[Freeipa-devel] Re: FreeIPA 4.9.0 release candidate 2 leased

The FreeIPA team would like to announce FreeIPA 4.9.0 release candidate 2!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora Rawhide will be available from the official repository soon. We are not planning producing builds of release candidates for the Fedora 32/33 at this moment. Final FreeIPA 4.9.0 release might be produced for Fedora 33 depending on upgrade test results. == Highlights in 4.9.0 release candidate 2 == === Bug fixes === FreeIPA 4.9.0 release candidate 2 is a stabilization release for the features delivered as a part of 4.9 version series. There are more than 10 bug-fixes since FreeIPA 4.9.0 release candidate 1. Details of the bug-fixes can be seen in the list of resolved tickets below. == Upgrading == Upgrade instructions are available on [[Upgrade]] page. == Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...) or #freeipa channel on Freenode. == Resolved tickets == * [https://pagure.io/freeipa/issue/3299 #3299] [RFE] Switch the client to JSON RPC * [https://pagure.io/freeipa/issue/7534 #7534] ([https://bugzilla.redhat.com/show_bug.cgi?id=1569011 rhbz#1569011]) Investigate failures to restore 389-ds attriubtes on upgrade failure * [https://pagure.io/freeipa/issue/7676 #7676] ([https://bugzilla.redhat.com/show_bug.cgi?id=1544379 rhbz#1544379]) ipa-client-install changes system wide ssh configuration * [https://pagure.io/freeipa/issue/7975 #7975] Accept 389-ds JSON replication status messages * [https://pagure.io/freeipa/issue/8424 #8424] Add ipa.p11-kit to ipa-client-install man page files list * [https://pagure.io/freeipa/issue/8514 #8514] ([https://bugzilla.redhat.com/show_bug.cgi?id=1885126 rhbz#1885126]) Nightly failure (enforcing mode) in test_acme.py::TestACME::test_mod_md * [https://pagure.io/freeipa/issue/8524 #8524] ([https://bugzilla.redhat.com/show_bug.cgi?id=1851835 rhbz#1851835]) Deploy & manage the ACME service topology wide from a single system * [https://pagure.io/freeipa/issue/8531 #8531] RFE: Use host keytab to obtain ticket for ipa-certupdate * [https://pagure.io/freeipa/issue/8545 #8545] ([https://bugzilla.redhat.com/show_bug.cgi?id=1869605 rhbz#1869605]) KRA Transport and Storage Certificates do not renew * [https://pagure.io/freeipa/issue/8554 #8554] ([https://bugzilla.redhat.com/show_bug.cgi?id=1891056 rhbz#1891056]) ipa-kdb: support subordinate/superior UPN suffixes * [https://pagure.io/freeipa/issue/8581 #8581] Nightly test failure in test_acme.py::TestACME::test_third_party_certs (updates-testing) * [https://pagure.io/freeipa/issue/8587 #8587] client-only build fails due to unconditional use of pwquality features * [https://pagure.io/freeipa/issue/8589 #8589] ([https://bugzilla.redhat.com/show_bug.cgi?id=1812871 rhbz#1812871]) Intermittent IdM Client Registration Failures * [https://pagure.io/freeipa/issue/8590 #8590] Nightly test failure in test_integration/test_krbtpolicy.py::TestPWPolicy::test_krbtpolicy_default::setup * [https://pagure.io/freeipa/issue/8595 #8595] Allow ipa-ca as a name for an IPA server * [https://pagure.io/freeipa/issue/8597 #8597] ([https://bugzilla.redhat.com/show_bug.cgi?id=1901068 rhbz#1901068]) Traceback while doing ipa-backup * [https://pagure.io/freeipa/issue/8601 #8601] Nightly test failure in test_trust.py::TestTrust::test_subordinate_suffix * [https://pagure.io/freeipa/issue/8603 #8603] ([https://bugzilla.redhat.com/show_bug.cgi?id=1902727 rhbz#1902727]) ipa-acme-manage enable fails after