Preparing for FreeIPA 4.9.0 release candidate
by Alexander Bokovoy
Hi,
we are close to get FreeIPA 4.9.0 release candidate out.
Draft release notes: https://vda.li/drafts/freeipa-4.9.0-release-notes.html
They include difference between 4.8.10 and current git master. Note that
since many things were backported to 4.8 in separate commits that
referenced the same FreeIPA tickets, they appear in the release notes
too even though you might have seen them in release notes for FreeIPA
4.8 releases.
Currently, in nightly tests
https://github.com/freeipa-pr-ci2/freeipa/pull/525 we have 126
successful testsuites and 6 failures, out of which four have known
failures:
- test_adtrust_install, test_cert, test_ipahealthcheck_nodns_extca_file
failure already reported in FreeIPA#8533
- test_installation_TestInstallWithCA2 failure already reported in
FreeIPA#8477
- test_webui_general failure already reported in FreeIPA#8570
- test_webui_users failure already reported in FreeIPA#8569
The latter two issues will most likely be irrelevant for FreeIPA release
as they track behavior change in Fedora FAS plugin and we simply need to
install that plugin in a confined environment, to avoid overlapping with
our tests. FAS behavior is specific to Fedora/CentOS AAA deployment and
should not be a problem for anything else, it is simply a design choice
in FAS plugin.
This makes us down to two known and two not-yet-investigated failures.
On top of that we have a worrying behavior of the Azure CI with regards
to DNSSEC that waits for investigation.
One major part not exercised in the nightlies is an upgrade code.
My plan is to do FreeIPA 4.9.0 release candidate this week -- I planned
it to do last week but things slipped due to various failures and
load at other projects. I think for a release candidate this state is
quite good.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
1 year, 6 months
[freeipa PR#5290][opened] Improve PKI subsystem detection
by flo-renaud
URL: https://github.com/freeipa/freeipa/pull/5290
Author: flo-renaud
Title: #5290: Improve PKI subsystem detection
Action: opened
PR body:
"""
### Improve PKI subsystem detection
The dogtaginstance.is_installed() method currently relies on
the presence of the directory /var/lib/pki/pki-tomcat/{ca|kra},
even if it is empty.
An unwanted consequence is ipa-server-upgrade wrongly assuming the KRA
is installed and crashing when trying to upgrade a not-installed
component.
The fix relies on the command "pki-server subsystem-show {ca|kra}" to
detect if a subsystem is installed. The command does not require PKI
to be running (hence can be called anytime) and is delivered by
the pki-server package which is already required by ipa server pkg.
Fixes: https://pagure.io/freeipa/issue/8596
### ipatests: add test for PKI subsystem detection
Add a new upgrade test. Scenario:
- create an empty /var/lib/pki/pki-tomcat/kra directory
- call ipa-server-upgrade
With issue 8596, the upgrade fails because it assumes KRA is
installed. With the fix, ipa-server-upgrade completes successfully.
Related: https://pagure.io/freeipa/issue/8596
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5290/head:pr5290
git checkout pr5290
1 year, 6 months
[freeipa PR#5279][opened] freeipa.spec.in: unify spec files across upstream RHEL, and Fedora
by abbra
URL: https://github.com/freeipa/freeipa/pull/5279
Author: abbra
Title: #5279: freeipa.spec.in: unify spec files across upstream RHEL, and Fedora
Action: opened
PR body:
"""
In order to reduce maintenance burden and to be able to use automatic
build tools, bring up the differences between RPM spec files in
upstream, RHEL, and Fedora to a minimum.
This gives us an opportunity to:
- start using proper conditional macros (%bcond_with/%bcond_without)
- remove old cruft where Fedora 31+ and RHEL8+ are already the same
- remove Group lines which already deprecated in Fedora packaging
policy
- remove buildroot cleanup
- support release candidate designations: mostly affects downstreams but
it is better to have macro support in the common spec file
Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5279/head:pr5279
git checkout pr5279
1 year, 6 months
