[Pkg-freeipa-devel] [Git][freeipa-team/freeipa][master] 257 commits: VERSION.m4: Set back to git snapshot

Timo Aaltonen gitlab at salsa.debian.org
Tue Oct 9 18:09:49 BST 2018


Timo Aaltonen pushed to branch master at FreeIPA packaging / freeipa


Commits:
dc5370fb by Rob Crittenden at 2018-07-19T16:54:11Z
VERSION.m4: Set back to git snapshot

- - - - -
28573111 by Rob Crittenden at 2018-07-23T19:02:20Z
Set zanata branch to ipa-4-7

- - - - -
2438c331 by Petr Vobornik at 2018-07-25T08:05:33Z
webui: change indentation of freeipa/_base/debug.js

Change to use spaces for indentation as it was the the only file
which uses tabs and not spaces.

Signed-off-by: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
84e48df9 by Petr Vobornik at 2018-07-25T08:05:33Z
webui: remove mixed indentation in App and LoginScreen

Only spaces should be used for indentation.

It was introduced in commits:

* 7f9f59bae2a362ce945c49ad8342393b7a5c024f
* 5d8fde0ac1a43c8f3dbc53b44d69f3663a8b36fb

Related to: https://pagure.io/freeipa/issue/7559

Signed-off-by: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
8699fb73 by Ganna Kaihorodova at 2018-07-25T18:04:43Z
Add check for occuring traceback during uninstallation ipa master

Modified master uninstall task for traceback check
That approach give us wide coverage and multiple scenarious
to catch traceback during uninstallation process
Add verbose option to uninstall server and set to False

Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1480502

Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
Reviewed-By: Petr Cech <pcech at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
52fa23c0 by Christian Heimes at 2018-07-31T11:40:13Z
Add convenient template for temp commits

Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>

- - - - -
e44af227 by Christian Heimes at 2018-07-31T11:40:13Z
Fix topology configuration of nightly runs

Some nightly runs didn't have enough resources configured.

See: https://pagure.io/freeipa/issue/7638
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>

- - - - -
43dde143 by Felipe Barreto at 2018-07-31T11:40:13Z
Making nigthly test definition editable by FreeIPA's contributors

Now the test definition of nightly tests will be on freeipa repo. The
definition that's used on every PR (previously as .freeipa-pr-ci.yaml)
is in ipatests/prci_definitions/gating and the .freeipa-pr-ci.yaml file
is just a symlink to the real file.

In the same dir there is also nightly_master and nightly_rawhide, both
to be used in nightly tests.

Divided test_topology.py into 3 subtests.

Bumped vagrant template to version 0.1.6

This PR is the result of discussion on freeipa-devel mailing list [1].

[1] https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/4VAWJ4SFKKBFFICDLQCTXJWRRQHIYJLL/

Reviewed-By: Michal Reznik <mreznik at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>

- - - - -
dc5df243 by Orion Poplawski at 2018-07-31T11:44:01Z
ipaclient-install: chmod needs octal permissions

Fixes incorrect usage introduced in 792adebfabb456d154164387fb7e60acb30f4325

https://pagure.io/freeipa/issue/7650

Signed-off-by: Orion Poplawski <orion at nwra.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
39c6d2a4 by Thomas Woerner at 2018-07-31T11:46:14Z
Fix $-style format string in ipa_ldap_init (util/ipa_ldap.c)

The second argument was not used, but the first one was used twice.

Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
e0a8a296 by Christian Heimes at 2018-08-03T09:37:50Z
Rename pytest_plugins to ipatests.pytest_ipa

pytest 3.7.0 doesn't like ipatests.pytest_plugins package. The string
"pytest_plugins" is used as marker to load plugins. By populare vote and
to avoid future conflicts, we decided to rename the directory to pytest_ipa.

Fixes: https://pagure.io/freeipa/issue/7663
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
b7db3ec5 by Thomas Woerner at 2018-08-03T14:27:38Z
ipaserver/plugins/cert.py: Added reason to raise of errors.NotFound

In the case that enabledService is not found ipaConfigString kdc entry, a
NotFound error was raised without setting the reason. This resulted in a
traceback.

Fixes: https://pagure.io/freeipa/issue/7652
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
9cc49cda by Michal Reznik at 2018-08-06T14:48:58Z
prci_definitions: fix wrong indentation in the nightly yaml

TestLineTopologyWithoutCA definition has wrong indentation.

Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
890d7739 by Thierry Bordaz at 2018-08-06T14:50:07Z
In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange

When making ipa-pwd-extop TXN aware, some callbacks are call twice.
Particularily
	ipapwd_pre_add is called during PRE_ADD and TXN_PRE_ADD
	ipapwd_pre_mod is called during PRE_MOD and TXN_PRE_MOD
	ipapwd_post_modadd is called during POST_ADD and TXN_POST_ADD
	ipapwd_post_modadd is called during POST_MOD and TXN_POST_MOD
It is not the expected behavior and it results on some skipped updates krbPasswordExpiration
and krbLastPwdChange

https://pagure.io/freeipa/issue/7601

Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>

- - - - -
7d40c66e by Florence Blanc-Renaud at 2018-08-07T12:55:23Z
Tests: add integration test for password changes by dir mgr

Add a test for issue 7601:
- add a user, perform kinit user to modify the password, read krblastpwdchange
and krbpasswordexpiration.
- perform a ldapmodify on the password as dir mgr
- make sure that krblastpwdchange and krbpasswordexpiration have been modified
- perform the same check with ldappasswd

Related to:
https://pagure.io/freeipa/issue/7601

Reviewed-By: Thierry Bordaz <tbordaz at redhat.com>

- - - - -
efd85b74 by Thomas Woerner at 2018-08-07T14:27:42Z
httpinstance: Restore SELinux context of session_dir /etc/httpd/alias

The session directory /etc/httpd/alias/ could be created with the wrong
SELinux context. Therefore httpd was not able to write to this directory.

Fixes: https://pagure.io/freeipa/issue/7662

Related-to: 49b4a057f1b0459331bcec2c8d760627d00e4571 (Create missing
            /etc/httpd/alias for ipasession.key)

Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
54d41564 by Thomas Woerner at 2018-08-07T14:27:42Z
ipa_restore: Restore SELinux context of template_dir /var/log/dirsrv/slapd-X

The template directory /var/log/dirsrv/slapd-X could be created with the
wrong SELinux context.

Related to: https://pagure.io/freeipa/issue/7662

Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
4c089836 by Florence Blanc-Renaud at 2018-08-09T07:33:28Z
PRCI: extend timeouts for gating

Some tests have been identified as frequently failing on timeouts. While
we are investigating PRCI potential issues, increase the timeouts to
make PRCI usable. The rule is to add 30min if the test involves CA/KRA
installation or 20min otherwise for the most problematic tests.

test_forced_client_enrolment: from 1h to 1h20
test_vault: from 1h15 to 1h45
external_ca_1: from 1h to 1h20
test_sudo: from 1h to 1h20
test_authconfig: from 1h to 1h20
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
d6bdfe41 by Michal Reznik at 2018-08-13T12:20:18Z
ipa_tests: test ssh keys login

Integration test for:

https://pagure.io/SSSD/sssd/issue/3747

IPA ticket: https://pagure.io/freeipa/issue/7664

Reviewed-By: Armando Neto <abiagion at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
b6e59754 by Alexander Bokovoy at 2018-08-13T13:28:08Z
ipa-extdom-extop: Update licenses to GPLv3 or later with exceptions

The code in question was supposed to have the same license as the
rest of the plugin. Fix it by updating the comment header.

Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>

- - - - -
5e8bc96b by Alexander Bokovoy at 2018-08-13T14:57:39Z
Move fips_enabled to a common library to share across different plugins

Related: https://pagure.io/freeipa/issue/7659
Reviewed-By: Robbie Harwood <rharwood at redhat.com>

- - - - -
04c5798d by Alexander Bokovoy at 2018-08-13T14:57:39Z
ipasam: do not use RC4 in FIPS mode

When creating Kerberos keys for trusted domain object account, ipasam
module requests to generate keys using a series of well-known encryption
types. In FIPS mode it is not possible to generate RC4-HMAC key:
MIT Kerberos is using openssl crypto backend and openssl does not allow
use of RC4 in FIPS mode.

Thus, we have to filter out RC4-HMAC encryption type when running in
FIPS mode. A side-effect is that a trust to Active Directory running
with Windows Server 2003 will not be possible anymore in FIPS mode.

Resolves: https://pagure.io/freeipa/issue/7659
Reviewed-By: Robbie Harwood <rharwood at redhat.com>

- - - - -
4fa36abd by Serhii Tsymbaliuk at 2018-08-13T14:59:40Z
Replace logo images with new one (version 4.7)

Resolves: https://pagure.io/freeipa/issue/7362
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
1ef0bc2f by Stanislav Levin at 2018-08-15T07:05:58Z
Replace the direct URL with config's one

To be customizable URL should be placed to "config"

Fixes: https://pagure.io/freeipa/issue/7621
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
4e1bdff2 by Stanislav Levin at 2018-08-15T07:05:58Z
Fix translation of "sync_otp" plugin

To be translatable messages should be marked with '@i18n' and
present in "i18n_messages" dictionary.

Fixes: https://pagure.io/freeipa/issue/7621
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
6bc7ae07 by Stanislav Levin at 2018-08-15T07:05:58Z
Fix translation of "SyncOTPScreen" widget

To be translatable messages should be marked with '@i18n' and
present in "i18n_messages" dictionary.

Fixes: https://pagure.io/freeipa/issue/7621
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
208ae7aa by Rob Crittenden at 2018-08-15T12:19:38Z
Convert members into types in sudorule-*-option

The indirect members need to be calculated and the member
attributes converted. This is normally done in
baseldap::LDAPRetrieve but these methods provide their
own execute() in order to handle the option values.

Update sudorule_add|remove_option tests to include check
that converted user/group exists in the proper format.

https://pagure.io/freeipa/issue/7649

Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
6daf4dad by Tibor Dudlák at 2018-08-16T12:46:11Z
Re-open the ldif file to prevent error message

There was an issue with ipa-server-upgrade and it was
showing an error while upgrading:
DN... does not exists or haven't been updated, caused
by not moving pointer to file begining when re-reading.

Resolves: https://pagure.io/freeipa/issue/7644
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
421e61cf by Tibor Dudlák at 2018-08-16T12:46:11Z
Add assert to check output of upgrade

Ckeck the output of ipa-server-upgrade script for error.

Related to: https://pagure.io/freeipa/issue/7644

Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
9d5cc29d by Mohammad Rizwan Yusuf at 2018-08-21T12:31:44Z
Check if user permssions and umask 0022 is set when executing ipa-restore

This test checks if the access rights for user/group
is set to 644 on /var/lib/dirsrv/slapd-TESTRELM-TEST/ldif/*
and umask 0022 set while restoring.

related ticket: https://pagure.io/freeipa/issue/6844

Signed-off-by: Mohammad Rizwan Yusuf <myusuf at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
85e18f8b by Serhii Tsymbaliuk at 2018-08-22T08:58:54Z
Replace old login screen logo with new one

Related: https://pagure.io/freeipa/issue/7362
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
b6f39968 by Michal Reznik at 2018-08-23T10:05:42Z
test: client uninstall fails when installed using non-existing hostname

https://pagure.io/freeipa/issue/7620

Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
04845bad by Rob Crittenden at 2018-08-23T11:40:36Z
Honor no-host-dns when creating client host in replica install

--no-host-dns is supposed to avoid all DNS lookups so pass
this as the force value when creating the host in a replica
installation.

https://pagure.io/freeipa/issue/7656

Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
cab3016e by Florence Blanc-Renaud at 2018-08-23T11:57:47Z
uninstall -v: remove Tracebacks

ipa-server-install --uninstall -v -U prints Traceback in its log file.
This issue happens because it calls subprocess.Popen with close_fds=True
(which closes all file descriptors in the child process)
but it is trying to use the file logger in the child process
(preexec_fn is called in the child just before the child is executed).
The fix is using the logger only in the parent process.

Fixes: https://pagure.io/freeipa/issue/7681
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
2d2549d1 by Florence Blanc-Renaud at 2018-08-23T11:57:47Z
ipautil.run: add test for runas parameter

Add a test for ipautil.run() method called with runas parameter.
The test is using ipautil.run() to execute /usr/bin/id and
checks that the uid/gid are consistent with the runas parameter.

Note that the test needs to be launched by the root user
(non-privileged user may not have the rights to execute ipautil.run()
with runas parameter).

Related to: https://pagure.io/freeipa/issue/7681

Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
9f2d8f5b by Florence Blanc-Renaud at 2018-08-23T12:00:36Z
ipa commands: print 'IPA is not configured' when ipa is not setup

Some commands print tracebacks or unclear error message when
they are called on a machine where ipa packages are installed but
IPA is not configured.
Consistently report 'IPA is not configured on this system' in this
case.

Related to https://pagure.io/freeipa/issue/6261

Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
8cf6b6ea by Florence Blanc-Renaud at 2018-08-23T12:00:36Z
Test: test ipa-* commands when IPA is not configured

Add a test checking that ipa-* commands properly display
'IPA is not configured on this system' when called on a
system without IPA.

Related to: https://pagure.io/freeipa/issue/6261

Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
32c52db6 by Christian Heimes at 2018-08-24T10:15:52Z
Detect and prefer platform Python

A platform Python interpreter is a special variant of the interpreter,
that is only used for system software. It's located at
/usr/libexec/platform-python.

Fixes: https://pagure.io/freeipa/issue/7680
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
a29418ea by Christian Heimes at 2018-08-24T10:15:52Z
Rename Python scripts and add dynamic shebang

All Python scripts are now generated from a template with a dynamic
shebang.

ipatests/i18n.py is no longer an executable script with shebang. The
module is not executed as script directly, but rather as

    $(PYTHON) ipatests/i18n.py

Fixes: https://pagure.io/freeipa/issue/7680
All Python scripts are now template files with a dynamic shebang line.

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
85dd29f1 by Christian Heimes at 2018-08-24T10:15:52Z
Generate scripts from templates

Python scripts are now generated from templates. The scripts are marked
as nodist (no distribution) but install targets. The templates for the
scripts are extra distribution data, no installation (noinst).

Fixes: https://pagure.io/freeipa/issue/7680
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
30443d1d by Florence Blanc-Renaud at 2018-08-27T07:54:38Z
DS replication settings: fix regression with <3.3 master

Commit 811b0fdb4620938963f1a29d3fdd22257327562c introduced a regression
when configuring replication with a master < 3.3
Even if 389-ds schema is extended with nsds5ReplicaReleaseTimeout,
nsds5ReplicaBackoffMax and nsDS5ReplicaBindDnGroupCheckInterval
attributes, it will return UNWILLING_TO_PERFORM when a mod
operation is performed on the cn=replica entry.

This patch ignores the error and logs a debug msg.

