[freeipa PR#3077][opened] Backport FTBS fixes to iap-4-7
by abbra
URL: https://github.com/freeipa/freeipa/pull/3077
Author: abbra
Title: #3077: Backport FTBS fixes to iap-4-7
Action: opened
PR body:
"""
As requested by @tjaalton and also required for Fedora, backport Samba talloc_stackframe.h changes to ipa-4-7 branch.
Recent Samba versions removed some header files which did include
non-public APIs. As a result talloc_strackframe.h and memory.h (for
SAFE_FREE) are not available anymore. This patch replaces the use of the
non-public APIs with public ones.
Resolves: rhbz#1678670
Reviewed-By: Alexander Bokovoy <abokovoy(a)redhat.com>
Reviewed-By: Rob Crittenden <rcritten(a)redhat.com>
Reviewed-By: François Cami <fcami(a)redhat.com>
(cherry picked from commit d1f5ed64e16d65b9df45cc0eac7d2724dcae7b67)
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3077/head:pr3077
git checkout pr3077
4 years, 12 months
[freeipa PR#3066][opened] Check have packages for extra features been installed before restoring backup
by xxblx
URL: https://github.com/freeipa/freeipa/pull/3066
Author: xxblx
Title: #3066: Check have packages for extra features been installed before restoring backup
Action: opened
PR body:
"""
Check have packages for extra features been installed before restoring backup
`iparestore --full` should check that packages for extra features such as dns and adtrust are installed in the system before restoring a backup in case the backup includes content for these features. If the packages are not installed full backup should be refused and an error message with suggestions should be showed.
If corresponding packages for these features are not installed before the backup restoring, it may cause a situation when the packages are going to be installed after the restoring. In that case configuration files restored by `ipa-restore` will be replaced by default configuration files if the files are tracked by `rpm`. E.g. if `freeipa-server-trust-ad` is not installed before `ipa-restore --full` running, when the package will be installed it also will bring `samba` package according to the dependencies. At `samba` installation step exist correct `/etc/samba/smb.conf` is going to be replaced by the default one from the `samba` package.
Fixes: https://pagure.io/freeipa/issue/7630
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3066/head:pr3066
git checkout pr3066
5 years
[freeipa PR#3063][opened] Globally disable softhsm2 in p11-kit-proxy
by tiran
URL: https://github.com/freeipa/freeipa/pull/3063
Author: tiran
Title: #3063: Globally disable softhsm2 in p11-kit-proxy
Action: opened
PR body:
"""
The p11-kit configuration injects p11-kit-proxy into all NSS databases.
Amongst other p11-kit loads SoftHSM2 PKCS#11 provider. This interferes
with 389-DS, certmonger, Dogtag and other services. For example certmonger
tries to open OpenDNSSEC's SoftHSM2 token, although it doesn't use it at
all. It also breaks Dogtag HSM support testing with SoftHSM2.
IPA server does neither need nor use SoftHSM2 proxied by p11-kit.
Related: pagure.io/freeipa/issue/7810
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3063/head:pr3063
git checkout pr3063
5 years