upgrade == Detailed changelog since 4.9.0rc1 == === Armando Neto (1) === * ipatests: Bump PR-CI templates [https://pagure.io/freeipa/c/a3c5c71925b5fd8faa56379d92fa19631d230108 commit] === Alexander Bokovoy (5) === * Become FreeIPA 4.9.0rc2 [https://pagure.io/freeipa/c/e74d6409902b83fb81a0aec251280375a90d6f07 commit] * Update contributors [https://pagure.io/freeipa/c/5f36ee51e4f9d270cc65668d9ab4666e0ac8c07f commit] * freeipa.spec.in: unify spec files across upstream RHEL, and Fedora [https://pagure.io/freeipa/c/4b56a4cbaa3bb71260ffbc35f304ddf5ee31baed commit] * ad trust: accept subordinate domains of the forest trust root [https://pagure.io/freeipa/c/381cc5e8eae1b7437fc15cb699983887d398f498 commit] [https://pagure.io/freeipa/issue/8554 #8554] * util: Fix client-only build [https://pagure.io/freeipa/c/244704cc156dba0731671c55661d82073f970c9b commit] [https://pagure.io/freeipa/issue/8587 #8587] === Antonio Torres Moríñigo (1) === * ipa-client-install manpage: add ipa.p11-kit to list of files created [https://pagure.io/freeipa/c/08bbd0a2d712a5a7f1a02999390c4be2a9df3f0e commit] [https://pagure.io/freeipa/issue/8424 #8424] === Florence Blanc-Renaud (2) === * ipatests: fix TestTrust::test_subordinate_suffix [https://pagure.io/freeipa/c/bf1d652ff946e448a5b97a12df926ae4a7d9db01 commit] [https://pagure.io/freeipa/issue/8601 #8601] * Always define the path DNSSEC_OPENSSL_CONF [https://pagure.io/freeipa/c/06a7db1838ad9b9ebbe565dbbde126968f9c296f commit] [https://pagure.io/freeipa/issue/8597 #8597] === Mark Reynolds (1) === * Accept 389-ds JSON replication status messages [https://pagure.io/freeipa/c/826dccc9cb99f4bce8bd24b47c531f918f19d8d6 commit] [https://pagure.io/freeipa/issue/7975 #7975] === Mohammad Rizwan (1) === * ipatests: Test certmonger IPA responder switched to JSONRPC [https://pagure.io/freeipa/c/25eebb21a2f85817691ce65c431d6b5de3bebe3b commit] [https://pagure.io/freeipa/issue/3299 #3299] === Rob Crittenden (25) === * Skip the ACME mod_md test when the client is in enforcing mode [https://pagure.io/freeipa/c/2d576d5b4b1e9e0c43aafde7636c6a25b5ca294f commit] [https://pagure.io/freeipa/issue/8514 #8514] * Increase timeout for krbtpolicy to 4800 [https://pagure.io/freeipa/c/28ed75ca0251724e34a447174ae775edca9763e2 commit] [https://pagure.io/freeipa/issue/8589 #8589] * Enable the ccache sweep systemd timer [https://pagure.io/freeipa/c/068d08577d97258267917f81363a1a033a681803 commit] [https://pagure.io/freeipa/issue/8589 #8589] * ipatests: test that stale caches are removed using the sweeper [https://pagure.io/freeipa/c/22fa1a7e5c49a677b55f71d95d47cc58e0f29c57 commit] [https://pagure.io/freeipa/issue/8589 #8589] * Generate a unique cache for each connection [https://pagure.io/freeipa/c/51b186b6033bafaa39a2b0544b5cdc9c0298208c commit] [https://pagure.io/freeipa/issue/8589 #8589] * Convert reset_to_default_policy into a pytest fixture [https://pagure.io/freeipa/c/848dffb59273493ef3abde2a86864e85c8d19eff commit] [https://pagure.io/freeipa/issue/8589 #8589] * VERSION: back to git snapshots [https://pagure.io/freeipa/c/2e1cbcb7783704ef5d6c883e55003acac4ee1553 commit] * ipatests: Test that ipa-ca.$domain can retrieve CRLs without redirect [https://pagure.io/freeipa/c/b478bf99d9f158dabae145169f242b2b5d26404c commit] [https://pagure.io/freeipa/issue/8595 #8595] * Allow Apache to answer to ipa-ca requests without a redirect [https://pagure.io/freeipa/c/4ba6a0371b6d12adf46a654356468e52bf3ee33f commit] [https://pagure.io/freeipa/issue/8595 #8595] * Move where the restore state is marked during IPA server upgrade [https://pagure.io/freeipa/c/20055ddaf169787c041f0baf0bd0cdca1f5fe7b5 commit] [https://pagure.io/freeipa/issue/7534 #7534] * Reorder when ACME is enabled to fix failure on upgrade [https://pagure.io/freeipa/c/ea67962d5d2b4812234bb6c22c85b7716951b2f9 commit] [https://pagure.io/freeipa/issue/8603 #8603] * Remove test for minimum ACME support and rely on package deps [https://pagure.io/freeipa/c/0d6caf5d0eae315797b36abfe8444827bdd71fb7 commit] * Require PKI 10.10+ for KRA profile and ACME support [https://pagure.io/freeipa/c/3e530e93c37ee71a560714e26285cd85e71557c9 commit] [https://pagure.io/freeipa/issue/8524 #8524], [https://pagure.io/freeipa/issue/8545 #8545] * Test that the KRA profiles can renewal its three certificates [https://pagure.io/freeipa/c/bd4771d75f8549fe1790540764f23d47bf3d187c commit] [https://pagure.io/freeipa/issue/8545 #8545] * Change KRA profiles in certmonger tracking so they can renew [https://pagure.io/freeipa/c/a9e1c014f601a567f4aa5135d02883c498835268 commit] [https://pagure.io/freeipa/issue/8545 #8545] * ipatests: Increase timeout for ACME in gating.yaml [https://pagure.io/freeipa/c/17f293e9da0375bac4871c0100c6146a8c2f8e55 commit] [https://pagure.io/freeipa/issue/8581 #8581] * ipatests: honor class inheritance in TestACMEwithExternalCA [https://pagure.io/freeipa/c/75ad5757528491616f7f4e596bb9f6b152944d99 commit] [https://pagure.io/freeipa/issue/8581 #8581] * ipatests: configure MDStoreDir for mod_md ACME test [https://pagure.io/freeipa/c/b474b263ed0161ba8411cc84014e4d08a44ac15f commit] [https://pagure.io/freeipa/issue/8581 #8581] * ipatests: Clean up existing ACME registration and certs [https://pagure.io/freeipa/c/5d286e79515c8a6c856a5acde6300271422acfac commit] [https://pagure.io/freeipa/issue/8581 #8581] * ipatests: Configure a replica in TestACMEwithExternalCA [https://pagure.io/freeipa/c/de5baf8516cde060f1606070b2a8824f71178f16 commit] [https://pagure.io/freeipa/issue/8581 #8581] * ipatests: call the CALess install method to generate the CA [https://pagure.io/freeipa/c/3cd6b81a68be98ae9f60da67d2bc640831f0cf0c commit] [https://pagure.io/freeipa/issue/8581 #8581] * ipatests: Test that Match ProxyCommand masks on no shell exec [https://pagure.io/freeipa/c/d89e3abf2714092baae1607afd83da1c944d6c9f commit] [https://pagure.io/freeipa/issue/7676 #7676] * Create IPA ssh client configuration and move ProxyCommand [https://pagure.io/freeipa/c/a525b2ebf01ffff83d0a5925035f4be0fc5c700c commit] [https://pagure.io/freeipa/issue/7676 #7676] * ipatests: Test that ipa-certupdate can run without credentials [https://pagure.io/freeipa/c/4941d3d4b1ba10ccddf5429463debcefac6fbd9f commit] [https://pagure.io/freeipa/issue/8531 #8531] * Use host keytab to obtain credentials needed for ipa-certupdate [https://pagure.io/freeipa/c/1a09ce9f3fa503eeefe394856be538892652accf commit] [https://pagure.io/freeipa/issue/8531 #8531] === Robbie Harwood (1) === * Fix krbtpolicy tests [https://pagure.io/freeipa/c/17a4198a666453dbec55409d4e2acc37a37b57ac commit] [https://pagure.io/freeipa/issue/8590 #8590] === Sudhir Menon (2) === * ipatests: support subordinate upn suffixes [https://pagure.io/freeipa/c/7e605e958ef6d41584afc238433669c15458ac67 commit] * ipatests: Tests for ipahealthcheck.ds.nss_ssl [https://pagure.io/freeipa/c/46f114d9e751b2a092b975b909f0e890257a507d commit] -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel(a)lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedoraho...