URL: https://github.com/freeipa/freeipa/pull/3270
Author: fcami
Title: #3270: [Backport][ipa-4-6] Hidden replica documentation: fix typo
Action: opened
PR body:
"""
This PR was opened automatically because PR #3266 was pushed to master and backport to ipa-4-6 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3270/head:pr3270
git checkout pr3270
URL: https://github.com/freeipa/freeipa/pull/3268
Author: fcami
Title: #3268: [Backport][ipa-4-6] ipa-backup: better error message if ENOSPC
Action: opened
PR body:
"""
MANUAL BACKPORT of https://github.com/freeipa/freeipa/pull/3112
The main change is that ipa-4-6 has:
filename = encrypt_file(filename, keyring)
while HEAD has:
filename = encrypt_file(filename)
due to https://github.com/freeipa/freeipa/commit/8e165480ace76ab97e40e9396293eccff…
########
When the destination directory cannot store the complete backup
ipa-backup fails but does not explain why.
This commit adds error-checking to db2ldif(), db2bak() and
finalize_backup() and enhances the error message.
Fixes: https://pagure.io/freeipa/issue/7647
Signed-off-by: François Cami <fcami(a)redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo(a)redhat.com>
Reviewed-By: Tibor Dudlák <tdudlak(a)redhat.com>
Reviewed-By: Christian Heimes <cheimes(a)redhat.com>
Reviewed-By: Thomas Woerner <twoerner(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3268/head:pr3268
git checkout pr3268
URL: https://github.com/freeipa/freeipa/pull/3216
Author: frasertweedale
Title: #3216: fix LWCA key retrieval on f30
Action: opened
PR body:
"""
This PR includes fixes for LWCA key retrieval on f30 and fixes for handling of
missing LWCA keys in the ca_find and ca_show commands.
Is is based upon https://github.com/freeipa/freeipa/pull/3210 which updates
PR-CI to f30. (This PR revealed the issue on f30; the tests are not passing
hence it has been merged yet.)
```
f029a6e3b (Fraser Tweedale, 7 hours ago)
ipa-pki-retrieve-key: set KRB5CCNAME
On Fedora 30, for some reason LDAP GSS-API bind now fails in the
ipa-pki-retrieve-key program. The Dogtag keytab credential acquisition
does succeed, but those credentials are not used for the LDAP bind.
Update CustodiaClient to support setting KRB5CCNAME when it creates
credentials. This behaviour is optional and disabled by default (no
behavioural change for other use cases). But enable this behaviour in
ipa-pki-retrieve-key so the Dogtag credentials are used for the LDAP bind.
Fixes: https://pagure.io/freeipa/issue/7964
fff5119cd (Fraser Tweedale, 85 minutes ago)
Handle missing LWCA certificate or chain
If lightweight CA key replication has not completed, requests for the
certificate or chain will return 404**. This can occur in normal
operation, and should be a temporary condition. Detect this case and
handle it by simply omitting the 'certificate' and/or
'certificate_out' fields in the response, and add a warning message to the
response.
Also update the client-side plugin that handles the
--certificate-out option. Because the CLI will automatically print the
warning message, if the expected field is missing from the response, just
ignore it and continue processing.
** after the Dogtag NullPointerException gets fixed!
Part of: https://pagure.io/freeipa/issue/7964
b59c49351 (Armando Neto, 2 days ago)
Add Fedora 30 test definitions and bump template version
Signed-off-by: Armando Neto <abiagion(a)redhat.com>
```
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3216/head:pr3216
git checkout pr3216
URL: https://github.com/freeipa/freeipa/pull/3254
Author: flo-renaud
Title: #3254: ipatests: fix TestUserPermissions::test_selinux_user_optimized
Action: opened
PR body:
"""
This test requires SELinux and fails if selinux is disabled (because it's calling semanage login -l).
The vagrant images currently in use in the nightly tests are configured with selinux disabled. Add skipif marker when selinux is disabled.
Fixes: https://pagure.io/freeipa/issue/7974
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3254/head:pr3254
git checkout pr3254
URL: https://github.com/freeipa/freeipa/pull/3256
Author: rcritten
Title: #3256: [Backport][ipa-4-7] ipatests: fix test_backup_and_restore.py::TestBackupAndRestore
Action: opened
PR body:
"""
This PR was opened automatically because PR #3241 was pushed to master and backport to ipa-4-7 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3256/head:pr3256
git checkout pr3256
URL: https://github.com/freeipa/freeipa/pull/3260
Author: flo-renaud
Title: #3260: [Backport][ipa 4 6] ipatests: fix test_backup_and_restore.py::TestBackupAndRestore
Action: opened
PR body:
"""
This is a manual backport of PR #3241 to ipa-4-6 and supersedes PR #3257.
Commit "Refactor tasks to include is_selinux_enabled" was also cherry-picked because the backport needs the tasks function "is_selinux_enabled".
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3260/head:pr3260
git checkout pr3260
URL: https://github.com/freeipa/freeipa/pull/3257
Author: rcritten
Title: #3257: [Backport][ipa-4-6] ipatests: fix test_backup_and_restore.py::TestBackupAndRestore
Action: opened
PR body:
"""
This PR was opened automatically because PR #3241 was pushed to master and backport to ipa-4-6 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3257/head:pr3257
git checkout pr3257