date:20161012

  URL: https://github.com/freeipa/freeipa/pull/158
Title: #158: WebUI: update Patternfly and Bootstrap

pvomacka commented:
"""
@redhatrises  Thank you for the comment and the link. I agree that it would be 
really nice, but unfortunately there is no PatternFly package in Fedora. 

Anyway, I would be happy to do a review of a PatternFly package.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/158#issuecomment-253262288
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#157][comment] git: Add commit template

  URL: https://github.com/freeipa/freeipa/pull/157
Title: #157: git: Add commit template

mzidek-rh commented:
"""
Forgot to add a comment. I updated the patch according to jcholast's comments.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/157#issuecomment-253261173
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#156][comment] cert: add revocation reason back to cert-find output

  URL: https://github.com/freeipa/freeipa/pull/156
Title: #156: cert: add revocation reason back to cert-find output

pvomacka commented:
"""
I found one difference in output of cert-find command before and after this 
patch, it behaves differently only with --raw option. In output of the command 
without your commit there is following line: revoked: True . With your changes 
this line is missing. 

Tried using this command (the same behaviour is in API):  
ipa cert-find --user='test_user' --raw (--all)

Would it be possible to keep there also this information? 
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/156#issuecomment-253252364
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] Building refactoring branches in copr

2016-10-12 Thread David Kupka


Hello everyone,
as we already agreed we will have branches for our refactoring efforts 
somewhere and we will build them in copr so then can be easily consumed 
by CI and also everyone else willing to test them.


I already put together simple script that pulls new patches makes srpm 
and submits it to copr build system. In order to avoid everyone else 
inventing the same wheel I can add all the refactoring branches, create 
copr repos and run the script with cron.


If you would like me to take care about your refactoring branch just 
send me its location and consider it done.


--
David Kupka

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#157][synchronized] git: Add commit template

   URL: https://github.com/freeipa/freeipa/pull/157
Author: mzidek-rh
 Title: #157: git: Add commit template
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/157/head:pr157
git checkout pr157
From 6780d0fd78a53a5b9d38c4a9f37bfbb3e7e5a6b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Wed, 12 Oct 2016 13:28:18 +0200
Subject: [PATCH] git: Add commit template

In order to use the commit template, run the
following command:
git config commit.template .git-commit-template
---
 .git-commit-template | 8 
 1 file changed, 8 insertions(+)
 create mode 100644 .git-commit-template

diff --git a/.git-commit-template b/.git-commit-template
new file mode 100644
index 000..67f5f41
--- /dev/null
+++ b/.git-commit-template
@@ -0,0 +1,8 @@
+# Try to keep the subject line within 52 chars |
+# Also please try to not exceed 72 characters of length for the body --|
+
+component: Subject
+
+Explanation
+
+https://fedorahosted.org/freeipa/ticket/
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#159][opened] spec file: clean up BuildRequires

2016-10-12 Thread jcholast

   URL: https://github.com/freeipa/freeipa/pull/159
Author: jcholast
 Title: #159: spec file: clean up BuildRequires
Action: opened

PR body:
"""
Add missing cyrus-sasl-devel, python-cffi, python-custodia, python-nose,
python-paste, python-sssdconfig and systemd-python BuildRequires.

Remove unused custodia, java-headless, m4, policycoreutils,
python-kdcproxy, python-rhsm, pyOpenSSL and systemd-units BuildRequires.

Correct versioned BuildRequires and provide explanatory comments.

**spec file: do not include BuildRequires for lint by default**

Lint is never executed from rpmbuild, so the BuildRequires for lint are
purely informational.

Include them only if %with_lint RPM macro is specified.

**pylint: enable the import-error check**

Check for import errors with pylint to make sure new python package
dependencies are not overlooked.

**ipaserver: remove ipalib import from setup.py**

Instead of importing ipalib to get IPA version string, create setup.py from
a template and have the version string automatically filled in.

This makes it possible to build the ipaserver package without having to
have ipalib dependencies installed.

**makeapi, makeaci: do not fail on missing imports**

Add import hook to makeapi and makeaci which makes them ignore import
errors in modules in our source tree and instead print a warning.

This makes it possible to build IPA without having to have most of our
runtime dependencies installed.

**client: remove unused libcurl build dependency**

**pwpolicy: do not run klist on import**

On pwpolicy module import, "klist -V" is run to determine if the installed
krb5 version supports account lockout (>= 1.8).

Remove the check, as we require a krb5 version which does support account
lockout (1.12).
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/159/head:pr159
git checkout pr159
From 506b3e9324bf0497162405594f8bc316b723f7ad Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Wed, 12 Oct 2016 13:20:32 +0200
Subject: [PATCH 1/7] spec file: clean up BuildRequires

Add missing cyrus-sasl-devel, python-cffi, python-custodia, python-nose,
python-paste, python-sssdconfig and systemd-python BuildRequires.

Remove unused custodia, java-headless, m4, policycoreutils,
python-kdcproxy, python-rhsm, pyOpenSSL and systemd-units BuildRequires.

Correct versioned BuildRequires and provide explanatory comments.
---
 freeipa.spec.in | 125 +---
 1 file changed, 75 insertions(+), 50 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index e5e1292..c44929b 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -43,82 +43,107 @@ URL:http://www.freeipa.org/
 Source0:freeipa-%{version}.tar.gz
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-%if ! %{ONLY_CLIENT}
-BuildRequires:  389-ds-base-devel >= 1.3.5.6
-BuildRequires:  svrcore-devel
-BuildRequires:  policycoreutils >= 2.1.12-5
-BuildRequires:  systemd-units
-BuildRequires:  samba-devel >= %{samba_version}
-BuildRequires:  samba-python
-BuildRequires:  libtalloc-devel
-BuildRequires:  libtevent-devel
-%endif # ONLY_CLIENT
-BuildRequires:  nspr-devel
-BuildRequires:  nss-devel
-BuildRequires:  openssl-devel
 BuildRequires:  openldap-devel
-BuildRequires:  krb5-devel >= 1.13
-BuildRequires:  krb5-workstation
-BuildRequires:  libuuid-devel
-BuildRequires:  libcurl-devel >= 7.21.7-2
+# 1.12: libkrad (http://krbdev.mit.edu/rt/Ticket/Display.html?id=7678)
+BuildRequires:  krb5-devel >= 1.12
+BuildRequires:  libcurl-devel
+# 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation
 BuildRequires:  xmlrpc-c-devel >= 1.27.4
 BuildRequires:  popt-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
-BuildRequires:  m4
 BuildRequires:  libtool
 BuildRequires:  gettext
 BuildRequires:  python-devel
+%if 0%{?with_python3}
+BuildRequires:  python3-devel
+%endif # with_python3
+# %{_unitdir}, %{_tmpfilesdir}
+BuildRequires:  systemd
+BuildRequires:  libini_config-devel
+BuildRequires:  cyrus-sasl-devel
+%if ! %{ONLY_CLIENT}
+# 1.3.3.9: DS_Sleep (https://fedorahosted.org/389/ticket/48005)
+BuildRequires:  389-ds-base-devel >= 1.3.3.9
+BuildRequires:  svrcore-devel
+%if 0%{?rhel}
+BuildRequires:  samba-devel >= 4.0.0
+%else
+BuildRequires:  samba-devel >= 2:4.0.0
+%endif
+BuildRequires:  libtalloc-devel
+BuildRequires:  libtevent-devel
+BuildRequires:  nspr-devel
+BuildRequires:  nss-devel
+BuildRequires:  openssl-devel
+BuildRequires:  libuuid-devel
 BuildRequires:  python-ldap
-BuildRequires:  python-setuptools
-BuildRequires:  python-nss
-BuildRequires:  python-cryptography >= 0.9
 BuildRequires:  python-netaddr
-BuildRequires:  python-gssapi >= 1.1.2
-BuildRequires:  python-rhsm
-BuildRequires:  pyOpenSSL
-BuildRequires:  pylint >= 1.0
-# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
-BuildRequires:  python2-polib
-BuildRequires:

Re: [Freeipa-devel] Feature branches for sub-team efforts

2016-10-12 Thread Alexander Bokovoy


On ke, 12 loka 2016, David Kupka wrote:

On 11/10/16 16:27, Alexander Bokovoy wrote:

On ti, 11 loka 2016, Petr Vobornik wrote:

On 10/11/2016 03:50 PM, Alexander Bokovoy wrote:

On ti, 11 loka 2016, Petr Vobornik wrote:

Hi List,

we discussed locally a proposal about creating a feature branch for
each
sub-team effort in our main git. Currently it would be for the 4
ongoing
refactoring efforts + Simo's work

Why?
It will allow each developer to create a pull request against the
feature branch and thus it will enable iterative development by
multiple
devs without affecting other sub-teams. When the
feature(refactoring) is
finished, the branch would be rebased on master and merged there. Note:
rebases can be done as needed - e.g. when other subteam finishes its
work.

Concerns:
1. Upstream git repo would be full of such branches.
- This can be mitigated by deleting the feature branches when their are
released or merged(up to discussion)

Don't put them in the upstream git repo. Let people decide where they
want to have them -- all Fedora contributors have access to
fedorapeople.org git hosting and there is github one button click
('Clone') away from the github mirror.

It is not a problem to keep a separate git branch published this way.



It is not a matter of making the code public. That can be done easily as
you write. Other alternative is own branch in GitHub fork.


May be I misunderstand you -- if you just want people to propose merge
requests on github with pre-defined names, then that's just fine.



Basically it's all about review.

Example use case: More than 1 devs are working on a same big effort.
This effort will probably consists of 10s of commits. The big effort is
divided into smaller ones which can be implemented and reviewed
separately. In our previous mode, the sub task would be merged to master
it is reviewed and ACKed. But now we cannot do that. We want to merge
the whole big task at once when it is finishes and tested.

One dev could probably have a branch on personal fork of FreeIPA on
GitHub which would work as the feature branch. Other team members would
create pull requests against it.

In such case we would loose mail notifications and would have to extend
our tooling because ipatool can use only one upstream on push.

So I still think this is not a problem. If people can agree which git
repo clone will be primary one and submit merge requests against it,
then there is no problem in having that git repo's branch to be
submitted as the pull request against the main git repo. This way you'll
get all the changes seen at the pull request sync time.



From my POV, when we create the refactoring branches in upstream we 
get this for free:

* our minimal but convenient CI (lint + build on each PR)
* mail notifications
* tooling (ipatool pr-push XYZ -b refactoring-xyz just works)

When creating them elsewhere we get:
* confusion (no team-wide notifications, each effort in other fork)
* manual rebasing and pushing

This is rehashing of what Petr wrote already. And I understand the
benefits of it. However, I don't like one part of the proposal: removing
branches from upstream when feature is merged. This is heavily against
accountability -- we should never remove anything from the primary git
tree. Also, this churn of branches creates a lot of issues in terms of
maintaining internal git datastore as you'll need to clean it from time
to time.

At this point I don't really see how benefits could outweigh the
negatives in the longer term. Thousands of projects are working with
separate git trees and do pull requests without negative of having to
keep all the temporary feature branches in the main git tree. Why can't
we?



So I think it's best to create the branches in upstream repo. I don't 
care about names and also I don't care what happens with them after 
the effort is done.


--
David Kupka


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Feature branches for sub-team efforts

2016-10-12 Thread David Kupka


On 11/10/16 16:27, Alexander Bokovoy wrote:

On ti, 11 loka 2016, Petr Vobornik wrote:

On 10/11/2016 03:50 PM, Alexander Bokovoy wrote:

On ti, 11 loka 2016, Petr Vobornik wrote:

Hi List,

we discussed locally a proposal about creating a feature branch for
each
sub-team effort in our main git. Currently it would be for the 4
ongoing
refactoring efforts + Simo's work

Why?
It will allow each developer to create a pull request against the
feature branch and thus it will enable iterative development by
multiple
devs without affecting other sub-teams. When the
feature(refactoring) is
finished, the branch would be rebased on master and merged there. Note:
rebases can be done as needed - e.g. when other subteam finishes its
work.

Concerns:
1. Upstream git repo would be full of such branches.
- This can be mitigated by deleting the feature branches when their are
released or merged(up to discussion)

Don't put them in the upstream git repo. Let people decide where they
want to have them -- all Fedora contributors have access to
fedorapeople.org git hosting and there is github one button click
('Clone') away from the github mirror.

It is not a problem to keep a separate git branch published this way.



It is not a matter of making the code public. That can be done easily as
you write. Other alternative is own branch in GitHub fork.


May be I misunderstand you -- if you just want people to propose merge
requests on github with pre-defined names, then that's just fine.



Basically it's all about review.

Example use case: More than 1 devs are working on a same big effort.
This effort will probably consists of 10s of commits. The big effort is
divided into smaller ones which can be implemented and reviewed
separately. In our previous mode, the sub task would be merged to master
it is reviewed and ACKed. But now we cannot do that. We want to merge
the whole big task at once when it is finishes and tested.

One dev could probably have a branch on personal fork of FreeIPA on
GitHub which would work as the feature branch. Other team members would
create pull requests against it.

In such case we would loose mail notifications and would have to extend
our tooling because ipatool can use only one upstream on push.

So I still think this is not a problem. If people can agree which git
repo clone will be primary one and submit merge requests against it,
then there is no problem in having that git repo's branch to be
submitted as the pull request against the main git repo. This way you'll
get all the changes seen at the pull request sync time.



From my POV, when we create the refactoring branches in upstream we get 
this for free:

* our minimal but convenient CI (lint + build on each PR)
* mail notifications
* tooling (ipatool pr-push XYZ -b refactoring-xyz just works)

When creating them elsewhere we get:
* confusion (no team-wide notifications, each effort in other fork)
* manual rebasing and pushing

So I think it's best to create the branches in upstream repo. I don't 
care about names and also I don't care what happens with them after the 
effort is done.


--
David Kupka

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

2016-10-12 Thread Martin Basti


1)

Can you just turn off dirsrv on replica instead of doing iptables magic?


2) NACK

No more eval() ever in code, use 'getattr', 'get' or whatever in the 
object that can be used.


+evalhost = eval("args[0].%s" % host)

Martin^2

On 12.10.2016 14:03, Oleg Fayans wrote:

Hi Martin,

After extensive discussion with Ludwig, I finally got the clue on how 
does this feature work. When we uninstall the replica, the master 
cleans the replication agreements with this replica and automatically 
cleans all replica's RUVs.
If we clean replica's RUVs on master without uninstalling the replica, 
the replica's RUVs get recreated on master (replication works!). So, 
the only way to test the clean-ruv subcommand is to turn off the 
replica, or block the traffic on it so it gets inaccessible to updates 
from master.

The testcases were updated, see [1] and [2]

The updated versions of the patches are attached

[1] 
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan#Test_case:_.2A-ruv_subcommands_of_ipa-replica-manage_are_extended_to_handle_CA-specific_RUVs


[2] 
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan#Test_case:_clean-ruv_subcommand


On 08/05/2016 06:36 PM, Martin Basti wrote:



On 03.08.2016 14:45, Oleg Fayans wrote:

Hi Martin,

Thanks for the review! Both patches were updated.

On 07/28/2016 04:11 PM, Martin Basti wrote:



On 08.07.2016 15:41, Oleg Fayans wrote:

Hi Martin,

Thanks for the review!

On 07/08/2016 02:18 PM, Martin Basti wrote:



On 27.06.2016 13:53, Oleg Fayans wrote:

Hi guys,

Is there a chance the patches NN 0047.1 and 0048.1 get reviewed
before
4.4 release? They cover a good part of the Managed Topology 4.4
feature.

On 06/17/2016 11:18 AM, Oleg Fayans wrote:

One more test was added to the patch-0048

On 06/17/2016 09:43 AM, Oleg Fayans wrote:
Fixed a bug in the previous patch, automated 2 more testcases 
from
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan 






On 06/16/2016 04:46 PM, Oleg Fayans wrote:










IIUC, this will turn off the machine completely, how is cleanup done
then.  AFAIK our tests cannot turn on machine again and run
cleanup, so
you will not be able to run more tests on the same topology without
manual cleanup and manual start.

+replica = self.replicas[0]
+replica.run_command(['poweroff'])

IMO would be better to just call 'ipactl stop' instead of 'poweroff'


Agreed! Fixed.



Martin^2






*Automated ipa-replica-manage del tests*

1)
+replica.run_command(['ipactl', 'stop'])
+time.sleep(3)

Why do you need sleep here?


Removed, it was left from the old "poweroff" approach




2)
+ruvid_re = re.compile(".*%s:389: (\d+).*" % replica.hostname)
+replica_ruvs = ruvid_re.findall(result.stdout_text)
+master.run_command(['ipa-replica-manage', 'clean-ruv', 'f',
+'-p', master.config.dirman_password,
+replica_ruvs[0]])

Because you are using re.findall(), without any match you will receive
IndexError here replica_ruvs[0]. IMO it deserves assert before


Implemented the assert which checks that the output contains enough
replica RUVs



3)
assert(replica.hostname in result1.stdout_text)

I think that this is error prone. What if there is just error 
'could not
connect to replica ', or something similar. 
instead of
listing/cleaning/whatever operation was executed. I think that it 
should
be more specific regexp than just finding a replica name substring  
(Yes

In IPA we dont always print error so stderr)

I'm not sure, but probably there might be cases when non critical 
error

happen and exist status is still 0


Agree. Implemented a regex-based search



4)

+replica.run_command(['poweroff'])
+time.sleep(3)

There should not be poweroff, probably sleep could be removed too.


Gone




  *   Automated clean-ruv subcommand test*

1) PEP8, 2 new lines expected
./ipatests/test_integration/test_topology.py:163:1: E302 expected 2
blank lines, found 0
./ipatests/test_integration/test_topology.py:182:80: E501 line too 
long

(85 > 79 characters)


Fixed




2)
I dont like doing assert just with count of occurences of substring in
STDOUT, would be possible to improve this somehow?


Maybe, but frankly, I don't see how. In this case we are making sure
that both simple and CA-specific RUVs of a replica are displayed. The
format of the output is strict:
Replica Update Vectors:
replica1_hostname:389: RUV_id
replica2_hostname:389: RUV_id
Certificate Server Replica Update Vectors:
replica1_hostname:389: RUV_id
replica2_hostname:389: RUV_id
If we do not see 2 occurrences of the replica hostname than definitely
something went wrong



3)
I'm not sure if clean-ruv is instant operations or there is some magic
happening in background (we have abort-clean-ruv). Maybe some sleep
should be there, but this needs investigation.

+assert(replica.hostname in

[Freeipa-devel] [freeipa PR#158][comment] WebUI: update Patternfly and Bootstrap

2016-10-12 Thread redhatrises

  URL: https://github.com/freeipa/freeipa/pull/158
Title: #158: WebUI: update Patternfly and Bootstrap

redhatrises commented:
"""
@pvomacka should this use the patternfly RPM rather than having the code copied 
here as well? See 
https://www.redhat.com/archives/patternfly/2014-July/msg00017.html
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/158#issuecomment-253200408
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#158][comment] WebUI: update Patternfly and Bootstrap

2016-10-12 Thread redhatrises

  URL: https://github.com/freeipa/freeipa/pull/158
Title: #158: WebUI: update Patternfly and Bootstrap

redhatrises commented:
"""
@pvomacka should this use the patternfly RPM rather than having the code copied 
here as well? See 
https://www.redhat.com/archives/patternfly/2014-July/msg00017.html
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/158#issuecomment-253200408
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [Test][Patch-0047] Added a test for Ticket N 5964

2016-10-12 Thread Oleg Fayans


Hi Martin,

After extensive discussion with Ludwig, I finally got the clue on how 
does this feature work. When we uninstall the replica, the master cleans 
the replication agreements with this replica and automatically cleans 
all replica's RUVs.
If we clean replica's RUVs on master without uninstalling the replica, 
the replica's RUVs get recreated on master (replication works!). So, the 
only way to test the clean-ruv subcommand is to turn off the replica, or 
block the traffic on it so it gets inaccessible to updates from master.

The testcases were updated, see [1] and [2]

The updated versions of the patches are attached

[1] 
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan#Test_case:_.2A-ruv_subcommands_of_ipa-replica-manage_are_extended_to_handle_CA-specific_RUVs


[2] 
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan#Test_case:_clean-ruv_subcommand


On 08/05/2016 06:36 PM, Martin Basti wrote:



On 03.08.2016 14:45, Oleg Fayans wrote:

Hi Martin,

Thanks for the review! Both patches were updated.

On 07/28/2016 04:11 PM, Martin Basti wrote:



On 08.07.2016 15:41, Oleg Fayans wrote:

Hi Martin,

Thanks for the review!

On 07/08/2016 02:18 PM, Martin Basti wrote:



On 27.06.2016 13:53, Oleg Fayans wrote:

Hi guys,

Is there a chance the patches NN 0047.1 and 0048.1 get reviewed
before
4.4 release? They cover a good part of the Managed Topology 4.4
feature.

On 06/17/2016 11:18 AM, Oleg Fayans wrote:

One more test was added to the patch-0048

On 06/17/2016 09:43 AM, Oleg Fayans wrote:

Fixed a bug in the previous patch, automated 2 more testcases from
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4/Test_Plan




On 06/16/2016 04:46 PM, Oleg Fayans wrote:










IIUC, this will turn off the machine completely, how is cleanup done
then.  AFAIK our tests cannot turn on machine again and run
cleanup, so
you will not be able to run more tests on the same topology without
manual cleanup and manual start.

+replica = self.replicas[0]
+replica.run_command(['poweroff'])

IMO would be better to just call 'ipactl stop' instead of 'poweroff'


Agreed! Fixed.



Martin^2






*Automated ipa-replica-manage del tests*

1)
+replica.run_command(['ipactl', 'stop'])
+time.sleep(3)

Why do you need sleep here?


Removed, it was left from the old "poweroff" approach




2)
+ruvid_re = re.compile(".*%s:389: (\d+).*" % replica.hostname)
+replica_ruvs = ruvid_re.findall(result.stdout_text)
+master.run_command(['ipa-replica-manage', 'clean-ruv', 'f',
+'-p', master.config.dirman_password,
+replica_ruvs[0]])

Because you are using re.findall(), without any match you will receive
IndexError here replica_ruvs[0]. IMO it deserves assert before


Implemented the assert which checks that the output contains enough
replica RUVs



3)
assert(replica.hostname in result1.stdout_text)

I think that this is error prone. What if there is just error 'could not
connect to replica ', or something similar. instead of
listing/cleaning/whatever operation was executed. I think that it should
be more specific regexp than just finding a replica name substring  (Yes
In IPA we dont always print error so stderr)

I'm not sure, but probably there might be cases when non critical error
happen and exist status is still 0


Agree. Implemented a regex-based search



4)

+replica.run_command(['poweroff'])
+time.sleep(3)

There should not be poweroff, probably sleep could be removed too.


Gone




  *   Automated clean-ruv subcommand test*

1) PEP8, 2 new lines expected
./ipatests/test_integration/test_topology.py:163:1: E302 expected 2
blank lines, found 0
./ipatests/test_integration/test_topology.py:182:80: E501 line too long
(85 > 79 characters)


Fixed




2)
I dont like doing assert just with count of occurences of substring in
STDOUT, would be possible to improve this somehow?


Maybe, but frankly, I don't see how. In this case we are making sure
that both simple and CA-specific RUVs of a replica are displayed. The
format of the output is strict:
Replica Update Vectors:
replica1_hostname:389: RUV_id
replica2_hostname:389: RUV_id
Certificate Server Replica Update Vectors:
replica1_hostname:389: RUV_id
replica2_hostname:389: RUV_id
If we do not see 2 occurrences of the replica hostname than definitely
something went wrong



3)
I'm not sure if clean-ruv is instant operations or there is some magic
happening in background (we have abort-clean-ruv). Maybe some sleep
should be there, but this needs investigation.

+assert(replica.hostname in result2.stdout_text), (
+"The wrong RUV was deleted")
+result3 = master.run_command(['ipa-replica-manage', 'list-ruv',
+  '-p',
master.config.dirman_password])
+assert(result3.stdout_text.count(replica.hostname) == 1), (
+"CA RUV of the

[Freeipa-devel] [freeipa PR#157][comment] git: Add commit template

  URL: https://github.com/freeipa/freeipa/pull/157
Title: #157: git: Add commit template

mzidek-rh commented:
"""
Sure, that was a copy paste mistake in itself :) . Patch updated.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/157#issuecomment-253193300
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#157][synchronized] git: Add commit template

   URL: https://github.com/freeipa/freeipa/pull/157
Author: mzidek-rh
 Title: #157: git: Add commit template
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/157/head:pr157
git checkout pr157
From 3e6b55ffc271c08f66b19a8b3fcfbc430a570a84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Wed, 12 Oct 2016 13:28:18 +0200
Subject: [PATCH] git: Add commit template

In order to use the commit template, run the
following command:
git config commit.template .git-commit-template
---
 .git-commit-template | 9 +
 1 file changed, 9 insertions(+)
 create mode 100644 .git-commit-template

diff --git a/.git-commit-template b/.git-commit-template
new file mode 100644
index 000..a5818a3
--- /dev/null
+++ b/.git-commit-template
@@ -0,0 +1,9 @@
+COMPONENT: Subject
+
+Explanation
+
+Resolves:
+https://fedorahosted.org/freeipa/ticket/
+
+# Try to keep the subject line within 52 chars |
+# Also please try to not exceed 72 characters of length for the body --|
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#157][comment] git: Add commit template

2016-10-12 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/157
Title: #157: git: Add commit template

martbab commented:
"""
Could you please change the link in the template to:

https://fedorahosted.org/freeipa/ticket/

just to avoid copy-paste errors when filling in ticket No.?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/157#issuecomment-253191997
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#157][comment] git: Add commit template

  URL: https://github.com/freeipa/freeipa/pull/157
Title: #157: git: Add commit template

mzidek-rh commented:
"""
This is the same commit template we use in SSSD. Maybe it will be helpful for 
FreeIPA too.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/157#issuecomment-253190654
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#157][opened] git: Add commit template

   URL: https://github.com/freeipa/freeipa/pull/157
Author: mzidek-rh
 Title: #157: git: Add commit template
Action: opened

PR body:
"""
In order to use the commit template, run the
following command:
git config commit.template .git-commit-template
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/157/head:pr157
git checkout pr157
From a9a889b57b2df63629a3e3a3ddb5cca7d2ed1c46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= 
Date: Wed, 12 Oct 2016 13:28:18 +0200
Subject: [PATCH] git: Add commit template

In order to use the commit template, run the
following command:
git config commit.template .git-commit-template
---
 .git-commit-template | 9 +
 1 file changed, 9 insertions(+)
 create mode 100644 .git-commit-template

diff --git a/.git-commit-template b/.git-commit-template
new file mode 100644
index 000..8648238
--- /dev/null
+++ b/.git-commit-template
@@ -0,0 +1,9 @@
+COMPONENT: Subject
+
+Explanation
+
+Resolves:
+https://fedorahosted.org/sssd/ticket/
+
+# Try to keep the subject line within 52 chars |
+# Also please try to not exceed 72 characters of length for the body --|
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#156][opened] cert: add revocation reason back to cert-find output

2016-10-12 Thread jcholast

   URL: https://github.com/freeipa/freeipa/pull/156
Author: jcholast
 Title: #156: cert: add revocation reason back to cert-find output
Action: opened

PR body:
"""
In commit c718ef058847bb39e78236e8af0ad69ac961bbcf some param values were
accidentally removed from cert-find output.

In commit 22d5f579bbd8bb452cf1bf620294ab6ade6e7c47 `serial_number_hex` and
`revoked` were added back.

Add back `revocation_reason` as well.

https://fedorahosted.org/freeipa/ticket/6269
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/156/head:pr156
git checkout pr156
From 149d5ea68acf1bb003e3dbc3bcac6d9f2e4b4e7e Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Wed, 12 Oct 2016 12:58:46 +0200
Subject: [PATCH] cert: add revocation reason back to cert-find output

In commit c718ef058847bb39e78236e8af0ad69ac961bbcf some param values were
accidentally removed from cert-find output.

In commit 22d5f579bbd8bb452cf1bf620294ab6ade6e7c47 `serial_number_hex` and
`revoked` were added back.

Add back `revocation_reason` as well.

https://fedorahosted.org/freeipa/ticket/6269
---
 ipaserver/plugins/cert.py | 17 +
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index e65cf1f..d13974e 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1231,16 +1231,17 @@ def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options):
 obj = {'serial_number': serial_number}
 else:
 obj = ra_obj
-obj['issuer'] = issuer
-obj['subject'] = DN(ra_obj['subject'])
-obj['revoked'] = (
-ra_obj['status'] in (u'REVOKED', u'REVOKED_EXPIRED'))
-
 if all:
-ra_obj = ra.get_certificate(str(serial_number))
-if not raw:
+obj.update(ra.get_certificate(str(serial_number)))
+
+if not raw:
+obj['issuer'] = issuer
+obj['subject'] = DN(ra_obj['subject'])
+obj['revoked'] = (
+ra_obj['status'] in (u'REVOKED', u'REVOKED_EXPIRED'))
+if all:
 obj['certificate'] = (
-ra_obj['certificate'].replace('\r\n', ''))
+obj['certificate'].replace('\r\n', ''))
 self.obj._parse(obj)
 
 obj['cacn'] = ca_obj['cn'][0]
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#155][synchronized] Build system cleanup

2016-10-12 Thread pspacek

   URL: https://github.com/freeipa/freeipa/pull/155
Author: pspacek
 Title: #155: Build system cleanup
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/155/head:pr155
git checkout pr155
From e641d9cf9b9e596bd335f89080eaf79d019fee73 Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Wed, 12 Oct 2016 10:52:43 +0200
Subject: [PATCH 1/7] Build: add missing KRB5_LIBS to daemons/ipa-otpd

It was working accidentally because krb5 libs are part of OPENLDAP_LIBS.
---
 daemons/ipa-otpd/Makefile.am | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am
index 8392174..946b882 100644
--- a/daemons/ipa-otpd/Makefile.am
+++ b/daemons/ipa-otpd/Makefile.am
@@ -1,5 +1,5 @@
-AM_CFLAGS := @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@
-AM_LDFLAGS := @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@
+AM_CFLAGS := @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ @KRB5_CFLAGS@
+AM_LDFLAGS := @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ @KRB5_LIBS@
 
 noinst_HEADERS = internal.h
 libexec_PROGRAMS = ipa-otpd

From f6feb2765f66ad3cf64849a2b508229e2802c23b Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Wed, 12 Oct 2016 10:57:57 +0200
Subject: [PATCH 2/7] Build: modernize Kerberos library detection

Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.

libkrad does not have package config file so we keep the old way here.
---
 daemons/configure.ac | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 5c5a104..1d0209d 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -54,15 +54,11 @@ dnl ---
 dnl - Check for KRB5
 dnl ---
 
-AC_CHECK_HEADER(krb5.h, [], [AC_MSG_ERROR([krb5.h not found])])
+PKG_CHECK_MODULES([KRB5], [krb5], [], [AC_MSG_ERROR([libkrb5 not found])])
 AC_CHECK_HEADER(krad.h, [], [AC_MSG_ERROR([krad.h not found])])
-AC_CHECK_LIB(krb5, main, [], [AC_MSG_ERROR([libkrb5 not found])])
-AC_CHECK_LIB(k5crypto, main, [krb5crypto=k5crypto], [krb5crypto=crypto])
 AC_CHECK_LIB(krad, main, [], [AC_MSG_ERROR([libkrad not found])])
-KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"
 KRAD_LIBS="-lkrad"
 krb5rundir="${localstatedir}/run/krb5kdc"
-AC_SUBST(KRB5_LIBS)
 AC_SUBST(KRAD_LIBS)
 AC_SUBST(krb5rundir)
 

From 2d7bb09e5a161cba81881b9be375b801bb280d48 Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Wed, 12 Oct 2016 10:58:22 +0200
Subject: [PATCH 3/7] Build: modernize UUID library detection

Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.
---
 daemons/configure.ac | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 1d0209d..34773f9 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -135,10 +135,7 @@ AC_SUBST(SSL_LIBS)
 dnl ---
 dnl - Check for UUID library
 dnl ---
-AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([uuid/uuid.h not found])])
-
-AC_CHECK_LIB(uuid, uuid_generate_time, [UUID_LIBS="-luuid"])
-AC_SUBST(UUID_LIBS)
+PKG_CHECK_MODULES([UUID], [uuid], [], [AC_MSG_ERROR([libuuid not found])])
 
 dnl ---
 dnl - Check for Python

From 2855f61fda02c9ba00d1ebcbfd1c1cb7b1e5a3f0 Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Wed, 12 Oct 2016 11:01:02 +0200
Subject: [PATCH 4/7] Build: modernize crypto library detection

Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.
---
 daemons/configure.ac| 9 ++---
 daemons/ipa-sam/Makefile.am | 3 ++-
 daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am | 4 ++--
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 34773f9..958f01c 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -125,12 +125,7 @@ AC_SUBST(LDAP_LIBS)
 dnl ---
 dnl - Check for OpenSSL Crypto library
 dnl ---

[Freeipa-devel] [freeipa PR#154][+pushed] [ipa-4-4] Rebase: Tests: Fix cert revocation tests

  URL: https://github.com/freeipa/freeipa/pull/154
Title: #154: [ipa-4-4] Rebase: Tests: Fix cert revocation tests

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#154][closed] [ipa-4-4] Rebase: Tests: Fix cert revocation tests

   URL: https://github.com/freeipa/freeipa/pull/154
Author: mirielka
 Title: #154: [ipa-4-4] Rebase: Tests: Fix cert revocation tests
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/154/head:pr154
git checkout pr154
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#154][comment] [ipa-4-4] Rebase: Tests: Fix cert revocation tests

  URL: https://github.com/freeipa/freeipa/pull/154
Title: #154: [ipa-4-4] Rebase: Tests: Fix cert revocation tests

mbasti-rh commented:
"""
Fixed upstream
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/afabdd365a35e0e454997ff021152422bcbcf785
https://fedorahosted.org/freeipa/changeset/c8cdc6a9e6cf68f67d2e8df5aa7b22e13c26
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/154#issuecomment-253180869
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#154][+ack] [ipa-4-4] Rebase: Tests: Fix cert revocation tests

  URL: https://github.com/freeipa/freeipa/pull/154
Title: #154: [ipa-4-4] Rebase: Tests: Fix cert revocation tests

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] HBAC for AD users Active Directory trust setup

2016-10-12 Thread Alexander Bokovoy


On ke, 12 loka 2016, rajat gupta wrote:

Hi,

thank you for answering.

I this case i need to create multiple group in AD side. like user1  have
only "server1.example.com" and "server2.example.com" access and some other
user have some other server access. Then only the my  HBAC
rule will be implemented to particular  group  and every time i need to add
user in  AD side on particular group if I want to give some other server
access to user. And i don't want do like this.

