<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch upstream-next
at <a href="https://salsa.debian.org/freeipa-team/freeipa">FreeIPA packaging / freeipa</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/230760ffea83a9e9d82a0d23cb7fe3cd8993e271">230760ff</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-05-15T19:35:26Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">VERSION.m4: Set back to git snapshot
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/a0e846f56c8de3b549d1d284087131da13135e34">a0e846f5</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-05-16T15:32:29Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Return unique error when automount is already or not configured
Use identical return codes as ipa-client-install when uninstalling
ipa-client-automount and it is not configured, or when calling
it again to return that is ias already configured.
https://pagure.io/freeipa/issue/7396
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/a0eaa742343de194ecef2ff7c9e3c74e7f35f51f">a0eaa742</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-05-16T15:32:29Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Client install should handle automount unconfigured on uninstall
ipa-client-automount now returns CLIENT_NOT_CONFIGURED when it is
not configured. Handle this in uninstall().
https://pagure.io/freeipa/issue/7396
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/c61151f6aa0c033834aed70561fc762c06176555">c61151f6</a></strong>
<div>
<span>by Alexander Bokovoy</span>
<i>at 2018-05-17T20:55:42Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pylint3: workaround false positives reported for W1662
Pylint3 falsely reports warning W1662: using a variable that was bound
inside a comprehension for the cases where the same name is reused for a
loop after the comprehension in question.
Rename the variable in a loop to avoid it.
If the code looks like the following:
arr = [f for f in filters if callable(f)]
for f in arr:
result = result + f()
pylint3 would consider 'f' used outside of comprehension. Clearly, this
is a false-positive warning as the second 'f' use is completely
independent of the comprehension's use of 'f'.
Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/b82af698828354fcfb14200ab0dd5a397185ad59">b82af698</a></strong>
<div>
<span>by Aleksei Slaikovskii</span>
<i>at 2018-05-17T22:36:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Radius proxy multiservers fix
Now radius proxy plugin allows to add more then one radius server
into radius proxy but the first one from ldap response is being
parsed (you can see ./daemons/ipa-optd/parse.c).
So this kind of behaviour is a bug, as it was determined on IRC.
This patch removes possibility to add more then one radius server
into radius proxy.
Pagure: https://pagure.io/freeipa/issue/7542
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Alexander Koksharov <akokshar@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/8d508b8e954aca460949b5151422bf5f59f9eee8">8d508b8e</a></strong>
<div>
<span>by Michal Reznik</span>
<i>at 2018-05-18T10:17:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ui_tests: extend test_selinuxusermap.py suite
Extend test_selinuxusermap.py suite with new test cases. Details in
the ticket.
We also modify "add_table_associations" to handle "cancel" and
"negative" in the way other methods works.
Lastly, we start using dialog_btn=None to test keyboard confirmation
as we did use it incorrectly with "Negative=True" where it was already
confirmed by "click".
Added tests:
addselinuxusermap_MLS_singlelevel
addselinuxusermap_cancel
addselinuxusermap_disabledhbacrule
addselinuxusermap_MLS_range
addselinuxusermap_MCS_range
addselinuxusermap_MCS_commas
addselinuxusermap_MLS_singlevalue
addselinuxusermap_multiple
addandeditselinuxusermap
selinuxusermap_undo
selinuxusermap_refresh
selinuxusermap_reset
selinuxusermap_update
selinuxusermap_backlink_cancel
selinuxusermap_backlink_reset
selinuxusermap_backlink_update
selinuxusermap_deletemultiple
add_user_selinuxusermap_cancel
add_host_selinuxusermap_cancel
add_hostgroup_selinuxusermap_cancel
selinuxusermap_requiredfield
selinuxusermap_duplicate
selinuxusermap_nonexistinguser
selinuxusermap_invalidusersyntaxMCS
selinuxusermap_invalidusersyntaxMLS
add_usernegative_selinuxusermap
selinuxusermap_addNegativeHBACrule
selinuxusermap_search
selinuxusermap_searchnegative
selinuxusermap_disablemultiple
selinuxusermap_enablemultiple
selinuxusermap_deleteNegativeHBACrule
add_selinuxusermap_adder_dialog_bug910463
delete_selinuxusermap_deleter_dialog_bug910463
https://pagure.io/freeipa/issue/7544
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/0959c47676d11fa73ab10fb0559f8dc045d7f8dd">0959c476</a></strong>
<div>
<span>by Michal Reznik</span>
<i>at 2018-05-18T10:17:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ui_tests: add click_undo_button() func
Add click_undo_button() function to simplify clicking on
particular`s field undo button/s.
https://pagure.io/freeipa/issue/7544
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/3508227fc873be005f612a8b5f27a7a9fe1fb1be">3508227f</a></strong>
<div>
<span>by Varun Mylaraiah</span>
<i>at 2018-05-18T11:23:00Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Extend WebUI test_krbpolicy suite with the following test cases: test_verifying_button (verify button's action in various scenarios) test_negative_value (verify invalid values) test_verifying_measurement_unit
https://pagure.io/freeipa/issue/7540
Signed-off-by: Varun Mylaraiah <mvarun@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/3c9810e9639095779e9b4f7c8bf37de3d4b8922c">3c9810e9</a></strong>
<div>
<span>by Petr Čech</span>
<i>at 2018-05-18T14:39:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">webui:tests: Add tests for realmd domains
This patch expands WebUI testing on realmd domains
page. The added tests are:
test_add_single_labeled_domain
test_dnszone_del_hooked_to_realmdomains_mod
test_dns_reversezone_add_hooked_to_realmdomains_mod
test_dnszone_add_hooked_to_realmdomains_mod
test_del_domain_of_ipa_server_bug1035286
test_add_non_dns_configured_domain_positive
test_add_non_dns_configured_domain_negative
test_del_domain_with_force_update
test_del_domain_and_update
test_del_domain_and_refresh
test_del_domain_revert
test_del_domain_undo_all
test_del_domain_undo
test_add_domain_and_update
test_add_domain_with_trailing_space
test_add_domain_with_leading_space
test_add_empty_domain
test_add_duplicate_domaini
test_add_domain_and_revert
test_add_domain_and_refresh
test_add_domain_and_undo_all
test_add_domain_and_undo
test_add_domain_with_special_char
Reviewed-By: Felipe Volpone <felipevolpone@gmail.com>
Reviewed-By: Varun Mylaraiah <mvarun@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/d4f2f53eb25a03e3a3a4f1f0d6abb5306d52fa75">d4f2f53e</a></strong>
<div>
<span>by amitkumar50</span>
<i>at 2018-05-21T18:32:38Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipa-advise: remove plugin config-fedora-authconfig
ipa-advise config-fedora-authconfig produces a script with authconfig
instructions for configuring Fedora 18/19 client with IPA server
without use of SSSD. Fedora 18 and 19 are not supported any more,
so the plugin could be removed.
Resolves: https://pagure.io/freeipa/issue/7533
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/75e86f2f13cc2abef457593312cdd1b84d99733a">75e86f2f</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-22T06:39:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Run PR-CI with Fedora 28
Signed-off-by: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/e06c7566fdc540734eb62eb2ff1d149a6378e97a">e06c7566</a></strong>
<div>
<span>by amitkumar50</span>
<i>at 2018-05-22T15:03:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipa vault-archive overwrites an existing value without warning
Upstream ticket was raised for issuing an warning message
whenever data in ipa vault is overwritten.
In Bugzilla(1339129) its agreed upon that Current behavior is consistent
with other IPA commands. None of ipa mod commands asks for confirmation
and therefore it should be the same here.
But to document, that vault can contain only one value in ipa help vault.
This PR addresses the changes agreed in Bugzilla.
Resolves: https://pagure.io/freeipa/issue/5922
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/952b45a3a44929e325579211502ab020eea27786">952b45a3</a></strong>
<div>
<span>by Stanislav Laznicka</span>
<i>at 2018-05-24T07:54:26Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Travis: ignore 'line break after binary operator'
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/1e5c3d7c6a8ebe09991cf6fc8485e065a03c22d4">1e5c3d7c</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-25T14:26:14Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reproducer for issue 5923 (bytes in error response)
Error response used to contain bytes instead of text, which triggered an
exception.
See: https://pagure.io/freeipa/issue/5923
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/59ea580046a41aa3c3902871a88b3c7439297461">59ea5800</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-25T18:44:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Require python-ldap >= 3.1.0
python-ldap 3.1.0 fixes a segfault caused by a reference counting bug.
See: https://pagure.io/freeipa/issue/7324
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/dbc3788405b1d57c20946a98e40ca27c8ebac302">dbc37884</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-27T14:05:50Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use GnuPG 2 for symmentric encryption
The /usr/bin/gpg command is old, legacy GnuPG 1.4 version. The
recommended version is GnuPG 2 provided by /usr/bin/gpg2. For simple
symmentric encryption, gpg2 is a drop-in replacement for gpg.
Fixes: https://pagure.io/freeipa/issue/7560
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/8e165480ace76ab97e40e9396293eccff36497e0">8e165480</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-27T14:05:50Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use GnuPG 2 for backup/restore
ipa-backup and ipa-restore now use GnuPG 2 for asymmetric encryption, too.
The gpg2 command behaves a bit different and requires a gpg2 compatible
config directory. Therefore the --keyring option has been deprecated.
The backup and restore tools now use root's GPG keyring by default.
Custom configuration and keyring can be used by setting GNUPGHOME
environment variables.
Fixes: https://pagure.io/freeipa/issue/7560
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/45d776a7bf05f3495dee078c7dd58ed0db13f64a">45d776a7</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-05-27T14:08:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Don't try to set Kerberos extradata when there is no principal
This was causing ns-slapd to segfault in the password plugin.
https://pagure.io/freeipa/issue/7561
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/7c5ecb8d08827a60f77eda0911a6b39db5badf82">7c5ecb8d</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-05-27T14:08:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Rename test class for testing simple commands, add test
The concensus in the review was that the name test_commands was
more generic than test_ipa_cli.
Add a test to change the password for sysaccount users using
using ldappasswd to confirm that a segfault fix does not regress.
https://pagure.io/freeipa/issue/7561
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/af99032d901d55e56bccdc272cfbf3617de05b53">af99032d</a></strong>
<div>
<span>by Florence Blanc-Renaud</span>
<i>at 2018-05-28T19:25:47Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipa-server-install: publish complete cert chain in /usr/share/ipa/html/ca.crt
When IPA is installed with an externally signed CA, the master installer
does not publish the whole cert chain in /usr/share/ipa/html/ca.crt (but
/etc/ipa/ca.crt contains the full chain).
