On Wed, Nov 11, 2020 at 11:45:15AM +0200, Alexander Bokovoy via FreeIPA-devel
wrote:
> Hi,
>
> we are close to get FreeIPA 4.9.0 release candidate out.
>
> Draft release notes: https://vda.li/drafts/freeipa-4.9.0-release-notes.html
>
> They include difference between 4.8.10 and current git mast
On Wed, Jul 01, 2020 at 04:07:02PM -0400, Rob Crittenden via FreeIPA-devel
wrote:
> You may notice that your azure tests are failing with:
>
> Bash exiting with code '1':
> GATING sudo_1_to_5 * Check for coredumps
>
> It is an updated certmonger that is dropping core. I pushed a fix in
> F31-raw
Thanks Triviño!
You PR-CI wrangers are absolute legends.
Cheers,
Fraser
On Mon, Feb 03, 2020 at 01:26:45PM +0100, Francisco Triviño García via
FreeIPA-devel wrote:
> Our FreeIPA PR-CI infra is up and running again.
>
> -Triviño.
>
>
> On 2/3/20 11:27 AM, Francisco Triviño García wrote:
> >
On Thu, Dec 19, 2019 at 05:17:05PM +0200, Alexander Bokovoy via FreeIPA-users
wrote:
> Hi,
>
> thanks to the recent changes done by Dinesh(master[1] and ipa-4-8[2]),
> it is now possible to have continuous rebuild of FreeIPA master and
> ipa-4-8 branches using COPR repositories.
>
> We now have
My latest blog post outlines our plan for ACME support in FreeIPA.
If you have any feedback or questions please share.
https://frasertweedale.github.io/blog-redhat/posts/2019-12-06-freeipa-acme-plans.html
Cheers,
Fraser
___
FreeIPA-devel mailing list --
Continuing with fixes and enhancements to ipatool, here is a patch
that teaches pr-push the --autobackport option. So we can avoid
manually looking and specifying the backport targets.
https://github.com/freeipa/freeipa-tools/pull/74
Enjoy!
Fraser
___
On Tue, Jun 11, 2019 at 11:40:52AM +1000, Fraser Tweedale via FreeIPA-devel
wrote:
> Hi team,
>
> I opened a PR a couple weeks ago - a pretty simple fix to not
> consider tickets in diff context or removed lines. Looking for a
> review / agreement that this is a good idea, and th
Hi team,
I opened a PR a couple weeks ago - a pretty simple fix to not
consider tickets in diff context or removed lines. Looking for a
review / agreement that this is a good idea, and then we can merge
it.
https://github.com/freeipa/freeipa-tools/pull/72/files
Cheers,
Fraser
__
On Mon, Mar 11, 2019 at 03:58:17PM +0100, François Cami wrote:
> Hi,
>
> The Java maintainers have orphaned most, if not all, of the Java stack
> in Fedora, in favor of modules:
> https://lists.fedoraproject.org/archives/list/java-de...@lists.fedoraproject.org/message/MQMRQVENBLDRS67WLNQ7EOCMSDI5W
On Wed, Oct 24, 2018 at 04:49:21PM -0400, Rob Crittenden via FreeIPA-devel
wrote:
> I started a design of an IPA healthcheck framework at
> https://www.freeipa.org/page/V4/Healthcheck
>
> Have at it.
>
> Note that this concentrates more on how it will work big picture and
> less on individual ch
On Mon, Oct 01, 2018 at 10:10:52PM -0400, Rob Crittenden via FreeIPA-devel
wrote:
> As part of a larger IPA "health" checker and driven largely by necessity
> I have the beginning of a certificate checking tool available at
> https://github.com/rcritten/checkcerts
>
> It works for me in IPA 4.5.4
>
>
> On 06/05/2018 11:02 AM, Fraser Tweedale wrote:
> > On Tue, Jun 05, 2018 at 09:51:08AM +0200, Florence Blanc-Renaud wrote:
> >> On 06/01/2018 03:08 AM, Fraser Tweedale via FreeIPA-devel wrote:
> >>> On Thu, May 31, 2018 at 12:10:31PM +0200, Standa Laz
On Tue, Jun 05, 2018 at 09:51:08AM +0200, Florence Blanc-Renaud wrote:
> On 06/01/2018 03:08 AM, Fraser Tweedale via FreeIPA-devel wrote:
> > On Thu, May 31, 2018 at 12:10:31PM +0200, Standa Laznicka via FreeIPA-devel
> > wrote:
> > > Hello people of the freeipa-devel chan
Hi all,
Pursuant to recent discussions, here is a draft design[1] that
formalises and (as of initial draft) proposes some changes to
FreeIPA's certificate revocation behaviours.
