Re: [Freeipa-devel] [PATCHES] from Debian

2015-10-22 Thread Martin Basti 



On 05.10.2015 15:08, Timo Aaltonen wrote:

Hi

   Here are a few prep patches to get off the list before getting to
discuss how to add Debian platform support..



ACK for patches 2, 3, 4

Pushed to master: ccae42bedae09d7380e38a67cc33f776ff9a953a

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCHES] from Debian

2015-10-06 Thread Martin Basti 



On 10/05/2015 05:46 PM, Martin Basti wrote:



On 10/05/2015 03:41 PM, Timo Aaltonen wrote:

On 05.10.2015 16:37, Martin Basti wrote:


On 10/05/2015 03:31 PM, Simo Sorce wrote:

On 05/10/15 09:08, Timo Aaltonen wrote:

 Hi

Here are a few prep patches to get off the list before getting to
discuss how to add Debian platform support..


LGTM.

Simo.



IMO this should be written in this way (I didn't test)

ipautil.run([paths.GENERATE_RNDC_KEY])

Yes you're right, here's an updated version.




ACK

Pushed to master: 7059117ec32bfad8ec802d472b0f7d2b6cb12d2a


Pushed to ipa-4-2: b8a2104fb55026275067bb3d8732dbf5612bb2e8

The elders of FreeIPA decided that this should go to ipa-4-2 too

https://fedorahosted.org/freeipa/ticket/5343

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCHES] from Debian

2015-10-05 Thread Martin Basti 



On 10/05/2015 04:44 PM, Timo Aaltonen wrote:

On 05.10.2015 16:08, Timo Aaltonen wrote:

Hi

   Here are a few prep patches to get off the list before getting to
discuss how to add Debian platform support..

Here's one more.






ACK

Pushed to master: 7c32ecaa0ebdfc879d6d2286974987b9fee7082e
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCHES] from Debian

2015-10-05 Thread Timo Aaltonen 

Hi

  Here are a few prep patches to get off the list before getting to
discuss how to add Debian platform support..
From 49f2158b4be10b3e82392eda55909f94ee581c1a Mon Sep 17 00:00:00 2001
From: Timo Aaltonen 
Date: Sat, 3 Oct 2015 11:40:15 +0300
Subject: [PATCH] paths: Add GENERATE_RNDC_KEY.

---
 ipaplatform/base/paths.py | 1 +
 ipaserver/install/bindinstance.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index a272143d0053451c017c0df613951cc0e6d52c54..0d2c4c17769ef643ba2d6c9991d910cf6e00858d 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -210,6 +210,7 @@ class BasePathNamespace(object):
 DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit"
 DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit"
 IPA_SERVER_GUARD = "/usr/libexec/certmonger/ipa-server-guard"
+GENERATE_RNDC_KEY = "/usr/libexec/generate-rndc-key.sh"
 IPA_DNSKEYSYNCD_REPLICA = "/usr/libexec/ipa/ipa-dnskeysync-replica"
 IPA_DNSKEYSYNCD = "/usr/libexec/ipa/ipa-dnskeysyncd"
 IPA_ODS_EXPORTER = "/usr/libexec/ipa/ipa-ods-exporter"
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 771f13b00e37a6bf510ff46fe880240c84356761..9a9ef1af8a7b1cf438994489c895aec37102547b 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -1002,7 +1002,7 @@ class BindInstance(service.Service):
 
 def __generate_rndc_key(self):
 installutils.check_entropy()
-ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
+ipautil.run(paths.GENERATE_RNDC_KEY)
 
 def add_master_dns_records(self, fqdn, ip_addresses, realm_name, domain_name,
reverse_zones, ntp=False, ca_configured=None):
-- 
2.5.0

From 9fc6a372c37d5fa0c514de49d262d26130b6bb5c Mon Sep 17 00:00:00 2001
From: Benjamin Drung 
Date: Mon, 5 Oct 2015 15:41:30 +0300
Subject: [PATCH] Fix hyphen-used-as-minus-sign warning (found by lintian)

See https://lintian.debian.org/tags/hyphen-used-as-minus-sign.html for
an explanation.
---
 install/tools/man/ipa-adtrust-install.1   | 2 +-
 install/tools/man/ipa-replica-conncheck.1 | 6 +++---
 install/tools/man/ipa-server-install.1| 2 +-
 ipatests/man/ipa-test-config.1| 4 ++--
 ipatests/man/ipa-test-task.1  | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1
index 2658f1957d1161963bf6af75e5a086a01b95c52f..06378b5983e55bb6c34971b0f5129246f9f14fd3 100644
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -117,7 +117,7 @@ The name of the user with administrative privileges for this IPA server. Default
 \fB\-a\fR, \fB\-\-admin\-password\fR=\fIpassword\fR
 The password of the user with administrative privileges for this IPA server. Will be asked interactively if \fB\-U\fR is not specified.
 .TP
-The credentials of the admin user will be used to obtain Kerberos ticket before configuring cross-realm trusts support and afterwards, to ensure that the ticket contains MS-PAC information required to actually add a trust with Active Directory domain via 'ipa trust-add --type=ad' command.
+The credentials of the admin user will be used to obtain Kerberos ticket before configuring cross-realm trusts support and afterwards, to ensure that the ticket contains MS-PAC information required to actually add a trust with Active Directory domain via 'ipa trust\-add \-\-type=ad' command.
 .TP
 \fB\-\-enable\-compat\fR
 Enables support for trusted domains users for old clients through Schema Compatibility plugin.
diff --git a/install/tools/man/ipa-replica-conncheck.1 b/install/tools/man/ipa-replica-conncheck.1
index 566322cf035bbb51d1ba8b14166a1b61375015da..e948d7919c772305ef2f0b5b7b50de2b908ff9e0 100644
--- a/install/tools/man/ipa-replica-conncheck.1
+++ b/install/tools/man/ipa-replica-conncheck.1
@@ -70,13 +70,13 @@ Output only errors
 
 .SH "EXAMPLES"
 .TP
-\fBipa-replica-conncheck -m master.example.com\fR
+\fBipa\-replica\-conncheck \-m master.example.com\fR
 Run a replica machine connection check against a remote master \fImaster.example.com\fR. If the connection to the remote master machine is successful the program will switch to listening mode and prompt for running the master machine part. The second part check the connection from master to replica.
 .TP
-\fBipa-replica-conncheck -R replica.example.com\fR
+\fBipa\-replica\-conncheck \-R replica.example.com\fR
 Run a master machine connection check part. This is either run automatically by replica part of the connection check program (when \fI-a\fR option is set) or manually by the user. A running ipa-replica-conncheck(1) in a listening mode must be already running on a replica

Re: [Freeipa-devel] [PATCHES] from Debian

2015-10-05 Thread Timo Aaltonen 
On 05.10.2015 16:37, Martin Basti wrote:
> 
> 
> On 10/05/2015 03:31 PM, Simo Sorce wrote:
>> On 05/10/15 09:08, Timo Aaltonen wrote:
>>>
>>> Hi
>>>
>>>Here are a few prep patches to get off the list before getting to
>>> discuss how to add Debian platform support..
>>>
>>
>> LGTM.
>>
>> Simo.
>>
>>
> 
> IMO this should be written in this way (I didn't test)
> 
> ipautil.run([paths.GENERATE_RNDC_KEY])

Yes you're right, here's an updated version.



-- 
t
From 49f2158b4be10b3e82392eda55909f94ee581c1a Mon Sep 17 00:00:00 2001
From: Timo Aaltonen 
Date: Sat, 3 Oct 2015 11:40:15 +0300
Subject: [PATCH] paths: Add GENERATE_RNDC_KEY.

---
 ipaplatform/base/paths.py | 1 +
 ipaserver/install/bindinstance.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index a272143d0053451c017c0df613951cc0e6d52c54..0d2c4c17769ef643ba2d6c9991d910cf6e00858d 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -210,6 +210,7 @@ class BasePathNamespace(object):
 DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit"
 DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit"
 IPA_SERVER_GUARD = "/usr/libexec/certmonger/ipa-server-guard"
+GENERATE_RNDC_KEY = "/usr/libexec/generate-rndc-key.sh"
 IPA_DNSKEYSYNCD_REPLICA = "/usr/libexec/ipa/ipa-dnskeysync-replica"
 IPA_DNSKEYSYNCD = "/usr/libexec/ipa/ipa-dnskeysyncd"
 IPA_ODS_EXPORTER = "/usr/libexec/ipa/ipa-ods-exporter"
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 771f13b00e37a6bf510ff46fe880240c84356761..9a9ef1af8a7b1cf438994489c895aec37102547b 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -1002,7 +1002,7 @@ class BindInstance(service.Service):
 
 def __generate_rndc_key(self):
 installutils.check_entropy()
-ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
+ipautil.run([paths.GENERATE_RNDC_KEY])
 
 def add_master_dns_records(self, fqdn, ip_addresses, realm_name, domain_name,
reverse_zones, ntp=False, ca_configured=None):
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCHES] from Debian

2015-10-05 Thread Simo Sorce 

On 05/10/15 09:08, Timo Aaltonen wrote:


Hi

   Here are a few prep patches to get off the list before getting to
discuss how to add Debian platform support..



LGTM.

Simo.


--
Simo Sorce * Red Hat, Inc * New York

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCHES] from Debian

2015-10-05 Thread Timo Aaltonen 
On 05.10.2015 16:08, Timo Aaltonen wrote:
> 
>   Hi
> 
>   Here are a few prep patches to get off the list before getting to
> discuss how to add Debian platform support..

Here's one more.



-- 
t
From 65df37b7b31c0689e452112130236c3fe43971a2 Mon Sep 17 00:00:00 2001
From: Timo Aaltonen 
Date: Mon, 5 Oct 2015 17:37:49 +0300
Subject: [PATCH] httpinstance: Replace a hardcoded path to password.conf with
 HTTPD_PASSWORD_CONF

---
 ipaserver/install/httpinstance.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 4269d3697c1fb17ddb4b3c69a1b41c51c9daf713..ee4853a3f9a8a42bd050fd8b208fc2419c323512 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -244,7 +244,7 @@ class HTTPInstance(service.Service):
 installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False)
 
 def __set_mod_nss_passwordfile(self):
-installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf')
+installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:' + paths.HTTPD_PASSWORD_CONF)
 
 def __add_include(self):
 """This should run after __set_mod_nss_port so is already backed up"""
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCHES] from Debian

2015-10-05 Thread Martin Basti 



On 10/05/2015 03:31 PM, Simo Sorce wrote:

On 05/10/15 09:08, Timo Aaltonen wrote:


Hi

   Here are a few prep patches to get off the list before getting to
discuss how to add Debian platform support..



LGTM.

Simo.




IMO this should be written in this way (I didn't test)

ipautil.run([paths.GENERATE_RNDC_KEY])

Martin


--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCHES] from Debian

2015-10-05 Thread Martin Basti 



On 10/05/2015 03:41 PM, Timo Aaltonen wrote:

On 05.10.2015 16:37, Martin Basti wrote:


On 10/05/2015 03:31 PM, Simo Sorce wrote:

On 05/10/15 09:08, Timo Aaltonen wrote:

 Hi

Here are a few prep patches to get off the list before getting to
discuss how to add Debian platform support..


LGTM.

Simo.



IMO this should be written in this way (I didn't test)

ipautil.run([paths.GENERATE_RNDC_KEY])

Yes you're right, here's an updated version.




ACK

Pushed to master: 7059117ec32bfad8ec802d472b0f7d2b6cb12d2a

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code