URL: https://github.com/freeipa/freeipa/pull/512
Title: #512: test_config: fix fips_mode key in Env
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
stlaz commented:
"""
NSS DB creation removed from server install, did not realize it does not matter
anymore.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/367#issuecomment-282703536
--
URL: https://github.com/freeipa/freeipa/pull/512
Author: tomaskrizek
Title: #512: test_config: fix fips_mode key in Env
Action: opened
PR body:
"""
Setting fips_mode to object would fail if ipaplatform.tasks module
wasn't present.
https://fedorahosted.org/freeipa/ticket/5695
"""
To pull the
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/512
Author: tomaskrizek
Title: #512: test_config: fix fips_mode key in Env
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/512/head:pr512
git checkout pr512
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
martbab commented:
"""
I have noticed that the check for installed dependencies is buggy, I will have
to fix it before pushing.
Also we would need to move the 'editors' group addition to
URL: https://github.com/freeipa/freeipa/pull/509
Title: #509: Migrate OTP import script to python-cryptography
MartinBasti commented:
"""
@stlaz Why is this closed? I don't see any push/commit here
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/509#issuecomment-282687686
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
stlaz commented:
"""
All the raised issues should've been addressed in the latest PR. Except for the
NSS DB creation, please answer the question in
`ipaserver/install/server/install.py`
"""
See the full
Hello list,
today and tomorrow a migration of FreeIPA issue tracker[1] and git repo
will take place.
It is due to FedoraHosted sunset [2]. Both will be migrated to pagure.io
[3].
During this migration it won't be possible to add new tickets and
comments to Trac or Pagure.
[1]
URL: https://github.com/freeipa/freeipa/pull/513
Author: tiran
Title: #513: certdb: Don't restore_context() of new NSSDB
Action: opened
PR body:
"""
It's not necesary to restore the context of newly created files. SELinux
ensures that new files have the correct permission. An explicit
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
tiran commented:
"""
I also dropped =1 check. http://man7.org/linux/man-pages/man2/chown.2.html
> If the owner or group is specified as -1, then that ID is not changed.
"""
See the full
URL: https://github.com/freeipa/freeipa/pull/434
Title: #434: csrgen: Automate full cert request flow
LiptonB commented:
"""
@HonzaCholasta thanks, updated!
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/434#issuecomment-282931634
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/434
Author: LiptonB
Title: #434: csrgen: Automate full cert request flow
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/434/head:pr434
git checkout pr434
From
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
HonzaCholasta commented:
"""
Upgrade from 4.3 fails with:
```
2017-02-28T07:07:18Z DEBUG Starting external process
2017-02-28T07:07:18Z DEBUG args=/usr/bin/pk12util -d /etc/httpd/alias -o (6,
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
HonzaCholasta commented:
"""
CA-less to CA-full `ipa-ca-install` fails with:
```
2017-02-28T07:24:47Z DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 892,
in run_script
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
HonzaCholasta commented:
"""
`ipa-replica-install` with `--setup-ca` fails with:
```
2017-02-28T07:38:41Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
abbra commented:
"""
If you can differentiate how the installer is being run, then for composite
installer always run add_sids.
"""
See the full comment at
Rawhide has an updated python-pyasn1, v0.2,3, and F-25 will soon have it
in updates-testing.
It worked in my limited testing in IPA.
It is primarily a performance release but includes some fixes from 0.2.2
which I never pushed into Fedora.
rob
--
Manage your subscription for the Freeipa-devel
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
simo5 commented:
"""
Seemed worth fixing at the same time, but I won't insist.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/508#issuecomment-282770785
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
flo-renaud commented:
"""
@simo5 @abbra I agree but this should be tracked in a separate issue.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/508#issuecomment-282761362
--
URL: https://github.com/freeipa/freeipa/pull/514
Author: simo5
Title: #514: Limit sessions to 30 minutes by default
Action: opened
PR body:
"""
When we changed the session handling code we unintentinally extended
sessions expiraion time to the whole ticket lifetime of 24h.
Related to
URL: https://github.com/freeipa/freeipa/pull/515
Author: tiran
Title: #515: Re-add ipapython.config.config for backwards compatibilty
Action: opened
PR body:
"""
IPAConfig, config and init_config were removed in rev 7b966e85. Ipsilon uses
ipapython.config to get realm, domain and server of an
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
There's going to be 0.6.3 version fixing some more issues.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#issuecomment-282757858
--
Manage
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
abbra commented:
"""
Good point. I think we shouldn't restart ourselves as we anyway are listening
on all interfaces with 0.0.0.0.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/514
Title: #514: Limit sessions to 30 minutes by default
tiran commented:
"""
Would it makes sense to add
https://httpd.apache.org/docs/trunk/mod/mod_session.html#sessionexpiryupdateinterval
and set it to a small value like 30 seconds?
> The
URL: https://github.com/freeipa/freeipa/pull/400
Title: #400: WebUI: Certificate Mapping
pvomacka commented:
"""
Hello @flo-renaud and @pvoborni
thank you for reviews, all proposed changes are done in last commits, please
look at them. Thank you very much.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
martbab commented:
"""
OK I will then hard-code `add_sids=True` in ipa-server-install
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/479#issuecomment-282784419
--
URL: https://github.com/freeipa/freeipa/pull/514
Title: #514: Limit sessions to 30 minutes by default
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
abbra commented:
"""
Unless you specified --add-sids to ipa-adtrust-install (or `add_sids=True` in
ADTrustInstance.setup() call), no task would be run. 'Activating sidgen task'
only adds
URL: https://github.com/freeipa/freeipa/pull/400
Author: pvomacka
Title: #400: WebUI: Certificate Mapping
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/400/head:pr400
git checkout pr400
From
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
martbab commented:
"""
@abbra I think that I am confused by the way sidgen plugin works. During LDAP
configuration I can see that sidgen/extdom plugins are activated. e.g:
```
...
URL: https://github.com/freeipa/freeipa/pull/510
Author: tiran
Title: #510: Vault: port key wrapping to python-cryptography
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/510/head:pr510
git checkout pr510
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
Works for me
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#issuecomment-282659959
--
Manage your subscription for the Freeipa-devel mailing
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
Unfortunately, we can't push this until we find a way to provide the rpm for
Travis.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/448
Title: #448: Tests: Basic coverage with tree root domain
gkaihorodova commented:
"""
Bump for review
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/448#issuecomment-282664683
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
HonzaCholasta commented:
"""
@stlaz,
https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-master/build/519196/
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/507
Author: tiran
Title: #507: Use https to get security domain from Dogtag
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/507/head:pr507
git checkout pr507
URL: https://github.com/freeipa/freeipa/pull/510
Title: #510: Vault: port key wrapping to python-cryptography
tiran commented:
"""
@simo5 Do I remember correctly that PKCS1v1.5 side channel attacks applies only
to unpadding and not to padding?
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
@HonzaCholasta Thank you, please kick Travis once the build is done
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#issuecomment-282665763
--
URL: https://github.com/freeipa/freeipa/pull/510
Title: #510: Vault: port key wrapping to python-cryptography
tiran commented:
"""
I can answer the question myself. The side channel attack on RSAEP PKCS1 v1.5
is a chosen-ciphertext attack Bleichenbacher attack. It applies to unpadding
and RSA
URL: https://github.com/freeipa/freeipa/pull/501
Author: tiran
Title: #501: C compilation fixes and hardening
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/501/head:pr501
git checkout pr501
From
URL: https://github.com/freeipa/freeipa/pull/509
Title: #509: Migrate OTP import script to python-cryptography
tiran commented:
"""
The importer uses RSAES-PKCS1 v1.5 to decrypt a session key. PKCS1 v1.5 is
potentially vulnerable to CCA Bleichenbacher. In my professional opinion, the
OTP
URL: https://github.com/freeipa/freeipa/pull/509
Title: #509: Migrate OTP import script to python-cryptography
MartinBasti commented:
"""
@stlaz Why is this closed? I don't see any push/commit here
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/509#issuecomment-282687686
46 matches
Mail list logo