It is up to you what you want to implement. The means are all there. But
read my responses on the freeipa-users@ to understand why we implemented
it this way.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] HBAC for AD users Active Directory trust setup

2016-10-12 Thread rajat gupta

Hi,

thank you for answering.

I this case i need to create multiple group in AD side. like user1  have
only "server1.example.com" and "server2.example.com" access and some other
user have some other server access. Then only the my  HBAC
rule will be implemented to particular  group  and every time i need to add
user in  AD side on particular group if I want to give some other server
access to user. And i don't want do like this.


On Wed, Oct 12, 2016 at 11:05 AM, Alexander Bokovoy 
wrote:

> On ke, 12 loka 2016, rajat gupta wrote:
>
>> Hi,
>>
>> Normally HBAC for AD users should be done through an external group.
>>
> You should use freeipa-users@ mailing list for these questions.
>
> And start with documentation: https://access.redhat.com/docu
> mentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/
> Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterp
> rise_Linux/7/html-single/Windows_Integration_Guide/index.html
>
>
>
>> So for example if we have 500+ users on AD and only 100 user are
>> administrator and they have Linux server access.
>>
>> I want to set  the HBAC and sudo rules for users. So user have correct
>> access server access and sudo rights and I am using the *Active Directory
>> trust setup*
>>
>> In this case i need to add all of the 100 users on in Freeipa as external
>> group.
>>
>> for example :- user1 user name in AD
>>
>> *user1-external* external group in IPA for trusted domain users
>> *user1 :-  *POSIX group for external
>>
> No, you don't need to do that. All you need to do is to create a group
> on AD side where your users to access Linux systems would be added and
> then add that group to the external group on IPA side.
>
> Do we have document for implementing the HBAC and Sudo Rules for external
>> group.
>>
> See above documentation and discussions on freeipa-users@ mailing list.
>
> --
> / Alexander Bokovoy
>



-- 

*Rajat Gupta *
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#155][opened] Build system cleanup

2016-10-12 Thread pspacek

   URL: https://github.com/freeipa/freeipa/pull/155
Author: pspacek
 Title: #155: Build system cleanup
Action: opened

PR body:
"""
This is first step in build system refactoring effort.

This patch set contains cleanup patches for daemons/configure.ac.
After the cleanup, the file will be "promoted" to top-level configure.ac
and merged with other configure.ac files in subdirectories.

I did not touch other configure.ac files on purpose as these mostly duplicate
daemons/configure.ac and will be simply dropped later on.

From functional perspective, there should not be any visible changes.
FreeIPA should build as before, using the same horrible Makefile.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/155/head:pr155
git checkout pr155
From e641d9cf9b9e596bd335f89080eaf79d019fee73 Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Wed, 12 Oct 2016 10:52:43 +0200
Subject: [PATCH 1/6] Build: add missing KRB5_LIBS to daemons/ipa-otpd

It was working accidentally because krb5 libs are part of OPENLDAP_LIBS.
---
 daemons/ipa-otpd/Makefile.am | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am
index 8392174..946b882 100644
--- a/daemons/ipa-otpd/Makefile.am
+++ b/daemons/ipa-otpd/Makefile.am
@@ -1,5 +1,5 @@
-AM_CFLAGS := @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@
-AM_LDFLAGS := @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@
+AM_CFLAGS := @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ @KRB5_CFLAGS@
+AM_LDFLAGS := @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ @KRB5_LIBS@
 
 noinst_HEADERS = internal.h
 libexec_PROGRAMS = ipa-otpd

From f6feb2765f66ad3cf64849a2b508229e2802c23b Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Wed, 12 Oct 2016 10:57:57 +0200
Subject: [PATCH 2/6] Build: modernize Kerberos library detection

Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.

libkrad does not have package config file so we keep the old way here.
---
 daemons/configure.ac | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 5c5a104..1d0209d 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -54,15 +54,11 @@ dnl ---
 dnl - Check for KRB5
 dnl ---
 
-AC_CHECK_HEADER(krb5.h, [], [AC_MSG_ERROR([krb5.h not found])])
+PKG_CHECK_MODULES([KRB5], [krb5], [], [AC_MSG_ERROR([libkrb5 not found])])
 AC_CHECK_HEADER(krad.h, [], [AC_MSG_ERROR([krad.h not found])])
-AC_CHECK_LIB(krb5, main, [], [AC_MSG_ERROR([libkrb5 not found])])
-AC_CHECK_LIB(k5crypto, main, [krb5crypto=k5crypto], [krb5crypto=crypto])
 AC_CHECK_LIB(krad, main, [], [AC_MSG_ERROR([libkrad not found])])
-KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"
 KRAD_LIBS="-lkrad"
 krb5rundir="${localstatedir}/run/krb5kdc"
-AC_SUBST(KRB5_LIBS)
 AC_SUBST(KRAD_LIBS)
 AC_SUBST(krb5rundir)
 

From 2d7bb09e5a161cba81881b9be375b801bb280d48 Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Wed, 12 Oct 2016 10:58:22 +0200
Subject: [PATCH 3/6] Build: modernize UUID library detection

Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.
---
 daemons/configure.ac | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 1d0209d..34773f9 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -135,10 +135,7 @@ AC_SUBST(SSL_LIBS)
 dnl ---
 dnl - Check for UUID library
 dnl ---
-AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([uuid/uuid.h not found])])
-
-AC_CHECK_LIB(uuid, uuid_generate_time, [UUID_LIBS="-luuid"])
-AC_SUBST(UUID_LIBS)
+PKG_CHECK_MODULES([UUID], [uuid], [], [AC_MSG_ERROR([libuuid not found])])
 
 dnl ---
 dnl - Check for Python

From 2855f61fda02c9ba00d1ebcbfd1c1cb7b1e5a3f0 Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Wed, 12 Oct 2016 11:01:02 +0200
Subject: [PATCH 4/6] Build: modernize crypto library detection

Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.
---
 daemons/configure.ac| 9 ++---

[Freeipa-devel] [freeipa PR#153][closed] [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1

   URL: https://github.com/freeipa/freeipa/pull/153
Author: martbab
 Title: #153: [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/153/head:pr153
git checkout pr153
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#153][comment] [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1

  URL: https://github.com/freeipa/freeipa/pull/153
Title: #153: [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1

mbasti-rh commented:
"""
Fixed upstream
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/2b2fc1abf1844b807e50b99f0912fa10d9169eca
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/153#issuecomment-253161249
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#153][+pushed] [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1

  URL: https://github.com/freeipa/freeipa/pull/153
Title: #153: [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#153][+ack] [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1

  URL: https://github.com/freeipa/freeipa/pull/153
Title: #153: [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Broken IPA installation caused by new python-dns package