Nothing is set in stone. Every change is up for debate. There are
some open questions (search for **TODO** and **QUE
On Thu, May 31, 2018 at 10:10:07PM -0400, Rob Crittenden via FreeIPA-devel
wrote:
> Fraser Tweedale via FreeIPA-devel wrote:
> > On Thu, May 31, 2018 at 11:17:51AM -0400, Rob Crittenden via FreeIPA-devel
> > wrote:
> >> Standa Laznicka via FreeIPA-devel wrote:
> >
On Thu, May 31, 2018 at 11:17:51AM -0400, Rob Crittenden via FreeIPA-devel
wrote:
> Standa Laznicka via FreeIPA-devel wrote:
> > Hello people of the freeipa-devel channel,
> >
> > Let me share a design that proposes a way of automating the way FreeIPA
> > replicas would be promoted to become a CR
On Thu, May 31, 2018 at 12:10:31PM +0200, Standa Laznicka via FreeIPA-devel
wrote:
> Hello people of the freeipa-devel channel,
>
> Let me share a design that proposes a way of automating the way FreeIPA
> replicas would be promoted to become a CRL master. Since the
> configuration cannot be dyna
Just a quick heads up that a couple of new RFCs[1][2] update RFC
5280 w.r.t. i18n support.
[1] https://tools.ietf.org/html/rfc8398
[2] https://tools.ietf.org/html/rfc8399
The most notable change is a new otherName type to represent
internationalised email addresses (i.e. when the local part is no
On Fri, May 11, 2018 at 01:52:57PM -0400, Rob Crittenden via FreeIPA-devel
wrote:
> Simo Sorce wrote:
> > On Fri, 2018-05-11 at 15:47 +1000, Fraser Tweedale via FreeIPA-devel
> > wrote:
> > > Hi all,
> > >
> > > Ticket https://pagure.io/freeipa/issue/
Hi all,
Ticket https://pagure.io/freeipa/issue/7482 made me think about the
current revocation behaviour in `ipa cert-request`. For hosts and
services, all old certificates get revoked.
I wrote a blog post[1] outlining the problems with the current
behaviour, and some suggested changes. I'd lik
Thanks Rob,
Comments inline.
On Thu, May 03, 2018 at 02:59:02PM -0400, Rob Crittenden via FreeIPA-devel
wrote:
> There are a lot of old, outdated PRs.
>
> I think we need to close them and strive hard to keep the list of PRs very
> low so for this round, against my usual instincts, I propose we
On Wed, Mar 14, 2018 at 09:11:20AM -0500, Ian Pilcher via FreeIPA-devel wrote:
> On 03/11/2018 09:31 PM, Fraser Tweedale wrote:
> > Thanks Ian! I'll try and review this in the next couple of days?
>
> No rush. I'm traveling this week, so I won't be to do anything with
> this anyway.
>
> > Do yo
On Mon, Mar 12, 2018 at 10:11:24AM +0100, Florence Blanc-Renaud via
FreeIPA-devel wrote:
> Hi all,
>
> I recently updated the Contribute/Code wiki page
> (https://www.freeipa.org/page/Contribute/Code), especially the sections
> related to Code Review Process.
>
> As developers, we often prefer t
Thanks Ian! I'll try and review this in the next couple of days?
Do you use GitHub? If so, you could create a pull request there,
which will make it more visible, easier to review, and cause CI to
run on your patch. If not, that's OK. We are happy to receive your
contribution by any means!
Ch
On Fri, Feb 16, 2018 at 12:51:41PM -0600, Ian Pilcher via FreeIPA-devel wrote:
> I have an older NETGEAR switch that has annoying habit of using its IP
> address in URLs that it sends back to the browser. The result can be
> seen here:
>
> https://www.penurio.us/oops.png
>
> I would like to ad
Thank you, Tomas!
On Fri, Sep 22, 2017 at 11:27:34AM +0200, Tomas Krizek wrote:
> On 09/21/2017 05:39 PM, Rob Crittenden via FreeIPA-devel wrote:
> > Tomas Krizek via FreeIPA-devel wrote:
> >> On 09/21/2017 02:32 AM, Fraser Tweedale via FreeIPA-devel wrote:
> >>>
Just a heads up that running tests on f27 is a bit of a problem
right now, due to a bug in paramiko that gets triggered when
importing pytest_multihost.transport.
Relevant upstream issues:
- https://github.com/paramiko/paramiko/issues/1069
- https://github.com/paramiko/paramiko/pull/861
A quick
Hi,
Could someone with the relevant permissions please add
certmonger-0.79.5-1[1] to the freeipa-master COPR for f26?
It is needed for testing PR 930[2] and so I can amend the PR to bump
the min version of certmonger in the spec file.
[1] https://koji.fedoraproject.org/koji/buildinfo?buildID=965
Hi team,
There are some bugs in python3-pyldap; the version in f25 and f26 is
affected (not sure about f27/rawhide but the problems have been
fixed upstream[1]). In FreeIPA the `json_metadata' command is affected
(at least), which breaks the Web UI.
If you hit this, here (below) is a patch you c
On Wed, Aug 09, 2017 at 10:18:33AM +0200, Christian Heimes via FreeIPA-devel
wrote:
> On 2017-08-08 08:04, Fraser Tweedale via FreeIPA-devel wrote:
> > Hi team,
> >
> > At PyCon Australia on the weekend I was reminded of PEP-484 type
> > hinting** and the M
Hi team,
At PyCon Australia on the weekend I was reminded of PEP-484 type
hinting** and the Mypy type checker for Python.
With focus of FreeIPA project shifting more towards stability,
quality and maintainability, and with Python 3 porting work nearly
wrapped up, now is the time to think about ho
On Wed, Aug 02, 2017 at 09:59:35AM -0400, Rob Crittenden wrote:
> Petr Vobornik via FreeIPA-devel wrote:
> > On Wed, Aug 2, 2017 at 3:30 AM, Fraser Tweedale wrote:
> >> Hi devs,
> >>
> >> This is at least the second time recently that people needing to
> >> renew service certificates used ``ipa-ca
Hi devs,
This is at least the second time recently that people needing to
renew service certificates used ``ipa-cacert-manage renew`` (the
wrong command) and either didn't solve the problem or got into a
deeper mess.
Clearly we have a usability problem here.
The ipa-cacert-manage(1) man page is
upport.
> >
> > The other option is to tie the dogtag profiles version to the domain
> > level as well, and only ever use new ones when the whole domain level
> > is upped. This is conditional on newer versions of dogtag being able to
> > use older profile versions wi
Hi all,
I've published a draft design for the profile update mechanism.
This feature is to ensure that we can safely update included
profiles even when we use Dogtag profile components only available
in new versions.
https://www.freeipa.org/page/V4/Certificate_profile_update_mechanism
Interested
On Fri, Jun 09, 2017 at 10:25:34AM +0200, Martin Bašti wrote:
>
>
> On 09.06.2017 05:46, Fraser Tweedale via FreeIPA-devel wrote:
> > On Thu, Jun 08, 2017 at 05:13:43PM +0200, Martin Bašti wrote:
> > >
> > > On 08.06.2017 09:08, Martin Bašti via FreeIPA
On Thu, Jun 08, 2017 at 05:13:43PM +0200, Martin Bašti wrote:
>
>
> On 08.06.2017 09:08, Martin Bašti via FreeIPA-devel wrote:
> >
> >
> > On 08.06.2017 02:43, Fraser Tweedale via FreeIPA-devel wrote:
> > > My PR https://github.com/freeipa/freeipa/pull/859
My PR https://github.com/freeipa/freeipa/pull/859 bumps the pki-core
dependency to >= 10.4. This patch is intended for master and 4.5
branches. Could someone with the needed permissions please add
pki-core 10.4 builds for f25 and f26 to the @freeipa/freeipa-master
and @freeipa/freeipa-4.5 COPRs?
38 matches
Mail list logo