[Freeipa-devel] [freeipa PR#680][opened] ipa-otpd.socket.in: Use a platform specific value for KDC service file
URL: https://github.com/freeipa/freeipa/pull/680
Author: tjaalton
Title: #680: ipa-otpd.socket.in: Use a platform specific value for KDC service
file
Action: opened
PR body:
"""
https://pagure.io/freeipa/issue/6845
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/680/head:pr680
git checkout pr680
From d76c38b16f4b18bbbc554867f0bdc15f757dd483 Mon Sep 17 00:00:00 2001
From: Timo Aaltonen
Date: Sat, 1 Apr 2017 02:18:15 +0300
Subject: [PATCH] ipa-otpd.socket.in: Use a platform specific value for KDC
service file
https://pagure.io/freeipa/issue/6845
---
configure.ac| 2 ++
daemons/ipa-otpd/Makefile.am| 1 +
daemons/ipa-otpd/ipa-otpd.socket.in | 2 +-
server.m4 | 1 +
4 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index b006ccc..22faf43 100644
--- a/configure.ac
+++ b/configure.ac
@@ -330,11 +330,13 @@ AC_SUBST([IPAPLATFORM])
AC_MSG_RESULT([${IPAPLATFORM}])
if test "x${IPAPLATFORM}" == "xdebian"; then
+KRB5KDC_SERVICE="krb5-kdc.service"
NAMED_GROUP="bind"
ODS_USER="opendnssec"
# see https://www.debian.org/doc/packaging-manuals/python-policy/ap-packaging_tools.html
PYTHON_INSTALL_EXTRA_OPTIONS="--install-layout=deb"
else
+KRB5KDC_SERVICE="krb5kdc.service"
NAMED_GROUP="named"
ODS_USER="ods"
PYTHON_INSTALL_EXTRA_OPTIONS=""
diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am
index 9ba6237..923e16e 100644
--- a/daemons/ipa-otpd/Makefile.am
+++ b/daemons/ipa-otpd/Makefile.am
@@ -11,6 +11,7 @@ ipa_otpd_SOURCES = bind.c forward.c main.c parse.c query.c queue.c stdio.c
%.socket: %.socket.in
@sed -e 's|@krb5rundir[@]|$(krb5rundir)|g' \
+ -e 's|@KRB5KDC_SERVICE[@]|$(KRB5KDC_SERVICE)|g' \
-e 's|@UNLINK[@]|@UNLINK@|g' \
$< > $@
diff --git a/daemons/ipa-otpd/ipa-otpd.socket.in b/daemons/ipa-otpd/ipa-otpd.socket.in
index e98a73f..b27530c 100644
--- a/daemons/ipa-otpd/ipa-otpd.socket.in
+++ b/daemons/ipa-otpd/ipa-otpd.socket.in
@@ -8,4 +8,4 @@ SocketMode=0600
Accept=true
[Install]
-WantedBy=krb5kdc.service
+WantedBy=@KRB5KDC_SERVICE@
diff --git a/server.m4 b/server.m4
index 346d73e..40f85a6 100644
--- a/server.m4
+++ b/server.m4
@@ -53,6 +53,7 @@ KRAD_LIBS="-lkrad"
krb5rundir="${localstatedir}/run/krb5kdc"
AC_SUBST(KRAD_LIBS)
AC_SUBST(krb5rundir)
+AC_SUBST([KRB5KDC_SERVICE])
dnl ---
dnl - Check for UUID library
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#679][opened] Make sure remote hosts have our keys
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: opened
PR body:
"""
In complex replication setups a replica may try to obtain CA keys from a
host that is not the master we initially create the keys against.
In this case race conditions may happen due to replication. So we need
to make sure the server we are contacting to get the CA keys has our
keys in LDAP. We do this by waiting to positively fetch our encryption
public key (the last one we create) from the target host LDAP server.
Fixes: https://pagure.io/freeipa/issue/6688
Signed-off-by: Simo Sorce
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From f51e478fb79cda153a6d0483369f0159088423fb Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Fri, 31 Mar 2017 11:22:45 -0400
Subject: [PATCH] Make sure remote hosts have our keys
In complex replication setups a replica may try to obtain CA keys from a
host that is not the master we initially create the keys against.
In this case race conditions may happen due to replication. So we need
to make sure the server we are contacting to get the CA keys has our
keys in LDAP. We do this by waiting to positively fetch our encryption
public key (the last one we create) from the target host LDAP server.
Fixes: https://pagure.io/freeipa/issue/6688
Signed-off-by: Simo Sorce
---
ipaserver/install/custodiainstance.py | 27 +--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index 6a61392..4d6e7ba 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -1,15 +1,17 @@
# Copyright (C) 2015 FreeIPa Project Contributors, see 'COPYING' for license.
-from ipaserver.secrets.kem import IPAKEMKeys
+from custodia.message.kem import KEY_USAGE_ENC
+from ipaserver.secrets.kem import IPAKEMKeys, KEMLdap
from ipaserver.secrets.client import CustodiaClient
from ipaplatform.paths import paths
from ipaplatform.constants import constants
from ipaserver.install.service import SimpleServiceInstance
-from ipapython import ipautil
+from ipapython import ipautil, ipaldap
from ipapython.ipa_log_manager import root_logger
from ipapython.certdb import NSSDatabase
from ipaserver.install import installutils
from ipaserver.install import ldapupdate
+from ipaserver.install import replication
from ipaserver.install import sysupgrade
from base64 import b64decode
from jwcrypto.common import json_decode
@@ -18,6 +20,7 @@
import os
import stat
import tempfile
+import time
import pwd
@@ -122,6 +125,22 @@ def import_dm_password(self, master_host_name):
cli = self.__CustodiaClient(server=master_host_name)
cli.fetch_key('dm/DMHash')
+def __wait_keys(self, host, timeout=300):
+ldap_uri = 'ldap://%s' % host
+principal = 'host/%s@%s' % (self.fqdn, self.realm)
+deadline = int(time.time()) + timeout
+
+result = None
+konn = KEMLdap(ldap_uri)
+while True:
+try:
+konn.get_key(KEY_USAGE_ENC, principal)
+return
+except Exception as e:
+if int(time.time()) > deadline:
+raise e
+time.sleep(1)
+
def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data):
# Fecth all needed certs one by one, then combine them in a single
# p12 file
@@ -129,6 +148,10 @@ def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data):
prefix = data['prefix']
certlist = data['list']
+# Before we attempt to fetch keys from this host, make sure our public
+# keys have been replicated there.
+sel.__wait_keys(ca_host)
+
cli = self.__CustodiaClient(server=ca_host)
# Temporary nssdb
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ I haven't tested this yet ... but what could possibily go wrong? :-) """ See the full comment at https://github.com/freeipa/freeipa/pull/679#issuecomment-290762100 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From f2835bfcef51e10f05aa1f699e0a79206c55e554 Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Fri, 31 Mar 2017 11:22:45 -0400
Subject: [PATCH] Make sure remote hosts have our keys
In complex replication setups a replica may try to obtain CA keys from a
host that is not the master we initially create the keys against.
In this case race conditions may happen due to replication. So we need
to make sure the server we are contacting to get the CA keys has our
keys in LDAP. We do this by waiting to positively fetch our encryption
public key (the last one we create) from the target host LDAP server.
Fixes: https://pagure.io/freeipa/issue/6688
Signed-off-by: Simo Sorce
---
ipaserver/install/custodiainstance.py | 29 +++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index 6a61392..f560172 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -1,15 +1,17 @@
# Copyright (C) 2015 FreeIPa Project Contributors, see 'COPYING' for license.
-from ipaserver.secrets.kem import IPAKEMKeys
+from custodia.message.kem import KEY_USAGE_ENC
+from ipaserver.secrets.kem import IPAKEMKeys, KEMLdap
from ipaserver.secrets.client import CustodiaClient
from ipaplatform.paths import paths
from ipaplatform.constants import constants
from ipaserver.install.service import SimpleServiceInstance
-from ipapython import ipautil
+from ipapython import ipautil, ipaldap
from ipapython.ipa_log_manager import root_logger
from ipapython.certdb import NSSDatabase
from ipaserver.install import installutils
from ipaserver.install import ldapupdate
+from ipaserver.install import replication
from ipaserver.install import sysupgrade
from base64 import b64decode
from jwcrypto.common import json_decode
@@ -18,6 +20,7 @@
import os
import stat
import tempfile
+import time
import pwd
@@ -122,6 +125,24 @@ def import_dm_password(self, master_host_name):
cli = self.__CustodiaClient(server=master_host_name)
cli.fetch_key('dm/DMHash')
+def __wait_keys(self, host, timeout=300):
+ldap_uri = 'ldap://%s' % host
+principal = 'host/%s@%s' % (self.fqdn, self.realm)
+deadline = int(time.time()) + timeout
+root_logger.info("Waiting up to {} seconds to see our keys "
+ "appear on host: {}".format(timeout, host))
+
+result = None
+konn = KEMLdap(ldap_uri)
+while True:
+try:
+konn.get_key(KEY_USAGE_ENC, principal)
+return
+except Exception:
+if int(time.time()) > deadline:
+raise
+time.sleep(1)
+
def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data):
# Fecth all needed certs one by one, then combine them in a single
# p12 file
@@ -129,6 +150,10 @@ def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data):
prefix = data['prefix']
certlist = data['list']
+# Before we attempt to fetch keys from this host, make sure our public
+# keys have been replicated there.
+sel.__wait_keys(ca_host)
+
cli = self.__CustodiaClient(server=ca_host)
# Temporary nssdb
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From cefe3dfb81d0a78072fa03c14e6265c261bae162 Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Fri, 31 Mar 2017 11:22:45 -0400
Subject: [PATCH] Make sure remote hosts have our keys
In complex replication setups a replica may try to obtain CA keys from a
host that is not the master we initially create the keys against.
In this case race conditions may happen due to replication. So we need
to make sure the server we are contacting to get the CA keys has our
keys in LDAP. We do this by waiting to positively fetch our encryption
public key (the last one we create) from the target host LDAP server.
Fixes: https://pagure.io/freeipa/issue/6688
Signed-off-by: Simo Sorce
---
ipaserver/install/custodiainstance.py | 28 ++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index 6a61392..38035b4 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -1,15 +1,17 @@
# Copyright (C) 2015 FreeIPa Project Contributors, see 'COPYING' for license.
-from ipaserver.secrets.kem import IPAKEMKeys
+from custodia.message.kem import KEY_USAGE_ENC
+from ipaserver.secrets.kem import IPAKEMKeys, KEMLdap
from ipaserver.secrets.client import CustodiaClient
from ipaplatform.paths import paths
from ipaplatform.constants import constants
from ipaserver.install.service import SimpleServiceInstance
-from ipapython import ipautil
+from ipapython import ipautil, ipaldap
from ipapython.ipa_log_manager import root_logger
from ipapython.certdb import NSSDatabase
from ipaserver.install import installutils
from ipaserver.install import ldapupdate
+from ipaserver.install import replication
from ipaserver.install import sysupgrade
from base64 import b64decode
from jwcrypto.common import json_decode
@@ -18,6 +20,7 @@
import os
import stat
import tempfile
+import time
import pwd
@@ -122,6 +125,23 @@ def import_dm_password(self, master_host_name):
cli = self.__CustodiaClient(server=master_host_name)
cli.fetch_key('dm/DMHash')
+def __wait_keys(self, host, timeout=300):
+ldap_uri = 'ldap://%s' % host
+principal = 'host/%s@%s' % (self.fqdn, self.realm)
+deadline = int(time.time()) + timeout
+root_logger.info("Waiting to see our keys appear on %s".format(host))
+
+result = None
+konn = KEMLdap(ldap_uri)
+while True:
+try:
+konn.get_key(KEY_USAGE_ENC, principal)
+return
+except Exception:
+if int(time.time()) > deadline:
+raise
+time.sleep(1)
+
def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data):
# Fecth all needed certs one by one, then combine them in a single
# p12 file
@@ -129,6 +149,10 @@ def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data):
prefix = data['prefix']
certlist = data['list']
+# Before we attempt to fetch keys from this host, make sure our public
+# keys have been replicated there.
+sel.__wait_keys(ca_host)
+
cli = self.__CustodiaClient(server=ca_host)
# Temporary nssdb
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] [WIP] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618
Author: tiran
Title: #618: [WIP] Tox testing support for client wheel packages
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/618/head:pr618
git checkout pr618
From 3b4c9f34c7c5617e2f6dcaac9501072a9fc2880c Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Thu, 17 Nov 2016 16:43:17 +0100
Subject: [PATCH] tox testing support for client wheel packages
Signed-off-by: Christian Heimes
---
.gitignore | 2 ++
.tox-install.sh | 72
Makefile.am | 14 +++---
configure.ac | 1 +
ipatests/conftest.py | 5 ++--
tox.ini | 38 +++
6 files changed, 126 insertions(+), 6 deletions(-)
create mode 100755 .tox-install.sh
create mode 100644 tox.ini
diff --git a/.gitignore b/.gitignore
index 8941fd8..8b57dbc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -61,6 +61,8 @@ freeipa2-dev-doc
# Root directory
/freeipa.spec
/dist/
+/.tox/
+/.cache/
/*/dist/
/RELEASE
/rpmbuild/
diff --git a/.tox-install.sh b/.tox-install.sh
new file mode 100755
index 000..ab4a4c5
--- /dev/null
+++ b/.tox-install.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+set -x
+
+PYTHON="$1"
+ENVSITEPACKAGESDIR="$2"
+# 3...end are package requirements
+shift 2
+
+TOXINIDIR="$(cd "$(dirname "$0")" && pwd)"
+
+# sanity checks
+if [ ! -x "${PYTHON}" ]; then
+echo "${PYTHON}: no such executable"
+exit 1
+fi
+
+if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then
+echo "${ENVSITEPACKAGESDIR}: no such directory"
+exit 2
+fi
+
+if [ ! -f "${TOXINIDIR}/tox.ini" ]; then
+echo "${TOXINIDIR}: no such directory"
+exit 3
+fi
+
+# https://pip.pypa.io/en/stable/user_guide/#environment-variables
+export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache"
+mkdir -p "${PIP_CACHE_DIR}"
+
+DISTBUNDLE="${TOXINIDIR}/dist/bundle"
+mkdir -p "${DISTBUNDLE}"
+
+# create configure
+pushd "${TOXINIDIR}"
+if [ ! -f "configure" ]; then
+autoreconf -i -f
+fi
+# (re)create Makefile
+./configure --disable-server
+popd
+
+# copy pylint plugin
+cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}"
+
+# build packages and bundles
+make -C "${TOXINIDIR}" \
+PYTHON="${PYTHON}" \
+IPA_EXTRA_SUBDIRS="ipatests" \
+wheel_bundle
+
+# chdir to prevent local .egg-info from messing up pip
+pushd "${ENVSITEPACKAGESDIR}"
+
+# build additional wheels, e.g. pylint
+$PYTHON -m pip wheel \
+--disable-pip-version-check \
+--constraint "${TOXINIDIR}/.wheelconstraints" \
+--find-links "${DISTBUNDLE}" \
+--wheel-dir "${DISTBUNDLE}" \
+$@
+
+# Install packages with dist/bundle/ as extra source for wheels while ignoring
+# upstream Python Package Index.
+$PYTHON -m pip install \
+--no-index \
+--disable-pip-version-check \
+--constraint "${TOXINIDIR}/.wheelconstraints" \
+--find-links "${DISTBUNDLE}" \
+$@
+
+popd
diff --git a/Makefile.am b/Makefile.am
index efa8b73..d1bb12c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \
clean-local:
rm -rf "$(RPMBUILD)"
rm -rf "$(top_builddir)/dist"
+ rm -rf "$(top_builddir)/.tox"
rm -rf "$(top_srcdir)/__pycache__"
rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz
@@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py
-path './freeipa-*' -prune -o \
-path './dist' -prune -o \
-path './pypi' -prune -o \
+ -path './.tox' -prune -o \
-name '.*' -o \
-name '*.in' -o \
-name '*~' -o \
@@ -252,7 +254,10 @@ jslint-html:
jsl -nologo -nosummary -nofilelisting -conf jsl.conf
endif # WITH_JSLINT
-.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages
+# Python wheels
+# IPA_EXTRA_SUBDIRS: extra subdirs to build wheels (e.g. ipatests)
+
+.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages
WHEELDISTDIR = $(top_builddir)/dist/wheels
WHEELBUNDLEDIR = $(top_builddir)/dist/bundle
@@ -263,19 +268,20 @@ $(WHEELBUNDLEDIR):
mkdir -p $(WHEELBUNDLEDIR)
bdist_wheel: $(WHEELDISTDIR)
- for dir in $(IPACLIENT_SUBDIRS); do \
+ rm -f $(foreach item,$(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS),$(WHEELDISTDIR)/$(item)-*.whl)
+ for dir in $(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS); do \
$(MAKE) $(AM_MAKEFLAGS) -C $${dir} $@ || exit 1; \
done
wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints
- rm -f $(foreach item,$(IPACLIENT_SUBDIRS),$(WHEELBUNDLEDIR)/$(item)-*.whl)
+ rm -f $(foreach item,$(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS),$(WHEELBUNDLEDIR)/$(item)-*.whl)
$(PYTHON) -m pip wheel \
--disable-pip-version-check \
--constraint .wheelconstraints \
--find-links $(WHEELDISTDIR) \
--find-links $(WHEELBUNDLEDIR) \
--wheel-dir $(WHEELBUNDLEDIR) \
- $(IPACLIENT_SUBDIRS)
+ $(IPACLIENT_SUBDIRS) $(IPA_EXTRA_SUBDIRS)
wheel_placeholder: $(WHEELDISTDIR)
for dir in $(IPA_PLACEHOLDERS); do \
diff --git a/configure.a
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ @MartinBasti ```dbus-devel``` is in the ```with_wheels``` section. Documentation is part of https://pagure.io/freeipa/issue/6842 . """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290727605 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][synchronized] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397
Author: tiran
Title: #397: Improve wheel building and provide ipaserver wheel for local
testing
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/397/head:pr397
git checkout pr397
From 6419040e0bcf726232f30c4020fbea9bb9e10376 Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Tue, 17 Jan 2017 08:49:54 +0100
Subject: [PATCH 1/3] Conditionally import pyhbac
The pyhbac module is part of SSSD. It's not available as stand-alone
PyPI package. It would take a lot of effort to package it because the
code is deeply tight into SSSD.
Let's follow the example of other SSSD Python packages and make the
import of pyhbac conditionally. It's only necessary for caacl and
hbactest plugins.
I renamed convert_to_ipa_rule() to _convert_to_ipa_rule() because it
does not check for presence of pyhbac package itself. The check is
performed earlier in execute(). The prefix indicates that it is an
internal function and developers have to think twice before using it
in another place.
This makes it much easier to install ipaserver with instrumented build
of Python with a different ABI or in isolated virtual envs to profile
and debug the server.
Signed-off-by: Christian Heimes
---
ipaserver/plugins/caacl.py| 86 -
ipaserver/plugins/cert.py | 90 ++-
ipaserver/plugins/hbactest.py | 19 +++--
3 files changed, 105 insertions(+), 90 deletions(-)
diff --git a/ipaserver/plugins/caacl.py b/ipaserver/plugins/caacl.py
index ff1178a..43a397d 100644
--- a/ipaserver/plugins/caacl.py
+++ b/ipaserver/plugins/caacl.py
@@ -2,12 +2,10 @@
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
-import pyhbac
import six
from ipalib import api, errors, output
from ipalib import Bool, Str, StrEnum
-from ipalib.constants import IPA_CA_CN
from ipalib.plugable import Registry
from .baseldap import (
LDAPObject, LDAPSearch, LDAPCreate, LDAPDelete, LDAPQuery,
@@ -80,90 +78,6 @@
register = Registry()
-def _acl_make_request(principal_type, principal, ca_id, profile_id):
-"""Construct HBAC request for the given principal, CA and profile"""
-
-req = pyhbac.HbacRequest()
-req.targethost.name = ca_id
-req.service.name = profile_id
-if principal_type == 'user':
-req.user.name = principal.username
-elif principal_type == 'host':
-req.user.name = principal.hostname
-elif principal_type == 'service':
-req.user.name = unicode(principal)
-groups = []
-if principal_type == 'user':
-user_obj = api.Command.user_show(principal.username)['result']
-groups = user_obj.get('memberof_group', [])
-groups += user_obj.get('memberofindirect_group', [])
-elif principal_type == 'host':
-host_obj = api.Command.host_show(principal.hostname)['result']
-groups = host_obj.get('memberof_hostgroup', [])
-groups += host_obj.get('memberofindirect_hostgroup', [])
-req.user.groups = sorted(set(groups))
-return req
-
-
-def _acl_make_rule(principal_type, obj):
-"""Turn CA ACL object into HBAC rule.
