[Freeipa-devel] [freeipa PR#680][opened] ipa-otpd.socket.in: Use a platform specific value for KDC service file
URL: https://github.com/freeipa/freeipa/pull/680 Author: tjaalton Title: #680: ipa-otpd.socket.in: Use a platform specific value for KDC service file Action: opened PR body: """ https://pagure.io/freeipa/issue/6845 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/680/head:pr680 git checkout pr680 From d76c38b16f4b18bbbc554867f0bdc15f757dd483 Mon Sep 17 00:00:00 2001 From: Timo Aaltonen Date: Sat, 1 Apr 2017 02:18:15 +0300 Subject: [PATCH] ipa-otpd.socket.in: Use a platform specific value for KDC service file https://pagure.io/freeipa/issue/6845 --- configure.ac| 2 ++ daemons/ipa-otpd/Makefile.am| 1 + daemons/ipa-otpd/ipa-otpd.socket.in | 2 +- server.m4 | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index b006ccc..22faf43 100644 --- a/configure.ac +++ b/configure.ac @@ -330,11 +330,13 @@ AC_SUBST([IPAPLATFORM]) AC_MSG_RESULT([${IPAPLATFORM}]) if test "x${IPAPLATFORM}" == "xdebian"; then +KRB5KDC_SERVICE="krb5-kdc.service" NAMED_GROUP="bind" ODS_USER="opendnssec" # see https://www.debian.org/doc/packaging-manuals/python-policy/ap-packaging_tools.html PYTHON_INSTALL_EXTRA_OPTIONS="--install-layout=deb" else +KRB5KDC_SERVICE="krb5kdc.service" NAMED_GROUP="named" ODS_USER="ods" PYTHON_INSTALL_EXTRA_OPTIONS="" diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am index 9ba6237..923e16e 100644 --- a/daemons/ipa-otpd/Makefile.am +++ b/daemons/ipa-otpd/Makefile.am @@ -11,6 +11,7 @@ ipa_otpd_SOURCES = bind.c forward.c main.c parse.c query.c queue.c stdio.c %.socket: %.socket.in @sed -e 's|@krb5rundir[@]|$(krb5rundir)|g' \ + -e 's|@KRB5KDC_SERVICE[@]|$(KRB5KDC_SERVICE)|g' \ -e 's|@UNLINK[@]|@UNLINK@|g' \ $< > $@ diff --git a/daemons/ipa-otpd/ipa-otpd.socket.in b/daemons/ipa-otpd/ipa-otpd.socket.in index e98a73f..b27530c 100644 --- a/daemons/ipa-otpd/ipa-otpd.socket.in +++ b/daemons/ipa-otpd/ipa-otpd.socket.in @@ -8,4 +8,4 @@ SocketMode=0600 Accept=true [Install] -WantedBy=krb5kdc.service +WantedBy=@KRB5KDC_SERVICE@ diff --git a/server.m4 b/server.m4 index 346d73e..40f85a6 100644 --- a/server.m4 +++ b/server.m4 @@ -53,6 +53,7 @@ KRAD_LIBS="-lkrad" krb5rundir="${localstatedir}/run/krb5kdc" AC_SUBST(KRAD_LIBS) AC_SUBST(krb5rundir) +AC_SUBST([KRB5KDC_SERVICE]) dnl --- dnl - Check for UUID library -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#679][opened] Make sure remote hosts have our keys
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: opened PR body: """ In complex replication setups a replica may try to obtain CA keys from a host that is not the master we initially create the keys against. In this case race conditions may happen due to replication. So we need to make sure the server we are contacting to get the CA keys has our keys in LDAP. We do this by waiting to positively fetch our encryption public key (the last one we create) from the target host LDAP server. Fixes: https://pagure.io/freeipa/issue/6688 Signed-off-by: Simo Sorce """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/679/head:pr679 git checkout pr679 From f51e478fb79cda153a6d0483369f0159088423fb Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 31 Mar 2017 11:22:45 -0400 Subject: [PATCH] Make sure remote hosts have our keys In complex replication setups a replica may try to obtain CA keys from a host that is not the master we initially create the keys against. In this case race conditions may happen due to replication. So we need to make sure the server we are contacting to get the CA keys has our keys in LDAP. We do this by waiting to positively fetch our encryption public key (the last one we create) from the target host LDAP server. Fixes: https://pagure.io/freeipa/issue/6688 Signed-off-by: Simo Sorce --- ipaserver/install/custodiainstance.py | 27 +-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index 6a61392..4d6e7ba 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -1,15 +1,17 @@ # Copyright (C) 2015 FreeIPa Project Contributors, see 'COPYING' for license. -from ipaserver.secrets.kem import IPAKEMKeys +from custodia.message.kem import KEY_USAGE_ENC +from ipaserver.secrets.kem import IPAKEMKeys, KEMLdap from ipaserver.secrets.client import CustodiaClient from ipaplatform.paths import paths from ipaplatform.constants import constants from ipaserver.install.service import SimpleServiceInstance -from ipapython import ipautil +from ipapython import ipautil, ipaldap from ipapython.ipa_log_manager import root_logger from ipapython.certdb import NSSDatabase from ipaserver.install import installutils from ipaserver.install import ldapupdate +from ipaserver.install import replication from ipaserver.install import sysupgrade from base64 import b64decode from jwcrypto.common import json_decode @@ -18,6 +20,7 @@ import os import stat import tempfile +import time import pwd @@ -122,6 +125,22 @@ def import_dm_password(self, master_host_name): cli = self.__CustodiaClient(server=master_host_name) cli.fetch_key('dm/DMHash') +def __wait_keys(self, host, timeout=300): +ldap_uri = 'ldap://%s' % host +principal = 'host/%s@%s' % (self.fqdn, self.realm) +deadline = int(time.time()) + timeout + +result = None +konn = KEMLdap(ldap_uri) +while True: +try: +konn.get_key(KEY_USAGE_ENC, principal) +return +except Exception as e: +if int(time.time()) > deadline: +raise e +time.sleep(1) + def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data): # Fecth all needed certs one by one, then combine them in a single # p12 file @@ -129,6 +148,10 @@ def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data): prefix = data['prefix'] certlist = data['list'] +# Before we attempt to fetch keys from this host, make sure our public +# keys have been replicated there. +sel.