See: https://pagure.io/freeipa/issue/7617
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
2ad27428 by Stanislav Levin at 2018-08-28T07:03:20Z
Add MigrateScreen widget

This widget is intended to integrate password migrate page into the
entire IPA Web framework. The functionality is the same as mentioned
standalone "ipa/migration/index.html".

Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
53e4e34a by Stanislav Levin at 2018-08-28T07:03:20Z
Add "migrate" Web UI plugin

This plugin creates and registers a facet with password migrate page.

Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
ad7f26c5 by Stanislav Levin at 2018-08-28T07:03:20Z
Return the result of "password migration" procedure

So far "migration" end point redirected to "error"/"invalid" page as
a result of the client request. To use ajax requests and to not
reload/load the whole page the response should include the result of
request.

Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
d05f678b by Stanislav Levin at 2018-08-28T07:03:20Z
Integrate "migration" page to IPA Web framework.

To use all advantages of entire Web framework the "migration" page
should use "migrate" plugin. As well this allows to use IPA
translations.

Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
cc1c5aad by Stanislav Levin at 2018-08-28T07:03:20Z
Provide translatable messages for MigrateScreen widget

Translatable messages should be marked with @i18n. Also
these messages should be presented in "i18n_messages" dictionary.

Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
92a23477 by Stanislav Levin at 2018-08-28T07:03:20Z
Clean up migration "error" and "invalid" pages from project

Migration error/invalid html pages are no longer needed as their
functionality was moved to "migrate" plugin.

Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
382472dc by Stanislav Levin at 2018-08-28T07:03:20Z
Add basic tests for "migration" end point

Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
533067e3 by Petr Vobornik at 2018-08-28T07:03:20Z
webui: redable color of invalid fields on login-screen-like pages

Pages with widgets like LoginScreen, MigrateScreen use login-pf styling.
This page has dark background instead of light. Thus styling for labels
for fields with error has color which makes the label hard to read or
almost invisible.

Change it to white so it is still readable.

Fixes: https://pagure.io/freeipa/issue/7641
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
660f90b2 by Mohammad Rizwan Yusuf at 2018-08-28T07:05:38Z
Test if WSGI worker process count is set to 4

related ticket : https://pagure.io/freeipa/issue/7587

Signed-off-by: Mohammad Rizwan Yusuf <myusuf at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>

- - - - -
15ce6c81 by Tibor Dudlák at 2018-08-28T12:06:55Z
Do not set ca_host when --setup-ca is used

Setting ca_host caused replication failures on DL0
because it was trying to connect to wrong CA host.
Trying to avoid corner-case in ipaserver/plugins/dogtag.py
when api.env.host nor api.env.ca_host had not CA configured
and there was ca_host set to api.env.ca_host variable.

See: https://pagure.io/freeipa/issue/7566
Resolves: https://pagure.io/freeipa/issue/7629
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
9e65f203 by Stanislav Levin at 2018-08-28T13:51:24Z
Fix "get_key_index" to fit caller's expectations

The clients of "get_key_index" expect index of key in matching case
otherwise -1. But instead of this function returns the "undefined"
value.

Fixes: https://pagure.io/freeipa/issue/7678
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
8b8dbaab by Stanislav Levin at 2018-08-28T13:51:24Z
Reindex 'key_indicies' after item delete

The "keys.splice(i, 1)" removes one item at the specified position
from an array. Thus hashes which are stored at "that._key_indicies"
are no longer valid and should be reindexed.

Fixes: https://pagure.io/freeipa/issue/7678
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
1c7771f2 by Rob Crittenden at 2018-08-29T11:53:03Z
Retrieve certificate subject base directly instead of ipa-join

The subject base is used as a fallback to find the available
CA certificates during client enrollment if the LDAP connection
fails (e.g. due to new client connecting to very old server) and
for constructing the subject if a certificate is requested.

raw=True is passed to config-show in order to avoid parsing
the server roles which will fail because the services aren't
marked as enabled until after the client installation is
successful on a master.

ipa-join providing the subject base via stderr was fragile and
would cause client enrollment to fail if any other output was
included in stderr.

https://pagure.io/freeipa/issue/7674

Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
bf66c85a by Christian Heimes at 2018-08-30T15:42:26Z
Refactor os-release and platform information

Move the /etc/os-release parser and platform detection code out of the
private _importhook module. The ipaplatform module now contains an
osinfo module that provides distribution, os, and vendor information.

See: https://www.freedesktop.org/software/systemd/man/os-release.html
See: https://pagure.io/freeipa/issue/7661
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
0519c5b4 by Christian Heimes at 2018-08-30T15:42:26Z
Don't check for systemd service

ipaplatform no longer checks for the presence of a systemd service file
to detect the name of the domainname service. Instead it uses osinfo's
version to use the old name on Fedora 28 and the new name on Fedora 29.

This fixes a SELinux violation that prevented httpd from listing systemd
service files.

Fixes: https://pagure.io/freeipa/issue/7661
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
88d21569 by Michal Reznik at 2018-08-31T12:58:44Z
Add "389-ds-base-legacy-tools" to requires.

"389-ds-base-legacy-tools" needs to be added to requires until
the switch to python installer is completed.

Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
2dae9e28 by Robbie Harwood at 2018-09-03T07:11:08Z
Clear next field when returnining list elements in queue.c

The ipa-otpd code occasionally removes elements from one queue,
inspects and modifies them, and then inserts them into
another (possibly identical, possibly different) queue.  When the next
pointer isn't cleared, this can result in element membership in both
queues, leading to double frees, or even self-referential elements,
causing infinite loops at traversal time.

Rather than eliminating the pattern, make it safe by clearing the next
field any time an element enters or exits a queue.

Related https://pagure.io/freeipa/issue/7262

Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>

- - - - -
56ec7c8c by Robbie Harwood at 2018-09-03T07:11:08Z
Add cmocka unit tests for ipa otpd queue code

Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>

- - - - -
de4eca78 by Michal Reznik at 2018-09-03T13:04:15Z
bump PRCI template version to 0.1.8

Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>

- - - - -
a6678960 by Florence Blanc-Renaud at 2018-09-03T13:05:23Z
ipa-server-install: do not perform forwarder validation with --no-dnssec-validation

ipa-server-install is checking if the forwarder(s) specified with
--forwarder argument support DNSSEC. When the --no-dnssec-validation
option is added, the installer should not perform the check.

Fixes: https://pagure.io/freeipa/issue/7666
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
ac7b3f98 by Florence Blanc-Renaud at 2018-09-03T13:05:23Z
tests: add test for server install with --no-dnssec-validation

Add 2 tests related to the checks performed by ipa-server-install
when --forwarder is specified:
- if the forwarder is not reachable and we require dnssec validation,
the installer must refuse to go on and exit on error.
- if the forwarder is not reachable but --no-dnssec-validation is
provided, the installer must continue.

Related to https://pagure.io/freeipa/issue/7666

Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
f611e5ac by Thomas Woerner at 2018-09-05T12:24:06Z
Adapt freeipa.spec.in for latest Fedora, fix python2 ipatests packaging bug

New autoreconf -ivf call before configure

Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
fc32cbb6 by Armando Neto at 2018-09-05T17:41:41Z
Delete empty keytab during client installation

Client installation fails if '/etc/krb5.keytab' exists as a zero-length
file. Deleting empty keytab before proceeding with the installation
fixes the problem.

https://pagure.io/freeipa/issue/7625

Signed-off-by: Armando Neto <abiagion at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
5b1dce59 by Stanislav Levin at 2018-09-06T12:21:05Z
Fix render validation items on keypress event at login form

There are many no needed render callings which are performed
on each keypress event at login form. It is enough to update
validation items on "CapsLock" state change.