If a client is installed with a One-Time Password and without the
--ca-cert-file option, the client installer downloads the cert chain
from http://master.example.com/ipa/config/ca.crt, which is in fact
/usr/share/ipa/html/ca.crt. The client installation then fails.
Note that when the client is installed by providing admin/password,
installation succeeds because the cert chain is read from the LDAP server.
https://pagure.io/freeipa/issue/7526
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/1d70ce850e965a2d5475895aa88668756a6810b3">1d70ce85</a></strong>
<div>
<span>by Florence Blanc-Renaud</span>
<i>at 2018-05-28T19:25:47Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test for 7526
Add a test for issue 7526: install a client with a bulk enrollment
password, enrolling to an externally-signed CA master.
Without the fix, the master does not publish the whole cert chain
in /usr/share/ipa/html/ca.crt. As the client installer downloads the
cert from this location, client installation fails.
With the fix, the whole cert chain is available and client installation
succeeds.
The test_external_ca.py::TestExternalCA now requires 1 replica and 1
client, updated .freeipa-pr-ci.yaml accordingly.
Also removed the annotation @tasks.collect_logs from test_external_ca
as it messes with test ordering (and the test collects logs even
without this annotation).
Related to:
https://pagure.io/freeipa/issue/7526
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/9b8bb85ecac9b40f6f595a1736417da59d34d9d7">9b8bb85e</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-29T06:51:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add test case for allow-create-keytab
A ref counting bug in python-ldap caused create and retrieve keytab
feature to fail. Additional tests verify, that
ipaallowedtoperform;write_keys attribute is handled correctly.
See: https://pagure.io/freeipa/issue/7324
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/9a9c8ced30702a6c7ddb09e09f65caaa26b4efba">9a9c8ced</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-29T13:30:37Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use sane default settings for ldap connections
LDAP connections no longer depend on sane settings in global ldap.conf
and use good default settings for cert validation, CA, and SASL canonization.
https://pagure.io/freeipa/issue/7418
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/829998b19b30e5f71c4438598d92afc93a9f0162">829998b1</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-29T13:30:37Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Apply sane LDAP settings to C code
Common LDAP code from ipa-getkeytab and ipa-join are moved to libutil.a.
The common ipa_ldap_init() and ipa_tls_ssl_init() set the same options
as ldap_initialize()
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/172df673dd90446d8c414396c7b6e7c5f05e052f">172df673</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-29T13:30:37Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refuse PORT, HOST in /etc/openldap/ldap.conf
OpenLDAP has deprecated PORT and HOST stanzes in ldap.conf. The presence
of either option causes FreeIPA installation to fail. Refuse
installation when a deprecated and unsupported option is present.
Fixes: https://pagure.io/freeipa/issue/7418
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/0030118ddc81af2df215a31b3863e0f560332130">0030118d</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-05-29T15:03:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Create kadm5.acl if it doesn't exist
kadmind doesn't start without it, and Debian doesn't ship it by default.
Fixes: https://pagure.io/freeipa/issue/7553
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/7a27651a0a7eaa8cedd15d05fe89116f7b64b3c0">7a27651a</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-05-29T15:03:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">constants: Fix HTTPD_GROUP for Debian
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/a3a3d6da5bc88e0ec35420fb8f02aa0379248f3a">a3a3d6da</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-05-29T15:03:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">paths: Fix some path definitions for Debian.
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/86ef31d76081bde396788b6585af96b09dbb3333">86ef31d7</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-05-29T15:03:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add mkhomedir support for Debian
Fixes: https://pagure.io/freeipa/issue/7556
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/c5ee8ae5297f1686f4af74e74c284860515c2dc6">c5ee8ae5</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-05-29T15:03:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">named.conf: Disable duplicate zone on debian, and modify data dir
zone already imported via default zones.
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/ffdb20aeb31cf3b5f02f261aff11418ee3cf02d2">ffdb20ae</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-05-29T15:03:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ldapupdate: Add support for Debian multiarch
And since Fedora 28 dropped support for non-64bit, hardcode default LIBARCH as 64.
Fixes: https://pagure.io/freeipa/issue/7555
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/8c0d7bb92ff3d0b13702b41faa47e96f697f222e">8c0d7bb9</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2018-05-29T15:03:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix HTTPD SSL configuration for Debian.
The site and module configs are split on Debian, server setup needs
to match that.
Fixes: https://pagure.io/freeipa/issue/7554
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f47d86c719aa67f62f3d0c54f5270fc0fc8d1393">f47d86c7</a></strong>
<div>
<span>by Stanislav Laznicka</span>
<i>at 2018-05-29T15:03:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move config directives handling code
Move config directives handling code:
ipaserver.install.installutils -> ipapython.directivesetter
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/fb16bc933c839b9ce1a57684de416feacd8ac6a2">fb16bc93</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-30T06:18:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Require JSS 4.4.4 with fix for sub CA replication
The SQL backend of NSS behaves differently than the DBM backend.
Specifically PK11_UnwrapPrivateKey generates a different CKA_ID. JSS 4.4.4
contains a workaround for broken sub CA replication.
Note: FreeIPA doesn't depend on JSS directly. The version requirement
was added to update JSS to a working version
See: https://bugzilla.redhat.com/show_bug.cgi?id=1583140
Fixes: https://pagure.io/freeipa/issue/7536
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/2256f9ef6af5c5eb780a0c5aeadb249ff882549f">2256f9ef</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-05-30T06:53:12Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Validate the Directory Manager password before starting restore
The password was only indirectly validated when trying to
disable replication agreements for the restoration.
Only validate the password if the IPA configuration is available
and dirsrv is running.
https://pagure.io/freeipa/issue/7136
https://pagure.io/freeipa/issue/7535
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/59b3eb0433b85f554ba999487288ad18a2be33e0">59b3eb04</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-05-30T06:53:12Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add tests for ipa-restore with DM password validation check
ipa-restore should validate the DM password before executing
the restoration. This adds two test cases:
1. Restore with a bad DM password
2. Restore with dirsrv down so password cannot be checked
Related: https://pagure.io/freeipa/issue/7136
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/1da3eddf56450c4e41d92796fc303fdd0315690d">1da3eddf</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2018-05-30T13:09:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Handle compressed responses from Dogtag
We currently accept compressed responses for some Dogtag resources,
via an 'Accept: gzip, deflate' header. But we don't decompress the
received data. Inspect the response Content-Encoding header and
decompress the response body according to its value.
The `gzip.decompress` function is only available on Python 3.2 or
later. In earlier versions, it is necessary to use StringIO and
treat the compressed data as a file. This commit avoids this
complexity. Therefore it should only be included in Python 3 based
releases.
Fixes: https://pagure.io/freeipa/issue/7563
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/0a87de5ed523e0dc55d42a3e35882928c923e117">0a87de5e</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-30T13:09:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Backport gzip.decompress for Python 2
Python 2 doesn't have gzip.decompress(data: bytes) -> bytes function.
Backport the two line function from Python 3.6.
Fixes: https://pagure.io/freeipa/issue/7563
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/4274b361fe1940adb918572756e80da8dd8900b5">4274b361</a></strong>
<div>
<span>by Mohammad Rizwan Yusuf</span>
<i>at 2018-05-31T10:18:34Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test to check second replica installation after master restore
When master is restored from backup and replica1 is re-initialize,
second replica installation was failing. The issue was with ipa-backup
tool which was not backing up the /etc/ipa/custodia/custodia.conf and
/etc/ipa/custodia/server.keys.
related ticket: https://pagure.io/freeipa/issue/7247
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/3e4b9cd9693ee0682baf768b20bfa3fce431ca3d">3e4b9cd9</a></strong>
<div>
<span>by Pavel Picka</span>
<i>at 2018-05-31T11:05:05Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Adding WebUI Host test cases
Added test cases due to downstream test cases
- negative input
- ssh keys
- csr
- otp
- filter
- buttons
https://pagure.io/freeipa/issue/7550
Signed-off-by: Pavel Picka <ppicka@redhat.com>
Reviewed-By: Varun Mylaraiah <mvarun@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/a2e8d989a359690f493930461adf7f52a0cc745d">a2e8d989</a></strong>
<div>
<span>by Robbie Harwood</span>
<i>at 2018-05-31T15:53:25Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix elements not being removed in otpd_queue_pop_msgid()
If the element being removed were not the queue head,
otpd_queue_pop_msgid() would not actually remove the element, leading
to potential double frees and request replays.
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/cf25823e997ef4f5036470413522d9d25d6b11a7">cf25823e</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-05-31T18:12:49Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Print version string in installer
The server, replica, and client installer now print the current version
number on the console, before the actual installer starts. It makes it
easier to debug problems with failed installations. Users typically post
the console output in a ticket.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/816daf9355ea6a2dc62d0167431920aebc904b88">816daf93</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2018-06-01T13:40:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add missing space in error string
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/3927b0e7b1a6de1734d2e3b4e283dcc7d3f0a406">3927b0e7</a></strong>
<div>
<span>by Mohammad Rizwan Yusuf</span>
<i>at 2018-06-01T13:42:32Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Extended UI test for selfservice permission.
Follwoing scenario added:
- test_add_all_attr
- test_add_and_add_another
- test_add_and_edit
- test_add_and_cancel
- test_add_permission_undo
- test_add_permission_reset
- test_permission_negative
- test_del_multiple_permission
- test_permission_using_enter_key
- test_reset_sshkey_permsission
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/326fd6a70dc9fc9cb4b8bc45f76fe3f6092ee2a2">326fd6a7</a></strong>
<div>
<span>by amitkuma</span>
<i>at 2018-06-05T18:01:11Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Match Common Name attribute in Subject
ipa cert_find command has an option called --subject.
The option is documented as --subject=STR Subject.
It is expected that a --subject option searches by X.509 subject field but it does not do so.
It searches for CN not cert subject. Hence changing content of --subject help option.
Resolves: https://pagure.io/freeipa/issue/7322
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/992a5f482319369c231456e311bb316dd7747016">992a5f48</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-05T20:34:27Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move client templates to separate directory
PR https://github.com/freeipa/freeipa/pull/1747 added the first template
for FreeIPA client package. The template file was added to server
templates, which broke client-only builds.
The template is now part of a new subdirectory for client package shared
data.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f03df5fe41ed43e63ae7b7b63929140110bc85e0">f03df5fe</a></strong>
<div>
<span>by Felipe Barreto</span>
<i>at 2018-06-07T15:27:38Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Adding xfail to failing tests
The tests listed below are failing and we do not have time to debug them
and understand why. Adding xfail to keep it green.