__wait_keys(ca_host) + cli = self.__CustodiaClient(server=ca_host) # Temporary nssdb -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ I haven't tested this yet ... but what could possibily go wrong? :-) """ See the full comment at https://github.com/freeipa/freeipa/pull/679#issuecomment-290762100 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/679/head:pr679 git checkout pr679 From f2835bfcef51e10f05aa1f699e0a79206c55e554 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 31 Mar 2017 11:22:45 -0400 Subject: [PATCH] Make sure remote hosts have our keys In complex replication setups a replica may try to obtain CA keys from a host that is not the master we initially create the keys against. In this case race conditions may happen due to replication. So we need to make sure the server we are contacting to get the CA keys has our keys in LDAP. We do this by waiting to positively fetch our encryption public key (the last one we create) from the target host LDAP server. Fixes: https://pagure.io/freeipa/issue/6688 Signed-off-by: Simo Sorce --- ipaserver/install/custodiainstance.py | 29 +++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index 6a61392..f560172 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -1,15 +1,17 @@ # Copyright (C) 2015 FreeIPa Project Contributors, see 'COPYING' for license. -from ipaserver.secrets.kem import IPAKEMKeys +from custodia.message.kem import KEY_USAGE_ENC +from ipaserver.secrets.kem import IPAKEMKeys, KEMLdap from ipaserver.secrets.client import CustodiaClient from ipaplatform.paths import paths from ipaplatform.constants import constants from ipaserver.install.service import SimpleServiceInstance -from ipapython import ipautil +from ipapython import ipautil, ipaldap from ipapython.ipa_log_manager import root_logger from ipapython.certdb import NSSDatabase from ipaserver.install import installutils from ipaserver.install import ldapupdate +from ipaserver.install import replication from ipaserver.install import sysupgrade from base64 import b64decode from jwcrypto.common import json_decode @@ -18,6 +20,7 @@ import os import stat import tempfile +import time import pwd @@ -122,6 +125,24 @@ def import_dm_password(self, master_host_name): cli = self.__CustodiaClient(server=master_host_name) cli.fetch_key('dm/DMHash') +def __wait_keys(self, host, timeout=300): +ldap_uri = 'ldap://%s' % host +principal = 'host/%s@%s' % (self.fqdn, self.realm) +deadline = int(time.time()) + timeout +root_logger.info("Waiting up to {} seconds to see our keys " + "appear on host: {}".format(timeout, host)) + +result = None +konn = KEMLdap(ldap_uri) +while True: +try: +konn.get_key(KEY_USAGE_ENC, principal) +return +except Exception: +if int(time.time()) > deadline: +raise +time.sleep(1) + def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data): # Fecth all needed certs one by one, then combine them in a single # p12 file @@ -129,6 +150,10 @@ def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data): prefix = data['prefix'] certlist = data['list'] +# Before we attempt to fetch keys from this host, make sure our public +# keys have been replicated there. +sel.__wait_keys(ca_host) + cli = self.__CustodiaClient(server=ca_host) # Temporary nssdb -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/679/head:pr679 git checkout pr679 From cefe3dfb81d0a78072fa03c14e6265c261bae162 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 31 Mar 2017 11:22:45 -0400 Subject: [PATCH] Make sure remote hosts have our keys In complex replication setups a replica may try to obtain CA keys from a host that is not the master we initially create the keys against. In this case race conditions may happen due to replication. So we need to make sure the server we are contacting to get the CA keys has our keys in LDAP. We do this by waiting to positively fetch our encryption public key (the last one we create) from the target host LDAP server. Fixes: https://pagure.io/freeipa/issue/6688 Signed-off-by: Simo Sorce --- ipaserver/install/custodiainstance.py | 28 ++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index 6a61392..38035b4 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -1,15 +1,17 @@ # Copyright (C) 2015 FreeIPa Project Contributors, see 'COPYING' for license. -from ipaserver.secrets.kem import IPAKEMKeys +from custodia.message.kem import KEY_USAGE_ENC +from ipaserver.secrets.kem import IPAKEMKeys, KEMLdap from ipaserver.secrets.client import CustodiaClient from ipaplatform.paths import paths from ipaplatform.constants import constants from ipaserver.install.service import SimpleServiceInstance -from ipapython import ipautil +from ipapython import ipautil, ipaldap from ipapython.ipa_log_manager import root_logger from ipapython.certdb import NSSDatabase from ipaserver.install import installutils from ipaserver.install import ldapupdate +from ipaserver.install import replication from ipaserver.install import sysupgrade from base64 import b64decode from jwcrypto.common import json_decode @@ -18,6 +20,7 @@ import os import stat import tempfile +import time import pwd @@ -122,6 +125,23 @@ def import_dm_password(self, master_host_name): cli = self.__CustodiaClient(server=master_host_name) cli.fetch_key('dm/DMHash') +def __wait_keys(self, host, timeout=300): +ldap_uri = 'ldap://%s' % host +principal = 'host/%s@%s' % (self.fqdn, self.realm) +deadline = int(time.time()) + timeout +root_logger.info("Waiting to see our keys appear on %s".format(host)) + +result = None +konn = KEMLdap(ldap_uri) +while True: +try: +konn.get_key(KEY_USAGE_ENC, principal) +return +except Exception: +if int(time.time()) > deadline: +raise +time.sleep(1) + def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data): # Fecth all needed certs one by one, then combine them in a single # p12 file @@ -129,6 +149,10 @@ def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data): prefix = data['prefix'] certlist = data['list'] +# Before we attempt to fetch keys from this host, make sure our public +# keys have been replicated there. +sel.__wait_keys(ca_host) + cli = self.__CustodiaClient(server=ca_host) # Temporary nssdb -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] [WIP] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: [WIP] Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 3b4c9f34c7c5617e2f6dcaac9501072a9fc2880c Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Signed-off-by: Christian Heimes --- .gitignore | 2 ++ .tox-install.sh | 72 Makefile.am | 14 +++--- configure.ac | 1 + ipatests/conftest.py | 5 ++-- tox.ini | 38 +++ 6 files changed, 126 insertions(+), 6 deletions(-) create mode 100755 .tox-install.sh create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..ab4a4c5 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,72 @@ +#!/bin/bash +set -x + +PYTHON="$1" +ENVSITEPACKAGESDIR="$2" +# 3...end are package requirements +shift 2 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${PYTHON}" ]; then +echo "${PYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +PYTHON="${PYTHON}" \ +IPA_EXTRA_SUBDIRS="ipatests" \ +wheel_bundle + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# build additional wheels, e.g. pylint +$PYTHON -m pip wheel \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +--wheel-dir "${DISTBUNDLE}" \ +$@ + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$PYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd diff --git a/Makefile.am b/Makefile.am index efa8b73..d1bb12c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -252,7 +254,10 @@ jslint-html: jsl -nologo -nosummary -nofilelisting -conf jsl.conf endif # WITH_JSLINT -.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages +# Python wheels +# IPA_EXTRA_SUBDIRS: extra subdirs to build wheels (e.g. ipatests) + +.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @@ -263,19 +268,20 @@ $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) bdist_wheel: $(WHEELDISTDIR) - for dir in $(IPACLIENT_SUBDIRS); do \ + rm -f $(foreach item,$(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS),$(WHEELDISTDIR)/$(item)-*.whl) + for dir in $(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS); do \ $(MAKE) $(AM_MAKEFLAGS) -C $${dir} $@ || exit 1; \ done wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints - rm -f $(foreach item,$(IPACLIENT_SUBDIRS),$(WHEELBUNDLEDIR)/$(item)-*.whl) + rm -f $(foreach item,$(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS),$(WHEELBUNDLEDIR)/$(item)-*.whl) $(PYTHON) -m pip wheel \ --disable-pip-version-check \ --constraint .wheelconstraints \ --find-links $(WHEELDISTDIR) \ --find-links $(WHEELBUNDLEDIR) \ --wheel-dir $(WHEELBUNDLEDIR) \ - $(IPACLIENT_SUBDIRS) + $(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS) wheel_placeholder: $(WHEELDISTDIR) for dir in $(IPA_PLACEHOLDERS); do \ diff --git a/configure.a
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ @MartinBasti ```dbus-devel``` is in the ```with_wheels``` section. Documentation is part of https://pagure.io/freeipa/issue/6842 . """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290727605 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][synchronized] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Author: tiran Title: #397: Improve wheel building and provide ipaserver wheel for local testing Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/397/head:pr397 git checkout pr397 From 6419040e0bcf726232f30c4020fbea9bb9e10376 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 17 Jan 2017 08:49:54 +0100 Subject: [PATCH 1/3] Conditionally import pyhbac The pyhbac module is part of SSSD. It's not available as stand-alone PyPI package. It would take a lot of effort to package it because the code is deeply tight into SSSD. Let's follow the example of other SSSD Python packages and make the import of pyhbac conditionally. It's only necessary for caacl and hbactest plugins. I renamed convert_to_ipa_rule() to _convert_to_ipa_rule() because it does not check for presence of pyhbac package itself. The check is performed earlier in execute(). The prefix indicates that it is an internal function and developers have to think twice before using it in another place. This makes it much easier to install ipaserver with instrumented build of Python with a different ABI or in isolated virtual envs to profile and debug the server. Signed-off-by: Christian Heimes --- ipaserver/plugins/caacl.py| 86 - ipaserver/plugins/cert.py | 90 ++- ipaserver/plugins/hbactest.py | 19 +++-- 3 files changed, 105 insertions(+), 90 deletions(-) diff --git a/ipaserver/plugins/caacl.py b/ipaserver/plugins/caacl.py index ff1178a..43a397d 100644 --- a/ipaserver/plugins/caacl.py +++ b/ipaserver/plugins/caacl.py @@ -2,12 +2,10 @@ # Copyright (C) 2015 FreeIPA Contributors see COPYING for license # -import pyhbac import six from ipalib import api, errors, output from ipalib import Bool, Str, StrEnum -from ipalib.constants import IPA_CA_CN from ipalib.plugable import Registry from .baseldap import ( LDAPObject, LDAPSearch, LDAPCreate, LDAPDelete, LDAPQuery, @@ -80,90 +78,6 @@ register = Registry() -def _acl_make_request(principal_type, principal, ca_id, profile_id): -"""Construct HBAC request for the given principal, CA and profile""" - -req = pyhbac.HbacRequest() -req.targethost.name = ca_id -req.service.name = profile_id -if principal_type == 'user': -req.user.name = principal.username -elif principal_type == 'host': -req.user.name = principal.hostname -elif principal_type == 'service': -req.user.name = unicode(principal) -groups = [] -if principal_type == 'user': -user_obj = api.Command.user_show(principal.username)['result'] -groups = user_obj.get('memberof_group', []) -groups += user_obj.get('memberofindirect_group', []) -elif principal_type == 'host': -host_obj = api.Command.host_show(principal.hostname)['result'] -groups = host_obj.get('memberof_hostgroup', []) -groups += host_obj.get('memberofindirect_hostgroup', []) -req.user.groups = sorted(set(groups)) -return req - - -def _acl_make_rule(principal_type, obj): -"""Turn CA ACL object into HBAC rule. - -``principal_type`` -String in {'user', 'host', 'service'} -""" -rule = pyhbac.HbacRule(obj['cn'][0]) -rule.enabled = obj['ipaenabledflag'][0] -rule.srchosts.category = {pyhbac.HBAC_CATEGORY_ALL} - -# add CA(s) -if 'ipacacategory' in obj and obj['ipacacategory'][0].lower() == 'all': -rule.targethosts.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -# For compatibility with pre-lightweight-CAs CA ACLs, -# no CA members implies the host authority (only) -rule.targethosts.names = obj.get('ipamemberca_ca', [IPA_CA_CN]) - -# add profiles -if ('ipacertprofilecategory' in obj -and obj['ipacertprofilecategory'][0].lower() == 'all'): -rule.services.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -attr = 'ipamembercertprofile_certprofile' -rule.services.names = obj.get(attr, []) - -# add principals and principal's groups -category_attr = '{}category'.format(principal_type) -if category_attr in obj and obj[category_attr][0].lower() == 'all': -rule.users.category = {pyhbac.HBAC_CATEGORY_ALL} -else: -if principal_type == 'user': -rule.users.names = obj.get('memberuser_user', []) -rule.users.groups = obj.get('memberuser_group', []) -elif principal_type == 'host': -rule.users.names = obj.get('memberhost_host', []) -rule.users.groups = obj.get('memberhost_hostgroup', []) -elif principal_type == 'service': -rule.users.names = [ -unicode(principal) -for principal in obj.get('memberservice_service', []) -] - -return rule - - -def acl_evaluate(principal, ca_id, p
[Freeipa-devel] [freeipa PR#675][synchronized] [WIP] Fix PKCS11 helper
URL: https://github.com/freeipa/freeipa/pull/675 Author: MartinBasti Title: #675: [WIP] Fix PKCS11 helper Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/675/head:pr675 git checkout pr675 From 81d4ff3c579c7b3181f0736619fecd85838604a7 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 29 Mar 2017 18:53:11 +0200 Subject: [PATCH] Fix PKCS11 helper Slots in HSM are not assigned statically, we have to chose proper slot from token label. Softhsm i2.2.0 changed this behavior and now slots can change over time (it is allowed by pkcs11 standard). Changelog: * created method get_slot() that returns slot number from used label * replaces usage of slot in __init__ method of P11_Helper with label * slot is dynamically detected from token label before session is opened * pkcs11-util --init-token now uses '--free' instead '--slot' which uses first free slot (we don't care about slot numbers anymore) https://pagure.io/freeipa/issue/6692 --- ipalib/constants.py | 2 + ipaserver/install/dnskeysyncinstance.py | 8 +-- ipaserver/install/opendnssecinstance.py | 7 ++- ipaserver/p11helper.py | 93 + 4 files changed, 93 insertions(+), 17 deletions(-) diff --git a/ipalib/constants.py b/ipalib/constants.py index f8a194c..e604bb4 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -313,3 +313,5 @@ '.cache' ) ) + +SOFTHSM_DNSSEC_TOKEN_LABEL = u'ipaDNSSEC' diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py index 861a170..8817f25 100644 --- a/ipaserver/install/dnskeysyncinstance.py +++ b/ipaserver/install/dnskeysyncinstance.py @@ -23,9 +23,9 @@ from ipaplatform.constants import constants from ipaplatform.paths import paths from ipalib import errors, api +from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL from ipaserver.install.bindinstance import dns_container_exists -softhsm_token_label = u'ipaDNSSEC' softhsm_slot = 0 replica_keylabel_template = u"dnssec-replica:%s" @@ -254,8 +254,8 @@ def __setup_softhsm(self): command = [ paths.SOFTHSM2_UTIL, '--init-token', -'--slot', str(softhsm_slot), -'--label', softhsm_token_label, +'--free', # use random free slot +'--label', SOFTHSM_DNSSEC_TOKEN_LABEL, '--pin', pin, '--so-pin', pin_so, ] @@ -274,7 +274,7 @@ def __setup_replica_keys(self): pin = f.read() os.environ["SOFTHSM2_CONF"] = paths.DNSSEC_SOFTHSM2_CONF -p11 = _ipap11helper.P11_Helper(softhsm_slot, pin, paths.LIBSOFTHSM2_SO) +p11 = _ipap11helper.P11_Helper(SOFTHSM_DNSSEC_TOKEN_LABEL, pin, paths.LIBSOFTHSM2_SO) try: # generate replica keypair diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py index 467f1f0..2af4d29 100644 --- a/ipaserver/install/opendnssecinstance.py +++ b/ipaserver/install/opendnssecinstance.py @@ -20,10 +20,9 @@ from ipaplatform.paths import paths from ipalib import errors, api from ipaserver import p11helper -from ipaserver.install import dnskeysyncinstance +from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL KEYMASTER = u'dnssecKeyMaster' -softhsm_slot = 0 def get_dnssec_key_masters(conn): @@ -68,7 +67,7 @@ def __init__(self, fstore=None): self.ods_gid = None self.conf_file_dict = { 'SOFTHSM_LIB': paths.LIBSOFTHSM2_SO, -'TOKEN_LABEL': dnskeysyncinstance.softhsm_token_label, +'TOKEN_LABEL': SOFTHSM_DNSSEC_TOKEN_LABEL, 'KASP_DB': paths.OPENDNSSEC_KASP_DB, 'ODS_USER': constants.ODS_USER, 'ODS_GROUP': constants.ODS_GROUP, @@ -237,7 +236,7 @@ def __generate_master_key(self): pin = f.read() os.environ["SOFTHSM2_CONF"] = paths.DNSSEC_SOFTHSM2_CONF -p11 = p11helper.P11_Helper(softhsm_slot, pin, paths.LIBSOFTHSM2_SO) +p11 = p11helper.P11_Helper(SOFTHSM_DNSSEC_TOKEN_LABEL, pin, paths.LIBSOFTHSM2_SO) try: # generate master key root_logger.debug("Creating master key") diff --git a/ipaserver/p11helper.py b/ipaserver/p11helper.py index 5963c6d..9b9557a 100644 --- a/ipaserver/p11helper.py +++ b/ipaserver/p11helper.py @@ -30,6 +30,7 @@ }; typedef unsigned long CK_SLOT_ID; +typedef CK_SLOT_ID *CK_SLOT_ID_PTR; typedef unsigned long CK_SESSION_HANDLE; @@ -43,6 +44,13 @@ typedef unsigned long CK_ATTRIBUTE_TYPE; +typedef unsigned long ck_flags_t; + +typedef unsigned char CK_BBOOL; + +typedef unsigned long int CK_ULONG; +typedef CK_ULONG *CK_ULONG_PTR; + struct _CK_ATTRIBUTE { CK_ATTRIBUTE_TYPE type; @@ -59,6 +67,31 @@ unsigned long ulParameterLen; }; +struct _CK_TOKEN_INFO +{ + unsigned char label[32]; + unsigned char manufacturer_id[32];
[Freeipa-devel] [freeipa PR#593][+pushed] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][closed] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers MartinBasti commented: """ master: * e357133fd7b276ccabfe1896ee948f2bb3541d94 Add make devcheck for developers * 6c092c24b2bfbba0a3f263d88f7a0dbf83f24869 Skip test_session_storage in ipaclient unittest mode ipa-4-5: * 89ab24f1fbb58feb603d60503c685ebad41a4237 Add make devcheck for developers * c80adf6e0d16f807f90479660af22540cd92d774 Skip test_session_storage in ipaclient unittest mode """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290691783 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing MartinBasti commented: """ So put it into specfile to `with_wheels` section """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290691425 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing MartinBasti commented: """ And document in `BUILD.txt` how to build wheels """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290691545 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ You need dbus-devel package. I opened https://pagure.io/freeipa/issue/6842 to track lack of documentation. """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290689299 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing MartinBasti commented: """ Build failed: ``` make wheel_bundle IPA_SERVER_WHEELS=1 ... checking for DBUS... no configure: error: Package requirements (dbus-1 >= 1.6) were not met: No package 'dbus-1' found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables DBUS_CFLAGS and DBUS_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. Traceback (most recent call last): File "", line 1, in File "/tmp/pip-build-l97uxR/dbus-python/setup.py", line 106, in 'build_ext': BuildExt, File "/usr/lib64/python2.7/distutils/core.py", line 151, in setup dist.run_commands() File "/usr/lib64/python2.7/distutils/dist.py", line 953, in run_commands self.run_command(cmd) File "/usr/lib64/python2.7/distutils/dist.py", line 972, in run_command cmd_obj.run() File "/usr/lib/python2.7/site-packages/wheel/bdist_wheel.py", line 199, in run self.run_command('build') File "/usr/lib64/python2.7/distutils/cmd.py", line 326, in run_command self.distribution.run_command(command) File "/usr/lib64/python2.7/distutils/dist.py", line 972, in run_command cmd_obj.run() File "/tmp/pip-build-l97uxR/dbus-python/setup.py", line 62, in run cwd=builddir) File "/usr/lib64/python2.7/subprocess.py", line 186, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['/tmp/pip-build-l97uxR/dbus-python/configure', '--disable-maintainer-mode', 'PYTHON=/usr/bin/python', '--prefix=/tmp/pip-build-l97uxR/dbus-python/build/temp.linux-x86_64-2.7/prefix']' returned non-zero exit status 1 Failed building wheel for dbus-python Running setup.py clean for dbus-python Running setup.py bdist_wheel for MarkupSafe ... done Stored in directory: /tmp/freeipa/dist/bundle Running setup.py bdist_wheel for pycparser ... done Stored in directory: /tmp/freeipa/dist/bundle Running setup.py bdist_wheel for configparser ... done Stored in directory: /tmp/freeipa/dist/bundle Successfully built cryptography python-yubico pyusb python-nss pyldap netifaces gssapi MarkupSafe pycparser configparser Failed to build dbus-python ERROR: Failed to build one or more wheels Makefile:1222: recipe for target 'wheel_bundle' failed ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290682068 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From 0e12da497bed19bf28151a284f097bc0f230cdd6 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH 1/2] Add make devcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make devcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes --- Makefile.am | 31 - configure.ac| 12 ++ ipatests/test_ipapython/test_session_storage.py | 1 - 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..efa8b73 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: devcheck +devcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..b006ccc 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for devcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index a89fdd9..e050869 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapython/test_session_storage.py @@ -5,7 +5,6 @@ """ Test the `session_storage.py` module. """ - from ipapython import session_storage From 9ab173e5428bb0e0c6a6d536a1e178a10ff34997 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 31 Mar 2017 10:53:59 +0200 Subject: [PATCH 2/2] Skip test_session_storage in ipaclient unittest mode The test class depends on a working Kerberos configuration and session. Signed-off-by: Christian Heimes --- ipatests/test_ipapython/test_session_storage.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index e050869..1ae9f9c 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapython/test_session_storage.py @@ -5,9 +5,12 @@ """ Test the `session_storage.py` module. """ +import pytest + from ipapython import session_storage +@p
[Freeipa-devel] [freeipa PR#480][comment] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Hide request_type doc string in cert-request help MartinBasti commented: """ @Akasurde you are welcome """ See the full comment at https://github.com/freeipa/freeipa/pull/480#issuecomment-290680413 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers MartinBasti commented: """ Ah right the description hasn't been updated """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290678887 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#480][comment] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Hide request_type doc string in cert-request help Akasurde commented: """ @MartinBasti @frasertweedale @HonzaCholasta Thanks """ See the full comment at https://github.com/freeipa/freeipa/pull/480#issuecomment-290679480 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][edited] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: edited Changed field: body Original value: """ Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make patchcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Depends on - [X] #475 - [X] #587 - [X] #594 - [x] #636 - [ ] #670 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers MartinBasti commented: """ Needs rebase """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290679169 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#480][comment] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Hide request_type doc string in cert-request help MartinBasti commented: """ master: * a1bb442054936113369a88b49483e914664712e7 Hide request_type doc string in cert-request help ipa-4-5: * 535e8610c556ab1a0eb83e9798e7e182355d8396 Hide request_type doc string in cert-request help """ See the full comment at https://github.com/freeipa/freeipa/pull/480#issuecomment-290678419 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#480][closed] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Author: Akasurde Title: #480: Hide request_type doc string in cert-request help Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/480/head:pr480 git checkout pr480 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers MartinBasti commented: """ @stlaz why is this ACKed when it depends on #670 ? """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290678060 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers stlaz commented: """ @MartinBasti #670 was ACKed already and the commit was originally a part of this. """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290678477 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#480][+pushed] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Hide request_type doc string in cert-request help Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][closed] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Author: HonzaCholasta Title: #490: certdb: use certutil and match_hostname for cert verification Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/490/head:pr490 git checkout pr490 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][comment] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Title: #490: certdb: use certutil and match_hostname for cert verification MartinBasti commented: """ master: * 9183cf2a7505624235b255b1406702cdaa65bb38 certdb: use certutil and match_hostname for cert verification * 2b33230f669ca22d6948a4a351b4c92ba15222ab setup, pylint, spec file: drop python-nss dependency """ See the full comment at https://github.com/freeipa/freeipa/pull/490#issuecomment-290676024 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][+pushed] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Title: #490: certdb: use certutil and match_hostname for cert verification Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][comment] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Title: #621: Add --password-expiration to allow an admin to force a password change MartinBasti commented: """ master: * 274b0bcf5ff2408739d94ba1b1b4bca69f310dfc Add --password-expiration to allow admin to force user password expiration """ See the full comment at https://github.com/freeipa/freeipa/pull/621#issuecomment-290675831 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][+pushed] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Title: #621: Add --password-expiration to allow an admin to force a password change Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][closed] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Author: redhatrises Title: #621: Add --password-expiration to allow an admin to force a password change Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/621/head:pr621 git checkout pr621 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#670][closed] [Py3] session storage parameters must be bytes
URL: https://github.com/freeipa/freeipa/pull/670 Author: tiran Title: #670: [Py3] session storage parameters must be bytes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/670/head:pr670 git checkout pr670 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#670][comment] [Py3] session storage parameters must be bytes
URL: https://github.com/freeipa/freeipa/pull/670 Title: #670: [Py3] session storage parameters must be bytes MartinBasti commented: """ master: * d06315de6b1e951d6cce7d7d6495a32b44216274 session storage parameters must be bytes """ See the full comment at https://github.com/freeipa/freeipa/pull/670#issuecomment-290675650 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#670][+pushed] [Py3] session storage parameters must be bytes
URL: https://github.com/freeipa/freeipa/pull/670 Title: #670: [Py3] session storage parameters must be bytes Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#678][+pushed] ipa-ca-install man page: Add domain level 1 help
URL: https://github.com/freeipa/freeipa/pull/678 Title: #678: ipa-ca-install man page: Add domain level 1 help Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#678][comment] ipa-ca-install man page: Add domain level 1 help
URL: https://github.com/freeipa/freeipa/pull/678 Title: #678: ipa-ca-install man page: Add domain level 1 help MartinBasti commented: """ master: * b96a942cdca09496be9f911499036bee60084aee ipa-ca-install man page: Add domain level 1 help ipa-4-4: * 1734e143582843ef1d397a4929687b1068bdf413 ipa-ca-install man page: Add domain level 1 help ipa-4-5: * 262723b1be894e5d75cccdd92da838f544a3b222 ipa-ca-install man page: Add domain level 1 help """ See the full comment at https://github.com/freeipa/freeipa/pull/678#issuecomment-290675303 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#678][closed] ipa-ca-install man page: Add domain level 1 help
URL: https://github.com/freeipa/freeipa/pull/678 Author: flo-renaud Title: #678: ipa-ca-install man page: Add domain level 1 help Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/678/head:pr678 git checkout pr678 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers stlaz commented: """ Thanks, ACK. """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290673932 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][+ack] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers tiran commented: """ I split the changes to session storage tests into a separate commit. The other commit is in #670 """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-29066 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From 3d0cfecdece338b6aa711ef9716d8cb92b645a80 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH 1/2] Add make devcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make devcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes --- Makefile.am | 31 - configure.ac| 12 ++ ipapython/session_storage.py| 4 ++-- ipatests/test_ipapython/test_session_storage.py | 1 - 4 files changed, 44 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..efa8b73 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: devcheck +devcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..b006ccc 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for devcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 6af064c..1443413 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments): krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, ) krb5_free_unparsed_name.restype = None -CONF_REALM = "X-CACHECONF:" -CONF_NAME = "krb5_ccache_conf_data" +CONF_REALM = b"X-CACHECONF:" +CONF_NAME = b"krb5_ccache_conf_data" def store_data(princ_name, key, value): diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index a89fdd9..e050869 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapython/test_session_storage.py @@ -5,7 +5,6 @@ """ Test the `session_storage.py` module. """ - from ipapython import session_storage From 0d27dc17c669c0ee534773d79f59f639665154ba Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 31 Mar 2017 10:53:59 +0200 Subject: [PATCH 2/2] Skip test_session_storage in ipaclient unittes
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers stlaz commented: """ Whichever is ok with you, I don't mind if it's in the same PR if it is related to the same ticket. """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290655653 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers tiran commented: """ ```test_session_storage``` is not a unit test or functional test. It is an integration test that depends on a valid Kerberos configuration and session. Do you prefer a separate PR? """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290654739 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers stlaz commented: """ The changes to Makefile and configure.ac are just fine. I understand that changes in the `ipapython/session_storage.py` are done elsewhere so once that is pushed, we'll need a rebase. I don't see the explanation why we're disabling the test in `ipatests/test_ipapython/test_session_storage.py `, that might need a different commit? """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290651108 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][+ack] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Title: #490: certdb: use certutil and match_hostname for cert verification Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#678][+ack] ipa-ca-install man page: Add domain level 1 help
URL: https://github.com/freeipa/freeipa/pull/678 Title: #678: ipa-ca-install man page: Add domain level 1 help Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][comment] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Title: #621: Add --password-expiration to allow an admin to force a password change HonzaCholasta commented: """ Works for me. Thanks! """ See the full comment at https://github.com/freeipa/freeipa/pull/621#issuecomment-290635083 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][+ack] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Title: #621: Add --password-expiration to allow an admin to force a password change Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ Thanks @MartinBasti I rebased the PR and added a small workaround for ```dbus-python```. The package uses make to compile some of its internal dependencies. It looks like there is a bug in ```dbus-python```'s makefile. It sometimes fails to compile with my ```MAKEFLAGS=-j4``` env var. ```Makefile.am``` line 253 sets MAKEFLAGS to empty value for ```pip wheel```. """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290632826 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From 5ef4045c094d4cfbff216cb0282196273dc06d59 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH] Add make devcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make devcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes --- Makefile.am | 31 - configure.ac| 12 ++ ipapython/session_storage.py| 4 ++-- ipatests/test_ipapython/test_session_storage.py | 2 ++ 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..efa8b73 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: devcheck +devcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..0174320 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for patchcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 6af064c..1443413 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments): krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, ) krb5_free_unparsed_name.restype = None -CONF_REALM = "X-CACHECONF:" -CONF_NAME = "krb5_ccache_conf_data" +CONF_REALM = b"X-CACHECONF:" +CONF_NAME = b"krb5_ccache_conf_data" def store_data(princ_name, key, value): diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index a89fdd9..1ae9f9c 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapython/test_session_storage.py @@ -5,10 +5,12 @@ """ Test the `session_storage.py` module. """ +import pytest from ipapython import session_storage +@pytest.mark.skip_ipaclient_unittest class test_session_storage(object): """ Test the session storage interface -- Manage your subscription for the Freeipa-devel mailing li
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 From f41cdacbdf15808a66651761640847514a7f9027 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 15 Mar 2017 08:31:38 +0100 Subject: [PATCH] Add make devcheck for developers Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make devcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Signed-off-by: Christian Heimes --- Makefile.am | 31 - configure.ac| 12 ++ ipapython/session_storage.py| 4 ++-- ipatests/test_ipapython/test_session_storage.py | 2 ++ 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index af22315..efa8b73 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,35 @@ JSLINT_TARGET = jslint endif WITH_JSLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) +.PHONY: devcheck +devcheck: all +if ! WITH_POLINT + @echo "ERROR: polint not available"; exit 1 +endif +if ! WITH_PYLINT + @echo "ERROR: pylint not available"; exit 1 +endif +if ! WITH_JSLINT + @echo "ERROR: jslint not available"; exit 1 +endif +if ! WITH_PYTHON2 + @echo "ERROR: python2 not available"; exit 1 +endif + @ # run all linters, tests, and check with Python 2 + PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint +if WITH_PYTHON3 + @ # just tests and pylint on Python 3 + PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \ + --ipaclient-unittests + $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint +else + @echo "WARNING: python3 not available" +endif + @echo "All tests passed." + .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) @@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ - echo "Pylint is running, please wait ..."; \ + echo "Pylint on $(PYTHON) is running, please wait ..."; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ diff --git a/configure.ac b/configure.ac index f5c5270..b006ccc 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then fi dnl --- +dnl - Check for Python 2/3 for devcheck +dnl --- + +AC_PATH_PROG(PYTHON2, python2) +AC_SUBST([PYTHON2]) +AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"]) + +AC_PATH_PROG(PYTHON3, python3) +AC_SUBST([PYTHON3]) +AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"]) + +dnl --- dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/ dnl --- PKG_CHECK_EXISTS(cmocka, diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 6af064c..1443413 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments): krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, ) krb5_free_unparsed_name.restype = None -CONF_REALM = "X-CACHECONF:" -CONF_NAME = "krb5_ccache_conf_data" +CONF_REALM = b"X-CACHECONF:" +CONF_NAME = b"krb5_ccache_conf_data" def store_data(princ_name, key, value): diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py index a89fdd9..1ae9f9c 100644 --- a/ipatests/test_ipapython/test_session_storage.py +++ b/ipatests/test_ipapython/test_session_storage.py @@ -5,10 +5,12 @@ """ Test the `session_storage.py` module. """ +import pytest from ipapython import session_storage +@pytest.mark.skip_ipaclient_unittest class test_session_storage(object): """ Test the session storage interface -- Manage your subscription for the Freeipa-devel mailing list
[Freeipa-devel] [freeipa PR#593][edited] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: edited Changed field: body Original value: """ Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make patchcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Depends on - [X] #475 - [X] #587 - [X] #594 - [ ] #636 - [ ] #670 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code