[Pkg-freeipa-devel] [Git][freeipa-team/freeipa][master] 65 commits: pki-proxy: Don't rely on running apache until it's configured
Timo Aaltonen
gitlab at salsa.debian.org
Tue Mar 31 05:24:34 BST 2020
Timo Aaltonen pushed to branch master at FreeIPA packaging / freeipa
Commits:
24c6ea3c by Stanislav Levin at 2020-03-19T12:48:28+02:00
pki-proxy: Don't rely on running apache until it's configured
This partially restores the pre-ec73de969f state of `http_proxy`,
which fails to restart the apache service during master
installation. The failure happens because of apache is not
configured yet on 'pki-tomcatd' installation phase. The mentioned
code and proposed one relies on the installer which bootstraps the
master.
Fixes: https://pagure.io/freeipa/issue/8233
Signed-off-by: Stanislav Levin <slev at altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
79058913 by Florence Blanc-Renaud at 2020-03-19T16:31:30+01:00
idviews: prevent applying to a master
Custom IDViews should not be applied to IPA master nodes. Add a
check enforcing this rule in idview_apply command.
Fixes: https://pagure.io/freeipa/issue/5662
Signed-off-by: Florence Blanc-Renaud <flo at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
c37a8462 by Florence Blanc-Renaud at 2020-03-19T16:31:30+01:00
xmlrpc tests: add a test for idview-apply on a master
Add a new XMLRPC test trying to apply an IDview:
- to a master
- to a hostgroup containing a master
The command must refuse to apply the IDview to a master node.
Related: https://pagure.io/freeipa/issue/5662
Signed-off-by: Florence Blanc-Renaud <flo at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
7d468792 by sumenon at 2020-03-20T11:05:23+01:00
ipatests: Added testcase to check logrotate is added for healthcheck tool
Issue: freeipa/freeipa-healthcheck#35
- - - - -
04cc0450 by Christian Heimes at 2020-03-21T07:31:22+02:00
Integrate ipa_custodia policy
ipa-custodia is an internal service for IPA. The upstream SELinux policy
has a separate module for ipa_custodia. Fold the current policy from
Fedora rawhide into ipa's SELinux policy.
Related: https://pagure.io/freeipa/issue/6891
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
7d525ab4 by Christian Heimes at 2020-03-21T07:31:22+02:00
Move freeipa-selinux dependency to freeipa-common
The SELinux policy defines file contexts that are also used by clients,
e.g. /var/log/ipa/. Make freeipa-selinux a dependency of freeipa-common.
Related: https://pagure.io/freeipa/issue/6891
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
127b8d9c by Alexander Bokovoy at 2020-03-21T07:32:52+02:00
Prevent adding IPA objects as external members of external groups
The purpose of external groups in FreeIPA is to be able to reference
objects only existing in trusted domains. These members get resolved
through SSSD interfaces but there is nothing that prevents SSSD from
resolving any IPA user or group if they have security identifiers
associated.
Enforce a check that a SID returned by SSSD does not belong to IPA
domain and raise a validation error if this is the case. This would
prevent adding IPA users or groups as external members of an external
group.
RN: Command 'ipa group-add-member' allowed to specify any user or group
RN: for '--external' option. A stricter check is added to verify that
RN: a group or user to be added as an external member does not come
RN: from IPA domain.
Fixes: https://pagure.io/freeipa/issue/8236
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
ebb3c22d by Florence Blanc-Renaud at 2020-03-21T12:20:55+02:00
ipatests: wait for SSSD to become online in backup/restore tests
The backup/restore tests are calling 'id admin' after restore
to make sure that the user name can be resolved after a restore.
The test should wait for SSSD backend to become online before
doing any check, otherwise there is a risk that the call to
'id admin' fails.
