[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 9c9b0f2891c021aadac38824d3bea2862830f85a Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 4 ++- pypi/test_placeholder.py | 47 tox.ini | 54 7 files changed, 218 insertions(+), 6 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels +WHEELPYPIDIR = $(top_builddir)/dist/pypi WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1) @@ -273,6 +276,9 @@ $(WHEELDISTDIR): $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) +$(WHEELPYPIDIR): + mkdir -p $(WHEELPYPIDIR) + bdist_wheel: $(WHEELDISTDIR) rm -f $(foreach item,$(IPA_WHEEL_PACKAGES)
[Freeipa-devel] [freeipa PR#698][opened] install: request service certs after host keytab is set up
URL: https://github.com/freeipa/freeipa/pull/698 Author: HonzaCholasta Title: #698: install: request service certs after host keytab is set up Action: opened PR body: """ **dsinstance: reconnect ldap2 after DS is restarted by certmonger** DS is restarted by certmonger in the restart_dirsrv script after the DS certificate is saved. This breaks the ldap2 backend and makes any operation fail with NetworkError until it is reconnected. Reconnect ldap2 after the DS certificate request is finished to fix the issue. Make sure restart_dirsrv waits for the ldapi socket so that the reconnect does not fail. **httpinstance: avoid httpd restart during certificate request** httpd is restarted by certmonger in the restart_httpd script after the httpd certificate is saved if it was previously running. The restart will fail because httpd is not properly configured at this point. Stop httpd at the beginning of httpd install to avoid the restart. **dsinstance, httpinstance: consolidate certificate request code** A different code path is used for DS and httpd certificate requests in replica promotion. This is rather unnecessary and makes the certificate request code not easy to follow. Consolidate the non-promotion and promotion code paths into one. **install: request service certs after host keytab is set up** The certmonger renew agent and restart scripts use host keytab for authentication. When they are executed during a certmonger request before the host keytab is set up, the authentication will fail. Make sure all certmonger requests in the installer are done after the host keytab is set up. **renew agent: revert to host keytab authentication** Fixes an issue where the renew agent uses GSSAPI for LDAP connection but fails because it is not authenticated. This reverts commit 7462adec13c5b25b6868d2863dc38062c97d0ff7. **renew agent, restart scripts: connect to LDAP after kinit** Connect to LDAP after kinit is done, otherwise GSSAPI authentication will fail. https://pagure.io/freeipa/issue/6757 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/698/head:pr698 git checkout pr698 From a177247344479e1e5636df5f27875d2c5b76fa5e Mon Sep 17 00:00:00 2001 From: Jan CholastaDate: Fri, 7 Apr 2017 07:40:19 +0200 Subject: [PATCH 1/6] dsinstance: reconnect ldap2 after DS is restarted by certmonger DS is restarted by certmonger in the restart_dirsrv script after the DS certificate is saved. This breaks the ldap2 backend and makes any operation fail with NetworkError until it is reconnected. Reconnect ldap2 after the DS certificate request is finished to fix the issue. Make sure restart_dirsrv waits for the ldapi socket so that the reconnect does not fail. https://pagure.io/freeipa/issue/6757 --- install/restart_scripts/restart_dirsrv | 2 +- ipaserver/install/dsinstance.py| 4 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/install/restart_scripts/restart_dirsrv b/install/restart_scripts/restart_dirsrv index b4c9490..ff476ca 100644 --- a/install/restart_scripts/restart_dirsrv +++ b/install/restart_scripts/restart_dirsrv @@ -41,7 +41,7 @@ def _main(): try: if services.knownservices.dirsrv.is_running(): -services.knownservices.dirsrv.restart(instance) +services.knownservices.dirsrv.restart(instance, ldapi=True) except Exception as e: syslog.syslog(syslog.LOG_ERR, "Cannot restart dirsrv (instance: '%s'): %s" % (instance, str(e))) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 79dc90e..fb5f925 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -837,6 +837,10 @@ def __enable_ssl(self): finally: certmonger.modify_ca_helper('IPA', prev_helper) +# restart_dirsrv in the request above restarts DS, reconnect ldap2 +api.Backend.ldap2.disconnect() +api.Backend.ldap2.connect() + self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False) dsdb.create_pin_file() From 1477aff4e733b52f305e466e71e11a2f5730892b Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Fri, 7 Apr 2017 07:40:41 +0200 Subject: [PATCH 2/6] httpinstance: avoid httpd restart during certificate request httpd is restarted by certmonger in the restart_httpd script after the httpd certificate is saved if it was previously running. The restart will fail because httpd is not properly configured at this point. Stop httpd at the beginning of httpd install to avoid the restart. https://pagure.io/freeipa/issue/6757 --- ipaserver/install/httpinstance.py | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 079ea92..d7cd776 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@
[Freeipa-devel] [bind-dyndb-ldap PR#15][comment] ignore what configure and make produced
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/15 Title: #15: ignore what configure and make produced tomaskrizek commented: """ I think the *.lo part is needlessly verbose, since we can ignore all generated files anyway. Could you please change the `make` part to ignore the entire extension instead of the individual files? ``` *.la *.lo ``` """ See the full comment at https://github.com/freeipa/bind-dyndb-ldap/pull/15#issuecomment-292464848 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#694][comment] RFC: implement local PKINIT deployment in server/replica install
URL: https://github.com/freeipa/freeipa/pull/694 Title: #694: RFC: implement local PKINIT deployment in server/replica install martbab commented: """ @MartinBasti I can add some removal logic to upgrader if required. """ See the full comment at https://github.com/freeipa/freeipa/pull/694#issuecomment-292477063 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [SSSD] [RFC] Matching and Mapping Certificates
