Dne 20.10.2014 v 23:40 Martin Basti napsal(a):
On 20/10/14 18:28, Jan Cholasta wrote:

Dne 20.10.2014 v 17:37 Petr Spacek napsal(a):
On 20.10.2014 17:21, Martin Basti wrote:
Hello! Hold your hats, DNSSEC patches are here.

Martin^2, Petr^2

For testing you will need following package:

 From me, functional self-ACK :-)

Patch 117:


As we discussed off-line, this code is wrong and a ticket should be
opened to fix it to properly handle service files conflicting with the
mask command:

+        if instance_name != "":
+            srv_tgt = os.path.join(paths.ETC_SYSTEMD_SYSTEM_DIR,
+            # remove instance file or link before masking
+            if os.path.islink(srv_tgt):
+                os.unlink(srv_tgt)

Patch 137:


There are some whitespace errors:

Applying: DNSSEC: add ipapk11helper module
trailing whitespace.
trailing whitespace.
trailing whitespace.
trailing whitespace.
trailing whitespace.
warning: squelched 3 whitespace errors
warning: 8 lines add whitespace errors.

Patch 138:


There is a whitespace error:

Applying: DNSSEC: DNS key synchronization daemon
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:54: new
blank line at EOF.
warning: 1 line adds whitespace errors.

Patch 140:


Unless there is a dnssec_keys ipalib plugins, I don't think there
should be container_dnssec_keys. Use "DN(('cn', 'keys'), ('cn',
'sec'), api.env.container_dns, ...)" instead of
"DN(api.env.container_dnssec_keys, ...)".


The masking method definitions in PlatformService should be moved to
patch 117.


The changes in dnskeysyncinstance.py, odsexportedinstance.py and
opendnssecinstance.py should be moved to patches 138 and 139.

Patch 147:


There are some whitespace errors:

Applying: DNSSEC: add ipa dnssec daemons
trailing whitespace.
    # synchronize metadata about master keys in LDAP
trailing whitespace.

trailing whitespace.

/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:873: new
blank line at EOF.
/home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:1126: new
blank line at EOF.
warning: squelched 1 whitespace error
warning: 6 lines add whitespace errors.


Whitespaces fixed,
  mask, and dnssec_container issues move to 4.1.1 please.

mask ACK, container NACK - I don't think we want to introduce a new configuration option and deprecate it right away and it's a change in just 3 lines of code.

But we have schema conflict:

[20/Oct/2014:04:48:40 -0400] dse_read_one_file - The entry cn=schema in
file /etc/dirsrv/slapd-IPA-EXAMPLE/schema/71idviews.ldif (lineno: 1) is
invalid, error code 20 (Type or value exists) - object class
ipaOverrideTarget: The name does not match the OID
"2.16.840.1.113730.". Another object class is already using the
name or OID.

git grep -n "2.16.840.1.113730."
(2.16.840.1.113730. NAME 'ipaSecretKeyRefObject' DESC 'Indirect
storage for encoded key material' SUP top AUXILIARY MUST (
ipaSecretKeyRef ) X-...

(2.16.840.1.113730. NAME 'ipaOverrideTarget' SUP top STRUCTURAL
MUST ( ipaAnchorUUID ) X-ORIGIN 'IPA v4' )

Updated patches atached.
"2.16.840.1.113730." is not used, I change it in patch mbasti-0150

NACK on patch 150, 2.16.840.1.113730. was reserved for ipaSecretKeyRefObject, there is no reserved OID for ipaOverrideTarget, so it's ipaOverrideTarget which should be fixed.

Jan Cholasta

Freeipa-devel mailing list

Reply via email to