date:20170407

[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages

2017-04-07 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/618
Author: tiran
 Title: #618: Tox testing support for client wheel packages
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/618/head:pr618
git checkout pr618
From 9c9b0f2891c021aadac38824d3bea2862830f85a Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Thu, 17 Nov 2016 16:43:17 +0100
Subject: [PATCH] tox testing support for client wheel packages

Add tox infrastructure to test client wheel packages workflow:

* build client packages
* install client packages
* ipa-run-tests --ipaclient-unittests under Python 2 and 3
* pylint of client packages under Python 2 and 3
* placeholder packages work as expected

Signed-off-by: Christian Heimes 
---
 .gitignore   |  2 ++
 .tox-install.sh  | 94 
 Makefile.am  | 22 +---
 configure.ac |  1 +
 ipatests/conftest.py |  4 ++-
 pypi/test_placeholder.py | 47 
 tox.ini  | 54 
 7 files changed, 218 insertions(+), 6 deletions(-)
 create mode 100755 .tox-install.sh
 create mode 100644 pypi/test_placeholder.py
 create mode 100644 tox.ini

diff --git a/.gitignore b/.gitignore
index 8941fd8..8b57dbc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -61,6 +61,8 @@ freeipa2-dev-doc
 # Root directory
 /freeipa.spec
 /dist/
+/.tox/
+/.cache/
 /*/dist/
 /RELEASE
 /rpmbuild/
diff --git a/.tox-install.sh b/.tox-install.sh
new file mode 100755
index 000..8f9d221
--- /dev/null
+++ b/.tox-install.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+set -ex
+
+FLAVOR="$1"
+ENVPYTHON="$2"
+ENVSITEPACKAGESDIR="$3"
+# 3...end are package requirements
+shift 3
+
+TOXINIDIR="$(cd "$(dirname "$0")" && pwd)"
+
+# sanity checks
+if [ ! -x "${ENVPYTHON}" ]; then
+echo "${ENVPYTHON}: no such executable"
+exit 1
+fi
+
+if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then
+echo "${ENVSITEPACKAGESDIR}: no such directory"
+exit 2
+fi
+
+if [ ! -f "${TOXINIDIR}/tox.ini" ]; then
+echo "${TOXINIDIR}: no such directory"
+exit 3
+fi
+
+# https://pip.pypa.io/en/stable/user_guide/#environment-variables
+export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache"
+mkdir -p "${PIP_CACHE_DIR}"
+
+DISTBUNDLE="${TOXINIDIR}/dist/bundle"
+mkdir -p "${DISTBUNDLE}"
+
+DISTPYPI="${TOXINIDIR}/dist/pypi"
+mkdir -p "${DISTPYPI}"
+
+# create configure
+pushd "${TOXINIDIR}"
+if [ ! -f "configure" ]; then
+autoreconf -i -f
+fi
+# (re)create Makefile
+./configure --disable-server
+popd
+
+case $FLAVOR in
+wheel_bundle)
+# copy pylint plugin
+cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}"
+
+# build packages and bundles
+make -C "${TOXINIDIR}" \
+wheel_bundle \
+PYTHON="${ENVPYTHON}" \
+IPA_EXTRA_WHEELS="$*"
+
+# chdir to prevent local .egg-info from messing up pip
+pushd "${ENVSITEPACKAGESDIR}"
+
+# Install packages with dist/bundle/ as extra source for wheels while ignoring
+# upstream Python Package Index.
+$ENVPYTHON -m pip install \
+--no-index \
+--disable-pip-version-check \
+--constraint "${TOXINIDIR}/.wheelconstraints" \
+--find-links "${DISTBUNDLE}" \
+$@
+
+popd
+;;
+pypi_packages)
+# build packages and bundles
+make -C "${TOXINIDIR}" \
+pypi_packages \
+PYTHON="${ENVPYTHON}"
+
+# chdir to prevent local .egg-info from messing up pip
+pushd "${ENVSITEPACKAGESDIR}"
+
+# Install packages from dist/pypi
+$ENVPYTHON -m pip install \
+--disable-pip-version-check \
+--constraint "${TOXINIDIR}/.wheelconstraints" \
+--find-links "${DISTPYPI}" \
+$@
+
+popd
+;;
+*)
+echo "Unknown install flavor $FLAVOR"
+exit 1
+;;
+esac
diff --git a/Makefile.am b/Makefile.am
index 1989b19..7608dfa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \
 clean-local:
 	rm -rf "$(RPMBUILD)"
 	rm -rf "$(top_builddir)/dist"
+	rm -rf "$(top_builddir)/.tox"
 	rm -rf "$(top_srcdir)/__pycache__"
 	rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz
 
@@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py
 		-path './freeipa-*' -prune -o \
 		-path './dist' -prune -o \
 		-path './pypi' -prune -o \
+		-path './.tox' -prune -o \
 		-name '.*' -o \
 		-name '*.in' -o \
 		-name '*~' -o \
@@ -254,6 +256,7 @@ endif  # WITH_JSLINT
 
 .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages
 WHEELDISTDIR = $(top_builddir)/dist/wheels
+WHEELPYPIDIR = $(top_builddir)/dist/pypi
 WHEELBUNDLEDIR = $(top_builddir)/dist/bundle
 
 @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1)
@@ -273,6 +276,9 @@ $(WHEELDISTDIR):
 $(WHEELBUNDLEDIR):
 	mkdir -p $(WHEELBUNDLEDIR)
 
+$(WHEELPYPIDIR):
+	mkdir -p $(WHEELPYPIDIR)
+
 bdist_wheel: $(WHEELDISTDIR)
 	rm -f $(foreach item,$(IPA_WHEEL_PACKAGES)

[Freeipa-devel] [freeipa PR#698][opened] install: request service certs after host keytab is set up

2017-04-07 Thread HonzaCholasta

   URL: https://github.com/freeipa/freeipa/pull/698
Author: HonzaCholasta
 Title: #698: install: request service certs after host keytab is set up
Action: opened

PR body:
"""
**dsinstance: reconnect ldap2 after DS is restarted by certmonger**

DS is restarted by certmonger in the restart_dirsrv script after the DS
certificate is saved. This breaks the ldap2 backend and makes any operation
fail with NetworkError until it is reconnected.

Reconnect ldap2 after the DS certificate request is finished to fix the
issue. Make sure restart_dirsrv waits for the ldapi socket so that the
reconnect does not fail.

**httpinstance: avoid httpd restart during certificate request**

httpd is restarted by certmonger in the restart_httpd script after the
httpd certificate is saved if it was previously running. The restart will
fail because httpd is not properly configured at this point.

Stop httpd at the beginning of httpd install to avoid the restart.

**dsinstance, httpinstance: consolidate certificate request code**

A different code path is used for DS and httpd certificate requests in
replica promotion. This is rather unnecessary and makes the certificate
request code not easy to follow.

Consolidate the non-promotion and promotion code paths into one.

**install: request service certs after host keytab is set up**

The certmonger renew agent and restart scripts use host keytab for
authentication. When they are executed during a certmonger request before
the host keytab is set up, the authentication will fail.

Make sure all certmonger requests in the installer are done after the host
keytab is set up.

**renew agent: revert to host keytab authentication**

Fixes an issue where the renew agent uses GSSAPI for LDAP connection but
fails because it is not authenticated.

This reverts commit 7462adec13c5b25b6868d2863dc38062c97d0ff7.

**renew agent, restart scripts: connect to LDAP after kinit**

Connect to LDAP after kinit is done, otherwise GSSAPI authentication will
fail.

https://pagure.io/freeipa/issue/6757

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/698/head:pr698
git checkout pr698
From a177247344479e1e5636df5f27875d2c5b76fa5e Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Fri, 7 Apr 2017 07:40:19 +0200
Subject: [PATCH 1/6] dsinstance: reconnect ldap2 after DS is restarted by
 certmonger

DS is restarted by certmonger in the restart_dirsrv script after the DS
certificate is saved. This breaks the ldap2 backend and makes any operation
fail with NetworkError until it is reconnected.

Reconnect ldap2 after the DS certificate request is finished to fix the
issue. Make sure restart_dirsrv waits for the ldapi socket so that the
reconnect does not fail.

https://pagure.io/freeipa/issue/6757
---
 install/restart_scripts/restart_dirsrv | 2 +-
 ipaserver/install/dsinstance.py| 4 
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/install/restart_scripts/restart_dirsrv b/install/restart_scripts/restart_dirsrv
index b4c9490..ff476ca 100644
--- a/install/restart_scripts/restart_dirsrv
+++ b/install/restart_scripts/restart_dirsrv
@@ -41,7 +41,7 @@ def _main():
 
 try:
 if services.knownservices.dirsrv.is_running():
-services.knownservices.dirsrv.restart(instance)
+services.knownservices.dirsrv.restart(instance, ldapi=True)
 except Exception as e:
 syslog.syslog(syslog.LOG_ERR, "Cannot restart dirsrv (instance: '%s'): %s" % (instance, str(e)))
 
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 79dc90e..fb5f925 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -837,6 +837,10 @@ def __enable_ssl(self):
 finally:
 certmonger.modify_ca_helper('IPA', prev_helper)
 
+# restart_dirsrv in the request above restarts DS, reconnect ldap2
+api.Backend.ldap2.disconnect()
+api.Backend.ldap2.connect()
+
 self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False)
 
 dsdb.create_pin_file()

From 1477aff4e733b52f305e466e71e11a2f5730892b Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Fri, 7 Apr 2017 07:40:41 +0200
Subject: [PATCH 2/6] httpinstance: avoid httpd restart during certificate
 request

httpd is restarted by certmonger in the restart_httpd script after the
httpd certificate is saved if it was previously running. The restart will
fail because httpd is not properly configured at this point.

Stop httpd at the beginning of httpd install to avoid the restart.

https://pagure.io/freeipa/issue/6757
---
 ipaserver/install/httpinstance.py | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 079ea92..d7cd776 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@

[Freeipa-devel] [bind-dyndb-ldap PR#15][comment] ignore what configure and make produced

2017-04-07 Thread tomaskrizek

  URL: https://github.com/freeipa/bind-dyndb-ldap/pull/15
Title: #15: ignore what configure and make produced

tomaskrizek commented:
"""
I think the *.lo part is needlessly verbose, since we can ignore all generated 
files anyway. Could you please change the `make` part to ignore the entire 
extension instead of the individual files?

```
*.la
*.lo
```
"""

See the full comment at 
https://github.com/freeipa/bind-dyndb-ldap/pull/15#issuecomment-292464848
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#694][comment] RFC: implement local PKINIT deployment in server/replica install

2017-04-07 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install

martbab commented:
"""
@MartinBasti  I can add some removal logic to upgrader if required.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/694#issuecomment-292477063
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [SSSD] [RFC] Matching and Mapping Certificates

2017-04-07 Thread Jakub Hrozek

On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> Hi,
> 
> I've started to write a SSSD design page about enhancing the current
> mapping of certificates to users and how to select/match a suitable
> certificate if multiple certificates are on a Smartcard.
> 
> My currently thoughts and idea and be found at
> https://fedorahosted.org/sssd/wiki/DesignDocs/MatchingAndMappingCertificates
> and for your convenience below as well.
> 
> Comments and suggestions are welcome. Please let me know about concerns,
> alternatives and missing use-cases/user-stories.
> 
> bye,
> Sumit

I converted the page to pagure markdown:

https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html

There are no changes to the content except for fixing typos.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation

2017-04-07 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package 
installation

HonzaCholasta commented:
"""
Ah, right, rpmdiff complained about that. Well, that was 2 years ago, and if it 
works for sssd it must also work for us, so I guess we should ignore rpmdiff.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/697#issuecomment-292467153
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [SSSD] [RFC] Matching and Mapping Certificates

2017-04-07 Thread Sumit Bose

On Fri, Apr 07, 2017 at 10:38:55AM +0200, Jakub Hrozek wrote:
> On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> > Hi,
> > 
> > I've started to write a SSSD design page about enhancing the current
> > mapping of certificates to users and how to select/match a suitable
> > certificate if multiple certificates are on a Smartcard.
> > 
> > My currently thoughts and idea and be found at
> > https://fedorahosted.org/sssd/wiki/DesignDocs/MatchingAndMappingCertificates
> > and for your convenience below as well.
> > 
> > Comments and suggestions are welcome. Please let me know about concerns,
> > alternatives and missing use-cases/user-stories.
> > 
> > bye,
> > Sumit
> 
> I converted the page to pagure markdown:
> 
> https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html
> 
> There are no changes to the content except for fixing typos.

Thank you for doing the conversion and fixing the typos. I will now
update the page to reflect the current state of the code.

bye,
Sumit
> 
> -- 
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation

2017-04-07 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package 
installation

martbab commented:
"""
Right, we do not have systemd available during Docker image build so some 
fallback mechanism directly in spec would be great. Otherwise we would have to 
workaround this in containers and I am not a big fan of that.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/697#issuecomment-292488467
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation

2017-04-07 Thread adelton

  URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package 
installation

adelton commented:
"""
> I don't think we should do that and rather fail early if the user is missing.

+1
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/697#issuecomment-292488251
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation

2017-04-07 Thread adelton

  URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package 
installation

adelton commented:
"""
> Previously system users needed by FreeIPA server services was created during
> ipa-server-install.

Actually, for any such case I found I filed bugzilla or ticket to get them 
created during rpm installation.

> This led to problem when DBus policy was configured during
> package installation but the user specified in the policy didn't exist yet 
> (and
> potentionally similar ones). Now systemd-sysusers service is used to ensure
> users freeipa-server package needs exist before any installation or
> configuration begins.

Please do not use systemd-sysusers, create the group/user entries during rpm 
installation.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/697#issuecomment-292483893
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages

2017-04-07 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/618
Author: tiran
 Title: #618: Tox testing support for client wheel packages
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/618/head:pr618
git checkout pr618
From 6f90b92ac55f32a1a028ffe0faffde21faab8544 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Thu, 17 Nov 2016 16:43:17 +0100
Subject: [PATCH] tox testing support for client wheel packages

Add tox infrastructure to test client wheel packages workflow:

* build client packages
* install client packages
* ipa-run-tests --ipaclient-unittests under Python 2 and 3
* pylint of client packages under Python 2 and 3
* placeholder packages work as expected

Signed-off-by: Christian Heimes 
---
 .gitignore   |  2 ++
 .tox-install.sh  | 94 
 Makefile.am  | 22 +---
 configure.ac |  1 +
 ipatests/conftest.py |  5 +--
 pypi/test_placeholder.py | 47 
 tox.ini  | 54 
 7 files changed, 218 insertions(+), 7 deletions(-)
 create mode 100755 .tox-install.sh
 create mode 100644 pypi/test_placeholder.py
 create mode 100644 tox.ini

diff --git a/.gitignore b/.gitignore
index 8941fd8..8b57dbc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -61,6 +61,8 @@ freeipa2-dev-doc
 # Root directory
 /freeipa.spec
 /dist/
+/.tox/
+/.cache/
 /*/dist/
 /RELEASE
 /rpmbuild/
diff --git a/.tox-install.sh b/.tox-install.sh
new file mode 100755
index 000..8f9d221
--- /dev/null
+++ b/.tox-install.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+set -ex
+
+FLAVOR="$1"
+ENVPYTHON="$2"
+ENVSITEPACKAGESDIR="$3"
+# 3...end are package requirements
+shift 3
+
+TOXINIDIR="$(cd "$(dirname "$0")" && pwd)"
+
+# sanity checks
+if [ ! -x "${ENVPYTHON}" ]; then
+echo "${ENVPYTHON}: no such executable"
+exit 1
+fi
+
+if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then
+echo "${ENVSITEPACKAGESDIR}: no such directory"
+exit 2
+fi
+
+if [ ! -f "${TOXINIDIR}/tox.ini" ]; then
+echo "${TOXINIDIR}: no such directory"
+exit 3
+fi
+
+# https://pip.pypa.io/en/stable/user_guide/#environment-variables
+export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache"
+mkdir -p "${PIP_CACHE_DIR}"
+
+DISTBUNDLE="${TOXINIDIR}/dist/bundle"
+mkdir -p "${DISTBUNDLE}"
+
+DISTPYPI="${TOXINIDIR}/dist/pypi"
+mkdir -p "${DISTPYPI}"
+
+# create configure
+pushd "${TOXINIDIR}"
+if [ ! -f "configure" ]; then
+autoreconf -i -f
+fi
+# (re)create Makefile
+./configure --disable-server
+popd
+
+case $FLAVOR in
+wheel_bundle)
+# copy pylint plugin
+cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}"
+
+# build packages and bundles
+make -C "${TOXINIDIR}" \
+wheel_bundle \
+PYTHON="${ENVPYTHON}" \
+IPA_EXTRA_WHEELS="$*"
+
+# chdir to prevent local .egg-info from messing up pip
+pushd "${ENVSITEPACKAGESDIR}"
+
+# Install packages with dist/bundle/ as extra source for wheels while ignoring
+# upstream Python Package Index.
+$ENVPYTHON -m pip install \
+--no-index \
+--disable-pip-version-check \
+--constraint "${TOXINIDIR}/.wheelconstraints" \
+--find-links "${DISTBUNDLE}" \
+$@
+
+popd
+;;
+pypi_packages)
+# build packages and bundles
+make -C "${TOXINIDIR}" \
+pypi_packages \
+PYTHON="${ENVPYTHON}"
+
+# chdir to prevent local .egg-info from messing up pip
+pushd "${ENVSITEPACKAGESDIR}"
+
+# Install packages from dist/pypi
+$ENVPYTHON -m pip install \
+--disable-pip-version-check \
+--constraint "${TOXINIDIR}/.wheelconstraints" \
+--find-links "${DISTPYPI}" \
+$@
+
+popd
+;;
+*)
+echo "Unknown install flavor $FLAVOR"
+exit 1
+;;
+esac
diff --git a/Makefile.am b/Makefile.am
index 1989b19..7608dfa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \
 clean-local:
 	rm -rf "$(RPMBUILD)"
 	rm -rf "$(top_builddir)/dist"
+	rm -rf "$(top_builddir)/.tox"
 	rm -rf "$(top_srcdir)/__pycache__"
 	rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz
 
@@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py
 		-path './freeipa-*' -prune -o \
 		-path './dist' -prune -o \
 		-path './pypi' -prune -o \
+		-path './.tox' -prune -o \
 		-name '.*' -o \
 		-name '*.in' -o \
 		-name '*~' -o \
@@ -254,6 +256,7 @@ endif  # WITH_JSLINT
 
 .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages
 WHEELDISTDIR = $(top_builddir)/dist/wheels
+WHEELPYPIDIR = $(top_builddir)/dist/pypi
 WHEELBUNDLEDIR = $(top_builddir)/dist/bundle
 
 @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1)
@@ -273,6 +276,9 @@ $(WHEELDISTDIR):
 $(WHEELBUNDLEDIR):
 	mkdir -p $(WHEELBUNDLEDIR)
 
+$(WHEELPYPIDIR):
+	mkdir -p $(WHEELPYPIDIR)
+
 bdist_wheel: $(WHEELDISTDIR)
 	rm -f $(foreach item,$(IPA_WHEEL_PACKAGES)

[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation

2017-04-07 Thread HonzaCholasta

  URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package 
installation

HonzaCholasta commented:
"""
Note that systemd-sysusers is not available in RHEL and CentOS. It might be 
better to use the sssd approach: 
https://github.com/SSSD/sssd/blob/master/contrib/sssd.spec.in#L1228.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/697#issuecomment-292462863
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#697][comment] Create system users for FreeIPA services during package installation

2017-04-07 Thread tiran

  URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package 
installation

tiran commented:
"""
Originally I used a similar approach for the kdcproxy user based on the snippet 
https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation 
. You changed it in ticket https://pagure.io/freeipa/issue/5314 because the 
approach violates packaging guidelines.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/697#issuecomment-292464389
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][opened] Fix libkrb5 filename for macOS

2017-04-07 Thread neffs

   URL: https://github.com/freeipa/freeipa/pull/699
Author: neffs
 Title: #699: Fix libkrb5 filename for macOS
Action: opened

PR body:
"""
libkrb5.so.3 is called libkrb5.dylib on macOS


"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/699/head:pr699
git checkout pr699
From ad835186c4b799363110522407e3a3cd993d6194 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 14:02:46 +0200
Subject: [PATCH] Fix libkrb5 filename for macOS

Signed-off-by: David Kreitschmann 
---
 ipapython/session_storage.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 1443413..92e9825 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -7,9 +7,12 @@
 
 KRB5_CC_NOSUPP = -1765328137
 
+LIBKRB5_FILENAME = 'libkrb5.so.3'
+if platform.system()=="Darwin":
+LIBKRB5_FILENAME = 'libkrb5.dylib'
 
 try:
-LIBKRB5 = ctypes.CDLL('libkrb5.so.3')
+LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME)
 except OSError as e:  # pragma: no cover
 raise ImportError(str(e))
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [bind-dyndb-ldap PR#16][opened] spec: remove unnecessary bind-pkcs11 dependency

2017-04-07 Thread tomaskrizek

   URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16
Author: tomaskrizek
 Title: #16: spec: remove unnecessary bind-pkcs11 dependency
Action: opened

PR body:
"""
The bind-pkcs11 dependency was originally introduced in Fedora
specfile in 2014 to help with ipa-server-upgrade. This was a
temporary workaround. Since Fedora life cycle is 13 months and
this change happened more than two years ago, it is safe to
remove the workaround.

bind-dyndb-ldap does not actually depend on bind-pkcs11, although it
is a dependency that is enforced by freeipa.
"""

To pull the PR as Git branch:
git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap
git fetch ghbind-dyndb-ldap pull/16/head:pr16
git checkout pr16
From a9d889ea8f18816c26ebc91ac1b2e92e5710b113 Mon Sep 17 00:00:00 2001
From: Tomas Krizek 
Date: Fri, 7 Apr 2017 12:11:11 +0200
Subject: [PATCH] spec: remove unnecessary bind-pkcs11 dependency

The bind-pkcs11 dependency was originally introduced in Fedora
specfile in 2014 to help with ipa-server-upgrade. This was a
temporary workaround. Since Fedora life cycle is 13 months and
this change happened more than two years ago, it is safe to
remove the workaround.

bind-dyndb-ldap does not actually depend on bind-pkcs11, although it
is a dependency that is enforced by freeipa.
---
 contrib/bind-dyndb-ldap.spec | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/contrib/bind-dyndb-ldap.spec b/contrib/bind-dyndb-ldap.spec
index 7d0e887..4dc5997 100644
--- a/contrib/bind-dyndb-ldap.spec
+++ b/contrib/bind-dyndb-ldap.spec
@@ -12,13 +12,13 @@ Source0:https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
 Source1:https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-BuildRequires:  bind-devel >= 32:9.11.0-6.P2, bind-lite-devel >= 32:9.11.0-6.P2, bind-pkcs11-devel >= 32:9.11.0-6.P2
+BuildRequires:  bind-devel >= 32:9.11.0-6.P2, bind-lite-devel >= 32:9.11.0-6.P2
 BuildRequires:  krb5-devel
 BuildRequires:  openldap-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  automake, autoconf, libtool
 
-Requires:   bind-pkcs11 >= 32:9.11.0-6.P2, bind-pkcs11-utils >= 32:9.11.0-6.P2
+Requires:   bind >= 32:9.11.0-6.P2
 
 %description
 This package provides an LDAP back-end plug-in for BIND. It features
@@ -114,6 +114,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Fri Apr 07 2017 Tomas Krizek 
+- Removed unnecessary bind-pkcs11 dependency
+
 * Mon Mar 13 2017 Tomas Krizek 
 - Fixed sed script regex error
 - Re-synced specfile with fedora
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [bind-dyndb-ldap PR#16][comment] spec: remove unnecessary bind-pkcs11 dependency

2017-04-07 Thread tomaskrizek

  URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16
Title: #16: spec: remove unnecessary bind-pkcs11 dependency

tomaskrizek commented:
"""
master:
- 4fb51bac7f4f739975a2afb857b686869eff92b6
"""

See the full comment at 
https://github.com/freeipa/bind-dyndb-ldap/pull/16#issuecomment-292502794
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#632][closed] ipa-sam: create the gidNumber attribute in the trusted domain entry

2017-04-07 Thread MartinBasti

   URL: https://github.com/freeipa/freeipa/pull/632
Author: flo-renaud
 Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain 
entry
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/632/head:pr632
git checkout pr632
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#632][+pushed] ipa-sam: create the gidNumber attribute in the trusted domain entry

2017-04-07 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/632
Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#632][comment] ipa-sam: create the gidNumber attribute in the trusted domain entry

2017-04-07 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/632
Title: #632: ipa-sam: create the gidNumber attribute in the trusted domain entry

MartinBasti commented:
"""
master:

* e052c2dce04f5ce147dc2b6804f44705fa4d69df ipa-sam: create the gidNumber 
attribute in the trusted domain entry
* 5405de5bc15941d71137af10aa66a6cf922d9e6d Upgrade: add gidnumber to trusted 
domain entry


ipa-4-5:

* 91d36941653476abfff6a54ba7cb5a9f2c12c22d ipa-sam: create the gidNumber 
attribute in the trusted domain entry
* eddd29f1d52d63ea702437b0dd2a2826df52bc26 Upgrade: add gidnumber to trusted 
domain entry


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/632#issuecomment-292504625
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [bind-dyndb-ldap PR#16][comment] spec: remove unnecessary bind-pkcs11 dependency

2017-04-07 Thread MartinBasti

  URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16
Title: #16: spec: remove unnecessary bind-pkcs11 dependency

MartinBasti commented:
"""
LGTM
"""

See the full comment at 
https://github.com/freeipa/bind-dyndb-ldap/pull/16#issuecomment-292500650
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [bind-dyndb-ldap PR#16][+pushed] spec: remove unnecessary bind-pkcs11 dependency

2017-04-07 Thread tomaskrizek

  URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16
Title: #16: spec: remove unnecessary bind-pkcs11 dependency

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [bind-dyndb-ldap PR#16][closed] spec: remove unnecessary bind-pkcs11 dependency

2017-04-07 Thread tomaskrizek

   URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16
Author: tomaskrizek
 Title: #16: spec: remove unnecessary bind-pkcs11 dependency
Action: closed

To pull the PR as Git branch:
git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap
git fetch ghbind-dyndb-ldap pull/16/head:pr16
git checkout pr16
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#692][+pushed] tests: add non-reg for idrange-add

2017-04-07 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/692
Title: #692: tests: add non-reg for idrange-add

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#692][closed] tests: add non-reg for idrange-add

2017-04-07 Thread martbab

   URL: https://github.com/freeipa/freeipa/pull/692
Author: flo-renaud
 Title: #692: tests: add non-reg for idrange-add
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/692/head:pr692
git checkout pr692
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#692][comment] tests: add non-reg for idrange-add

2017-04-07 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/692
Title: #692: tests: add non-reg for idrange-add

martbab commented:
"""
master:

* 342dccea47f6cb14cda63f75789eab51070fb3f6 tests: add non-reg for idrange-add
ipa-4-5:

* ab2706721db217d55ae549d50a95ace571e65aa6 tests: add non-reg for idrange-add
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/692#issuecomment-292505832
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [bind-dyndb-ldap PR#16][+ack] spec: remove unnecessary bind-pkcs11 dependency

2017-04-07 Thread tomaskrizek

  URL: https://github.com/freeipa/bind-dyndb-ldap/pull/16
Title: #16: spec: remove unnecessary bind-pkcs11 dependency

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#692][+ack] tests: add non-reg for idrange-add

2017-04-07 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/692
Title: #692: tests: add non-reg for idrange-add

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS

2017-04-07 Thread abbra

  URL: https://github.com/freeipa/freeipa/pull/699
Title: #699: Fix libkrb5 filename for macOS

abbra commented:
"""
Thanks. Do you have IPA client code working on Mac OS X?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/699#issuecomment-292523505
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS

2017-04-07 Thread neffs

  URL: https://github.com/freeipa/freeipa/pull/699
Title: #699: Fix libkrb5 filename for macOS

neffs commented:
"""
It connects via RPC and user-show works. Didn't check much further. 

I also created an issue: https://pagure.io/freeipa/issue/6850
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/699#issuecomment-292524463
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS

2017-04-07 Thread neffs

  URL: https://github.com/freeipa/freeipa/pull/699
Title: #699: Fix libkrb5 filename for macOS

neffs commented:
"""
It connects via RPC and user-show works. Didn't check much further. 

I also created an issue: https://pagure.io/freeipa/issue/6850
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/699#issuecomment-292524463
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS

2017-04-07 Thread abbra

  URL: https://github.com/freeipa/freeipa/pull/699
Title: #699: Fix libkrb5 filename for macOS

abbra commented:
"""
Ok. Let me look at it next week when I'll have time. Could you please add a 
short step by step instruction how you configured IPA client on Mac OS X?

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/699#issuecomment-292527660
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS

2017-04-07 Thread abbra

  URL: https://github.com/freeipa/freeipa/pull/699
Title: #699: Fix libkrb5 filename for macOS

abbra commented:
"""
There is a PEP8 error:
PEP-8 errors:

./ipapython/session_storage.py:11:21: E225 missing whitespace around operator


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/699#issuecomment-292527976
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][synchronized] Fix libkrb5 filename for macOS

2017-04-07 Thread neffs

   URL: https://github.com/freeipa/freeipa/pull/699
Author: neffs
 Title: #699: Fix libkrb5 filename for macOS
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/699/head:pr699
git checkout pr699
From ad835186c4b799363110522407e3a3cd993d6194 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 14:02:46 +0200
Subject: [PATCH 1/2] Fix libkrb5 filename for macOS

Signed-off-by: David Kreitschmann 
---
 ipapython/session_storage.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 1443413..92e9825 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -7,9 +7,12 @@
 
 KRB5_CC_NOSUPP = -1765328137
 
+LIBKRB5_FILENAME = 'libkrb5.so.3'
+if platform.system()=="Darwin":
+LIBKRB5_FILENAME = 'libkrb5.dylib'
 
 try:
-LIBKRB5 = ctypes.CDLL('libkrb5.so.3')
+LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME)
 except OSError as e:  # pragma: no cover
 raise ImportError(str(e))
 

From 4257af46f8b18f874e3e416b449c931e267ef5d9 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 15:02:05 +0200
Subject: [PATCH 2/2] Fix PEP8 error

Signed-off-by: David Kreitschmann 
---
 ipapython/session_storage.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 92e9825..ac5682e 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -8,7 +8,7 @@
 KRB5_CC_NOSUPP = -1765328137
 
 LIBKRB5_FILENAME = 'libkrb5.so.3'
-if platform.system()=="Darwin":
+if platform.system() == "Darwin":
 LIBKRB5_FILENAME = 'libkrb5.dylib'
 
 try:
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS

2017-04-07 Thread neffs

  URL: https://github.com/freeipa/freeipa/pull/699
Title: #699: Fix libkrb5 filename for macOS

neffs commented:
"""
I added the steps here: https://pagure.io/freeipa/issue/6850
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/699#issuecomment-292532086
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#700][opened] Use entry_points for ipa CLI

2017-04-07 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/700
Author: tiran
 Title: #700: Use entry_points for ipa CLI
Action: opened

PR body:
"""
Fix problem with hard-coded shebang in ipa command line tool by using
a proper setuptools entry point for the console script. ipaclient is now
an executable Python package, too.

```
$ python -m ipaclient ping
```

is equivalent to

```
$ ipa ping
```

Related: https://pagure.io/freeipa/issue/6653
Closes: https://pagure.io/freeipa/issue/6850
Signed-off-by: Christian Heimes 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/700/head:pr700
git checkout pr700
From 796f70ca60fd3067d2e0cd3cc508512db9a0c658 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Fri, 7 Apr 2017 15:03:08 +0200
Subject: [PATCH] Use entry_points for ipa CLI

Fix problem with hard-coded shebang in ipa command line tool by using
a proper setuptools entry point for the console script. ipaclient is now
an executable Python package, too.

```
$ python -m ipaclient ping
```

is equivalent to

```
$ ipa ping
```

Related: https://pagure.io/freeipa/issue/6653
Closes: https://pagure.io/freeipa/issue/6850
Signed-off-by: Christian Heimes 
---
 ipa   |  5 ++---
 ipaclient/__main__.py | 15 +++
 ipaclient/setup.py|  6 +-
 3 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100644 ipaclient/__main__.py

diff --git a/ipa b/ipa
index 9ef3568..d6e01a2 100755
--- a/ipa
+++ b/ipa
@@ -24,8 +24,7 @@ Command Line Interface for IPA administration.
 