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: > Hi, > > I've started to write a SSSD design page about enhancing the current > mapping of certificates to users and how to select/match a suitable > certificate if multiple certificates are on a Smartcard. > > My currently thoughts and idea and be found at > https://fedorahosted.org/sssd/wiki/DesignDocs/MatchingAndMappingCertificates > and for your convenience below as well. > > Comments and suggestions are welcome. Please let me know about concerns, > alternatives and missing use-cases/user-stories. > > bye, > Sumit I converted the page to pagure markdown: https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html There are no changes to the content except for fixing typos. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation
URL: https://github.com/freeipa/freeipa/pull/697 Title: #697: Create system users for FreeIPA services during package installation HonzaCholasta commented: """ Ah, right, rpmdiff complained about that. Well, that was 2 years ago, and if it works for sssd it must also work for us, so I guess we should ignore rpmdiff. """ See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292467153 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [SSSD] [RFC] Matching and Mapping Certificates
On Fri, Apr 07, 2017 at 10:38:55AM +0200, Jakub Hrozek wrote: > On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: > > Hi, > > > > I've started to write a SSSD design page about enhancing the current > > mapping of certificates to users and how to select/match a suitable > > certificate if multiple certificates are on a Smartcard. > > > > My currently thoughts and idea and be found at > > https://fedorahosted.org/sssd/wiki/DesignDocs/MatchingAndMappingCertificates > > and for your convenience below as well. > > > > Comments and suggestions are welcome. Please let me know about concerns, > > alternatives and missing use-cases/user-stories. > > > > bye, > > Sumit > > I converted the page to pagure markdown: > > https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html > > There are no changes to the content except for fixing typos. Thank you for doing the conversion and fixing the typos. I will now update the page to reflect the current state of the code. bye, Sumit > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation
URL: https://github.com/freeipa/freeipa/pull/697 Title: #697: Create system users for FreeIPA services during package installation martbab commented: """ Right, we do not have systemd available during Docker image build so some fallback mechanism directly in spec would be great. Otherwise we would have to workaround this in containers and I am not a big fan of that. """ See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292488467 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation
URL: https://github.com/freeipa/freeipa/pull/697 Title: #697: Create system users for FreeIPA services during package installation adelton commented: """ > I don't think we should do that and rather fail early if the user is missing. +1 """ See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292488251 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation
URL: https://github.com/freeipa/freeipa/pull/697 Title: #697: Create system users for FreeIPA services during package installation adelton commented: """ > Previously system users needed by FreeIPA server services was created during > ipa-server-install. Actually, for any such case I found I filed bugzilla or ticket to get them created during rpm installation. > This led to problem when DBus policy was configured during > package installation but the user specified in the policy didn't exist yet > (and > potentionally similar ones). Now systemd-sysusers service is used to ensure > users freeipa-server package needs exist before any installation or > configuration begins. Please do not use systemd-sysusers, create the group/user entries during rpm installation. """ See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292483893 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 6f90b92ac55f32a1a028ffe0faffde21faab8544 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 5 +-- pypi/test_placeholder.py | 47 tox.ini | 54 7 files changed, 218 insertions(+), 7 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels +WHEELPYPIDIR = $(top_builddir)/dist/pypi WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1) @@ -273,6 +276,9 @@ $(WHEELDISTDIR): $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) +$(WHEELPYPIDIR): + mkdir -p $(WHEELPYPIDIR) + bdist_wheel: $(WHEELDISTDIR) rm -f $(foreach item,$(IPA_WHEEL_PACKAGES)
[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation
URL: https://github.com/freeipa/freeipa/pull/697 Title: #697: Create system users for FreeIPA services during package installation HonzaCholasta commented: """ Note that systemd-sysusers is not available in RHEL and CentOS. It might be better to use the sssd approach: https://github.com/SSSD/sssd/blob/master/contrib/sssd.spec.in#L1228. """ See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292462863 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation
URL: https://github.com/freeipa/freeipa/pull/697 Title: #697: Create system users for FreeIPA services during package installation tiran commented: """ Originally I used a similar approach for the kdcproxy user based on the snippet https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation . You changed it in ticket https://pagure.io/freeipa/issue/5314 because the approach violates packaging guidelines. """ See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292464389 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][opened] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Author: neffs Title: #699: Fix libkrb5 filename for macOS Action: opened PR body: """ libkrb5.so.3 is called libkrb5.dylib on macOS """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/699/head:pr699 git checkout pr699 From ad835186c4b799363110522407e3a3cd993d6194 Mon Sep 17 00:00:00 2001 From: David KreitschmannDate: Fri, 7 Apr 2017 14:02:46 +0200 Subject: [PATCH] Fix libkrb5 filename for macOS Signed-off-by: David Kreitschmann --- ipapython/session_storage.py | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 1443413..92e9825 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -7,9 +7,12 @@ KRB5_CC_NOSUPP = -1765328137 +LIBKRB5_FILENAME = 'libkrb5.so.3' +if platform.system()=="Darwin": +LIBKRB5_FILENAME = 'libkrb5.dylib' try: -LIBKRB5 = ctypes.CDLL('libkrb5.so.3') +LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME) except OSError as e: # pragma: no cover raise ImportError(str(e)) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [bind-dyndb-ldap PR#16][opened] spec: remove unnecessary bind-pkcs11 dependency
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16 Author: tomaskrizek Title: #16: spec: remove unnecessary bind-pkcs11 dependency Action: opened PR body: """ The bind-pkcs11 dependency was originally introduced in Fedora specfile in 2014 to help with ipa-server-upgrade. This was a temporary workaround. Since Fedora life cycle is 13 months and this change happened more than two years ago, it is safe to remove the workaround. bind-dyndb-ldap does not actually depend on bind-pkcs11, although it is a dependency that is enforced by freeipa. """ To pull the PR as Git branch: git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap git fetch ghbind-dyndb-ldap pull/16/head:pr16 git checkout pr16 From a9d889ea8f18816c26ebc91ac1b2e92e5710b113 Mon Sep 17 00:00:00 2001 From: Tomas KrizekDate: Fri, 7 Apr 2017 12:11:11 +0200 Subject: [PATCH] spec: remove unnecessary bind-pkcs11 dependency The bind-pkcs11 dependency was originally introduced in Fedora specfile in 2014 to help with ipa-server-upgrade. This was a temporary workaround. Since Fedora life cycle is 13 months and this change happened more than two years ago, it is safe to remove the workaround. bind-dyndb-ldap does not actually depend on bind-pkcs11, although it is a dependency that is enforced by freeipa. --- contrib/bind-dyndb-ldap.spec | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/contrib/bind-dyndb-ldap.spec b/contrib/bind-dyndb-ldap.spec index 7d0e887..4dc5997 100644 --- a/contrib/bind-dyndb-ldap.spec +++ b/contrib/bind-dyndb-ldap.spec @@ -12,13 +12,13 @@ Source0:https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2 Source1:https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: bind-devel >= 32:9.11.0-6.P2, bind-lite-devel >= 32:9.11.0-6.P2, bind-pkcs11-devel >= 32:9.11.0-6.P2 +BuildRequires: bind-devel >= 32:9.11.0-6.P2, bind-lite-devel >= 32:9.11.0-6.P2 BuildRequires: krb5-devel BuildRequires: openldap-devel BuildRequires: libuuid-devel BuildRequires: automake, autoconf, libtool -Requires: bind-pkcs11 >= 32:9.11.0-6.P2, bind-pkcs11-utils >= 32:9.11.0-6.P2 +Requires: bind >= 32:9.11.0-6.P2 %description This package provides an LDAP back-end plug-in for BIND. It features @@ -114,6 +114,9 @@ rm -rf %{buildroot} %changelog +* Fri Apr 07 2017 Tomas Krizek +- Removed unnecessary bind-pkcs11 dependency + * Mon Mar 13 2017 Tomas Krizek - Fixed sed script regex error - Re-synced specfile with fedora -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [bind-dyndb-ldap PR#16][comment] spec: remove unnecessary bind-pkcs11 dependency
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16 Title: #16: spec: remove unnecessary bind-pkcs11 dependency tomaskrizek commented: """ master: - 4fb51bac7f4f739975a2afb857b686869eff92b6 """ See the full comment at https://github.com/freeipa/bind-dyndb-ldap/pull/16#issuecomment-292502794 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#632][closed] ipa-sam: create the gidNumber attribute in the trusted domain entry
URL: https://github.com/freeipa/freeipa/pull/632 Author: flo-renaud Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/632/head:pr632 git checkout pr632 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#632][+pushed] ipa-sam: create the gidNumber attribute in the trusted domain entry
URL: https://github.com/freeipa/freeipa/pull/632 Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#632][comment] ipa-sam: create the gidNumber attribute in the trusted domain entry
URL: https://github.com/freeipa/freeipa/pull/632 Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry MartinBasti commented: """ master: * e052c2dce04f5ce147dc2b6804f44705fa4d69df ipa-sam: create the gidNumber attribute in the trusted domain entry * 5405de5bc15941d71137af10aa66a6cf922d9e6d Upgrade: add gidnumber to trusted domain entry ipa-4-5: * 91d36941653476abfff6a54ba7cb5a9f2c12c22d ipa-sam: create the gidNumber attribute in the trusted domain entry * eddd29f1d52d63ea702437b0dd2a2826df52bc26 Upgrade: add gidnumber to trusted domain entry """ See the full comment at https://github.com/freeipa/freeipa/pull/632#issuecomment-292504625 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [bind-dyndb-ldap PR#16][comment] spec: remove unnecessary bind-pkcs11 dependency
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16 Title: #16: spec: remove unnecessary bind-pkcs11 dependency MartinBasti commented: """ LGTM """ See the full comment at https://github.com/freeipa/bind-dyndb-ldap/pull/16#issuecomment-292500650 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [bind-dyndb-ldap PR#16][+pushed] spec: remove unnecessary bind-pkcs11 dependency
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16 Title: #16: spec: remove unnecessary bind-pkcs11 dependency Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [bind-dyndb-ldap PR#16][closed] spec: remove unnecessary bind-pkcs11 dependency
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16 Author: tomaskrizek Title: #16: spec: remove unnecessary bind-pkcs11 dependency Action: closed To pull the PR as Git branch: git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap git fetch ghbind-dyndb-ldap pull/16/head:pr16 git checkout pr16 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#692][+pushed] tests: add non-reg for idrange-add
URL: https://github.com/freeipa/freeipa/pull/692 Title: #692: tests: add non-reg for idrange-add Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#692][closed] tests: add non-reg for idrange-add
URL: https://github.com/freeipa/freeipa/pull/692 Author: flo-renaud Title: #692: tests: add non-reg for idrange-add Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/692/head:pr692 git checkout pr692 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#692][comment] tests: add non-reg for idrange-add
URL: https://github.com/freeipa/freeipa/pull/692 Title: #692: tests: add non-reg for idrange-add martbab commented: """ master: * 342dccea47f6cb14cda63f75789eab51070fb3f6 tests: add non-reg for idrange-add ipa-4-5: * ab2706721db217d55ae549d50a95ace571e65aa6 tests: add non-reg for idrange-add """ See the full comment at https://github.com/freeipa/freeipa/pull/692#issuecomment-292505832 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [bind-dyndb-ldap PR#16][+ack] spec: remove unnecessary bind-pkcs11 dependency
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16 Title: #16: spec: remove unnecessary bind-pkcs11 dependency Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#692][+ack] tests: add non-reg for idrange-add
URL: https://github.com/freeipa/freeipa/pull/692 Title: #692: tests: add non-reg for idrange-add Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: Fix libkrb5 filename for macOS abbra commented: """ Thanks. Do you have IPA client code working on Mac OS X? """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292523505 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: Fix libkrb5 filename for macOS neffs commented: """ It connects via RPC and user-show works. Didn't check much further. I also created an issue: https://pagure.io/freeipa/issue/6850 """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292524463 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: Fix libkrb5 filename for macOS neffs commented: """ It connects via RPC and user-show works. Didn't check much further. I also created an issue: https://pagure.io/freeipa/issue/6850 """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292524463 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: Fix libkrb5 filename for macOS abbra commented: """ Ok. Let me look at it next week when I'll have time. Could you please add a short step by step instruction how you configured IPA client on Mac OS X? """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292527660 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: Fix libkrb5 filename for macOS abbra commented: """ There is a PEP8 error: PEP-8 errors: ./ipapython/session_storage.py:11:21: E225 missing whitespace around operator """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292527976 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][synchronized] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Author: neffs Title: #699: Fix libkrb5 filename for macOS Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/699/head:pr699 git checkout pr699 From ad835186c4b799363110522407e3a3cd993d6194 Mon Sep 17 00:00:00 2001 From: David KreitschmannDate: Fri, 7 Apr 2017 14:02:46 +0200 Subject: [PATCH 1/2] Fix libkrb5 filename for macOS Signed-off-by: David Kreitschmann --- ipapython/session_storage.py | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 1443413..92e9825 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -7,9 +7,12 @@ KRB5_CC_NOSUPP = -1765328137 +LIBKRB5_FILENAME = 'libkrb5.so.3' +if platform.system()=="Darwin": +LIBKRB5_FILENAME = 'libkrb5.dylib' try: -LIBKRB5 = ctypes.CDLL('libkrb5.so.3') +LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME) except OSError as e: # pragma: no cover raise ImportError(str(e)) From 4257af46f8b18f874e3e416b449c931e267ef5d9 Mon Sep 17 00:00:00 2001 From: David Kreitschmann Date: Fri, 7 Apr 2017 15:02:05 +0200 Subject: [PATCH 2/2] Fix PEP8 error Signed-off-by: David Kreitschmann --- ipapython/session_storage.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 92e9825..ac5682e 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -8,7 +8,7 @@ KRB5_CC_NOSUPP = -1765328137 LIBKRB5_FILENAME = 'libkrb5.so.3' -if platform.system()=="Darwin": +if platform.system() == "Darwin": LIBKRB5_FILENAME = 'libkrb5.dylib' try: -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: Fix libkrb5 filename for macOS neffs commented: """ I added the steps here: https://pagure.io/freeipa/issue/6850 """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292532086 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#700][opened] Use entry_points for ipa CLI
URL: https://github.com/freeipa/freeipa/pull/700 Author: tiran Title: #700: Use entry_points for ipa CLI Action: opened PR body: """ Fix problem with hard-coded shebang in ipa command line tool by using a proper setuptools entry point for the console script. ipaclient is now an executable Python package, too. ``` $ python -m ipaclient ping ``` is equivalent to ``` $ ipa ping ``` Related: https://pagure.io/freeipa/issue/6653 Closes: https://pagure.io/freeipa/issue/6850 Signed-off-by: Christian Heimes""" To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/700/head:pr700 git checkout pr700 From 796f70ca60fd3067d2e0cd3cc508512db9a0c658 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 7 Apr 2017 15:03:08 +0200 Subject: [PATCH] Use entry_points for ipa CLI Fix problem with hard-coded shebang in ipa command line tool by using a proper setuptools entry point for the console script. ipaclient is now an executable Python package, too. ``` $ python -m ipaclient ping ``` is equivalent to ``` $ ipa ping ``` Related: https://pagure.io/freeipa/issue/6653 Closes: https://pagure.io/freeipa/issue/6850 Signed-off-by: Christian Heimes --- ipa | 5 ++--- ipaclient/__main__.py | 15 +++ ipaclient/setup.py| 6 +- 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 ipaclient/__main__.py diff --git a/ipa b/ipa index 9ef3568..d6e01a2 100755 --- a/ipa +++ b/ipa @@ -24,8 +24,7 @@ Command Line Interface for IPA administration. The CLI functionality is implemented in ipalib/cli.py """ - -from ipalib import api, cli +from ipaclient.__main__ import main if __name__ == '__main__': -cli.run(api) +main() diff --git a/ipaclient/__main__.py b/ipaclient/__main__.py new file mode 100644 index 000..513de7d --- /dev/null +++ b/ipaclient/__main__.py @@ -0,0 +1,15 @@ +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +""" +Command Line Interface for IPA administration. + +The CLI functionality is implemented in ipalib/cli.py +""" +from ipalib import api, cli + + +def main(): +cli.run(api) + + +if __name__ == '__main__': +main() \ No newline at end of file diff --git a/ipaclient/setup.py b/ipaclient/setup.py index f5be7ea..ccb5396 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -31,7 +31,6 @@ ipasetup( name="ipaclient", doc=__doc__, -scripts=['../ipa'], package_dir={'ipaclient': ''}, packages=[ "ipaclient", @@ -60,6 +59,11 @@ "qrcode", "six", ], +entry_points={ +'console_scripts': [ +'ipa = ipaclient.__main__:main' +] +}, extras_require={ "install": ["ipaplatform"], "otptoken_yubikey": ["yubico", "usb"] -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [bind-dyndb-ldap PR#17][opened] settings: skip unconfigured values
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/17 Author: tomaskrizek Title: #17: settings: skip unconfigured values Action: opened PR body: """ When a value is not configured in settings map, it is skipped. If it is the last processed value, the result of ISC_R_NOTFOUND would cause the cleanup section of the function fail. Since unconfigured values are allowed and expected, override the result to ISC_R_SUCCESS in this case to prevent triggerring an error. https://pagure.io/bind-dyndb-ldap/issue/172 --- Also removed obsolete options from the map. """ To pull the PR as Git branch: git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap git fetch ghbind-dyndb-ldap pull/17/head:pr17 git checkout pr17 From 04e528f9c39084ffcb0e7f5caa7c3c87b95c130d Mon Sep 17 00:00:00 2001 From: Tomas KrizekDate: Fri, 7 Apr 2017 14:48:32 +0200 Subject: [PATCH 1/2] settings: skip unconfigured values When a value is not configured in settings map, it is skipped. If it is the last processed value, the result of ISC_R_NOTFOUND would cause the cleanup section of the function fail. Since unconfigured values are allowed and expected, override the result to ISC_R_SUCCESS in this case to prevent triggerring an error. https://pagure.io/bind-dyndb-ldap/issue/172 --- src/settings.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/settings.c b/src/settings.c index 37e6e5c..8beb0d3 100644 --- a/src/settings.c +++ b/src/settings.c @@ -597,8 +597,11 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) setting++) { cfg_value = NULL; result = cfg_map_get(config, setting->name, _value); - if (result == ISC_R_NOTFOUND) - continue; /* setting not configured in map */ + if (result == ISC_R_NOTFOUND) { + /* setting not configured in map */ + result = ISC_R_SUCCESS; + continue; + } else if (result != ISC_R_SUCCESS) goto cleanup; if (cfg_obj_isstring(cfg_value)) { From 495b93e5e97909abf05f784013d78ee9fa80d871 Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Fri, 7 Apr 2017 15:11:28 +0200 Subject: [PATCH 2/2] settings: remove obsolete options Re-remove obsolete options cache_ttl, psearch, serial_autoincrement and zone_refresh. They were already removed in c3bfe1a62ac4f8a73207bf4e80d64a4a3a58d9e4, but re-introduced in refactoring. --- src/settings.c | 4 1 file changed, 4 deletions(-) diff --git a/src/settings.c b/src/settings.c index 8beb0d3..180f027 100644 --- a/src/settings.c +++ b/src/settings.c @@ -33,9 +33,7 @@ static const setting_t settings_default[] = { { "uri", no_default_string }, /* User have to set this */ { "connections", default_uint(2) }, { "reconnect_interval", default_uint(60) }, - { "zone_refresh", default_string("") }, /* No longer supported */ { "timeout", default_uint(10) }, - { "cache_ttl", default_string("") }, /* No longer supported */ { "timeout", default_uint(10) }, { "base", no_default_string }, /* User have to set this */ { "auth_method", default_string("none") }, @@ -49,7 +47,6 @@ static const setting_t settings_default[] = { { "sasl_password", default_string("") }, { "krb5_keytab", default_string("") }, { "fake_mname", default_string("") }, - { "psearch", default_string("") }, /* No longer supported */ { "ldap_hostname", default_string("") }, { "sync_ptr", default_boolean(ISC_FALSE) }, { "dyn_update", default_boolean(ISC_FALSE) }, @@ -60,7 +57,6 @@ static const setting_t settings_default[] = { * SSU table defined by empty string contains no rules => * dns_ssutable_checkrules() will return deny. */ { "update_policy", default_string("") }, - { "serial_autoincrement", default_string("") }, { "verbose_checks", default_boolean(ISC_FALSE) }, { "directory", default_string("") }, { "server_id", default_string("") }, -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][synchronized] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Author: neffs Title: #699: Fix libkrb5 filename for macOS Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/699/head:pr699 git checkout pr699 From ad835186c4b799363110522407e3a3cd993d6194 Mon Sep 17 00:00:00 2001 From: David KreitschmannDate: Fri, 7 Apr 2017 14:02:46 +0200 Subject: [PATCH 1/3] Fix libkrb5 filename for macOS Signed-off-by: David Kreitschmann --- ipapython/session_storage.py | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 1443413..92e9825 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -7,9 +7,12 @@ KRB5_CC_NOSUPP = -1765328137 +LIBKRB5_FILENAME = 'libkrb5.so.3' +if platform.system()=="Darwin": +LIBKRB5_FILENAME = 'libkrb5.dylib' try: -LIBKRB5 = ctypes.CDLL('libkrb5.so.3') +LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME) except OSError as e: # pragma: no cover raise ImportError(str(e)) From 4257af46f8b18f874e3e416b449c931e267ef5d9 Mon Sep 17 00:00:00 2001 From: David Kreitschmann Date: Fri, 7 Apr 2017 15:02:05 +0200 Subject: [PATCH 2/3] Fix PEP8 error Signed-off-by: David Kreitschmann --- ipapython/session_storage.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 92e9825..ac5682e 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -8,7 +8,7 @@ KRB5_CC_NOSUPP = -1765328137 LIBKRB5_FILENAME = 'libkrb5.so.3' -if platform.system()=="Darwin": +if platform.system() == "Darwin": LIBKRB5_FILENAME = 'libkrb5.dylib' try: From f095491d0a601d12a63936e5ec426ae8afbf4ec2 Mon Sep 17 00:00:00 2001 From: David Kreitschmann Date: Fri, 7 Apr 2017 15:18:17 +0200 Subject: [PATCH 3/3] use sys.platform instead of platform.system() Signed-off-by: David Kreitschmann --- ipapython/session_storage.py | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index ac5682e..7c302b7 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -3,13 +3,15 @@ # import ctypes +import sys KRB5_CC_NOSUPP = -1765328137 -LIBKRB5_FILENAME = 'libkrb5.so.3' -if platform.system() == "Darwin": +if sys.platform == 'darwin': LIBKRB5_FILENAME = 'libkrb5.dylib' +else: +LIBKRB5_FILENAME = 'libkrb5.so.3' try: LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Title: #699: Fix libkrb5 filename for macOS tiran commented: """ @neffs thanks David. Please squash your commits into a single commit (```git rebase -i @~3``` and use fixup on the 2nd and 3rd commit, then git push --force). """ See the full comment at https://github.com/freeipa/freeipa/pull/699#issuecomment-292534577 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][synchronized] Fix libkrb5 filename for macOS
URL: https://github.com/freeipa/freeipa/pull/699 Author: neffs Title: #699: Fix libkrb5 filename for macOS Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/699/head:pr699 git checkout pr699 From 25d9d0a99d3451054fea2dfcc44a9dd7119e7593 Mon Sep 17 00:00:00 2001 From: David KreitschmannDate: Fri, 7 Apr 2017 14:02:46 +0200 Subject: [PATCH] Fix libkrb5 filename for macOS Signed-off-by: David Kreitschmann --- ipapython/session_storage.py | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 1443413..7c302b7 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -3,13 +3,18 @@ # import ctypes +import sys KRB5_CC_NOSUPP = -1765328137 +if sys.platform == 'darwin': +LIBKRB5_FILENAME = 'libkrb5.dylib' +else: +LIBKRB5_FILENAME = 'libkrb5.so.3' try: -LIBKRB5 = ctypes.CDLL('libkrb5.so.3') +LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME) except OSError as e: # pragma: no cover raise ImportError(str(e)) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#700][synchronized] Use entry_points for ipa CLI
URL: https://github.com/freeipa/freeipa/pull/700 Author: tiran Title: #700: Use entry_points for ipa CLI Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/700/head:pr700 git checkout pr700 From 122c95730a3194da5bc1bf9003c33a883e2e7b87 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Fri, 7 Apr 2017 15:03:08 +0200 Subject: [PATCH] Use entry_points for ipa CLI Fix problem with hard-coded shebang in ipa command line tool by using a proper setuptools entry point for the console script. ipaclient is now an executable Python package, too. ``` $ python -m ipaclient ping ``` is equivalent to ``` $ ipa ping ``` Related: https://pagure.io/freeipa/issue/6653 Closes: https://pagure.io/freeipa/issue/6850 Signed-off-by: Christian Heimes --- ipa | 5 ++--- ipaclient/__main__.py | 15 +++ ipaclient/setup.py| 6 +- 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 ipaclient/__main__.py diff --git a/ipa b/ipa index 9ef3568..d6e01a2 100755 --- a/ipa +++ b/ipa @@ -24,8 +24,7 @@ Command Line Interface for IPA administration. The CLI functionality is implemented in ipalib/cli.py """ - -from ipalib import api, cli +from ipaclient.__main__ import main if __name__ == '__main__': -cli.run(api) +main() diff --git a/ipaclient/__main__.py b/ipaclient/__main__.py new file mode 100644 index 000..65c706f --- /dev/null +++ b/ipaclient/__main__.py @@ -0,0 +1,15 @@ +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +""" +Command Line Interface for IPA administration. + +The CLI functionality is implemented in ipalib/cli.py +""" +from ipalib import api, cli + + +def main(): +cli.run(api) + + +if __name__ == '__main__': +main() diff --git a/ipaclient/setup.py b/ipaclient/setup.py index f5be7ea..ccb5396 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -31,7 +31,6 @@ ipasetup( name="ipaclient", doc=__doc__, -scripts=['../ipa'], package_dir={'ipaclient': ''}, packages=[ "ipaclient", @@ -60,6 +59,11 @@ "qrcode", "six", ], +entry_points={ +'console_scripts': [ +'ipa = ipaclient.__main__:main' +] +}, extras_require={ "install": ["ipaplatform"], "otptoken_yubikey": ["yubico", "usb"] -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][edited] ipaclient/ipapython macOS compatibility fixes
URL: https://github.com/freeipa/freeipa/pull/699 Author: neffs Title: #699: ipaclient/ipapython macOS compatibility fixes Action: edited Changed field: title Original value: """ macOS compatibility fixes """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][edited] macOS compatibility fixes
URL: https://github.com/freeipa/freeipa/pull/699 Author: neffs Title: #699: macOS compatibility fixes Action: edited Changed field: title Original value: """ Fix libkrb5 filename for macOS """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#699][synchronized] ipaclient/ipapython macOS compatibility fixes
URL: https://github.com/freeipa/freeipa/pull/699 Author: neffs Title: #699: ipaclient/ipapython macOS compatibility fixes Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/699/head:pr699 git checkout pr699 From 25d9d0a99d3451054fea2dfcc44a9dd7119e7593 Mon Sep 17 00:00:00 2001 From: David KreitschmannDate: Fri, 7 Apr 2017 14:02:46 +0200 Subject: [PATCH 1/2] Fix libkrb5 filename for macOS Signed-off-by: David Kreitschmann --- ipapython/session_storage.py | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py index 1443413..7c302b7 100644 --- a/ipapython/session_storage.py +++ b/ipapython/session_storage.py @@ -3,13 +3,18 @@ # import ctypes +import sys KRB5_CC_NOSUPP = -1765328137 +if sys.platform == 'darwin': +LIBKRB5_FILENAME = 'libkrb5.dylib' +else: +LIBKRB5_FILENAME = 'libkrb5.so.3' try: -LIBKRB5 = ctypes.CDLL('libkrb5.so.3') +LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME) except OSError as e: # pragma: no cover raise ImportError(str(e)) From 7536c29c2f31e36634ee143146bafa9393948513 Mon Sep 17 00:00:00 2001 From: David Kreitschmann Date: Fri, 7 Apr 2017 18:09:19 +0200 Subject: [PATCH 2/2] Use os.fsync instead of os.fdatasync because macOS doesn't support fdatasync Signed-off-by: David Kreitschmann --- ipaclient/plugins/vault.py | 2 +- ipaclient/remote_plugins/schema.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py index 3fb4900..94b76fb 100644 --- a/ipaclient/plugins/vault.py +++ b/ipaclient/plugins/vault.py @@ -603,7 +603,7 @@ def store_cert(self, domain, transport_cert): try: f.write(pem) f.flush() -os.fdatasync(f.fileno()) +os.fsync(f.fileno()) f.close() os.rename(f.name, filename) except Exception: diff --git a/ipaclient/remote_plugins/schema.py b/ipaclient/remote_plugins/schema.py index 3ecd608..b3fad8f 100644 --- a/ipaclient/remote_plugins/schema.py +++ b/ipaclient/remote_plugins/schema.py @@ -476,7 +476,7 @@ def _write_schema(self, fingerprint): try: self._write_schema_data(f) f.flush() -os.fdatasync(f.fileno()) +os.fsync(f.fileno()) f.close() except Exception: os.unlink(f.name) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#682][edited] [WIP] ipserver/dcerpc: unify error processing
URL: https://github.com/freeipa/freeipa/pull/682 Author: abbra Title: #682: [WIP] ipserver/dcerpc: unify error processing Action: edited Changed field: title Original value: """ [WIP] ipserver/dcerpc: unify error processing """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#700][comment] Use entry_points for ipa CLI
URL: https://github.com/freeipa/freeipa/pull/700 Title: #700: Use entry_points for ipa CLI tomaskrizek commented: """ Looks good, tested with both rpm and wheels. Ack if the tests pass. """ See the full comment at https://github.com/freeipa/freeipa/pull/700#issuecomment-292547332 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#700][comment] Use entry_points for ipa CLI
URL: https://github.com/freeipa/freeipa/pull/700 Title: #700: Use entry_points for ipa CLI martbab commented: """ I wish all of our scripts could be autogenerated from entry points. Long road ahead for that effort. However, this is a good start IMHO. """ See the full comment at https://github.com/freeipa/freeipa/pull/700#issuecomment-292552603 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#682][comment] ipserver/dcerpc: unify error processing
URL: https://github.com/freeipa/freeipa/pull/682 Title: #682: ipserver/dcerpc: unify error processing MartinBasti commented: """ Please fix issues found by pylint ``` * Module ipaserver.plugins.trust ipaserver/plugins/trust.py:1753: [W0612(unused-variable), trust_fetch_domains.execute] Unused variable 'trust_direction') ipaserver/plugins/trust.py:1754: [W0612(unused-variable), trust_fetch_domains.execute] Unused variable 'is_nontransitive') ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/682#issuecomment-292560905 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages
URL: https://github.com/freeipa/freeipa/pull/618 Author: tiran Title: #618: Tox testing support for client wheel packages Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/618/head:pr618 git checkout pr618 From 61384864d2539729004df0a98bf8f94e82e42e94 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Thu, 17 Nov 2016 16:43:17 +0100 Subject: [PATCH] tox testing support for client wheel packages Add tox infrastructure to test client wheel packages workflow: * build client packages * install client packages * ipa-run-tests --ipaclient-unittests under Python 2 and 3 * pylint of client packages under Python 2 and 3 * placeholder packages work as expected Signed-off-by: Christian Heimes --- .gitignore | 2 ++ .tox-install.sh | 94 Makefile.am | 22 +--- configure.ac | 1 + ipatests/conftest.py | 4 ++- pypi/test_placeholder.py | 47 tox.ini | 55 7 files changed, 219 insertions(+), 6 deletions(-) create mode 100755 .tox-install.sh create mode 100644 pypi/test_placeholder.py create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore index 8941fd8..8b57dbc 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,8 @@ freeipa2-dev-doc # Root directory /freeipa.spec /dist/ +/.tox/ +/.cache/ /*/dist/ /RELEASE /rpmbuild/ diff --git a/.tox-install.sh b/.tox-install.sh new file mode 100755 index 000..8f9d221 --- /dev/null +++ b/.tox-install.sh @@ -0,0 +1,94 @@ +#!/bin/bash +set -ex + +FLAVOR="$1" +ENVPYTHON="$2" +ENVSITEPACKAGESDIR="$3" +# 3...end are package requirements +shift 3 + +TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" + +# sanity checks +if [ ! -x "${ENVPYTHON}" ]; then +echo "${ENVPYTHON}: no such executable" +exit 1 +fi + +if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then +echo "${ENVSITEPACKAGESDIR}: no such directory" +exit 2 +fi + +if [ ! -f "${TOXINIDIR}/tox.ini" ]; then +echo "${TOXINIDIR}: no such directory" +exit 3 +fi + +# https://pip.pypa.io/en/stable/user_guide/#environment-variables +export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" +mkdir -p "${PIP_CACHE_DIR}" + +DISTBUNDLE="${TOXINIDIR}/dist/bundle" +mkdir -p "${DISTBUNDLE}" + +DISTPYPI="${TOXINIDIR}/dist/pypi" +mkdir -p "${DISTPYPI}" + +# create configure +pushd "${TOXINIDIR}" +if [ ! -f "configure" ]; then +autoreconf -i -f +fi +# (re)create Makefile +./configure --disable-server +popd + +case $FLAVOR in +wheel_bundle) +# copy pylint plugin +cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" + +# build packages and bundles +make -C "${TOXINIDIR}" \ +wheel_bundle \ +PYTHON="${ENVPYTHON}" \ +IPA_EXTRA_WHEELS="$*" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages with dist/bundle/ as extra source for wheels while ignoring +# upstream Python Package Index. +$ENVPYTHON -m pip install \ +--no-index \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTBUNDLE}" \ +$@ + +popd +;; +pypi_packages) +# build packages and bundles +make -C "${TOXINIDIR}" \ +pypi_packages \ +PYTHON="${ENVPYTHON}" + +# chdir to prevent local .egg-info from messing up pip +pushd "${ENVSITEPACKAGESDIR}" + +# Install packages from dist/pypi +$ENVPYTHON -m pip install \ +--disable-pip-version-check \ +--constraint "${TOXINIDIR}/.wheelconstraints" \ +--find-links "${DISTPYPI}" \ +$@ + +popd +;; +*) +echo "Unknown install flavor $FLAVOR" +exit 1 +;; +esac diff --git a/Makefile.am b/Makefile.am index 1989b19..7608dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \ clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" + rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz @@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ + -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ @@ -254,6 +256,7 @@ endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels +WHEELPYPIDIR = $(top_builddir)/dist/pypi WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1) @@ -273,6 +276,9 @@ $(WHEELDISTDIR): $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) +$(WHEELPYPIDIR): + mkdir -p $(WHEELPYPIDIR) + bdist_wheel: $(WHEELDISTDIR) rm -f $(foreach item,$(IPA_WHEEL_PACKAGES)
[Freeipa-devel] [freeipa PR#701][opened] ipa help doesn't always work
URL: https://github.com/freeipa/freeipa/pull/701 Author: neffs Title: #701: ipa help doesn't always work Action: opened PR body: """ `ipa help` will not work when calling it when no schema is cached. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/701/head:pr701 git checkout pr701 From a806f26fca0eb1529dc1a1de0b5e5deac6409588 Mon Sep 17 00:00:00 2001 From: David KreitschmannDate: Fri, 7 Apr 2017 18:22:25 +0200 Subject: [PATCH] Store help in Schema before writing to disk Signed-off-by: David Kreitschmann --- ipaclient/remote_plugins/schema.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipaclient/remote_plugins/schema.py b/ipaclient/remote_plugins/schema.py index 3ecd608..9b6668d 100644 --- a/ipaclient/remote_plugins/schema.py +++ b/ipaclient/remote_plugins/schema.py @@ -383,6 +383,7 @@ def __init__(self, client, fingerprint=None): if fingerprint is None: fingerprint, ttl = self._fetch(client, ignore_cache=read_failed) +self._help = self._generate_help(self._dict) try: self._write_schema(fingerprint) except Exception as e: @@ -498,7 +499,7 @@ def _write_schema_data(self, fileobj): schema.writestr( '_help', -json.dumps(self._generate_help(self._dict)).encode('utf-8') +json.dumps(self._help).encode('utf-8') ) def read_namespace_member(self, namespace, member): -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#682][comment] [WIP] ipserver/dcerpc: unify error processing
URL: https://github.com/freeipa/freeipa/pull/682 Title: #682: [WIP] ipserver/dcerpc: unify error processing abbra commented: """ Updated patches and descriptions to include bug references. """ See the full comment at https://github.com/freeipa/freeipa/pull/682#issuecomment-292545612 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#698][closed] install: request service certs after host keytab is set up
URL: https://github.com/freeipa/freeipa/pull/698 Author: HonzaCholasta Title: #698: install: request service certs after host keytab is set up Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/698/head:pr698 git checkout pr698 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#698][+ack] install: request service certs after host keytab is set up
URL: https://github.com/freeipa/freeipa/pull/698 Title: #698: install: request service certs after host keytab is set up Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#682][synchronized] [WIP] ipserver/dcerpc: unify error processing
URL: https://github.com/freeipa/freeipa/pull/682 Author: abbra Title: #682: [WIP] ipserver/dcerpc: unify error processing Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/682/head:pr682 git checkout pr682 From b0583338006e86ebc9beb4b9c171e123efd970fc Mon Sep 17 00:00:00 2001 From: Alexander BokovoyDate: Mon, 3 Apr 2017 10:29:21 +0300 Subject: [PATCH 1/2] ipserver/dcerpc: unify error processing Samba error code reporting changes from version to version but we also did not provide proper input into DCE RPC error processing method we have. Unify error processing and add few more fallback entries. With Samba 4.7 we'll have to change it again because error code processing for Samba Python modules will change with introduction of samba.ntstatus and samba.werror modules. Note that this commit also changes a message returned for error code -1073741772 (NT_STATUS_OBJECT_NOT_FOUND) because it is more general one. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1438348 --- ipaserver/dcerpc.py | 23 +-- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 2d9d7e5..d684a17 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -117,19 +117,27 @@ def is_sid_valid(sid): # we simply will skip the binding access_denied_error, -1073741772: # NT_STATUS_OBJECT_NAME_NOT_FOUND -errors.RemoteRetrieveError( -reason=_('CIFS server configuration does not allow ' - 'access to pipe\\lsarpc')), +errors.NotFound( +reason=_('Cannot find specified domain or server name')), } dcerpc_error_messages = { "NT_STATUS_OBJECT_NAME_NOT_FOUND": errors.NotFound( reason=_('Cannot find specified domain or server name')), +"The object name is not found.": +errors.NotFound( +reason=_('Cannot find specified domain or server name')), "WERR_NO_LOGON_SERVERS": errors.RemoteRetrieveError( reason=_('AD DC was unable to reach any IPA domain controller. ' 'Most likely it is a DNS or firewall issue')), +# This is a very long key, don't change it +"There are currently no logon servers available to " +"service the logon request.": +errors.RemoteRetrieveError( +reason=_('AD DC was unable to reach any IPA domain controller. ' + 'Most likely it is a DNS or firewall issue')), "NT_STATUS_INVALID_PARAMETER_MIX": errors.RequirementError( name=_('At least the domain or IP address should be specified')), @@ -802,7 +810,8 @@ def __retrieve_trusted_domain_gc_list(self, domain): # Both methods should not fail at the same time if finddc_error and len(info['gc']) == 0: -raise assess_dcerpc_exception(message=str(finddc_error)) +num, message = e.args # pylint: disable=unpacking-non-sequence +raise assess_dcerpc_exception(num=num, message=message) self._info[domain] = info return info @@ -908,7 +917,8 @@ def retrieve_anonymously(self, remote_host, else: result = netrc.finddc(address=remote_host, flags=flags) except RuntimeError as e: -raise assess_dcerpc_exception(message=str(e)) +num, message = e.args # pylint: disable=unpacking-non-sequence +raise assess_dcerpc_exception(num=num, message=message) if not result: return False @@ -1408,7 +1418,8 @@ def communicate(td): result = netrc.finddc(domain=trustdomain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS) except RuntimeError as e: -raise assess_dcerpc_exception(message=str(e)) +num, message = e.args # pylint: disable=unpacking-non-sequence +raise assess_dcerpc_exception(num=num, message=message) td.info['dc'] = unicode(result.pdc_dns_name) td.info['name'] = unicode(result.dns_domain) From dbbc875873b81bc14b6027d9c45b53f873608529 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 5 Apr 2017 12:37:10 +0300 Subject: [PATCH 2/2] trust: always use oddjobd helper for fetching trust information Since introduction of privilege separation in IPA framework none of the operations that require direct access to the framework's credentials can be done. All authentication has to be performed with GSSAPI. As result, we cannot obtain TGT for HTTP/.. principal with kinit anymore, so it is better to re-route all types of trust to oddjobd helper and get rid of casing out two-way trust. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1438366 --- ipaserver/plugins/trust.py | 36 1 file changed, 8 insertions(+), 28 deletions(-) diff
[Freeipa-devel] [freeipa PR#698][+pushed] install: request service certs after host keytab is set up
URL: https://github.com/freeipa/freeipa/pull/698 Title: #698: install: request service certs after host keytab is set up Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#698][comment] install: request service certs after host keytab is set up
URL: https://github.com/freeipa/freeipa/pull/698 Title: #698: install: request service certs after host keytab is set up martbab commented: """ master: * b189be12ecd1ba9efa35daf41e7e04a9362c6a5e dsinstance: reconnect ldap2 after DS is restarted by certmonger * 8a8558637946d7dac1d85642baaf9ba7c1be98f8 httpinstance: avoid httpd restart during certificate request * ec52332229672f35af8db5aaf1ed2827a8dd5467 dsinstance, httpinstance: consolidate certificate request code * 181cb94e744c380a823b94d0d5ca088ab3dcca1c install: request service certs after host keytab is set up * 3884a671cb59c360fae67884755fa5779053107a renew agent: revert to host keytab authentication * a6a89e24147d8542fd09cf64e04982599b79e3cc renew agent, restart scripts: connect to LDAP after kinit ipa-4-5: * 3a3cd01161b618dd6836fda7df935dd39adc117b dsinstance: reconnect ldap2 after DS is restarted by certmonger * 029da956be22c9e05a53c7c30e3afcb2c851ad86 httpinstance: avoid httpd restart during certificate request * 3317e172227fd72ad9049f7893d3018043201b3c dsinstance, httpinstance: consolidate certificate request code * cb141b0eb3950bcae1950e6190ba3573f348b1f2 install: request service certs after host keytab is set up * 1a7db624857c46a2c1c091ed4b8d7902a4486596 renew agent: revert to host keytab authentication * e9168e80ddb6066114f9438fa6a7a11b0eaa02cf renew agent, restart scripts: connect to LDAP after kinit """ See the full comment at https://github.com/freeipa/freeipa/pull/698#issuecomment-292591048 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code