2016-10-12 Thread Petr Spacek

On 10.10.2016 10:28, Martin Basti wrote:
> https://bodhi.fedoraproject.org/updates/FEDORA-2016-1857421df6
> 
> 
> Please set karma accordingly
> 
> 
> Traceback:
> 
> ...
> 
>   File "/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py",
> line 426, in update_dns_records
> self.update_base_records(),
>   File "/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py",
> line 377, in update_base_records
> base_zone = self.get_base_records()
>   File "/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py",
> line 328, in get_base_records
> include_kerberos_realm=include_kerberos_realm
>   File "/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py",
> line 179, in _add_base_dns_records_for_server
> self.__add_kerberos_txt_rec(zone_obj)
>   File "/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py",
> line 165, in __add_kerberos_txt_rec
> rdataset.add(rd, ttl=86400)  # FIXME: use TTL from config
>   File "/usr/lib/python2.7/site-packages/dns/rdataset.py", line 129, in add
> super(Rdataset, self).add(rd)
>   File "/usr/lib/python2.7/site-packages/dns/set.py", line 49, in add
> if item not in self.items:
>   File "/usr/lib/python2.7/site-packages/dns/rdata.py", line 217, in __eq__
> return self._cmp(other) == 0
>   File "/usr/lib/python2.7/site-packages/dns/rdata.py", line 203, in _cmp
> our = self.to_digestable(dns.name.root)
>   File "/usr/lib/python2.7/site-packages/dns/rdata.py", line 174, in
> to_digestable
> self.to_wire(f, None, origin)
>   File "/usr/lib/python2.7/site-packages/dns/rdtypes/txtbase.py", line 75, in
> to_wire
> file.write(s)
> 
> 2016-10-10T04:44:05Z DEBUG The ipa-replica-install command failed, exception:
> TypeError: 'unicode' does not have the buffer interface
> 2016-10-10T04:44:05Z ERROR 'unicode' does not have the buffer interface
> 
> 
> I'll investigate if IPA using it wrong or there is new error introduced in
> pyhton-dns

For archaeologists:
Fix
https://github.com/freeipa/freeipa/pull/150
was merged.

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] HBAC for AD users Active Directory trust setup

2016-10-12 Thread Alexander Bokovoy

On ke, 12 loka 2016, rajat gupta wrote:

Hi,

Normally HBAC for AD users should be done through an external group.

You should use freeipa-users@ mailing list for these questions.

And start with documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html

So for example if we have 500+ users on AD and only 100 user are
administrator and they have Linux server access.

I want to set the HBAC and sudo rules for users. So user have correct
access server access and sudo rights and I am using the *Active Directory
trust setup*

In this case i need to add all of the 100 users on in Freeipa as external
group.

for example :- user1 user name in AD

*user1-external* external group in IPA for trusted domain users
*user1 :- *POSIX group for external

No, you don't need to do that. All you need to do is to create a group
on AD side where your users to access Linux systems would be added and
then add that group to the external group on IPA side.

Do we have document for implementing the HBAC and Sudo Rules for external
group.

See above documentation and discussions on freeipa-users@ mailing list.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#154][opened] [ipa-4-4] Rebase: Tests: Fix cert revocation tests

2016-10-12 Thread mirielka

   URL: https://github.com/freeipa/freeipa/pull/154
Author: mirielka
 Title: #154: [ipa-4-4] Rebase: Tests: Fix cert revocation tests
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/154/head:pr154
git checkout pr154
From e6558c65188d1fa5003de24e29e64ea6be0f2bfb Mon Sep 17 00:00:00 2001
From: Lenka Doudova 
Date: Thu, 6 Oct 2016 08:51:03 +0200
Subject: [PATCH 1/2] Tests: Remove invalid certplugin tests

A bunch of certplugin tests were testing number of revoked certificates with
various revocation reasons. Since existence of revoked certificates often
depends on other parts of IdM than IPA, it is not really valid to check their
presence unless creation of revoked certificate is intentionally tested.

https://fedorahosted.org/freeipa/ticket/6349
---
 ipatests/test_xmlrpc/test_cert_plugin.py | 75 +---
 1 file changed, 1 insertion(+), 74 deletions(-)

diff --git a/ipatests/test_xmlrpc/test_cert_plugin.py b/ipatests/test_xmlrpc/test_cert_plugin.py
index 2598e0b..70cef5d 100644
--- a/ipatests/test_xmlrpc/test_cert_plugin.py
+++ b/ipatests/test_xmlrpc/test_cert_plugin.py
@@ -296,80 +296,7 @@ def test_0006_find_this_short_host_exact(self):
 res = api.Command['cert_find'](subject=self.short, exactly=True)
 assert 'count' in res and res['count'] == 0
 
-def test_0007_find_revocation_reason_0(self):
-"""
-Find all certificates with revocation reason 0
-"""
-res = api.Command['cert_find'](revocation_reason=0)
-assert 'count' in res and res['count'] == 0
-
-def test_0008_find_revocation_reason_1(self):
-"""
-Find all certificates with revocation reason 1
-"""
-res = api.Command['cert_find'](revocation_reason=1)
-assert 'count' in res and res['count'] == 0
-
-def test_0009_find_revocation_reason_2(self):
-"""
-Find all certificates with revocation reason 2
-"""
-res = api.Command['cert_find'](revocation_reason=2)
-assert 'count' in res and res['count'] == 0
-
-def test_0010_find_revocation_reason_3(self):
-"""
-Find all certificates with revocation reason 3
-"""
-res = api.Command['cert_find'](revocation_reason=3)
-assert 'count' in res and res['count'] == 0
-
-def test_0011_find_revocation_reason_4(self):
-"""
-Find all certificates with revocation reason 4
-
-There is no way to know in advance how many revoked certificates
-we'll have but in the context of make-test we'll have at least one.
-"""
-res = api.Command['cert_find'](revocation_reason=4)
-assert 'count' in res and res['count'] >= 1
-
-def test_0012_find_revocation_reason_5(self):
-"""
-Find all certificates with revocation reason 5
-"""
-res = api.Command['cert_find'](revocation_reason=5)
-assert 'count' in res and res['count'] == 0
-
-def test_0013_find_revocation_reason_6(self):
-"""
-Find all certificates with revocation reason 6
-"""
-res = api.Command['cert_find'](revocation_reason=6)
-assert 'count' in res and res['count'] == 0
-
-# There is no revocation reason #7
-
-def test_0014_find_revocation_reason_8(self):
-"""
-Find all certificates with revocation reason 8
-"""
-res = api.Command['cert_find'](revocation_reason=8)
-assert 'count' in res and res['count'] == 0
-
-def test_0015_find_revocation_reason_9(self):
-"""
-Find all certificates with revocation reason 9
-"""
-res = api.Command['cert_find'](revocation_reason=9)
-assert 'count' in res and res['count'] == 0
-
-def test_0016_find_revocation_reason_10(self):
-"""
-Find all certificates with revocation reason 10
-"""
-res = api.Command['cert_find'](revocation_reason=10)
-assert 'count' in res and res['count'] == 0
+# tests 0007 to 0016 removed
 
 def test_0017_find_by_issuedon(self):
 """

From a9050a73d0d76917b689f27670455855cca9f6c8 Mon Sep 17 00:00:00 2001
From: Lenka Doudova 
Date: Tue, 11 Oct 2016 11:33:16 +0200
Subject: [PATCH 2/2] Tests: Certificate revocation

Providing tests for certificate revocation to replace deleted tests from
test_cert_find.

https://fedorahosted.org/freeipa/ticket/6349
---
 ipatests/test_xmlrpc/test_cert_plugin.py | 80 ++--
 1 file changed, 75 insertions(+), 5 deletions(-)

diff --git a/ipatests/test_xmlrpc/test_cert_plugin.py b/ipatests/test_xmlrpc/test_cert_plugin.py
index 70cef5d..02750c0 100644
--- a/ipatests/test_xmlrpc/test_cert_plugin.py
+++ b/ipatests/test_xmlrpc/test_cert_plugin.py
@@ -78,12 +78,11 @@ def is_db_configured():
 # running as the lite-server.

[Freeipa-devel] [freeipa PR#153][opened] [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1

2016-10-12 Thread martbab

   URL: https://github.com/freeipa/freeipa/pull/153
Author: martbab
 Title: #153: [ipa-4-4 only] disable warnings reported by pylint-1.6.4-1
Action: opened

PR body:
"""
Pylint shipped in Fedora 25 reports 'trailing-newlines' and
'consider-iterating-dictionary' warnings which break FreeIPA builds.

On ipa-4-4 branch it is safer to just disable these warnings so as to not mess
with code considered stable

https://fedorahosted.org/freeipa/ticket/6391
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/153/head:pr153
git checkout pr153
From e59b7670bbd468107d6a7e90c593aa5b974a3bc3 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Wed, 12 Oct 2016 10:52:46 +0200
Subject: [PATCH] disable warnings reported by pylint-1.6.4-1

Pylint shipped in Fedora 25 reports 'trailing-newlines' and
'consider-iterating-dictionary' warnings which break FreeIPA builds.

On ipa-4-4 branch it is safer to just disable these warnings so as to not mess
with code considered stable

https://fedorahosted.org/freeipa/ticket/6391
---
 pylintrc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pylintrc b/pylintrc
index bb9c636..085e62a 100644
--- a/pylintrc
+++ b/pylintrc
@@ -87,7 +87,9 @@ disable=
 misplaced-comparison-constant,
 unneeded-not,
 not-a-mapping,
-singleton-comparison
+singleton-comparison,
+trailing-newlines,
+consider-iterating-dictionary
 
 
 [REPORTS]
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] HBAC for AD users Active Directory trust setup

2016-10-12 Thread rajat gupta

Hi,

Normally HBAC for AD users should be done through an external group.

So for example if we have 500+ users on AD and only 100 user are
administrator and they have Linux server access.

I want to set  the HBAC and sudo rules for users. So user have correct
access server access and sudo rights and I am using the *Active Directory
trust setup*

In this case i need to add all of the 100 users on in Freeipa as external
group.

for example :- user1 user name in AD

*user1-external* external group in IPA for trusted domain users
*user1 :-  *POSIX group for external

Do we have document for implementing the HBAC and Sudo Rules for external
group.

Or is there any other best way to implement the HBAC and Sudo Rules on AD
users.

-- 

*Rajat Gupta*
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#137][+pushed] Test: disabled wrong client domain tests for domlevel 0

  URL: https://github.com/freeipa/freeipa/pull/137
Title: #137: Test: disabled wrong client domain tests for domlevel 0

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#137][closed] Test: disabled wrong client domain tests for domlevel 0

   URL: https://github.com/freeipa/freeipa/pull/137
Author: ofayans
 Title: #137: Test: disabled wrong client domain tests for domlevel 0
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/137/head:pr137
git checkout pr137
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#137][comment] Test: disabled wrong client domain tests for domlevel 0

  URL: https://github.com/freeipa/freeipa/pull/137
Title: #137: Test: disabled wrong client domain tests for domlevel 0

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/8b0faa25d1c47f605bc6c91933469bb2370276c1
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/1a27d3037fa6fbbddcdfb08fe41690bf534e6f7b
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/137#issuecomment-253156632
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#140][closed] Tests: Fix cert revocation tests

   URL: https://github.com/freeipa/freeipa/pull/140
Author: mirielka
 Title: #140: Tests: Fix cert revocation tests
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/140/head:pr140
git checkout pr140
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#140][+pushed] Tests: Fix cert revocation tests

  URL: https://github.com/freeipa/freeipa/pull/140
Title: #140: Tests: Fix cert revocation tests

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#140][comment] Tests: Fix cert revocation tests

  URL: https://github.com/freeipa/freeipa/pull/140
Title: #140: Tests: Fix cert revocation tests

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/c9c92e3a7f4961d91e0395daf17f5aeb34c20178
https://fedorahosted.org/freeipa/changeset/8f04d1a793b8ff01804bc03eac9b7aaa4f7a7f78
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/140#issuecomment-253154795
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#140][comment] Tests: Fix cert revocation tests

  URL: https://github.com/freeipa/freeipa/pull/140
Title: #140: Tests: Fix cert revocation tests

mbasti-rh commented:
"""
`Tests: Certificate revocation` doesn't apply to ipa-4-4 branch, please open 
separate PR against IPA 4.4

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/140#issuecomment-253154655
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#142][comment] CheckedIPAddress: Implement (g|s)etstate and to ensure proper (un)pickling

  URL: https://github.com/freeipa/freeipa/pull/142
Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper 
(un)pickling

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/fb85230e25bd37a2a02a9d90793f337aad40a037
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/1b6ba5283e4980da7bd5f1d98b5518062a4c61ad
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/142#issuecomment-253154169
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#142][closed] CheckedIPAddress: Implement (g|s)etstate and to ensure proper (un)pickling

   URL: https://github.com/freeipa/freeipa/pull/142
Author: dkupka
 Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper 
(un)pickling
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/142/head:pr142
git checkout pr142
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#142][+pushed] CheckedIPAddress: Implement (g|s)etstate and to ensure proper (un)pickling

  URL: https://github.com/freeipa/freeipa/pull/142
Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper 
(un)pickling

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#152][+pushed] Fix warnings reported by pylint in rawhide

  URL: https://github.com/freeipa/freeipa/pull/152
Title: #152: Fix warnings reported by pylint in rawhide

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#152][closed] Fix warnings reported by pylint in rawhide

   URL: https://github.com/freeipa/freeipa/pull/152
Author: martbab
 Title: #152: Fix warnings reported by pylint in rawhide
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/152/head:pr152
git checkout pr152
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#152][comment] Fix warnings reported by pylint in rawhide

  URL: https://github.com/freeipa/freeipa/pull/152
Title: #152: Fix warnings reported by pylint in rawhide

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/29829cc55a6be697abf881ea7867ef834bb66be7
https://fedorahosted.org/freeipa/changeset/71f642f75132fe30b40062ce5abc8558a275b9bb
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/152#issuecomment-253153404
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#142][+ack] CheckedIPAddress: Implement (g|s)etstate and to ensure proper (un)pickling

  URL: https://github.com/freeipa/freeipa/pull/142
Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper 
(un)pickling

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#140][comment] Tests: Fix cert revocation tests

  URL: https://github.com/freeipa/freeipa/pull/140
Title: #140: Tests: Fix cert revocation tests

pvomacka commented:
"""
Works correctly. ACK
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/140#issuecomment-253139511
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#140][+ack] Tests: Fix cert revocation tests

  URL: https://github.com/freeipa/freeipa/pull/140
Title: #140: Tests: Fix cert revocation tests

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#152][+ack] Fix warnings reported by pylint in rawhide