[SSSD] [sssd PR#943][+Changes requested] files_ops: Fix cached password remove
URL: https://github.com/SSSD/sssd/pull/943 Title: #943: files_ops: Fix cached password remove Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#943][comment] files_ops: Fix cached password remove
URL: https://github.com/SSSD/sssd/pull/943 Title: #943: files_ops: Fix cached password remove alexey-tikhonov commented: """ Hi @elkoniu, For some reason CI currently fails to compile your branch. I guess rebase is required. Would you please rebase your PR on current master? """ See the full comment at https://github.com/SSSD/sssd/pull/943#issuecomment-559820590 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#944][comment] 1.16: backport recent sudo improvements
URL: https://github.com/SSSD/sssd/pull/944 Title: #944: 1.16: backport recent sudo improvements mzidek-rh commented: """ I will do some sanity testing before ACKing as not all the changes here are covered by the integration tests in 1.16. Assigning to myself for now. """ See the full comment at https://github.com/SSSD/sssd/pull/944#issuecomment-559813939 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#947][comment] tests: fix race conditions in integration tests
URL: https://github.com/SSSD/sssd/pull/947 Title: #947: tests: fix race conditions in integration tests pbrezina commented: """ Works. Let try another run. """ See the full comment at https://github.com/SSSD/sssd/pull/947#issuecomment-559811981 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#946][+Accepted] INI: sssctl config-check giving the wrong message
URL: https://github.com/SSSD/sssd/pull/946 Title: #946: INI: sssctl config-check giving the wrong message Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#946][-Waiting for review] INI: sssctl config-check giving the wrong message
URL: https://github.com/SSSD/sssd/pull/946 Title: #946: INI: sssctl config-check giving the wrong message Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#946][comment] INI: sssctl config-check giving the wrong message
URL: https://github.com/SSSD/sssd/pull/946 Title: #946: INI: sssctl config-check giving the wrong message mzidek-rh commented: """ ACK. """ See the full comment at https://github.com/SSSD/sssd/pull/946#issuecomment-559803241 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#947][synchronized] tests: fix race conditions in integration tests
URL: https://github.com/SSSD/sssd/pull/947 Author: pbrezina Title: #947: tests: fix race conditions in integration tests Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/947/head:pr947 git checkout pr947 From 51047ea6694f71fb1b9d2d42435c0f9684c1ea91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 26 Nov 2019 12:26:32 +0100 Subject: [PATCH 1/2] tests: fix race confition in files provider tests Lets give files provider more time to load changes from files to avoid race condition failures. The files provider tests works like this: 1. File is changed 2. inotify callback is triggered in SSSD 3. Cache is updated 4. Assertions are done This sleep is supposed to eliminated race condition between step 1 and 2 so tests do not continue before inotify callback had a chance to kick in. One second was not enough in some slow virtual environments where the test non-deterministicly failed (SSSD is starting, doing some initial tasks, so it is possible that inotify callback is delayed a little bit). Three seconds is a hopefully safe random value. --- src/tests/intg/test_files_provider.py | 16 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py index 9f3aad9949..795adf5551 100644 --- a/src/tests/intg/test_files_provider.py +++ b/src/tests/intg/test_files_provider.py @@ -451,7 +451,11 @@ def user_generator(seqnum): shell='/bin/bash') -def check_user(exp_user, delay=1.0): +def check_user(exp_user, delay=3.0): +# We need to delay the flow a little bit to ensure that inotify callback +# in SSSD had a chance to fire. One second was sometimes not enough +# on some slow virtual environments. Three seconds is large hopefully +# safe random value as there is nothing else we can do here. if delay > 0: time.sleep(delay) @@ -466,7 +470,11 @@ def group_generator(seqnum): mem=[]) -def check_group(exp_group, delay=1.0): +def check_group(exp_group, delay=3.0): +# We need to delay the flow a little bit to ensure that inotify callback +# in SSSD had a chance to fire. One second was sometimes not enough +# on some slow virtual environments. Three seconds is large hopefully +# safe random value as there is nothing else we can do here. if delay > 0: time.sleep(delay) @@ -475,7 +483,7 @@ def check_group(exp_group, delay=1.0): assert found_group == exp_group -def check_group_by_gid(exp_group, delay=1.0): +def check_group_by_gid(exp_group, delay=3.0): if delay > 0: time.sleep(delay) @@ -779,7 +787,7 @@ def test_add_remove_add_file_group(setup_gr_with_canary, files_domain_only): check_group(GROUP1) setup_gr_with_canary.groupdel(GROUP1["name"]) -time.sleep(1) +time.sleep(3) res, group = call_sssd_getgrnam(GROUP1["name"]) assert res == NssReturnCode.NOTFOUND From 04aa621eb68bdf304195da59ac253a8a5c00c967 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 9 Aug 2017 07:59:41 +0200 Subject: [PATCH 2/2] INTG: Increase the sleep() time so the changes are reflected on SSSD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Those tests have been failing a lot recently and it does happen becase the time to reflect the changes on SSSD is not enough for the machine where the tests are running. There's no reasonable explanation in the code why 4 seconds is used as INTERACTIVE_TIMEOUT, neither a reasonable explanation why 2 seconds is used as the time waited in order to have those changes reflected on SSSD (neither in the code nor in the commit messages). This patch uses the most simple empiric way to determine a better value for this timeout, which was "run the tests a considerable amount of time and check that there were no failures". So, in order to avoid failures and our tests giving us more reliable information, let's give more time so the changes are reflected on SSSD. Resolves: https://pagure.io/SSSD/sssd/issue/3463 Signed-off-by: Fabiano FidĂȘncio --- src/tests/intg/test_enumeration.py | 19 ++- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/tests/intg/test_enumeration.py b/src/tests/intg/test_enumeration.py index c105c6df02..c25588a566 100644 --- a/src/tests/intg/test_enumeration.py +++ b/src/tests/intg/test_enumeration.py @@ -33,6 +33,15 @@ from util import * LDAP_BASE_DN = "dc=example,dc=com" + +# There is no explation neither in the code nor in the commit message that +# introduced this timeout why 4 was chosen as value. The very same happens +# with respect to why the time we should wait in order to have the changes +# reflected on SSSD is INTERACTIVE_TIMEOUT/2. +# Having INTERACTIVE_TIMEOUT/2 has been causing a lot of failures in some of +# our CI tests, so
[SSSD] [sssd PR#947][comment] tests: fix race conditions in integration tests
URL: https://github.com/SSSD/sssd/pull/947 Title: #947: tests: fix race conditions in integration tests pbrezina commented: """ Ok, lets try it with Fabiano's patch. """ See the full comment at https://github.com/SSSD/sssd/pull/947#issuecomment-559772175 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#947][comment] tests: fix race conditions in integration tests
URL: https://github.com/SSSD/sssd/pull/947 Title: #947: tests: fix race conditions in integration tests alexey-tikhonov commented: """ > pbrezina force-pushed the pbrezina:fixtests Looks like change of the value of this `/2` timeout is what actually fixes race. And this is exactly the approach that was used in #345... """ See the full comment at https://github.com/SSSD/sssd/pull/947#issuecomment-559767389 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#941][comment] ipa: add failover to access checks and override lookups
URL: https://github.com/SSSD/sssd/pull/941 Title: #941: ipa: add failover to access checks and override lookups pbrezina commented: """ * `sssd-1-16` * 4897063996b624b71823e61c73916f47832f103a - ipa: add failover to override lookups * a4dd1eb5087c2f8a3a9133f42efa025221edc1c9 - ipa: add failover to access checks """ See the full comment at https://github.com/SSSD/sssd/pull/941#issuecomment-559757037 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#941][closed] ipa: add failover to access checks and override lookups
URL: https://github.com/SSSD/sssd/pull/941 Author: sumit-bose Title: #941: ipa: add failover to access checks and override lookups Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/941/head:pr941 git checkout pr941 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#941][comment] ipa: add failover to access checks and override lookups
URL: https://github.com/SSSD/sssd/pull/941 Title: #941: ipa: add failover to access checks and override lookups pbrezina commented: """ * `master` * 707fdf0406644de08cfb7f59fa4eec393be5c62a - ipa: add failover to access checks * b9a53cfca91c9db51b1e32ac2cb0965db3ccf05b - ipa: add failover to override lookups """ See the full comment at https://github.com/SSSD/sssd/pull/941#issuecomment-559741783 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#941][+Pushed] ipa: add failover to access checks and override lookups
URL: https://github.com/SSSD/sssd/pull/941 Title: #941: ipa: add failover to access checks and override lookups Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#941][-Accepted] ipa: add failover to access checks and override lookups
