URL: https://github.com/freeipa/freeipa/pull/5502
Author: rcritten
Title: #5502: [Backport][ipa-4-6] Fix cert_request for KDC cert
Action: opened
PR body:
"""
This PR was opened automatically because PR #5496 was pushed to master and backport to ipa-4-6 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5502/head:pr5502
git checkout pr5502
URL: https://github.com/freeipa/freeipa/pull/5503
Author: rcritten
Title: #5503: [Backport][ipa-4-9] Fix cert_request for KDC cert
Action: opened
PR body:
"""
This PR was opened automatically because PR #5496 was pushed to master and backport to ipa-4-9 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5503/head:pr5503
git checkout pr5503
URL: https://github.com/freeipa/freeipa/pull/5497
Author: wladich
Title: #5497: [Backport][ipa-4-9] ipatests: rewrite test for requests routing to subordinate suffixes
Action: opened
PR body:
"""
This PR was opened automatically because PR #5427 was pushed to master and backport to ipa-4-9 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5497/head:pr5497
git checkout pr5497
URL: https://github.com/freeipa/freeipa/pull/5495
Author: tiran
Title: #5495: Ensure that KDC cert has SAN DNS entry
Action: opened
PR body:
"""
The dns parameter of request_and_wait_for_cert() must be a string of
hostnames.
* Enforce list/tuple type so that API misuse no longer passes silently.
* Add commonNameToSANDefaultImpl to KDCs_PKINIT_Certs profile
* Explicitly pass hostname for service certs
Fixes: https://pagure.io/freeipa/issue/8685
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5495/head:pr5495
git checkout pr5495
URL: https://github.com/freeipa/freeipa/pull/5491
Author: rcritten
Title: #5491: ipatests: Update NSSDatabase DBM test on non-DBM-capable installs
Action: opened
PR body:
"""
The string was updated to include the directory the for the database
but this was not reflected in the test and not picked up because
the tests were executed on Fedora 32 which supports dbm so the
test wasn't executed.
https://pagure.io/freeipa/issue/8675
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5491/head:pr5491
git checkout pr5491
URL: https://github.com/freeipa/freeipa/pull/5465
Author: mrizwan93
Title: #5465: [Backport][ipa-4-9] ipatests: Test if server setup without dns uninstall properly
Action: opened
PR body:
"""
IPA server uninstall was failing if dns was not setup.
This test check if it uninstalls propelry.
related: https://pagure.io/freeipa/issue/8630
Signed-off-by: Mohammad Rizwan <myusuf(a)redhat.com>
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu(a)redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5465/head:pr5465
git checkout pr5465
URL: https://github.com/freeipa/freeipa/pull/5476
Author: flo-renaud
Title: #5476: ipatests: fix incomplete nightly def in nightly_previous
Action: opened
PR body:
"""
The job definition for fedora-previous/test_installation_client
is missing the .py in the test file:
test_suite: test_integration/test_installation_client
should be instead:
test_suite: test_integration/test_installation_client.py
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5476/head:pr5476
git checkout pr5476
URL: https://github.com/freeipa/freeipa/pull/5489
Author: rcritten
Title: #5489: Better support for unreadable NSS database
Action: opened
PR body:
"""
Ignore database errors when trying to extract ipaCert on upgrade
If NSSDatabase() throws a ValueError it means we can't open it
to look for an existing ipaCert to migrate. Chances are there is
no certificate to migrate at this point in Fedora so don't let
it blow up the entire installation/upgrade. Warn the user and let
them figure it out.
We have no real path forward on this and by proceeding it could
lead to more errors (like no RA) but it is extremely unlikely and
would require a user to upgrade from very old Fedora to very
new Fedora in one step.
https://pagure.io/freeipa/issue/8675
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
I added no specific test for this because it a corner case. This code is just to mitigate the problem and make it more understandable.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5489/head:pr5489
git checkout pr5489