noinst).
Fixes: https://pagure.io/freeipa/issue/7680
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
30443d1d by Florence Blanc-Renaud at 2018-08-27T07:54:38Z
DS replication settings: fix regression with <3.3 master
Commit 811b0fdb4620938963f1a29d3fdd22257327562c introduced a regression
when configuring replication with a master < 3.3
Even if 389-ds schema is extended with nsds5ReplicaReleaseTimeout,
nsds5ReplicaBackoffMax and nsDS5ReplicaBindDnGroupCheckInterval
attributes, it will return UNWILLING_TO_PERFORM when a mod
operation is performed on the cn=replica entry.
This patch ignores the error and logs a debug msg.
See: https://pagure.io/freeipa/issue/7617
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
2ad27428 by Stanislav Levin at 2018-08-28T07:03:20Z
Add MigrateScreen widget
This widget is intended to integrate password migrate page into the
entire IPA Web framework. The functionality is the same as mentioned
standalone "ipa/migration/index.html".
Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
53e4e34a by Stanislav Levin at 2018-08-28T07:03:20Z
Add "migrate" Web UI plugin
This plugin creates and registers a facet with password migrate page.
Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
ad7f26c5 by Stanislav Levin at 2018-08-28T07:03:20Z
Return the result of "password migration" procedure
So far "migration" end point redirected to "error"/"invalid" page as
a result of the client request. To use ajax requests and to not
reload/load the whole page the response should include the result of
request.
Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
d05f678b by Stanislav Levin at 2018-08-28T07:03:20Z
Integrate "migration" page to IPA Web framework.
To use all advantages of entire Web framework the "migration" page
should use "migrate" plugin. As well this allows to use IPA
translations.
Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
cc1c5aad by Stanislav Levin at 2018-08-28T07:03:20Z
Provide translatable messages for MigrateScreen widget
Translatable messages should be marked with @i18n. Also
these messages should be presented in "i18n_messages" dictionary.
Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
92a23477 by Stanislav Levin at 2018-08-28T07:03:20Z
Clean up migration "error" and "invalid" pages from project
Migration error/invalid html pages are no longer needed as their
functionality was moved to "migrate" plugin.
Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
382472dc by Stanislav Levin at 2018-08-28T07:03:20Z
Add basic tests for "migration" end point
Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
533067e3 by Petr Vobornik at 2018-08-28T07:03:20Z
webui: redable color of invalid fields on login-screen-like pages
Pages with widgets like LoginScreen, MigrateScreen use login-pf styling.
This page has dark background instead of light. Thus styling for labels
for fields with error has color which makes the label hard to read or
almost invisible.
Change it to white so it is still readable.
Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
660f90b2 by Mohammad Rizwan Yusuf at 2018-08-28T07:05:38Z
Test if WSGI worker process count is set to 4
related ticket : https://pagure.io/freeipa/issue/7587
Signed-off-by: Mohammad Rizwan Yusuf <myusuf at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
15ce6c81 by Tibor Dudlák at 2018-08-28T12:06:55Z
Do not set ca_host when --setup-ca is used
Setting ca_host caused replication failures on DL0
because it was trying to connect to wrong CA host.
Trying to avoid corner-case in ipaserver/plugins/dogtag.py
when api.env.host nor api.env.ca_host had not CA configured
and there was ca_host set to api.env.ca_host variable.
See: https://pagure.io/freeipa/issue/7566
Resolves: https://pagure.io/freeipa/issue/7629
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
9e65f203 by Stanislav Levin at 2018-08-28T13:51:24Z
Fix "get_key_index" to fit caller's expectations
The clients of "get_key_index" expect index of key in matching case
otherwise -1. But instead of this function returns the "undefined"
value.
Fixes: https://pagure.io/freeipa/issue/7678
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
8b8dbaab by Stanislav Levin at 2018-08-28T13:51:24Z
Reindex 'key_indicies' after item delete
The "keys.splice(i, 1)" removes one item at the specified position
from an array. Thus hashes which are stored at "that._key_indicies"
are no longer valid and should be reindexed.
Fixes: https://pagure.io/freeipa/issue/7678
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
1c7771f2 by Rob Crittenden at 2018-08-29T11:53:03Z
Retrieve certificate subject base directly instead of ipa-join
The subject base is used as a fallback to find the available
CA certificates during client enrollment if the LDAP connection
fails (e.g. due to new client connecting to very old server) and
for constructing the subject if a certificate is requested.
raw=True is passed to config-show in order to avoid parsing
the server roles which will fail because the services aren't
marked as enabled until after the client installation is
successful on a master.
ipa-join providing the subject base via stderr was fragile and
would cause client enrollment to fail if any other output was
included in stderr.
https://pagure.io/freeipa/issue/7674
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
bf66c85a by Christian Heimes at 2018-08-30T15:42:26Z
Refactor os-release and platform information
Move the /etc/os-release parser and platform detection code out of the
private _importhook module. The ipaplatform module now contains an
osinfo module that provides distribution, os, and vendor information.
See: https://www.freedesktop.org/software/systemd/man/os-release.html
See: https://pagure.io/freeipa/issue/7661
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
0519c5b4 by Christian Heimes at 2018-08-30T15:42:26Z
Don't check for systemd service
ipaplatform no longer checks for the presence of a systemd service file
to detect the name of the domainname service. Instead it uses osinfo's
version to use the old name on Fedora 28 and the new name on Fedora 29.
This fixes a SELinux violation that prevented httpd from listing systemd
service files.
Fixes: https://pagure.io/freeipa/issue/7661
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
88d21569 by Michal Reznik at 2018-08-31T12:58:44Z
Add "389-ds-base-legacy-tools" to requires.
"389-ds-base-legacy-tools" needs to be added to requires until
the switch to python installer is completed.
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
2dae9e28 by Robbie Harwood at 2018-09-03T07:11:08Z
Clear next field when returnining list elements in queue.c
The ipa-otpd code occasionally removes elements from one queue,
inspects and modifies them, and then inserts them into
another (possibly identical, possibly different) queue. When the next
pointer isn't cleared, this can result in element membership in both
queues, leading to double frees, or even self-referential elements,
causing infinite loops at traversal time.
Rather than eliminating the pattern, make it safe by clearing the next
field any time an element enters or exits a queue.
Related https://pagure.io/freeipa/issue/7262
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
56ec7c8c by Robbie Harwood at 2018-09-03T07:11:08Z
Add cmocka unit tests for ipa otpd queue code
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
de4eca78 by Michal Reznik at 2018-09-03T13:04:15Z
bump PRCI template version to 0.1.8
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
a6678960 by Florence Blanc-Renaud at 2018-09-03T13:05:23Z
ipa-server-install: do not perform forwarder validation with --no-dnssec-validation
ipa-server-install is checking if the forwarder(s) specified with
--forwarder argument support DNSSEC. When the --no-dnssec-validation
option is added, the installer should not perform the check.
Fixes: https://pagure.io/freeipa/issue/7666
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
ac7b3f98 by Florence Blanc-Renaud at 2018-09-03T13:05:23Z
tests: add test for server install with --no-dnssec-validation
Add 2 tests related to the checks performed by ipa-server-install
when --forwarder is specified:
- if the forwarder is not reachable and we require dnssec validation,
the installer must refuse to go on and exit on error.
- if the forwarder is not reachable but --no-dnssec-validation is
provided, the installer must continue.
Related to https://pagure.io/freeipa/issue/7666
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
f611e5ac by Thomas Woerner at 2018-09-05T12:24:06Z
Adapt freeipa.spec.in for latest Fedora, fix python2 ipatests packaging bug
New autoreconf -ivf call before configure
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
fc32cbb6 by Armando Neto at 2018-09-05T17:41:41Z
Delete empty keytab during client installation
Client installation fails if '/etc/krb5.keytab' exists as a zero-length
file. Deleting empty keytab before proceeding with the installation
fixes the problem.
https://pagure.io/freeipa/issue/7625
Signed-off-by: Armando Neto <abiagion at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
5b1dce59 by Stanislav Levin at 2018-09-06T12:21:05Z
Fix render validation items on keypress event at login form
There are many no needed render callings which are performed
on each keypress event at login form. It is enough to update
validation items on "CapsLock" state change.
Fixes: https://pagure.io/freeipa/issue/7679
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
09c78a1e by Florence Blanc-Renaud at 2018-09-06T12:23:48Z
ipa-replica-install: fix pkinit setup
commit 7284097 (Delay enabling services until end of installer)
introduced a regression in replica installation.
When the replica requests a cert for PKINIT, a check is done
to ensure that the hostname corresponds to a machine with a
KDC service enabled (ipaconfigstring attribute of
cn=KDC,cn=<hostname>,cn=masters,cn=ipa,cn=etc,$BASEDN must contain
'enabledService').
With the commit mentioned above, the service is set to enabled only
at the end of the installation.
The fix makes a less strict check, ensuring that 'enabledService'
or 'configuredService' is in ipaconfigstring.
Fixes: https://pagure.io/freeipa/issue/7566
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
5ea8f8ae by Florence Blanc-Renaud at 2018-09-06T12:23:48Z
Tests: test successful PKINIT install on replica
Add a test checking that ipa-replica-install successfully configures
PKINIT on the replica
Related to https://pagure.io/freeipa/issue/7566
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
ef865651 by Armando Neto at 2018-09-06T19:21:21Z
Fix certificate type error when exporting to file
Commands `ipa ca-show` and `ipa cert-show` share the same code,
this commit updates the former, closing the gap between them.
Reflecting the changes done in 5a44ca638310913ab6b0c239374f4b0ddeeedeb3.
https://pagure.io/freeipa/issue/7628
Signed-off-by: Armando Neto <abiagion at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
e9b05971 by Armando Neto at 2018-09-06T19:30:48Z
Add test for client installation with empty keytab file
Missing test case for cf1301fb064fc230c780c4bc5eeccb723899f7b6.
https://pagure.io/freeipa/issue/7625
Signed-off-by: Armando Neto <abiagion at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
e09a3e8a by Florence Blanc-Renaud at 2018-09-07T08:26:26Z
ipa-replica-install: properly use the file store
In ipa-replica-install, many components use their own instance
of the FileStore to backup configuration files to the pre-install
state. This causes issues when the calls are mixed, like for
instance:
ds.do_task1_that_backups_file (using ds.filestore)
http.do_task2_that_backups_file (using http.filestore)
ds.do_task3_that_backups_file (using ds.filestore)
because the list of files managed by ds.filestore does not include
the files managed by http.filestore, and the 3rd call would remove
any file added on 2nd call.
The symptom of this bug is that ipa-replica-install does not save
/etc/httpd/conf.d/ssl.conf and subsequent uninstallation does not
restore the file, leading to a line referring to ipa-rewrite.conf
that prevents httpd startup.
The installer should consistently use the same filestore.
Fixes https://pagure.io/freeipa/issue/7684
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
cca3531e by Florence Blanc-Renaud at 2018-09-07T08:26:26Z
Test: scenario replica install/uninstall should restore ssl.conf
Test that the scenario ipa-replica-install/ uninstall correctly
restores the file /etc/httpd/conf.d/ssl.conf
Related to https://pagure.io/freeipa/issue/7684
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
965aecf2 by Michal Reznik at 2018-09-07T12:22:58Z
tests: sssd_ssh fd leaks when user cert converted into SSH key
https://pagure.io/freeipa/issue/7687
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
1d8f3b9b by Michal Reznik at 2018-09-07T12:22:58Z
add strip_cert_header() to tasks.py
https://pagure.io/freeipa/issue/7687
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
d414c340 by Stanislav Levin at 2018-09-12T11:11:49Z
Fix translation of "unauthorized.html" Web page
Make this page message translatable as other parts of IPA framework.
Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
5404be8c by Stanislav Levin at 2018-09-12T11:11:49Z
Fix translation of "ssbrowser.html" Web page
Make this page message translatable as other parts of IPA framework.
Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
68b4824b by Stanislav Levin at 2018-09-12T11:11:49Z
Add basic tests to web pages which are located at /ipa/config/
The goal of these tests is to ensure that the translated text is
synced against a 'noscript' one.
Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
7c8ba1d7 by Stanislav Levin at 2018-09-12T11:48:28Z
Replace the direct URL with config's one
To be customizable URL should be placed to "config"
Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
ce15361a by Stanislav Levin at 2018-09-12T11:48:28Z
Add "reset_and_login" view to LoginScreen widget
Previous "reset" view is splitted to "reset" and "reset_and_login"
ones. "reset" is used to render "just reset password" logic. And
"reset_and_login" - "reset password and then log in".
Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
8da9935e by Stanislav Levin at 2018-09-12T11:48:28Z
Use "login" plugin instead of standalone JS file
Plugin "login" already has the same functionality as a JS code in
separated javascript file. There is no need to duplicate it.
Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
18c878ea by Stanislav Levin at 2018-09-12T11:48:28Z
Clean up reset_password.js file from project
reset_password.js is no longer needed as it's functionality is moved
to "login" plugin.
Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
b7290e45 by Stanislav Levin at 2018-09-12T11:48:28Z
Fix translations of messages in LoginScreen widget
To be translatable messages should be marked with '@i18n' and
present in "i18n_messages" dictionary.
Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
86f98e54 by Stanislav Levin at 2018-09-12T11:48:28Z
Add "bounce" logic from "reset_password.js"
This should add support for https://pagure.io/freeipa/issue/4440
Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
e24b1f62 by Stanislav Levin at 2018-09-12T11:48:28Z
Add tests for LoginScreen widget
Add some basic tests for different aspects of LoginScreen such as
'login', 'reset_and_login', 'reset' views.
Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
56bfd49d by Rob Crittenden at 2018-09-12T13:17:05Z
Update required version of dogtag to detect when FIPS is available
When it was checking for FIPS it assumed that /proc/sys/crypto
existed which it doesn't in some containers and on Ubuntu.
This was updated in dogtag, this change is just to pull in the
fix.
https://pagure.io/freeipa/issue/7608
Reviewed-By: Florence Blanc-Renaud <flo at redhat.com>
- - - - -
5cbb0f3d by Rob Crittenden at 2018-09-12T20:37:45Z
Advise plugin for enabling sudo for members of the admins group
Create HBAC and a sudo rule for allowing members of the admins
group to run sudo on all enrolled hosts.
https://pagure.io/freeipa/issue/7538
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
7ce49504 by Florence Blanc-Renaud at 2018-09-19T12:01:13Z
authselect: harden uninstallation of ipa client
When ipa client is uninstalled, the content of sysrestore.state
is read to restore the previous authselect profile and features.
The code should properly handle the case where sysrestore.state
contains the header for the authselect section, but the key=value
for profile and features are missing.
Fixes https://pagure.io/freeipa/issue/7657
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
4f323bc2 by Florence Blanc-Renaud at 2018-09-19T12:01:13Z
tests: add test for uninstall with incomplete sysrestore.state
Add a test that performs client uninstallation when sysrestore.state
contains the header for the [authselect] section but does not
contain a value for profile and features.
Related to https://pagure.io/freeipa/issue/7657
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
446c6c89 by Florence Blanc-Renaud at 2018-09-19T12:18:12Z
ipa-advise: configure pam_cert_auth=True for smart card on client
ipa-advise config-client-for-smart-card-auth is now using authselect
instead of authconfig, but authselect enable-feature with-smartcard
does not set pam_cert_auth=True in /etc/sssd/sssd.conf.
As a result, smart card auth on a client fails.
The fix adds a step in ipa-advise to configure pam_cert_auth=True.
The fix also forces the use of python3 interpreter, and handles
newer versions of SSSD which use OpenSSL instead of NSS (the trusted
CA certs must be put into /etc/sssd/pki/sssd_auth_ca_db.pem
Fixes https://pagure.io/freeipa/issue/7532
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
ba2ec069 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix hardcoded CSR in test_webui/test_cert.py
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
62bbc8e3 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Use random IPs and domains in test_webui/test_host.py
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
d0dc6197 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Increase request timeout for WebUI tests
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
ed15e441 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix test_realmdomains::test_add_single_labeled_domain (Web UI test)
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
338dd256 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Use random realmdomains in test_webui/test_realmdomains.py
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
e075b12b by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix test_user::test_login_without_username (Web UI test)
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
ef0549ef by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix unpermitted user session in test_selfservice (Web UI test)
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
a70cfcad by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Add SAN extension for CSR generation in test_cert (Web UI tests)
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
ba7405b1 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Generate CSR for test_host::test_certificates (Web UI test)
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
27a23a49 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Add cookies clearing for all Web UI tests
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
0740b048 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Remove unnecessary session clearing in some Web UI tests
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
8a08abbd by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Increase some timeouts in Web UI tests
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
eb117622 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix UI_driver.has_class exception. Handle situation when element has no class attribute
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
e73a44e8 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Change Web UI tests setup flow
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
- - - - -
3b226d8b by Rob Crittenden at 2018-09-20T06:53:13Z
Try to resolve the name passed into the password reader to a file
Rather than comparing the value passed in by Apache to a
hostname value just see if there is a file of that name in
/var/lib/ipa/passwds.
Use realpath to see if path information was passed in as one of
the options so that someone can't try to return random files from
the filesystem.
https://pagure.io/freeipa/issue/7528
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
1d54726c by Rob Crittenden at 2018-09-21T13:25:46Z
Fix uninstallation test, use different method to stop dirsrv
The API may not be initialized so using ds.is_running() may fail.
Call systemctl directly to ensure the dirsrv instance is stopped.
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>
- - - - -
9726372c by Rob Crittenden at 2018-09-21T13:25:46Z
Add uninstallation tests to night master and rawhide
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>
- - - - -
83a8fad0 by Thomas Woerner at 2018-09-24T06:25:28Z
Do not install ipa-replica-prepare
ipa-replica-prepare (script and man page) is only needed for DL0 support.
The script and man page are not installed anymore and also removed from
the spec file.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
416b3f17 by Thomas Woerner at 2018-09-24T06:25:28Z
Increase MIN_DOMAIN_LEVEL to DOMAIN_LEVEL_1
With increasing the minimal domain level to 1 ipa-replica-install will
refuse to install if the domain has domain level 0.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
0b81aeb8 by Thomas Woerner at 2018-09-24T06:25:28Z
Mark replica_file option as deprecated
The replica_file option is only supported for DL0. The option will be
marked deprecated for now.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
aafd2dbe by Thomas Woerner at 2018-09-24T06:25:28Z
Raise error if DL is set to 0 or DL0 options are used
In the case that the domain level is set to 0 or replica_file is set (not
None) an error will be raised.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
9001cfab by Thomas Woerner at 2018-09-24T06:25:28Z
Remove support for replica_file option from ipa-ca-install
Raise "Domain level 0 is not supported anymore" error if there are
remainaing args after parsing. Remove all "DOMAIN LEVEL 0" and
"DOMAIN LEVEL 1" prefixes from the man page.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
800c8c59 by Thomas Woerner at 2018-09-24T06:25:28Z
Remove support for replica_file option from ipa-kra-install
Raise "Domain level 0 is not supported anymore" error if there are
remainaing args after parsing. Remove all "DOMAIN LEVEL 0" and
"DOMAIN LEVEL 1" prefixes from the man page.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
67bbc9bd by Thomas Woerner at 2018-09-24T06:25:28Z
Remove DL0 specific sections from ipa-replica-install man page
Remove replica_file option and all "DOMAIN LEVEL 0" and "DOMAIN LEVEL 1"
prefixes and also sections specific to DL0 form the man page.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
b4a37c5a by Thomas Woerner at 2018-09-24T06:25:28Z
Remove "at DL1" from ipa-replica-manage man page
As there is currently only DL1, there is no need to have extra
sentences for "at domain level 1".
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
f7516be1 by Thomas Woerner at 2018-09-24T06:25:28Z
Remove "at DL1" from ipa-server-install man page
As there is currently only DL1, there is no need to have extra
sentences for "at domain level 1".
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
a3e179bd by Thomas Woerner at 2018-09-24T06:25:28Z
Move DL0 raises outside if existing conditionals to calm down pylint
This pull should not remove code, therefore it is needed to add addtional
conditionals to calm down pylint beacuse of unreachable code.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
a4420400 by Thomas Woerner at 2018-09-24T06:25:28Z
ipatests: Drop test_password_option_DL0
DL0 is not supported anymore therefore this test is failing.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
c4982dcc by Thomas Woerner at 2018-09-24T06:25:28Z
ipatests/test_ipaserver/test_install/test_installer.py: Drop tempfile import
This is not needed anymore due to the removal of the DL0 test
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
2c393ab6 by Thomas Woerner at 2018-09-24T06:25:28Z
ipaserver/install/adtrust.py: Do not use DOMAIN_LEVEL_0 for minimum
As there is the minimal domain level setting MIN_DOMAIN_LEVEL, it should
be used instead of DOMAIN_LEVEL_0.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
d8cb4260 by Thomas Woerner at 2018-09-24T06:25:28Z
ipatests/test_xmlrpc/tracker/server_plugin.py: Increase hard coded mindomainlevel
The hard coded mindomainlevel needs to be increased to 1.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
ddacf9eb by Thomas Woerner at 2018-09-24T06:25:28Z
replicainstall: Make sure that domain fulfills minimal domain level requirement
The old domain level check to suggest to use ipa-replica-prepare has been
converted to make sure that domain fulfills minimal domain level
requirement (no DL0).
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
9564fff6 by Florence Blanc-Renaud at 2018-09-24T10:53:55Z
ipatests: mark known failures as xfail
The tests in test_integration/test_installation.py
that inherit from InstallTestBase2 all fail in
test_replica2_ipa_kra_install because of ticket
7654: ipa-kra-install fails on DL1
This is an issue linked to dogtag (see
https://pagure.io/dogtagpki/issue/3055), where the
installation of a KRA clone creates a range depletion
when multiple clones are created from the same master.