Fixes: https://pagure.io/freeipa/issue/7679
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
09c78a1e by Florence Blanc-Renaud at 2018-09-06T12:23:48Z
ipa-replica-install: fix pkinit setup

commit 7284097 (Delay enabling services until end of installer)
introduced a regression in replica installation.
When the replica requests a cert for PKINIT, a check is done
to ensure that the hostname corresponds to a machine with a
KDC service enabled (ipaconfigstring attribute of
cn=KDC,cn=<hostname>,cn=masters,cn=ipa,cn=etc,$BASEDN must contain
'enabledService').
With the commit mentioned above, the service is set to enabled only
at the end of the installation.

The fix makes a less strict check, ensuring that 'enabledService'
or 'configuredService' is in ipaconfigstring.

Fixes: https://pagure.io/freeipa/issue/7566
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
5ea8f8ae by Florence Blanc-Renaud at 2018-09-06T12:23:48Z
Tests: test successful PKINIT install on replica

Add a test checking that ipa-replica-install successfully configures
PKINIT on the replica

Related to https://pagure.io/freeipa/issue/7566

Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
ef865651 by Armando Neto at 2018-09-06T19:21:21Z
Fix certificate type error when exporting to file

Commands `ipa ca-show` and `ipa cert-show` share the same code,
this commit updates the former, closing the gap between them.

Reflecting the changes done in 5a44ca638310913ab6b0c239374f4b0ddeeedeb3.

https://pagure.io/freeipa/issue/7628

Signed-off-by: Armando Neto <abiagion at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
e9b05971 by Armando Neto at 2018-09-06T19:30:48Z
Add test for client installation with empty keytab file

Missing test case for cf1301fb064fc230c780c4bc5eeccb723899f7b6.

https://pagure.io/freeipa/issue/7625

Signed-off-by: Armando Neto <abiagion at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
e09a3e8a by Florence Blanc-Renaud at 2018-09-07T08:26:26Z
ipa-replica-install: properly use the file store

In ipa-replica-install, many components use their own instance
of the FileStore to backup configuration files to the pre-install
state. This causes issues when the calls are mixed, like for
instance:
ds.do_task1_that_backups_file (using ds.filestore)
http.do_task2_that_backups_file (using http.filestore)
ds.do_task3_that_backups_file (using ds.filestore)

because the list of files managed by ds.filestore does not include
the files managed by http.filestore, and the 3rd call would remove
any file added on 2nd call.

The symptom of this bug is that ipa-replica-install does not save
/etc/httpd/conf.d/ssl.conf and subsequent uninstallation does not
restore the file, leading to a line referring to ipa-rewrite.conf
that prevents httpd startup.

The installer should consistently use the same filestore.

Fixes https://pagure.io/freeipa/issue/7684

Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
cca3531e by Florence Blanc-Renaud at 2018-09-07T08:26:26Z
Test: scenario replica install/uninstall should restore ssl.conf

Test that the scenario ipa-replica-install/ uninstall correctly
restores the file /etc/httpd/conf.d/ssl.conf

Related to https://pagure.io/freeipa/issue/7684

Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
965aecf2 by Michal Reznik at 2018-09-07T12:22:58Z
tests: sssd_ssh fd leaks when user cert converted into SSH key

https://pagure.io/freeipa/issue/7687

Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
1d8f3b9b by Michal Reznik at 2018-09-07T12:22:58Z
add strip_cert_header() to tasks.py

https://pagure.io/freeipa/issue/7687

Reviewed-By: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
d414c340 by Stanislav Levin at 2018-09-12T11:11:49Z
Fix translation of "unauthorized.html" Web page

Make this page message translatable as other parts of IPA framework.

Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
5404be8c by Stanislav Levin at 2018-09-12T11:11:49Z
Fix translation of "ssbrowser.html" Web page

Make this page message translatable as other parts of IPA framework.

Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
68b4824b by Stanislav Levin at 2018-09-12T11:11:49Z
Add basic tests to web pages which are located at /ipa/config/

The goal of these tests is to ensure that the translated text is
synced against a 'noscript' one.

Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
7c8ba1d7 by Stanislav Levin at 2018-09-12T11:48:28Z
Replace the direct URL with config's one

To be customizable URL should be placed to "config"

Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
ce15361a by Stanislav Levin at 2018-09-12T11:48:28Z
Add "reset_and_login" view to LoginScreen widget

Previous "reset" view is splitted to "reset" and "reset_and_login"
ones. "reset" is used to render "just reset password" logic. And
"reset_and_login" - "reset password and then log in".

Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
8da9935e by Stanislav Levin at 2018-09-12T11:48:28Z
Use "login" plugin instead of standalone JS file

Plugin "login" already has the same functionality as a JS code in
separated javascript file. There is no need to duplicate it.

Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
18c878ea by Stanislav Levin at 2018-09-12T11:48:28Z
Clean up reset_password.js file from project

reset_password.js is no longer needed as it's functionality is moved
to "login" plugin.

Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
b7290e45 by Stanislav Levin at 2018-09-12T11:48:28Z
Fix translations of messages in LoginScreen widget

To be translatable messages should be marked with '@i18n' and
present in "i18n_messages" dictionary.

Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
86f98e54 by Stanislav Levin at 2018-09-12T11:48:28Z
Add "bounce" logic from "reset_password.js"

This should add support for https://pagure.io/freeipa/issue/4440

Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
e24b1f62 by Stanislav Levin at 2018-09-12T11:48:28Z
Add tests for LoginScreen widget

Add some basic tests for different aspects of LoginScreen such as
'login', 'reset_and_login', 'reset' views.

Fixes: https://pagure.io/freeipa/issue/7619
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
56bfd49d by Rob Crittenden at 2018-09-12T13:17:05Z
Update required version of dogtag to detect when FIPS is available

When it was checking for FIPS it assumed that /proc/sys/crypto
existed which it doesn't in some containers and on Ubuntu.

This was updated in dogtag, this change is just to pull in the
fix.

https://pagure.io/freeipa/issue/7608

Reviewed-By: Florence Blanc-Renaud <flo at redhat.com>

- - - - -
5cbb0f3d by Rob Crittenden at 2018-09-12T20:37:45Z
Advise plugin for enabling sudo for members of the admins group

Create HBAC and a sudo rule for allowing members of the admins
group to run sudo on all enrolled hosts.

https://pagure.io/freeipa/issue/7538

Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>

- - - - -
7ce49504 by Florence Blanc-Renaud at 2018-09-19T12:01:13Z
authselect: harden uninstallation of ipa client

When ipa client is uninstalled, the content of sysrestore.state
is read to restore the previous authselect profile and features.
The code should properly handle the case where sysrestore.state
contains the header for the authselect section, but the key=value
for profile and features are missing.

Fixes https://pagure.io/freeipa/issue/7657

Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
4f323bc2 by Florence Blanc-Renaud at 2018-09-19T12:01:13Z
tests: add test for uninstall with incomplete sysrestore.state

Add a test that performs client uninstallation when sysrestore.state
contains the header for the [authselect] section but does not
contain a value for profile and features.

Related to https://pagure.io/freeipa/issue/7657

Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
446c6c89 by Florence Blanc-Renaud at 2018-09-19T12:18:12Z
ipa-advise: configure pam_cert_auth=True for smart card on client

ipa-advise config-client-for-smart-card-auth is now using authselect
instead of authconfig, but authselect enable-feature with-smartcard
does not set pam_cert_auth=True in /etc/sssd/sssd.conf.
As a result, smart card auth on a client fails.
The fix adds a step in ipa-advise to configure pam_cert_auth=True.

