Re: [Freeipa-devel] [PATCH] 0025 Respect UID and GID soft static allocation.
On 29/10/14 17:23, David Kupka wrote: On 10/29/2014 02:34 PM, David Kupka wrote: On 10/24/2014 03:05 PM, David Kupka wrote: On 10/24/2014 01:06 PM, David Kupka wrote: On 10/24/2014 10:43 AM, Martin Basti wrote: On 24/10/14 09:51, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4585 NACK 1) Why is there line with 'DS System User?' The comment should depend on service. +args = [ +paths.USERADD, +'-g', group, +'-c', 'DS System User', +'-d', homedir, +'-s', shell, +'-M', '-r', name, +] This was part of the original code and I didn't notice it. Nice catch, thanks. 2) code create_system_user is duplicated between base and redhat tasks with platform dependent changes. IMO it would be better to have one method to create user, with keyword arguments. And then platform dependent method which will call method to create user with appropriate arguments (or with default arguments) You're right it was ugly. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel I shouldn't break SOLID principles. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Using super is probably better that explicit naming of parent class. Let user (developer) override UID/GID and hope that he knows why ... ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel In your former patch you had pki homedir path VAR_LIB_PKI_DIR : +if name == 'pkiuser': +uid = 17 +gid = 17 +homedir = paths.VAR_LIB_PKI_DIR +shell = paths.NOLOGIN +comment = 'CA System User' in last patch you change it back to: homedir=paths.VAR_LIB, so what is the correct path? -- Martin Basti ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 352 Fixed KRA backend.
On 10/29/2014 08:10 PM, Endi Sukma Dewata wrote: New patch attached. On 10/29/2014 7:58 AM, Petr Viktorin wrote: Dependency is bumped to 10.2.1-0.1 which is available from my COPR repo: dnf copr enable edewata/pki OK. We should get that to an IPA COPR before merging this. How do we do that? Here is the SRPM: https://edewata.fedorapeople.org/pki/copr/pki-core-10.2.1-0.1.fc20.src.rpm Martin and I will handle this today. How can I do some basic smoke check on this? Is there something I still need to to besides ipa-kra-istall? Any other patches? [...] The simplest test is probably this: from ipalib import api api.bootstrap(context='server') api.finalize() kra_client = api.Backend.kra.get_client() transport_cert = kra_client.system_certs.get_transport_cert() print Serial number: %s % transport_cert.serial_number print Issuer DN: %s % transport_cert.issuer_dn print Subject DN: %s % transport_cert.subject_dn print transport_cert.encoded Thanks! Works here; the rest is for other patches. ACK, to be pushed when the COPR is ready. -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 334 Do not wait for new CA certificate to appear in LDAP in ipa-certupdate
On 10/29/2014 03:29 PM, David Kupka wrote: On 10/15/2014 04:38 PM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4628. It depends on my patch 333, which is also attached. (The original patch was posted at http://www.redhat.com/archives/freeipa-devel/2014-September/msg00454.html.) How to test: 1. install server 2. run ipa-certupdate 3. run getcert list -d /etc/pki/pki-tomcat/alias -n 'caSigningCert cert-pki-ca', the request should be in MONITORING state, there should be no ca-error Honza Works for me, ACK. Note: Push only freeipa-jcholast-334 patch, patch freeipa-jcholast-333 was already ACKed and pushed. Pushed to: master: 35947c6e103a18c3f81af4b6d3795218a93b3b57 ipa-4-1: 1b940d39f3908c3ce18a16c45c6ac06c9b704d8e -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0154] Add bind-dyndb-ldap workdir to IPA specfile
https://fedorahosted.org/freeipa/ticket/4657#comment:6 Patch attached. -- Martin Basti From 533948d2c45fe008c16b1a0c9dead67da274ca71 Mon Sep 17 00:00:00 2001 From: Martin Basti mba...@redhat.com Date: Thu, 30 Oct 2014 14:14:58 +0100 Subject: [PATCH] Add bind-dyndb-ldap working dir to IPA specfile https://fedorahosted.org/freeipa/ticket/4657#comment:6 --- freeipa.spec.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 11c2cef0063e163d8104e6b18943585509112d55..21ff3b4d860f676a1a317c932952269406a9adf0 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -420,6 +420,7 @@ mkdir -p %{buildroot}%{_usr}/share/ipa/html/ /bin/touch %{buildroot}%{_usr}/share/ipa/html/preferences.html mkdir -p %{buildroot}%{_initrddir} mkdir %{buildroot}%{_sysconfdir}/sysconfig/ +mkdir -p %{buildroot}%{_localstatedir}/named/dyndb-ldap/ipa/ install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached install -m 644 init/ipa-dnskeysyncd.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-dnskeysyncd install -m 644 init/ipa-ods-exporter.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-ods-exporter @@ -659,6 +660,7 @@ fi %config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter %dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/ %dir %attr(0700,root,root) %{_localstatedir}/run/ipa/ +%dir %attr(0770,named,named) %{_localstatedir}/named/dyndb-ldap/ipa/ # NOTE: systemd specific section %{_tmpfilesdir}/%{name}.conf %attr(644,root,root) %{_unitdir}/ipa.service -- 1.8.3.1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel