date:20170315

[Freeipa-devel] [freeipa PR#593][edited] WIP: Add make patchcheck for developers

2017-03-15 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
 Title: #593: WIP: Add make patchcheck for developers 
Action: edited

 Changed field: title
Original value:
"""
WIP: Add make patchcheck for developers 
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#593][synchronized] WIP: Add make patchcheck for developers

2017-03-15 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
 Title: #593: WIP: Add make patchcheck for developers 
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From 3722264ff36060fa137c7bba177dfd92182c70ee Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Fri, 17 Feb 2017 08:39:54 +0100
Subject: [PATCH 1/2] Add options to run only ipaclient unittests

A new option for ipa-run-tests makes the test runner ignore
subdirectories or skips tests that depend on the ipaserver package or on
a running framework for RPC integration tests. The new option enables
testing of client-only builds.

$ ipatests/ipa-run-tests --ipaclient-unittests
...
platform linux2 -- Python 2.7.13, pytest-2.9.2, py-1.4.32, pluggy-0.3.1
rootdir: /home/heimes/redhat, inifile: tox.ini
plugins: sourceorder-0.5, cov-2.3.0, betamax-0.7.1, multihost-1.1
collected 451 items

test_util.py 
util.py ..
test_ipaclient/test_csrgen.py .....
test_ipalib/test_aci.py ...
test_ipalib/test_backend.py 
test_ipalib/test_base.py ...
test_ipalib/test_capabilities.py .
test_ipalib/test_cli.py ...
test_ipalib/test_config.py ...
test_ipalib/test_crud.py ...
test_ipalib/test_errors.py ...
test_ipalib/test_frontend.py 
test_ipalib/test_messages.py 
test_ipalib/test_output.py ...
test_ipalib/test_parameters.py .
test_ipalib/test_plugable.py 
test_ipalib/test_rpc.py ..
test_ipalib/test_text.py .
test_ipalib/test_x509.py ...
test_ipapython/test_cookie.py 
test_ipapython/test_dn.py ...
test_ipapython/test_ipautil.py ..
test_ipapython/test_ipavalidate.py ..
test_ipapython/test_kerberos.py ..
test_ipapython/test_keyring.py ..
test_ipapython/test_ssh.py ...
test_pkcs10/test_pkcs10.py .

https://fedorahosted.org/freeipa/ticket/6517

Signed-off-by: Christian Heimes 
---
 ipatests/conftest.py   | 34 +-
 ipatests/pytest_plugins/integration.py |  8 +++--
 ipatests/setup.py  |  1 -
 ipatests/test_cmdline/__init__.py  |  6 
 ipatests/test_install/__init__.py  |  5 
 ipatests/test_integration/__init__.py  |  5 
 ipatests/test_ipalib/test_rpc.py   |  2 ++
 ipatests/test_ipaserver/__init__.py|  6 
 ipatests/test_ipaserver/test_install/__init__.py   |  0
 .../test_install/test_adtrustinstance.py   |  8 ++---
 ipatests/test_webui/__init__.py|  5 
 ipatests/test_xmlrpc/__init__.py   |  5 
 ipatests/util.py   | 17 +--
 pylint_plugins.py  | 16 +-
 14 files changed, 103 insertions(+), 15 deletions(-)
 create mode 100644 ipatests/test_ipaserver/test_install/__init__.py

diff --git a/ipatests/conftest.py b/ipatests/conftest.py
index 511d7b7..61e889d 100644
--- a/ipatests/conftest.py
+++ b/ipatests/conftest.py
@@ -7,13 +7,21 @@
 import pprint
 import sys
 
+import pytest
+
 from ipalib import api
 from ipalib.cli import cli_plugins
+
+try:
+import ipaplatform  # pylint: disable=unused-import
+except ImportError:
+ipaplatform = None
 try:
 import ipaserver
 except ImportError:
 ipaserver = None
 
+HERE = os.path.dirname(os.path.abspath(__file__))
 
 pytest_plugins = [
 'ipatests.pytest_plugins.additional_config',
@@ -31,6 +39,7 @@
 'tier1: functional API tests',
 'cs_acceptance: Acceptance test suite for Dogtag Certificate Server',
 'ds_acceptance: Acceptance test suite for 389 Directory Server',
+'skip_ipaclient_unittest: Skip in ipaclient unittest mode',
 ]
 
 
@@ -46,6 +55,7 @@
 'install/share'
 ]
 
+
 INIVALUES = {
 'python_classes': ['test_', 'Test'],
 'python_files': ['test_*.py'],
@@ -75,13 +85,27 @@ def pytest_configure(config):
 config.option.doctestmodules = True
 
 
+def pytest_addoption(parser):
+group = parser.getgroup("IPA integration tests")
+group.addoption(
+'--ipaclient-unittests',
+help='Run ipaclient unit tests only (no RPC and ipaserver)',
+action='store_true'
+)
+
+
 def pytest_cmdline_main(config):
 api.bootstrap(
 context=u'cli', in_server=False, in_tree=True, fallback=False
 )
 for klass in cli_plugins:
 api.add_plugin(klass)
-api.finalize()
+
+# XXX workaround until https://fedorahosted.org/freeipa/ticket/6408 has
+# been resolved.
+if ipaserver is not None:
+

[Freeipa-devel] Announcing FreeIPA 4.5.0

2017-03-15 Thread Martin Basti

Release date: 2017-03-15

The FreeIPA team would like to announce FreeIPA 4.5.0 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora 25 and Fedora 26 will be available soon in the official COPR
repository: 


This announcement is also available at
.


== Highlights in 4.5.0 ==

=== Enhancements ===
 AD User Short  Names 
Support for AD users short names has been added. Short names can be
enabled from CLI by setting `ipa config-mod
--domain-resolution-order="domain.test:ad.domain1.test:ad.domain2.test"`
or from WebUI under ''Configuration'' tab. No manual configuration on
SSSD side is required.

Please note that this feature is not supported by SSSD yet and the work
is tracked with 
* 

 FIPS 140-2 Support 
FreeIPA server and client can be installed on FIPS enabled systems. MD5
fingerprints have been replaced with SHA256. Variable ''fips_mode'' has
been added to env that indicates whether FIPS is turned on the server.

Please note that FIPS 140-2 support may not work on some platforms
because all dependencies of FreeIPA must support FIPS 140-2 what we
cannot guarantee. (Should work with RHEL 7.4+.) The FreeIPA code itself
is FIPS 140-2 compatible.
* 

 Certificate Identity Mapping 
Support for multiple certificates on Smart cards has been added. User
can choose which certificate is used to authenticate. This allows to
define multiple certificates per user.
The same certificate can be used by different accounts, and the mapping
between a certificate and an account can be done through binary match of
the whole certificate or a match on custom certificate attributes (such
as Subject + Issuer).
* 

 Improvements for Containerization 
AD trust and KRA can be installed in one step in containers without need
to call subsequent ipa-adtrust-install and ipa-kra-install in containers.
Option ''--setup-adtrust'' has been added to ''ipa-server-install'' and
''ipa-replica-install'', and option ''--setup-kra'' has been added to
''ipa-server-install''.
* 
* 

 Semi-automatic Integration with External DNS 
Option "--out" has been added to command "ipa
dns-update-system-records". This option allows to store IPA system DNS
records in nsupdate format in specified file and can be used with
nsupdate command to update records on an external DNS server. For more
details see this howto

* 

=== Known Issues ===
* CLI doesn't work after ''ipa-restore''

* AD Trust doesn't work with enabled FIPS mode

* ''cert-find'' does not find all certificates without sizelimit=0


=== Bug fixes ===
Contains all bugfixes and enhacements of 4.4.1, 4.4.2, 4.4.3 releases

 Installers Refactoring 
Installers code base has been migrated into modules and many code
duplication has been removed.
* 

 "Normal" group has been renamed to "Non-POSIX" in WebUI 
In the web UI, the group type label "Normal" has been changed to
"Non-POSIX" to be compatible with CLI options. The semantics of group
types is unchanged.
* 

 Build System Refactoring 
Several improvements of FreeIPA build system have been done. In case you
are package maintainer please read the following design document.
* 

 LDAP Connection Management Refactoring 
LDAP connection management has been standardized across FreeIPA and
should prevent LDAP connection issues during installation and upgrades
in future.
* 

 Do not fail when IPA server has shortname first in /etc/hosts 
Kerberos client library is now instructed to not attempt to canonicalize
hostnames when issuing TGS requests. This improves security by avoiding
DNS lookups during canonicalization and also improves robustness of
service principal lookups in more complex DNS environments (clouds,
containerized applications). Due to this change in behavior, care must
be taken to specify correct FQDN in host/service principals as no
attempt to resolve e.g. short names will be made.
* 

 Replica Connection Check Improvements 
Improved connection check reduces possibility of failure in further
installation steps. Now ports on both IPv4 and

[Freeipa-devel] [freeipa PR#593][synchronized] WIP: Add make patchcheck for developers

2017-03-15 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
 Title: #593: WIP: Add make patchcheck for developers 
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From 3722264ff36060fa137c7bba177dfd92182c70ee Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Fri, 17 Feb 2017 08:39:54 +0100
Subject: [PATCH 1/2] Add options to run only ipaclient unittests

A new option for ipa-run-tests makes the test runner ignore
subdirectories or skips tests that depend on the ipaserver package or on
a running framework for RPC integration tests. The new option enables
testing of client-only builds.

