URL: https://github.com/freeipa/freeipa/pull/5303
Author: flo-renaud
Title: #5303: ipatests: fix TestTrust::test_subordinate_suffix
Action: opened
PR body:
"""
The test test_subordinate_suffix is failing when configuring the DNS
for the trust, because the dnsforwardzone already exists. It was
configured during the previous test for nonposix trust.
At the end of the tests for nonposix trust, unconfigure the DNS
and the trust before calling the subordinate_suffix test, and add
a test cleaning up subordinate_suffix test.
Fixes: https://pagure.io/freeipa/issue/8601
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5303/head:pr5303
git checkout pr5303
URL: https://github.com/freeipa/freeipa/pull/5305
Author: rcritten
Title: #5305: Add IPA RA Agent to ACME group on the CA
Action: opened
PR body:
"""
Add IPA RA Agent to ACME group on the CA
Move the addition of the RA agent to the ACME Enterprise Users
group into setup_acme() so it is also added on upgrades.
This allows ipa-acme-manage to authenticate to the CA REST
API using the RA Agent credentials.
https://pagure.io/freeipa/issue/8603
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5305/head:pr5305
git checkout pr5305
URL: https://github.com/freeipa/freeipa/pull/5294
Author: rcritten
Title: #5294: Allow Apache to answer to ipa-ca requests without a redirect
Action: opened
PR body:
"""
Allow Apache to answer to ipa-ca requests without a redirect
Any request other than the FQDN is redirected with a permanent
move (301). Allowing ipa-ca as a valid name saves a round-trip.
This is only allowed on /ca, /kra, /pki, /acme and /ipa/crl.
https://pagure.io/freeipa/issue/8595
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5294/head:pr5294
git checkout pr5294
URL: https://github.com/freeipa/freeipa/pull/5199
Author: rcritten
Title: #5199: Change KRA profiles in certmonger tracking so they can renew
Action: opened
PR body:
"""
Change KRA profiles in certmonger tracking so they can renew
Internal profiles were assigned which prevented rewewals.
dogtag is providing a new profile for the audit signing cert,
caAuditSigningCert.
There are existing profiles for the transport (caTransportCert)
and storage (caStorageCert) certificates.
https://pagure.io/freeipa/issue/8545
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
**NOTE**: This is WIP because the necessary profile is only in the pki nightly repo. We want this backported to other supported IPA branches but they may be delayed depending on when pki builds are available.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5199/head:pr5199
git checkout pr5199
URL: https://github.com/freeipa/freeipa/pull/3275
Author: marcus2376
Title: #3275: Issue 7975 - Accept 389-ds JSON replication status messages
Action: opened
PR body:
"""
Description:
389-ds now stores a replication agreement status message in a JSON string in a new attribute:
replicaLastInitStatusJSON
replicaLastUpdateStatusJSON
The original status attributes' values are not changing at this time, but there are plans to do so eventually as the old status format is confusing.
http://www.port389.org/docs/389ds/design/repl-agmt-status-design.htmlhttps://pagure.io/freeipa/issue/7975
Reviewed by: ?
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3275/head:pr3275
git checkout pr3275
URL: https://github.com/freeipa/freeipa/pull/5304
Author: flo-renaud
Title: #5304: [Backport][ipa-4-9] Always define the path DNSSEC_OPENSSL_CONF
Action: opened
PR body:
"""
This PR was opened automatically because PR #5292 was pushed to master and backport to ipa-4-9 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5304/head:pr5304
git checkout pr5304
URL: https://github.com/freeipa/freeipa/pull/5292
Author: flo-renaud
Title: #5292: Always define the path DNSSEC_OPENSSL_CONF
Action: opened
PR body:
"""
The variable was None by default and set to /etc/ipa/dnssec/openssl.cnf
for fedora only because the code is specific to the support of pkcs11
engine for bind. As a consequence ipa-backup had a "None" value in the
list of files to backup and failed on Exception.
ipa-backup code is able to handle missing files, and the code using
the pkcs11 engine is called only when NAMED_OPENSSL_ENGINE is set
(only in fedora so far). It is safe to always define a value for
DNSSEC_OPENSSL_CONF even on os where it does not exist.
Fixes: https://pagure.io/freeipa/issue/8597
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5292/head:pr5292
git checkout pr5292