The fix also forces the use of python3 interpreter, and handles
newer versions of SSSD which use OpenSSL instead of NSS (the trusted
CA certs must be put into /etc/sssd/pki/sssd_auth_ca_db.pem

Fixes https://pagure.io/freeipa/issue/7532

Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
ba2ec069 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix hardcoded CSR in test_webui/test_cert.py

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
62bbc8e3 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Use random IPs and domains in test_webui/test_host.py

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
d0dc6197 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Increase request timeout for WebUI tests

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
ed15e441 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix test_realmdomains::test_add_single_labeled_domain (Web UI test)

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
338dd256 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Use random realmdomains in test_webui/test_realmdomains.py

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
e075b12b by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix test_user::test_login_without_username (Web UI test)

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
ef0549ef by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix unpermitted user session in test_selfservice (Web UI test)

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
a70cfcad by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Add SAN extension for CSR generation in test_cert (Web UI tests)

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
ba7405b1 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Generate CSR for test_host::test_certificates (Web UI test)

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
27a23a49 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Add cookies clearing for all Web UI tests

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
0740b048 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Remove unnecessary session clearing in some Web UI tests

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
8a08abbd by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Increase some timeouts in Web UI tests

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
eb117622 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Fix UI_driver.has_class exception. Handle situation when element has no class attribute

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
e73a44e8 by Serhii Tsymbaliuk at 2018-09-19T14:03:45Z
Change Web UI tests setup flow

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Petr Vobornik <pvoborni at redhat.com>

- - - - -
3b226d8b by Rob Crittenden at 2018-09-20T06:53:13Z
Try to resolve the name passed into the password reader to a file

Rather than comparing the value passed in by Apache to a
hostname value just see if there is a file of that name in
/var/lib/ipa/passwds.

Use realpath to see if path information was passed in as one of
the options so that someone can't try to return random files from
the filesystem.

https://pagure.io/freeipa/issue/7528

Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
1d54726c by Rob Crittenden at 2018-09-21T13:25:46Z
Fix uninstallation test, use different method to stop dirsrv

The API may not be initialized so using ds.is_running() may fail.
Call systemctl directly to ensure the dirsrv instance is stopped.

Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>

- - - - -
9726372c by Rob Crittenden at 2018-09-21T13:25:46Z
Add uninstallation tests to night master and rawhide

Signed-off-by: Rob Crittenden <rcritten at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
Reviewed-By: Michal Reznik <mreznik at redhat.com>

- - - - -
83a8fad0 by Thomas Woerner at 2018-09-24T06:25:28Z
Do not install ipa-replica-prepare

ipa-replica-prepare (script and man page) is only needed for DL0 support.
The script and man page are not installed anymore and also removed from
the spec file.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
416b3f17 by Thomas Woerner at 2018-09-24T06:25:28Z
Increase MIN_DOMAIN_LEVEL to DOMAIN_LEVEL_1

With increasing the minimal domain level to 1 ipa-replica-install will
refuse to install if the domain has domain level 0.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
0b81aeb8 by Thomas Woerner at 2018-09-24T06:25:28Z
Mark replica_file option as deprecated

The replica_file option is only supported for DL0. The option will be
marked deprecated for now.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
aafd2dbe by Thomas Woerner at 2018-09-24T06:25:28Z
Raise error if DL is set to 0 or DL0 options are used

In the case that the domain level is set to 0 or replica_file is set (not
None) an error will be raised.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
9001cfab by Thomas Woerner at 2018-09-24T06:25:28Z
Remove support for replica_file option from ipa-ca-install

Raise "Domain level 0 is not supported anymore" error if there are
remainaing args after parsing. Remove all "DOMAIN LEVEL 0" and
"DOMAIN LEVEL 1" prefixes from the man page.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
800c8c59 by Thomas Woerner at 2018-09-24T06:25:28Z
Remove support for replica_file option from ipa-kra-install

Raise "Domain level 0 is not supported anymore" error if there are
remainaing args after parsing. Remove all "DOMAIN LEVEL 0" and
"DOMAIN LEVEL 1" prefixes from the man page.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
67bbc9bd by Thomas Woerner at 2018-09-24T06:25:28Z
Remove DL0 specific sections from ipa-replica-install man page

Remove replica_file option and all "DOMAIN LEVEL 0" and "DOMAIN LEVEL 1"
prefixes and also sections specific to DL0 form the man page.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
b4a37c5a by Thomas Woerner at 2018-09-24T06:25:28Z
Remove "at DL1" from ipa-replica-manage man page

As there is currently only DL1, there is no need to have extra
sentences for "at domain level 1".

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
f7516be1 by Thomas Woerner at 2018-09-24T06:25:28Z
Remove "at DL1" from ipa-server-install man page

As there is currently only DL1, there is no need to have extra
sentences for "at domain level 1".

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
a3e179bd by Thomas Woerner at 2018-09-24T06:25:28Z
Move DL0 raises outside if existing conditionals to calm down pylint

This pull should not remove code, therefore it is needed to add addtional
conditionals to calm down pylint beacuse of unreachable code.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
a4420400 by Thomas Woerner at 2018-09-24T06:25:28Z
ipatests: Drop test_password_option_DL0

DL0 is not supported anymore therefore this test is failing.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
c4982dcc by Thomas Woerner at 2018-09-24T06:25:28Z
ipatests/test_ipaserver/test_install/test_installer.py: Drop tempfile import

This is not needed anymore due to the removal of the DL0 test

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
2c393ab6 by Thomas Woerner at 2018-09-24T06:25:28Z
ipaserver/install/adtrust.py: Do not use DOMAIN_LEVEL_0 for minimum

As there is the minimal domain level setting MIN_DOMAIN_LEVEL, it should
be used instead of DOMAIN_LEVEL_0.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
d8cb4260 by Thomas Woerner at 2018-09-24T06:25:28Z
ipatests/test_xmlrpc/tracker/server_plugin.py: Increase hard coded mindomainlevel

The hard coded mindomainlevel needs to be increased to 1.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
ddacf9eb by Thomas Woerner at 2018-09-24T06:25:28Z
replicainstall: Make sure that domain fulfills minimal domain level requirement

The old domain level check to suggest to use ipa-replica-prepare has been
converted to make sure that domain fulfills minimal domain level
requirement (no DL0).

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
9564fff6 by Florence Blanc-Renaud at 2018-09-24T10:53:55Z
ipatests: mark known failures as xfail

The tests in test_integration/test_installation.py
that inherit from InstallTestBase2 all fail in
test_replica2_ipa_kra_install because of ticket
7654: ipa-kra-install fails on DL1

This is an issue linked to dogtag (see
https://pagure.io/dogtagpki/issue/3055), where the
installation of a KRA clone creates a range depletion
when multiple clones are created from the same master.

Marking the tests as known failure, waiting for dogtag's
fix.

Related to https://pagure.io/freeipa/issue/7654

Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
804480c2 by Florence Blanc-Renaud at 2018-09-25T13:19:42Z
Tests: remove dl0 tests from nightly definition

Commit fca1167af48651c3454c33c77ef28ec333220040 removed the following tests
from ipatests/test_integration/test_replica_promotion.py:
TestReplicaPromotionLevel0
TestKRAInstall
TestCAInstall
TestReplicaManageCommands
TestOldReplicaWorksAfterDomainUpgrade
but the nightly definition was not updated accordingly.
The fix removes the unexisting tests from nightly.