Fixes: https://pagure.io/freeipa/issue/8228
Signed-off-by: Florence Blanc-Renaud <flo at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Sergey Orlov <sorlov at redhat.com>
- - - - -
7974ac9f by Rob Crittenden at 2020-03-23T09:17:06+01:00
Test that ipa-healthcheck human output translates error strings
The code rather than the string was being displayed in human
output for non-SUCCESS messages. Verify that in case of an error
the right output will be present.
https://bugzilla.redhat.com/show_bug.cgi?id=1752849
Reviewed-By: Mohammad Rizwan Yusuf <myusuf at redhat.com>
Reviewed-By: Sumedh Sidhaye <ssidhaye at redhat.com>
Reviewed-By: Stanislav Levin <slev at altlinux.org>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
0e9b020d by Sergey Orlov at 2020-03-24T12:25:01+01:00
ipatests: remove test_ordering
The test_integration/test_ordering.py is a test for pytest_sourceorder
plugin which is not part of freeipa project, it is not an integration test.
The up to date version of this test is available at project repository:
https://pagure.io/python-pytest-sourceorder/blob/master/f/test_sourceorder.py
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
f99cfa14 by Vit Mojzis at 2020-03-24T13:33:08+01:00
selinux: disable ipa_custodia when installing custom policy
Since ipa_custodia got integrated into ipa policy package, the upstream policy
module needs to be disabled before ipa module installation (in order to be able
to make changes to the ipa_custodia policy definitions).
Upstream ipa module gets overridden automatically because of higher priority of
the custom module, but there is no mechanism to automatically disable
ipa_custodia.
Related: https://pagure.io/freeipa/issue/6891
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
42aa86fa by Christian Heimes at 2020-03-24T14:02:20+01:00
Add pytest OpenSSH transport with password
The pytest_multihost transport does not provide password-based
authentication for OpenSSH transport. The OpenSSH command line tool has
no API to pass in a password securely.
The patch implements a custom transport that uses sshpass hack. It is
not recommended for production but good enough for testing.
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
f1855dd5 by Serhii Tsymbaliuk at 2020-03-24T14:13:42+01:00
Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1
Ticket: https://pagure.io/freeipa/issue/8239
Signed-off-by: Serhii Tsymbaliuk <stsymbal at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
210619a9 by Mohammad Rizwan Yusuf at 2020-03-24T15:44:54+01:00
Test if schema-compat-entry-attribute is set
This is to ensure if said entry is set after installation with AD.
related: https://pagure.io/freeipa/issue/8193
Signed-off-by: Mohammad Rizwan Yusuf <myusuf at redhat.com>
Reviewed-By: Francois Cami <fcami at redhat.com>
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu at redhat.com>
- - - - -
3f3fa403 by Mohammad Rizwan Yusuf at 2020-03-24T15:44:54+01:00
Test if schema-compat-entry-attribute is set
This is to ensure if said entry is set after installation.
It also checks if compat tree is disable.
related: https://pagure.io/freeipa/issue/8193
Signed-off-by: Mohammad Rizwan Yusuf <myusuf at redhat.com>
Reviewed-By: Francois Cami <fcami at redhat.com>
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu at redhat.com>
- - - - -
814b47e8 by Sergey Orlov at 2020-03-25T09:45:55+02:00
ipatests: provide AD admin password when trying to establish trust
`ipa trust-add --password` command requires that user provides a password..
Related to: https://pagure.io/freeipa/issue/7895
Reviewed-By: Florence Blanc-Renaud <frenaud at redhat.com>
- - - - -
9ff7b4a4 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
Keep ipa.pot translation file in git for weblate
Weblate tool sends pull requests that update translations directly.
For this to work, we need to keep ipa.pot in the tree.
Fixes: https://pagure.io/freeipa/issue/8159
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 92e36258cee838a378729d06fc4134b5c4428f87)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
831f4dd3 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
Update translation infrastructure
1. Build po/ipa.pot every time we update PO files (each build)
2. Drop any rebuilt PO changes if the only difference is in the
translation file's header in a timestamp or timestamp+bug report
link.
3. Only apply the logic for dropping the changes if we are operating on
a git tree checkout because there is no otherwise an easy way to
detect the changes.
4. Hook strip-po target to the cleanup target to allow dropping unneeded
translation changes automatically.
5. Finally, strip ipaclient/remote_plugins/* locations from the ipa.pot
template. This saves us around 23,000 lines from the ipa.pot file and
reduces visual clutter in the translation files.
This approach allows to avoid unneccesary commits because even when
there are no changes to translation files, po/ipa.pot header would be
updated with a new translation update timestamp.
Fixes: https://pagure.io/freeipa/issue/8159
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit b4722f3917d6c2a6849931e9c68896f83a0cc09b)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
e23ba779 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update ipa.pot template
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 3fc932a2a859898d718d850fbcd558a1e960e91f)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
16d9556c by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Bengali translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 0be22a6ae71a3261c9e9333a01dc028f55554924)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
29e3ade0 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Catalan translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 6cd244da6be890e577bf381c6303363e2a6f237f)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
c8ba436c by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Czech translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 68cc049124f2acf66b4fdd4588e1fb25d50a9364)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
0d053d8b by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update German translation
Several translated strings were splitted into smaller ones. The older
translation either is a duplicate of the new one or does not apply
anymore.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 117893f03e4f26044e7b15053e336b8d42b4f180)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
37a1e927 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update English (United Kingdom) translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 439c488f04b857cfb83f779e450c34b93f7c38bb)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
7af52df7 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Spanish translation
Several translated strings were splitted and old translations do not
apply directly anymore.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 2859216b4cbb763a25792cffe6204da8edb4a232)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
92fb5c52 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Basque translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit e6574914ade837f1d49579394437dfe720b55b22)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
a2ca393d by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update French translation
Several translated strings were splitted and old translations do not
apply directly anymore.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 1a0232a6938c64277c4b8f2cdc35be650da644cc)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
c4dd8b22 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Hindi translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 35c1da8346c1b671b1a1bffa51199324c3947d9f)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
595d5062 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Hungarian translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit f18a4f8dd34134b3c08b1169ba42ebcffa49ac72)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
124a563e by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Indonesian translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 347d9c78b17176e7677995c2ecbbfc7b13d50dcc)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
89dbf88a by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Japanese translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 60d69a8755d3f32d6fed70ba541f70e4069e0647)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
89b048d1 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Kannada translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 1c30d18611519aca5244b2315a5d8a3e198eea38)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
28a963ee by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Marathi translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 0c9066e8f3b7b78fb7cf4763fa51919aa6c4965c)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
e7945284 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Dutch translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 7f3cc11a20ad1705cb62ec0075d1e7ec863fced7)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
e4dfb740 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Punjabi translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 3e636959ff14e454329a6806bf4fe4f560ccf398)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
4e3867fc by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Polish translation
Several translated strings were splitted and old translations do not
apply directly anymore.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 047c8cc55d0845123160e94c69bf0f4efe47059e)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
31a9da8e by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Portuguese translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit baf1a7217d35c2142953a098f4caf88f181e42b0)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
eab195ff by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Portuguese (Brazil) translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 45dede73c7106b234f0c1d022bd20260d9c7c7fa)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
db433fbe by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Russian translation
Several translated strings were splitted and old translations do not
apply directly anymore.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit ad3ef9de44f41051fed8f743fb4bc7cf2e896ea7)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
3c15e47a by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Slovak translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit ed55c408f8599dd4c0be8261c34930b9c7416171)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
3d411cf2 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Tajik translation timestamp
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit e50c2500f440caa59fa78320ed669db9f0a25d10)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
855a36b6 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Ukrainian translation
Several translated strings were splitted and old translations do not
apply directly anymore.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 9fcae1590ddb2fd240b200d0960e33323d594acb)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
c6adee04 by Alexander Bokovoy at 2020-03-25T09:49:28+02:00
po: update Chinese (China) translation
Several translated strings were splitted and old translations do not
apply directly anymore.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
(cherry picked from commit 42e86692b6b12728e0fb7e3bc17613ef072b624a)
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
74f36e7c by Alexander Bokovoy at 2020-03-25T10:44:50+01:00
ipatests: always skip additional input for group-add-member --external
'ipa group-add-member groupname --external some-object' will attempt to
ask interactive questions about other optional parameters (users and
groups) if only external group member was specified. This leads to a
timeout in the tests as there is no input provided.
