URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code

HonzaCholasta commented:
"""
Both replica install and CA-less install now work, but:
* `ipa-replica-install` creates `/var/lib/ipa/radb` owned by `root` rather than 
`ipaapi`.
* `/var/lib/ipa/radb` should not be created in CA-less install.
* Upgrade from 4.4 fails in various ways:
  * on the first master: https://transfer.sh/JgKTV/ipaupgrade.log
  * on a replica: https://transfer.sh/LTMvO/ipaupgrade.log
* Could you please add a command to enable your COPR repositories to 
`.test_runner_config.yaml` so that CI starts working properly? @martbab can 
advise.

@MartinBasti: we agreed to document all new functions last week, this PR was 
first submitted months ago, so IMO the rule does not apply here.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/314#issuecomment-276032900
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to