TestInstallDNSSECLast::test_disable_reenable_signing_master
TestInstallDNSSECLast::test_disable_reenable_signing_replica
TestInstallDNSSECFirst::test_chain_of_trust
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/2b3eb5c567e1e5d4fe7d945e36615cef3dd4d144">2b3eb5c5</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-06-07T16:55:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Disable Schema Compat plugin during server upgrade
If this is enabled it can cause a deadlock with SSSD trying
to look up entries and it trying to get data on AD users
from SSSD.
When reading the entry from LDIF try to get the camel-case
nsslapd-pluginEnabled and fall back to the all lower-case
nsslapd-pluginenabled if that is not found. It would be nice
if the fetch function was case sensitive but this is likely
overkill as it is, but better safe than blowing up.
Upon restoring it will always write the camel-case version.
https://pagure.io/freeipa/issue/6721
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f976f6cfd8d3ca1f9bff822278086df1f999fdbe">f976f6cf</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-06-08T08:49:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use replace instead of add to set new default ipaSELinuxUserMapOrder
The add was in effect replacing whatever data was already there
causing any custom order to be lost on each run of
ipa-server-upgrade.
https://pagure.io/freeipa/issue/6610
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/b1f368c6829068bd3f5100829f9b36f479cc403c">b1f368c6</a></strong>
<div>
<span>by Michal Reznik</span>
<i>at 2018-06-08T12:03:30Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ui_tests: fixes for issues with sending key and focus on element
Fixes 2 issues in WebUI tests. One issue is that we are unable to
confirm a dialog by "Enter" keyboard - "actions.click()" helps
here to get focus on the page.
Second issue is probbaly related to screen resolution as we cannot
click to some of the action buttons (buttons which are having issue
varies).
https://pagure.io/freeipa/issue/7583
Reviewed-By: Pavel Picka <ppicka@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/533307382ad8212567337793bd42991885769a58">53330738</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-10T16:33:38Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use one Custodia peer to retrieve all secrets
Fix 994f71ac8a1bb7ba6bc9caf0f6e4f59af44ad9c4 was incomplete. Under some
circumstancs the DM hash and CA keys were still retrieved from two different
machines.
Custodia client now uses a single remote to upload keys and download all
secrets.
Fixes: https://pagure.io/freeipa/issue/7518
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/ed52baba0d34f2c0799c4ca3df074c367faa938f">ed52baba</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-11T06:44:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make Python 2 build dependency optional
The specfile now uses three variables to determinate how to handle
Python support.
with_python2: build python2-ipa* packages
with_python3: build python3-ipa* packages
with_default_python: use Python 3 or 2 for commands and packages
"with_default_python=3" is the default build flavor. "with_python3=0"
implies "with_default_python=2". Python 2 packages are still built on
Fedora by default.
The patch also cleans up and fixes additional issues:
* makeapi/makeaci require Python 3
* remove checks for unsupported distros like F27
* sort dependencies and remove duplicates
* remove python3-memcached dependency
* remove svrcore-devel dependency
* don't assume that gcc, make, and pkgconfig are provided by default
* fix packaging bug with ipa-test-* commands. Unversioned ipa-run-test
were packages with Python 2 RPMs although they had a Python 3 shebang.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1565263
Fixes: https://pagure.io/freeipa/issue/7500
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/390251d3dd19a6df4bba4116b9b5e6759322059a">390251d3</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-11T06:44:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Always build Python 3 packages
Remove with_python3 checks and always build Python 3 packages.
Co-authored-by: Stanislav Laznicka <slaznick@redhat.com>
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/ec9ea73b630499a239ebfa8aef73f0e529001f3e">ec9ea73b</a></strong>
<div>
<span>by Aleksei Slaikovskii</span>
<i>at 2018-06-11T08:48:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Uninstall fix for named-pkcs11
Sometimes named-pkcs11 is not being stopped or reloaded during
uninstall and it causes a lot of problems while testing, for example,
backup and restore tests are failing because of ipa-server-install
fails on checking DNS step.
Fixes backup/restore tests runs. Maybe something else.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/283987c1dff716bcfa77569d53cf7809b3f0b98a">283987c1</a></strong>
<div>
<span>by Aleksei Slaikovskii</span>
<i>at 2018-06-11T08:48:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Revert "Fixing TestBackupAndRestore::test_full_backup_and_restore_with_removed_users"
This reverts commit 415578a199a221a3ed78cbf4d629c3e4ff6f39ec.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/fe70a9e62b9a97ef5b4fb5426034cce1f38cf536">fe70a9e6</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-06-11T10:20:48Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Suppress missing cn=schema compat on installation
The schema compat plugin is disabled on upgrades but it is
possible that it is not configured at all and this will
produce a rather nasty looking error message.
Check to see if it is configured at all before trying to
disable it.
https://pagure.io/freeipa/issue/6610
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/c74f65ef235391c641a40e78fdd877cb04613e9c">c74f65ef</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-11T16:02:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Split external_ca PR-CI into two jobs
The external_ca job takes about 38 minutes of testing. Split the tests
into TestExternalCA (~17 minutes) and TestSelfExternalSelf +
TestExternalCAInstall (~20 minutes).
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f5a04da95ddd5ab89b356fdc33d3981dfddc3c3d">f5a04da9</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-12T06:38:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix translation of commands description in API Browser
The command description is taken from python docstring. Thus
commands should have them and should include the callings of
gettext to be translated.
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/114e46b7c946be69c174d2b8b07f5d527b6b7c4c">114e46b7</a></strong>
<div>
<span>by Kaleemullah Siddiqui</span>
<i>at 2018-06-13T20:23:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test coverage for multiservers for radius proxy
Test checks that no multiservers can be added for
radius proxy
Pagure: https://pagure.io/freeipa/issue/7542
Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/7d12bbb99bee40188168523ff685b7e8e573ba17">7d12bbb9</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-14T07:04:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use python3-lesscpy 0.13.0
Require python-lesscpy 0.13. with Python 3 fix and use py3-lesscpy to
compile ipa.css.
python2-lesscpy was the last Python 2 dependency.
Fixes: https://pagure.io/freeipa/issue/7585
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/907e1649580b8677d56da6207731addc178dca80">907e1649</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-15T06:30:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fedora 29 renamed fedora-domainname.service
In Fedora 29, the fedora-domainname.service has been renamed to
nis-domainname.service like on RHEL. The ipaplatform service module for
Fedora now only renames the service, when it detects the presence of
fedora-domainname.service.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1588192
Fixes: https://pagure.io/freeipa/issue/7582
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f1d5ab3a03191dbb02e5f95308cf8c4f1971cdcf">f1d5ab3a</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-15T11:02:53Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Increase WSGI process count to 5 on 64bit
Increase the WSGI daemon worker process count from 2 processes to 5
processes. This allows IPA RPC to handle more parallel requests. The
additional processes increase memory consumption by approximante 250 MB
in total.
Since memory is scarce on 32bit platforms, only 64bit platforms are
bumped to 5 workers.
Fixes: https://pagure.io/freeipa/issue/7587
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/4f4835a724c18f71318296609293a27efee6e308">4f4835a7</a></strong>
<div>
<span>by Anuja More</span>
<i>at 2018-06-18T12:53:32Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test for ipa-replica-install fails with PIN error for CA-less env.
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/eda831dba1e09e7f4660c64756343538042b48e0">eda831db</a></strong>
<div>
<span>by Florence Blanc-Renaud</span>
<i>at 2018-06-19T06:51:02Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Installer: configure authselect with-sudo
authselect needs to be configured with the 'with-sudo' feature (except
when ipa-client-install is called with the option --no-sudo).
https://pagure.io/freeipa/issue/7562
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f90e137a173385f2ff7622c6430a6178bccd730c">f90e137a</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-19T06:56:46Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Sort and shuffle SRV record by priority and weight
On multiple occasions, SRV query answers were not properly sorted by
priority. Records with same priority weren't randomized and shuffled.
This caused FreeIPA to contact the same remote peer instead of
distributing the load across all available servers.
Two new helper functions now take care of SRV queries. sort_prio_weight()
sorts SRV and URI records. query_srv() combines SRV lookup with
sort_prio_weight().
Fixes: https://pagure.io/freeipa/issue/7475
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/57fd79ffce8f655ae39f6e15b3f40632b4ddbd4b">57fd79ff</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-06-19T07:09:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace some test case adjectives
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/bdc3e3c58c94982e2c65c07823bd7e15041a87e8">bdc3e3c5</a></strong>
<div>
<span>by Mohammad Rizwan Yusuf</span>
<i>at 2018-06-19T10:44:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Extended UI test for Certificates
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Michal Reznik <mreznik@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f1c7d3c27839709808f67791274215fd2555ad40">f1c7d3c2</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-19T12:37:53Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Start to deprecate Python 2 and 3.5
Python 2 will reach EOL in 18 months. Start to issue deprecation
warnings on Python 2.
No longer claim support for Python 3.5. Python 3.5 is untested.
NOTE: At first I tried to raise the deprecation warning from
ipalib.__init__. This caused some unforseen side-effects with
ipaplatform namespace package on Python 2. Eventually it was easier to
raise the deprecation warning in ipaplatform. RHEL and Debian platforms
don't raise the deprecation warning yet, because they use Python 2.
Fixes: https://pagure.io/freeipa/issue/7568
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/2d278720db4af334bc32575a02e7a555f5a896c6">2d278720</a></strong>
<div>
<span>by Michal Reznik</span>
<i>at 2018-06-19T12:58:08Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ui_tests: extend test_config.py suite
Extend test_config.py suite with new test cases.
Added tests:
config_email_undo
config_groupsearch_reset
groupsearchfield_blank
groupsearchfield_existing
groupsearchfield_leading_space
groupsearchfield_notallowed
groupsearchfield_trailing_space
usersearchfield_trailing_space
sizelimit_blank
sizelimit_letter
sizelimit_space
timelimit_blank
timelimit_letter
timelimit_negative
timelimit_space
userDefaultShell_blank
userDefaultShell_leading_space
userDefaultShell_new
userDefaultShell_specialchar
userDefaultShell_trailing_space
useremail_leading_space
useremail_new
useremail_trailing_space
usergroup_new
userhomedir_blank
userhomedir_leading_space
userhomedir_numbers
userhomedir_space_inbetween
userhomedir_specialchar
userhomedir_trailing_space
usermigrationmode_disable
usermigrationmode_enable
usernamelength_blank
usernamelength_letters
usernamelength_max
usernamelength_new
usernamelength_space_inbetween
usernamelength_specialchar
userpwdexpnotify_blank
userpwdexpnotify_letters
userpwdexpnotify_max
userpwdexpnotify_space_inbetween
userpwdexpnotify_specialchar
usersearchfield_blank
usersearchfield_existing
usersearchfield_leading_space
usersearchfield_new
usersearchfield_notallowed
https://pagure.io/freeipa/issue/7576
Reviewed-By: Pavel Picka <ppicka@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/0b794cd43b0e8a18517cbccdec2f183ce4cb38ec">0b794cd4</a></strong>
<div>
<span>by Florence Blanc-Renaud</span>
<i>at 2018-06-19T16:06:56Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix dependency for *-domainname.service file
FreeIPA has a dependency on /usr/lib/systemd/system/*-domainname.service
file. In fedora <=28, this is provided by package 'initscripts'
but in fedora >= 29, this is provided by package 'hostname'.