Related to https://pagure.io/freeipa/issue/7689

Reviewed-By: Tibor Dudlak <tdudlak at redhat.com>

- - - - -
6dd586c7 by Christian Heimes at 2018-09-26T09:42:48Z
Disable DL0 specific tests

Disable tests that use domain level 0. Fail early to catch additional
tests that depend on DL0.

See: https://pagure.io/freeipa/issue/7669
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
93502c9d by Thomas Woerner at 2018-09-26T09:42:48Z
Remove ipa-replica-prepare script and man page

This is part of the DL0 code removal. As ipa-replica-prepare is only needed
and useful for domain level 0, the script can be removed.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
9dcf1dc6 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipa-ca-install

Replica files are DL0 specific therefore all the code that is related to
replica files have been removed. An additional check for the new minimal
domain level has been added.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
30d0fc07 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from cainstance and ca in ipaserver/install

cainstance.replica_ca_install_check is only used in ca.install_check if
replica_config is not None (replica installation). As it is immediately
stopped if promote is not set, therefore it can be removed.

The check for cafile in ca.install_check has been dropped. promote is set
to True in ca.install_step_0 if replica_config is not None for
cainstance.configure_instance.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
ff75a9f7 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipa_kra_install in ipaserver/install

Replica files are DL0 specific therefore all the code that is related to
replica files have been removed An additional check for the new minimal
domain level has been added. The use of extra args results in an error as
this was only needed for the replica file.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
474acad4 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from dsinstance ipaserver/install

Promote is now hard set to True in create_replica for later use in
_get_replication_manager.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
23264315 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from kra in ipaserver/install

The code to add missing KRA certificates has been removed from install_check
as it was only reached if replica_config is not None and promote was False
for DL0 replica installations. Also the other places.

Promote is now hard set to True if replica_config is not None in install
for later use in krainstance.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
fe625873 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove unused promote arg in krbinstance.create_replica in ipaserver/install

The argument was not used at all.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
3c959134 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipa_replica_install in ipaserver/install

Replica files are DL0 specific therefore the knob extension for
replica_file has been removed. Also the code that is only executed if
replica_file is not None.

The new variable replica_install has been added which is used in
ServerInstallInterface.__init__

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
7e17d73b by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from __init__ in ipaserver/install/server

The methods _is_promote has been removed from all classes as this has only
been used internally to check if the domain level is correct.

The check if the installer object has the attribute replica_file has been
modified to use the new variable replica_install defined in
CompatServerReplicaInstall instead.

The DL0 specific code from ServerInstallInterface.__init__ has been removed

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
bacef446 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from replicainstall in ipaserver/install/server

create_replica_config is not imported anymore from
ipaserver.install.installutils.

The promote argument has been removed from these functions and function
calls:
- install_replica_ds
- ds.create_replica
- install_krb
- krbinstance.create_replica
- install_http
- httpinstance.create_instance

The function install_check has been removed completely as it is only used
to prepare the DL0 installation.

All DL0 specific code has been removed from the install function.

The varaibles promote, installer.promote/options.promote  and config.promote
have bene removed.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
7e7dfcd4 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove create_replica_config from installutils in ipaserver/install

This function is used to load the replica file. Without DL0 support this
is not needed at all anymore.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
fc62c735 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from custodiainstance in ipaserver/install

iWithout DL0 support the custodia mode can be used to determine if a
server or replica will be installed. Therefore the use of config.promote
can be removed.

A new check has been added to make sure the mode known in
get_custodia_instance.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
31cdb978 by Thomas Woerner at 2018-09-26T09:42:48Z
Rename CustodiaModes.STANDALONE to CustodiaModes.FIRST_MASTER

This is related to the DL0 code removal. FIRST_MASTER describes this
mode a lot better.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
e0a07717 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove options.promote from install in ipaserver/install/server/install

There is no need to set options.promote to false anymore for a server
installation in the install function.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
8eefa92b by Thomas Woerner at 2018-09-26T09:42:48Z
Remove replica_file from ClientInstall class in ipaclient/install/client.py

There is no need to set replica_file to None for client installations.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
84204473 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove replica_file knob from ipalib/install/service.py

The replica_file option is not needed anymore. Threfore the option can
be removed.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
6ee7c437 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific tests from ipatests/test_integration/test_replica_promotion.py

These tests have been skipped already before. Therefore they can be removed.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
ec993c90 by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipatests/pytest_ipa/integration/tasks.py

The functions get_replica_filename and replica_prepare are not needed anymore
with the DL0 removal. The DL0 specific code has been removed from the
functions install_replica, install_kra and install_ca.

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
a7b2487f by Thomas Woerner at 2018-09-26T09:42:48Z
Remove DL0 specific code from ipatests/test_integration/test_caless.py

See: https://pagure.io/freeipa/issue/7689
Signed-off-by: Thomas Woerner <twoerner at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
1c6b957f by Alexander Bokovoy at 2018-09-26T12:19:06Z
Support Samba 4.9

Samba 4.9 became a bit more strict about creating a local NT token and a
failure to resolve or create BUILTIN\Guests group will cause a rejection
of the connection for a successfully authenticated one.

Add a default mapping of the nobody group to BUILTIN\Guests.

BUILTIN\Guests is a special group SID that is added to the NT token for
authenticated users.

For real guests there is 'guest account' option in smb.conf which
defaults to 'nobody' user.

This was implicit behavior before as 'guest account = nobody' by
default would pick up 'nobody' group as well.

Fixes: https://pagure.io/freeipa/issue/7705
Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
d0c503e5 by Florence Blanc-Renaud at 2018-09-26T12:20:03Z
ipa-server-upgrade: fix inconsistency in setup_lightweight_ca_key_retrieval

The method setup_lightweight_ca_key_retrieval is called on
server upgrade and checks first if it needs to be executed or if
a previous upgrade already did the required steps.
The issue is that it looks for setup_lwca_key_retrieval in sysupgrade.state
but writes setup_lwca_key_retieval (with a missing r).

The fix consistently uses setup_lwca_key_retieval (as older installations
may already contain this key in sysupgrade.state).

Fixes https://pagure.io/freeipa/issue/7688

Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>

- - - - -
35d3b573 by Stanislav Levin at 2018-09-26T14:04:24Z
Fix loading 'freeipa/text' at production mode

As for now 'ssbrowser.html' and 'unauthorized.html' pages are
loaded without JS error at development mode only.

There is no standalone 'freeipa/text' module as source at
production mode. Thus 'core' one have to be loaded first and
then 'text'.

Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
85a54ef8 by Christian Heimes at 2018-09-27T07:17:05Z
Workaround for pyasn1 0.4

pyasn1 0.4 changed handling of ANY containers in a backwards
incompatible way. For 0.3.x, keep explicit wrap and unwrap in octet
strings for ANY container members. For >= 0.4, let pyasn1 do the job.

This patch also makes sorting of extended_key_usage_bytes() stable and
adds tests.

Tested with pyasn1 0.3.7 and 0.4.4.

Fixes: https://pagure.io/freeipa/issue/7685
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>

- - - - -
eaf58bb6 by Christian Heimes at 2018-09-27T09:50:55Z
Sprinkle raw strings across the code base

tox / pytest is complaining about lots and lots of invalid escape
sequences in our code base. Sprinkle raw strings or backslash escapes
across the code base to fix most occurences of:

  DeprecationWarning: invalid escape sequence

There is still one warning that keeps repeating, though:

  source:264: DeprecationWarning: invalid escape sequence \d

Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>

- - - - -
5a25dc53 by Christian Heimes at 2018-09-27T14:57:28Z
Require sssd-ipa instead of sssd meta pkg

The sssd meta package pulls in additional dependencies that are not
required by IPA clients. Only depend on sssd-ipa.