 The CLI functionality is implemented in ipalib/cli.py
 """
-
-from ipalib import api, cli
+from ipaclient.__main__ import main
 
 if __name__ == '__main__':
-cli.run(api)
+main()
diff --git a/ipaclient/__main__.py b/ipaclient/__main__.py
new file mode 100644
index 000..513de7d
--- /dev/null
+++ b/ipaclient/__main__.py
@@ -0,0 +1,15 @@
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+"""
+Command Line Interface for IPA administration.
+
+The CLI functionality is implemented in ipalib/cli.py
+"""
+from ipalib import api, cli
+
+
+def main():
+cli.run(api)
+
+
+if __name__ == '__main__':
+main()
\ No newline at end of file
diff --git a/ipaclient/setup.py b/ipaclient/setup.py
index f5be7ea..ccb5396 100644
--- a/ipaclient/setup.py
+++ b/ipaclient/setup.py
@@ -31,7 +31,6 @@
 ipasetup(
 name="ipaclient",
 doc=__doc__,
-scripts=['../ipa'],
 package_dir={'ipaclient': ''},
 packages=[
 "ipaclient",
@@ -60,6 +59,11 @@
 "qrcode",
 "six",
 ],
+entry_points={
+'console_scripts': [
+'ipa = ipaclient.__main__:main'
+]
+},
 extras_require={
 "install": ["ipaplatform"],
 "otptoken_yubikey": ["yubico", "usb"]
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [bind-dyndb-ldap PR#17][opened] settings: skip unconfigured values

2017-04-07 Thread tomaskrizek

   URL: https://github.com/freeipa/bind-dyndb-ldap/pull/17
Author: tomaskrizek
 Title: #17: settings: skip unconfigured values
Action: opened

PR body:
"""
When a value is not configured in settings map, it is skipped.
If it is the last processed value, the result of ISC_R_NOTFOUND
would cause the cleanup section of the function fail. Since
unconfigured values are allowed and expected, override the result
to ISC_R_SUCCESS in this case to prevent triggerring an error.

https://pagure.io/bind-dyndb-ldap/issue/172

---

Also removed obsolete options from the map.
"""

To pull the PR as Git branch:
git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap
git fetch ghbind-dyndb-ldap pull/17/head:pr17
git checkout pr17
From 04e528f9c39084ffcb0e7f5caa7c3c87b95c130d Mon Sep 17 00:00:00 2001
From: Tomas Krizek 
Date: Fri, 7 Apr 2017 14:48:32 +0200
Subject: [PATCH 1/2] settings: skip unconfigured values

When a value is not configured in settings map, it is skipped.
If it is the last processed value, the result of ISC_R_NOTFOUND
would cause the cleanup section of the function fail. Since
unconfigured values are allowed and expected, override the result
to ISC_R_SUCCESS in this case to prevent triggerring an error.

https://pagure.io/bind-dyndb-ldap/issue/172
---
 src/settings.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/settings.c b/src/settings.c
index 37e6e5c..8beb0d3 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -597,8 +597,11 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set)
 	 setting++) {
 		cfg_value = NULL;
 		result = cfg_map_get(config, setting->name, _value);
-		if (result == ISC_R_NOTFOUND)
-			continue; /* setting not configured in map */
+		if (result == ISC_R_NOTFOUND) {
+			/* setting not configured in map */
+			result = ISC_R_SUCCESS;
+			continue;
+		}
 		else if (result != ISC_R_SUCCESS)
 			goto cleanup;
 		if (cfg_obj_isstring(cfg_value)) {

From 495b93e5e97909abf05f784013d78ee9fa80d871 Mon Sep 17 00:00:00 2001
From: Tomas Krizek 
Date: Fri, 7 Apr 2017 15:11:28 +0200
Subject: [PATCH 2/2] settings: remove obsolete options

Re-remove obsolete options cache_ttl, psearch, serial_autoincrement
and zone_refresh. They were already removed in
c3bfe1a62ac4f8a73207bf4e80d64a4a3a58d9e4, but re-introduced in
refactoring.
---
 src/settings.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/src/settings.c b/src/settings.c
index 8beb0d3..180f027 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -33,9 +33,7 @@ static const setting_t settings_default[] = {
 	{ "uri",			no_default_string		}, /* User have to set this */
 	{ "connections",		default_uint(2)			},
 	{ "reconnect_interval",		default_uint(60)		},
-	{ "zone_refresh",		default_string("")		}, /* No longer supported */
 	{ "timeout",			default_uint(10)		},
-	{ "cache_ttl",			default_string("")		}, /* No longer supported */
 	{ "timeout",			default_uint(10)		},
 	{ "base",	 		no_default_string		}, /* User have to set this */
 	{ "auth_method",		default_string("none")		},
@@ -49,7 +47,6 @@ static const setting_t settings_default[] = {
 	{ "sasl_password",		default_string("")		},
 	{ "krb5_keytab",		default_string("")		},
 	{ "fake_mname",			default_string("")		},
-	{ "psearch",			default_string("")		}, /* No longer supported */
 	{ "ldap_hostname",		default_string("")		},
 	{ "sync_ptr",			default_boolean(ISC_FALSE)	},
 	{ "dyn_update",			default_boolean(ISC_FALSE)	},
@@ -60,7 +57,6 @@ static const setting_t settings_default[] = {
 	 * SSU table defined by empty string contains no rules =>
 	 * dns_ssutable_checkrules() will return deny. */
 	{ "update_policy",		default_string("")		},
-	{ "serial_autoincrement",	default_string("")		},
 	{ "verbose_checks",		default_boolean(ISC_FALSE)	},
 	{ "directory",			default_string("")		},
 	{ "server_id",			default_string("")		},
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][synchronized] Fix libkrb5 filename for macOS

2017-04-07 Thread neffs

   URL: https://github.com/freeipa/freeipa/pull/699
Author: neffs
 Title: #699: Fix libkrb5 filename for macOS
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/699/head:pr699
git checkout pr699
From ad835186c4b799363110522407e3a3cd993d6194 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 14:02:46 +0200
Subject: [PATCH 1/3] Fix libkrb5 filename for macOS

Signed-off-by: David Kreitschmann 
---
 ipapython/session_storage.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 1443413..92e9825 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -7,9 +7,12 @@
 
 KRB5_CC_NOSUPP = -1765328137
 
+LIBKRB5_FILENAME = 'libkrb5.so.3'
+if platform.system()=="Darwin":
+LIBKRB5_FILENAME = 'libkrb5.dylib'
 
 try:
-LIBKRB5 = ctypes.CDLL('libkrb5.so.3')
+LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME)
 except OSError as e:  # pragma: no cover
 raise ImportError(str(e))
 

From 4257af46f8b18f874e3e416b449c931e267ef5d9 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 15:02:05 +0200
Subject: [PATCH 2/3] Fix PEP8 error

Signed-off-by: David Kreitschmann 
---
 ipapython/session_storage.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 92e9825..ac5682e 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -8,7 +8,7 @@
 KRB5_CC_NOSUPP = -1765328137
 
 LIBKRB5_FILENAME = 'libkrb5.so.3'
-if platform.system()=="Darwin":
+if platform.system() == "Darwin":
 LIBKRB5_FILENAME = 'libkrb5.dylib'
 
 try:

From f095491d0a601d12a63936e5ec426ae8afbf4ec2 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 15:18:17 +0200
Subject: [PATCH 3/3] use sys.platform instead of platform.system()

Signed-off-by: David Kreitschmann 
---
 ipapython/session_storage.py | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index ac5682e..7c302b7 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -3,13 +3,15 @@
 #
 
 import ctypes
+import sys
 
 
 KRB5_CC_NOSUPP = -1765328137
 
-LIBKRB5_FILENAME = 'libkrb5.so.3'
-if platform.system() == "Darwin":
+if sys.platform == 'darwin':
 LIBKRB5_FILENAME = 'libkrb5.dylib'
+else:
+LIBKRB5_FILENAME = 'libkrb5.so.3'
 
 try:
 LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME)
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][comment] Fix libkrb5 filename for macOS

2017-04-07 Thread tiran

  URL: https://github.com/freeipa/freeipa/pull/699
Title: #699: Fix libkrb5 filename for macOS

tiran commented:
"""
@neffs thanks David. Please squash your commits into a single commit (```git 
rebase -i @~3``` and use fixup on the 2nd and 3rd commit, then git push 
--force).
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/699#issuecomment-292534577
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][synchronized] Fix libkrb5 filename for macOS

2017-04-07 Thread neffs

   URL: https://github.com/freeipa/freeipa/pull/699
Author: neffs
 Title: #699: Fix libkrb5 filename for macOS
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/699/head:pr699
git checkout pr699
From 25d9d0a99d3451054fea2dfcc44a9dd7119e7593 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 14:02:46 +0200
Subject: [PATCH] Fix libkrb5 filename for macOS

Signed-off-by: David Kreitschmann 
---
 ipapython/session_storage.py | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 1443413..7c302b7 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -3,13 +3,18 @@
 #
 
 import ctypes
+import sys
 
 
 KRB5_CC_NOSUPP = -1765328137
 
+if sys.platform == 'darwin':
+LIBKRB5_FILENAME = 'libkrb5.dylib'
+else:
+LIBKRB5_FILENAME = 'libkrb5.so.3'
 
 try:
-LIBKRB5 = ctypes.CDLL('libkrb5.so.3')
+LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME)
 except OSError as e:  # pragma: no cover
 raise ImportError(str(e))
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#700][synchronized] Use entry_points for ipa CLI

2017-04-07 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/700
Author: tiran
 Title: #700: Use entry_points for ipa CLI
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/700/head:pr700
git checkout pr700
From 122c95730a3194da5bc1bf9003c33a883e2e7b87 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Fri, 7 Apr 2017 15:03:08 +0200
Subject: [PATCH] Use entry_points for ipa CLI

Fix problem with hard-coded shebang in ipa command line tool by using
a proper setuptools entry point for the console script. ipaclient is now
an executable Python package, too.

```
$ python -m ipaclient ping
```

is equivalent to

```
$ ipa ping
```

Related: https://pagure.io/freeipa/issue/6653
Closes: https://pagure.io/freeipa/issue/6850
Signed-off-by: Christian Heimes 
---
 ipa   |  5 ++---
 ipaclient/__main__.py | 15 +++
 ipaclient/setup.py|  6 +-
 3 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100644 ipaclient/__main__.py

diff --git a/ipa b/ipa
index 9ef3568..d6e01a2 100755
--- a/ipa
+++ b/ipa
@@ -24,8 +24,7 @@ Command Line Interface for IPA administration.
 
 The CLI functionality is implemented in ipalib/cli.py
 """
-
-from ipalib import api, cli
+from ipaclient.__main__ import main
 
 if __name__ == '__main__':
-cli.run(api)
+main()
diff --git a/ipaclient/__main__.py b/ipaclient/__main__.py
new file mode 100644
index 000..65c706f
--- /dev/null
+++ b/ipaclient/__main__.py
@@ -0,0 +1,15 @@
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+"""
+Command Line Interface for IPA administration.
+
+The CLI functionality is implemented in ipalib/cli.py
+"""
+from ipalib import api, cli
+
+
+def main():
+cli.run(api)
+
+
+if __name__ == '__main__':
+main()
diff --git a/ipaclient/setup.py b/ipaclient/setup.py
index f5be7ea..ccb5396 100644
--- a/ipaclient/setup.py
+++ b/ipaclient/setup.py
@@ -31,7 +31,6 @@
 ipasetup(
 name="ipaclient",
 doc=__doc__,
-scripts=['../ipa'],
 package_dir={'ipaclient': ''},
 packages=[
 "ipaclient",
@@ -60,6 +59,11 @@
 "qrcode",
 "six",
 ],
+entry_points={
+'console_scripts': [
+'ipa = ipaclient.__main__:main'
+]
+},
 extras_require={
 "install": ["ipaplatform"],
 "otptoken_yubikey": ["yubico", "usb"]
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][edited] ipaclient/ipapython macOS compatibility fixes

2017-04-07 Thread neffs

   URL: https://github.com/freeipa/freeipa/pull/699
Author: neffs
 Title: #699: ipaclient/ipapython macOS compatibility fixes
Action: edited

 Changed field: title
Original value:
"""
macOS compatibility fixes
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][edited] macOS compatibility fixes

2017-04-07 Thread neffs

   URL: https://github.com/freeipa/freeipa/pull/699
Author: neffs
 Title: #699: macOS compatibility fixes
Action: edited

 Changed field: title
Original value:
"""
Fix libkrb5 filename for macOS
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#699][synchronized] ipaclient/ipapython macOS compatibility fixes

2017-04-07 Thread neffs

   URL: https://github.com/freeipa/freeipa/pull/699
Author: neffs
 Title: #699: ipaclient/ipapython macOS compatibility fixes
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/699/head:pr699
git checkout pr699
From 25d9d0a99d3451054fea2dfcc44a9dd7119e7593 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 14:02:46 +0200
Subject: [PATCH 1/2] Fix libkrb5 filename for macOS

Signed-off-by: David Kreitschmann 
---
 ipapython/session_storage.py | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ipapython/session_storage.py b/ipapython/session_storage.py
index 1443413..7c302b7 100644
--- a/ipapython/session_storage.py
+++ b/ipapython/session_storage.py
@@ -3,13 +3,18 @@
 #
 
 import ctypes
+import sys
 
 
 KRB5_CC_NOSUPP = -1765328137
 
+if sys.platform == 'darwin':
+LIBKRB5_FILENAME = 'libkrb5.dylib'
+else:
+LIBKRB5_FILENAME = 'libkrb5.so.3'
 
 try:
-LIBKRB5 = ctypes.CDLL('libkrb5.so.3')
+LIBKRB5 = ctypes.CDLL(LIBKRB5_FILENAME)
 except OSError as e:  # pragma: no cover
 raise ImportError(str(e))
 

From 7536c29c2f31e36634ee143146bafa9393948513 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 18:09:19 +0200
Subject: [PATCH 2/2] Use os.fsync instead of os.fdatasync because macOS
 doesn't support fdatasync

Signed-off-by: David Kreitschmann 
---
 ipaclient/plugins/vault.py | 2 +-
 ipaclient/remote_plugins/schema.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py
index 3fb4900..94b76fb 100644
--- a/ipaclient/plugins/vault.py
+++ b/ipaclient/plugins/vault.py
@@ -603,7 +603,7 @@ def store_cert(self, domain, transport_cert):
 try:
 f.write(pem)
 f.flush()
-os.fdatasync(f.fileno())
+os.fsync(f.fileno())
 f.close()
 os.rename(f.name, filename)
 except Exception:
diff --git a/ipaclient/remote_plugins/schema.py b/ipaclient/remote_plugins/schema.py
index 3ecd608..b3fad8f 100644
--- a/ipaclient/remote_plugins/schema.py
+++ b/ipaclient/remote_plugins/schema.py
@@ -476,7 +476,7 @@ def _write_schema(self, fingerprint):
 try:
 self._write_schema_data(f)
 f.flush()
-os.fdatasync(f.fileno())
+os.fsync(f.fileno())
 f.close()
 except Exception:
 os.unlink(f.name)
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#682][edited] [WIP] ipserver/dcerpc: unify error processing