-
-``principal_type``
-String in {'user', 'host', 'service'}
-"""
-rule = pyhbac.HbacRule(obj['cn'][0])
-rule.enabled = obj['ipaenabledflag'][0]
-rule.srchosts.category = {pyhbac.HBAC_CATEGORY_ALL}
-
-# add CA(s)
-if 'ipacacategory' in obj and obj['ipacacategory'][0].lower() == 'all':
-rule.targethosts.category = {pyhbac.HBAC_CATEGORY_ALL}
-else:
-# For compatibility with pre-lightweight-CAs CA ACLs,
-# no CA members implies the host authority (only)
-rule.targethosts.names = obj.get('ipamemberca_ca', [IPA_CA_CN])
-
-# add profiles
-if ('ipacertprofilecategory' in obj
-and obj['ipacertprofilecategory'][0].lower() == 'all'):
-rule.services.category = {pyhbac.HBAC_CATEGORY_ALL}
-else:
-attr = 'ipamembercertprofile_certprofile'
-rule.services.names = obj.get(attr, [])
-
-# add principals and principal's groups
-category_attr = '{}category'.format(principal_type)
-if category_attr in obj and obj[category_attr][0].lower() == 'all':
-rule.users.category = {pyhbac.HBAC_CATEGORY_ALL}
-else:
-if principal_type == 'user':
-rule.users.names = obj.get('memberuser_user', [])
-rule.users.groups = obj.get('memberuser_group', [])
-elif principal_type == 'host':
-rule.users.names = obj.get('memberhost_host', [])
-rule.users.groups = obj.get('memberhost_hostgroup', [])
-elif principal_type == 'service':
-rule.users.names = [
-unicode(principal)
-for principal in obj.get('memberservice_service', [])
-]
-
-return rule
-
-
-def acl_evaluate(principal, ca_id, p
[Freeipa-devel] [freeipa PR#675][synchronized] [WIP] Fix PKCS11 helper
URL: https://github.com/freeipa/freeipa/pull/675
Author: MartinBasti
Title: #675: [WIP] Fix PKCS11 helper
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/675/head:pr675
git checkout pr675
From 81d4ff3c579c7b3181f0736619fecd85838604a7 Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Wed, 29 Mar 2017 18:53:11 +0200
Subject: [PATCH] Fix PKCS11 helper
Slots in HSM are not assigned statically, we have to chose proper
slot from token label.
Softhsm i2.2.0 changed this behavior and now slots can change over
time (it is allowed by pkcs11 standard).
Changelog:
* created method get_slot() that returns slot number from
used label
* replaces usage of slot in __init__ method of P11_Helper
with label
* slot is dynamically detected from token label before
session is opened
* pkcs11-util --init-token now uses '--free' instead '--slot'
which uses first free slot (we don't care about slot numbers
anymore)
https://pagure.io/freeipa/issue/6692
---
ipalib/constants.py | 2 +
ipaserver/install/dnskeysyncinstance.py | 8 +--
ipaserver/install/opendnssecinstance.py | 7 ++-
ipaserver/p11helper.py | 93 +
4 files changed, 93 insertions(+), 17 deletions(-)
diff --git a/ipalib/constants.py b/ipalib/constants.py
index f8a194c..e604bb4 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -313,3 +313,5 @@
'.cache'
)
)
+
+SOFTHSM_DNSSEC_TOKEN_LABEL = u'ipaDNSSEC'
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 861a170..8817f25 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -23,9 +23,9 @@
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipalib import errors, api
+from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL
from ipaserver.install.bindinstance import dns_container_exists
-softhsm_token_label = u'ipaDNSSEC'
softhsm_slot = 0
replica_keylabel_template = u"dnssec-replica:%s"
@@ -254,8 +254,8 @@ def __setup_softhsm(self):
command = [
paths.SOFTHSM2_UTIL,
'--init-token',
-'--slot', str(softhsm_slot),
-'--label', softhsm_token_label,
+'--free', # use random free slot
+'--label', SOFTHSM_DNSSEC_TOKEN_LABEL,
'--pin', pin,
'--so-pin', pin_so,
]
@@ -274,7 +274,7 @@ def __setup_replica_keys(self):
pin = f.read()
os.environ["SOFTHSM2_CONF"] = paths.DNSSEC_SOFTHSM2_CONF
-p11 = _ipap11helper.P11_Helper(softhsm_slot, pin, paths.LIBSOFTHSM2_SO)
+p11 = _ipap11helper.P11_Helper(SOFTHSM_DNSSEC_TOKEN_LABEL, pin, paths.LIBSOFTHSM2_SO)
try:
# generate replica keypair
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 467f1f0..2af4d29 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -20,10 +20,9 @@
from ipaplatform.paths import paths
from ipalib import errors, api
from ipaserver import p11helper
-from ipaserver.install import dnskeysyncinstance
+from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL
KEYMASTER = u'dnssecKeyMaster'
-softhsm_slot = 0
def get_dnssec_key_masters(conn):
@@ -68,7 +67,7 @@ def __init__(self, fstore=None):
self.ods_gid = None
self.conf_file_dict = {
'SOFTHSM_LIB': paths.LIBSOFTHSM2_SO,
-'TOKEN_LABEL': dnskeysyncinstance.softhsm_token_label,
+'TOKEN_LABEL': SOFTHSM_DNSSEC_TOKEN_LABEL,
'KASP_DB': paths.OPENDNSSEC_KASP_DB,
'ODS_USER': constants.ODS_USER,
'ODS_GROUP': constants.ODS_GROUP,
@@ -237,7 +236,7 @@ def __generate_master_key(self):
pin = f.read()
os.environ["SOFTHSM2_CONF"] = paths.DNSSEC_SOFTHSM2_CONF
-p11 = p11helper.P11_Helper(softhsm_slot, pin, paths.LIBSOFTHSM2_SO)
+p11 = p11helper.P11_Helper(SOFTHSM_DNSSEC_TOKEN_LABEL, pin, paths.LIBSOFTHSM2_SO)
try:
# generate master key
root_logger.debug("Creating master key")
diff --git a/ipaserver/p11helper.py b/ipaserver/p11helper.py
index 5963c6d..9b9557a 100644
--- a/ipaserver/p11helper.py
+++ b/ipaserver/p11helper.py
@@ -30,6 +30,7 @@
};
typedef unsigned long CK_SLOT_ID;
+typedef CK_SLOT_ID *CK_SLOT_ID_PTR;
typedef unsigned long CK_SESSION_HANDLE;
@@ -43,6 +44,13 @@
typedef unsigned long CK_ATTRIBUTE_TYPE;
+typedef unsigned long ck_flags_t;
+
+typedef unsigned char CK_BBOOL;
+
+typedef unsigned long int CK_ULONG;
+typedef CK_ULONG *CK_ULONG_PTR;
+
struct _CK_ATTRIBUTE
{
CK_ATTRIBUTE_TYPE type;
@@ -59,6 +67,31 @@
unsigned long ulParameterLen;
};
+struct _CK_TOKEN_INFO
+{
+ unsigned char label[32];
+ unsigned char manufacturer_id[32];
[Freeipa-devel] [freeipa PR#593][+pushed] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][closed] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/593/head:pr593 git checkout pr593 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers MartinBasti commented: """ master: * e357133fd7b276ccabfe1896ee948f2bb3541d94 Add make devcheck for developers * 6c092c24b2bfbba0a3f263d88f7a0dbf83f24869 Skip test_session_storage in ipaclient unittest mode ipa-4-5: * 89ab24f1fbb58feb603d60503c685ebad41a4237 Add make devcheck for developers * c80adf6e0d16f807f90479660af22540cd92d774 Skip test_session_storage in ipaclient unittest mode """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290691783 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing MartinBasti commented: """ So put it into specfile to `with_wheels` section """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290691425 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing MartinBasti commented: """ And document in `BUILD.txt` how to build wheels """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290691545 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ You need dbus-devel package. I opened https://pagure.io/freeipa/issue/6842 to track lack of documentation. """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290689299 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397
Title: #397: Improve wheel building and provide ipaserver wheel for local
testing
MartinBasti commented:
"""
Build failed:
```
make wheel_bundle IPA_SERVER_WHEELS=1
...
checking for DBUS... no
configure: error: Package requirements (dbus-1 >= 1.6) were not met:
No package 'dbus-1' found
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables DBUS_CFLAGS
and DBUS_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-build-l97uxR/dbus-python/setup.py", line 106, in
'build_ext': BuildExt,
File "/usr/lib64/python2.7/distutils/core.py", line 151, in setup
dist.run_commands()
File "/usr/lib64/python2.7/distutils/dist.py", line 953, in run_commands
self.run_command(cmd)
File "/usr/lib64/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
File "/usr/lib/python2.7/site-packages/wheel/bdist_wheel.py", line 199, in
run
self.run_command('build')
File "/usr/lib64/python2.7/distutils/cmd.py", line 326, in run_command
self.distribution.run_command(command)
File "/usr/lib64/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
File "/tmp/pip-build-l97uxR/dbus-python/setup.py", line 62, in run
cwd=builddir)
File "/usr/lib64/python2.7/subprocess.py", line 186, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command
'['/tmp/pip-build-l97uxR/dbus-python/configure', '--disable-maintainer-mode',
'PYTHON=/usr/bin/python',
'--prefix=/tmp/pip-build-l97uxR/dbus-python/build/temp.linux-x86_64-2.7/prefix']'
returned non-zero exit status 1
Failed building wheel for dbus-python
Running setup.py clean for dbus-python
Running setup.py bdist_wheel for MarkupSafe ... done
Stored in directory: /tmp/freeipa/dist/bundle
Running setup.py bdist_wheel for pycparser ... done
Stored in directory: /tmp/freeipa/dist/bundle
Running setup.py bdist_wheel for configparser ... done
Stored in directory: /tmp/freeipa/dist/bundle
Successfully built cryptography python-yubico pyusb python-nss pyldap netifaces
gssapi MarkupSafe pycparser configparser
Failed to build dbus-python
ERROR: Failed to build one or more wheels
Makefile:1222: recipe for target 'wheel_bundle' failed
```
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/397#issuecomment-290682068
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make devcheck for developers
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From 0e12da497bed19bf28151a284f097bc0f230cdd6 Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Wed, 15 Mar 2017 08:31:38 +0100
Subject: [PATCH 1/2] Add make devcheck for developers
Ticket 6604 makes pylint and jsl optional dependencies. The change
is controversal, because some developers prefer that pylint and jsl
should be required unless explicitly disabled.
`make devcheck` is my answer to address the concerns. It's a superior
solution to `make lint` as pre-commit check. It combines several
additional checks under a single, easy rememberable and convenient make
target:
* build all
* acilint, apiclient, jslint, polint
* make check
* pylint under Python 2 and 3
* subset of unit test suite
https://fedorahosted.org/freeipa/ticket/6604
Signed-off-by: Christian Heimes
---
Makefile.am | 31 -
configure.ac| 12 ++
ipatests/test_ipapython/test_session_storage.py | 1 -
3 files changed, 42 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index af22315..efa8b73 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -152,6 +152,35 @@ JSLINT_TARGET = jslint
endif WITH_JSLINT
lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET)
+.PHONY: devcheck
+devcheck: all
+if ! WITH_POLINT
+ @echo "ERROR: polint not available"; exit 1
+endif
+if ! WITH_PYLINT
+ @echo "ERROR: pylint not available"; exit 1
+endif
+if ! WITH_JSLINT
+ @echo "ERROR: jslint not available"; exit 1
+endif
+if ! WITH_PYTHON2
+ @echo "ERROR: python2 not available"; exit 1
+endif
+ @ # run all linters, tests, and check with Python 2
+ PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \
+ --ipaclient-unittests
+ $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check
+ $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint
+if WITH_PYTHON3
+ @ # just tests and pylint on Python 3
+ PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \
+ --ipaclient-unittests
+ $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint
+else
+ @echo "WARNING: python3 not available"
+endif
+ @echo "All tests passed."
+
.PHONY: $(top_builddir)/ipapython/version.py
$(top_builddir)/ipapython/version.py:
(cd $(top_builddir)/ipapython && make version.py)
@@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py
-name '*~' -o \
-name '*.py' -print -o \
-type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \
- echo "Pylint is running, please wait ..."; \
+ echo "Pylint on $(PYTHON) is running, please wait ..."; \
PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \
--rcfile=$(top_srcdir)/pylintrc \
--load-plugins pylint_plugins \
diff --git a/configure.ac b/configure.ac
index f5c5270..b006ccc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then
fi
dnl ---
+dnl - Check for Python 2/3 for devcheck
+dnl ---
+
+AC_PATH_PROG(PYTHON2, python2)
+AC_SUBST([PYTHON2])
+AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"])
+
+AC_PATH_PROG(PYTHON3, python3)
+AC_SUBST([PYTHON3])
+AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"])
+
+dnl ---
dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/
dnl ---
PKG_CHECK_EXISTS(cmocka,
diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py
index a89fdd9..e050869 100644
--- a/ipatests/test_ipapython/test_session_storage.py
+++ b/ipatests/test_ipapython/test_session_storage.py
@@ -5,7 +5,6 @@
"""
Test the `session_storage.py` module.
"""
-
from ipapython import session_storage
From 9ab173e5428bb0e0c6a6d536a1e178a10ff34997 Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Fri, 31 Mar 2017 10:53:59 +0200
Subject: [PATCH 2/2] Skip test_session_storage in ipaclient unittest mode
The test class depends on a working Kerberos configuration and session.
Signed-off-by: Christian Heimes
---
ipatests/test_ipapython/test_session_storage.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py
index e050869..1ae9f9c 100644
--- a/ipatests/test_ipapython/test_session_storage.py
+++ b/ipatests/test_ipapython/test_session_storage.py
@@ -5,9 +5,12 @@
"""
Test the `session_storage.py` module.
"""
+import pytest
+
from ipapython import session_storage
+@p
[Freeipa-devel] [freeipa PR#480][comment] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Hide request_type doc string in cert-request help MartinBasti commented: """ @Akasurde you are welcome """ See the full comment at https://github.com/freeipa/freeipa/pull/480#issuecomment-290680413 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers MartinBasti commented: """ Ah right the description hasn't been updated """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290678887 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#480][comment] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Hide request_type doc string in cert-request help Akasurde commented: """ @MartinBasti @frasertweedale @HonzaCholasta Thanks """ See the full comment at https://github.com/freeipa/freeipa/pull/480#issuecomment-290679480 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][edited] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: edited Changed field: body Original value: """ Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make patchcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Depends on - [X] #475 - [X] #587 - [X] #594 - [x] #636 - [ ] #670 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers MartinBasti commented: """ Needs rebase """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290679169 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#480][comment] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Hide request_type doc string in cert-request help MartinBasti commented: """ master: * a1bb442054936113369a88b49483e914664712e7 Hide request_type doc string in cert-request help ipa-4-5: * 535e8610c556ab1a0eb83e9798e7e182355d8396 Hide request_type doc string in cert-request help """ See the full comment at https://github.com/freeipa/freeipa/pull/480#issuecomment-290678419 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#480][closed] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Author: Akasurde Title: #480: Hide request_type doc string in cert-request help Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/480/head:pr480 git checkout pr480 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers MartinBasti commented: """ @stlaz why is this ACKed when it depends on #670 ? """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290678060 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers stlaz commented: """ @MartinBasti #670 was ACKed already and the commit was originally a part of this. """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290678477 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#480][+pushed] Hide request_type doc string in cert-request help
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Hide request_type doc string in cert-request help Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][closed] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Author: HonzaCholasta Title: #490: certdb: use certutil and match_hostname for cert verification Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/490/head:pr490 git checkout pr490 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][comment] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Title: #490: certdb: use certutil and match_hostname for cert verification MartinBasti commented: """ master: * 9183cf2a7505624235b255b1406702cdaa65bb38 certdb: use certutil and match_hostname for cert verification * 2b33230f669ca22d6948a4a351b4c92ba15222ab setup, pylint, spec file: drop python-nss dependency """ See the full comment at https://github.com/freeipa/freeipa/pull/490#issuecomment-290676024 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][+pushed] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Title: #490: certdb: use certutil and match_hostname for cert verification Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][comment] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Title: #621: Add --password-expiration to allow an admin to force a password change MartinBasti commented: """ master: * 274b0bcf5ff2408739d94ba1b1b4bca69f310dfc Add --password-expiration to allow admin to force user password expiration """ See the full comment at https://github.com/freeipa/freeipa/pull/621#issuecomment-290675831 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][+pushed] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Title: #621: Add --password-expiration to allow an admin to force a password change Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][closed] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Author: redhatrises Title: #621: Add --password-expiration to allow an admin to force a password change Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/621/head:pr621 git checkout pr621 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#670][closed] [Py3] session storage parameters must be bytes
URL: https://github.com/freeipa/freeipa/pull/670 Author: tiran Title: #670: [Py3] session storage parameters must be bytes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/670/head:pr670 git checkout pr670 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#670][comment] [Py3] session storage parameters must be bytes
URL: https://github.com/freeipa/freeipa/pull/670 Title: #670: [Py3] session storage parameters must be bytes MartinBasti commented: """ master: * d06315de6b1e951d6cce7d7d6495a32b44216274 session storage parameters must be bytes """ See the full comment at https://github.com/freeipa/freeipa/pull/670#issuecomment-290675650 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#670][+pushed] [Py3] session storage parameters must be bytes
URL: https://github.com/freeipa/freeipa/pull/670 Title: #670: [Py3] session storage parameters must be bytes Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#678][+pushed] ipa-ca-install man page: Add domain level 1 help
URL: https://github.com/freeipa/freeipa/pull/678 Title: #678: ipa-ca-install man page: Add domain level 1 help Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#678][comment] ipa-ca-install man page: Add domain level 1 help
URL: https://github.com/freeipa/freeipa/pull/678 Title: #678: ipa-ca-install man page: Add domain level 1 help MartinBasti commented: """ master: * b96a942cdca09496be9f911499036bee60084aee ipa-ca-install man page: Add domain level 1 help ipa-4-4: * 1734e143582843ef1d397a4929687b1068bdf413 ipa-ca-install man page: Add domain level 1 help ipa-4-5: * 262723b1be894e5d75cccdd92da838f544a3b222 ipa-ca-install man page: Add domain level 1 help """ See the full comment at https://github.com/freeipa/freeipa/pull/678#issuecomment-290675303 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#678][closed] ipa-ca-install man page: Add domain level 1 help
URL: https://github.com/freeipa/freeipa/pull/678 Author: flo-renaud Title: #678: ipa-ca-install man page: Add domain level 1 help Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/678/head:pr678 git checkout pr678 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers stlaz commented: """ Thanks, ACK. """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290673932 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][+ack] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers tiran commented: """ I split the changes to session storage tests into a separate commit. The other commit is in #670 """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-29066 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make devcheck for developers
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From 3d0cfecdece338b6aa711ef9716d8cb92b645a80 Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Wed, 15 Mar 2017 08:31:38 +0100
Subject: [PATCH 1/2] Add make devcheck for developers
Ticket 6604 makes pylint and jsl optional dependencies. The change
is controversal, because some developers prefer that pylint and jsl
should be required unless explicitly disabled.
`make devcheck` is my answer to address the concerns. It's a superior
solution to `make lint` as pre-commit check. It combines several
additional checks under a single, easy rememberable and convenient make
target:
* build all
* acilint, apiclient, jslint, polint
* make check
* pylint under Python 2 and 3
* subset of unit test suite
https://fedorahosted.org/freeipa/ticket/6604
Signed-off-by: Christian Heimes
---
Makefile.am | 31 -
configure.ac| 12 ++
ipapython/session_storage.py| 4 ++--
ipatests/test_ipapython/test_session_storage.py | 1 -
4 files changed, 44 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index af22315..efa8b73 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -152,6 +152,35 @@ JSLINT_TARGET = jslint
endif WITH_JSLINT
lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET)
+.PHONY: devcheck
+devcheck: all
+if ! WITH_POLINT
+ @echo "ERROR: polint not available"; exit 1
+endif
+if ! WITH_PYLINT
+ @echo "ERROR: pylint not available"; exit 1
+endif
+if ! WITH_JSLINT
+ @echo "ERROR: jslint not available"; exit 1
+endif
+if ! WITH_PYTHON2
+ @echo "ERROR: python2 not available"; exit 1
+endif
+ @ # run all linters, tests, and check with Python 2
+ PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \
+ --ipaclient-unittests
+ $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check
+ $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint
+if WITH_PYTHON3
+ @ # just tests and pylint on Python 3
+ PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \
+ --ipaclient-unittests
+ $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint
+else
+ @echo "WARNING: python3 not available"
+endif
+ @echo "All tests passed."
+
.PHONY: $(top_builddir)/ipapython/version.py
$(top_builddir)/ipapython/version.py:
(cd $(top_builddir)/ipapython && make version.py)
@@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py
-name '*~' -o \
-name '*.py' -print -o \
-type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \
- echo "Pylint is running, please wait ..."; \
+ echo "Pylint on $(PYTHON) is running, please wait ..."; \
PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \
--rcfile=$(top_srcdir)/pylintrc \
--load-plugins pylint_plugins \
diff --git a/configure.ac b/configure.ac
index f5c5270..b006ccc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then
fi
dnl ---
+dnl - Check for Python 2/3 for devcheck
+dnl ---
+
+AC_PATH_PROG(PYTHON2, python2)
+AC_SUBST([PYTHON2])
+AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"])
+
+AC_PATH_PROG(PYTHON3, python3)
+AC_SUBST([PYTHON3])
+AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"])
+
+dnl ---
dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/
dnl ---
PKG_CHECK_EXISTS(cmocka,
diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 6af064c..1443413 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments):
krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, )
krb5_free_unparsed_name.restype = None
-CONF_REALM = "X-CACHECONF:"
-CONF_NAME = "krb5_ccache_conf_data"
+CONF_REALM = b"X-CACHECONF:"
+CONF_NAME = b"krb5_ccache_conf_data"
def store_data(princ_name, key, value):
diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py
index a89fdd9..e050869 100644
--- a/ipatests/test_ipapython/test_session_storage.py
+++ b/ipatests/test_ipapython/test_session_storage.py
@@ -5,7 +5,6 @@
"""
Test the `session_storage.py` module.
"""
-
from ipapython import session_storage
From 0d27dc17c669c0ee534773d79f59f639665154ba Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Fri, 31 Mar 2017 10:53:59 +0200
Subject: [PATCH 2/2] Skip test_session_storage in ipaclient unittes
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers stlaz commented: """ Whichever is ok with you, I don't mind if it's in the same PR if it is related to the same ticket. """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290655653 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers tiran commented: """ ```test_session_storage``` is not a unit test or functional test. It is an integration test that depends on a valid Kerberos configuration and session. Do you prefer a separate PR? """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290654739 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][comment] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Title: #593: Add make devcheck for developers stlaz commented: """ The changes to Makefile and configure.ac are just fine. I understand that changes in the `ipapython/session_storage.py` are done elsewhere so once that is pushed, we'll need a rebase. I don't see the explanation why we're disabling the test in `ipatests/test_ipapython/test_session_storage.py `, that might need a different commit? """ See the full comment at https://github.com/freeipa/freeipa/pull/593#issuecomment-290651108 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#490][+ack] certdb: use certutil and match_hostname for cert verification
URL: https://github.com/freeipa/freeipa/pull/490 Title: #490: certdb: use certutil and match_hostname for cert verification Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#678][+ack] ipa-ca-install man page: Add domain level 1 help
URL: https://github.com/freeipa/freeipa/pull/678 Title: #678: ipa-ca-install man page: Add domain level 1 help Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][comment] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Title: #621: Add --password-expiration to allow an admin to force a password change HonzaCholasta commented: """ Works for me. Thanks! """ See the full comment at https://github.com/freeipa/freeipa/pull/621#issuecomment-290635083 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#621][+ack] Add --password-expiration to allow an admin to force a password change
URL: https://github.com/freeipa/freeipa/pull/621 Title: #621: Add --password-expiration to allow an admin to force a password change Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ Thanks @MartinBasti I rebased the PR and added a small workaround for ```dbus-python```. The package uses make to compile some of its internal dependencies. It looks like there is a bug in ```dbus-python```'s makefile. It sometimes fails to compile with my ```MAKEFLAGS=-j4``` env var. ```Makefile.am``` line 253 sets MAKEFLAGS to empty value for ```pip wheel```. """ See the full comment at https://github.com/freeipa/freeipa/pull/397#issuecomment-290632826 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make devcheck for developers
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From 5ef4045c094d4cfbff216cb0282196273dc06d59 Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Wed, 15 Mar 2017 08:31:38 +0100
Subject: [PATCH] Add make devcheck for developers
Ticket 6604 makes pylint and jsl optional dependencies. The change
is controversal, because some developers prefer that pylint and jsl
should be required unless explicitly disabled.
`make devcheck` is my answer to address the concerns. It's a superior
solution to `make lint` as pre-commit check. It combines several
additional checks under a single, easy rememberable and convenient make
target:
* build all
* acilint, apiclient, jslint, polint
* make check
* pylint under Python 2 and 3
* subset of unit test suite
https://fedorahosted.org/freeipa/ticket/6604
Signed-off-by: Christian Heimes
---
Makefile.am | 31 -
configure.ac| 12 ++
ipapython/session_storage.py| 4 ++--
ipatests/test_ipapython/test_session_storage.py | 2 ++
4 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index af22315..efa8b73 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -152,6 +152,35 @@ JSLINT_TARGET = jslint
endif WITH_JSLINT
lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET)
+.PHONY: devcheck
+devcheck: all
+if ! WITH_POLINT
+ @echo "ERROR: polint not available"; exit 1
+endif
+if ! WITH_PYLINT
+ @echo "ERROR: pylint not available"; exit 1
+endif
+if ! WITH_JSLINT
+ @echo "ERROR: jslint not available"; exit 1
+endif
+if ! WITH_PYTHON2
+ @echo "ERROR: python2 not available"; exit 1
+endif
+ @ # run all linters, tests, and check with Python 2
+ PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \
+ --ipaclient-unittests
+ $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check
+ $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint
+if WITH_PYTHON3
+ @ # just tests and pylint on Python 3
+ PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \
+ --ipaclient-unittests
+ $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint
+else
+ @echo "WARNING: python3 not available"
+endif
+ @echo "All tests passed."
+
.PHONY: $(top_builddir)/ipapython/version.py
$(top_builddir)/ipapython/version.py:
(cd $(top_builddir)/ipapython && make version.py)
@@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py
-name '*~' -o \
-name '*.py' -print -o \
-type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \
- echo "Pylint is running, please wait ..."; \
+ echo "Pylint on $(PYTHON) is running, please wait ..."; \
PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \
--rcfile=$(top_srcdir)/pylintrc \
--load-plugins pylint_plugins \
diff --git a/configure.ac b/configure.ac
index f5c5270..0174320 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then
fi
dnl ---
+dnl - Check for Python 2/3 for patchcheck
+dnl ---
+
+AC_PATH_PROG(PYTHON2, python2)
+AC_SUBST([PYTHON2])
+AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"])
+
+AC_PATH_PROG(PYTHON3, python3)
+AC_SUBST([PYTHON3])
+AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"])
+
+dnl ---
dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/
dnl ---
PKG_CHECK_EXISTS(cmocka,
diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 6af064c..1443413 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments):
krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, )
krb5_free_unparsed_name.restype = None
-CONF_REALM = "X-CACHECONF:"
-CONF_NAME = "krb5_ccache_conf_data"
+CONF_REALM = b"X-CACHECONF:"
+CONF_NAME = b"krb5_ccache_conf_data"
def store_data(princ_name, key, value):
diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py
index a89fdd9..1ae9f9c 100644
--- a/ipatests/test_ipapython/test_session_storage.py
+++ b/ipatests/test_ipapython/test_session_storage.py
@@ -5,10 +5,12 @@
"""
Test the `session_storage.py` module.
"""
+import pytest
from ipapython import session_storage
+@pytest.mark.skip_ipaclient_unittest
class test_session_storage(object):
"""
Test the session storage interface
--
Manage your subscription for the Freeipa-devel mailing li
[Freeipa-devel] [freeipa PR#593][synchronized] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593
Author: tiran
Title: #593: Add make devcheck for developers
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/593/head:pr593
git checkout pr593
From f41cdacbdf15808a66651761640847514a7f9027 Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Wed, 15 Mar 2017 08:31:38 +0100
Subject: [PATCH] Add make devcheck for developers
Ticket 6604 makes pylint and jsl optional dependencies. The change
is controversal, because some developers prefer that pylint and jsl
should be required unless explicitly disabled.
`make devcheck` is my answer to address the concerns. It's a superior
solution to `make lint` as pre-commit check. It combines several
additional checks under a single, easy rememberable and convenient make
target:
* build all
* acilint, apiclient, jslint, polint
* make check
* pylint under Python 2 and 3
* subset of unit test suite
https://fedorahosted.org/freeipa/ticket/6604
Signed-off-by: Christian Heimes
---
Makefile.am | 31 -
configure.ac| 12 ++
ipapython/session_storage.py| 4 ++--
ipatests/test_ipapython/test_session_storage.py | 2 ++
4 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index af22315..efa8b73 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -152,6 +152,35 @@ JSLINT_TARGET = jslint
endif WITH_JSLINT
lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET)
+.PHONY: devcheck
+devcheck: all
+if ! WITH_POLINT
+ @echo "ERROR: polint not available"; exit 1
+endif
+if ! WITH_PYLINT
+ @echo "ERROR: pylint not available"; exit 1
+endif
+if ! WITH_JSLINT
+ @echo "ERROR: jslint not available"; exit 1
+endif
+if ! WITH_PYTHON2
+ @echo "ERROR: python2 not available"; exit 1
+endif
+ @ # run all linters, tests, and check with Python 2
+ PYTHONPATH=$(top_srcdir) $(PYTHON2) ipatests/ipa-run-tests \
+ --ipaclient-unittests
+ $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check
+ $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint
+if WITH_PYTHON3
+ @ # just tests and pylint on Python 3
+ PYTHONPATH=$(top_srcdir) $(PYTHON3) ipatests/ipa-run-tests \
+ --ipaclient-unittests
+ $(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint
+else
+ @echo "WARNING: python3 not available"
+endif
+ @echo "All tests passed."
+
.PHONY: $(top_builddir)/ipapython/version.py
$(top_builddir)/ipapython/version.py:
(cd $(top_builddir)/ipapython && make version.py)
@@ -188,7 +217,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py
-name '*~' -o \
-name '*.py' -print -o \
-type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \
- echo "Pylint is running, please wait ..."; \
+ echo "Pylint on $(PYTHON) is running, please wait ..."; \
PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \
--rcfile=$(top_srcdir)/pylintrc \
--load-plugins pylint_plugins \
diff --git a/configure.ac b/configure.ac
index f5c5270..b006ccc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,6 +111,18 @@ if test "x$PYTHON" = "x" ; then
fi
dnl ---
+dnl - Check for Python 2/3 for devcheck
+dnl ---
+
+AC_PATH_PROG(PYTHON2, python2)
+AC_SUBST([PYTHON2])
+AM_CONDITIONAL([WITH_PYTHON2], [test "x${PYTHON2}" != "x"])
+
+AC_PATH_PROG(PYTHON3, python3)
+AC_SUBST([PYTHON3])
+AM_CONDITIONAL([WITH_PYTHON3], [test "x${PYTHON3}" != "x"])
+
+dnl ---
dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/
dnl ---
PKG_CHECK_EXISTS(cmocka,
diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 6af064c..1443413 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -214,8 +214,8 @@ def krb5_errcheck(result, func, arguments):
krb5_free_unparsed_name.argtypes = (krb5_context, ctypes.c_char_p, )
krb5_free_unparsed_name.restype = None
-CONF_REALM = "X-CACHECONF:"
-CONF_NAME = "krb5_ccache_conf_data"
+CONF_REALM = b"X-CACHECONF:"
+CONF_NAME = b"krb5_ccache_conf_data"
def store_data(princ_name, key, value):
diff --git a/ipatests/test_ipapython/test_session_storage.py b/ipatests/test_ipapython/test_session_storage.py
index a89fdd9..1ae9f9c 100644
--- a/ipatests/test_ipapython/test_session_storage.py
+++ b/ipatests/test_ipapython/test_session_storage.py
@@ -5,10 +5,12 @@
"""
Test the `session_storage.py` module.
"""
+import pytest
from ipapython import session_storage
+@pytest.mark.skip_ipaclient_unittest
class test_session_storage(object):
"""
Test the session storage interface
--
Manage your subscription for the Freeipa-devel mailing list
[Freeipa-devel] [freeipa PR#593][edited] Add make devcheck for developers
URL: https://github.com/freeipa/freeipa/pull/593 Author: tiran Title: #593: Add make devcheck for developers Action: edited Changed field: body Original value: """ Ticket 6604 makes pylint and jsl optional dependencies. The change is controversal, because some developers prefer that pylint and jsl should be required unless explicitly disabled. `make patchcheck` is my answer to address the concerns. It's a superior solution to `make lint` as pre-commit check. It combines several additional checks under a single, easy rememberable and convenient make target: * build all * acilint, apiclient, jslint, polint * make check * pylint under Python 2 and 3 * subset of unit test suite https://fedorahosted.org/freeipa/ticket/6604 Depends on - [X] #475 - [X] #587 - [X] #594 - [ ] #636 - [ ] #670 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
