URL: https://github.com/freeipa/freeipa/pull/5253
Author: menonsudhir
Title: #5253: ipatests: Test for IPATrustControllerPrincipalCheck
Action: opened
PR body:
"""
This testcase checks when trust between IPA-AD is established successfully,
IPATrustControllerPrincipalCheck displays result as SUCCESS
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5253/head:pr5253
git checkout pr5253
URL: https://github.com/freeipa/freeipa/pull/5288
Author: ptrNine
Title: #5288: ipa-kdb: handle dates up to 2106-01-01 00:00
Action: opened
PR body:
"""
krb5 uses negative part of `krb5_timestamp` to store time values after 2038
https://k5wiki.kerberos.org/wiki/Projects/Timestamps_after_2038
In other words, krb5 uses `krb5_timestamp` (signed int) with unsigned arithmetic for expanding of the timestamp time range.
This commit:
- adds some helper functions for working with `krb5_timestamp` as unsigned (actually copied from the link above)
- replaces operations with `krb5_timestamp`'s by these new functions
- sets `IPAPWD_END_OF_TIME` to `4291747200L` (1 Jan 2106, 00:00 GMT)
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5288/head:pr5288
git checkout pr5288
URL: https://github.com/freeipa/freeipa/pull/5302
Author: antoniotorresm
Title: #5302: Allow leading/trailing whitespaces in passwords
Action: opened
PR body:
"""
Since PR #4709 was stale and closed, this PR fixes the issue taking into account comments from that PR.
kwargs is redefined to Data.kwargs, which doesn't contain the restriction of no leading/trailing whitespaces from the Str class.
Fixes: https://pagure.io/freeipa/issue/7599
Signed-off-by: Antonio Torres Moríñigo <atorresm(a)protonmail.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5302/head:pr5302
git checkout pr5302
Hi,
we are close to get FreeIPA 4.9.0 release candidate out.
Draft release notes: https://vda.li/drafts/freeipa-4.9.0-release-notes.html
They include difference between 4.8.10 and current git master. Note that
since many things were backported to 4.8 in separate commits that
referenced the same FreeIPA tickets, they appear in the release notes
too even though you might have seen them in release notes for FreeIPA
4.8 releases.
Currently, in nightly tests
https://github.com/freeipa-pr-ci2/freeipa/pull/525 we have 126
successful testsuites and 6 failures, out of which four have known
failures:
- test_adtrust_install, test_cert, test_ipahealthcheck_nodns_extca_file
failure already reported in FreeIPA#8533
- test_installation_TestInstallWithCA2 failure already reported in
FreeIPA#8477
- test_webui_general failure already reported in FreeIPA#8570
- test_webui_users failure already reported in FreeIPA#8569
The latter two issues will most likely be irrelevant for FreeIPA release
as they track behavior change in Fedora FAS plugin and we simply need to
install that plugin in a confined environment, to avoid overlapping with
our tests. FAS behavior is specific to Fedora/CentOS AAA deployment and
should not be a problem for anything else, it is simply a design choice
in FAS plugin.
This makes us down to two known and two not-yet-investigated failures.
On top of that we have a worrying behavior of the Azure CI with regards
to DNSSEC that waits for investigation.
One major part not exercised in the nightlies is an upgrade code.
My plan is to do FreeIPA 4.9.0 release candidate this week -- I planned
it to do last week but things slipped due to various failures and
load at other projects. I think for a release candidate this state is
quite good.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
URL: https://github.com/freeipa/freeipa/pull/5228
Author: menonsudhir
Title: #5228: ipatests: Test for IPATrustDomainsCheck with external trust to AD
Action: opened
PR body:
"""
This testcase checks that when external trust is configured between IPA and AD subdomain, IPATrustDomainsCheck
doesnot display ERROR.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5228/head:pr5228
git checkout pr5228
URL: https://github.com/freeipa/freeipa/pull/5290
Author: flo-renaud
Title: #5290: Improve PKI subsystem detection
Action: opened
PR body:
"""
### Improve PKI subsystem detection
The dogtaginstance.is_installed() method currently relies on
the presence of the directory /var/lib/pki/pki-tomcat/{ca|kra},
even if it is empty.
An unwanted consequence is ipa-server-upgrade wrongly assuming the KRA
is installed and crashing when trying to upgrade a not-installed
component.
The fix relies on the command "pki-server subsystem-show {ca|kra}" to
detect if a subsystem is installed. The command does not require PKI
to be running (hence can be called anytime) and is delivered by
the pki-server package which is already required by ipa server pkg.
Fixes: https://pagure.io/freeipa/issue/8596
### ipatests: add test for PKI subsystem detection
Add a new upgrade test. Scenario:
- create an empty /var/lib/pki/pki-tomcat/kra directory
- call ipa-server-upgrade
With issue 8596, the upgrade fails because it assumes KRA is
installed. With the fix, ipa-server-upgrade completes successfully.
Related: https://pagure.io/freeipa/issue/8596
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5290/head:pr5290
git checkout pr5290
URL: https://github.com/freeipa/freeipa/pull/5306
Author: rcritten
Title: #5306: ipatests: Enable httpd_can_network_connect for mod_md test
Action: opened
PR body:
"""
This is required because the test runs a local Apache instance.
https://pagure.io/freeipa/issue/8514
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5306/head:pr5306
git checkout pr5306
URL: https://github.com/freeipa/freeipa/pull/5307
Author: rcritten
Title: #5307: Generate a unique cache for each connection
Action: opened
PR body:
"""
Generate a unique cache for each connection
Rather than having a shared ccache per user, configure
mod_auth_gssapi to create a unique one. This requires cleanup
to remove expired caches. A new script is added,
ipa-ccache-sweeper to do this. It will be invoked by a
new service, ipa-ccache-sweep, which will be executed every
12 hours by an equally-named timer.
https://pagure.io/freeipa/issue/8589
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5307/head:pr5307
git checkout pr5307
URL: https://github.com/freeipa/freeipa/pull/5279
Author: abbra
Title: #5279: freeipa.spec.in: unify spec files across upstream RHEL, and Fedora
Action: opened
PR body:
"""
In order to reduce maintenance burden and to be able to use automatic
build tools, bring up the differences between RPM spec files in
upstream, RHEL, and Fedora to a minimum.
This gives us an opportunity to:
- start using proper conditional macros (%bcond_with/%bcond_without)
- remove old cruft where Fedora 31+ and RHEL8+ are already the same
- remove Group lines which already deprecated in Fedora packaging
policy
- remove buildroot cleanup
- support release candidate designations: mostly affects downstreams but
it is better to have macro support in the common spec file
Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5279/head:pr5279
git checkout pr5279