2017-04-07 Thread abbra

   URL: https://github.com/freeipa/freeipa/pull/682
Author: abbra
 Title: #682: [WIP] ipserver/dcerpc: unify error processing
Action: edited

 Changed field: title
Original value:
"""
[WIP] ipserver/dcerpc: unify error processing
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#700][comment] Use entry_points for ipa CLI

2017-04-07 Thread tomaskrizek

  URL: https://github.com/freeipa/freeipa/pull/700
Title: #700: Use entry_points for ipa CLI

tomaskrizek commented:
"""
Looks good, tested with both rpm and wheels. Ack if the tests pass.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/700#issuecomment-292547332
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#700][comment] Use entry_points for ipa CLI

2017-04-07 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/700
Title: #700: Use entry_points for ipa CLI

martbab commented:
"""
I wish all of our scripts could be autogenerated from entry points. Long road 
ahead for that effort. However, this is a good start IMHO.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/700#issuecomment-292552603
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#682][comment] ipserver/dcerpc: unify error processing

2017-04-07 Thread MartinBasti

  URL: https://github.com/freeipa/freeipa/pull/682
Title: #682: ipserver/dcerpc: unify error processing

MartinBasti commented:
"""
Please fix issues found by pylint
```
* Module ipaserver.plugins.trust
ipaserver/plugins/trust.py:1753: [W0612(unused-variable), 
trust_fetch_domains.execute] Unused variable 'trust_direction')
ipaserver/plugins/trust.py:1754: [W0612(unused-variable), 
trust_fetch_domains.execute] Unused variable 'is_nontransitive')
```
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/682#issuecomment-292560905
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#618][synchronized] Tox testing support for client wheel packages

2017-04-07 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/618
Author: tiran
 Title: #618: Tox testing support for client wheel packages
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/618/head:pr618
git checkout pr618
From 61384864d2539729004df0a98bf8f94e82e42e94 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Thu, 17 Nov 2016 16:43:17 +0100
Subject: [PATCH] tox testing support for client wheel packages

Add tox infrastructure to test client wheel packages workflow:

* build client packages
* install client packages
* ipa-run-tests --ipaclient-unittests under Python 2 and 3
* pylint of client packages under Python 2 and 3
* placeholder packages work as expected

Signed-off-by: Christian Heimes 
---
 .gitignore   |  2 ++
 .tox-install.sh  | 94 
 Makefile.am  | 22 +---
 configure.ac |  1 +
 ipatests/conftest.py |  4 ++-
 pypi/test_placeholder.py | 47 
 tox.ini  | 55 
 7 files changed, 219 insertions(+), 6 deletions(-)
 create mode 100755 .tox-install.sh
 create mode 100644 pypi/test_placeholder.py
 create mode 100644 tox.ini

diff --git a/.gitignore b/.gitignore
index 8941fd8..8b57dbc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -61,6 +61,8 @@ freeipa2-dev-doc
 # Root directory
 /freeipa.spec
 /dist/
+/.tox/
+/.cache/
 /*/dist/
 /RELEASE
 /rpmbuild/
diff --git a/.tox-install.sh b/.tox-install.sh
new file mode 100755
index 000..8f9d221
--- /dev/null
+++ b/.tox-install.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+set -ex
+
+FLAVOR="$1"
+ENVPYTHON="$2"
+ENVSITEPACKAGESDIR="$3"
+# 3...end are package requirements
+shift 3
+
+TOXINIDIR="$(cd "$(dirname "$0")" && pwd)"
+
+# sanity checks
+if [ ! -x "${ENVPYTHON}" ]; then
+echo "${ENVPYTHON}: no such executable"
+exit 1
+fi
+
+if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then
+echo "${ENVSITEPACKAGESDIR}: no such directory"
+exit 2
+fi
+
+if [ ! -f "${TOXINIDIR}/tox.ini" ]; then
+echo "${TOXINIDIR}: no such directory"
+exit 3
+fi
+
+# https://pip.pypa.io/en/stable/user_guide/#environment-variables
+export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache"
+mkdir -p "${PIP_CACHE_DIR}"
+
+DISTBUNDLE="${TOXINIDIR}/dist/bundle"
+mkdir -p "${DISTBUNDLE}"
+
+DISTPYPI="${TOXINIDIR}/dist/pypi"
+mkdir -p "${DISTPYPI}"
+
+# create configure
+pushd "${TOXINIDIR}"
+if [ ! -f "configure" ]; then
+autoreconf -i -f
+fi
+# (re)create Makefile
+./configure --disable-server
+popd
+
+case $FLAVOR in
+wheel_bundle)
+# copy pylint plugin
+cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}"
+
+# build packages and bundles
+make -C "${TOXINIDIR}" \
+wheel_bundle \
+PYTHON="${ENVPYTHON}" \
+IPA_EXTRA_WHEELS="$*"
+
+# chdir to prevent local .egg-info from messing up pip
+pushd "${ENVSITEPACKAGESDIR}"
+
+# Install packages with dist/bundle/ as extra source for wheels while ignoring
+# upstream Python Package Index.
+$ENVPYTHON -m pip install \
+--no-index \
+--disable-pip-version-check \
+--constraint "${TOXINIDIR}/.wheelconstraints" \
+--find-links "${DISTBUNDLE}" \
+$@
+
+popd
+;;
+pypi_packages)
+# build packages and bundles
+make -C "${TOXINIDIR}" \
+pypi_packages \
+PYTHON="${ENVPYTHON}"
+
+# chdir to prevent local .egg-info from messing up pip
+pushd "${ENVSITEPACKAGESDIR}"
+
+# Install packages from dist/pypi
+$ENVPYTHON -m pip install \
+--disable-pip-version-check \
+--constraint "${TOXINIDIR}/.wheelconstraints" \
+--find-links "${DISTPYPI}" \
+$@
+
+popd
+;;
+*)
+echo "Unknown install flavor $FLAVOR"
+exit 1
+;;
+esac
diff --git a/Makefile.am b/Makefile.am
index 1989b19..7608dfa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,6 +57,7 @@ EXTRA_DIST = .mailmap \
 clean-local:
 	rm -rf "$(RPMBUILD)"
 	rm -rf "$(top_builddir)/dist"
+	rm -rf "$(top_builddir)/.tox"
 	rm -rf "$(top_srcdir)/__pycache__"
 	rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz
 
@@ -212,6 +213,7 @@ pylint: $(top_builddir)/ipapython/version.py ipasetup.py
 		-path './freeipa-*' -prune -o \
 		-path './dist' -prune -o \
 		-path './pypi' -prune -o \
+		-path './.tox' -prune -o \
 		-name '.*' -o \
 		-name '*.in' -o \
 		-name '*~' -o \
@@ -254,6 +256,7 @@ endif  # WITH_JSLINT
 
 .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages
 WHEELDISTDIR = $(top_builddir)/dist/wheels
+WHEELPYPIDIR = $(top_builddir)/dist/pypi
 WHEELBUNDLEDIR = $(top_builddir)/dist/bundle
 
 @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1)
@@ -273,6 +276,9 @@ $(WHEELDISTDIR):
 $(WHEELBUNDLEDIR):
 	mkdir -p $(WHEELBUNDLEDIR)
 
+$(WHEELPYPIDIR):
+	mkdir -p $(WHEELPYPIDIR)
+
 bdist_wheel: $(WHEELDISTDIR)
 	rm -f $(foreach item,$(IPA_WHEEL_PACKAGES)

[Freeipa-devel] [freeipa PR#701][opened] ipa help doesn't always work

2017-04-07 Thread neffs

   URL: https://github.com/freeipa/freeipa/pull/701
Author: neffs
 Title: #701: ipa help doesn't always work
Action: opened

PR body:
"""
`ipa help` will not work when calling it when no schema is cached.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/701/head:pr701
git checkout pr701
From a806f26fca0eb1529dc1a1de0b5e5deac6409588 Mon Sep 17 00:00:00 2001
From: David Kreitschmann 
Date: Fri, 7 Apr 2017 18:22:25 +0200
Subject: [PATCH] Store help in Schema before writing to disk

Signed-off-by: David Kreitschmann 
---
 ipaclient/remote_plugins/schema.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaclient/remote_plugins/schema.py b/ipaclient/remote_plugins/schema.py
index 3ecd608..9b6668d 100644
--- a/ipaclient/remote_plugins/schema.py
+++ b/ipaclient/remote_plugins/schema.py
@@ -383,6 +383,7 @@ def __init__(self, client, fingerprint=None):
 
 if fingerprint is None:
 fingerprint, ttl = self._fetch(client, ignore_cache=read_failed)
+self._help = self._generate_help(self._dict)
 try:
 self._write_schema(fingerprint)
 except Exception as e:
@@ -498,7 +499,7 @@ def _write_schema_data(self, fileobj):
 
 schema.writestr(
 '_help',
-json.dumps(self._generate_help(self._dict)).encode('utf-8')
+json.dumps(self._help).encode('utf-8')
 )
 
 def read_namespace_member(self, namespace, member):
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#682][comment] [WIP] ipserver/dcerpc: unify error processing

2017-04-07 Thread abbra

  URL: https://github.com/freeipa/freeipa/pull/682
Title: #682: [WIP] ipserver/dcerpc: unify error processing

abbra commented:
"""
Updated patches and descriptions to include bug references.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/682#issuecomment-292545612
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#698][closed] install: request service certs after host keytab is set up

2017-04-07 Thread martbab

   URL: https://github.com/freeipa/freeipa/pull/698
Author: HonzaCholasta
 Title: #698: install: request service certs after host keytab is set up
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/698/head:pr698
git checkout pr698
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#698][+ack] install: request service certs after host keytab is set up

2017-04-07 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/698
Title: #698: install: request service certs after host keytab is set up

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#682][synchronized] [WIP] ipserver/dcerpc: unify error processing

2017-04-07 Thread abbra

   URL: https://github.com/freeipa/freeipa/pull/682
Author: abbra
 Title: #682: [WIP] ipserver/dcerpc: unify error processing
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/682/head:pr682
git checkout pr682
From b0583338006e86ebc9beb4b9c171e123efd970fc Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy 
Date: Mon, 3 Apr 2017 10:29:21 +0300
Subject: [PATCH 1/2] ipserver/dcerpc: unify error processing

Samba error code reporting changes from version to version but we also
did not provide proper input into DCE RPC error processing method we
have.

Unify error processing and add few more fallback entries.

With Samba 4.7 we'll have to change it again because error code
processing for Samba Python modules will change with introduction of
samba.ntstatus and samba.werror modules.

Note that this commit also changes a message returned for error code
-1073741772 (NT_STATUS_OBJECT_NOT_FOUND) because it is more general one.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1438348
---
 ipaserver/dcerpc.py | 23 +--
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 2d9d7e5..d684a17 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -117,19 +117,27 @@ def is_sid_valid(sid):
   # we simply will skip the binding
 access_denied_error,
 -1073741772:  # NT_STATUS_OBJECT_NAME_NOT_FOUND
-errors.RemoteRetrieveError(
-reason=_('CIFS server configuration does not allow '
- 'access to pipe\\lsarpc')),
+errors.NotFound(
+reason=_('Cannot find specified domain or server name')),
 }
 
 dcerpc_error_messages = {
 "NT_STATUS_OBJECT_NAME_NOT_FOUND":
 errors.NotFound(
 reason=_('Cannot find specified domain or server name')),
+"The object name is not found.":
+errors.NotFound(
+reason=_('Cannot find specified domain or server name')),
 "WERR_NO_LOGON_SERVERS":
 errors.RemoteRetrieveError(
 reason=_('AD DC was unable to reach any IPA domain controller. '
  'Most likely it is a DNS or firewall issue')),
+# This is a very long key, don't change it
+"There are currently no logon servers available to "
+"service the logon request.":
+errors.RemoteRetrieveError(
+reason=_('AD DC was unable to reach any IPA domain controller. '
+ 'Most likely it is a DNS or firewall issue')),
 "NT_STATUS_INVALID_PARAMETER_MIX":
 errors.RequirementError(
 name=_('At least the domain or IP address should be specified')),
@@ -802,7 +810,8 @@ def __retrieve_trusted_domain_gc_list(self, domain):
 
 # Both methods should not fail at the same time
 if finddc_error and len(info['gc']) == 0:
-raise assess_dcerpc_exception(message=str(finddc_error))
+num, message = e.args  # pylint: disable=unpacking-non-sequence
+raise assess_dcerpc_exception(num=num, message=message)
 
 self._info[domain] = info
 return info
@@ -908,7 +917,8 @@ def retrieve_anonymously(self, remote_host,
 else:
 result = netrc.finddc(address=remote_host, flags=flags)
 except RuntimeError as e:
-raise assess_dcerpc_exception(message=str(e))
+num, message = e.args  # pylint: disable=unpacking-non-sequence
+raise assess_dcerpc_exception(num=num, message=message)
 
 if not result:
 return False
@@ -1408,7 +1418,8 @@ def communicate(td):
 result = netrc.finddc(domain=trustdomain,
   flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)
 except RuntimeError as e:
-raise assess_dcerpc_exception(message=str(e))
+num, message = e.args  # pylint: disable=unpacking-non-sequence
+raise assess_dcerpc_exception(num=num, message=message)
 
 td.info['dc'] = unicode(result.pdc_dns_name)
 td.info['name'] = unicode(result.dns_domain)

From dbbc875873b81bc14b6027d9c45b53f873608529 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy 
Date: Wed, 5 Apr 2017 12:37:10 +0300
Subject: [PATCH 2/2] trust: always use oddjobd helper for fetching trust
 information

Since introduction of privilege separation in IPA framework none of the
operations that require direct access to the framework's credentials can
be done. All authentication has to be performed with GSSAPI.

As result, we cannot obtain TGT for HTTP/.. principal with kinit
anymore, so it is better to re-route all types of trust to oddjobd
helper and get rid of casing out two-way trust.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1438366
---
 ipaserver/plugins/trust.py | 36 
 1 file changed, 8 insertions(+), 28 deletions(-)

diff

[Freeipa-devel] [freeipa PR#698][+pushed] install: request service certs after host keytab is set up

2017-04-07 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/698
Title: #698: install: request service certs after host keytab is set up

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#698][comment] install: request service certs after host keytab is set up

2017-04-07 Thread martbab

  URL: https://github.com/freeipa/freeipa/pull/698
Title: #698: install: request service certs after host keytab is set up

martbab commented:
"""
master:

* b189be12ecd1ba9efa35daf41e7e04a9362c6a5e dsinstance: reconnect ldap2 after DS 
is restarted by certmonger
* 8a8558637946d7dac1d85642baaf9ba7c1be98f8 httpinstance: avoid httpd restart 
during certificate request
* ec52332229672f35af8db5aaf1ed2827a8dd5467 dsinstance, httpinstance: 
consolidate certificate request code
* 181cb94e744c380a823b94d0d5ca088ab3dcca1c install: request service certs after 
host keytab is set up
* 3884a671cb59c360fae67884755fa5779053107a renew agent: revert to host keytab 
authentication
* a6a89e24147d8542fd09cf64e04982599b79e3cc renew agent, restart scripts: 
connect to LDAP after kinit
ipa-4-5:

* 3a3cd01161b618dd6836fda7df935dd39adc117b dsinstance: reconnect ldap2 after DS 
is restarted by certmonger
* 029da956be22c9e05a53c7c30e3afcb2c851ad86 httpinstance: avoid httpd restart 
during certificate request
* 3317e172227fd72ad9049f7893d3018043201b3c dsinstance, httpinstance: 
consolidate certificate request code
* cb141b0eb3950bcae1950e6190ba3573f348b1f2 install: request service certs after 
host keytab is set up
* 1a7db624857c46a2c1c091ed4b8d7902a4486596 renew agent: revert to host keytab 
authentication
* e9168e80ddb6066114f9438fa6a7a11b0eaa02cf renew agent, restart scripts: 
connect to LDAP after kinit
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/698#issuecomment-292591048
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

55 matches

Mail list logo