URL: https://github.com/freeipa/freeipa/pull/945
Author: MartinBasti
Title: #945: DNS update: reduce timeout for CA records
Action: opened
PR body:
"""
Timeout 120 seconds is quite long and it makes uninstallation too long
for. Given that this is non critical operation and may be executed
manually later, waiting 120 seconds is too much. Usually waiting longer
will not help at all to resolve missing record.
30 seconds is long enough 🕯
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/945/head:pr945
git checkout pr945
URL: https://github.com/freeipa/freeipa/pull/988
Author: flo-renaud
Title: #988: component: Certificate renewal
Action: opened
PR body:
"""
Fix certificate renewal scripts that use IPACertificate object:
- dogtag-ipa-ca-renew-agent-submit must print the renewed cert
in the stdout for certmonger to pick it
- renew_ca_cert adds the C flag to the trust flags and needs to
be adapted to IPACertificate object
https://pagure.io/freeipa/issue/4985
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/988/head:pr988
git checkout pr988
URL: https://github.com/freeipa/freeipa/pull/993
Author: stlaz
Title: #993: certmonger: remove temporary workaround
Action: opened
PR body:
"""
During recent refactoring, a workaround was added to make it
possible for OpenSSL backend of python-cryptography to read PEM
certificates returned by dogtag-ipa-renew-agent-submit. This was
fixed in latest certmonger version.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/993/head:pr993
git checkout pr993
URL: https://github.com/freeipa/freeipa/pull/1008
Author: flo-renaud
Title: #1008: Fix ipa-server-upgrade: This entry already exists
Action: opened
PR body:
"""
ipa-server-upgrade fails when running the ipaload_cacrt plugin. The plugin
finds all CA certificates in /etc/httpd/alias and uploads them in LDAP
below cn=certificates,cn=ipa,cn=etc,$BASEDN.
The issue happens because there is already an entry in LDAP for IPA CA, but
with a different DN. The nickname in /etc/httpd/alias can differ from
$DOMAIN IPA CA.
To avoid the issue:
1/ during upgrade, run a new plugin that removes duplicates and restarts ldap
(to make sure that uniqueness attr plugin is working after the new plugin)
2/ modify upload_cacert plugin so that it is using $DOMAIN IPA CA instead of
cn=$nickname,cn=ipa,cn=etc,$BASEDN when uploading IPA CA.
https://pagure.io/freeipa/issue/7125
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1008/head:pr1008
git checkout pr1008
URL: https://github.com/freeipa/freeipa/pull/1009
Author: Rezney
Title: #1009: [4.5] - CAless - CAfull tests
Action: opened
PR body:
"""
This is separate PR for CAless - CAfull test suite as it was not possible to merge from original PR due to certificate generation refactoring.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1009/head:pr1009
git checkout pr1009
URL: https://github.com/freeipa/freeipa/pull/995
Author: frasertweedale
Title: #995: py3: handle bytes in schema response
Action: opened
PR body:
"""
If a server is running under py2 it could return a bytes value for
the 'topic_topic' field in the schema response. A py3 client fails
to handle this (in one place it applies 'str' to it, which raises
BytesWarning; in other places it tries to serialise the schema to
JSON which fails because of the bytes value).
Handle the case where 'topic_topic' is not unicode, and handle bytes
values when serialising the schema to JSON.
Part of: https://pagure.io/freeipa/issue/4985
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/995/head:pr995
git checkout pr995