Marking the tests as known failure, waiting for dogtag's
fix.
Related to https://pagure.io/freeipa/issue/7654
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
804480c2 by Florence Blanc-Renaud at 2018-09-25T13:19:42Z
Tests: remove dl0 tests from nightly definition
Commit fca1167af48651c3454c33c77ef28ec333220040 removed the following tests
from ipatests/test_integration/test_replica_promotion.py:
TestReplicaPromotionLevel0
TestKRAInstall
TestCAInstall
TestReplicaManageCommands
TestOldReplicaWorksAfterDomainUpgrade
but the nightly definition was not updated accordingly.
The fix removes the unexisting tests from nightly.
Related to https://pagure.io/freeipa/issue/7689
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
6dd586c7 by Christian Heimes at 2018-09-26T09:42:48Z
Disable DL0 specific tests
Disable tests that use domain level 0. Fail early to catch additional
tests that depend on DL0.
See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
93502c9d by Thomas Woerner at 2018-09-26T09:42:48Z
Remove ipa-replica-prepare script and man page
This is part of the DL0 code removal. As ipa-replica-prepare is only needed
and useful for domain level 0, the script can be removed.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
9dcf1dc6 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipa-ca-install
Replica files are DL0 specific therefore all the code that is related to
replica files have been removed. An additional check for the new minimal
domain level has been added.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
30d0fc07 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from cainstance and ca in ipaserver/install
cainstance.replica_ca_install_check is only used in ca.install_check if
replica_config is not None (replica installation). As it is immediately
stopped if promote is not set, therefore it can be removed.
The check for cafile in ca.install_check has been dropped. promote is set
to True in ca.install_step_0 if replica_config is not None for
cainstance.configure_instance.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
ff75a9f7 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipa_kra_install in ipaserver/install
Replica files are DL0 specific therefore all the code that is related to
replica files have been removed An additional check for the new minimal
domain level has been added. The use of extra args results in an error as
this was only needed for the replica file.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
474acad4 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from dsinstance ipaserver/install
Promote is now hard set to True in create_replica for later use in
_get_replication_manager.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
23264315 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from kra in ipaserver/install
The code to add missing KRA certificates has been removed from install_check
as it was only reached if replica_config is not None and promote was False
for DL0 replica installations. Also the other places.
Promote is now hard set to True if replica_config is not None in install
for later use in krainstance.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
fe625873 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove unused promote arg in krbinstance.create_replica in ipaserver/install
The argument was not used at all.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
3c959134 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipa_replica_install in ipaserver/install
Replica files are DL0 specific therefore the knob extension for
replica_file has been removed. Also the code that is only executed if
replica_file is not None.
The new variable replica_install has been added which is used in
ServerInstallInterface.__init__
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
7e17d73b by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from __init__ in ipaserver/install/server
The methods _is_promote has been removed from all classes as this has only
been used internally to check if the domain level is correct.
The check if the installer object has the attribute replica_file has been
modified to use the new variable replica_install defined in
CompatServerReplicaInstall instead.
The DL0 specific code from ServerInstallInterface.__init__ has been removed
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
bacef446 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from replicainstall in ipaserver/install/server
create_replica_config is not imported anymore from
ipaserver.install.installutils.
The promote argument has been removed from these functions and function
calls:
- install_replica_ds
- ds.create_replica
- install_krb
- krbinstance.create_replica
- install_http
- httpinstance.create_instance
The function install_check has been removed completely as it is only used
to prepare the DL0 installation.
All DL0 specific code has been removed from the install function.
The varaibles promote, installer.promote/options.promote and config.promote
have bene removed.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
7e7dfcd4 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove create_replica_config from installutils in ipaserver/install
This function is used to load the replica file. Without DL0 support this
is not needed at all anymore.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
fc62c735 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from custodiainstance in ipaserver/install
iWithout DL0 support the custodia mode can be used to determine if a
server or replica will be installed. Therefore the use of config.promote
can be removed.
A new check has been added to make sure the mode known in
get_custodia_instance.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
31cdb978 by Thomas Woerner at 2018-09-26T09:42:48Z
Rename CustodiaModes.STANDALONE to CustodiaModes.FIRST_MASTER
This is related to the DL0 code removal. FIRST_MASTER describes this
mode a lot better.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
e0a07717 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove options.promote from install in ipaserver/install/server/install
There is no need to set options.promote to false anymore for a server
installation in the install function.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
8eefa92b by Thomas Woerner at 2018-09-26T09:42:48Z
Remove replica_file from ClientInstall class in ipaclient/install/client.py
There is no need to set replica_file to None for client installations.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
84204473 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove replica_file knob from ipalib/install/service.py
The replica_file option is not needed anymore. Threfore the option can
be removed.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
6ee7c437 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific tests from ipatests/test_integration/test_replica_promotion.py
These tests have been skipped already before. Therefore they can be removed.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
ec993c90 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipatests/pytest_ipa/integration/tasks.py
The functions get_replica_filename and replica_prepare are not needed anymore
with the DL0 removal. The DL0 specific code has been removed from the
functions install_replica, install_kra and install_ca.
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
a7b2487f by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipatests/test_integration/test_caless.py
See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
1c6b957f by Alexander Bokovoy at 2018-09-26T12:19:06Z
Support Samba 4.9
Samba 4.9 became a bit more strict about creating a local NT token and a
failure to resolve or create BUILTIN\Guests group will cause a rejection
of the connection for a successfully authenticated one.
Add a default mapping of the nobody group to BUILTIN\Guests.
BUILTIN\Guests is a special group SID that is added to the NT token for
authenticated users.
For real guests there is 'guest account' option in smb.conf which
defaults to 'nobody' user.
This was implicit behavior before as 'guest account = nobody' by
default would pick up 'nobody' group as well.
Fixes: https://pagure.io/freeipa/issue/7705
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
d0c503e5 by Florence Blanc-Renaud at 2018-09-26T12:20:03Z
ipa-server-upgrade: fix inconsistency in setup_lightweight_ca_key_retrieval
The method setup_lightweight_ca_key_retrieval is called on
server upgrade and checks first if it needs to be executed or if
a previous upgrade already did the required steps.
The issue is that it looks for setup_lwca_key_retrieval in sysupgrade.state
but writes setup_lwca_key_retieval (with a missing r).
The fix consistently uses setup_lwca_key_retieval (as older installations
may already contain this key in sysupgrade.state).
Fixes https://pagure.io/freeipa/issue/7688
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
- - - - -
35d3b573 by Stanislav Levin at 2018-09-26T14:04:24Z
Fix loading 'freeipa/text' at production mode
As for now 'ssbrowser.html' and 'unauthorized.html' pages are
loaded without JS error at development mode only.
There is no standalone 'freeipa/text' module as source at
production mode. Thus 'core' one have to be loaded first and
then 'text'.
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
85a54ef8 by Christian Heimes at 2018-09-27T07:17:05Z
Workaround for pyasn1 0.4
pyasn1 0.4 changed handling of ANY containers in a backwards
incompatible way. For 0.3.x, keep explicit wrap and unwrap in octet
strings for ANY container members. For >= 0.4, let pyasn1 do the job.
This patch also makes sorting of extended_key_usage_bytes() stable and
adds tests.
Tested with pyasn1 0.3.7 and 0.4.4.
Fixes: https://pagure.io/freeipa/issue/7685
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
- - - - -
eaf58bb6 by Christian Heimes at 2018-09-27T09:50:55Z
Sprinkle raw strings across the code base
tox / pytest is complaining about lots and lots of invalid escape
sequences in our code base. Sprinkle raw strings or backslash escapes
across the code base to fix most occurences of:
DeprecationWarning: invalid escape sequence
There is still one warning that keeps repeating, though:
source:264: DeprecationWarning: invalid escape sequence \d
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
5a25dc53 by Christian Heimes at 2018-09-27T14:57:28Z
Require sssd-ipa instead of sssd meta pkg
The sssd meta package pulls in additional dependencies that are not
required by IPA clients. Only depend on sssd-ipa.
Also update SSSD to 1.16.3-2 with fixes with support for One-Way Trust
authenticated by trust secret.
See: https://bugzilla.redhat.com/show_bug.cgi?id=1345975
See: https://pagure.io/freeipa/issue/7710
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
850eea35 by Stanislav Levin at 2018-09-28T08:30:22Z
Drop concatenated title of remove dialog
As for now the default title of remove dialogs is set to
'Remove ${entity}', where 'entity' is also translatable text.
This construction is used via method 'create_remove_dialog'
of Search facet for the all association 'Delete' actions of
entities.
The such concatenation leads to a bad quality translation and
should be changed to an entire sentence.
>From now a mentioned title is taken from a spec and should be
specified explicitly.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
72e97f2e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Users' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
b8af0b32 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Hosts' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
4357ac54 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Services' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
6a1c3633 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Groups' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
abdcfeb7 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'ID Views' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
19f194d6 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Automember' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
2c45a745 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'HBAC' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
46e3be40 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Sudo' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
6a8a9bcc by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'SELinux User Maps' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
ff7dc517 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Password Policies' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
d5eb7831 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Certificates' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
b13d825e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'OTP Tokens' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
6461d9c3 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'RADIUS Servers' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
97fd70ee by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Certificate Identity Mapping Rules' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
e7ff1982 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Automount Locations' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
9e85373c by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'DNS' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
a06d410e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'RBAC' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
68a12790 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'ID Ranges' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
afbaea15 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Topology' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
ee964520 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Trusts' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
d6d11bef by Stanislav Levin at 2018-09-28T08:30:22Z
Drop concatenated title of remove dialog
As for now the default title of remove dialogs, which are
initialized from 'association' facet, is set to something like
'Remove ${other_entity} from ${entity} ${primary_key}', where
'other_entity' and 'entity' are also translatable texts.
This construction is used via method 'show_remove_dialog'
of 'association' facet for the all 'Delete' actions within details
of entities.
Such concatenation leads to a bad quality translation and
should be changed to an entire sentence.
>From now a mentioned title is taken from a spec and should be
specified explicitly.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
cc3c38a7 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Users' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
b64b0aa6 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Hosts' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
65427f94 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Services' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
dcf1803c by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Groups' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
6ec6dafa by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'HBAC' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
865bbea7 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Sudo' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
20d9b21f by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'OTP Tokens' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
881a6739 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'RBAC' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
1785168a by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Trusts' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
f72aa37e by Stanislav Levin at 2018-09-28T08:30:22Z
Drop concatenated title of remove dialog
As for now the default title of remove dialogs, which are
initialized from 'association_table' facet, is set to something
like 'Remove ${other_entity} from ${entity} ${primary_key}',
where 'other_entity' and 'entity' are also translatable texts.
This construction is used via method 'show_remove_dialog'
of 'association_table' widget for the all 'Delete' actions within
details of entities.
Such concatenation leads to a bad quality translation and
should be changed to an entire sentence.
>From now a mentioned title is taken from a spec and should be
specified explicitly.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
6e8c6a4e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'remove' dialog for 'association_table' widget of 'Hosts' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
db5e0f80 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'remove' dialog for 'association_table' widget of 'Services' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
f0f2f443 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'remove' dialog for 'association_table' widget of 'Groups' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
cdc605f1 by Stanislav Levin at 2018-09-28T08:30:22Z
Allow having a custom title of 'Remove' dialog for 'attribute_table' widget
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
31f5db28 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'Automember' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
14acf96e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'HBAC' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
b56ff7f4 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'Sudo' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
14aa7bfd by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'SELinux' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
176ec4a8 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'CA' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
3890280e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'Topology' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
9e4f6857 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'Vault' entity
To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
85a96ddc by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'unprovision' dialog
To improve translation quality the title of 'unprovision' dialog
should be specified explicitly in the spec and should be an entire
sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
9cccf6ae by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'DNS' entity
To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.
Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
2bb4fc20 by Stanislav Levin at 2018-09-28T08:30:22Z
Fix javascript 'errors' found by jslint
There are several JavaScript errors, which have come with PRs:
2362, 2371, 2372.
JavaScript code have to follow jsl requires.
Fixes: https://pagure.io/freeipa/issue/7717
Fixes: https://pagure.io/freeipa/issue/7718
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
042cf811 by Stanislav Levin at 2018-09-28T08:30:22Z
Add jslint check to PR CI tests
For now, from all possible lint checks, pylint applies only.
jslint can prevent JavaScript errors at WebUI.
Fixes: https://pagure.io/freeipa/issue/7717
Fixes: https://pagure.io/freeipa/issue/7718
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
978ea07a by Timo Aaltonen at 2018-09-28T10:50:11Z
control: Build the server only on archs where 389-ds-base is available.
- - - - -
e27468a4 by Timo Aaltonen at 2018-09-28T11:08:50Z
control: Bump python-ldap build-dep to 3.1.
- - - - -
c3b4defd by Timo Aaltonen at 2018-09-28T11:10:25Z
let tests fail again
- - - - -
71b402b5 by Timo Aaltonen at 2018-09-28T11:10:43Z
releasing package freeipa version 4.7.0-1
- - - - -
232046de by Timo Aaltonen at 2018-10-01T08:37:36Z
dont-migrate-to-authselect.diff We don't have authselect, so just return true when trying to migrate to it. (LP: #1793994)
- - - - -
125a71a1 by Timo Aaltonen at 2018-10-01T08:40:28Z
control: Move client dependency on chrony to recommends. (Closes: #909803)
- - - - -
3a97581a by Stanislav Levin at 2018-10-01T09:34:08Z
Drop concatenated title of 'add' dialog
As for now the default title of 'add' dialog is set to something
like 'Add ${entity}', where 'entity' is also translatable text.
Such construction is used via method 'adder_dialog' of Entity
for the all 'Add' actions.
This leads to a bad quality translation and should be changed to
an entire sentence.
>From now a mentioned title is taken from a spec and should be
specified explicitly.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
bf5b4db9 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Users' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
6790151d by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'OTP' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
ece3f752 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Host' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
98f40993 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Service' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
8d922ebc by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Groups' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
4e6b7415 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'ID Views' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
dd533aeb by Stanislav Levin at 2018-10-01T09:34:08Z
Drop concatenated title of 'add' dialog for 'attribute_table' widget
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
f5efeb14 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Automember' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
77666404 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'HBAC' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
68f22cf6 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Sudo' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
4ad486fe by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'SELinux' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
0f72fa2e by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Password Policies' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
0c412db4 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Certificates' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
7f6d6586 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'RADIUS' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
cb4a4bce by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Certificate Identity' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
d7c4bbef by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Automount' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
166f96a0 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'DNS' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
cc5194e5 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Vault' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
94ec285e by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'RBAC' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
e73483f4 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'ID Ranges' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
d5a4e630 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Trusts' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
bcf92236 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Topology' entity
To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
5c8f39ab by Fraser Tweedale at 2018-10-02T09:30:55Z
Fix writing certificate chain to file
An client-side error occurs when cert commands are instructed to
write the certificate chain (--chain option) to a file
(--certificate-out option). This regression was introduced in the
'cert' plugin in commit 5a44ca638310913ab6b0c239374f4b0ddeeedeb3,
and reflected in the 'ca' plugin in commit
c7064494e5801d5fd4670e6aab1e07c65d7a0731.
The server behaviour did not change; rather the client did not
correctly handle the DER-encoded certificates in the
'certificate_chain' response field. Fix the issue by treating the
'certificate' field as base-64 encoded DER, and the
'certificate_chain' field as an array of raw DER certificates.
Add tests for checking that the relevant commands succeed and write
PEM data to the file (both with and without --chain).
Fixes: https://pagure.io/freeipa/issue/7700
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
d86d8190 by Alexander Bokovoy at 2018-10-02T14:06:54Z
When stripping PO files, sort the output
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
28cfb2b1 by Alexander Bokovoy at 2018-10-02T14:06:54Z
Re-sort translations before merging Zanata updates
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
35d4d81f by Alexander Bokovoy at 2018-10-02T14:06:54Z
Update translations from Zanata ipa-4-7 branch
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
f2b9b7b5 by Stanislav Levin at 2018-10-03T11:14:52Z
Drop concatenated title of 'Add' dialog for details of entity
As for now the 'Add' dialog title, which is initialized within
details of the entity, contains translated concatenated texts,
like:
'Add ${other_entity} into ${entity} ${primary_key}',
where 'other_entity' and 'entity' are also translatable texts.
This construction is used via method 'show_add_dialog' of
association_facet for the all 'Add' actions within details
of entities.
The concatenation leads to a bad quality translation and
should be changed to an entire sentence.
>From now a mentioned title is taken from a spec and should be
specified explicitly.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
db7197ac by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Certificate' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
989b895a by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Users' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
9d77d31d by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Hosts' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
085681fa by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Services' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
d2069753 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Groups' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
e7f1c7b5 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'ID Views' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
e0e434ca by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'HBAC' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
665a1336 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Sudo' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
98662ec5 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'OTP Tokens' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
7f482eee by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'RBAC' entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
c8878104 by Stanislav Levin at 2018-10-03T11:14:52Z
Drop concatenated title of add dialog for association_table widget
As for now the default title of add dialogs, which are
initialized from 'association_table' widget, is set to something
like 'Add ${other_entity} into ${entity} ${primary_key}',
where 'other_entity' and 'entity' are also translatable texts.
This construction is used via method 'create_add_dialog' of
'association_table' widget for the all 'Add' actions within
details of entities.
Such concatenation leads to a bad quality translation and
should be changed to an entire sentence.
>From now a mentioned title is taken from a spec and should be
specified explicitly.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
eb506a3f by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Hosts entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
2c6cde1c by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Services entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
7aefa5b2 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Groups entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
172996ef by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of HBAC entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
e14fe888 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Sudo entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
cc643a52 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of SELinux User Maps entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
3a4eec36 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Certificates entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
d5221285 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Vaults entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
8fa14441 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Topology entity
To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.
Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
7b50fe43 by Christian Heimes at 2018-10-05T15:37:57Z
Fix zonemgr encoding issue
The zonemgr validator and handler performs additional encodings for IDNA
support. In Python 3, the extra steps are no longer necessary because
arguments are already proper text and stderr can handle text correctly.
This also fixes 'b' prefix in error messages like:
option zonemgr: b'empty DNS label'
Fixes: https://pagure.io/freeipa/issue/7711
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
a30659c4 by Florence Blanc-Renaud at 2018-10-05T17:43:39Z
ipatests: remove TestReplicaManageDel (dl0)
TestReplicaManageDel is a test using domain level 0
but we do not support it any more. Remove the test.
Related to https://pagure.io/freeipa/issue/7689
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
4b617ddb by Alexander Bokovoy at 2018-10-05T17:45:52Z
Update list of contributors
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
(cherry picked from commit 753264069f29e47bf222e50e95a7ec5849a7f6cb)
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
7eddb981 by Rob Crittenden at 2018-10-05T18:04:49Z
Become IPA 4.7.1
- - - - -
e5ff6041 by Rob Crittenden at 2018-10-05T18:28:37Z
VERSION.m4: Set back to git snapshot
- - - - -
0158ad89 by Timo Aaltonen at 2018-10-08T07:49:32Z
Merge branch 'upstream'
- - - - -
8c1c45e5 by Timo Aaltonen at 2018-10-08T07:49:59Z
bump the version
- - - - -
b3459282 by Timo Aaltonen at 2018-10-08T07:52:05Z
control: Build server on any arch again.
- - - - -
a8821bc2 by Timo Aaltonen at 2018-10-08T07:57:04Z
tests: Don't fail the tests, just dump the log if something goes wrong.
- - - - -
72d83858 by Timo Aaltonen at 2018-10-08T08:07:29Z
refresh patches, drop fix-replicainstall.diff
- - - - -
5d1945c9 by Timo Aaltonen at 2018-10-08T08:28:17Z
drop ipa-httpd-pwdreader-force-fqdn.diff
- - - - -
601e660c by Timo Aaltonen at 2018-10-09T07:29:50Z
server: drop ipa-replica-prepare
- - - - -
112ea43d by Florence Blanc-Renaud at 2018-10-09T15:43:13Z
certdb: provide meaningful err msg for wrong PIN
ipa-server-install or ipa-replica-install do not provide
a meaningful error message in CA-less mode when the install
fails because of a wrong PIN.
Update the err msg so that it provides a hint to the user.
Fixes https://pagure.io/freeipa/issue/5378
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
- - - - -
c7d7638b by Florence Blanc-Renaud at 2018-10-09T15:43:13Z
ipa tests: CA less
Remove the annotation pytest.mark.xfail as issue 5378 has been fixed.
Related to https://pagure.io/freeipa/issue/5378
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
- - - - -
dd870470 by Timo Aaltonen at 2018-10-09T17:05:22Z
releasing package freeipa version 4.7.1-1
- - - - -
193bedc5 by Alexander Bokovoy at 2018-10-10T11:51:43Z
adtrust: define Guests mapping after creating cifs/ principal
All Samba utilities load passdb modules from the configuration file. As
result, 'net groupmap' call would try to initialize ipasam passdb module
and that one would try to connect to LDAP using Kerberos authentication.
We should be running it after cifs/ principal is actually created in
ipa-adtrust-install or otherwise setting up group mapping will fail.
This only affects new installations. For older ones 'net groupmap' would
work just fine because adtrust is already configured and all principals
exist already.
A re-run of 'ipa-server-upgrade' is a workaround too but better to fix
the initial setup.
