November 2020 - FreeIPA-devel - Fedora mailing-lists

[freeipa PR#5253][opened] ipatests: Test for IPATrustControllerPrincipalCheck
by menonsudhir 06 Jan '21

06 Jan '21

URL: https://github.com/freeipa/freeipa/pull/5253 Author: menonsudhir Title: #5253: ipatests: Test for IPATrustControllerPrincipalCheck Action: opened PR body: """ This testcase checks when trust between IPA-AD is established successfully, IPATrustControllerPrincipalCheck displays result as SUCCESS """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5253/head:pr5253 git checkout pr5253

2 1

[freeipa PR#5288][opened] ipa-kdb: handle dates up to 2106-01-01 00:00
by ptrNine 18 Dec '20

18 Dec '20

URL: https://github.com/freeipa/freeipa/pull/5288 Author: ptrNine Title: #5288: ipa-kdb: handle dates up to 2106-01-01 00:00 Action: opened PR body: """ krb5 uses negative part of `krb5_timestamp` to store time values after 2038 https://k5wiki.kerberos.org/wiki/Projects/Timestamps_after_2038 In other words, krb5 uses `krb5_timestamp` (signed int) with unsigned arithmetic for expanding of the timestamp time range. This commit: - adds some helper functions for working with `krb5_timestamp` as unsigned (actually copied from the link above) - replaces operations with `krb5_timestamp`'s by these new functions - sets `IPAPWD_END_OF_TIME` to `4291747200L` (1 Jan 2106, 00:00 GMT) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5288/head:pr5288 git checkout pr5288

2 1

[freeipa PR#5302][opened] Allow leading/trailing whitespaces in passwords
by antoniotorresm 18 Dec '20

18 Dec '20

URL: https://github.com/freeipa/freeipa/pull/5302 Author: antoniotorresm Title: #5302: Allow leading/trailing whitespaces in passwords Action: opened PR body: """ Since PR #4709 was stale and closed, this PR fixes the issue taking into account comments from that PR. kwargs is redefined to Data.kwargs, which doesn't contain the restriction of no leading/trailing whitespaces from the Str class. Fixes: https://pagure.io/freeipa/issue/7599 Signed-off-by: Antonio Torres Moríñigo <atorresm(a)protonmail.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5302/head:pr5302 git checkout pr5302

2 1

Preparing for FreeIPA 4.9.0 release candidate
by Alexander Bokovoy 17 Dec '20

17 Dec '20

Hi, we are close to get FreeIPA 4.9.0 release candidate out. Draft release notes: https://vda.li/drafts/freeipa-4.9.0-release-notes.html They include difference between 4.8.10 and current git master. Note that since many things were backported to 4.8 in separate commits that referenced the same FreeIPA tickets, they appear in the release notes too even though you might have seen them in release notes for FreeIPA 4.8 releases. Currently, in nightly tests https://github.com/freeipa-pr-ci2/freeipa/pull/525 we have 126 successful testsuites and 6 failures, out of which four have known failures: - test_adtrust_install, test_cert, test_ipahealthcheck_nodns_extca_file failure already reported in FreeIPA#8533 - test_installation_TestInstallWithCA2 failure already reported in FreeIPA#8477 - test_webui_general failure already reported in FreeIPA#8570 - test_webui_users failure already reported in FreeIPA#8569 The latter two issues will most likely be irrelevant for FreeIPA release as they track behavior change in Fedora FAS plugin and we simply need to install that plugin in a confined environment, to avoid overlapping with our tests. FAS behavior is specific to Fedora/CentOS AAA deployment and should not be a problem for anything else, it is simply a design choice in FAS plugin. This makes us down to two known and two not-yet-investigated failures. On top of that we have a worrying behavior of the Azure CI with regards to DNSSEC that waits for investigation. One major part not exercised in the nightlies is an upgrade code. My plan is to do FreeIPA 4.9.0 release candidate this week -- I planned it to do last week but things slipped due to various failures and load at other projects. I think for a release candidate this state is quite good. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland

4 14

[freeipa PR#5228][opened] ipatests: Test for IPATrustDomainsCheck with external trust to AD
by menonsudhir 15 Dec '20