URL: https://github.com/SSSD/sssd/pull/941 Title: #941: ipa: add failover to access checks and override lookups Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#941][-Ready to push] ipa: add failover to access checks and override lookups
URL: https://github.com/SSSD/sssd/pull/941 Title: #941: ipa: add failover to access checks and override lookups Label: -Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#945][closed] p11_child: add 'soft_ocsp' and 'soft_crl options
URL: https://github.com/SSSD/sssd/pull/945 Author: sumit-bose Title: #945: p11_child: add 'soft_ocsp' and 'soft_crl options Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/945/head:pr945 git checkout pr945 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#945][-Ready to push] p11_child: add 'soft_ocsp' and 'soft_crl options
URL: https://github.com/SSSD/sssd/pull/945 Title: #945: p11_child: add 'soft_ocsp' and 'soft_crl options Label: -Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#945][-Accepted] p11_child: add 'soft_ocsp' and 'soft_crl options
URL: https://github.com/SSSD/sssd/pull/945 Title: #945: p11_child: add 'soft_ocsp' and 'soft_crl options Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#945][comment] p11_child: add 'soft_ocsp' and 'soft_crl options
URL: https://github.com/SSSD/sssd/pull/945 Title: #945: p11_child: add 'soft_ocsp' and 'soft_crl options pbrezina commented: """ * `master` * 389e2eeb0169113bd83e924c4e5a23633d1c47b6 - p11_child: add 'soft_ocsp' and 'soft_crl options """ See the full comment at https://github.com/SSSD/sssd/pull/945#issuecomment-559741459 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#945][+Pushed] p11_child: add 'soft_ocsp' and 'soft_crl options
URL: https://github.com/SSSD/sssd/pull/945 Title: #945: p11_child: add 'soft_ocsp' and 'soft_crl options Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#948][-Ready to push] Proper zeroization of sensitive data
URL: https://github.com/SSSD/sssd/pull/948 Title: #948: Proper zeroization of sensitive data Label: -Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#948][+Pushed] Proper zeroization of sensitive data
URL: https://github.com/SSSD/sssd/pull/948 Title: #948: Proper zeroization of sensitive data Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#948][-Accepted] Proper zeroization of sensitive data
URL: https://github.com/SSSD/sssd/pull/948 Title: #948: Proper zeroization of sensitive data Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#948][closed] Proper zeroization of sensitive data
URL: https://github.com/SSSD/sssd/pull/948 Author: alexey-tikhonov Title: #948: Proper zeroization of sensitive data Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/948/head:pr948 git checkout pr948 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#948][comment] Proper zeroization of sensitive data
URL: https://github.com/SSSD/sssd/pull/948 Title: #948: Proper zeroization of sensitive data pbrezina commented: """ * `master` * 0a6fdec57fe90682f6ca9ce1047a3456a06b3c42 - LDAP: proper handling of master password * 109c21ef6630b9b91856cab6806f8f2d88f257e4 - util/authtok: set destructor in sss_authtok_new() * ad1ae003e34d90840fc5e010fa0d6f002cb82933 - db/sysdb_ops: proper zeroization of sensitive data * 275e062b22e829fadb38bdaadb16fe4ab23357bc - util/sha512_crypt_r: proper zeroization of sensitive data * 1f667ea3d3f4074cc7a43e4b39f10dd767227172 - util/sha512_crypt_r: removed misleading comments * 78127eaeee25bf6f6a9777f231de116f49d744e5 - util/sha512_crypt_r: got rid of redundant mem align * be7f7312700512101a489778a01c11078d58fdad - util: fixed potential mem leak in s3crypt_gen_salt() * 0165ef119a90def13bb1b5be3f4bbf7c552ceb61 - tools/sss_seed: proper zeroization of sensitive data * f2245b53b402025712e32db03dbf9e46d753bd8b - util/memory: helper(s) to securely erase mem was reworked * b72c4fa8a26e4ef8fbc98b15cd98bf59fe3293de - util/memory: sanitization """ See the full comment at https://github.com/SSSD/sssd/pull/948#issuecomment-559740872 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#949][-Ready to push] ssh: apply certificate matching rules
URL: https://github.com/SSSD/sssd/pull/949 Title: #949: ssh: apply certificate matching rules Label: -Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#949][closed] ssh: apply certificate matching rules
URL: https://github.com/SSSD/sssd/pull/949 Author: sumit-bose Title: #949: ssh: apply certificate matching rules Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/949/head:pr949 git checkout pr949 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#949][comment] ssh: apply certificate matching rules
