November 2020 - FreeIPA-devel - Fedora Mailing-Lists

[freeipa PR#5228][opened] ipatests: Test for IPATrustDomainsCheck with external trust to AD

by menonsudhir

URL: https://github.com/freeipa/freeipa/pull/5228 Author: menonsudhir Title: #5228: ipatests: Test for IPATrustDomainsCheck with external trust to AD Action: opened PR body: """ This testcase checks that when external trust is configured between IPA and AD subdomain, IPATrustDomainsCheck doesnot display ERROR. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5228/head:pr5228 git checkout pr5228

2 months, 2 weeks

2
1
0 / 0

[freeipa PR#5196][opened] ipatests: invoke JRE with -Djava.security.debug=access:failure

by fcami

URL: https://github.com/freeipa/freeipa/pull/5196 Author: fcami Title: #5196: ipatests: invoke JRE with -Djava.security.debug=access:failure Action: opened PR body: """ ipatests: invoke JRE with -Djava.security.debug=access:failure DO NOT MERGE. https://github.com/dogtagpki/pki/issues/3299 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5196/head:pr5196 git checkout pr5196

2 months, 3 weeks

1
1
0 / 0

[freeipa PR#5290][opened] Improve PKI subsystem detection

by flo-renaud

URL: https://github.com/freeipa/freeipa/pull/5290 Author: flo-renaud Title: #5290: Improve PKI subsystem detection Action: opened PR body: """ ### Improve PKI subsystem detection The dogtaginstance.is_installed() method currently relies on the presence of the directory /var/lib/pki/pki-tomcat/{ca|kra}, even if it is empty. An unwanted consequence is ipa-server-upgrade wrongly assuming the KRA is installed and crashing when trying to upgrade a not-installed component. The fix relies on the command "pki-server subsystem-show {ca|kra}" to detect if a subsystem is installed. The command does not require PKI to be running (hence can be called anytime) and is delivered by the pki-server package which is already required by ipa server pkg. Fixes: https://pagure.io/freeipa/issue/8596 ### ipatests: add test for PKI subsystem detection Add a new upgrade test. Scenario: - create an empty /var/lib/pki/pki-tomcat/kra directory - call ipa-server-upgrade With issue 8596, the upgrade fails because it assumes KRA is installed. With the fix, ipa-server-upgrade completes successfully. Related: https://pagure.io/freeipa/issue/8596 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5290/head:pr5290 git checkout pr5290

2 months, 3 weeks

1
1
0 / 0

[freeipa PR#5306][opened] ipatests: Enable httpd_can_network_connect for mod_md test

by rcritten

URL: https://github.com/freeipa/freeipa/pull/5306 Author: rcritten Title: #5306: ipatests: Enable httpd_can_network_connect for mod_md test Action: opened PR body: """ This is required because the test runs a local Apache instance. https://pagure.io/freeipa/issue/8514 Signed-off-by: Rob Crittenden <rcritten(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5306/head:pr5306 git checkout pr5306

3 months

1
1
0 / 0

[freeipa PR#5307][opened] Generate a unique cache for each connection

by rcritten

URL: https://github.com/freeipa/freeipa/pull/5307 Author: rcritten Title: #5307: Generate a unique cache for each connection Action: opened PR body: """ Generate a unique cache for each connection Rather than having a shared ccache per user, configure mod_auth_gssapi to create a unique one. This requires cleanup to remove expired caches. A new script is added, ipa-ccache-sweeper to do this. It will be invoked by a new service, ipa-ccache-sweep, which will be executed every 12 hours by an equally-named timer. https://pagure.io/freeipa/issue/8589 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5307/head:pr5307 git checkout pr5307

3 months

1
1
0 / 0

[freeipa PR#5279][opened] freeipa.spec.in: unify spec files across upstream RHEL, and Fedora

by abbra

URL: https://github.com/freeipa/freeipa/pull/5279 Author: abbra Title: #5279: freeipa.spec.in: unify spec files across upstream RHEL, and Fedora Action: opened PR body: """ In order to reduce maintenance burden and to be able to use automatic build tools, bring up the differences between RPM spec files in upstream, RHEL, and Fedora to a minimum. This gives us an opportunity to: - start using proper conditional macros (%bcond_with/%bcond_without) - remove old cruft where Fedora 31+ and RHEL8+ are already the same - remove Group lines which already deprecated in Fedora packaging policy - remove buildroot cleanup - support release candidate designations: mostly affects downstreams but it is better to have macro support in the common spec file Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5279/head:pr5279 git checkout pr5279

3 months

2
1
0 / 0

[freeipa PR#5204][opened] Test with python-ldap 3.3.1

by tiran

URL: https://github.com/freeipa/freeipa/pull/5204 Author: tiran Title: #5204: Test with python-ldap 3.3.1 Action: opened PR body: """ Signed-off-by: Christian Heimes <cheimes(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5204/head:pr5204 git checkout pr5204

3 months

1
1
0 / 0

[freeipa PR#5303][opened] ipatests: fix TestTrust::test_subordinate_suffix

by flo-renaud

URL: https://github.com/freeipa/freeipa/pull/5303 Author: flo-renaud Title: #5303: ipatests: fix TestTrust::test_subordinate_suffix Action: opened PR body: """ The test test_subordinate_suffix is failing when configuring the DNS for the trust, because the dnsforwardzone already exists. It was configured during the previous test for nonposix trust. At the end of the tests for nonposix trust, unconfigure the DNS and the trust before calling the subordinate_suffix test, and add a test cleaning up subordinate_suffix test. Fixes: https://pagure.io/freeipa/issue/8601 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5303/head:pr5303 git checkout pr5303

3 months

2
1
0 / 0

[freeipa PR#5305][opened] Add IPA RA Agent to ACME group on the CA

by rcritten

URL: https://github.com/freeipa/freeipa/pull/5305 Author: rcritten Title: #5305: Add IPA RA Agent to ACME group on the CA Action: opened PR body: """ Add IPA RA Agent to ACME group on the CA Move the addition of the RA agent to the ACME Enterprise Users group into setup_acme() so it is also added on upgrades. This allows ipa-acme-manage to authenticate to the CA REST API using the RA Agent credentials. https://pagure.io/freeipa/issue/8603 Signed-off-by: Rob Crittenden <rcritten(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5305/head:pr5305 git checkout pr5305

3 months

2
1
0 / 0

[freeipa PR#5294][opened] Allow Apache to answer to ipa-ca requests without a redirect

by rcritten

URL: https://github.com/freeipa/freeipa/pull/5294 Author: rcritten Title: #5294: Allow Apache to answer to ipa-ca requests without a redirect Action: opened PR body: """ Allow Apache to answer to ipa-ca requests without a redirect Any request other than the FQDN is redirected with a permanent move (301). Allowing ipa-ca as a valid name saves a round-trip. This is only allowed on /ca, /kra, /pki, /acme and /ipa/crl. https://pagure.io/freeipa/issue/8595 Signed-off-by: Rob Crittenden <rcritten(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5294/head:pr5294 git checkout pr5294

3 months

2
1
0 / 0

2021

2020

2019

2018

2017

FreeIPA-devel November 2020