Also update SSSD to 1.16.3-2 with fixes with support for One-Way Trust
authenticated by trust secret.

See: https://bugzilla.redhat.com/show_bug.cgi?id=1345975
See: https://pagure.io/freeipa/issue/7710
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
850eea35 by Stanislav Levin at 2018-09-28T08:30:22Z
Drop concatenated title of remove dialog

As for now the default title of remove dialogs is set to
'Remove ${entity}', where 'entity' is also translatable text.
This construction is used via method 'create_remove_dialog'
of Search facet for the all association 'Delete' actions of
entities.

The such concatenation leads to a bad quality translation and
should be changed to an entire sentence.

>From now a mentioned title is taken from a spec and should be
specified explicitly.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
72e97f2e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Users' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
b8af0b32 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Hosts' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
4357ac54 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Services' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
6a1c3633 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Groups' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
abdcfeb7 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'ID Views' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
19f194d6 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Automember' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
2c45a745 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'HBAC' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
46e3be40 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Sudo' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
6a8a9bcc by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'SELinux User Maps' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
ff7dc517 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Password Policies' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
d5eb7831 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Certificates' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
b13d825e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'OTP Tokens' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
6461d9c3 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'RADIUS Servers' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
97fd70ee by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Certificate Identity Mapping Rules' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
e7ff1982 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Automount Locations' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
9e85373c by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'DNS' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
a06d410e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'RBAC' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
68a12790 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'ID Ranges' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
afbaea15 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Topology' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
ee964520 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'Trusts' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7699
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
d6d11bef by Stanislav Levin at 2018-09-28T08:30:22Z
Drop concatenated title of remove dialog

As for now the default title of remove dialogs, which are
initialized from 'association' facet, is set to something like
'Remove ${other_entity} from ${entity} ${primary_key}', where
'other_entity' and 'entity' are also translatable texts.
This construction is used via method 'show_remove_dialog'
of 'association' facet for the all 'Delete' actions within details
of entities.

Such concatenation leads to a bad quality translation and
should be changed to an entire sentence.

>From now a mentioned title is taken from a spec and should be
specified explicitly.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
cc3c38a7 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Users' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
b64b0aa6 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Hosts' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
65427f94 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Services' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
dcf1803c by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Groups' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
6ec6dafa by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'HBAC' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
865bbea7 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Sudo' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
20d9b21f by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'OTP Tokens' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
881a6739 by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'RBAC' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
1785168a by Stanislav Levin at 2018-09-28T08:30:22Z
Add a title to 'remove' dialog for details of 'Trusts' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7702
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
f72aa37e by Stanislav Levin at 2018-09-28T08:30:22Z
Drop concatenated title of remove dialog

As for now the default title of remove dialogs, which are
initialized from 'association_table' facet, is set to something
like 'Remove ${other_entity} from ${entity} ${primary_key}',
where 'other_entity' and 'entity' are also translatable texts.
This construction is used via method 'show_remove_dialog'
of 'association_table' widget for the all 'Delete' actions within
details of entities.

Such concatenation leads to a bad quality translation and
should be changed to an entire sentence.

>From now a mentioned title is taken from a spec and should be
specified explicitly.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
6e8c6a4e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'remove' dialog for 'association_table' widget of 'Hosts' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
db5e0f80 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'remove' dialog for 'association_table' widget of 'Services' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
f0f2f443 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'remove' dialog for 'association_table' widget of 'Groups' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
cdc605f1 by Stanislav Levin at 2018-09-28T08:30:22Z
Allow having a custom title of 'Remove' dialog for 'attribute_table' widget

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
31f5db28 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'Automember' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
14acf96e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'HBAC' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
b56ff7f4 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'Sudo' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
14aa7bfd by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'SELinux' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
176ec4a8 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'CA' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
3890280e by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'Topology' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
9e4f6857 by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'Remove' dialog for 'association_table' widget of 'Vault' entity

To improve translation quality the title of 'Remove' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
85a96ddc by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to 'unprovision' dialog

To improve translation quality the title of 'unprovision' dialog
should be specified explicitly in the spec and should be an entire
sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
9cccf6ae by Stanislav Levin at 2018-09-28T08:30:22Z
Add title to remove dialog of 'DNS' entity

To improve translation quality the title of Remove dialog
should be specified explicitly in the spec and should be an
entire sentence.

Fixes: https://pagure.io/freeipa/issue/7704
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
2bb4fc20 by Stanislav Levin at 2018-09-28T08:30:22Z
Fix javascript 'errors' found by jslint

There are several JavaScript errors, which have come with PRs:
2362, 2371, 2372.

JavaScript code have to follow jsl requires.

Fixes: https://pagure.io/freeipa/issue/7717
Fixes: https://pagure.io/freeipa/issue/7718
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
042cf811 by Stanislav Levin at 2018-09-28T08:30:22Z
Add jslint check to PR CI tests

For now, from all possible lint checks, pylint applies only.
jslint can prevent JavaScript errors at WebUI.

Fixes: https://pagure.io/freeipa/issue/7717
Fixes: https://pagure.io/freeipa/issue/7718
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
232046de by Timo Aaltonen at 2018-10-01T08:37:36Z
dont-migrate-to-authselect.diff We don't have authselect, so just return true when trying to migrate to it. (LP: #1793994)

- - - - -
125a71a1 by Timo Aaltonen at 2018-10-01T08:40:28Z
control: Move client dependency on chrony to recommends. (Closes: #909803)

- - - - -
3a97581a by Stanislav Levin at 2018-10-01T09:34:08Z
Drop concatenated title of 'add' dialog

As for now the default title of 'add' dialog is set to something
like 'Add ${entity}', where 'entity' is also translatable text.
Such construction is used via method 'adder_dialog' of Entity
for the all 'Add' actions.

This leads to a bad quality translation and should be changed to
an entire sentence.

>From now a mentioned title is taken from a spec and should be
specified explicitly.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
bf5b4db9 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Users' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
6790151d by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'OTP' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
ece3f752 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Host' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
98f40993 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Service' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
8d922ebc by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Groups' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
4e6b7415 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'ID Views' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
dd533aeb by Stanislav Levin at 2018-10-01T09:34:08Z
Drop concatenated title of 'add' dialog for 'attribute_table' widget

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
f5efeb14 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Automember' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
77666404 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'HBAC' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
68f22cf6 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Sudo' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
4ad486fe by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'SELinux' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
0f72fa2e by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Password Policies' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
0c412db4 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Certificates' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
7f6d6586 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'RADIUS' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
cb4a4bce by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Certificate Identity' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
d7c4bbef by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Automount' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
166f96a0 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'DNS' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
cc5194e5 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Vault' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
94ec285e by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'RBAC' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
e73483f4 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'ID Ranges' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
d5a4e630 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Trusts' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
bcf92236 by Stanislav Levin at 2018-10-01T09:34:08Z
Add title to 'add' dialog for 'Topology' entity

To improve translation quality the title of 'Add' dialog should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7707
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
5c8f39ab by Fraser Tweedale at 2018-10-02T09:30:55Z
Fix writing certificate chain to file

An client-side error occurs when cert commands are instructed to
write the certificate chain (--chain option) to a file
(--certificate-out option).  This regression was introduced in the
'cert' plugin in commit 5a44ca638310913ab6b0c239374f4b0ddeeedeb3,
and reflected in the 'ca' plugin in commit
c7064494e5801d5fd4670e6aab1e07c65d7a0731.