15 Dec '20

URL: https://github.com/freeipa/freeipa/pull/5228 Author: menonsudhir Title: #5228: ipatests: Test for IPATrustDomainsCheck with external trust to AD Action: opened PR body: """ This testcase checks that when external trust is configured between IPA and AD subdomain, IPATrustDomainsCheck doesnot display ERROR. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5228/head:pr5228 git checkout pr5228

2 1

[freeipa PR#5196][opened] ipatests: invoke JRE with -Djava.security.debug=access:failure
by fcami 10 Dec '20

10 Dec '20

URL: https://github.com/freeipa/freeipa/pull/5196 Author: fcami Title: #5196: ipatests: invoke JRE with -Djava.security.debug=access:failure Action: opened PR body: """ ipatests: invoke JRE with -Djava.security.debug=access:failure DO NOT MERGE. https://github.com/dogtagpki/pki/issues/3299 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5196/head:pr5196 git checkout pr5196

1 1

[freeipa PR#5290][opened] Improve PKI subsystem detection
by flo-renaud 09 Dec '20

09 Dec '20

URL: https://github.com/freeipa/freeipa/pull/5290 Author: flo-renaud Title: #5290: Improve PKI subsystem detection Action: opened PR body: """ ### Improve PKI subsystem detection The dogtaginstance.is_installed() method currently relies on the presence of the directory /var/lib/pki/pki-tomcat/{ca|kra}, even if it is empty. An unwanted consequence is ipa-server-upgrade wrongly assuming the KRA is installed and crashing when trying to upgrade a not-installed component. The fix relies on the command "pki-server subsystem-show {ca|kra}" to detect if a subsystem is installed. The command does not require PKI to be running (hence can be called anytime) and is delivered by the pki-server package which is already required by ipa server pkg. Fixes: https://pagure.io/freeipa/issue/8596 ### ipatests: add test for PKI subsystem detection Add a new upgrade test. Scenario: - create an empty /var/lib/pki/pki-tomcat/kra directory - call ipa-server-upgrade With issue 8596, the upgrade fails because it assumes KRA is installed. With the fix, ipa-server-upgrade completes successfully. Related: https://pagure.io/freeipa/issue/8596 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5290/head:pr5290 git checkout pr5290

1 1

[freeipa PR#5306][opened] ipatests: Enable httpd_can_network_connect for mod_md test
by rcritten 03 Dec '20

03 Dec '20

URL: https://github.com/freeipa/freeipa/pull/5306 Author: rcritten Title: #5306: ipatests: Enable httpd_can_network_connect for mod_md test Action: opened PR body: """ This is required because the test runs a local Apache instance. https://pagure.io/freeipa/issue/8514 Signed-off-by: Rob Crittenden <rcritten(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5306/head:pr5306 git checkout pr5306

1 1

[freeipa PR#5307][opened] Generate a unique cache for each connection
by rcritten 03 Dec '20

03 Dec '20

URL: https://github.com/freeipa/freeipa/pull/5307 Author: rcritten Title: #5307: Generate a unique cache for each connection Action: opened PR body: """ Generate a unique cache for each connection Rather than having a shared ccache per user, configure mod_auth_gssapi to create a unique one. This requires cleanup to remove expired caches. A new script is added, ipa-ccache-sweeper to do this. It will be invoked by a new service, ipa-ccache-sweep, which will be executed every 12 hours by an equally-named timer. https://pagure.io/freeipa/issue/8589 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5307/head:pr5307 git checkout pr5307

1 1

[freeipa PR#5279][opened] freeipa.spec.in: unify spec files across upstream RHEL, and Fedora
by abbra 03 Dec '20

03 Dec '20

URL: https://github.com/freeipa/freeipa/pull/5279 Author: abbra Title: #5279: freeipa.spec.in: unify spec files across upstream RHEL, and Fedora Action: opened PR body: """ In order to reduce maintenance burden and to be able to use automatic build tools, bring up the differences between RPM spec files in upstream, RHEL, and Fedora to a minimum. This gives us an opportunity to: - start using proper conditional macros (%bcond_with/%bcond_without) - remove old cruft where Fedora 31+ and RHEL8+ are already the same - remove Group lines which already deprecated in Fedora packaging policy - remove buildroot cleanup - support release candidate designations: mostly affects downstreams but it is better to have macro support in the common spec file Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5279/head:pr5279 git checkout pr5279

2 1

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel November 2020