Do not wait for the entry that would never come by using 'ipa -n'..
Related: https://pagure.io/freeipa/issue/8236
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
f08ced1b by Christian Heimes at 2020-03-25T12:47:40+01:00
SELinux: apache_manage_pid_files for F30
SELinux policy on F30 doesn't have the interface
apache_manage_pid_files(). Define the interface conditionally.
Fixes: https://pagure.io/freeipa/issue/8241
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
c62b9e7f by Alexander Bokovoy at 2020-03-25T14:47:12+01:00
Fix indentation levels
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
f4dc10b8 by Alexander Bokovoy at 2020-03-25T14:47:12+01:00
ipatests: allow changing sysaccount passwords as cn=Directory Manager
Extend ldappasswd_sysaccount_change() helper to allow changing
passwords as a cn=Directory Manager.
Related to: https://pagure.io/freeipa/issue/7181
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
313542e8 by Alexander Bokovoy at 2020-03-25T14:47:12+01:00
ipatests: test sysaccount password change with a password policy applied
ipa-pwd-extop plugin had a bug which prevented a cn=Directory Manager
to change a password to a value that is not allowed by an associated
password policy. Password policy checks should not apply to any
operations done as cn=Directory Manager.
The test creates a system account with associated policy that prevents
password reuse. It then goes to try to change a password three times:
- as a user: must succeeed
- as a cn=Directory Manager: must succeed even with a password re-use
- as a user again: must fail due to password re-use
Related: https://pagure.io/freeipa/issue/7181
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
5bae736b by Alexander Bokovoy at 2020-03-25T14:47:12+01:00
ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN
SLAPI_BIND_TARGET_DN is deprecated since 2011 by 389-ds team,
see commit f6397113666f06848412bb12f754f04258cfa5fa in 389-ds:
https://pagure.io/389-ds-base/c/f6397113666f06848412bb12f754f04258cfa5fa?branch=master
Use SLAPI_BIND_TARGET_SDN instead and move internal ipa-pwd-extop
helpers to accept Slapi_DN references rather than strings.
Related: https://pagure.io/freeipa/issue/7181
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
bcbf64b1 by Alexander Bokovoy at 2020-03-25T14:47:12+01:00
ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
Password changes performed by cn=Directory Manager are excluded from
password policy checks according to [1]. This is correctly handled by
ipa-pwd-extop in case of a normal Kerberos principal in IPA. However,
non-kerberos accounts were not excluded from the check.
As result, password updates for PKI CA admin account in o=ipaca were
failing if a password policy does not allow a password reuse. We are
re-setting the password for PKI CA admin in ipa-replica-prepare in case
the original directory manager's password was updated since creation of
`cacert.p12`.
Do password policy check for non-Kerberos accounts only if it was set by
a regular user or admin. Changes performed by a cn=Directory Manager and
passsync managers should be excluded from the policy check.
Fixes: https://pagure.io/freeipa/issue/7181
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
[1] https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/user_account_management-managing_the_password_policy
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
8b7bb96b by Rob Crittenden at 2020-03-25T14:47:12+01:00
Don't save password history on non-Kerberos accounts
While other password policies were properly ignored the password
history was always being saved if the global history size was
non-zero.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
840671b1 by Rob Crittenden at 2020-03-25T14:47:12+01:00
Add ability to change a user password as the Directory Manager
This is to confirm that the Directory Manager is not affected by
password policy.
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
b34063e7 by Rob Crittenden at 2020-03-25T14:47:12+01:00
Test that pwpolicy only applied on Kerberos entries
Also test that a normal user has password history enforcement
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
616ad399 by Christian Heimes at 2020-03-25T17:16:05+01:00
po: fix LINGUAS to use whitespace separation
The po/LINGUAS file contains a list of all avilable translations.
According to the GNU gettext documentation it's is a whitespace
separated list. Our LINGUAS file used newline separated list with inline
comments. This conflicts with weblate automation.