Related: https://pagure.io/freeipa/issue/7705
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
a1267bda by Thomas Woerner at 2018-10-12T07:45:21Z
ipaclient: Remove --no-sssd and --no-ac options
Client installation with --no-sssd option has already beeen deprecated
with https://pagure.io/freeipa/issue/5860. Authconfig support has been
removed, therefore --no-ac option can be removed also.
ipatests/test_integration/test_authselect.py: Skip no_sssd and no_ac tests.
See: https://pagure.io/freeipa/issue/7671
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
67875c3b by Thomas Woerner at 2018-10-12T07:50:29Z
Find orphan automember rules
If groups or hostgroups have been removed after automember rules have been
created using them, then automember-rebuild, automember-add, host-add and
more commands could fail.
A new command has been added to the ipa tool:
ipa automember-find-orphans --type={hostgroup,group} [--remove]
This command retuns the list of orphan automember rules in the same way as
automember-find. With the --remove option the orphan rules are also removed.
The IPA API version has been increased and a test case has been added.
Using ideas from a patch by: Rob Crittenden <rcritten at redhat.com>
See: https://pagure.io/freeipa/issue/6476
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo at redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo at redhat.com>
- - - - -
b5fc0b63 by Timo Aaltonen at 2018-10-15T08:11:12Z
control: Change python-nose to -mock on python-ipatests Depends.
- - - - -
5325e0be by Timo Aaltonen at 2018-10-15T08:13:00Z
fix-oddjobd-conf.diff: Fix path to org.freeipa.server.conncheck.
- - - - -
be5513ba by Rob Crittenden at 2018-10-15T08:16:49Z
Enable LDAP debug output in client to display TLS errors in join
If ipa-join fails due to a TLS connection error when doing an
LDAP-based enroll then nothing is logged by default except an
Invalid Password error which is misleading (because the failure
occurs during the bind).
The only way that debugging would have been sufficient is if
the user passed --debug to ipa-client-install which is not great.
This log level is otherwise very quiet and only logs one or two
lines on errors which is perfect.
https://pagure.io/freeipa/issue/7728
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
13b6fec0 by Stanislav Levin at 2018-10-15T12:07:12Z
Move ipa's systemd tmpfiles from /var/run to /run
systemd 239 complains about the legacy of ipa's tmpfiles which
are located on /var/run.
Fixes: https://pagure.io/freeipa/issue/7732
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
d0978c8d by Florence Blanc-Renaud at 2018-10-15T12:08:59Z
Bump requires 389-ds-base
ipa-replica-install sometimes fails with
--
[28/41]: setting up initial replication
Starting replication, please wait until this has completed.
[ldap://master.ipa.test:389] reports: Replica Busy! Status: [Error (1) Replication error acquiring replica: replica busy]
[error] RuntimeError: Failed to start replication
--
which is caused by a 389-ds issue
(https://pagure.io/389-ds-base/issue/49818)
Bump requires to include the fix.
Fixes: https://pagure.io/freeipa/issue/7642
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
6a066cc6 by Florence Blanc-Renaud at 2018-10-18T06:08:02Z
ipatests: fix path in expected error message
The test is putting server.p12 / replica.p12 in the test_dir directory,
and the error message is printing the file name with its full path.
Related to https://pagure.io/freeipa/issue/5378
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
- - - - -
c9dc853b by Timo Aaltonen at 2018-10-18T11:06:09Z
server.postinst: Fix a typo.
- - - - -
94e641d1 by Timo Aaltonen at 2018-10-18T11:16:52Z
fix-fontawesome-path.diff: Fix upgrade.
- - - - -
b1e0039a by Timo Aaltonen at 2018-10-18T11:30:50Z
releasing package freeipa version 4.7.1-2
- - - - -
f3e3da50 by Rob Crittenden at 2018-10-19T17:35:05Z
Handle NTP configuration in a replica server installation
There were two separate issues:
1. If not enrolling on a pre-configured client then the ntp-server and
ntp-pool options are not being passed down to the client installer
invocation.
2. If the client is already enrolled then the ntp options are ignored
altogether.
In the first case simply pass down the options to the client
installer invocation.
If the client is pre-enrolled and NTP options are provided then
raise an exception.
https://pagure.io/freeipa/issue/7723
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
9cfd07e8 by Petr Vobornik at 2018-10-23T14:48:53Z
ipa-advise: update url of cacerdir_rehash tool
On legacy systems which don't have cacerdir_rehash tool (provided by authconfig)
the generated advise script downloads this tool from project page and uses it.
After decommision of Fedorahosted and move of authconfig project to Pagure,
this url was not updated in FreeIPA project.
This patch updates the url.
https://pagure.io/freeipa/issue/7731
Signed-off-by: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
fb653a04 by Thomas Woerner at 2018-10-24T11:29:23Z
Update annobin to fix continuous-integration/travis-ci/pr issues
gcc is updated with the dnf builddep line, but annobin is not. Therefore
configure fails with "C compiler cannot create executables".
This is related to https://bugzilla.redhat.com/show_bug.cgi?id=1574478
Same change for .test_runner_config_py3_temp.yaml has been added for 4-7
branch.
See: https://pagure.io/freeipa/issue/7740
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
b745b407 by Alexander Bokovoy at 2018-10-24T14:17:42Z
net groupmap: force using empty config when mapping Guests
When we define a group mapping for BUILTIN\Guests to 'nobody' group in
we run 'net groupmap add ...' with a default /etc/samba/smb.conf which
is now configured to use ipasam passdb module. We authenticate to LDAP
with GSSAPI in ipasam passdb module initialization.
If GSSAPI authentication failed (KDC is offline, for example, during
server upgrade), 'net groupmap add' crashes after ~10 attempts to
re-authenticate. This is intended behavior in smbd/winbindd as they
cannot work anymore. However, for the command line tools there are
plenty of operations where passdb module is not needed.
Additionally, GSSAPI authentication uses the default ccache in the
environment and a key from /etc/samba/samba.keytab keytab. This means
that if you'd run 'net *' as root, it will replace whatever Kerberos
tickets you have with a TGT for cifs/`hostname` and a service ticket to
ldap/`hostname` of IPA master.
Apply a simple solution to avoid using /etc/samba/smb.conf when we
set up the group mapping by specifying '-s /dev/null' in 'net groupmap'
call.
For upgrade code this is enough as in
a678336b8b36cdbea2512e79c09e475fdc249569 we enforce use of empty
credentials cache during upgrade to prevent tripping on individual
ccaches from KEYRING: or KCM: cache collections.
Related: https://pagure.io/freeipa/issue/7705
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
be968ea0 by Florence Blanc-Renaud at 2018-10-24T14:21:47Z
ipa-replica-install --setup-adtrust: check for package ipa-server-trust-ad
When adding the option --setup-adtrust to ipa-replica-install,
we need to check that the package freeipa-server-trust-ad is
installed.
To avoid relying on OS-specific commands like yum, the check is instead
ensuring that the file /usr/share/ipa/smb.conf.empty is present
(this file is delivered by the package).
When the check is unsuccessful, ipa-replica-install exits with an error
message.
Fixes: https://pagure.io/freeipa/issue/7602
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
705e280e by Thomas Woerner at 2018-10-24T14:23:38Z
Fix ressource leak in client/config.c get_config_entry
The leak happens due to using strndup to create a temporary string without
freeing it afterwards.
See: https://pagure.io/freeipa/issue/7738
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
ebb14ed6 by Thomas Woerner at 2018-10-24T14:23:38Z
Fix ressource leak in daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c ipa_cldap_netlogon
The leak happens due to using strndup in a for loop to create a temporary
string without freeing it in all cases.
See: https://pagure.io/freeipa/issue/7738
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
30515041 by Christian Heimes at 2018-10-24T15:46:46Z
Fix ipadb_multires resource handling
* ipadb_get_pwd_policy() initializes struct ipadb_multires *res to NULL.
* ipadb_multires_free() supports NULL as no-op.
* ipadb_multibase_search() consistently frees and NULLs
struct ipadb_multires **res on error.
See: https://pagure.io/freeipa/issue/7738
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
4ca3120b by Christian Heimes at 2018-10-24T15:46:46Z
Don't abuse strncpy() length limitation
On two occasions C code abused strncpy()'s length limitation to copy a
string of known length without the trailing NULL byte. Recent GCC is
raising the compiler warning:
warning: ‘strncpy’ output truncated before terminating nul copying as
many bytes from a string as its length [-Wstringop-truncation]
Use memcpy() instead if strncpy() to copy data of known size.
See: https://pagure.io/freeipa/issue/7738
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
64045c5d by Christian Heimes at 2018-10-25T07:26:01Z
Replace hard-coded interpreter with sys.executable
Instead of hard-coding python3, the smart card advise script now uses
the current executable path from sys.executable as interpreter.
Fixes: https://pagure.io/freeipa/issue/7741
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
c64030a3 by Rob Crittenden at 2018-10-26T15:18:38Z
Remove the authselect profile warning if sssd was not configured.
On a plain uninstall there should not be a bunch of confusing
warning/error messages.
Related to https://pagure.io/freeipa/issue/7729
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
ec5e821f by Rob Crittenden at 2018-10-26T15:18:38Z
Fix misleading errors during client install rollback
Some incorrect errors are possible if a client installation
fails and a configuration rollback is required.
These include:
1. Unconfigured automount client failed: CalledProcessError(Command
['/usr/sbin/ipa-client-automount', '--uninstall', '--debug']
returned non-zero exit status 1: '')
Caused by check_client_configuration() not returning the correct
return value (2).
2. WARNING: Unable to revert to the pre-installation state ('authconfig'
tool has been deprecated in favor of 'authselect'). The default sssd
profile will be used instead.
The authconfig arguments would have been: authconfig --disableldap
--disablekrb5 --disablesssdauth --disablemkhomedir
If installation fails before SSSD is configured there is no state
to roll back to. Detect this condition.
3. An error occurred while removing SSSD's cache.Please remove the
cache manually by executing sssctl cache-remove -o.
Again, if SSSD is not configured yet then there is no cache to
remove. Also correct the missing space after the period.
https://pagure.io/freeipa/issue/7729
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
db960e32 by Rob Crittenden at 2018-10-26T15:18:38Z
Collect the client and server uninstall logs in tests
When running the integration tests capture the uninstallation
logs as well as the installation logs.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
78bf80e5 by Christian Heimes at 2018-10-26T19:13:23Z
Keep Dogtag's client db in external CA step 1
Don't remove /root/.dogtag/pki-tomcat when performing step 1 of external
CA installation process. Dogtag 10.6.7 changed behavior and no longer
re-creates the client database in step 2.
Fixes: https://pagure.io/freeipa/issue/7742
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
6214fc51 by Christian Heimes at 2018-10-26T19:13:23Z
Use tasks.install_master() in external_ca tests
The install_master() function performs additional steps besides just
installing a server. It also sets up log collection and performs
additional tests.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
75cb16f1 by Florence Blanc-Renaud at 2018-10-26T19:40:05Z
ipa-backup: restart services before compressing the backup
ipa-backup gathers all the files needed for the backup, then compresses
the file and finally restarts the IPA services. When the backup is a
large file, the compression may take time and widen the unavailabity
window.
This fix restarts the services as soon as all the required files are
gathered, and compresses after services are restarted.
Fixes: https://pagure.io/freeipa/issue/7632
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
cec39f52 by Florence Blanc-Renaud at 2018-10-26T19:40:05Z
ipatest: add functional test for ipa-backup
The test ensures that ipa-backup compresses the files after the
IPA services are restarted.
Related to: https://pagure.io/freeipa/issue/7632
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
de6a10c8 by Rob Crittenden at 2018-11-06T13:51:51Z
Pass a list of values into add_master_dns_records
During replica installation the local IP addresses should be
added to DNS but will fail because a string is being passed
to an argument expecting a list. Convert to a list before
passing in individual IPs.
Discovered when fixing https://pagure.io/freeipa/issue/7408
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
1d23d101 by Rob Crittenden at 2018-11-06T13:51:51Z
Demote log message in custodia _wait_keys to debug
This was previously suppressed because of the log level in
an installation was set to error so it was never displayed
Keeping consistency and demoting it to debug since the
log level is increased to info.
Related: https://pagure.io/freeipa/issue/7408
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
d7dc732f by Rob Crittenden at 2018-11-06T13:51:51Z
Enable replica install info logging to match ipa-server-install
Increase log level to info by setting verbose=True and adding
a console format.
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
https://pagure.io/freeipa/issue/7408
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
0344354c by Fraser Tweedale at 2018-11-07T12:08:06Z
Restore KRA clone installation integration test
This Dogtag issue that caused KRA clone installation failure in some
scenarios has been fixed (https://pagure.io/dogtagpki/issue/3055).
This reverts commit 2488813260a407477c7516b33ce4238b69c8dd8d and
bumps the pki-core dependency.
Fixes: https://pagure.io/freeipa/issue/7654
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
795fe62c by Christian Heimes at 2018-11-07T12:08:06Z
Require Dogtag 10.6.7-3
10.6.7-3 fixes a problem with ipa-ca-install and ipa-kra-install on
replicas.
See: https://pagure.io/dogtagpki/issue/3073
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
a06fb8d0 by Christian Heimes at 2018-11-07T13:22:07Z
has_krbprincipalkey: avoid double free
Set keys to NULL after free rder to avoid potential double free.
See: https://pagure.io/freeipa/issue/7738
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
2884ab69 by Christian Heimes at 2018-11-07T13:22:07Z
ipadb_mspac_get_trusted_domains: NULL ptr deref
Fix potential NULL pointer deref in ipadb_mspac_get_trusted_domains().
In theory, dn could be empty and rdn NULL. The man page for ldap_str2dn()
does not guarantee that it returns a non-empty result.
See: https://pagure.io/freeipa/issue/7738
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
28b89df5 by Christian Heimes at 2018-11-07T13:22:07Z
ipapwd_pre_mod: NULL ptr deref
In ipapwd_pre_mod, check userpw for NULL before dereferencing its first
element.
See: https://pagure.io/freeipa/issue/7738
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
4c0e7d69 by Fraser Tweedale at 2018-11-07T13:40:25Z
rpc: always read response
If the server responds 401 and the response body is empty, the
client raises ResponseNotReady. This occurs because:
1. For a non-200 response, the response read only if the
Content-Length header occurs.
2. The response must be read before another request (e.g. the
follow-up request with WWW-Authenticate header set), and this
condition was not met. For details see
https://github.com/python/cpython/blob/v3.6.7/Lib/http/client.py#L1305-L1321.
This situation should not arise in regular use, because the client
either has a session cookie, or, knowing the details of the server
it is contacting, it establishes the GSS-API context and includes
the WWW-Authenticate header in the initial request.
Nevertheless, this problem has been observed in the wild. I do not
know its ordinary cause(s), but one can force the issue by removing
an authenticated user's session cache from /run/ipa/ccaches, then
performing a request.
Resolve the issue by always reading the response. It is safe to
call response.read() regardless of whether the Content-Length header
appears, or whether the body is empty.
Fixes: https://pagure.io/freeipa/issue/7752
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
9e7e9c10 by Fraser Tweedale at 2018-11-07T13:51:59Z
ipaldap: avoid invalid modlist when attribute encoding differs
ipaldap does not take into account the possibility of the attribute
encoding returned by python-ldap differing from the attribute
encoding produced by FreeIPA. In particular this can occur with DNs
with special characters that require escaping. For example,
python-ldap (or the underlying LDAP library) escapes special
characters using hex encoding:
CN=Test Sub-CA 201604041620,OU=ftweedal,O=Red Hat\2C Inc.,L=Brisbane,C=AU
Whereas FreeIPA, when encoding the DN, escapes the character
directly:
CN=Test Sub-CA 201604041620,OU=ftweedal,O=Red Hat\, Inc.,L=Brisbane,C=AU
Therefore it is possible to generate an invalid modlist. For
example, during external CA certificate renewal, if the issuer DN
includes a comma in one of the attribute values (as above), an
invalid modlist will be generated:
[ (ldap.MOD_ADD, 'ipacaissuerdn',
[b'CN=Test Sub-CA 201604041620,OU=ftweedal,O=Red Hat\, Inc.,L=Brisbane,C=AU'])
, (ldap.MOD_DELETE, 'ipacaissuerdn',
[b'CN=Test Sub-CA 201604041620,OU=ftweedal,O=Red Hat\2C Inc.,L=Brisbane,C=AU'])
]
Although encoded differently, these are the same value. If this
modification is applied to the object, attributeOrValueExists (error
20) occurs.
To avoid the issue, put deletes before adds in the modlist. If a
value is present (with different encodings) as both an addition and
a deletion, it must be because the original object contained the
value with a different encoding. Therefore it is safe to delete it,
then add it back.
Note that the modlist is not optimal. In the simplest case (like
above example), there should be no modification to perform. It is
considerably more complex (and more computation) to implement this
because the raw attribute values must be decoded before comparison.
Fixes: https://pagure.io/freeipa/issue/7750
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
55e7a582 by Christian Heimes at 2018-11-07T14:14:45Z
Fix test_cli_fsencoding on Python 3.7
Starting with Python 3.7, PEP 538 addresses the locale issue. Python now
supports UTF-8 file system encoding with non-UTF-8 C locale.
See: https://docs.python.org/3/whatsnew/3.7.html#whatsnew37-pep538
See: https://pagure.io/freeipa/issue/5887
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
eca02e1c by Sergey Orlov at 2018-11-07T15:10:00Z
ipatests: add test for ipa-advise for enabling sudo for admins group
Test that
1) sudo is not enabled for members of admins group by default
2) sudo is enabled for them after execution of script provided
by ipa-advise enable_admins_sudo
Related to https://pagure.io/freeipa/issue/7538
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
785c496d by Christian Heimes at 2018-11-08T07:16:50Z
Allow ipaapi user to access SSSD's info pipe
For smart card authentication, ipaapi must be able to access to sss-ifp.
During installation and upgrade, the ipaapi user is now added to
[ifp]allowed_uids.
The commit also fixes two related issues:
* The server upgrade code now enables ifp service in sssd.conf. The
existing code modified sssd.conf but never wrote the changes to disk.
* sssd_enable_service() no longer fails after it has detected an
unrecognized service.
Fixes: https://pagure.io/freeipa/issue/7751
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
5abe3d9f by Alexander Bokovoy at 2018-11-08T11:14:42Z
ipaserver.install.adtrust: fix CID 323644
Fix Coverity finding CID 323644: logically dead code path
The code to determine whether NetBIOS name was already set or need to be
set after deriving it from a domain or asking a user for an interactive
input, was refactored at some point to avoid retrieving the whole LDAP
entry. Instead, it was provided with the actual NetBIOS name retrieved.
As result, a part of the code got neglected and was never executed.
Fix this code and provide a test that tries to test predefined,
interactively provided and automatically derived NetBIOS name depending
on how the installer is being run.
We mock up the actual execution so that no access to LDAP or Samba is
needed.
Backport to ipa-4-7 takes into account Python 2.7 differences:
- uses mock instead of unittest.mock if the latter is not available
- derives ApiMockup from object
Fixes: https://pagure.io/freeipa/issue/7753
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 82af034023b03ae64f005c8160b9e961e7b9fd55)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
48a6048b by Christian Heimes at 2018-11-08T13:53:40Z
Copy-paste error in permssions plugin, CID 323649
Address a bug in the code block for attributeLevelRights for old clients.
The backward compatibility code for deprecated options was not triggered,
because the new name was checked against wrong dict.
Coverity Scan issue 323649, Copy-paste error
The copied code will not have its intended effect.
In postprocess_result: A copied piece of code is inconsistent with the
original (CWE-398)
See: Fixes: https://pagure.io/freeipa/issue/7753
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
27344b33 by Christian Heimes at 2018-11-08T18:53:46Z
Replace messagebus with modern name dbus
"messagebus" is an old, archaic name for dbus. Upstream dbus has started
to move away from the old name. Let's use the modern term in FreeIPA,
too.
Fixes: https://pagure.io/freeipa/issue/7754
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
7b7efe95 by Christian Heimes at 2018-11-08T18:55:38Z
Fix test_cli_fsencoding on Python 3.7, take 2
0a5a7bdef7c300cb8f8a8128ce6cf5b115683cbe introduced another problem. The
test is now failing on systems without a full IPA client or server
installation. Use IPA_CONFDIR env var to override location of
default.conf, so that the command always fails.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
1853e2ec by François Cami at 2018-11-12T07:52:27Z
Add sysadm_r to default SELinux user map order
It is a standard SELinux user role included in RHEL (like
user_r, staff_r, guest_r) and used quite often.
Fixes: https://pagure.io/freeipa/issue/7658
Signed-off-by: François Cami <fcami at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
c7cc9896 by Fraser Tweedale at 2018-11-12T12:11:37Z
certdb: ensure non-empty Subject Key Identifier
Installation or IPA CA renewal with externally-signed CA accepts an
IPA CA certificate with empty Subject Key Identifier. This is
technically legal in X.509, but is an operational issue.
Furthermore, due to an extant bug in Dogtag
(https://pagure.io/dogtagpki/issue/3079) it will cause Dogtag
startup failure.
Reject CA certificates with empty Subject Key Identifier.
Fixes: https://pagure.io/freeipa/issue/7762
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
8b0f7496 by Rob Crittenden at 2018-11-13T11:43:47Z
Add tests for ipa-cacert-manage install
Some basic tests like re-loading a certificate, loading a
PKCS#7 cert and bad cert handling.
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
https://pagure.io/freeipa/issue/7579
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
30995f8f by Rob Crittenden at 2018-11-13T11:43:47Z
Add support for multiple certificates/formats to ipa-cacert-manage
Only a single cert in DER or PEM format would be loaded from the
provided file. Extend this to include PKCS#7 format and load all
certificates found in the file.
Signed-off-by: Rob Crittenden <rcritten at redhat.com>
https://pagure.io/freeipa/issue/7579
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
79b7f07c by Florence Blanc-Renaud at 2018-11-13T13:26:23Z
ipa user-add: add optional objectclass for radius-username
The command "ipa user-add --radius-username" fails with
ipa: ERROR: attribute "ipatokenRadiusUserName" not allowed
because it does not add the objectclass ipatokenradiusproxyuser
that is required by the attribute ipatokenradiususername.
The issue happens with ipa user-add / stageuser-add / user-mod / stageuser-mod.
The fix adds the objectclass when needed in the pre_common_callback method
of baseuser_add and baseuser_mod (ensuring that user and stageuser commands
are fixed).
Fixes https://pagure.io/freeipa/issue/7569
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
10ccc3ba by Florence Blanc-Renaud at 2018-11-13T13:26:23Z
tests: add xmlrpc test for ipa user-add --radius-username
Add a xmlrpc test for ipa user-add/user-mod --radius-username
The command were previously failing because the objectclass
ipatokenradiusproxyuser was not automatically added when the
attribute ipatokenRadiusUserName was added to the entry.
The test ensures that the command is now succeeding.
Related to https://pagure.io/freeipa/issue/7569
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
22be7b4d by Florence Blanc-Renaud at 2018-11-13T13:26:23Z
radiusproxy: add permission for reading radius proxy servers
A non-admin user which has the "User Administrator" role cannot
add a user with ipa user-add --radius=<proxy> because the
call needs to read the radius proxy server entries.
The fix adds a System permission for reading radius proxy server
entries (all attributes except the ipatokenradiussecret). This
permission is added to the already existing privileges "User
Administrators" and "Stage User Administrators", so that the role
"User Administrator" can call ipa [stage]user-add|mod --radius=<proxy>
Fixes: https://pagure.io/freeipa/issue/7570
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
918dbdfe by Florence Blanc-Renaud at 2018-11-13T13:26:23Z
ipatests: add integration test for "Read radius servers" perm
Add a new integration test for the following scenario:
- create a user with the "User Administrator" role
- as this user, create a user with a --radius=<radius_proxy_server>
This scenario was previously failing because ipa user-add --radius
requires read access to the radius server entries, and there was no
permission granting this access.
Related to https://pagure.io/freeipa/issue/7570
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
595c8eef by Christian Heimes at 2018-11-13T14:23:25Z
Ignore W504 code style like in travis config
pycodestyle both complains about "W504 line break after binary operator"
and "W503 line break before binary operator" when all warnings are
enabled. FreeIPA already ignores W504 in travis config. Let's ignore it
in fastcheck, too.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
5250c1fe by Christian Heimes at 2018-11-13T14:23:25Z
Address pylint violations in lite-server
Teach pylint that env instance has lite_* members
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
74c8ac9b by Christian Heimes at 2018-11-13T14:23:25Z
Address inconsistent-return-statements
Pylint warns about inconsistent return statements when some paths of a
function return None implicitly. Make all implicit returns either
explicit or raise a proper exception.
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
4b0b3215 by Christian Heimes at 2018-11-13T14:23:25Z
Ignore consider-using-enumerate for now
Ignore new consider-using-enumerate warning for now and clean up code
later.
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
f4f0fe24 by Christian Heimes at 2018-11-13T14:23:25Z
Address consider-using-in
Replace multiple comparisons with 'in' operation.
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
28fb5cca by Christian Heimes at 2018-11-13T14:23:25Z
Fix comparison-with-callable
Pylint warns about comparing callable. Replace equality with identity
test.
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
7ece66ba by Christian Heimes at 2018-11-13T14:23:25Z
Fix useless-import-alias
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
8cce2c27 by Christian Heimes at 2018-11-13T14:23:25Z
Fix Module 'pytest' has no 'config' member
pytest.config is created dynamically.
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
204032d7 by Christian Heimes at 2018-11-13T14:23:25Z
Fix various dict related pylint warnings
* dict-keys-not-iterating
* dict-values-not-iterating
* dict-items-not-iterating
* dict-iter-method
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
984fd02e by Christian Heimes at 2018-11-13T14:23:25Z
Fix raising-format-tuple
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
2011a427 by Christian Heimes at 2018-11-13T14:23:25Z
Silence comparison-with-itself in tests
Test code performs comparison to itself in order to verify __eq__ and
__ne__ implementations.
See: https://pagure.io/freeipa/issue/7758
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
fdbd4633 by Christian Heimes at 2018-11-13T14:23:25Z
Require pylint 2.1.1-2
pylint 2.1.1-2 contains a backport of pylint's fix for RHBZ#1648299:
is_subclass_of fails with AttributeError: 'NoneType' object has no
attribute 'name'
pylint 2.1.1-2 is in @freeipa/freeipa-master COPR.
See: https://github.com/PyCQA/pylint/pull/2429
See: https://bugzilla.redhat.com/show_bug.cgi?id=1648299
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
b8a1ca0e by Fraser Tweedale at 2018-11-13T16:44:54Z
Print correct subject on CA cert verification failure
In load_external_cert(), if verification fails for a certificate in
the trust chain, the error message contains the last subject name
from a previous iteration of the trust chain, instead of the subject
name of the current certificate.
To report the correct subject, look it up using the current
nickname.
Part of: https://pagure.io/freeipa/issue/7761
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
1c7e179c by Fraser Tweedale at 2018-11-13T16:44:54Z
certdb: validate certificate signatures
When verifying a CA certificate, validate its signature. This
causes FreeIPA to reject certificate chains with bad signatures,
signatures using unacceptable algorithms, or certificates with
unacceptable key sizes. The '-e' option to 'certutil -V' was the
missing ingredient.
An an example of a problem prevented by this change, a certifiate
signed by a 1024-bit intermediate CA, would previously have been
imported by ipa-cacert-manage, but would cause Dogtag startup
failure due to failing self-test. With this change,
ipa-cacert-manage will reject the certificate:
# ipa-cacert-manage renew --external-cert-file /tmp/ipa.p7
Importing the renewed CA certificate, please wait
CA certificate CN=Certificate Authority,O=IPA.LOCAL 201809261455
in /tmp/ipa.p7 is not valid: certutil: certificate is invalid: The
certificate was signed using a signature algorithm that is
disabled because it is not secure.
Fixes: https://pagure.io/freeipa/issue/7761
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
6032285b by Alexander Bokovoy at 2018-11-13T16:48:34Z
ipa-4-7: merge translations from zanata
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
c2ae6380 by Christian Heimes at 2018-11-14T09:34:37Z
certdb: validate server cert signature
PR https://github.com/freeipa/freeipa/pull/2554 added the '-e' option for CA
cert validation. Let's also verify signature, key size, and signing algorithm
of server certs. With the '-e' option, the installer and other
tools will catch weak certs early.
Fixes: pagure.io/freeipa/issue/7761
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
- - - - -
3e7d12f5 by Christian Heimes at 2018-11-15T22:55:09Z
Fix pytest deprecation warning
conftest uses the Function attribute of a pytest.Function object. Latest
pytest has deprecated the attribute:
_pytest.warning_types.RemovedInPytest4Warning: usage of Function.Function
is deprecated, please use pytest.Function instead
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
- - - - -
97e07f18 by sudharsanomprakash at 2018-11-16T15:13:11Z
Don't use deprecated Apache Access options.
httpd-2.4+ has deprecated the Order, Allow and Deny directives. Use the Require directive instead.
Signed-off-by: Sudharsan Omprakash <sudharsan.omprakash at yahoo.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
- - - - -
fb062cc4 by Florence Blanc-Renaud at 2018-11-16T15:15:03Z
freeipa.spec.in: add BuildRequires for python3-lib389
freeipa.spec.in is missing BuildRequires for python3-lib389. The
consequence is that make fasttest is failing.
Fixes https://pagure.io/freeipa/issue/7767
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
86d4b1c0 by Alexander Bokovoy at 2018-11-19T08:45:55Z
ipa-kdb: reduce LDAP operations timeout to 30 seconds
Since LDAP operations used by ipa-kdb driver are synchronous, the
timeout specified here is blocking entire KDC. It is worth reducing the
timeout and since AS REQ processing timeout in KDC is 1 minute, reducing
the timeout for LDAP operations down to 30 seconds allows KDC to
respond promptly in worst case scenario as well.
Fixes: https://pagure.io/freeipa/issue/7217
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Robbie Harwood <rharwood at redhat.com>
- - - - -
fd3f5153 by Florence Blanc-Renaud at 2018-11-21T03:21:29Z
ipa-replica-install: password and admin-password options mutually exclusive
Currently it is possible to run ipa-replica-install in one step,
and provide --password and --admin-password simultaneously.
This is confusing as --password is intended for one-time pwd
when the ipa-replica-install command is delegated to a user
who doesn't know the admin password.
The fix makes --password and --admin-password options
mutually exclusive.
Fixes https://pagure.io/freeipa/issue/6353
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
2b155f98 by Florence Blanc-Renaud at 2018-11-21T03:21:29Z
ipatests: add test for ipa-replica-install options
Add a test checking that --password and --admin-password
options are mutually exclusive.
Related to https://pagure.io/freeipa/issue/6353
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
1f6bed48 by Florence Blanc-Renaud at 2018-11-21T06:41:17Z
ipatests: fix test_replica_uninstall_deletes_ruvs
test_topology.py is failing because of a wrong scenario.
Currently, test_replica_uninstall_deletes_ruvs does:
- install master + replica with CA
- ipa-replica-manage list-ruv to check that the repl is
propery setup
- ipa-replica-manage del $replica
- (on replica) ipa-server-install --uninstall -U
- ipa-replica-manage list-ruv to check that replica
does not appear any more in the RUV list
When ipa-replica-manage del is run, the topology plugin
creates 2 tasks cleanallruvs (one for the domain, one for the ca)
and they are run asynchronously. This means that the ruvs may
still be present when the test moves forward and calls list-ruv.
The test should wait for the cleanallruvs tasks to finish before
checking that list-ruv does not display replica anymore.
Fixes https://pagure.io/freeipa/issue/7545
- - - - -
1189634d by Sergey Orlov at 2018-11-21T12:31:54Z
ipatests: add test for ipa-restore in multi-master configuration
Test ensures that after ipa-restore on the master, the replica can be
re-synchronized and a new replica can be created.
https://pagure.io/freeipa/issue/7455
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
85885918 by François Cami at 2018-11-23T09:54:46Z
Add a shared-vault-retrieve test
Add a shared-vault-retrieve test when:
* master has KRA installed
* replica has no KRA
This currently fails because of issue#7691
Related-to: https://pagure.io/freeipa/issue/7691
Signed-off-by: François Cami <fcami at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
d57d97ea by François Cami at 2018-11-23T09:54:46Z
Add a "Find enabled services" ACI in 20-aci.update so that all users can find IPA servers and services. ACI suggested by Christian Heimes.
Fixes: https://pagure.io/freeipa/issue/7691
Signed-off-by: François Cami <fcami at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
a20fe7c1 by Christian Heimes at 2018-11-23T11:58:41Z
PR-CI: Restart rpcbind when it blocks kadmin port
Every now and then, a PR-CI job fails because rpcbind blocks the kadmin
port 749/UDP and kadmin.service fails to start. When NFS secure port is
configured, rpcbind reserves a random low port.
A new workaround detects the blocked port and restarts rpcbind.service.
See: https://pagure.io/freeipa/issue/7769
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>
- - - - -
d3c90b32 by Varun Mylaraiah at 2018-11-26T09:30:10Z
Added test for ipa-client-install with a non-standard ldap.conf file Ticket: https://pagure.io/freeipa/issue/7418
Signed-off-by: Varun Mylaraiah <mvarun at redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf at redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo at redhat.com>
- - - - -
bc3e24c1 by Christian Heimes at 2018-11-28T16:17:00Z
pylint 2.2: Fix unnecessary pass statement
pylint 2.2.0 has a new checker for unnecessary pass statements. There is
no need to have a pass statement in functions or classes with a doc
string.
Fixes: https://pagure.io/freeipa/issue/7772
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
0ae08969 by Christian Heimes at 2018-11-28T16:17:00Z
pylint: Fix duplicate-string-formatting-argument
pylint 2.2 has a checker for duplicate string formatting argument.
Instead of passing the same argument multiple times, reference the
argument by position.
See: https://pagure.io/freeipa/issue/7772
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
f991319d by Christian Heimes at 2018-11-28T16:17:00Z
pylint: also verify scripts
Build all scripts in install/tools/ to check them with pylint, so that
``make pylint`` always checks all scripts. The script files are
generated by make.
Please note that fastlint does not check script files.
See: https://pagure.io/freeipa/issue/7772
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
fa78de9a by Christian Heimes at 2018-11-28T16:17:00Z
Address misc pylint issues in CLI scripts
The CLI script files have additional pylint issues that were not noticed
before. The violations include using dict.keys() without directly
iterating of the result, inconsistent return statements and set([])
instead of set literals.
* dict-keys-not-iterating
* inconsistent-return-statements
* onsider-using-set-comprehensio
See: https://pagure.io/freeipa/issue/7772
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
- - - - -
77d814b7 by Florence Blanc-Renaud at 2018-11-28T23:15:57Z
ipaldap.py: fix method creating a ldap filter for IPACertificate
ipa user-find --certificate and ipa host-find --certificate
fail to return matching entries, because the method transforming
the attribute into a LDAP filter does not properly handle
IPACertificate objects.
Directory Server logs show a filter with
(usercertificate=ipalib.x509.IPACertificate object at 0x7fc0a5575b90>)
When the attribute contains a cryptography.x509.Certificate,
the method needs to extract the public bytes instead of calling str(value).
Fixes https://pagure.io/freeipa/issue/7770
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
76900307 by Florence Blanc-Renaud at 2018-11-28T23:15:57Z
ipatests: add xmlrpc test for user|host-find --certificate
There were no xmlrpc tests for ipa user-find --certificate
or ipa host-find --certificate.
The commit adds tests for these commands.
Related to https://pagure.io/freeipa/issue/7770
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
0e3a9f68 by Christian Heimes at 2018-11-29T09:09:32Z
Increase debugging for blocked port 749 and 464
kadmin.service is still failing to start sometimes. List and check both
source and destination ports of listening and non-listening TCP and UDP
sockets.
See: https://pagure.io/freeipa/issue/7769
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>
- - - - -
05c5be1b by Adam Williamson at 2018-11-29T15:58:38Z
Fix authselect invocations to work with 1.0.2
Since authselect 1.0.2, invoking an authselect command sequence
like this:
['authselect', 'sssd', '', '--force']
does not work: authselect barfs on the empty string arg and
errors out. We must only pass a features arg if we actually have
some text to go in it.
This broke uninstallation.
In all cases, features are now passed as separate arguments instead of one
argument separated by space.
Fixes: https://pagure.io/freeipa/issue/7776
Signed-off-by: Adam Williamson <awilliam at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
ba636cec by Francisco Trivino at 2018-11-30T09:28:38Z
prci_definitions: update vagrant memory topology requirements
Memory requirements for master and replica have been increased
due to OOM issues. This PR updates prci_definitions accordingly.
This PR also roll-back ipaserver mem reqs to the previous value
since the WebUI tests were split into different blocks.
Fixes https://pagure.io/freeipa/issue/7777
Reviewed-By: Florence Blanc-Renaud <flo at redhat.com>
Reviewed-By: Francisco Trivino <ftrivino at redhat.com>
- - - - -
8ee3779d by Florence Blanc-Renaud at 2018-11-30T14:20:59Z
ipa upgrade: handle double-encoded certificates
Issue is linked to the ticket
#3477 LDAP upload CA cert sometimes double-encodes the value
In old FreeIPA releases (< 3.2), the upgrade plugin was encoding twice
the value of the certificate in cn=cacert,cn=ipa,cn=etc,$BASEDN.
The fix for 3477 is only partial as it prevents double-encoding when a
new cert is uploaded but does not fix wrong values already present in LDAP.
With this commit, the code first tries to read a der cert. If it fails,
it logs a debug message and re-writes the value caCertificate;binary
to repair the entry.
Fixes https://pagure.io/freeipa/issue/7775
Signed-off-by: Florence Blanc-Renaud <flo at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
2b0f3a1a by Florence Blanc-Renaud at 2018-11-30T14:20:59Z
ipatests: add upgrade test for double-encoded cacert
Create a test for upgrade with the following scenario:
- install master
- write a double-encoded cert in the entry
cn=cacert,,cn=ipa,cn=etc,$basedn
to simulate bug 7775
- call ipa-server-upgrade
- check that the upgrade fixed the value
The upgrade should finish successfully and repair
the double-encoded cert.
Related to https://pagure.io/freeipa/issue/7775
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
e224a317 by Francisco Trivino at 2018-11-30T19:04:56Z
PR-CI: Move to Fedora 29 template, version 0.2.0
Memory requirements for master and replica have been increased
due to OOM issues. This PR updates prci_definitions accordingly.
This PR also roll-back ipaserver mem reqs to the previous value
since the WebUI tests were split into different blocks.
Fixes https://pagure.io/freeipa/issue/7777
Reviewed-By: Diogo Nunes <dnunes at redhat.com>
- - - - -
83e2c011 by Christian Heimes at 2018-12-03T09:38:49Z
Update temp commit template to F29
The temp_commit.yaml template now uses F29 as well. It also contains all
topology configurations from the nightly jobs.
Fixes: https://pagure.io/freeipa/issue/7779
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
bf646a6e by Alexander Bokovoy at 2018-12-03T10:29:09Z
Become IPA 4.7.2
- - - - -
0d628721 by Timo Aaltonen at 2018-12-05T23:29:28Z
control: Replace libsvrcore-dev build-dep with 389-ds-base-dev.
- - - - -
c6b8b114 by Timo Aaltonen at 2018-12-05T23:32:10Z
tests: Install only the packages which are used for testing.
- - - - -
9d7e80c3 by Timo Aaltonen at 2018-12-05T23:39:11Z
rules: Don't run git on clean. (Closes: #912202)
- - - - -
5a1fb50a by Timo Aaltonen at 2018-12-06T00:16:29Z
control: Nodejs is not available on all archs, build server packages only where it is.
- - - - -
f0be6b08 by Timo Aaltonen at 2018-12-06T00:20:33Z
control: Add systemd to python-ipalib depends. (Closes: #851158)
- - - - -
9c53088d by Timo Aaltonen at 2018-12-06T00:22:40Z
releasing package freeipa version 4.7.1-3
- - - - -
bac01283 by Timo Aaltonen at 2019-01-07T15:45:13Z
client.tmpfile: Use /run instead of /var/run.
- - - - -
7bde22a2 by Timo Aaltonen at 2019-01-07T15:46:49Z
control.common: Use same arch set on node-uglify build-dep as for nodejs. (Closes: #918579)
- - - - -
f933185d by Timo Aaltonen at 2019-02-05T07:36:16Z
Merge branch 'upstream'
- - - - -
e11da3d7 by Timo Aaltonen at 2019-02-05T07:37:51Z
bump the version
- - - - -
2615ca14 by Timo Aaltonen at 2019-02-05T07:45:01Z
fix-fontawesome-path.diff: Refreshed.
- - - - -
46a46472 by Timo Aaltonen at 2019-02-05T10:39:29Z
rules: Build only the client until Dogtag works again.
- - - - -
5a06e28a by Timo Aaltonen at 2019-02-05T10:39:41Z
releasing package freeipa version 4.7.2-1
- - - - -
bb4ea007 by Timo Aaltonen at 2019-02-05T14:51:14Z
rules: Build the server for experimental.
- - - - -
01de245c by Timo Aaltonen at 2019-02-05T14:51:27Z
releasing package freeipa version 4.7.2-1+exp1
- - - - -
30 changed files:
- − .freeipa-pr-ci.yaml
- + .freeipa-pr-ci.yaml
- .gitignore
- .test_runner_config.yaml
- .test_runner_config_py3_temp.yaml
- ACI.txt
- API.txt
- Contributors.txt
- Makefile.am
- + Makefile.pythonscripts.am
- VERSION.m4
- client/Makefile.am
- client/config.c
- client/ipa-certupdate → client/ipa-certupdate.in
- client/ipa-client-automount → client/ipa-client-automount.in
- client/ipa-client-install → client/ipa-client-install.in
- client/ipa-join.c
- configure.ac
- daemons/dnssec/Makefile.am
- daemons/dnssec/ipa-dnskeysync-replica → daemons/dnssec/ipa-dnskeysync-replica.in
- daemons/dnssec/ipa-dnskeysyncd → daemons/dnssec/ipa-dnskeysyncd.in
- daemons/dnssec/ipa-ods-exporter → daemons/dnssec/ipa-ods-exporter.in
- daemons/ipa-kdb/ipa_kdb.c
- daemons/ipa-kdb/ipa_kdb_common.c
- daemons/ipa-kdb/ipa_kdb_mspac.c
- daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
- daemons/ipa-otpd/Makefile.am
- + daemons/ipa-otpd/ipa_otpd_queue_cmocka_tests.c
- daemons/ipa-otpd/queue.c
- daemons/ipa-sam/ipa_sam.c
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/compare/2107952c2b76f0159db90d6a07f949219fbeae07...01de245c3850e936225ed6aaca6acd8a5a60c076
--
View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/compare/2107952c2b76f0159db90d6a07f949219fbeae07...01de245c3850e936225ed6aaca6acd8a5a60c076
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20190210/00154a4f/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list