Fixes:
https://pagure.io/freeipa/issue/7591
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/b96906156be37a7b29ee74423b82f04070c84e22">b9690615</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-06-20T06:38:03Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Improve console logging for ipa-server-install
The server installation and uninstallation overlaps both the
server and client installers. The output could be confusing
with a server uninstall finishing with the message:
The ipa-client-install command was successful
This was in part due to the fact that the server was not
configured with a console format and verbose was False which
meant that no logger messages were displayed at all.
In order to suppress client installation errors and avoid
confusion add a list of errors to ignore. If a server install
was not successful and hadn't gotten far enough to do the
client install then we shouldn't complain loudly about it.
https://pagure.io/freeipa/issue/6760
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/8ea227451f4d85dbca6a331a607d25744e85121b">8ea22745</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-06-20T06:38:03Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop attr defaultServerList if removing the last server
This otherwise returns a syntax error if trying to set
an empty value.
Related: https://pagure.io/freeipa/issue/6760
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/00ddb5dd53a2eb21cd7c97167b8a5f87ab728b07">00ddb5dd</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-06-20T06:38:03Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">server install: drop some print statements, change log level
The server installer had no console logger set so print
statements were used for communication. Now that a logger
is enabled the extra prints need to be dropped.
A number of logger.info statements have been upgraded
to debug since they do not need to appear on the console
by default.
https://pagure.io/freeipa/issue/6760
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/036d51d5143a142e6a3070e6328a7bcd9b2125f0">036d51d5</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-06-20T06:38:03Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Handle subyptes in ACIs
While enabling console output in the server installation the
"Allow trust agents to retrieve keytab keys for cross realm
principals" ACI was throwing an unparseable error because
it has a subkey which broke parsing (the extra semi-colon):
userattr="ipaAllowedToPerform;read_keys#GROUPDN";
The regular expression pattern needed to be updated to handle
this case.
Related: https://pagure.io/freeipa/issue/6760
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/9ead70844e656b0b49433154e748769894cfb2ba">9ead7084</a></strong>
<div>
<span>by Anuja More</span>
<i>at 2018-06-20T08:06:39Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test that host can remove there own services
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/84ae625fe2c3786f7c5430f23a55c171ff54e110">84ae625f</a></strong>
<div>
<span>by Ganna Kaihorodova</span>
<i>at 2018-06-20T10:42:51Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">check nsds5ReplicaReleaseTimeout option was set
Check for nsds5ReplicaReleaseTimeout option was set
relates to: https://pagure.io/freeipa/issue/7488
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/8c3ff0308c95793a6809b8e0a3ed2a145ad3c8ea">8c3ff030</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-21T09:49:26Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Always set ca_host when installing replica
ipa-replica-install only set ca_host in its temporary
/etc/ipa/default.conf, when it wasn't installing a replica with CA. As a
consequence, the replica installer was picking a random CA server from
LDAP.
Always set the replication peer as ca_host. This will ensure that the
installer uses the same replication peer for CA. In case the replication
peer is not a CA master, the installer will automatically pick another
host later.
See: https://pagure.io/freeipa/issue/7566
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f4716b69910f082a2fe039338f4268d941792258">f4716b69</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-21T13:30:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add support for format method to translation objects
For now translation classes have old style % formatting way only.
But 'format' is convenience, preferred in Python3 string formatting method.
Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/854597c411764b603ebbe15d97dbcadac321548d">854597c4</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-21T13:30:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use intended format() method of translation object
Translation objects have support for format(). This allows to
get rid of unicode() which is deprecated in Python3.
Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/65414d1471fde54f41129d9641c0fec7160f0896">65414d14</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-21T13:30:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix formatted translations in domainlevel plugin
For now formatting is applied for bare messages before translating.
This breaks python-brace-format and message becomes untranslatable.
Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/229f1608db868ced234e84e0bc7e949decd3e75e">229f1608</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-21T13:30:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix translation of idrange_* commands description
For now formatting is applied for bare messages before translating.
This breaks python-brace-format and message becomes untranslatable
at all.
Also some messages to be translated at request time should
not use format().
Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/6f245db8eacb9bdc1e248b4f6f25e5eb785478c4">6f245db8</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-21T13:30:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix formatted translations in trust plugin
Translation objects have support for format(). This allows to
get rid of unicode() which has been removed in Python3.
Also some messages to be translated at request time should
not use format()
Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/1dfdbfd8bf9657e4066a3ba5f847dbcb35228f0c">1dfdbfd8</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-21T13:30:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix formatted translations of error messages in serverroles plugin
For now formatting is applied for bare messages before translating.
This breaks python-brace-format and message becomes untranslatable
at all.
Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/4b3bc490d3be109ea048f165a1929438760d8a54">4b3bc490</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-21T13:30:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix formatted translations of error messages in topology plugin
For now formatting is applied for bare messages before translating.
This breaks python-brace-format and message becomes untranslatable
at all.
Fixes: https://pagure.io/freeipa/issue/7586
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/6fb45d2f5649e516b0e6b865d07649a8583f90e6">6fb45d2f</a></strong>
<div>
<span>by Tomas Krizek</span>
<i>at 2018-06-21T13:54:49Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">test_dnssec: re-add named-pkcs11 workarounds
DNSSEC tests starrted to fail again, probably due to a bug in
some underlaying component.
This reverts commit 8bc677512296a7e94c29edd0c1a96aa7273f352a
and makes the xfail test check less strict - it will no longer
mark the test suite red if it passes.
Run DNSSEC tests on PR-CI
Co-authored-by: Felipe Barreto <fbarreto@redhat.com>
Related https://pagure.io/freeipa/issue/5348
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/dae4aac912123db5f8152c566b96c2183b8a0cdc">dae4aac9</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-21T13:54:49Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tests: Set default TTL for DNS zones to 1 sec
When running IPA tests, a default TTL for the zone should be set
very low to allow get rid of timeouts in the tests. Zone updates should
be propagated to the clients as soon as possible.
This is not something that should be used in production so the change is
done purely at install time within the tests. As zone information is
replicated, we only modify it when creating a master with integrated
DNS.
This change should fix a number of DNSSEC-related tests where default
TTL is longer than what a test expects and a change of DNSSEC keys
never gets noticed by the BIND. As result, DNSSEC tests never match
their expected output with what they received from the BIND.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Co-authored-by: Alexander Bokovoy <abokovoy@redhat.com>
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/3a8f0bb16b9201089638eb4cbbcfe032be878ddc">3a8f0bb1</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-21T13:54:49Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove restarted_named and xfail
With shorter TTL, several named restarts are no longer necessary to make
tests pass. The test case TestZoneSigningWithoutNamedRestart is no
longer relevant, too.
Modification of the root zone and disabling/enabling signing still seems
to need a restart. I have marked those cases as TODO.
See: https://pagure.io/freeipa/issue/5348
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/32ed10caf95973a0103d1257a1074e0343a91f47">32ed10ca</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-21T16:42:05Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Apply validate_doc() to NO_CLI commands
This should prevent from NO_CLI commands have no translatable
description or have no one at all in Web UI API Browser.
Fixes: https://pagure.io/freeipa/issue/7592
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/c1f7a14c95fbf1d247f63c343fdd6a5773e1ab16">c1f7a14c</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-06-21T16:42:05Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix some untranslatable commands in Web UI API Browser
There are some missing translatable docstrings of commands and modules.
Fixes: https://pagure.io/freeipa/issue/7592
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/de8d308196bab1dac5bba7a8a6a517a1e67e877f">de8d3081</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-06-21T18:42:15Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipaserver config plugin: Increase search records minimum limit
Check if the given search records value is greater than an arbitrary number that is not so close to zero.
https://pagure.io/freeipa/issue/6617
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/14c869b347e488e40544ee1e6c4b35341124c76c">14c869b3</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-22T11:01:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Improve and fix timeout bug in wait_for_entry()
replication.wait_for_entry() now can wait for an attribute value to
appear on a replica.
Fixed timeout handling caused by bad rounding and comparison. For small
timeouts, the actual time was rounded down. For example for 60 seconds
timeout and fast replica, the query accumulated to about 0.45 seconds
plus 60 seconds sleep. 60.45 is large enough to terminate the loop
"while int(time.time()) < timeout", but not large enough to trigger the
exception in "if int(time.time()) > timeout", because int(60.65) == 60.
See: https://pagure.io/freeipa/issue/7593
Fixes: https://pagure.io/freeipa/issue/7595
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/1b966f708aa33c07f68fc30daaf6e4800a6b4a53">1b966f70</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-22T11:01:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use common replication wait timeout of 5min
Instead of multiple timeout values all over the code base, all
replication waits now use a common timeout value from api.env of 5
minutes. Waiting for HTTP/replica principal takes 90 to 120 seconds, so
5 minutes seem like a sufficient value for slow setups.
Fixes: https://pagure.io/freeipa/issue/7595
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/ad838c37a9ca2d1c5a2e0becf73ddacb004b3ab6">ad838c37</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-22T11:01:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix replication races in Dogtag admin code
DogtagInstance.setup_admin and related methods have multiple LDAP
replication race conditions. The bugs can cause parallel
ipa-replica-install to fail.
The code from __add_admin_to_group() has been changed to use MOD_ADD
ather than search + MOD_REPLACE. The MOD_REPLACE approach can lead to
data loss, when more than one writer changes a group.
setup_admin() now waits until both admin user and group membership have
been replicated to the master peer. The method also adds a new ACI to
allow querying group member in the replication check.
Fixes: https://pagure.io/freeipa/issue/7593
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/c7ac8b91db19094e7c22b35afd47351a44bd2526">c7ac8b91</a></strong>
<div>
<span>by Sudhir Menon</span>
<i>at 2018-06-22T15:02:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">DOAP Description for IPA Project
https://pagure.io/freeipa/issue/2536
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/89ae4341311df1e64a499c69ef762de3ffb1b369">89ae4341</a></strong>
<div>
<span>by Sudhir Menon</span>
<i>at 2018-06-22T15:02:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Adding modified DOAP file
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/e90d90c5c36c5c415613930baf8559f47362b446">e90d90c5</a></strong>
<div>
<span>by Mohammad Rizwan Yusuf</span>
<i>at 2018-06-25T08:37:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Check if issuer DN is updated after self-signed > external-ca
This test checks if issuer DN is updated properly after CA is
renewed from self-signed to external-ca
related ticket: https://pagure.io/freeipa/issue/7316
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Replaced hardcoded issuer CN for external ca with constant
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/0e21d933916b71d901310db6d16694401c289dd9">0e21d933</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-25T11:41:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use 4 WSGI workers on 64bit systems
Commit f1d5ab3a03191dbb02e5f95308cf8c4f1971cdcf increases WSGI worker
count to five. This turned out to be a bit much for our test systems.
Four workers are good enough and still double the old amount.
See: https://pagure.io/freeipa/issue/7587
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/ba8cbb8c62d270772a9d70f5b2ca3bdab1e75d49">ba8cbb8c</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-27T09:05:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Ensure that public cert and CA bundle are readable
In CIS hardened mode, the process umask is 027. This results in some
files not being world readable. Ensure that write_certificate_list()
calls in client installer, server installer, and upgrader create cert
bundles with permission bits 0644.
Fixes: https://pagure.io/freeipa/issue/7594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/1434f2a203b123c8fedfa464f22ce13de89897de">1434f2a2</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-27T09:05:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Always make ipa.p11-kit world-readable
Ensure that ipa.p11-kit is always world-readable.
Fixes: https://pagure.io/freeipa/issue/7594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/89b2137dc257dfe3db0ff097e6c797223c2b5664">89b2137d</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-27T09:05:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make /etc/httpd/alias world readable & executable
The directory /etc/httpd/alias contains public key material. It must be
world readable and executable, so any client can read public certs.
Note: executable for a directory means, that a process is allowed to
traverse into the directory.
Fixes: https://pagure.io/freeipa/issue/7594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/c2eb0f1612c920d03a8fd14863412c9cef275a3d">c2eb0f16</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-27T09:05:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix permission of public files in upgrader
Make CA bundles, certs, and cert directories world-accessible in
upgrader.
Fixes: https://pagure.io/freeipa/issue/7594
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/39ac5f442a73aceb8690a5f07fcf08ea71893962">39ac5f44</a></strong>
<div>
<span>by Varun Mylaraiah</span>
<i>at 2018-06-27T11:31:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ui_tests: extend test_pwpolicy.py suite
Extend WebUI test_pwpolicy suite with the following test cases
Details in the ticket https://pagure.io/freeipa/issue/7574
Added tests:
krbpwdminlength: lower range integer
krbmaxpwdlife: non-integer, abc
krbmaxpwdlife: upper range integer,2147483648
krbmaxpwdlife: lower range integer,-1
krbminpwdlife: non-integer,edf
krbminpwdlife: upper range integer,2147483648
krbminpwdlife: lower range integer,-1
krbpwdhistorylength: non-integer,HIJ
krbpwdhistorylength: upper range integer,2147483648
krbpwdhistorylength: lower range integer,-1
krbpwdmindiffchars: noon-integer,3lm
krbpwdmindiffchars: upper range integer,2147483648
krbpwdmindiffchars: lower range integer, -1
krbpwdminlength: non-integer, n0p
krbpwdminlength: upper range integer,2147483648
krbpwdminlength: lower range integer, -1
cospriority: non-integer, abc
cospriority: upper range integer,2147483648
cospriority: lower range integer,-1
krbpwdmaxfailure: non-integer
krbpwdmaxfailure: upper range integer
krbpwdmaxfailure: lower range integer
krbpwdfailurecountinterval: non-integer
krbpwdfailurecountinterval: upper range integer
krbpwdfailurecountinterval: lower range integer
krbpwdlockoutduration: non-integer
krbpwdlockoutduration: upper range integer
krbpwdlockoutduration: lower range integer
deletePolicy_with various scenario
MeasurementUnitAdded_Bug798363
Delete global password policy
add_Policy_adder_dialog_bug910463
delete_Policy_deleter_dialog_bug910463
test field: cospriority
modifyPolicy(undo/refresh/reset)
empty policy name
upper bound of data range
lower bound of data range
non integer for policy priority
Signed-off-by: Varun Mylaraiah <mvarun@redhat.com>
Reviewed-By: Pavel Picka <ppicka@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/81f36df7acdccac9b66d2e10adf9a04f8fb7fadd">81f36df7</a></strong>
<div>
<span>by Alexander Bokovoy</span>
<i>at 2018-06-27T15:49:35Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipaserver/dcerpc.py: handle indirect topology conflicts
When AD forest A has a trust with a forest B that claims ownership
of a domain name (TLN) owned by an IPA forest, we need to build
exclusion record for that specific TLN, not our domain name.
Use realmdomains to find a correct exclusion entry to build.
Fixes: https://pagure.io/freeipa/issue/7370
Reviewed-By: Armando Neto <abiagion@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/d622be295a8c61fc3b3213527de1684c4af6a7ac">d622be29</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-06-27T18:25:39Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Prevent the creation on users and groups with numeric characters only
Update regular expression validator to prevent user and group creation.
Fixes: https://pagure.io/freeipa/issue/7572
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/a39f65634036bc173bcb99120a41447d9ea1bfeb">a39f6563</a></strong>
<div>
<span>by Florence Blanc-Renaud</span>
<i>at 2018-06-28T09:41:17Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipa-client-install: enable and start oddjobd if mkhomedir
Since the switch to authselect, the service oddjobd is not
automatically enabled when ipa client is installed with
--mkhomedir.
The fix makes sure that the service is enabled/started, and
stores the pre-install state in sysrestore.state, in order
to revert to the pre-install state when uninstall is called
Fixes:
https://pagure.io/freeipa/issue/7604
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/7bf99e8dc57c78444f0d7fbeeaeae8071dc22503">7bf99e8d</a></strong>
<div>
<span>by Florence Blanc-Renaud</span>
<i>at 2018-06-28T09:41:17Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add test for ticket 7604: ipa-client-install --mkhomedir doesn't enable oddjobd
Add a test checking that ipa-client-install --mkhomedir
is properly enableing/starting oddjobd.
Related to:
https://pagure.io/freeipa/issue/7604
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/0128b3f92ec2b9372fe9ff4d2120af9ca7fbd9a0">0128b3f9</a></strong>
<div>
<span>by Anuja More</span>
<i>at 2018-06-29T08:31:50Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test for ipa-client-install should not use hardcoded admin principal
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/52cdd213b4320ef463c4d0053b436511e3f53709">52cdd213</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-29T13:48:43Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Catch ACIError instead of invalid credentials
ipaldap's LDAPClient client turns INVALID_CREDENTIAL error into
ACIError. Catch the ACIError and wait until the user has been
replicated.
Apparently no manual or automated test ran into the timeout during
testing.
Fixes: Fixes: https://pagure.io/freeipa/issue/7593
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f8159d0be003ebd9baefcb76f07375fccc6f5a13">f8159d0b</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-29T15:20:19Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Pythhon3.7: re module has no re._pattern_type
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/4084189f0983fb203d9b33888fbbc350cd1814d3">4084189f</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-06-29T15:20:19Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pylint: Class node has been renamed to ClassDef
nodes.Class has been removed from pylint and astroid 2.0. The new names
have been available for a while.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/627cb490d2919daa8bd11310df987fced4bf9354">627cb490</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-07-03T13:37:27Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Extend CALessBase::installer_server to accept extra_args
Allow callers to pass abitrary extra arguments to the installer.
This is useful when using a CALess installation in order to
speed up tests that require a full install but do not require
a full PKI.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/00dceb434d0cd7aeddbd3c3eec04d5ac4efea61e">00dceb43</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2018-07-03T13:37:27Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Skip zone overlap check with auto-reverse
Skip the existing reverse zone overlap check during DNS installation
when both --auto-reverse and --allow-zone-overlap arguments are
provided.
https://pagure.io/freeipa/issue/7239
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/dcaa62f6a4e0a57de9d0affda584a27539bc4a36">dcaa62f6</a></strong>
<div>
<span>by Nikhil Dehadrai</span>
<i>at 2018-07-03T15:04:50Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Test for improved Custodia key distribution
The test checks that custodia keys are properly
replicated from the source and are successfully
distributed amongst peer system upon successful
replica installation.
Fixes: https://pagure.io/freeipa/issue/7518
Signed-off-by: Nikhil Dehadrai <ndehadra@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/6896c90eb25ffa6ab1ae64efa06b1f8c854aaed6">6896c90e</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-04T07:32:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Extend Sub CA replication test
Test more scenarios like replication replica -> master. Verify that master
and replica have all expected certs with correct trust flags and all keys.
See: https://pagure.io/freeipa/issue/7590
See: https://pagure.io/freeipa/issue/7589
Fixes: https://pagure.io/freeipa/issue/7611
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/a7627a7d8a226dc274ba8e9fdd0804edefdba2c6">a7627a7d</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-04T07:32:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Require JSS 4.4.5 with replication fixes
JSS fixes two issues related to cert replication and trust flags. The
bugs causes the replicated NSS DB to miss public key entries.
See: https://github.com/dogtagpki/jss/pull/13
See: https://github.com/dogtagpki/jss/pull/15
Fixes: https://pagure.io/freeipa/issue/7590
Fixes: https://pagure.io/freeipa/issue/7589
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/e140d198eaf6982a966b2d0bf3edbd091142a894">e140d198</a></strong>
<div>
<span>by Michal Reznik</span>
<i>at 2018-07-04T13:21:30Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ui_tests: stabilization fixes
This patch aims to fix the following tests which seems to be quite
unstable recently:
test_user::test_actions - closing notification and moving to element
to have screenshot of current place.
test_user::certificates - add wait() / close_notification
Also adds missing @screenshot decorator to test_user_misc method.
Reviewed-By: Pavel Picka <ppicka@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/79391ad8e1e15af14b86167fb110c139d291a0a0">79391ad8</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-07-04T13:21:30Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ui_tests: fix test_config::test_size_limits
Fix a regression caused by: https://pagure.io/freeipa/issue/7606
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Pavel Picka <ppicka@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/417f74868276cf67580d39d82f5bbfe96c83d62c">417f7486</a></strong>
<div>
<span>by Michal Reznik</span>
<i>at 2018-07-04T14:03:02Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipa_tests: ipa-replica-prepare stuck on user input
TestOldReplicaWorksAfterDomainUpgrade is getting stuck while
running "ipa-replica-prepare" as it is asking for user input:
"Do you want to search for missing reverse zones?". Adding
"--auto-reverse" in order to continue.
https://pagure.io/freeipa/issue/7615
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/53c549664795f54dbc337e45aeba84fbff843109">53c54966</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-07-05T17:42:43Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipa-client-install: Update how comments are added by ipachangeconf
Due to how 'openldap-client' parses its configuration files this patch
changes how comments are added, moving them to the line above instead
of appending to the same line.
IPA doesn't want to break existing configuration, if a value already
exists it adds a comment to the modified setting and a note about that
on the line above.
New settings will be added without any note.
Issue: https://pagure.io/freeipa/issue/5202
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/198a2c61129675b928bb7a970d5fc4c63a032456">198a2c61</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-05T17:45:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Import ABCs from collections.abc
Python 3 has moved all collection abstract base classes to
collections.abc. Python 3.7 started to deprecate the old aliases.
The whole import block needs to be protected with import-error and
no-name-in-module, because Python 2 doesn't have collections.abc module and
collections.abc.Mapping, while Python 3 doesn't have collections.Mapping.
Fixes: https://pagure.io/freeipa/issue/7609
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/9c86d35a3f0af4a793fada7dfe726e9cc66782ea">9c86d35a</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-05T17:46:42Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleanup shebang and executable bit
- Add missing executable bits to all scripts
- Remove executable bits from all files that are not scripts,
e.g. js, html, and Python libraries.
- Remove Python shebang from all Python library files.
It's frown upon to have executable library files in site-packages.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/e8d33ccfd16dc82cfe383bb36eb15db60dafb19d">e8d33ccf</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-07-05T21:09:27Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipa-server-install: fix zonemgr argument validator
Fix `ERROR 'str' object has no attribute 'decode'` when --zonemgr is
passed to ipa-server-install.
Solution copied from commit 75d26e1f0121f875bdb017b0636c02a6f5660e8a,
function `ipaserver.install.bindinstance.zonemgr_callback` duplicates
the behavior of the method affected by this patch.
Issue: https://pagure.io/freeipa/issue/7612
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/7c2ca14118f3396b2b4ca4ac4d4d986569349415">7c2ca141</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-06T11:26:43Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Query for server role IPA master
server_find and server_role plugin were hiding IPA master role
information. It's now possible to fetch IPA master role information and
to filter by IPA master role, e.g. to ignore servers that have some
services configured but not (yet) enabled.
See: https://pagure.io/freeipa/issue/7566
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/10457a01bf6077e6978b3672dbbd7dc86a170e91">10457a01</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-06T11:26:43Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Only create DNS SRV records for ready server
When installing multiple replicas in parallel, one replica may create
SRV entries for other replicas, although the replicas aren't fully
installed yet. This may cause some services to connect to a server, that
isn't ready to serve requests.
The DNS IPASystemRecords framework now skips all servers that aren't
ready IPA masters.
See: https://pagure.io/freeipa/issue/7566
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/7284097eedef70dd556270732e6ab8e23501ce09">7284097e</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-06T11:26:43Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Delay enabling services until end of installer
Service entries in cn=FQDN,cn=masters,cn=ipa,cn=etc are no longer
created as enabled. Instead they are flagged as configuredService. At
the very end of the installer, the service entries are switched from
configured to enabled service.
- SRV records are created at the very end of the installer.
- Dogtag installer only picks fully installed servers
- Certmonger ignores all configured but not yet enabled servers.
Fixes: https://pagure.io/freeipa/issue/7566
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/e32cfd14a9559a126e29f8c0215e3e80bf3924f6">e32cfd14</a></strong>
<div>
<span>by Florence Blanc-Renaud</span>
<i>at 2018-07-06T15:40:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipa client uninstall: clean the state store when restoring hostname
When ipa client was installed with the --hostname= option, it stores
[network]
hostname = (current hostname)
in /var/lib/ipa-client/sysrestore/sysrestore.state and changes the hostname
from (current hostname) to the value provided in --hostname.
During uninstall, the previous hostname is restored but the entry does
not get removed from sysrestore.state. As the uninstaller checks if all
entries from sysrestore.state have been restored, it warns that some
state has not been restored.
The fix calls statestore.restore_state() instead of statestore.get_state()
as this method also clears the entry.
https://pagure.io/freeipa/issue/7620
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/8fa767622f2e3f40109cbb85b7d3dccfd4e33a2e">8fa76762</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-06T15:53:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix CA topology warning
Commit 7284097eedef70dd556270732e6ab8e23501ce09 kept
find_providing_servers('CA') call before enable_services(). Therefore the
list of known CA servers did not contain the current replica.
ipa-replica-install on the first replica with --setup-ca still printed
the CA topology warning.
See: https://pagure.io/freeipa/issue/7566
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f29412729e0a6b81f42043a93682bd944f0afa8a">f2941272</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-07-06T16:25:52Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">replicainstall: DS SSL replica install pick right certmonger host
Extend fix 0f31564b35aac250456233f98730811560eda664 to also move
the DS SSL setup so that the xmlrpc_uri is configured to point
to the remote master we are configuring against.
https://pagure.io/freeipa/issue/7566
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/b274da726b896730b47d47f4ad664c5c0583b469">b274da72</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-07-07T08:20:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace file.flush() calls with flush_sync() helper
Calls to `os.fsync(f.fileno())` need to be accompained by `f.flush()`.
Commit 8bbeedc93fd442cbbb9bb70e5f446011e95211db introduces the helper
`ipapython.ipautil.flush_sync()`, which handles all calls in the right
order.
However, `flush_sync()` takes as parameter a file object with fileno
and name, where name must be a path to the file, this isn't possible
in some cases where file descriptors are used.
Issue: https://pagure.io/freeipa/issue/7251
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/199d50a4c8ac2dd96a8bca3af4a90e4a9c05adf9">199d50a4</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-09T12:36:42Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix race condition in get_locations_records()
The method IPASystemRecords.get_locations_records() has a race condition.
The IPASystemRecords object creates a mapping of server names to server
data. get_locations_records() uses server_find() again to get a list of
servers, but then operates on the cached dict of server names.
In parallel replication case, the second server_find() call in
get_locations_records() can return additional servers. Since the rest of
the code operates on the cached data, the method then fails with a KeyError.
server_data is now an OrderedDict to keep same sorting as with
server_find().
Fixes: https://pagure.io/freeipa/issue/7566
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/811b0fdb4620938963f1a29d3fdd22257327562c">811b0fdb</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-09T16:20:17Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Tune DS replication settings
Tune 389-DS replication settings to improve performance and avoid
timeouts. During installation of a replica, the value of
nsDS5ReplicaBindDnGroupCheckInterval is reduced to 2 seconds. At the end
of the installation, the value is increased sensible production
settings. This avoids long delays during replication.
See: https://pagure.io/freeipa/issue/7617
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/fcb2a06931ea98cd4c5a8d809718f85500de400f">fcb2a069</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-09T16:27:05Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix link to browser configuration guide on Login page
There is a mismatch between 'i18n' krb_auth_msg and 'LoginScreen'
widget kerberos_msg. The former links to "unauthorized.html", but the latter
to "ssbrowser.html". Both should link to "ssbrowser.html" page.
Fixes: https://pagure.io/freeipa/issue/7624
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/1fa2a7cd41095295ebee5cd3b280507580ba8fbb">1fa2a7cd</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-09T18:15:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Auto-retry failed certmonger requests
During parallel replica installation, a request sometimes fails with
CA_REJECTED or CA_UNREACHABLE. The error occur when the master is
either busy or some information haven't been replicated yet. Even
a stuck request can be recovered, e.g. when permission and group
information have been replicated.
A new function request_and_retry_cert() automatically resubmits failing
requests until it times out.
Fixes: https://pagure.io/freeipa/issue/7623
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/2b669c52a566382eecbed1511640f647d54f5b55">2b669c52</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-09T18:15:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Wait for client certificates
ipa-client-install --request-cert now waits until certmonger has
provided a host certificate. In case of an error, ipa-client-install no
longer pretents to success but fails with an error code.
The --request-cert option also ensures that certmonger is enabled and
running.
See: Fixes: https://pagure.io/freeipa/issue/7623
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/9222a08c288159a7a150923a2eb825a47da36a13">9222a08c</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-10T15:51:05Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix DNSSEC install regression
7284097eedef70dd556270732e6ab8e23501ce09 introduced a regression in
DNSSEC master installation. For standalone and replica installation,
services have to be enabled before checking bind config.
Fixes: https://pagure.io/freeipa/issue/7635
See: https://pagure.io/freeipa/issue/7566
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/b4ad0d19a20cc66690e7f4e9c4327afeedff2ab2">b4ad0d19</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-07-11T08:11:38Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix pylint 2.0 return-related violations
Aiming to support pylint 2.0 some functions and methods must have their
return statements updated in order to fix two new violations:
- `useless-return` (R1711):
Useless return at end of function or method Emitted when a single
"return" or "return None" statement is found at the end of function
or method definition. This statement can safely be removed because
Python will implicitly return None
- `inconsistent-return-statements` (R1710):
Either all return statements in a function should return an
expression, or none of them should. According to PEP8, if any return
statement returns an expression, any return statements where no value
is returned should explicitly state this as return None, and an
explicit return statement should be present at the end of the
function (if reachable)
Issue: https://pagure.io/freeipa/issue/7614
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/0c1010d6f7585095402f47c111b8bb6cde3068b3">0c1010d6</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-11T08:50:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mark all expected failures as strict
With strict=True, xfail() fails when the test case passes unexpectably.
This allows us to spot passing tests that are expected to fail.
Fixes: https://pagure.io/freeipa/issue/7613
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Cech <pcech@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/ec65590c9f2e00d0e527e7bbf521a0b99997788c">ec65590c</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-11T08:50:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XPASS in test_installation
Several test cases in test_installation pass, but are marked as xfail().
Only mark the actual failing tests as failed.
See: https://pagure.io/freeipa/issue/7613
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Cech <pcech@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f48f00c692d10541171ff5267cf20ccee74f2ad5">f48f00c6</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-11T12:35:55Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pylint 2.0: node.path is a list
In pylint 2.0 and astroid 2.0, node.path has become a list. It's usually
a list of one element unless namespace packages are involved.
See https://github.com/PyCQA/astroid/commit/7f46f9341cc54bbe6763409c4ca7ea3adfec098a#diff-f0ac879524bcb98964f7d8738a084820
See: https://pagure.io/freeipa/issue/7614
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/ba954efafdb3e430c76dfc327d2b683ac0e117eb">ba954efa</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-07-12T06:49:43Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix pylint 2.0 conditional-related violations
In order to support pylint 2.0 the following violations must be fixed:
- `chained-comparison` (R1716):
Simplify chained comparison between the operands This message is
emitted when pylint encounters boolean operation like
"a < b and b < c", suggesting instead to refactor it to "a < b < c".
