Dne 20.10.2014 v 23:40 Martin Basti napsal(a):
On 20/10/14 18:28, Jan Cholasta wrote:
Hi,

Dne 20.10.2014 v 17:37 Petr Spacek napsal(a):
On 20.10.2014 17:21, Martin Basti wrote:
Hello! Hold your hats, DNSSEC patches are here.

Martin^2, Petr^2

For testing you will need following package:
http://koji.fedoraproject.org/koji/taskinfo?taskID=7915293

 From me, functional self-ACK :-)


Patch 117:

1)

As we discussed off-line, this code is wrong and a ticket should be
opened to fix it to properly handle service files conflicting with the
mask command:

+        if instance_name != "":
+            srv_tgt = os.path.join(paths.ETC_SYSTEMD_SYSTEM_DIR,
instance_name)
+            # remove instance file or link before masking
+            if os.path.islink(srv_tgt):
+                os.unlink(srv_tgt)


Patch 137:

1)

There are some whitespace errors:

Applying: DNSSEC: add ipapk11helper module
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:95:
trailing whitespace.
 *
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:100:
trailing whitespace.
 *
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:105:
trailing whitespace.
 *
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:203:
trailing whitespace.
 *
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:208:
trailing whitespace.
 *
warning: squelched 3 whitespace errors
warning: 8 lines add whitespace errors.


Patch 138:

1)

There is a whitespace error:

Applying: DNSSEC: DNS key synchronization daemon
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:54: new
blank line at EOF.
+
warning: 1 line adds whitespace errors.


Patch 140:

1)

Unless there is a dnssec_keys ipalib plugins, I don't think there
should be container_dnssec_keys. Use "DN(('cn', 'keys'), ('cn',
'sec'), api.env.container_dns, ...)" instead of
"DN(api.env.container_dnssec_keys, ...)".


2)

The masking method definitions in PlatformService should be moved to
patch 117.


3)

The changes in dnskeysyncinstance.py, odsexportedinstance.py and
opendnssecinstance.py should be moved to patches 138 and 139.


Patch 147:

1)

There are some whitespace errors:

Applying: DNSSEC: add ipa dnssec daemons
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:135:
trailing whitespace.
    # synchronize metadata about master keys in LDAP
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:1228:
trailing whitespace.

/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:1291:
trailing whitespace.

/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:873: new
blank line at EOF.
+
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:1126: new
blank line at EOF.
+
warning: squelched 1 whitespace error
warning: 6 lines add whitespace errors.


Honza

Whitespaces fixed,
  mask, and dnssec_container issues move to 4.1.1 please.

mask ACK, container NACK - I don't think we want to introduce a new configuration option and deprecate it right away and it's a change in just 3 lines of code.


But we have schema conflict:

[20/Oct/2014:04:48:40 -0400] dse_read_one_file - The entry cn=schema in
file /etc/dirsrv/slapd-IPA-EXAMPLE/schema/71idviews.ldif (lineno: 1) is
invalid, error code 20 (Type or value exists) - object class
ipaOverrideTarget: The name does not match the OID
"2.16.840.1.113730.3.8.12.34". Another object class is already using the
name or OID.

git grep -n "2.16.840.1.113730.3.8.12.34"
install/share/60basev3.ldif:79:objectClasses:
(2.16.840.1.113730.3.8.12.34 NAME 'ipaSecretKeyRefObject' DESC 'Indirect
storage for encoded key material' SUP top AUXILIARY MUST (
ipaSecretKeyRef ) X-...

install/share/71idviews.ldif:8:objectClasses:
(2.16.840.1.113730.3.8.12.34 NAME 'ipaOverrideTarget' SUP top STRUCTURAL
MUST ( ipaAnchorUUID ) X-ORIGIN 'IPA v4' )

Updated patches atached.
"2.16.840.1.113730.3.8.12.35" is not used, I change it in patch mbasti-0150

NACK on patch 150, 2.16.840.1.113730.3.8.12.34 was reserved for ipaSecretKeyRefObject, there is no reserved OID for ipaOverrideTarget, so it's ipaOverrideTarget which should be fixed.

--
Jan Cholasta

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to