May 2019 - FreeIPA-devel - Fedora Mailing-Lists

[freeipa PR#3156][opened] [4.7] Fix `build_requestinfo` in OpenSSL1.1.0+ environments

by tiran

URL: https://github.com/freeipa/freeipa/pull/3156 Author: tiran Title: #3156: [4.7] Fix `build_requestinfo` in OpenSSL1.1.0+ environments Action: opened PR body: """ Manual backport of OpenSSL and LibreSSL fixes to 4.7 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3156/head:pr3156 git checkout pr3156

4 years, 6 months

2
1
0 / 0

[freeipa PR#3209][opened] [ipa-4-7] Bump PR-CI template version

by netoarmando

URL: https://github.com/freeipa/freeipa/pull/3209 Author: netoarmando Title: #3209: [ipa-4-7] Bump PR-CI template version Action: opened PR body: """ - Upgrade template version required by new version of PR-CI. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3209/head:pr3209 git checkout pr3209

4 years, 6 months

1
1
0 / 0

[freeipa PR#3208][opened] [ipa-4-6] Bump PR-CI template version

by netoarmando

URL: https://github.com/freeipa/freeipa/pull/3208 Author: netoarmando Title: #3208: [ipa-4-6] Bump PR-CI template version Action: opened PR body: """ - Upgrade template version required by new version of PR-CI. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3208/head:pr3208 git checkout pr3208

4 years, 6 months

1
1
0 / 0

[freeipa PR#3167][opened] ipatests: new tests for establishing one-way AD trust with shared secret

by wladich

URL: https://github.com/freeipa/freeipa/pull/3167 Author: wladich Title: #3167: ipatests: new tests for establishing one-way AD trust with shared secret Action: opened PR body: """ #2926 Introduced support for new type of trust, adding tests for it Tests added for two scenarios: 1) adding one-way external trust, trust on Windows side is created using netdom utility. 2) adding one-way forest trust, trust on Windows side is created using powershell bindings to .Net functions Tests verify that specified trusts can be established, trust domains can be fetched and AD user data can be queried by IPA client. Relates: https://pagure.io/freeipa/issue/6077 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3167/head:pr3167 git checkout pr3167

4 years, 6 months

2
1
0 / 0

[freeipa PR#3136][opened] Add ipa-cert-fix tool

by frasertweedale

URL: https://github.com/freeipa/freeipa/pull/3136 Author: frasertweedale Title: #3136: Add ipa-cert-fix tool Action: opened PR body: """ Forward-port of https://github.com/freeipa/freeipa/pull/2919 to `master` branch. ``` da189c9cc (Fraser Tweedale, 3 days ago) require Dogtag 10.7.0-1 Dogtag 10.7 includes the 'pki-server cert-fix' enhancements required by ipa-cert-fix. Bump the dep min bound. Part of: https://pagure.io/freeipa/issue/7885 54e967095 (Fraser Tweedale, 6 weeks ago) ipa-cert-fix: use customary exit statuses It is customary to return 2 when IPA is not configured, and 1 when other required bits are not installed or configured. Update ipa-cert-fix exit statuses accordingly. Part of: https://pagure.io/freeipa/issue/7885 7a836fb8c (Fraser Tweedale, 7 weeks ago) ipa-cert-fix: add man page Part of: https://pagure.io/freeipa/issue/7885 6c023f265 (Fraser Tweedale, 7 weeks ago) Add ipa-cert-fix tool The ipa-cert-fix tool wraps `pki-server cert-fix`, performing additional certificate requests for non-Dogtag IPA certificates and performing additional actions. In particular: - Run cert-fix with arguments particular to the IPA deployment. - Update IPA RA certificate in the ipara user entry (if renewed). - Add shared certificates (if renewed) to the ca_renewal LDAP container for replication. - Become the CA renewal master if shared certificates were renewed. This ensures other CA replicas, including the previous CA renewal master if not the current host, pick up those new certificates when Certmonger attempts to renew them. Fixes: https://pagure.io/freeipa/issue/7885 3d1ff725e (Fraser Tweedale, 7 weeks ago) constants: add ca_renewal container Part of: https://pagure.io/freeipa/issue/7885 c956bc658 (Fraser Tweedale, 7 weeks ago) cainstance: add function to determine ca_renewal nickname The ipa-cert-fix program needs to know where to put shared certificates. Extract the logic that computes the nickname from dogtag-ipa-ca-renew-agent to new subroutine cainstance.get_ca_renewal_nickname(). Part of: https://pagure.io/freeipa/issue/7885 4f4c32cc6 (Fraser Tweedale, 7 weeks ago) Extract ca_renewal cert update subroutine When the CA renewal master renews certificates that are shared across CA replicas, it puts them in LDAP for the other CA replicas to see. The code to create/update these entries lives in the dogtag-ipa-ca-renew-agent renewal helper, but it will be useful for the ipa-cert-fix program too. Extract it to a subroutine in the cainstance module. Part of: https://pagure.io/freeipa/issue/7885 ``` """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3136/head:pr3136 git checkout pr3136