- `consider-using-in` (R1714):
Consider merging these comparisons with "in" to %r To check if a
variable is equal to one of many values,combine the values into a
tuple and check if the variable is contained "in" it instead of
checking for equality against each of the values.This is faster
and less verbose.
Issue: https://pagure.io/freeipa/issue/7614
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f89e501ee13ce4d5f23ef33e3acacb181788fa5e">f89e501e</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-12T13:26:25Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Handle races in replica config
When multiple replicas are installed in parallel, two replicas may try
to create the cn=replica entry at the same time. This leads to a
conflict on one of the replicas. replica_config() and
ensure_replication_managers() now handle conflicts.
ipaldap now maps TYPE_OR_VALUE_EXISTS to DuplicateEntry(). The type or
value exists exception is raised, when an attribute value or type is
already set.
Fixes: https://pagure.io/freeipa/issue/7566
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/ca7cece13303b3610a71b9e2a0adcb462006382b">ca7cece1</a></strong>
<div>
<span>by Petr Vobornik</span>
<i>at 2018-07-12T13:38:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">WebUI build: replace uglifyjs with system package
UgligyJS is packaged in Fedora and other OSes it is no longer required
to carry our own version. This will lower the maintanance burden - the
code doesn't need to be updated and it is less code to have in repo.
On some configuration usage of the budled UglifyJS 1 produces
"JavaScript throw: java.lang.StackOverflowError" exception. Usage of more
recent version should fix it.
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/df95ba598313b8b03a492a3c89af151ef0faa08d">df95ba59</a></strong>
<div>
<span>by Petr Vobornik</span>
<i>at 2018-07-12T13:38:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">WebUI build: use NodeJS instead of Rhino
Rhino is no longer mainstream, nor is Nashorn. In addition it is quite
slow (about 10x) in comparison to NodeJS. Over the years NodeJS became
common part of OSes, thus one of the original reasons why use Rhino
went away.
The change in 01-Make-dojo-builder-buildable-by-itself.patch fixes
an incorrect change of the patch (it was not processing input options
well).
Removing configRhino.js and adding configNode.js are prerequisites
for Dojo Builder. These files are copied from Dojo project. Without
them it doesn̈́'t run. In long run, it would be good to replace Dojo
builder with something else but that is outside of this commit/PR.
Last changes are preparation for update to latest stable version of
Dojo 1. The updated Dojo and Dojo builder are in subsequent commit.
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/19c3f173d9c824eaa099b07d2ea341acf42f12f2">19c3f173</a></strong>
<div>
<span>by Petr Vobornik</span>
<i>at 2018-07-12T13:38:01Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update Dojo and Dojo builder to 1.13.0
This is a result of the previous commits. Building the Dojo builder
was bit more complex as it was:
1. patched Dojo sources
2. built from Dojo builder sources.
3. moved to it's location in FreeIPA project
4. built by util/make-builder.sh (does minimazation and replaces
itself)
Then Dojo layer is built by just:
1. util/make-dojo.sh
This process was documented some time ago at:
https://www.freeipa.org/page/V3/WebUI_build
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/10de2f37a25e1781026014ef1ee7180b17e8f422">10de2f37</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-12T16:19:34Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add tab completion and history to ipa console
ipa console is a useful tool to use FreeIPA's API in an interactive
Python console. The patch adds readline tab completion and history
support.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/5affc9b982f6314fc6d1c63fb687acee20f5144b">5affc9b9</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-12T16:19:34Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Create helper function to upload to temp file
upload_temp_contents() generates a temporary file on the remote side and
uploads content to that temporary file. The file name is returned.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/87904b8f6b7ebe4900572e45199449d8b7e47cc0">87904b8f</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-12T16:19:34Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix ipa console filename
THe ipa console command takes an optional filename argument. The
filename argument was broken, because the implementation passed a file
object to exec() instead of a string or compiled object.
ipa console now uses compile() to compile the code with print_function
__future__ feature.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/4fc7f72648df0ae03ac90f701425e297db72e9d6">4fc7f726</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-13T17:56:03Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Teach pylint how our api works
pylint 2.0 is more strict and complains about several aspects of
ipalib.api. It turns out that AstroidBuilder.string_build() can be used
to easily teach pylint about object attributes and attribute values.
Although the assignment wouldn't work with the actual implementation,
the string builder assignments shows pylint the names and values of
members. It works without additional transformation.
See: https://pagure.io/freeipa/issue/7614
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/aacf185ff8eb1bf6b54e0ba893ca4e750cb69564">aacf185f</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-13T17:56:03Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add pylint ignore to magic config.Env attributes
pylinti 2 is having a hard time to handle name mangled, magic attributes
correctly. Double under attributes like __d are internally renamed to
_Env__d. After multiple failed attempts, it was easier to just add more
pylint disable to the implementation.
pylint 2 also thinkgs that Env.server is defined much later or the env
doesn't have that member at all. Ignore the false warnings, too.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/d13571942e41370fdbd2b6f9960c484fa61c3404">d1357194</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-07-14T10:04:19Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix Pylint 2.0 violations
Fix the following violations aiming to support Pylint 2.0
- `unneeded-not` (C0113):
Consider changing "not item in items" to "item not in items" used
when a boolean expression contains an unneeded negation.
- `useless-import-alias` (C0414):
Import alias does not rename original package Used when an import
alias is same as original package.e.g using import numpy as numpy
instead of import numpy as np
- `raising-format-tuple` (W0715):
Exception arguments suggest string formatting might be intended Used
when passing multiple arguments to an exception constructor, the
first of them a string literal containing what appears to be
placeholders intended for formatting
- `bad-continuation` (C0330):
This was already included on the disable list, although with current
version of pylint (2.0.0.dev2) violations at the end of the files
are not being ignored.
See: https://github.com/PyCQA/pylint/issues/2278
- `try-except-raise` (E0705):
The except handler raises immediately Used when an except handler
uses raise as its first or only operator. This is useless because it
raises back the exception immediately. Remove the raise operator or
the entire try-except-raise block!
- `consider-using-set-comprehension` (R1718):
Consider using a set comprehension Although there is nothing
syntactically wrong with this code, it is hard to read and can be
simplified to a set comprehension.Also it is faster since you don't
need to create another transient list
- `dict-keys-not-iterating` (W1655):
dict.keys referenced when not iterating Used when dict.keys is
referenced in a non-iterating context (returns an iterator in
Python 3)
- `comprehension-escape` (W1662):
Using a variable that was bound inside a comprehension Emitted when
using a variable, that was bound in a comprehension handler, outside
of the comprehension itself. On Python 3 these variables will be
deleted outside of the comprehension.
Issue: https://pagure.io/freeipa/issue/7614
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/6a2e6864faae60a6db9711db386bd3027c83952e">6a2e6864</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-16T10:23:48Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fedora 29: No longer build python2-ipaserver
Some Python 2 dependencies such as python2-pki are no longer available
on Fedora 29. The pki package is a required dependency of
python2-ipaserver. It's not yet feasible to remove all Python 2
packages, since fleetcommander is not fully ported to Python 3 yet.
On Fedora 29, python2-ipaserver and python2-ipatests are no longer
built. The Python 3 packages replace the Python 2 packages.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/3ccd512dab1ce325aad99c39e71ade36db826028">3ccd512d</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-07-16T15:03:35Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Disable Pylint 2.0 violations
Globally disabling the following violations:
- `assignment-from-no-return` (E1111):
Assigning to function call which doesn't return. Used when an
assignment is done on a function call but the inferred function
doesn't return anything.
- `keyword-arg-before-vararg` (W1113):
Keyword argument before variable positional arguments list in the
definition of %s function When defining a keyword argument before
variable positional arguments, one can end up in having multiple
values passed for the aforementioned parameter in case the method is
called with keyword arguments.
Locally disabling the following:
- `subprocess-popen-preexec-fn` (W1509):
Using preexec_fn keyword which may be unsafe in the presence of
threads The preexec_fn parameter is not safe to use in the presence
of threads in your application. The child process could deadlock
before exec is called. If you must use it, keep it trivial! Minimize
the number of libraries you call into.
https://docs.python.org/3/library/subprocess.html#popen-constructor
Fixed violations:
- `bad-mcs-classmethod-argument` (C0204):
Metaclass class method %s should have %s as first argument Used when
a metaclass class method has a first argument named differently than
the value specified in valid-metaclass-classmethod-first-arg option
(default to "mcs"), recommended to easily differentiate them from
regular instance methods.
- Note: Actually `cls` is the default first arg for `__new__`.
- `consider-using-get` (R1715):
Consider using dict.get for getting values from a dict if a key is
present or a default if not Using the builtin dict.get for getting a
value from a dictionary if a key is present or a default if not, is
simpler and considered more idiomatic, although sometimes a bit slower
Issue: https://pagure.io/freeipa/issue/7614
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/4edcf8e53cc291b754982582dc39453c67806bed">4edcf8e5</a></strong>
<div>
<span>by Michal Reznik</span>
<i>at 2018-07-17T13:14:48Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mark DL0 TestReplicaManageDel tests as xfail
Mark failing DL0 TestReplicaManageDel tests as xfail until
issue 7622 is fixed.
https://pagure.io/freeipa/issue/7622
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/7dadedc16b83e9cf2c1c10f2d963b4f99ab583b6">7dadedc1</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-17T14:52:31Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use python2_sitelib in spec file
%{python_sitelib} has been deprecated in favor of %{python2_sitelib}.
F29 rawhide no longer defines %{python_sitelib}.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/904458a493f7dab34d664b3d0cc866bd54c9879f">904458a4</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-17T14:52:31Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update builddep command in BUILD.txt
It's no longer necessary to specify "with_python3" to get Python 3
dependencies.
python3-tox pulls in Python 2.6, 3.3, 3.4, 3.5, and pypy as weak
dependency. Use --setopt=install_weak_deps=False to make a build
environment leaner.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/653f327b6ad67da532d84cd29a617e6dbbca17b9">653f327b</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-17T14:52:31Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add more RHEL customizations to spec file
- Handle name / alt name for Fedora and RHEL. On Fedora, the packages
are named "freeipa-*" with alternative names "ipa-*". On RHEL it is
the other way around.
- Don't build ipatests on RHEL.
- Use latest versions of KRB5 on RHEL
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/34fe4b1dd421910a5c8d2cbf96226580f8297bcd">34fe4b1d</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-17T14:52:31Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove needless use of %defatt
Original patch by Jason Tibbitts <tibbs@math.uh.edu>
See: https://src.fedoraproject.org/rpms/freeipa/c/9cdadfb7d0d60982dfdadbb9655f44dc43b01549?branch=master
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/ab0835f91f83e295b6ef2875af6470056acdaf76">ab0835f9</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add endpoint for serving i18n requests
For now JSON service is not available without authentication
to IPA. But some of Web UI pages expect translations before
or without Login process. This endpoint serves i18n requests
only.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/86b57236c07e72907cda92c09a219b86200dff09">86b57236</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Disable authentication to endpoint for serving i18n requests
For now JSON service is not available without authentication
to IPA. But some of Web UI pages expect translations before
or without Login process.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/de58b80891aab54ef0439449295846b7470724e6">de58b808</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Implement "translations" AMD
This module is used to get translated messages via JSON
request in a synchronous manner. To ensure translatability
i18n messages should be initialized before any other JS code
interacted with user is run.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/9492fb7f866c2e8cab269c4131d1a67ff6841af2">9492fb7f</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add dependency to "translations" module
To ensure translatability i18n messages should be
initialized before any other JS code interacted with user
is run.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/c0c6b21ba19da4b0c609868c2f95433077341ef7">c0c6b21b</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Stop fetching translations at metadata phase
Now i18n data is loaded at "translations" module resolve,
on which "text" module depends. Therefore, there is no
need to do it twice.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/5d8fde0ac1a43c8f3dbc53b44d69f3663a8b36fb">5d8fde0a</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix translations at LoginScreen widget
To be translatable title and label fields should be marked
with @i18n. Also these messages should be provided by
i18n_messages.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/2a81ec3b94712e822f7d3a5452974626c4d5c42c">2a81ec3b</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix translations at login plugin
To be translatable text field should be marked
with @i18n. Also these messages should be provided by
i18n_messages.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/6bc37150459c779b46ded736a69637188fa95dd7">6bc37150</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix translations at load_page plugin
To be translatable text field should be marked
with @i18n. Also these messages should be provided by
i18n_messages.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/7f9f59bae2a362ce945c49ad8342393b7a5c024f">7f9f59ba</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix translation of profile menu
To be translatable label field should be marked
with @i18n. Also these messages should be provided by
i18n_messages.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/c4467aaeea6f255d181e286973bff2c1c6dc7280">c4467aae</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add static JSON dump of i18n_messages request
The JSON test data is needed to UI unit tests.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/b8607e24d610a240a2501fdfe0242233fa00e2e2">b8607e24</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix Web UI 'get_entity_param' test
"IPA.init()" is no longer responsible for "IPA.messages".
So "ipa_init" test JSON data must not contain "texts".
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/0dace623ab1c96b7af8fd64028c9e37d2b10f788">0dace623</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add support for JSON request in HTTP test class
"urllib.parse.urlencode()" brokes JSON request's data.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/0908e80d62146c79c4312effb8e285c13294ec4b">0908e80d</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add support for Accept-Language in HTTP test class
"Accept-Language" is used to test translations.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f49fac7bda8150aee2086be9afdbe4eb81c3f18a">f49fac7b</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add tests for "i18n_messages" end point
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/bb67eea1054c9fe80b8bba67c7dc2c0991a1b991">bb67eea1</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix Web UI "details lifecycle" test
IPA doesn't provide "messages" anymore.
"text" module should be used instead.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/4b2af2570aee6b108504e14330d61bf65a52905c">4b2af257</a></strong>
<div>
<span>by Stanislav Levin</span>
<i>at 2018-07-17T19:32:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Stop usage of "IPA.messages" in Web UI "utils" tests
IPA doesn't provide "messages" anymore.
But actually ones are no needed for these tests.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/717d59e2fe3cc0318b50f4ee51f4a4e0b963d31d">717d59e2</a></strong>
<div>
<span>by Armando Neto</span>
<i>at 2018-07-18T07:53:53Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix regression: Handle unicode where str is expected
Regression caused by 947ac4bc1f6f4016cf5baf2ecb4577e893bc3948 when
trying to fix a similar issue for clients running Python 3. However,
that fix broke Python 2 clients.
Issue: https://pagure.io/freeipa/issue/7626
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/759e8355c8b0e4c665e038f3e5bc44b0ca9e279d">759e8355</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-07-18T07:54:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update 4.7 translations
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/47e6f00a64453ab7f278977968546043de009fc4">47e6f00a</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-07-19T06:39:15Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update Contributors.txt
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/59ef5371e1f34a25408fafcc8aca740a1a2ef724">59ef5371</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-19T06:40:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Turn multihost config problems into errors
The pytest multihost plugin skips tests, when there is a problem with a
test configuration. Configuration bugs like missing resources are not
considered a problem.
The IPA pytest multihost config object now turns FilterError into a
fatal error, so make_multihost_fixture() fails a test instead of
skipping.
Fixes: https://pagure.io/freeipa/issue/7638
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/d4732786210f824c87d614fac263361a33e4fbf9">d4732786</a></strong>
<div>
<span>by Stanislav Laznicka</span>
<i>at 2018-07-19T06:42:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ipatests: add installer framework testing
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/530da69eadf5b73e4ca83252e3a370ed70354a39">530da69e</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2018-07-19T13:44:46Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix KRA replica installation from CA master
ipa-replica-install --kra-install can fail when the topology already has
a KRA, but replica is installed from a master with just CA. In that
case, Custodia may pick a machine that doesn't have the KRA auditing and
signing certs in its NSSDB.
Example:
* master with CA
* replica1 with CA and KRA
* new replica gets installed from master
The replica installer now always picks a KRA peer.
The change fixes test scenario TestInstallWithCA1::()::test_replica2_ipa_dns_install
Fixes: https://pagure.io/freeipa/issue/7518
See: https://pagure.io/freeipa/issue/7008
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/freeipa/commit/f84b3f39edb880183722f4814acc56ae1f8edba7">f84b3f39</a></strong>
<div>
<span>by Rob Crittenden</span>
<i>at 2018-07-19T15:27:02Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Become IPA 4.7.0
</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#5d64d06edc9d8bbe57163be94e8577297e96e47f">
.freeipa-pr-ci.yaml
</a>
</li>
<li class="file-stats">
<a href="#b9d1853a1785388cebd4dc3ba4a473c163eed9f5">
.test_runner_config.yaml
</a>
</li>
<li class="file-stats">
<a href="#90ddfe544cbcefffa3b76ad4cd9b1cebb4f4fafd">
.test_runner_config_py3_temp.yaml
</a>
</li>
<li class="file-stats">
<a href="#b0bdd6bd019961475f1feba50bf1618195b21467">
.travis_run_task.sh
</a>
</li>
<li class="file-stats">
<a href="#9dcdfc1feccc97e073d5d4710f3da3b5f37ad1f5">
API.txt
</a>
</li>
<li class="file-stats">
<a href="#2c5c5ed7d77485b627b5ba2e90b2f87baf64be55">
BUILD.txt
</a>
</li>
<li class="file-stats">
<a href="#d7ed7e35d7791778850754d99281016a9bacb652">
Contributors.txt
</a>
</li>
<li class="file-stats">
<a href="#438c41c93b7f0c8b476c65c3eb42284f234bd810">
VERSION.m4
</a>
</li>
<li class="file-stats">
<a href="#521b4492ed13326bcb633dcdd0e7a0b876d266aa">
client/Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#d6138c941f018f3ef68e9a3b6975dacd4a86335b">
client/ipa-client-automount
</a>
</li>
<li class="file-stats">
<a href="#8a84dc1127a684b319557e6204cc81b9909b144c">
client/ipa-getkeytab.c
</a>
</li>
<li class="file-stats">
<a href="#e4eba71132ec40f9516ea0fa207f3b4601f7e665">
client/ipa-join.c
</a>
</li>
<li class="file-stats">
<a href="#8a35d0bcf77b8ab072d502e1bdbfe353a823c769">
client/man/ipa-client-automount.1
</a>
</li>
<li class="file-stats">
<a href="#dd969454de251db1435d9fd37e48469170f6ca94">
<span class="new-file">
+
client/share/Makefile.am
</span>
</a>
</li>
<li class="file-stats">
<a href="#80997de215f44f16bea2a6c42461888701290524">
install/share/freeipa.template
→
client/share/freeipa.template
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#b45751ce92f8ce1e8d94fe43433be91a786a94b6">
daemons/ipa-otpd/queue.c
</a>
</li>
<li class="file-stats">
<a href="#be46e1b43e9712c2887bd7be7765080965b06b4c">
daemons/ipa-otpd/test.py
</a>
</li>
<li class="file-stats">
<a href="#489b9d2859ab0752caa5fac9179d2c66e7ba576c">
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
</a>
</li>
<li class="file-stats">
<a href="#fd8787456415c18537469b524c41e364160dcc97">
daemons/ipa-slapi-plugins/topology/ipa-topology-conf.ldif
</a>
</li>
<li class="file-stats">
<a href="#0d8e7bd12996ea9b38ec58a5a774d32a7d2dbc32">
<span class="new-file">
+
freeipa.doap.rdf
</span>
</a>
</li>
<li class="file-stats">
<a href="#866dc5074431bae6d800558b8ed5d65496e9d7d8">
freeipa.spec.in
</a>
</li>
<li class="file-stats">
<a href="#ff15190356ed92d97199586e6733bf06e74b8a93">
install/restart_scripts/renew_ca_cert
</a>
</li>
<li class="file-stats">
<a href="#39d83f5913c50c4550917a31ced7225381f866f9">
install/restart_scripts/renew_ra_cert
</a>
</li>
<li class="file-stats">
<a href="#73c53502df6272825323db58352f2463531b35d4">
install/restart_scripts/restart_dirsrv
</a>
</li>
<li class="file-stats">
<a href="#60fb22de4599bb2003d04f3e008862d9f698821f">
install/restart_scripts/restart_httpd
</a>
</li>
<li class="file-stats">
<a href="#8c292fcf719102b78f6dfd8dc6a3dd66dc952b57">
install/restart_scripts/stop_pkicad
</a>
</li>
<li class="file-stats">
<a href="#caf04c57303b16d460d27dfe013cc85ba80217f6">
install/share/Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#3571882e26005b4341837171fef8a26972aa70a8">
install/share/bind.named.conf.template
</a>
</li>
<li class="file-stats">
<a href="#21181df55ccc2487ff1678e1cab42ec5ed1d56e9">
install/share/ipa.conf.template
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/freeipa/compare/021b2f6e97fcb4e7390d871faaa28a9d6ab8bfe5...f84b3f39edb880183722f4814acc56ae1f8edba7">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>