$ ipatests/ipa-run-tests --ipaclient-unittests
...
platform linux2 -- Python 2.7.13, pytest-2.9.2, py-1.4.32, pluggy-0.3.1
rootdir: /home/heimes/redhat, inifile: tox.ini
plugins: sourceorder-0.5, cov-2.3.0, betamax-0.7.1, multihost-1.1
collected 451 items

test_util.py 
util.py ..
test_ipaclient/test_csrgen.py .....
test_ipalib/test_aci.py ...
test_ipalib/test_backend.py 
test_ipalib/test_base.py ...
test_ipalib/test_capabilities.py .
test_ipalib/test_cli.py ...
test_ipalib/test_config.py ...
test_ipalib/test_crud.py ...
test_ipalib/test_errors.py ...
test_ipalib/test_frontend.py 
test_ipalib/test_messages.py 
test_ipalib/test_output.py ...
test_ipalib/test_parameters.py .
test_ipalib/test_plugable.py 
test_ipalib/test_rpc.py ..
test_ipalib/test_text.py .
test_ipalib/test_x509.py ...
test_ipapython/test_cookie.py 
test_ipapython/test_dn.py ...
test_ipapython/test_ipautil.py ..
test_ipapython/test_ipavalidate.py ..
test_ipapython/test_kerberos.py ..
test_ipapython/test_keyring.py ..
test_ipapython/test_ssh.py ...
test_pkcs10/test_pkcs10.py .

https://fedorahosted.org/freeipa/ticket/6517

Signed-off-by: Christian Heimes 
---
 ipatests/conftest.py   | 34 +-
 ipatests/pytest_plugins/integration.py |  8 +++--
 ipatests/setup.py  |  1 -
 ipatests/test_cmdline/__init__.py  |  6 
 ipatests/test_install/__init__.py  |  5 
 ipatests/test_integration/__init__.py  |  5 
 ipatests/test_ipalib/test_rpc.py   |  2 ++
 ipatests/test_ipaserver/__init__.py|  6 
 ipatests/test_ipaserver/test_install/__init__.py   |  0
 .../test_install/test_adtrustinstance.py   |  8 ++---
 ipatests/test_webui/__init__.py|  5 
 ipatests/test_xmlrpc/__init__.py   |  5 
 ipatests/util.py   | 17 +--
 pylint_plugins.py  | 16 +-
 14 files changed, 103 insertions(+), 15 deletions(-)
 create mode 100644 ipatests/test_ipaserver/test_install/__init__.py

diff --git a/ipatests/conftest.py b/ipatests/conftest.py
index 511d7b7..61e889d 100644
--- a/ipatests/conftest.py
+++ b/ipatests/conftest.py
@@ -7,13 +7,21 @@
 import pprint
 import sys
 
+import pytest
+
 from ipalib import api
 from ipalib.cli import cli_plugins
+
+try:
+import ipaplatform  # pylint: disable=unused-import
+except ImportError:
+ipaplatform = None
 try:
 import ipaserver
 except ImportError:
 ipaserver = None
 
+HERE = os.path.dirname(os.path.abspath(__file__))
 
 pytest_plugins = [
 'ipatests.pytest_plugins.additional_config',
@@ -31,6 +39,7 @@
 'tier1: functional API tests',
 'cs_acceptance: Acceptance test suite for Dogtag Certificate Server',
 'ds_acceptance: Acceptance test suite for 389 Directory Server',
+'skip_ipaclient_unittest: Skip in ipaclient unittest mode',
 ]
 
 
@@ -46,6 +55,7 @@
 'install/share'
 ]
 
+
 INIVALUES = {
 'python_classes': ['test_', 'Test'],
 'python_files': ['test_*.py'],
@@ -75,13 +85,27 @@ def pytest_configure(config):
 config.option.doctestmodules = True
 
 
+def pytest_addoption(parser):
+group = parser.getgroup("IPA integration tests")
+group.addoption(
+'--ipaclient-unittests',
+help='Run ipaclient unit tests only (no RPC and ipaserver)',
+action='store_true'
+)
+
+
 def pytest_cmdline_main(config):
 api.bootstrap(
 context=u'cli', in_server=False, in_tree=True, fallback=False
 )
 for klass in cli_plugins:
 api.add_plugin(klass)
-api.finalize()
+
+# XXX workaround until https://fedorahosted.org/freeipa/ticket/6408 has
+# been resolved.
+if ipaserver is not None:
+

[Freeipa-devel] [freeipa PR#587][comment] Python 3: Fix session storage

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/587
Title: #587: Python 3: Fix session storage

MartinBasti commented:
"""
master:

* 42bc778c0c1de91f0d8dc695dfee4e5aea4cc1f0 Python 3: Fix session storage
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/587#issuecomment-286831940
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#587][closed] Python 3: Fix session storage

2017-03-15 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/587
Author: tiran
 Title: #587: Python 3: Fix session storage
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/587/head:pr587
git checkout pr587
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#587][+pushed] Python 3: Fix session storage

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/587
Title: #587: Python 3: Fix session storage

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#594][+pushed] Fix Python 3 pylint errors

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/594
Title: #594: Fix Python 3 pylint errors

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#594][comment] Fix Python 3 pylint errors

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/594
Title: #594: Fix Python 3 pylint errors

MartinBasti commented:
"""
master:

* 602b395cf19b0ae0b8ade1c13ddaf09175ed7291 Fix Python 3 pylint errors
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/594#issuecomment-286831708
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#594][closed] Fix Python 3 pylint errors

2017-03-15 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/594
Author: tiran
 Title: #594: Fix Python 3 pylint errors
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/594/head:pr594
git checkout pr594
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#542][comment] Implementation independent interface for CSR generation

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/542
Title: #542: Implementation independent interface for CSR generation

MartinBasti commented:
"""
I meant this:
```diff
-Str(
-'helper',
-label=_('Name of CSR generation tool'),
-doc=_('Name of tool (e.g. openssl, certutil) that will be used to'
-  ' create CSR'),
```

AFAIK this is user API
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/542#issuecomment-286829945
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#605][opened] Set development version to 4.5.90

2017-03-15 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/605
Author: MartinBasti
 Title: #605: Set development version to 4.5.90
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/605/head:pr605
git checkout pr605
From 15d41f93adccfb27bc21107379c5a30aafd0a1c5 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 15 Mar 2017 18:43:25 +0100
Subject: [PATCH] Set development version to 4.5.90

---
 VERSION.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION.m4 b/VERSION.m4
index cfac2a9..d244641 100644
--- a/VERSION.m4
+++ b/VERSION.m4
@@ -20,7 +20,7 @@
 #  ->  "1.0.0" #
 
 define(IPA_VERSION_MAJOR, 4)
-define(IPA_VERSION_MINOR, 4)
+define(IPA_VERSION_MINOR, 5)
 define(IPA_VERSION_RELEASE, 90)
 
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#604][opened] [4.5] Set zanata version to ipa-4-5

2017-03-15 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/604
Author: MartinBasti
 Title: #604: [4.5] Set zanata version to ipa-4-5
Action: opened

PR body:
"""
Regular after-releas update, zanata branch has been created 
https://fedora.zanata.org/iteration/view/freeipa/ipa-4-5
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/604/head:pr604
git checkout pr604
From 2cbf1d4a5b4c2c940fdb184866c5d7b91488468c Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 15 Mar 2017 18:40:11 +0100
Subject: [PATCH] Set zanata version to ipa-4-5

---
 zanata.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zanata.xml b/zanata.xml
index 9566e46..b8cead9 100644
--- a/zanata.xml
+++ b/zanata.xml
@@ -2,7 +2,7 @@
 http://zanata.org/namespace/config/;>
   https://fedora.zanata.org/
   freeipa
-  master
+  ipa-4-5
   gettext
   .
   .
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#542][comment] Implementation independent interface for CSR generation

2017-03-15 Thread LiptonB

  URL: https://github.com/freeipa/freeipa/pull/542
Title: #542: Implementation independent interface for CSR generation

LiptonB commented:
"""
Regarding this comment from @MartinBasti in #590:

> > For the record, #542 removes the helper parameter of cert-get-requestdata, 
> > and will be modified to remove the concept of different helpers entirely, 
> > though I haven't had a chance to make that change yet.
> 
> today is 4.5 release so you have to keep some level of backward compatibility 
> in that PR

What level of backward compatibility is required? Is it not ok to remove 
helpers? I thought the purpose of making `cert-get-requestdata` an internal, 
client-side API was that it would be ok to change the parameters as we figured 
out how it should work.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/542#issuecomment-286819264
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#433][comment] csrgen: Allow some certificate fields to be specified by the user

2017-03-15 Thread LiptonB

  URL: https://github.com/freeipa/freeipa/pull/433
Title: #433: csrgen: Allow some certificate fields to be specified by the user

LiptonB commented:
"""
Rebased, thanks.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/433#issuecomment-286816039
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#590][comment] Validate user input for cert-get-requestdata

2017-03-15 Thread Akasurde

  URL: https://github.com/freeipa/freeipa/pull/590
Title: #590: Validate user input for cert-get-requestdata

Akasurde commented:
"""
@MartinBasti Should I wait for #542 to get merged?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/590#issuecomment-286808634
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#603][+pushed] Update 4.5 translations

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/603
Title: #603: Update 4.5 translations

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#603][closed] Update 4.5 translations

2017-03-15 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/603
Author: MartinBasti
 Title: #603: Update 4.5 translations
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/603/head:pr603
git checkout pr603
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#603][comment] Update 4.5 translations

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/603
Title: #603: Update 4.5 translations

MartinBasti commented:
"""
master:

* 474e6a7a71a9e51db80367018927c078f0bf1296 Update 4.5 translations
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/603#issuecomment-286803729
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#602][edited] configure: Use ODS_USER and NAMED_GROUP in daemons/dnssec/*.service.in

2017-03-15 Thread tjaalton

   URL: https://github.com/freeipa/freeipa/pull/602
Author: tjaalton
 Title: #602: configure: Use ODS_USER and NAMED_GROUP in 
daemons/dnssec/*.service.in
Action: edited

 Changed field: body
Original value:
"""
These are platform specific, add values for Debian and default values
for Fedora/RHEL.