URL: https://github.com/SSSD/sssd/pull/949 Title: #949: ssh: apply certificate matching rules pbrezina commented: """ * `master` * 31ebf912d6426aea446b2bdae919d4e33b0c95be - p11_child: allow verification with no_verification option * 30d0ccd4943111fef754a39b415b4537d25c73e0 - ssh: enable p11_child logging * d2da89098a465a1c5045f04481920b937d80a0fb - ssh: add option ssh_use_certificate_matching_rules * 1a6b6c928abdeaf891432aa10613cdd6dc59e4e8 - ssh: apply certificate matching rules * 02d86b2a72e6e4aec0e41d89e984b45bf40f4780 - ssh: add ssh_use_certificate_keys option to config checks """ See the full comment at https://github.com/SSSD/sssd/pull/949#issuecomment-559740265 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#949][-Accepted] ssh: apply certificate matching rules
URL: https://github.com/SSSD/sssd/pull/949 Title: #949: ssh: apply certificate matching rules Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#949][+Pushed] ssh: apply certificate matching rules
URL: https://github.com/SSSD/sssd/pull/949 Title: #949: ssh: apply certificate matching rules Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#941][+Ready to push] ipa: add failover to access checks and override lookups
URL: https://github.com/SSSD/sssd/pull/941 Title: #941: ipa: add failover to access checks and override lookups Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#945][+Ready to push] p11_child: add 'soft_ocsp' and 'soft_crl options
URL: https://github.com/SSSD/sssd/pull/945 Title: #945: p11_child: add 'soft_ocsp' and 'soft_crl options Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#948][+Ready to push] Proper zeroization of sensitive data
URL: https://github.com/SSSD/sssd/pull/948 Title: #948: Proper zeroization of sensitive data Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#949][+Ready to push] ssh: apply certificate matching rules
URL: https://github.com/SSSD/sssd/pull/949 Title: #949: ssh: apply certificate matching rules Label: +Ready to push ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#943][comment] files_ops: Fix cached password remove
URL: https://github.com/SSSD/sssd/pull/943 Title: #943: files_ops: Fix cached password remove alexey-tikhonov commented: """ retest this please """ See the full comment at https://github.com/SSSD/sssd/pull/943#issuecomment-559737650 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#943][comment] files_ops: Fix cached password remove
URL: https://github.com/SSSD/sssd/pull/943 Title: #943: files_ops: Fix cached password remove alexey-tikhonov commented: """ retest this please """ See the full comment at https://github.com/SSSD/sssd/pull/943#issuecomment-559733674 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#943][comment] files_ops: Fix cached password remove
URL: https://github.com/SSSD/sssd/pull/943 Title: #943: files_ops: Fix cached password remove alexey-tikhonov commented: """ retest this please """ See the full comment at https://github.com/SSSD/sssd/pull/943#issuecomment-559733674 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#945][-Changes requested] p11_child: add 'soft_ocsp' and 'soft_crl options
URL: https://github.com/SSSD/sssd/pull/945 Title: #945: p11_child: add 'soft_ocsp' and 'soft_crl options Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#945][comment] p11_child: add 'soft_ocsp' and 'soft_crl options
URL: https://github.com/SSSD/sssd/pull/945 Title: #945: p11_child: add 'soft_ocsp' and 'soft_crl options alexey-tikhonov commented: """ Thank you, ACK. """ See the full comment at https://github.com/SSSD/sssd/pull/945#issuecomment-559727873 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#945][+Accepted] p11_child: add 'soft_ocsp' and 'soft_crl options
URL: https://github.com/SSSD/sssd/pull/945 Title: #945: p11_child: add 'soft_ocsp' and 'soft_crl options Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#949][+Accepted] ssh: apply certificate matching rules
URL: https://github.com/SSSD/sssd/pull/949 Title: #949: ssh: apply certificate matching rules Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#947][synchronized] tests: fix race conditions in integration tests
URL: https://github.com/SSSD/sssd/pull/947
Author: pbrezina
Title: #947: tests: fix race conditions in integration tests
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/947/head:pr947
git checkout pr947
From d0ebf5021985ab5a5d08b0d7d49b223f55b656c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Tue, 26 Nov 2019 12:26:32 +0100
Subject: [PATCH 1/2] tests: fix race confition in files provider tests
Lets give files provider more time to load changes from files to avoid
race condition failures. The files provider tests works like this:
1. File is changed
2. inotify callback is triggered in SSSD
3. Cache is updated
4. Assertions are done
This sleep is supposed to eliminated race condition between step 1 and 2
so tests do not continue before inotify callback had a chance to kick in.
One second was not enough in some slow virtual environments where the
test non-deterministicly failed (SSSD is starting, doing some initial tasks,
so it is possible that inotify callback is delayed a little bit).
Three seconds is a hopefully safe random value.
---
src/tests/intg/test_files_provider.py | 16
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
index 9f3aad9949..795adf5551 100644
--- a/src/tests/intg/test_files_provider.py
+++ b/src/tests/intg/test_files_provider.py
@@ -451,7 +451,11 @@ def user_generator(seqnum):
shell='/bin/bash')
-def check_user(exp_user, delay=1.0):
+def check_user(exp_user, delay=3.0):
+# We need to delay the flow a little bit to ensure that inotify callback
+# in SSSD had a chance to fire. One second was sometimes not enough
+# on some slow virtual environments. Three seconds is large hopefully
+# safe random value as there is nothing else we can do here.
if delay > 0:
time.sleep(delay)
@@ -466,7 +470,11 @@ def group_generator(seqnum):
mem=[])
-def check_group(exp_group, delay=1.0):
+def check_group(exp_group, delay=3.0):
+# We need to delay the flow a little bit to ensure that inotify callback
+# in SSSD had a chance to fire. One second was sometimes not enough
+# on some slow virtual environments. Three seconds is large hopefully
+# safe random value as there is nothing else we can do here.
if delay > 0:
time.sleep(delay)
@@ -475,7 +483,7 @@ def check_group(exp_group, delay=1.0):
assert found_group == exp_group
-def check_group_by_gid(exp_group, delay=1.0):
+def check_group_by_gid(exp_group, delay=3.0):
if delay > 0:
time.sleep(delay)
@@ -779,7 +787,7 @@ def test_add_remove_add_file_group(setup_gr_with_canary, files_domain_only):
check_group(GROUP1)
setup_gr_with_canary.groupdel(GROUP1["name"])
-time.sleep(1)
+time.sleep(3)
res, group = call_sssd_getgrnam(GROUP1["name"])
assert res == NssReturnCode.NOTFOUND
From b86c79274f99f47b8d84749b1904020b743b9cc5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?=
Date: Tue, 26 Nov 2019 12:42:27 +0100
Subject: [PATCH 2/2] tests: fix race condition in enumeration tests
This change is relevant to Nyquist frequency. To ensure that enumeration has been
run we need to wait at least twice the enumeration timeout. In other words, we need
to make sure enumeration is run at least twice the frequency of our assertions to
ensure that it has been run at least once.
Resolves:
https://pagure.io/SSSD/sssd/issue/3463
---
src/tests/intg/test_enumeration.py | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/tests/intg/test_enumeration.py b/src/tests/intg/test_enumeration.py
index c105c6df02..34298ab49c 100644
--- a/src/tests/intg/test_enumeration.py
+++ b/src/tests/intg/test_enumeration.py
@@ -33,7 +33,11 @@
from util import *
LDAP_BASE_DN = "dc=example,dc=com"
-INTERACTIVE_TIMEOUT = 4
+
+# To ensure that enumeration was run before we need to wait little longer
+# before we make tests assertions. Twice the value is a good safe value..
+ENUMERATION_TIMEOUT = 4
+INTERACTIVE_TIMEOUT = ENUMERATION_TIMEOUT*2
@pytest.fixture(scope="module")
@@ -151,7 +155,7 @@ def format_interactive_conf(ldap_conn, schema):
ldap_enumeration_refresh_timeout= {0}
ldap_purge_cache_timeout= 1
entry_cache_timeout = {0}
-""").format(INTERACTIVE_TIMEOUT)
+""").format(ENUMERATION_TIMEOUT)
def create_conf_file(contents):
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
[SSSD] [sssd PR#946][-Changes requested] INI: sssctl config-check giving the wrong message
URL: https://github.com/SSSD/sssd/pull/946 Title: #946: INI: sssctl config-check giving the wrong message Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#946][+Waiting for review] INI: sssctl config-check giving the wrong message
URL: https://github.com/SSSD/sssd/pull/946 Title: #946: INI: sssctl config-check giving the wrong message Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
