URL: https://github.com/freeipa/freeipa/pull/108
Author: frasertweedale
 Title: #108: Bump pki min version and add commentary about sub-CA revocation 
on delete
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/108/head:pr108
git checkout pr108
From b97b8c999f1f1fd7a049a58ea0ba8ee6f1b905bf Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Fri, 23 Sep 2016 16:01:19 +1000
Subject: [PATCH 1/2] spec: require Dogtag >= 10.3.5-6

Require Dogtag 10.3.5-6, which is the first release that implements
revocation of lightweight CA signing certificates upon deletion.

Part of: https://fedorahosted.org/freeipa/ticket/6256
---
 freeipa.spec.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index ca8ef4a..e5e1292 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -161,8 +161,8 @@ Requires(post): systemd-units
 Requires: selinux-policy >= %{selinux_policy_version}
 Requires(post): selinux-policy-base >= %{selinux_policy_version}
 Requires: slapi-nis >= %{slapi_nis_version}
-Requires: pki-ca >= 10.3.3-3
-Requires: pki-kra >= 10.3.3-3
+Requires: pki-ca >= 10.3.5-6
+Requires: pki-kra >= 10.3.5-6
 Requires(preun): python systemd-units
 Requires(postun): python systemd-units
 Requires: zip

From 42a2db98335252cf8cfcfb647629fcd6c3970873 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Fri, 23 Sep 2016 16:05:55 +1000
Subject: [PATCH 2/2] Add commentary about CA deletion to plugin doc

Add commentary to 'ca' plugin documentation to explain what happens
when a CA gets deleted - namely, that its signing cert gets revoked
and its private key deleted.

Also break the docstring up into smaller chunks to aid translation.

Fixes: https://fedorahosted.org/freeipa/ticket/6256
---
 ipaserver/plugins/ca.py | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py
index 4d83fe8..d9ae8c8 100644
--- a/ipaserver/plugins/ca.py
+++ b/ipaserver/plugins/ca.py
@@ -14,33 +14,38 @@
 
 __doc__ = _("""
 Manage Certificate Authorities
-
+""") + _("""
 Subordinate Certificate Authorities (Sub-CAs) can be added for scoped issuance
 of X.509 certificates.
-
+""") + _("""
 CAs are enabled on creation, but their use is subject to CA ACLs unless the
 operator has permission to bypass CA ACLs.
-
+""") + _("""
 All CAs except the 'IPA' CA can be disabled or re-enabled.  Disabling a CA
 prevents it from issuing certificates but does not affect the validity of its
 certificate.
-
-
+""") + _("""
+CAs (all except the 'IPA' CA) can be deleted.  Deleting a CA causes its signing
+certificate to be revoked and its private key deleted.
+""") + _("""
 EXAMPLES:
-
+""") + _("""
   Create new CA, subordinate to the IPA CA.
 
     ipa ca-add puppet --desc "Puppet" \\
         --subject "CN=Puppet CA,O=EXAMPLE.COM"
-
+""") + _("""
   Disable a CA.
 
     ipa ca-disable puppet
-
+""") + _("""
   Re-enable a CA.
 
     ipa ca-enable puppet
+""") + _("""
+  Delete a CA.
 
+    ipa ca-del puppet
 """)
 
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to