October 2017 - FreeIPA-devel - Fedora Mailing-Lists

[freeipa PR#1147][opened] [tests] Misc. fix for tasks

by Akasurde

URL: https://github.com/freeipa/freeipa/pull/1147 Author: Akasurde Title: #1147: [tests] Misc. fix for tasks Action: opened PR body: """ This fix adds correct usage of host.hostname in logger. Signed-off-by: Abhijeet Kasurde <akasurde(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1147/head:pr1147 git checkout pr1147

6 years, 6 months

2
1
0 / 0

[freeipa PR#1161][opened] Block PyOpenSSL to prevent SELinux execmem in wsgi

by tiran

URL: https://github.com/freeipa/freeipa/pull/1161 Author: tiran Title: #1161: Block PyOpenSSL to prevent SELinux execmem in wsgi Action: opened PR body: """ Some dependencies like Dogtag's pki.client library and custodia use python-requsts to make HTTPS connection. python-requests prefers PyOpenSSL over Python's stdlib ssl module. PyOpenSSL is build on top of python-cryptography which trigger a execmem SELinux violation in the context of Apache HTTPD (httpd_execmem). When requests is imported, it always tries to import pyopenssl glue code from urllib3's contrib directory. The import of PyOpenSSL is enough to trigger the SELinux denial. Block any import of PyOpenSSL's SSL module in wsgi by raising an ImportError. The block is compatible with new python-requests with unbundled urllib3, too. Fixes: https://pagure.io/freeipa/issue/5442 Fixes: RHBZ#1491508 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1161/head:pr1161 git checkout pr1161

6 years, 6 months

2
1
0 / 0

[freeipa PR#1160][opened] Block PyOpenSSL to prevent SELinux execmem in wsgi

by tiran

URL: https://github.com/freeipa/freeipa/pull/1160 Author: tiran Title: #1160: Block PyOpenSSL to prevent SELinux execmem in wsgi Action: opened PR body: """ Some dependencies like Dogtag's pki.client library and custodia use python-requsts to make HTTPS connection. python-requests prefers PyOpenSSL over Python's stdlib ssl module. PyOpenSSL is build on top of python-cryptography which trigger a execmem SELinux violation in the context of Apache HTTPD (httpd_execmem). When requests is imported, it always tries to import pyopenssl glue code from urllib3's contrib directory. The import of PyOpenSSL is enough to trigger the SELinux denial. Block any import of PyOpenSSL's SSL module in wsgi by raising an ImportError. The block is compatible with new python-requests with unbundled urllib3, too. Fixes: https://pagure.io/freeipa/issue/5442 Fixes: RHBZ#1491508 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1160/head:pr1160 git checkout pr1160

6 years, 6 months

2
1
0 / 0

[freeipa PR#1158][opened] Block PyOpenSSL to prevent SELinux execmem in wsgi

by tiran

URL: https://github.com/freeipa/freeipa/pull/1158 Author: tiran Title: #1158: Block PyOpenSSL to prevent SELinux execmem in wsgi Action: opened PR body: """ Some dependencies like Dogtag's pki.client library and custodia use python-requsts to make HTTPS connection. python-requests prefers PyOpenSSL over Python's stdlib ssl module. PyOpenSSL is build on top of python-cryptography which trigger a execmem SELinux violation in the context of Apache HTTPD (httpd_execmem). When requests is imported, it always tries to import pyopenssl glue code from urllib3's contrib directory. The import of PyOpenSSL is enough to trigger the SELinux denial. Block any import of PyOpenSSL's SSL module in wsgi by raising an ImportError. The block is compatible with new python-requests with unbundled urllib3, too. Fixes: FreeIPA #5442 Fixes: RHBZ#1491508 Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1158/head:pr1158 git checkout pr1158

6 years, 6 months

2
1
0 / 0

[freeipa PR#1169][opened] [Backport][ipa-4-5] Less confusing message for PKINIT configuration during install

by slaykovsky

URL: https://github.com/freeipa/freeipa/pull/1169 Author: slaykovsky Title: #1169: [Backport][ipa-4-5] Less confusing message for PKINIT configuration during install Action: opened PR body: """ The message about an error during replica setup was causing the users to think the installation gone wrong even though this was an expected behavior when ipa-replica-install was ran without --no-pkinit flag and CA somehow is not reachable which defines that there is something wrong in a topology but does not lead to failure of the replica's installation. So now installation will not print error messages to stdout but rather will give a recomendation to user and write the old error message to log as a warning so it still will be easy to find if needed. https://pagure.io/freeipa/issue/7179 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1169/head:pr1169 git checkout pr1169

6 years, 6 months

2
1
0 / 0

[freeipa PR#1078][closed] Increase dbus client timeouts during CA install

by tomaskrizek

URL: https://github.com/freeipa/freeipa/pull/1078 Author: zultron Title: #1078: Increase dbus client timeouts during CA install Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1078/head:pr1078 git checkout pr1078

6 years, 6 months

1
0
0 / 0

[freeipa PR#1164][opened] [Backport][ipa-4-6] Use 389-ds provided method for file limits tuning

by Tiboris

URL: https://github.com/freeipa/freeipa/pull/1164 Author: Tiboris Title: #1164: [Backport][ipa-4-6] Use 389-ds provided method for file limits tuning Action: opened PR body: """ Previously IPA would set the LimitNOFILE value to 8192 to increase the number of concurrent clients. 389-ds-base does this by default as of 1.3.7.0. Remove the IPA-specific tuning and rely on the out-of-the-box 389-ds-base tuning. Bump the required version of 389-ds-base to 1.3.7.0. Any other tuning added by 389-ds-base will result in a dirsrv.systemd.rpmsave file which admins will need to merge in manually, like typical .rpmsave config changes. https://pagure.io/freeipa/issue/6994 Reviewed-By: Alexander Bokovoy <abokovoy(a)redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1164/head:pr1164 git checkout pr1164

6 years, 6 months

1
1
0 / 0

[freeipa PR#1163][opened] [Backport][ipa-4-6] Fixing internal error in param-{find, show}

by Tiboris

URL: https://github.com/freeipa/freeipa/pull/1163 Author: Tiboris Title: #1163: [Backport][ipa-4-6] Fixing internal error in param-{find,show} Action: opened PR body: """ This PR was opened automatically because PR #1033 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1163/head:pr1163 git checkout pr1163

6 years, 6 months

1
1
0 / 0

[freeipa PR#1159][opened] Backport 7151

by flo-renaud

URL: https://github.com/freeipa/freeipa/pull/1159 Author: flo-renaud Title: #1159: Backport 7151 Action: opened PR body: """ ipa-server-upgrade needs to configure certmonger with the right options in order to track PKI, HTTP and LDAP certs (for instance the RA agent cert location has changed from older releases). The upgrade code looks for existing tracking requests with the expected options by using criteria (location of the NSSDB, nickname, CA helper...) If a tracking request is not found, it means that it is either using wrong options or not configured. In this case, the upgrade stop tracking all the certs, reconfigures the helpers, starts tracking the certs so that the config is up-to-date. The issue is that the criteria is using the keyword 'ca' instead of 'ca-name' and this leads to upgrade believing that the config needs to be updated in all the cases. https://pagure.io/freeipa/issue/7151 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1159/head:pr1159 git checkout pr1159

6 years, 6 months

1
1
0 / 0

[freeipa PR#1166][opened] [Backport][ipa-4-6] kra-install: better warning message

by felipevolpone

URL: https://github.com/freeipa/freeipa/pull/1166 Author: felipevolpone Title: #1166: [Backport][ipa-4-6] kra-install: better warning message Action: opened PR body: """ This PR was opened automatically because PR #1162 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1166/head:pr1166 git checkout pr1166

6 years, 6 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel October 2017