December 2020 - FreeIPA-devel - Fedora Mailing-Lists

FreeIPA 4.9.0 release candidate 3 released

by Alexander Bokovoy

The FreeIPA team would like to announce FreeIPA 4.9.0 release candidate 3! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora Rawhide will be available from the official repository soon. == Highlights in 4.9.0 No major changes since release candidate 2, only fixes to regressions found in Rawhide and RHEL 8.4 development builds. === Bug fixes FreeIPA 4.9.0 release candidate 3 is a stabilization release for the features delivered as a part of 4.9 version series. There are 6 bug-fixes since FreeIPA 4.9.0 release candidate 2 release. Details of the bug-fixes can be seen in the list of resolved tickets below. == Upgrading Upgrade instructions are available on Upgrade page. == Feedback Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...) or #freeipa channel on Freenode. == Resolved tickets * https://pagure.io/freeipa/issue/8595[#8595] Allow ipa-ca as a name for an IPA server * https://pagure.io/freeipa/issue/8596[#8596] (https://bugzilla.redhat.com/show_bug.cgi?id=1895197[rhbz#1895197]) improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find * https://pagure.io/freeipa/issue/8613[#8613] mod_auth_gssapi cannot create unique ccache as it runs under apache and not ipaapi * https://pagure.io/freeipa/issue/8615[#8615] ipa-rewrite.conf upgrade is failing due to missing variable definition * https://pagure.io/freeipa/issue/8616[#8616] xmlrpc tests test_user_plugin failure * https://pagure.io/freeipa/issue/8617[#8617] systemd: enforce en_US.UTF-8 locale in systemd units == Detailed changelog since 4.9.0rc2 === Alexander Bokovoy (6) * Become FreeIPA 4.9.0rc3 https://pagure.io/freeipa/c/502d29107a458717b4ae1b3f7b17fb1159e3a135[commit] * systemd: enforce en_US.UTF-8 locale in systemd units https://pagure.io/freeipa/c/184997e85d03c30a34fbe268d1e9f39206178a1e[commit] https://pagure.io/freeipa/issue/8617[#8617] * upgrade: provide DOMAIN to the server upgrade dictionary https://pagure.io/freeipa/c/cc51feb106d6dee655c55adb802b3cfdac778fca[commit] https://pagure.io/freeipa/issue/8595[#8595], https://pagure.io/freeipa/issue/8615[#8615] * Allow mod_auth_gssapi to create and access ccaches in /run/ipa/ccaches https://pagure.io/freeipa/c/7d1a6886538360fb340eb4423660d11ee4af7e39[commit] https://pagure.io/freeipa/issue/8613[#8613] * Correct SELinux policy requirements https://pagure.io/freeipa/c/0cb8f065ac7bcf814c4991aeca3be8b590c7b5f6[commit] * Back to git snapshots https://pagure.io/freeipa/c/77674077b4e1e6ff2d2608ad0661704d4a47ac41[commit] === Florence Blanc-Renaud (3) * ipatests: add test for PKI subsystem detection https://pagure.io/freeipa/c/24f6a36b82d2a8bd8f2283457fcb415e5898a1b1[commit] https://pagure.io/freeipa/issue/8596[#8596] * Improve PKI subsystem detection https://pagure.io/freeipa/c/cf30cc3f63fbce2a3ff9c53ae4cd177a3bf4e527[commit] https://pagure.io/freeipa/issue/8596[#8596] * xmlrpctests: remove harcoded expiration date from test_user_plugin https://pagure.io/freeipa/c/f2bc3f1c5baff68e4c8d5f1e5c38b5647eac4cf4[commit] https://pagure.io/freeipa/issue/8616[#8616] -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland

3 years, 5 months

1
0
0 / 0

[freeipa PR#5327][opened] [Backport][ipa-4-9] Improve PKI subsystem detection

by flo-renaud

URL: https://github.com/freeipa/freeipa/pull/5327 Author: flo-renaud Title: #5327: [Backport][ipa-4-9] Improve PKI subsystem detection Action: opened PR body: """ This PR was opened automatically because PR #5290 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5327/head:pr5327 git checkout pr5327

3 years, 5 months

2
1
0 / 0

[freeipa PR#5336][opened] [Backport][ipa-4-9] systemd: enforce en_US.UTF-8 locale in systemd units

by abbra

URL: https://github.com/freeipa/freeipa/pull/5336 Author: abbra Title: #5336: [Backport][ipa-4-9] systemd: enforce en_US.UTF-8 locale in systemd units Action: opened PR body: """ This PR was opened automatically because PR #5334 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5336/head:pr5336 git checkout pr5336

3 years, 5 months

1
1
0 / 0

[freeipa PR#5326][opened] [Backport][ipa-4-8] Improve PKI subsystem detection

by flo-renaud

URL: https://github.com/freeipa/freeipa/pull/5326 Author: flo-renaud Title: #5326: [Backport][ipa-4-8] Improve PKI subsystem detection Action: opened PR body: """ This PR was opened automatically because PR #5290 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5326/head:pr5326 git checkout pr5326

3 years, 5 months

2
1
0 / 0

[freeipa PR#5337][opened] [Backport][ipa-4-8] systemd: enforce en_US.UTF-8 locale in systemd units

by abbra

URL: https://github.com/freeipa/freeipa/pull/5337 Author: abbra Title: #5337: [Backport][ipa-4-8] systemd: enforce en_US.UTF-8 locale in systemd units Action: opened PR body: """ Python code does detection of the system encoding based on the locale settings. On RHEL 8.4 development images we somehow get LANG=en_US which defaults to iso8859-1 _inside_ the systemd-started service, even though the whole environment defaults to LANG=en_US.UTF-8. When instrumented with ExecStartPre=/usr/bin/locale, the following output can be seen: locale[45481]: LANG=en_US locale[45481]: LC_CTYPE="en_US" locale[45481]: LC_NUMERIC="en_US" locale[45481]: LC_TIME="en_US" locale[45481]: LC_COLLATE="en_US" locale[45481]: LC_MONETARY="en_US" locale[45481]: LC_MESSAGES="en_US" locale[45481]: LC_PAPER="en_US" locale[45481]: LC_NAME="en_US" locale[45481]: LC_ADDRESS="en_US" locale[45481]: LC_TELEPHONE="en_US" locale[45481]: LC_MEASUREMENT="en_US" locale[45481]: LC_IDENTIFICATION="en_US" locale[45481]: LC_ALL= ipactl[45483]: Unexpected error ipactl[45483]: SystemEncodingError: System encoding must be UTF-8, 'iso8859-1' is not supported. Set LC_ALL="C.UTF-8", or LC_ALL="" and LC_CTYPE="C.UTF-8". systemd[1]: ipa.service: Main process exited, code=exited, status=1/FAILURE Set the environment to explicit LC_ALL=C.UTF-8 to please the Python code. FreeIPA server side only cares about actual encoding, not the language itself. We already use LC_ALL=C.UTF-8 in httpd service snippet. Fixes: https://pagure.io/freeipa/issue/8617 Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> Reviewed-By: Thomas Woerner <twoerner(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5337/head:pr5337 git checkout pr5337

3 years, 5 months

1
1
0 / 0

[freeipa PR#5334][opened] systemd: enforce en_US.UTF-8 locale in systemd units

by abbra

URL: https://github.com/freeipa/freeipa/pull/5334 Author: abbra Title: #5334: systemd: enforce en_US.UTF-8 locale in systemd units Action: opened PR body: """ Python code does detection of the system encoding based on the locale settings. On RHEL 8.4 development images we somehow get LANG=en_US which defaults to iso8859-1 _inside_ the systemd-started service, even though the whole environment defaults to LANG=en_US.UTF-8. When instrumented with ExecStartPre=/usr/bin/locale, the following output can be seen: ``` locale[45481]: LANG=en_US locale[45481]: LC_CTYPE="en_US" locale[45481]: LC_NUMERIC="en_US" locale[45481]: LC_TIME="en_US" locale[45481]: LC_COLLATE="en_US" locale[45481]: LC_MONETARY="en_US" locale[45481]: LC_MESSAGES="en_US" locale[45481]: LC_PAPER="en_US" locale[45481]: LC_NAME="en_US" locale[45481]: LC_ADDRESS="en_US" locale[45481]: LC_TELEPHONE="en_US" locale[45481]: LC_MEASUREMENT="en_US" locale[45481]: LC_IDENTIFICATION="en_US" locale[45481]: LC_ALL= ipactl[45483]: Unexpected error ipactl[45483]: SystemEncodingError: System encoding must be UTF-8, 'iso8859-1' is not supported. Set LC_ALL="C.UTF-8", or LC_ALL="" and LC_CTYPE="C.UTF-8". systemd[1]: ipa.service: Main process exited, code=exited, status=1/FAILURE ``` Set the environment to explicit LANG=en_US.UTF-8 to please the Python code. FreeIPA server side only cares about actual encoding, not the language itself. Fixes: https://pagure.io/freeipa/issue/8617 Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5334/head:pr5334 git checkout pr5334

3 years, 5 months

1
1
0 / 0

[freeipa PR#5335][opened] [Backport][ipa-4-9] Allow mod_auth_gssapi to create and access ccaches in /run/ipa/ccaches

by abbra

URL: https://github.com/freeipa/freeipa/pull/5335 Author: abbra Title: #5335: [Backport][ipa-4-9] Allow mod_auth_gssapi to create and access ccaches in /run/ipa/ccaches Action: opened PR body: """ This PR was opened automatically because PR #5328 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5335/head:pr5335 git checkout pr5335

3 years, 5 months

1
0
0 / 0

[freeipa PR#5328][opened] Allow mod_auth_gssapi to create and access ccaches in /run/ipa/ccaches

by abbra

URL: https://github.com/freeipa/freeipa/pull/5328 Author: abbra Title: #5328: Allow mod_auth_gssapi to create and access ccaches in /run/ipa/ccaches Action: opened PR body: """ With commit c6644b8566f747fa80e2c1925b79bad9f8c92bd7 we default to create unique credential caches in /run/ipa/ccaches for every client that connects to IPA with a new session. On F34, mod_auth_gssapi process running as 'apache' cannot create the ccache in /run/ipa/ccaches because it has no access rights. The core of the problem is that we have two different paths to obtaining a ccache: one where 'apache' running httpd process creates it directly and one where an internal redirect from 'ipaapi' running httpd process is happening. Since /run/ipa/ccaches is a temporary directory created in /run which is mounted as tmpfs, POSIX ACLs can be used to add 'apache' group permission to create the ccaches. When '/run/ipa/ccaches' has SGID bit, created files inside it would automatically get 'ipaapi' group assigned. So all we need is to mark the directory as 02770 (SGID bit). Fixes: https://pagure.io/freeipa/issue/8613 Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5328/head:pr5328 git checkout pr5328

3 years, 5 months

1
1
0 / 0

[freeipa PR#5333][opened] [Backport][ipa-4-8] xmlrpctests: remove harcoded expiration date from test_user_plugin

by abbra

URL: https://github.com/freeipa/freeipa/pull/5333 Author: abbra Title: #5333: [Backport][ipa-4-8] xmlrpctests: remove harcoded expiration date from test_user_plugin Action: opened PR body: """ This PR was opened automatically because PR #5330 was pushed to master and backport to ipa-4-8 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5333/head:pr5333 git checkout pr5333

3 years, 5 months

1
1
0 / 0

[freeipa PR#5331][opened] [Backport][ipa-4-9] xmlrpctests: remove harcoded expiration date from test_user_plugin

by abbra

URL: https://github.com/freeipa/freeipa/pull/5331 Author: abbra Title: #5331: [Backport][ipa-4-9] xmlrpctests: remove harcoded expiration date from test_user_plugin Action: opened PR body: """ This PR was opened automatically because PR #5330 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5331/head:pr5331 git checkout pr5331

3 years, 5 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel December 2020