The server behaviour did not change; rather the client did not
correctly handle the DER-encoded certificates in the
'certificate_chain' response field.  Fix the issue by treating the
'certificate' field as base-64 encoded DER, and the
'certificate_chain' field as an array of raw DER certificates.

Add tests for checking that the relevant commands succeed and write
PEM data to the file (both with and without --chain).

Fixes: https://pagure.io/freeipa/issue/7700
Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
d86d8190 by Alexander Bokovoy at 2018-10-02T14:06:54Z
When stripping PO files, sort the output

Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
28cfb2b1 by Alexander Bokovoy at 2018-10-02T14:06:54Z
Re-sort translations before merging Zanata updates

Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
35d4d81f by Alexander Bokovoy at 2018-10-02T14:06:54Z
Update translations from Zanata ipa-4-7 branch

Reviewed-By: Christian Heimes <cheimes at redhat.com>

- - - - -
f2b9b7b5 by Stanislav Levin at 2018-10-03T11:14:52Z
Drop concatenated title of 'Add' dialog for details of entity

As for now the 'Add' dialog title, which is initialized within
details of the entity, contains translated concatenated texts,
like:
    'Add ${other_entity} into ${entity} ${primary_key}',
where 'other_entity' and 'entity' are also translatable texts.
This construction is used via method 'show_add_dialog' of
association_facet for the all 'Add' actions within details
of entities.
The concatenation leads to a bad quality translation and
should be changed to an entire sentence.

>From now a mentioned title is taken from a spec and should be
specified explicitly.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
db7197ac by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Certificate' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
989b895a by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Users' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
9d77d31d by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Hosts' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
085681fa by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Services' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
d2069753 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Groups' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
e7f1c7b5 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'ID Views' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
e0e434ca by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'HBAC' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
665a1336 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'Sudo' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
98662ec5 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'OTP Tokens' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
7f482eee by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for details of 'RBAC' entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
c8878104 by Stanislav Levin at 2018-10-03T11:14:52Z
Drop concatenated title of add dialog for association_table widget

As for now the default title of add dialogs, which are
initialized from 'association_table' widget, is set to something
like 'Add ${other_entity} into ${entity} ${primary_key}',
where 'other_entity' and 'entity' are also translatable texts.
This construction is used via method 'create_add_dialog' of
'association_table' widget for the all 'Add' actions within
details of entities.

Such concatenation leads to a bad quality translation and
should be changed to an entire sentence.

>From now a mentioned title is taken from a spec and should be
specified explicitly.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
eb506a3f by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Hosts entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
2c6cde1c by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Services entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
7aefa5b2 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Groups entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
172996ef by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of HBAC entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
e14fe888 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Sudo entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
cc643a52 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of SELinux User Maps entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
3a4eec36 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Certificates entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
d5221285 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Vaults entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
8fa14441 by Stanislav Levin at 2018-10-03T11:14:52Z
Add title to 'add' dialog for 'association_table' widget of Topology entity

To improve translation quality the title of 'Add' dialog,
which is initialized within details table of the entity, should be
specified explicitly in the spec and should be an entire sentence.

Fixes: https://pagure.io/freeipa/issue/7712
Fixes: https://pagure.io/freeipa/issue/7714
Reviewed-By: Serhii Tsymbaliuk <stsymbal at redhat.com>

- - - - -
7b50fe43 by Christian Heimes at 2018-10-05T15:37:57Z
Fix zonemgr encoding issue

The zonemgr validator and handler performs additional encodings for IDNA
support. In Python 3, the extra steps are no longer necessary because
arguments are already proper text and stderr can handle text correctly.

This also fixes 'b' prefix in error messages like:

    option zonemgr: b'empty DNS label'

Fixes: https://pagure.io/freeipa/issue/7711
Signed-off-by: Christian Heimes <cheimes at redhat.com>

- - - - -
a30659c4 by Florence Blanc-Renaud at 2018-10-05T17:43:39Z
ipatests: remove TestReplicaManageDel (dl0)

TestReplicaManageDel is a test using domain level 0
but we do not support it any more. Remove the test.

Related to https://pagure.io/freeipa/issue/7689

Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
4b617ddb by Alexander Bokovoy at 2018-10-05T17:45:52Z
Update list of contributors

Reviewed-By: Rob Crittenden <rcritten at redhat.com>
(cherry picked from commit 753264069f29e47bf222e50e95a7ec5849a7f6cb)

Reviewed-By: Rob Crittenden <rcritten at redhat.com>

- - - - -
7eddb981 by Rob Crittenden at 2018-10-05T18:04:49Z
Become IPA 4.7.1

- - - - -
0158ad89 by Timo Aaltonen at 2018-10-08T07:49:32Z
Merge branch 'upstream'

- - - - -
8c1c45e5 by Timo Aaltonen at 2018-10-08T07:49:59Z
bump the version

- - - - -
b3459282 by Timo Aaltonen at 2018-10-08T07:52:05Z
control: Build server on any arch again.

- - - - -
a8821bc2 by Timo Aaltonen at 2018-10-08T07:57:04Z
tests: Don't fail the tests, just dump the log if something goes wrong.

- - - - -
72d83858 by Timo Aaltonen at 2018-10-08T08:07:29Z
refresh patches, drop fix-replicainstall.diff

- - - - -
5d1945c9 by Timo Aaltonen at 2018-10-08T08:28:17Z
drop ipa-httpd-pwdreader-force-fqdn.diff

- - - - -
601e660c by Timo Aaltonen at 2018-10-09T07:29:50Z
server: drop ipa-replica-prepare

- - - - -
dd870470 by Timo Aaltonen at 2018-10-09T17:05:22Z
releasing package freeipa version 4.7.1-1

- - - - -


30 changed files:

- − .freeipa-pr-ci.yaml
- + .freeipa-pr-ci.yaml
- .gitignore
- Contributors.txt
- Makefile.am
- + Makefile.pythonscripts.am
- VERSION.m4
- client/Makefile.am
- client/ipa-certupdate → client/ipa-certupdate.in
- client/ipa-client-automount → client/ipa-client-automount.in
- client/ipa-client-install → client/ipa-client-install.in
- client/ipa-join.c
- configure.ac
- daemons/dnssec/Makefile.am
- daemons/dnssec/ipa-dnskeysync-replica → daemons/dnssec/ipa-dnskeysync-replica.in
- daemons/dnssec/ipa-dnskeysyncd → daemons/dnssec/ipa-dnskeysyncd.in
- daemons/dnssec/ipa-ods-exporter → daemons/dnssec/ipa-ods-exporter.in
- daemons/ipa-otpd/Makefile.am
- + daemons/ipa-otpd/ipa_otpd_queue_cmocka_tests.c
- daemons/ipa-otpd/queue.c
- daemons/ipa-sam/ipa_sam.c
- daemons/ipa-slapi-plugins/ipa-extdom-extop/back_extdom_nss_sss.c
- daemons/ipa-slapi-plugins/ipa-extdom-extop/back_extdom_sss_idmap.c
- daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
- daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
- debian/changelog
- debian/control.common
- debian/control.server
- debian/freeipa-server.install
- + debian/patches/dont-migrate-to-authselect.diff


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/compare/71b402b51812077ca9b00f2f0bfca45fb36df6df...dd870470a36755766c9c48e9ed1d75cd5bd5d172

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/compare/71b402b51812077ca9b00f2f0bfca45fb36df6df...dd870470a36755766c9c48e9ed1d75cd5bd5d172
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20181009/99127e1b/attachment-0001.html>


More information about the Pkg-freeipa-devel mailing list