Also, use prettier output when checking the extra python install options.
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#590][comment] Validate user input for cert-get-requestdata

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/590
Title: #590: Validate user input for cert-get-requestdata

MartinBasti commented:
"""
> For the record, #542 removes the helper parameter of cert-get-requestdata, 
> and will be modified to remove the concept of different helpers entirely, 
> though I haven't had a chance to make that change yet.

today is 4.5 release so you have to keep some level of backward compatibility 
in that PR
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/590#issuecomment-286794876
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#590][comment] Validate user input for cert-get-requestdata

2017-03-15 Thread LiptonB

  URL: https://github.com/freeipa/freeipa/pull/590
Title: #590: Validate user input for cert-get-requestdata

LiptonB commented:
"""
I don't think one could really add a new helper without modifying the code, so 
there's probably no need to allow arbitrary strings. Given that, StrEnum seems 
appropriate.

For the record, https://github.com/freeipa/freeipa/pull/542 is going to be 
modified to remove the `helper` parameter of `cert-get-requestdata` entirely, 
though I haven't had a chance to make the change yet.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/590#issuecomment-286787004
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#433][synchronized] csrgen: Allow some certificate fields to be specified by the user

2017-03-15 Thread LiptonB

   URL: https://github.com/freeipa/freeipa/pull/433
Author: LiptonB
 Title: #433: csrgen: Allow some certificate fields to be specified by the user
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/433/head:pr433
git checkout pr433
From 61a825b57f923ca7b641bca5f436d4b41f3acfb8 Mon Sep 17 00:00:00 2001
From: Ben Lipton 
Date: Thu, 28 Jul 2016 16:21:44 -0400
Subject: [PATCH 1/3] csrgen: Implement fields that prompt user for data

Allows some data to be user-specified rather than coming out of the
database. The provided data can be formatted with jinja2 rules just as
database values can.

https://fedorahosted.org/freeipa/ticket/4899
---
 ipaclient/csrgen.py| 35 --
 ipaclient/csrgen/rules/dataEmailUserSpecified.json | 16 ++
 ipaclient/plugins/csrgen.py|  9 --
 ipatests/test_ipaclient/test_csrgen.py | 15 +-
 4 files changed, 64 insertions(+), 11 deletions(-)
 create mode 100644 ipaclient/csrgen/rules/dataEmailUserSpecified.json

diff --git a/ipaclient/csrgen.py b/ipaclient/csrgen.py
index 8fb0b32..41a4352 100644
--- a/ipaclient/csrgen.py
+++ b/ipaclient/csrgen.py
@@ -381,8 +381,9 @@ class CSRGenerator(object):
 def __init__(self, rule_provider):
 self.rule_provider = rule_provider
 
-def csr_script(self, principal, config, profile_id, helper):
-render_data = {'subject': principal, 'config': config}
+def csr_script(self, principal, config, userdata, profile_id, helper):
+render_data = {
+'subject': principal, 'config': config, 'userdata': userdata}
 
 formatter = self.FORMATTERS[helper]()
 rules = self.rule_provider.rules_for_profile(profile_id, helper)
@@ -396,3 +397,33 @@ def csr_script(self, principal, config, profile_id, helper):
 'Template error when formatting certificate data'))
 
 return script
+
+def get_user_prompts(self, profile_id, helper):
+prompts = {}
+rules = self.rule_provider.rules_for_profile(profile_id, helper)
+
+for field_mapping in rules:
+for rule in field_mapping.data_rules:
+if 'prompt' in rule.options:
+try:
+var = rule.options['data_source']
+except KeyError:
+raise errors.CSRTemplateError(reason=_(
+'Certificate mapping rule %(rule)s has a prompt'
+' but no data_source set') % {'rule': rule.name})
+if var in prompts:
+raise errors.CSRTemplateError(reason=_(
+'More than one data rule in this profile prompts'
+' for the %(item)s data item') % {'item': var})
+var_parts = var.split('.')
+if len(var_parts) != 2 or var_parts[0] != 'userdata':
+raise errors.CSRTemplateError(
+reason=_(
+'Format of variable name in rule %(rule)s is'
+' incorrect. Rules that prompt for data must'
+' use a variable "userdata."') %
+{'rule': rule.name})
+
+prompts[var_parts[1]] = rule.options['prompt']
+
+return prompts
diff --git a/ipaclient/csrgen/rules/dataEmailUserSpecified.json b/ipaclient/csrgen/rules/dataEmailUserSpecified.json
new file mode 100644
index 000..3fb2fb1
--- /dev/null
+++ b/ipaclient/csrgen/rules/dataEmailUserSpecified.json
@@ -0,0 +1,16 @@
+{
+  "rules": [
+{
+  "helper": "openssl",
+  "template": "email = {{userdata.email}}"
+},
+{
+  "helper": "certutil",
+  "template": "email:{{userdata.email|quote}}"
+}
+  ],
+  "options": {
+"data_source": "userdata.email",
+"prompt": "Email address"
+  }
+}
diff --git a/ipaclient/plugins/csrgen.py b/ipaclient/plugins/csrgen.py
index a0d99ef..0cc67f7 100644
--- a/ipaclient/plugins/csrgen.py
+++ b/ipaclient/plugins/csrgen.py
@@ -87,6 +87,9 @@ def execute(self, *args, **options):
 if not backend.isconnected():
 backend.connect()
 
+generator = CSRGenerator(FileRuleProvider())
+prompts = generator.get_user_prompts(profile_id, helper)
+
 try:
 if principal.is_host:
 principal_obj = api.Command.host_show(
@@ -103,10 +106,12 @@ def execute(self, *args, **options):
 principal_obj = principal_obj['result']
 config = api.Command.config_show()['result']
 
-generator = CSRGenerator(FileRuleProvider())
+userdata = {}
+for name, prompt in prompts.items():
+userdata[name] = self.Backend.textui.prompt(prompt)
 
 script = generator.csr_script(
-

[Freeipa-devel] [freeipa PR#590][comment] Validate user input for cert-get-requestdata

2017-03-15 Thread LiptonB

  URL: https://github.com/freeipa/freeipa/pull/590
Title: #590: Validate user input for cert-get-requestdata

LiptonB commented:
"""
I don't think one could really add a new helper without modifying the code, so 
there's probably no need to allow arbitrary strings. Given that, StrEnum seems 
appropriate.

For the record, https://github.com/freeipa/freeipa/pull/542 is going to be 
modified to remove the `helper` parameter of `cert-get-requestdata` entirely, 
though I haven't had a chance to make the change yet.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/590#issuecomment-286787004
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#603][comment] Update 4.5 translations

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/603
Title: #603: Update 4.5 translations

MartinBasti commented:
"""
selfACK when travis build pass
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/603#issuecomment-286786463
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][comment] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/600
Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags

lslebodn commented:
"""
On (15/03/17 08:14), MartinBasti wrote:
>Commit message amended before pushed
>
Thank you; I was busy with other tasks.

LS

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/600#issuecomment-286785306
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#584][closed] Improve the implementation of PKINIT certificate retrieval

2017-03-15 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/584
Author: martbab
 Title: #584: Improve the implementation of PKINIT certificate retrieval
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/584/head:pr584
git checkout pr584
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#584][+pushed] Improve the implementation of PKINIT certificate retrieval

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/584
Title: #584: Improve the implementation of PKINIT certificate retrieval

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#584][comment] Improve the implementation of PKINIT certificate retrieval

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/584
Title: #584: Improve the implementation of PKINIT certificate retrieval

MartinBasti commented:
"""
master:

* 95768de06fbef78169329af12b29e4d65e4bf157 Make PKINIT certificate request 
logic consistent with other installers
* b5b23e073e59930e4dcf14ea8031c2c0441e6344 Request PKINIT cert directly from 
Dogtag API on first master
* bd18b5f91e3f98fa877def245c54c1cd33bd372e Move PKINIT configuration to a later 
stage of server/replica install
* 069948466e81d99a0dd48a32af50351d0189 Make wait_for_entry raise exceptions
* 8f4abf7bc1607fc44f528b8a443b69cb82269e69 check that the master requesting 
PKINIT cert has KDC enabled
* b45629fc480e61464b402ac2fc52c6f9fc61df0e check for replica's KDC entry on 
master before requesting PKINIT cert
* a1686a90c0cc8c16c89ef1bada7f507729bf3252 Try out anonymous PKINIT after it is 
configured
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/584#issuecomment-286782263
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#584][+ack] Improve the implementation of PKINIT certificate retrieval

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/584
Title: #584: Improve the implementation of PKINIT certificate retrieval

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#584][comment] Improve the implementation of PKINIT certificate retrieval

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/584
Title: #584: Improve the implementation of PKINIT certificate retrieval

MartinBasti commented:
"""
Works for me and code looks OK
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/584#issuecomment-286781521
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#582][comment] Remove pkinit from ipa-replica-prepare

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/582
Title: #582: Remove pkinit from ipa-replica-prepare

MartinBasti commented:
"""
master:

* 46d4d534c08d14756b989e157e87a078d174ad5c Remove pkinit from 
ipa-replica-prepare
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/582#issuecomment-286776674
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#582][+pushed] Remove pkinit from ipa-replica-prepare

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/582
Title: #582: Remove pkinit from ipa-replica-prepare

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#582][closed] Remove pkinit from ipa-replica-prepare

2017-03-15 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/582
Author: stlaz
 Title: #582: Remove pkinit from ipa-replica-prepare
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/582/head:pr582
git checkout pr582
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][closed] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/600
Author: lslebodn
 Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/600/head:pr600
git checkout pr600
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][comment] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/600
Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags

MartinBasti commented:
"""
Commit message amended before pushed
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/600#issuecomment-286773684
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][comment] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/600
Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags

MartinBasti commented:
"""
master:

* 2a4f7f2cfaf6ac5ffaf4cc2b43fa0e9b5fa3ebe4 CONFIGURE: Improve detection of 
xmlrpc_c flags

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/600#issuecomment-286773777
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][+ack] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/600
Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][+pushed] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/600
Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#582][+ack] Remove pkinit from ipa-replica-prepare

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/582
Title: #582: Remove pkinit from ipa-replica-prepare

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#602][opened] configure: Use ODS_USER and NAMED_GROUP in daemons/dnssec/*.service.in

2017-03-15 Thread tjaalton

   URL: https://github.com/freeipa/freeipa/pull/602
Author: tjaalton
 Title: #602: configure: Use ODS_USER and NAMED_GROUP in 
daemons/dnssec/*.service.in
Action: opened

PR body:
"""
These are platform specific, add values for Debian and default values
for Fedora/RHEL.

Also, use prettier output when checking the extra python install options.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/602/head:pr602
git checkout pr602
From 40026185382efaed65b6ad604b21d8790f38aa33 Mon Sep 17 00:00:00 2001
From: Timo Aaltonen 
Date: Wed, 15 Mar 2017 16:41:50 +0200
Subject: [PATCH] configure: Use ODS_USER and NAMED_GROUP in
 daemons/dnssec/*.service.in

These are platform specific, add values for Debian and default values
for Fedora/RHEL.

Also, use prettier output when checking the extra python install options.
---
 configure.ac   | 20 +++-
 daemons/dnssec/Makefile.am |  2 ++
 daemons/dnssec/ipa-dnskeysyncd.service.in  |  6 +++---
 daemons/dnssec/ipa-ods-exporter.service.in |  2 +-
 4 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index 81f74f1..a590e3e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -291,13 +291,31 @@ AC_SUBST([IPAPLATFORM])
 AC_MSG_RESULT([${IPAPLATFORM}])
 
 if test "x${IPAPLATFORM}" == "xdebian"; then
+NAMED_GROUP="bind"
+ODS_USER="opendnssec"
 # see https://www.debian.org/doc/packaging-manuals/python-policy/ap-packaging_tools.html
 PYTHON_INSTALL_EXTRA_OPTIONS="--install-layout=deb"
 else
+NAMED_GROUP="named"
+ODS_USER="ods"
 PYTHON_INSTALL_EXTRA_OPTIONS=""
 fi
+
+AC_MSG_CHECKING([NAMED_GROUP])
+AC_SUBST([NAMED_GROUP])
+AC_MSG_RESULT([${NAMED_GROUP}])
+
+AC_MSG_CHECKING([ODS_USER])
+AC_SUBST([ODS_USER])
+AC_MSG_RESULT([${ODS_USER}])
+
+AC_MSG_CHECKING([python setup.py install extra options])
 AC_SUBST([PYTHON_INSTALL_EXTRA_OPTIONS])
-AC_MSG_RESULT([python setup.py install extra options ${PYTHON_INSTALL_EXTRA_OPTIONS}])
+if test "x${PYTHON_INSTALL_EXTRA_OPTIONS}" == "x"; then
+AC_MSG_RESULT([none])
+else
+AC_MSG_RESULT([${PYTHON_INSTALL_EXTRA_OPTIONS}])
+fi
 
 dnl ---
 dnl Version information from VERSION.m4 and command line
diff --git a/daemons/dnssec/Makefile.am b/daemons/dnssec/Makefile.am
index 37a0dcf..b0db4e1 100644
--- a/daemons/dnssec/Makefile.am
+++ b/daemons/dnssec/Makefile.am
@@ -25,6 +25,8 @@ CLEANFILES = $(systemdsystemunit_DATA)
 		-e 's|@libexecdir[@]|$(libexecdir)|g' \
 		-e 's|@localstatedir[@]|$(localstatedir)|g' \
 		-e 's|@sysconfenvdir[@]|$(sysconfenvdir)|g' \
+		-e 's|@ODS_USER[@]|$(ODS_USER)|g' \
+		-e 's|@NAMED_GROUP[@]|$(NAMED_GROUP)|g' \
 		'$(srcdir)/$@.in' >$@
 
 dnssecconfdir = $(IPA_SYSCONF_DIR)/dnssec
diff --git a/daemons/dnssec/ipa-dnskeysyncd.service.in b/daemons/dnssec/ipa-dnskeysyncd.service.in
index f39c3ce..38c6f92 100644
--- a/daemons/dnssec/ipa-dnskeysyncd.service.in
+++ b/daemons/dnssec/ipa-dnskeysyncd.service.in
@@ -4,9 +4,9 @@ Description=IPA key daemon
 [Service]
 EnvironmentFile=@sysconfenvdir@/ipa-dnskeysyncd
 ExecStart=@libexecdir@/ipa/ipa-dnskeysyncd
-User=ods
-Group=named
-SupplementaryGroups=ods
+User=@ODS_USER@
+Group=@NAMED_GROUP@
+SupplementaryGroups=@ODS_USER@
 PrivateTmp=yes
 Restart=on-failure
 RestartSec=60s
diff --git a/daemons/dnssec/ipa-ods-exporter.service.in b/daemons/dnssec/ipa-ods-exporter.service.in
index 5ec7317..ef74287 100644
--- a/daemons/dnssec/ipa-ods-exporter.service.in
+++ b/daemons/dnssec/ipa-ods-exporter.service.in
@@ -6,7 +6,7 @@ After=ipa-ods-exporter.socket
 [Service]
 EnvironmentFile=@sysconfenvdir@/ipa-ods-exporter
 ExecStart=@libexecdir@/ipa/ipa-ods-exporter
-User=ods
+User=@ODS_USER@
 PrivateTmp=yes
 Restart=on-failure
 RestartSec=60s
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#567][closed] Configure KDC to use certs after they are deployed

2017-03-15 Thread martbab

   URL: https://github.com/freeipa/freeipa/pull/567
Author: simo5
 Title: #567: Configure KDC to use certs after they are deployed
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/567/head:pr567
git checkout pr567
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#567][+rejected] Configure KDC to use certs after they are deployed

2017-03-15 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed

Label: +rejected
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#567][comment] Configure KDC to use certs after they are deployed

2017-03-15 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed

martbab commented:
"""
Superseded by https://github.com/freeipa/freeipa/pull/584
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/567#issuecomment-286765122
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#584][comment] Improve the implementation of PKINIT certificate retrieval

2017-03-15 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/584
Title: #584: Improve the implementation of PKINIT certificate retrieval

martbab commented:
"""
I have reworked the PR quite a bit and added/changed a few checks due to 
replication race conditions affecting PKINIT requests from replica to master.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/584#issuecomment-286764259
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#584][synchronized] Improve the implementation of PKINIT certificate retrieval

2017-03-15 Thread martbab

   URL: https://github.com/freeipa/freeipa/pull/584
Author: martbab
 Title: #584: Improve the implementation of PKINIT certificate retrieval
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/584/head:pr584
git checkout pr584
From 89186ef9f4e6e7278f0c1fe36cf40b74cac217d1 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Tue, 14 Mar 2017 09:56:07 +0100
Subject: [PATCH 1/7] Make PKINIT certificate request logic consistent with
 other installers

The certmonger request handling code during pkinit setup actually never
correctly handled situations when certificate request was rejected by
the CA or CA was unreachable. This led to subtle errors caused by broken
anonymous pkinit (e.g. failing WebUI logins) which are hard to debug.

The code should behave as other service installers, e. g. use
`request_and_wait_for_cert` method which raises hard error when request
times out or is not granted by CA. On master contact Dogtag CA endpoint
directly as is done in DS installation.

https://pagure.io/freeipa/issue/6739
---
 ipaserver/install/krbinstance.py | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 08d39e2..c74fe40 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -357,10 +357,15 @@ def setup_pkinit(self):
 subject = str(DN(('cn', self.fqdn), self.subject_base))
 krbtgt = "krbtgt/" + self.realm + "@" + self.realm
 certpath = (paths.KDC_CERT, paths.KDC_KEY)
+
 try:
-reqid = certmonger.request_cert(certpath, subject, krbtgt,
-dns=self.fqdn, storage='FILE',
-profile='KDCs_PKINIT_Certs')
+certmonger.request_and_wait_for_cert(
+certpath,
+subject,
+krbtgt,
+dns=self.fqdn,
+storage='FILE',
+profile='KDCs_PKINIT_Certs')
 except dbus.DBusException as e:
 # if the certificate is already tracked, ignore the error
 name = e.get_dbus_name()
@@ -368,11 +373,6 @@ def setup_pkinit(self):
 root_logger.error("Failed to initiate the request: %s", e)
 return
 
-try:
-certmonger.wait_for_request(reqid)
-except RuntimeError as e:
-root_logger.error("Failed to wait for request: %s", e)
-
 # Finally copy the cacert in the krb directory so we don't
 # have any selinux issues with the file context
 shutil.copyfile(paths.IPA_CA_CRT, paths.CACERT_PEM)

From 20c2797223f4b4fc23e49c00782d7b7ae7ba7e6e Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Tue, 14 Mar 2017 13:16:07 +0100
Subject: [PATCH 2/7] Request PKINIT cert directly from Dogtag API on first
 master

On the first master the framework may not be fully functional to server
certificate requests. It is safer to configure helper that contacts
Dogtag REST API directly.

https://pagure.io/freeipa/issue/6739
---
 ipaserver/install/krbinstance.py | 16 
 1 file changed, 16 insertions(+)

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index c74fe40..5f2a4b1 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -68,6 +68,7 @@ def __init__(self, fstore=None):
 self.kdc_password = None
 self.sub_dict = None
 self.pkcs12_info = None
+self.master_fqdn = None
 
 suffix = ipautil.dn_attribute_property('_suffix')
 subject_base = ipautil.dn_attribute_property('_subject_base')
@@ -359,6 +360,18 @@ def setup_pkinit(self):
 certpath = (paths.KDC_CERT, paths.KDC_KEY)
 
 try:
+prev_helper = None
+if self.master_fqdn is None:
+ca_args = [
+paths.CERTMONGER_DOGTAG_SUBMIT,
+'--ee-url', 'https://%s:8443/ca/ee/ca' % self.fqdn,
+'--certfile', paths.RA_AGENT_PEM,
+'--keyfile', paths.RA_AGENT_KEY,
+'--cafile', paths.IPA_CA_CRT,
+'--agent-submit'
+]
+helper = " ".join(ca_args)
+prev_helper = certmonger.modify_ca_helper('IPA', helper)
 certmonger.request_and_wait_for_cert(
 certpath,
 subject,
@@ -372,6 +385,9 @@ def setup_pkinit(self):
 if name != 'org.fedorahosted.certmonger.duplicate':
 root_logger.error("Failed to initiate the request: %s", e)
 return
+finally:
+

[Freeipa-devel] [freeipa PR#601][comment] spec file: always provide python package aliases

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/601
Title: #601: spec file: always provide python package aliases

HonzaCholasta commented:
"""
master:

* 990ce9eef314622440b2036742bbf34f57ba2699 spec file: always provide python 
package aliases
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/601#issuecomment-286758926
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#494][comment] Support client-only build

2017-03-15 Thread tjaalton

  URL: https://github.com/freeipa/freeipa/pull/494
Title: #494: Support client-only build

tjaalton commented:
"""
sorry, I just saw PR#600 which is a subset of this
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/494#issuecomment-286758047
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#601][+pushed] spec file: always provide python package aliases

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/601
Title: #601: spec file: always provide python package aliases

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#601][closed] spec file: always provide python package aliases

2017-03-15 Thread HonzaCholasta

   URL: https://github.com/freeipa/freeipa/pull/601
Author: HonzaCholasta
 Title: #601: spec file: always provide python package aliases
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/601/head:pr601
git checkout pr601
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#494][comment] Support client-only build

2017-03-15 Thread tjaalton

  URL: https://github.com/freeipa/freeipa/pull/494
Title: #494: Support client-only build

tjaalton commented:
"""
+ack on the xmlrpc-c detection patch at least, I need that on Debian
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/494#issuecomment-286756541
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][comment] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/600
Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags

MartinBasti commented:
"""
Could you add ticket to commit message please 
https://fedorahosted.org/freeipa/ticket/6418

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/600#issuecomment-286752024
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#590][comment] Validate user input for cert-get-requestdata

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/590
Title: #590: Validate user input for cert-get-requestdata

MartinBasti commented:
"""
I have no context about how exactly certrequest is supposed to work, but IMO it 
was done in that way to allow dynamically adding more helpers as plugins, 
that's why it is Str and not SrEnum, but code doesn't look it may support that.

@LiptonB do you remember why Str param was used?

@Akasurde Right now there is no backward compatibility because 4.5 will be 
first release that contains this feature.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/590#issuecomment-286749282
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#601][+ack] spec file: always provide python package aliases

2017-03-15 Thread pvomacka

  URL: https://github.com/freeipa/freeipa/pull/601
Title: #601: spec file: always provide python package aliases

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#590][comment] Validate user input for cert-get-requestdata

2017-03-15 Thread Akasurde

  URL: https://github.com/freeipa/freeipa/pull/590
Title: #590: Validate user input for cert-get-requestdata

Akasurde commented:
"""
@rcritten I don't know about backward compatibility of changing helper to 
StrEnum. @MartinBasti  @HonzaCholasta Can you please comment on this?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/590#issuecomment-286744568
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#594][+ack] Fix Python 3 pylint errors

2017-03-15 Thread simo5

  URL: https://github.com/freeipa/freeipa/pull/594
Title: #594: Fix Python 3 pylint errors

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#597][closed] spec file: support build without ipatests

2017-03-15 Thread HonzaCholasta

   URL: https://github.com/freeipa/freeipa/pull/597
Author: HonzaCholasta
 Title: #597: spec file: support build without ipatests
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/597/head:pr597
git checkout pr597
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#601][opened] spec file: always provide python package aliases

2017-03-15 Thread HonzaCholasta

   URL: https://github.com/freeipa/freeipa/pull/601
Author: HonzaCholasta
 Title: #601: spec file: always provide python package aliases
Action: opened

PR body:
"""
Provide python-ipa* aliases for python2-ipa* subpackages when the
python_provide RPM macro is not available.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/601/head:pr601
git checkout pr601
From 250f3a439312e0a8a10183822be2f76a76ae3063 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Wed, 15 Mar 2017 14:23:10 +0100
Subject: [PATCH] spec file: always provide python package aliases

Provide python-ipa* aliases for python2-ipa* subpackages when the
python_provide RPM macro is not available.
---
 freeipa.spec.in | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 20f8a4d..6f69746 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -315,6 +315,7 @@ Summary: Python libraries used by IPA server
 Group: System Environment/Libraries
 BuildArch: noarch
 %{?python_provide:%python_provide python2-ipaserver}
+%{!?python_provide:Provides: python-ipaserver = %{version}-%{release}}
 Requires: %{name}-server-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipaclient = %{version}-%{release}
@@ -504,6 +505,7 @@ Summary: Python libraries used by IPA client
 Group: System Environment/Libraries
 BuildArch: noarch
 %{?python_provide:%python_provide python2-ipaclient}
+%{!?python_provide:Provides: python-ipaclient = %{version}-%{release}}
 Requires: %{name}-client-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipalib = %{version}-%{release}
@@ -598,10 +600,13 @@ Group: System Environment/Libraries
 BuildArch: noarch
 Conflicts: %{name}-python < 4.2.91
 %{?python_provide:%python_provide python2-ipalib}
+%{!?python_provide:Provides: python-ipalib = %{version}-%{release}}
 Provides: python2-ipapython = %{version}-%{release}
 %{?python_provide:%python_provide python2-ipapython}
+%{!?python_provide:Provides: python-ipapython = %{version}-%{release}}
 Provides: python2-ipaplatform = %{version}-%{release}
 %{?python_provide:%python_provide python2-ipaplatform}
+%{!?python_provide:Provides: python-ipaplatform = %{version}-%{release}}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python-gssapi >= 1.2.0
 Requires: gnupg
@@ -719,6 +724,7 @@ BuildArch: noarch
 Obsoletes: %{name}-tests < 4.2.91
 Provides: %{name}-tests = %{version}-%{release}
 %{?python_provide:%python_provide python2-ipatests}
+%{!?python_provide:Provides: python-ipatests = %{version}-%{release}}
 Requires: python2-ipaclient = %{version}-%{release}
 Requires: python2-ipaserver = %{version}-%{release}
 Requires: tar
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#596][closed] spec file: support client-only build

2017-03-15 Thread HonzaCholasta

   URL: https://github.com/freeipa/freeipa/pull/596
Author: HonzaCholasta
 Title: #596: spec file: support client-only build
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/596/head:pr596
git checkout pr596
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#596][+pushed] spec file: support client-only build

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/596
Title: #596: spec file: support client-only build

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#596][comment] spec file: support client-only build

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/596
Title: #596: spec file: support client-only build

HonzaCholasta commented:
"""
master:

* 417f1926c48b426b34b18edb28869f4f06824873 spec file: support client-only build
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/596#issuecomment-286742894
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#596][synchronized] spec file: support client-only build

2017-03-15 Thread HonzaCholasta

   URL: https://github.com/freeipa/freeipa/pull/596
Author: HonzaCholasta
 Title: #596: spec file: support client-only build
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/596/head:pr596
git checkout pr596
From fd7831a5ab9c2616fd5889df3e03df7c6e27aeb5 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Wed, 15 Mar 2017 07:48:29 +0100
Subject: [PATCH] spec file: support client-only build

nspr-devel, nss-devel and openssl-devel are required for client-only build,
move their respective BuildRequires from the server-specific BuildRequires
section to the main BuildRequires section.

Pass --enable-server or --disable-server to ./configure based on the value
of %{ONLY_CLIENT}.

Remove the `make client-check` call from %check, as the client-check target
does not exist anymore. Always call `make check` instead.

Do not package the /usr/share/ipa directory in freeipa-client-common, as it
is not created in client-only build.

https://pagure.io/freeipa/issue/6517
---
 freeipa.spec.in | 20 
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 69b03d6..2ca390c 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1,6 +1,11 @@
 # Define ONLY_CLIENT to only make the ipa-client and ipa-python
 # subpackages
 %{!?ONLY_CLIENT:%global ONLY_CLIENT 0}
+%if %{ONLY_CLIENT}
+%global enable_server_option --disable-server
+%else
+%global enable_server_option --enable-server
+%endif
 
 # Build with ipatests
 %if ! %{ONLY_CLIENT}
@@ -97,6 +102,9 @@ BuildRequires:  python3-setuptools
 BuildRequires:  systemd
 # systemd-tmpfiles which is executed from make install requires apache user
 BuildRequires:  httpd
+BuildRequires:  nspr-devel
+BuildRequires:  nss-devel
+BuildRequires:  openssl-devel
 BuildRequires:  libini_config-devel
 BuildRequires:  cyrus-sasl-devel
 %if ! %{ONLY_CLIENT}
@@ -110,9 +118,6 @@ BuildRequires:  samba-devel >= 2:4.0.0
 %endif
 BuildRequires:  libtalloc-devel
 BuildRequires:  libtevent-devel
-BuildRequires:  nspr-devel
-BuildRequires:  nss-devel
-BuildRequires:  openssl-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  libsss_idmap-devel
 # 1.14.0: sss_nss_getnamebycert (https://fedorahosted.org/sssd/ticket/2897)
@@ -816,6 +821,7 @@ find \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
 %configure --with-vendor-suffix=-%{release} \
+   %{enable_server_option} \
%{with_ipatests_option} \
%{linter_options}
 
@@ -834,17 +840,14 @@ find \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \;
 %configure --with-vendor-suffix=-%{release} \
+   %{enable_server_option} \
%{with_ipatests_option} \
%{linter_options}
 popd
 %endif # with_python3
 
 %check
-%if ! %{ONLY_CLIENT}
 make %{?_smp_mflags} check VERBOSE=yes LIBDIR=%{_libdir}
-%else
-make %{?_smp_mflags} client-check VERBOSE=yes LIBDIR=%{_libdir}
-%endif # ONLY_CLIENT
 
 
 %install
@@ -869,7 +872,9 @@ pushd %{_builddir}/freeipa-%{version}-python3
 (cd ipalib && %make_install)
 (cd ipaplatform && %make_install)
 (cd ipapython && %make_install)
+%if ! %{ONLY_CLIENT}
 (cd ipaserver && %make_install)
+%endif # ONLY_CLIENT
 %if 0%{?with_ipatests}
 (cd ipatests && %make_install)
 %endif # with_ipatests
@@ -1416,7 +1421,6 @@ fi
 %ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db
 %ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt
 %ghost %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit
-%dir %{_usr}/share/ipa
 %dir %{_localstatedir}/lib/ipa-client
 %dir %{_localstatedir}/lib/ipa-client/sysrestore
 %{_mandir}/man5/default.conf.5*
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#597][+pushed] spec file: support build without ipatests

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/597
Title: #597: spec file: support build without ipatests

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#597][comment] spec file: support build without ipatests

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/597
Title: #597: spec file: support build without ipatests

HonzaCholasta commented:
"""
master:

* e42a846506ee7ad5e8a395da154bec64f6be3654 spec file: support build without 
ipatests
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/597#issuecomment-286742217
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#597][+ack] spec file: support build without ipatests

2017-03-15 Thread pvomacka

  URL: https://github.com/freeipa/freeipa/pull/597
Title: #597: spec file: support build without ipatests

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#590][comment] Validate user input for cert-get-requestdata

2017-03-15 Thread rcritten

  URL: https://github.com/freeipa/freeipa/pull/590
Title: #590: Validate user input for cert-get-requestdata

rcritten commented:
"""
You are duplicating the list of helpers. It would have been better to have 
helper defined as a StrEnum. If it isn't too late to change (e.g. no release 
has shipped with that in the API) then perhaps a separate patch, then you 
wouldn't need this enforcement at all.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/590#issuecomment-286740595
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#599][comment] CONFIGURE: Improve error messages for optional dependencies

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/599
Title: #599: CONFIGURE: Improve error messages for optional dependencies

lslebodn commented:
"""
@tiran one more time:
The approach in PR #502 was not accepted in upstream discussion
https://www.redhat.com/archives/freeipa-devel/2017-March/msg00307.html
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/599#issuecomment-286738321
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][comment] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread abbra

  URL: https://github.com/freeipa/freeipa/pull/600
Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags

abbra commented:
"""
LGTM. Falling back to a standard check is fine.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/600#issuecomment-286735880
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#599][comment] CONFIGURE: Improve error messages for optional dependencies

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/599
Title: #599: CONFIGURE: Improve error messages for optional dependencies

lslebodn commented:
"""
>NACK, you are changing the spirit of the accepted PR #502.

The approach PR #502 was not accepted in upstream discussion
https://www.redhat.com/archives/freeipa-devel/2017-March/msg00307.html

and moreover @HonzaCholasta was not against in PR #502
https://github.com/freeipa/freeipa/pull/502#issuecomment-286724681
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/599#issuecomment-286735020
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][comment] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/600
Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags

lslebodn commented:
"""
@tjaalton It should simplify you work on debian
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/600#issuecomment-286733233
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#600][opened] CONFIGURE: Improve detection of xmlrpc_c flags

2017-03-15 Thread lslebodn

   URL: https://github.com/freeipa/freeipa/pull/600
Author: lslebodn
 Title: #600: CONFIGURE: Improve detection of xmlrpc_c flags
Action: opened

PR body:
"""
The pkg-config files for xmlrpc_c libraries are shipped just
in fedora/rhel due to downstream patch. Debian does not have
pkg-config files for xmlrpc_c. Therefore we need to fallback to older
method of detection XMLRPC_*FLAGS which was reverted
by the commit 1e0143c159134337a00a91d4ae64e614f72da62e
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/600/head:pr600
git checkout pr600
From bfd587d38726a60a346977366b997056529f3774 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 22 Feb 2017 09:39:25 +0100
Subject: [PATCH] CONFIGURE: Improve detection of xmlrpc_c flags

The pkg-config files for xmlrpc_c libraries are shipped just
in fedora/rhel due to downstream patch. Debian does not have
pkg-config files for xmlrpc_c. Therefore we need to fallback to older
method of detection XMLRPC_*FLAGS which was reverted
by the commit 1e0143c159134337a00a91d4ae64e614f72da62e
---
 configure.ac | 15 ++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 4d7a846..d99be0c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -171,7 +171,20 @@ PKG_CHECK_MODULES([SASL], [libsasl2])
 dnl ---
 dnl - Check for XMLRPC-C
 dnl ---
-PKG_CHECK_MODULES([XMLRPC], [xmlrpc xmlrpc_client xmlrpc_util])
+PKG_CHECK_MODULES([XMLRPC], [xmlrpc xmlrpc_client xmlrpc_util], [],
+  [try_xmlrpc_fallback=true])
+if test x"$try_xmlrpc_fallback" = xtrue; then
+XMLRPC_LIBS=
+AC_CHECK_HEADER([xmlrpc-c/base.h], [],
+[AC_MSG_ERROR([xmlrpc-c/base.h not found])])
+
+AC_CHECK_LIB([xmlrpc_client], [xmlrpc_client_init2],
+ [XMLRPC_LIBS="-lxmlrpc -lxmlrpc_client -lxmlrpc_util"])
+if test "x$XMLRPC_LIBS" = "x" ; then
+AC_MSG_ERROR([xmlrpc-c not found])
+fi
+AC_SUBST(XMLRPC_LIBS)
+fi
 
 dnl ---
 dnl - Check for libintl
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#599][synchronized] CONFIGURE: Improve error messages for optional dependencies

2017-03-15 Thread lslebodn

   URL: https://github.com/freeipa/freeipa/pull/599
Author: lslebodn
 Title: #599: CONFIGURE: Improve error messages for optional dependencies
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/599/head:pr599
git checkout pr599
From 9bfd00b011432de9d03ffa6264ecd41e0c9255fe Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 15 Mar 2017 13:45:21 +0100
Subject: [PATCH] CONFIGURE: Improve error messages for optional dependencies

https://www.redhat.com/archives/freeipa-devel/2017-March/msg00307.html
---
 configure.ac | 49 +++--
 1 file changed, 15 insertions(+), 34 deletions(-)

diff --git a/configure.ac b/configure.ac
index 4d7a846..d47421e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -381,25 +381,19 @@ AC_SUBST([i18ntests])
 AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"])
 
 AC_ARG_ENABLE([pylint],
-	AS_HELP_STRING([--enable-pylint],
-			   [Require pylint. Default is autodetection with
-			"python -m pylint".]),
+	AS_HELP_STRING([--disable-pylint],
+			   [skip Pylint in make lint target
+This feature is optional and aimed for checking issues in python code.
+You can skip this check wich configure time option --disable-pylint.]),
 	[PYLINT=$enableval],
-	[PYLINT=check]
+	[PYLINT=yes]
 )
-
 if test x$PYLINT != xno; then
 AC_MSG_CHECKING([for Pylint])
 $PYTHON -m pylint --version >/dev/null 2>&1
 if test "$?" != "0"; then
-if test x$PYLINT = xcheck; then
-PYLINT=no
-AC_MSG_NOTICE([cannot find optional pylint for $PYTHON])
-else
-AC_MSG_ERROR([cannot find pylint for $PYTHON])
-fi
+AC_MSG_ERROR([cannot find pylint for $PYTHON])
 else
-PYLINT=yes
 AC_MSG_RESULT([yes])
 fi
 fi
@@ -409,29 +403,16 @@ AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"])
 
 AC_ARG_WITH([jslint],
 AS_HELP_STRING([--with-jslint=[FILE]],
-   [path to JavaScript linter. Default is autodetection of
-   utility "jsl" ]),
-[JSLINT="$withval"],
-[JSLINT=check]
-)
-
-AS_CASE([$JSLINT],
-[yes], [AC_PATH_PROG([JSLINT], [jsl], [missing])
-if test $JSLINT = missing; then
-AC_MSG_FAILURE([jsl is missing])
-fi],
-[no], [],
-[check], [AC_PATH_PROG([JSLINT], [jsl], [no])],
-dnl user setting
-[if ! test -f "$JSLINT"; then
-AC_MSG_RESULT([$JSLINT non-existing])
-AC_MSG_FAILURE([invalid value $JSLINT for jsl])
- fi
- if ! test -x "$JSLINT"; then
-AC_MSG_RESULT([$JSLINT non-executable])
-AC_MSG_FAILURE([invalid value $JSLINT for jsl])
- fi]
+   [path to JavaScript linter.
+This feature is optional and aimed for web ui developers.
+You can skip this check wich configure time option --without-jslint]),
+dnl --without-jslint will set JSLINT=no
+[JSLINT=$with_jslint],
+[AC_PATH_PROG([JSLINT], [jsl])]
 )
+if test "x${JSLINT}" == "x"; then
+	AC_MSG_ERROR([cannot find JS lint])
+fi
 AC_SUBST([JSLINT])
 AM_CONDITIONAL([WITH_JSLINT], [test "x${JSLINT}" != "xno"])
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#599][comment] CONFIGURE: Improve error messages for optional dependencies

2017-03-15 Thread tiran

  URL: https://github.com/freeipa/freeipa/pull/599
Title: #599: CONFIGURE: Improve error messages for optional dependencies

tiran commented:
"""
NACK, you are changing the spirit of the accepted PR #502.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/599#issuecomment-286732300
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#598][closed] Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

2017-03-15 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/598
Author: tiran
 Title: #598: Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/598/head:pr598
git checkout pr598
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#598][comment] Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/598
Title: #598: Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

MartinBasti commented:
"""
master:

* b280c7bb0192485dfb622c731e31deb89d517b6f Add PYTHON_INSTALL_EXTRA_OPTIONS and 
--install-layout=deb
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/598#issuecomment-286731262
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#598][+pushed] Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/598
Title: #598: Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#599][opened] CONFIGURE: Improve error messages for optional dependencies

2017-03-15 Thread lslebodn

   URL: https://github.com/freeipa/freeipa/pull/599
Author: lslebodn
 Title: #599: CONFIGURE: Improve error messages for optional dependencies
Action: opened

PR body:
"""
https://www.redhat.com/archives/freeipa-devel/2017-March/msg00307.html
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/599/head:pr599
git checkout pr599
From ac15eb331ee1f0984709aa62338aec1b9a25e0b7 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 15 Mar 2017 13:45:21 +0100
Subject: [PATCH] CONFIGURE: Improve error messages for optional dependencies

https://www.redhat.com/archives/freeipa-devel/2017-March/msg00307.html
---
 configure.ac | 52 +++-
 1 file changed, 15 insertions(+), 37 deletions(-)

diff --git a/configure.ac b/configure.ac
index 4d7a846..39a4b2c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -381,25 +381,19 @@ AC_SUBST([i18ntests])
 AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"])
 
 AC_ARG_ENABLE([pylint],
-	AS_HELP_STRING([--enable-pylint],
-			   [Require pylint. Default is autodetection with
-			"python -m pylint".]),
+	AS_HELP_STRING([--disable-pylint],
+			   [skip Pylint in make lint target
+This feature is optional and aimed for checking issues in python code.
+You can skip this check wich configure time option --disable-pylint.]),
 	[PYLINT=$enableval],
-	[PYLINT=check]
+	[PYLINT=yes]
 )
-
 if test x$PYLINT != xno; then
 AC_MSG_CHECKING([for Pylint])
 $PYTHON -m pylint --version >/dev/null 2>&1
 if test "$?" != "0"; then
-if test x$PYLINT = xcheck; then
-PYLINT=no
-AC_MSG_NOTICE([cannot find optional pylint for $PYTHON])
-else
-AC_MSG_ERROR([cannot find pylint for $PYTHON])
-fi
+AC_MSG_ERROR([cannot find pylint for $PYTHON])
 else
-PYLINT=yes
 AC_MSG_RESULT([yes])
 fi
 fi
@@ -409,29 +403,16 @@ AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"])
 
 AC_ARG_WITH([jslint],
 AS_HELP_STRING([--with-jslint=[FILE]],
-   [path to JavaScript linter. Default is autodetection of
-   utility "jsl" ]),
-[JSLINT="$withval"],
-[JSLINT=check]
-)
-
-AS_CASE([$JSLINT],
-[yes], [AC_PATH_PROG([JSLINT], [jsl], [missing])
-if test $JSLINT = missing; then
-AC_MSG_FAILURE([jsl is missing])
-fi],
-[no], [],
-[check], [AC_PATH_PROG([JSLINT], [jsl], [no])],
-dnl user setting
-[if ! test -f "$JSLINT"; then
-AC_MSG_RESULT([$JSLINT non-existing])
-AC_MSG_FAILURE([invalid value $JSLINT for jsl])
- fi
- if ! test -x "$JSLINT"; then
-AC_MSG_RESULT([$JSLINT non-executable])
-AC_MSG_FAILURE([invalid value $JSLINT for jsl])
- fi]
+   [path to JavaScript linter.
+This feature is optional and aimed for web ui developers.
+You can skip this check wich configure time option --without-jslint]),
+dnl --without-jslint will set JSLINT=no
+[JSLINT=$with_jslint],
+[AC_PATH_PROG([JSLINT], [jsl])]
 )
+if test "x${JSLINT}" == "x"; then
+	AC_MSG_ERROR([cannot find JS lint])
+fi
 AC_SUBST([JSLINT])
 AM_CONDITIONAL([WITH_JSLINT], [test "x${JSLINT}" != "xno"])
 
@@ -544,9 +525,6 @@ echo "
 source code location: ${srcdir}
 compiler: ${CC}
 cflags:   ${CFLAGS}
-Python:   ${PYTHON}
-pylint:   ${PYLINT}
-jslint:   ${JSLINT}
 LDAP libs:${LDAP_LIBS}
 OpenSSL crypto libs:  ${CRYPTO_LIBS}
 KRB5 libs:${KRB5_LIBS}"
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#594][comment] Fix Python 3 pylint errors

2017-03-15 Thread tiran

  URL: https://github.com/freeipa/freeipa/pull/594
Title: #594: Fix Python 3 pylint errors

tiran commented:
"""
@stlaz I fixed the problem with shadowed builtin type ```type```.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/594#issuecomment-286729958
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#596][synchronized] spec file: support client-only build

2017-03-15 Thread HonzaCholasta

   URL: https://github.com/freeipa/freeipa/pull/596
Author: HonzaCholasta
 Title: #596: spec file: support client-only build
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/596/head:pr596
git checkout pr596
From 5daf14f50c596f967a614f33fbdabf45185013fb Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Wed, 15 Mar 2017 09:30:14 +0100
Subject: [PATCH 1/2] spec file: support build without ipatests

Build ipatests only if %with_ipatests RPM macro is specified.

By default the macro is specified if ONLY_CLIENT is not specified.

https://pagure.io/freeipa/issue/6517
---
 freeipa.spec.in | 29 -
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 20f8a4d..69b03d6 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -2,6 +2,16 @@
 # subpackages
 %{!?ONLY_CLIENT:%global ONLY_CLIENT 0}
 
+# Build with ipatests
+%if ! %{ONLY_CLIENT}
+%global with_ipatests 1
+%endif
+%if 0%{?with_ipatests}
+%global with_ipatests_option --with-ipatests
+%else
+%global with_ipatests_option --without-ipatests
+%endif
+
 %if 0%{?rhel}
 %global with_python3 0
 %else
@@ -711,7 +721,7 @@ and integration with Active Directory based infrastructures (Trusts).
 If you are using IPA, you need to install this package.
 