4 years, 6 months

1
1
0 / 0

[freeipa PR#3179][opened] [testing_f28] Nightly PR

by freeipa-pr-ci

URL: https://github.com/freeipa/freeipa/pull/3179 Author: freeipa-pr-ci Title: #3179: [testing_f28] Nightly PR Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3179/head:pr3179 git checkout pr3179

4 years, 6 months

1
1
0 / 0

[freeipa PR#3191][opened] ipatests: add integration test for ipa-replica-manage list

by flo-renaud

URL: https://github.com/freeipa/freeipa/pull/3191 Author: flo-renaud Title: #3191: ipatests: add integration test for ipa-replica-manage list Action: opened PR body: """ The command ipa-replica-manage list -v <node> can display: last init ended: 1970-01-01 00:00:00+00:00 last init status: None when called on a node that never had total update. The fix for 7716 modifies the command so that it doesn't print those lines when there is no last init status. This commit adds a new test checking the output of ipa-replica-manage list -v <node>. Related to: https://pagure.io/freeipa/issue/7716 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3191/head:pr3191 git checkout pr3191

4 years, 6 months

2
1
0 / 0

[freeipa PR#3198][opened] [Backport][ipa-4-7] ipatest : Test if ipactl restart restarts the pki-tomcatd properly

by flo-renaud

URL: https://github.com/freeipa/freeipa/pull/3198 Author: flo-renaud Title: #3198: [Backport][ipa-4-7] ipatest : Test if ipactl restart restarts the pki-tomcatd properly Action: opened PR body: """ This PR was opened automatically because PR #3166 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3198/head:pr3198 git checkout pr3198

4 years, 6 months

2
1
0 / 0

[freeipa PR#3195][opened] [Backport][ipa-4-7] Make `pycodestyle` results identical

by abbra

URL: https://github.com/freeipa/freeipa/pull/3195 Author: abbra Title: #3195: [Backport][ipa-4-7] Make `pycodestyle` results identical Action: opened PR body: """ This PR was opened automatically because PR #3192 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3195/head:pr3195 git checkout pr3195

4 years, 6 months

2
1
0 / 0

[freeipa PR#3200][opened] add test for external CA key size sanity check

by frasertweedale

URL: https://github.com/freeipa/freeipa/pull/3200 Author: frasertweedale Title: #3200: add test for external CA key size sanity check Action: opened PR body: """ We recently added validation of externally-signed CA certificate to ensure certificates signed by external CAs with too-small keys (according to system crypto policy) are rejected. Add an integration test that attempts to renew with a 1024-bit external CA, and asserts failure. (Manual backport to ipa-4-6 branch; cherry pick of f9b22283dd2160ec073e93df9b52ef6b47d6c335). Part of: https://pagure.io/freeipa/issue/7761 Reviewed-By: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3200/head:pr3200 git checkout pr3200

4 years, 6 months

2
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel May 2019