URL: https://github.com/freeipa/freeipa/pull/4424
Author: abbra
Title: #4424: [Backport][ipa-4-6] Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1
Action: opened
PR body:
"""
This PR was opened automatically because PR #4413 was pushed to master and backport to ipa-4-6 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4424/head:pr4424
git checkout pr4424
Hi,
this is mostly a message to all kind people who help us to localize
FreeIPA interfaces. Fedora Project decided to switch from Zanata to
Weblate for their translation project. This means we are asked to
migrate from Zanata server too.
As of yesterday, we made the last cut of content from the Zanata server
and I submitted an update to FreeIPA that includes those changes.
Unfortunately, there were updates in the set of strings translated in
FreeIPA itself which made some of the translations invalid and I had to
drop them.
This effort is tracked in https://pagure.io/freeipa/issue/8159
Pull request with translations is at https://github.com/freeipa/freeipa/pull/4419
Once the pull request accepted, we'll proceed with weblate project
setup. I'll send another notification once that is done. More details on
how to work with Weblate are available in the original description of
https://github.com/freeipa/freeipa/pull/4419
The turnaround of updates should improve. Weblate will be automatically
opening a pull request against FreeIPA on github once in a while for a
group of edits accepted by the project. So we should see translations
coming faster to the upstream tree.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
URL: https://github.com/freeipa/freeipa/pull/4158
Author: tiran
Title: #4158: Add pytest OpenSSH transport with password
Action: opened
PR body:
"""
The pytest_multihost transport does not provide password-based
authentication for OpenSSH transport. The OpenSSH command line tool has
no API to pass in a password securely.
The patch implements a custom transport that uses sshpass hack. It is
not recommended for production but good enough for testing.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4158/head:pr4158
git checkout pr4158
URL: https://github.com/freeipa/freeipa/pull/4418
Author: vmojzis
Title: #4418: selinux: disable ipa_custodia when installing custom policy
Action: opened
PR body:
"""
Since ipa_custodia got integrated into ipa policy package, the upstream policy
module needs to be disabled before ipa module installation (in order to be able
to make changes to the ipa_custodia policy definitions).
Upstream ipa module gets overridden automatically because of higher priority of
the custom module, but there is no mechanism to automatically disable
ipa_custodia.
Related: https://pagure.io/freeipa/issue/6891
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4418/head:pr4418
git checkout pr4418
URL: https://github.com/freeipa/freeipa/pull/2106
Author: abbra
Title: #2106: ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
Action: opened
PR body:
"""
Password changes performed by cn=Directory Manager are excluded from
password policy checks according to [1]. This is correctly handled by
ipa-pwd-extop in case of a normal Kerberos principal in IPA. However,
non-kerberos accounts were not excluded from the check.
As result, password updates for PKI CA admin account in o=ipaca were
failing if a password policy does not allow a password reuse. We are
re-setting the password for PKI CA admin in ipa-replica-prepare in case
the original directory manager's password was updated since creation of
`cacert.p12`.
Do password policy check for non-Kerberos accounts only if it was set by
a regular user or admin. Changes performed by a cn=Directory Manager and
passsync managers should be excluded from the policy check.
Fixes: https://pagure.io/freeipa/issue/7181
Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com>
[1] https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/h…
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2106/head:pr2106
git checkout pr2106
URL: https://github.com/freeipa/freeipa/pull/4412
Author: flo-renaud
Title: #4412: [Backport][ipa-4-7] ipatests: wait for SSSD to become online in backup/restore tests
Action: opened
PR body:
"""
Manual backport of PR #4383 to ipa-4-7 branch.
There was a conflict on ipatests/pytest_ipa/integration/tasks.py because the file contains a additional methods on the master branch, that are not needed in this PR.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4412/head:pr4412
git checkout pr4412