 
-%if ! %{ONLY_CLIENT}
+%if 0%{?with_ipatests}
 
 %package -n python2-ipatests
 Summary: IPA tests and test tools
@@ -779,7 +789,7 @@ This package contains tests that verify IPA functionality under Python 3.
 
 %endif # with_python3
 
-%endif # ONLY_CLIENT
+%endif # with_ipatests
 
 
 %prep
@@ -806,6 +816,7 @@ find \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
 %configure --with-vendor-suffix=-%{release} \
+   %{with_ipatests_option} \
%{linter_options}
 
 # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405
@@ -823,6 +834,7 @@ find \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \;
 %configure --with-vendor-suffix=-%{release} \
+   %{with_ipatests_option} \
%{linter_options}
 popd
 %endif # with_python3
@@ -858,19 +870,26 @@ pushd %{_builddir}/freeipa-%{version}-python3
 (cd ipaplatform && %make_install)
 (cd ipapython && %make_install)
 (cd ipaserver && %make_install)
+%if 0%{?with_ipatests}
 (cd ipatests && %make_install)
+%endif # with_ipatests
 popd
 
+%if 0%{?with_ipatests}
 mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version}
 mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python3_version}
 mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python3_version}
 ln -s %{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3
 ln -s %{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3
 ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3
+%endif # with_ipatests
+
 %endif # with_python3
 
 # Python 2 installation
 %make_install
+
+%if 0%{?with_ipatests}
 mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version}
 mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python2_version}
 mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python2_version}
@@ -881,7 +900,7 @@ ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-tes
 ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests
 ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config
 ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task
-
+%endif # with_ipatests
 
 # remove files which are useful only for make uninstall
 find %{buildroot} -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;
@@ -1451,7 +1470,7 @@ fi
 %endif # with_python3
 
 
-%if ! %{ONLY_CLIENT}
+%if 0%{?with_ipatests}
 
 %files -n python2-ipatests
 %defattr(-,root,root,-)
@@ -1489,7 +1508,7 @@ fi
 
 %endif # with_python3
 
-%endif # ONLY_CLIENT
+%endif # with_ipatests
 
 
 %changelog

From 7e671936370353b884c170201df3b2c6b15e6d1d Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Wed, 15 Mar 2017 07:48:29 +0100
Subject: [PATCH 2/2] spec file: support client-only build

nspr-devel, nss-devel and openssl-devel are required for client-only build,
move their respective BuildRequires from the server-specific BuildRequires
section to the main BuildRequires section.

Pass --enable-server or --disable-server to ./configure based on the value
of %{ONLY_CLIENT}.

Remove the `make client-check` call from %check, as the client-check target
does not exist anymore. Always call

[Freeipa-devel] [freeipa PR#596][comment] spec file: support client-only build

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/596
Title: #596: spec file: support client-only build

HonzaCholasta commented:
"""
Now that PR #502 was pushed this should finally work.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/596#issuecomment-286729368
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread pvoborni

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

pvoborni commented:
"""
If it improves messages then I assume so provided that in won't be 
controversial in other aspects.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286729103
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][closed] Make pylint and jsl optional

2017-03-15 Thread HonzaCholasta

   URL: https://github.com/freeipa/freeipa/pull/502
Author: tiran
 Title: #502: Make pylint and jsl optional
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/502/head:pr502
git checkout pr502
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

HonzaCholasta commented:
"""
master:

* f1f63506caf88e4d86ea2bfdc7d25eceaf689bc5 Make pylint and jsl optional
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286728890
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][+pushed] Make pylint and jsl optional

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

lslebodn commented:
"""
On (15/03/17 05:32), Petr Vobornik wrote:
>In any case spending so much time discussing so minor change is a waste of 
>time. I'd push it.
>
Will you accept patch whith improves error messages?

I can send it in few minutes; I do not want to creat PR which will be rejected.

LS

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286728710
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#598][+ack] Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/598
Title: #598: Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread tiran

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

tiran commented:
"""
@pvoborni For the use case "easy for developers" the ```make lint``` target is 
not sufficient. It tests only a small subset and doesn't check Python 3 issues. 
PR #593 provides a better alternative for a pre-commit patch check that takes 
care of linting on Python 2 and 3 plus additional checks.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286728373
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#596][comment] spec file: support client-only build

2017-03-15 Thread pvomacka

  URL: https://github.com/freeipa/freeipa/pull/596
Title: #596: spec file: support client-only build

pvomacka commented:
"""
ipa server build without tests does not work, so NACK
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/596#issuecomment-286728170
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread pvoborni

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

pvoborni commented:
"""
There was no result in the upstream discussion. My personal opinion is that one 
way or the other can work. They are for different use cases. I tend to prefer 
the "be easier for developer" approach. That said, preferred method for 
downstreams needs to be documented ideally in BUILD.txt.

In any case spending so much time discussing so minor change is a waste of 
time. I'd push it.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286727867
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#598][comment] Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

2017-03-15 Thread tjaalton

  URL: https://github.com/freeipa/freeipa/pull/598
Title: #598: Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

tjaalton commented:
"""
Yep, works great, thanks!
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/598#issuecomment-286727748
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

HonzaCholasta commented:
"""
4.5.1 will be an official release too.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286727609
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

lslebodn commented:
"""
On (15/03/17 05:17), Jan Cholasta wrote:
>@lslebodn, nobody said that this has to be the last lint build related patch 
>ever, we can change the behavior later, even on top of this PR. I would rather 
>push this now and continue the discussion / submit additional PRs after 4.5 is 
>released.
>
But it would be good to have patch/approach in **official release**
which was result of upstream discussion.

Does it mean that I should improve error messages myself?

LS

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286726459
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

HonzaCholasta commented:
"""
@lslebodn, nobody said that this has to be the last lint build related patch 
ever, we can change the behavior later, even on top of this PR. I would rather 
push this now and continue the discussion / submit additional PRs after 4.5 is 
released.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286724681
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

lslebodn commented:
"""
On (14/03/17 16:05), Christian Heimes wrote:
>https://github.com/freeipa/freeipa/pull/502#issue-209980292
>
>two thumbs up, one heart, no thumbs down
>

My naive assumption was that discussion about apprach was moved
to freipa-devel.

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286721796
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

lslebodn commented:
"""
>PR #593 is not related to default yes; It is about something else.

Current version does not fix concerns; because default should be yes as it was 
discussed in 
https://www.redhat.com/archives/freeipa-devel/2017-March/msg00371.html

I looks like upstream discussion is useless. And nobody cares about other 
distributions then fedora/rhel which can parse recommendation form upstream 
spec file.

I am really disappointed from such upstream unfriendly approach.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286718251
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#596][comment] spec file: support client-only build

2017-03-15 Thread pvomacka

  URL: https://github.com/freeipa/freeipa/pull/596
Title: #596: spec file: support client-only build

pvomacka commented:
"""
@HonzaCholasta Thank you for update - only client build on Fedora now works. So 
ACK once the travis pass.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/596#issuecomment-286720580
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

lslebodn commented:
"""
>PR #593 is not related to default yes; It is about something else.

Current version does not fix concerns; because default should be yes as it was 
discussed in 
https://www.redhat.com/archives/freeipa-devel/2017-March/msg00371.html

I looks like upstream discussion is useless. And nobody cares about other 
distributions then them fedora/rhel which can parse recommendation form 
upstream spec file.

I am really disappointed from such upstream unfriendly approach.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286718251
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

lslebodn commented:
"""
> This PR makes packaging IPA 4.5 on RHEL 7 easier for me, so thumbs up from me.
I understand it is more convenient to have less extra configure options in rhel;
But it was discussed on upstream mailing list and better error messages would 
give such hints to everyone. 
https://www.redhat.com/archives/freeipa-devel/2017-March/msg00308.html

@HonzaCholasta it would be good if you add comment also to upstream discussion; 
if you prefer autodetection. It would be good if result of discussion is the 
same as pushed patch.
https://www.redhat.com/archives/freeipa-devel/2017-March/msg00371.html

Current version will not persuade other distributions(debian; openSUSE) to run 
pylint as part of build.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286719902
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-15 Thread lslebodn

  URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional

lslebodn commented:
"""
> This PR makes packaging IPA 4.5 on RHEL 7 easier for me, so thumbs up from me.
I understand it is more convenient to have less extra configure options in rhel;
But it was discussed on upstream mailing list and better error messages would 
give such hints to everyone. 
https://www.redhat.com/archives/freeipa-devel/2017-March/msg00308.html

@HonzaCholasta it would be good if you add comment also to upstream discussion; 
if you prefer autodetection. It would be good if result of discussion is the 
same as pushed patch.
https://www.redhat.com/archives/freeipa-devel/2017-March/msg00371.html

Current version will not persuade other distributions(debian; openSUSE) to run 
pylint as part of build.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/502#issuecomment-286719902
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#598][comment] Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

2017-03-15 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/598
Title: #598: Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb

MartinBasti commented:
"""
@tjaalton could you please check this PR?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/598#issuecomment-286719071
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

1 2 >

1 - 100 of 175 matches

Mail list logo