Re: [Freeipa-devel] [PATCH] 022 Inconsistent error message for ipa group-detach
Martin Kosek mko...@redhat.com wrote: When attempting to detach a private group that doesn't exist, the error message returned is not consistent with the error returned by the other topic commands. This patch adds a standard message. https://fedorahosted.org/freeipa/ticket/291 ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 700 update some minimum versions
Rob Crittenden rcrit...@redhat.com wrote: Update min version of 389-ds-base, mod_nss and selinux-policy. As of this writing the selinux-policy update hasn't actually gone out to updates-testing so I'm going to hold onto this even if I get an ack. The selinux-policy update is needed to fix slapi-nis working as an nis responder. rob Seems good, build and installation on F14 works. ACK Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 049 Make nsslib IPv6 aware
Jakub Hrozek jhro...@redhat.com wrote: Hi, attached is a patch to nsslib.py that changes its semantics so it is able to work with different address families. It is the last piece of IPv6 support. Aside from the hunks in the patch, I still need to set Requires: in the patch (don't know the exact version yet). Also, the attached patch always tries IPv4 first and only falls back to IPv6. I think there should be a config option that tells IPA to prefer one of the address families or use it exclusively for performance reasons. Please note that the patch requires the latest changes to python-nss in order to work correctly. Since John is still working on python-nss packages, this patch should be treated as a preview and not pushed even if it is deemed OK. At this stage, I'd like to get at least the general approach and code reviewed so I can fix it tomorrow. Thank you, Jakub The patch looks ok, all my questions answered off-list. Also tested with IPv4 (latest python-nss installed) and IPv6, both work fine. ACK Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 049 Make nsslib IPv6 aware
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/03/2011 02:23 PM, Jan Zelený wrote: The patch looks ok, all my questions answered off-list. Also tested with IPv4 (latest python-nss installed) and IPv6, both work fine. ACK Jan As noted in the original mail, please don't push until python-nss is in the repos we want. Currently this patch would break because there are new functions and constants used, but mainly nss.io.NetworkAddress changed its API. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1KsDYACgkQHsardTLnvCUB5QCdEe+HK+VByOuC4nIFUCYWZjUV jxoAn1w24yOLWsmuj64wo4cZIh/J9bPf =vlIt -END PGP SIGNATURE- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] python i18n options
I've been playing around with localizing python strings for a while and this is what I figured out: Currently we use xgettext to get strings to be translated from python files. From withing python we call the gettext library wrapped in ipalib/text.py classes to provide on request translation. We need on request translation, so that we can translate strings on the client. Apart from the classes in ipalib/text.py, there are also localization functions in ipalib/request.py. These function are old and deprecated. Despite this they are still used when translating exception messages. That's why exceptions aren't currently being localized. Rob posted a patch recently that fixes this, but it wasn't fixing the problem at its root. There's another patch by me (69: Remove deprecated i18n code...) that removes references to ipalib/request.py and replaces it with ipalib/text.py classes. This patch should definitely be accepted. It doesn't change anything - it just removes code that shouldn't be there anyway. There's another problem with exceptions. They are localized when they are first created on the server. When transmitting exceptions from server to client, the data is wrapped in a xmlrpclib.Fault class. This class can only contain an error code and string making it impossible to reconstruct on the client especially if it contains template strings (i.e. '%(reason)s'). I propose we change the way exceptions are created and encode information about them as Fault string data. We can then reconstruct them on the client a perform localization there. Python 2.6+ provides secure ways to encode and decode literal types to/from strings. This will require changes to the PublicError class. Now there's the issue of localizing the built-in help system ('ipa help') which translates to localizing python docstrings. xgettext can't do that on its own. There's an alternative called pygettext. Unfortunately pygettext can't translated ngettext string (meaning strings that have a singular and plural form). I found two solutions around this: 1) a) use both xgettext and pygettext b) merge the resulting .po files c) use msguniq utility to get unique translatable strings 2) theres a patch for pygettext to handle ngettext string Solution 1) will probably works fine, but it's not very effective. I would prefer the second solution, but I still have to determine how good the patch is since it was sent by some random guy on the python mailing list. Links: http://bugs.python.org/issue8502 http://bugs.python.org/file17639/pygettext.py.patch Opinions? Summary: Unless we agree on a better way; I'm going to try the pygettext patch and see how usable it is. If it's not then I'll try the solution with merging pygettext and xgettext output. We also need to rethink the PublicError class and it's encoding/decoding in {JSON,XML}-RPC to have them translated on the client. Pavel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Added multi-valued text widget.