Fixes: https://pagure.io/freeipa/issue/8159
See: https://www.gnu.org/software/gettext/manual/html_node/po_002fLINGUAS.html
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
45507c1e by Mohammad Rizwan Yusuf at 2020-03-25T17:17:34+01:00
ipatests: Skip test using paramiko when FIPS is enabled
Test used paramiko to connect to the master from controller.
Hence skip if FIPS is enabled
Signed-off-by: Mohammad Rizwan Yusuf <myusuf at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
- - - - -
a692212e by François Cami at 2020-03-26T15:09:16+01:00
ipatests: test_replica_promotion.py: test KRA on Hidden Replica
The Hidden replica tests did not test what happened when KRA was
installed on a hidden replica and then other KRAs instantiated from
this original one. Add a test scenario that covers this.
Related: https://pagure.io/freeipa/issue/8240
Signed-off-by: François Cami <fcami at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Michal Polovka <mpolovka at redhat.com>
Reviewed-By: Christian Heimes <cheimes at redhat.com>
Reviewed-By: Michal Polovka <mpolovka at redhat.com>
- - - - -
75d04b5e by Alexander Bokovoy at 2020-03-27T09:12:34+02:00
Become FreeIPA 4.8.6
- - - - -
da539a36 by Timo Aaltonen at 2020-03-30T16:38:40+03:00
Merge branch 'upstream'
- - - - -
80a7dcc8 by Timo Aaltonen at 2020-03-30T16:40:25+03:00
pki-proxy-Don-t-rely-on-running-apache-until-it-s-co.patch: Dropped, upstream.
- - - - -
a4e38932 by Timo Aaltonen at 2020-03-30T18:44:03+03:00
migrate-to-gpg.diff: Use gpg instead of gpg2, update dependencies. (Closes: #919062)
- - - - -
6422cb4c by Timo Aaltonen at 2020-03-30T21:48:43+03:00
control: Bump gssproxy depends.
- - - - -
1440f98e by Timo Aaltonen at 2020-03-31T06:26:02+03:00
control: Relax apache2 dependency so it works on ubuntu.
- - - - -
f02b776f by Timo Aaltonen at 2020-03-31T06:33:20+03:00
control: Bump policy to 4.5.0.
- - - - -
8d0681fb by Timo Aaltonen at 2020-03-31T06:39:37+03:00
control: Fix some M-A issues.
- - - - -
db96bf78 by Timo Aaltonen at 2020-03-31T06:48:50+03:00
control: Drop the dummy freeipa-admintools package.
- - - - -
30 changed files:
- .gitignore
- Makefile.am
- VERSION.m4
- daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
- daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
- daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
- daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
- debian/changelog
- debian/control
- debian/control.common
- debian/control.server
- debian/control.stub
- + debian/patches/migrate-to-gpg.diff
- − debian/patches/pki-proxy-Don-t-rely-on-running-apache-until-it-s-co.patch
- debian/patches/series
- debian/tests/control
- freeipa.spec.in
- install/ui/src/libs/bootstrap.js
- ipaserver/dcerpc.py
- ipaserver/install/dogtaginstance.py
- ipaserver/plugins/idviews.py
- ipatests/prci_definitions/nightly_ipa-4-8_latest.yaml
- ipatests/prci_definitions/nightly_ipa-4-8_previous.yaml
- ipatests/pytest_ipa/integration/host.py
- ipatests/pytest_ipa/integration/tasks.py
- + ipatests/pytest_ipa/integration/transport.py
- ipatests/test_integration/test_adtrust_install.py
- ipatests/test_integration/test_backup_and_restore.py
- ipatests/test_integration/test_commands.py
- ipatests/test_integration/test_installation.py
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/-/compare/6eb6b27e611f57ec8e5a87740b7527170358a419...db96bf78a7c5e3d35b51dfc0d5788834f161b0f1
--
View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/-/compare/6eb6b27e611f57ec8e5a87740b7527170358a419...db96bf78a7c5e3d35b51dfc0d5788834f161b0f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20200331/aad66e3c/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list