On 02/03/2011 07:57 AM, Endi Sukma Dewata wrote: A multi-valued text widget has been created to replace the old IPA.details_field. There are some differences: The old code was designed to handle all data types, so the code is incomplete and complex. The new code was designed to handle multi- valued text attributes only, so it's easier to maintain. There are already other widgets that can be used to handle other data types. In the old code, if an attribute contains multiple values there will be one undo link for each value. In the new code there will be only one undo link for the whole attribute. In the old code, when a value is removed, the value will be crossed out. In the new code when a value is removed the entire line will disappear. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel NACK. Mostly good, but not sure I agree 100%. Line level Undo we very specific for the multi values. Undo should be for individuals, not for the overall. I realize that this makes the logic a little bit harder if you want to, say, abandon your changes on phonen numbers, but keep them for Title, it is hard to get the undo just right. So: Multi values should have an undo all in addition to line level undo. I'd like to leave the line-out approach in there for removed entries as well. A user can always repurpose a line, so there undo/redo will be valuable at the line level. For straight delete, I think it is valuable for the user to see the original value. Also, it looks like the code for create_remove_link is still in IPA.details_field. I'm guessing that this is dead code that should be removed. At a minimum, it should be moved to the new widget. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 022 Inconsistent error message for ipa group-detach
Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: When attempting to detach a private group that doesn't exist, the error message returned is not consistent with the error returned by the other topic commands. This patch adds a standard message. https://fedorahosted.org/freeipa/ticket/291 ack Jan pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 023 ipa-server-install inconsistent capitalization
Jan Zelený wrote: Martin Kosekmko...@redhat.com wrote: A cosmetic patch to IPA server installation output aimed to make capitalization in installer output consistent. Several installation tasks started with a lowercase letter and several installation task steps started with an uppercase letter. https://fedorahosted.org/freeipa/ticket/776 ack Jan pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 025 Detection of v1 server during ipa-client-install
When v2 IPA client is trying to join an IPA v1 server a strange exception is printed out to the user. This patch detects this by catching an XML-RPC error reported by ipa-join binary called in the process which fails on unexisting IPA server 'join' method. wget call had to be changed so that IPA client may get to the ipa-join step. --no-check-certificate had to be added as V1 server automatically redirects the request to self-signed secure connection. https://fedorahosted.org/freeipa/ticket/553 From d3282093128b34158ceae6264cf4c53fd49130d0 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 3 Feb 2011 17:20:26 +0100 Subject: [PATCH] Detection of v1 server during ipa-client-install When v2 IPA client is trying to join an IPA v1 server a strange exception is printed out to the user. This patch detects this by catching an XML-RPC error reported by ipa-join binary called in the process which fails on unexisting IPA server 'join' method. wget call had to be changed so that IPA client may get to the ipa-join step. --no-check-certificate had to be added as V1 server automatically redirects the request to self-signed secure connection. https://fedorahosted.org/freeipa/ticket/553 --- ipa-client/ipa-install/ipa-client-install |8 ++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 66e4a14872bb5ccde98816fd30683e0d8500ac34..1800f28f7a3ea4daa512b8d1624ce3e5de12432d 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -630,7 +630,7 @@ def main(): pass try: -run([/usr/bin/wget, -O, /etc/ipa/ca.crt, http://%s/ipa/config/ca.crt; % cli_server]) +run([/usr/bin/wget, -O, /etc/ipa/ca.crt, --no-check-certificate, http://%s/ipa/config/ca.crt; % cli_server]) except CalledProcessError, e: sys.exit('Retrieving CA from %s failed.\n%s' % (cli_server, str(e))) @@ -683,7 +683,11 @@ def main(): (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env) if returncode != 0: -print sys.stderr, Joining realm failed: %s % stderr, +if returncode == 17:# XML-RPC fault - possible IPA v1/v2 incompatibility +print Joining realm failed because of failing XML-RPC request. +print This error may be caused by incompatible server/client major versions. +else: +print sys.stderr, Joining realm failed: %s % stderr, if not options.force: return 1 print Use ipa-getkeytab to obtain a host principal for this server. -- 1.7.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0176-unmatched-aciattrs
On Fri, 28 Jan 2011 15:53:49 -0500 Adam Young ayo...@redhat.com wrote: This one was pushed. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Enable custom list of attributes to retrieve effective rights.
On Tue, 18 Jan 2011 13:25:28 +0100 Pavel Zuna pz...@redhat.com wrote: On 01/07/2011 08:59 PM, Rob Crittenden wrote: Pavel Zůna wrote: LDAPObject sub-classes can define a custom list of attributes for effective rights retrieval. Fix #677 Pavel Nack. --rights should only return data when --all is also included. Otherwise it looks ok. rob Fixed version attached. Pavel Is this one still on the table ? Or did some other patch supersede it ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0188-favicon.patch
From d684c2e0a3c0151e9d8b0d1810e3c54ca7c8c4ff Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Thu, 3 Feb 2011 14:45:04 -0500 Subject: [PATCH] favicon adds a favicon that is the freeipa cube --- install/ui/favicon.ico | Bin 0 - 1150 bytes install/ui/index.html |1 + 2 files changed, 1 insertions(+), 0 deletions(-) create mode 100644 install/ui/favicon.ico diff --git a/install/ui/favicon.ico b/install/ui/favicon.ico new file mode 100644 index ..f318f616227cba650f50763ee287e0edfa550118 GIT binary patch literal 1150 zcmai!ZA_C_6vrwGLyLp8Z_t!CE212IzNm|!!+oCAcL}z4(H07#%AoG76{^EJ%5A z5Oq+Ph1$_74rGX{wd|kTSQn3wS@|$(AGH|6t+Nl8R;6H{r5auSd7u^xjFaT{O|eQ zd!LhYFCiXu^YS8e?@NxqOvna8$Xm4060Q8J(~b~?%59jdDhq*DFq^bB#gY@2@D~ zOEhJ?+nV;4$cc#wpQWXxRc^QYrKjUp#*98cKmXbzyM0UJ_unNpCWj4aj_$x`DoY* z4$ax%aL}gl%WoXWBuad;;YNc%N`8NcxKP(1pr#9qnP#+%KEu34T-?dm~yC-lnX% zY|45r64t_lu;m?^Y^yk5rtRt8J2Nxm$#9HW$40lxh51F|bkaGT|O$~ccAqnpMQ88 zFN~@Yr{NQm0;M-{;NTy?m|Zkt}ZY5^~sZs4BsF~YS2b+LKcsOAcGuLaocf+=35eW zP-Cawr)tGquxv`iw~O)Fk3}f0NWvpQlxyHYzdw@`$Dvb)^KlRpZO48kqU@k2xS z2HfKKQA4SLlro16zD|MkW)VV1n7XNK*5h%F!pKRW%$cSLv(e)YmuG7MzUFjl8?7R z8sd$s?5jX#4f5UD*`2!9`NqU5I53_6zLfZr3X7#_Af~Y)=BoS1uroa$?{4RM!bQG zyH`WZ-tN|O1Kq|rU)OXgMFxIQ9E5@}(KDrtJNX|2if}cPZd?WF|$RpuGl}`#0fg z@LbwmPkDoe(tuM4ss79yoshP7D{XKPQ$O%-lUrBV8lR`SUnIy8PWIPt+Y2;u`N zmEZ{VTYWAbi%u*%RuVQ0(2I~QzP6xR6l1k^sA$BnQxZpFflTvrz1ocFv@doq$5 zuP$+nl9r0wM_8ne6wsSgf|J%RZ-$@GwR%#9}Zl5QE2dx{sUcbNLAi;8vO8IbV zWccOIw~#kphG4h@9%`F$;9FI%T+Cl?GdJG^`g6!XY^hyF%15(TwgYS5tViTQIx zWps9kAaA*Xim6eQPnb|!br#jKY@|#YkgBPMr6?Noe~p=XJC8hj4`yd))|nq@kNte_ zrb(y1h8qvnkd5|2M6Yv+u8Ho3!app^AIhg4lbcuW%=7%*+?=PmuRGEH(`{3qwjSC} z2`tL$F7tpsazNg(wwuixO$(DMP-+=YetH7|$D~FKfErd8%5u)}WlO(5nvQdN M(#$?WzZ-=74TyogRsaA1 literal 0 HcmV?d1 diff --git a/install/ui/index.html b/install/ui/index.html index 8d83f36277d627de8f436c741b8a49f1071b8868..e3205d69f5ae44b7b4da536fa8d0808a451dac53 100644 --- a/install/ui/index.html +++ b/install/ui/index.html @@ -44,6 +44,7 @@ link rel=stylesheet type=text/css href=jquery-ui.css / link rel=stylesheet type=text/css href=ipa.css / +link rel=icon type=image/ico href=favicon.ico /head body -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0188-favicon.patch
On 2/3/2011 1:45 PM, Adam Young wrote: ACK and pushed to master. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel