[Freeipa-devel] [freeipa PR#373][synchronized] ipaplatform: Add Debian platform module.

2017-01-11 Thread tjaalton
   URL: https://github.com/freeipa/freeipa/pull/373
Author: tjaalton
 Title: #373: ipaplatform: Add Debian platform module.
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/373/head:pr373
git checkout pr373
From c7b64b72481529f0b7370047a40ab82f49465a49 Mon Sep 17 00:00:00 2001
From: Timo Aaltonen 
Date: Thu, 5 Jan 2017 12:41:08 +0200
Subject: [PATCH] ipaplatform: Add Debian platform module.

v2:
- use redhat_services.redhat_system_units.copy
- don't use wildcard imports
- add some empty lines to make pep8 happy

v3:
- make parse_ipa_version static

v4:
- make more methods static

v5:
- fix pylint issues
- use syntax that doesn't break with python3
---
 ipaplatform/base/tasks.py   |   3 +-
 ipaplatform/debian/__init__.py  |   7 ++
 ipaplatform/debian/constants.py |  25 ++
 ipaplatform/debian/paths.py |  97 +
 ipaplatform/debian/services.py  | 184 
 ipaplatform/debian/tasks.py |  50 +++
 ipaplatform/setup.py|   1 +
 7 files changed, 366 insertions(+), 1 deletion(-)
 create mode 100644 ipaplatform/debian/__init__.py
 create mode 100644 ipaplatform/debian/constants.py
 create mode 100644 ipaplatform/debian/paths.py
 create mode 100644 ipaplatform/debian/services.py
 create mode 100644 ipaplatform/debian/tasks.py

diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index 702da6b..8cf6fde 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -227,7 +227,8 @@ def create_system_user(self, name, group, homedir, shell, uid=None, gid=None, co
 else:
 log.debug('user %s exists', name)
 
-def parse_ipa_version(self, version):
+@staticmethod
+def parse_ipa_version(version):
 """
 :param version: textual version
 :return: object implementing proper __cmp__ method for version compare
diff --git a/ipaplatform/debian/__init__.py b/ipaplatform/debian/__init__.py
new file mode 100644
index 000..6305270
--- /dev/null
+++ b/ipaplatform/debian/__init__.py
@@ -0,0 +1,7 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+#
+
+"""
+This module contains Debian specific platform files.
+"""
diff --git a/ipaplatform/debian/constants.py b/ipaplatform/debian/constants.py
new file mode 100644
index 000..1edcb5a
--- /dev/null
+++ b/ipaplatform/debian/constants.py
@@ -0,0 +1,25 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+#
+
+'''
+This Debian family platform module exports platform dependant constants.
+'''
+
+# Fallback to default path definitions
+from ipaplatform.base.constants import BaseConstantsNamespace
+
+
+class DebianConstantsNamespace(BaseConstantsNamespace):
+HTTPD_USER = "www-data"
+NAMED_USER = "bind"
+NAMED_GROUP = "bind"
+# ntpd init variable used for daemon options
+NTPD_OPTS_VAR = "NTPD_OPTS"
+# quote used for daemon options
+NTPD_OPTS_QUOTE = "\'"
+ODS_USER = "opendnssec"
+ODS_GROUP = "opendnssec"
+SECURE_NFS_VAR = "NEED_GSSD"
+
+constants = DebianConstantsNamespace()
diff --git a/ipaplatform/debian/paths.py b/ipaplatform/debian/paths.py
new file mode 100644
index 000..4ceb218
--- /dev/null
+++ b/ipaplatform/debian/paths.py
@@ -0,0 +1,97 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+#
+
+"""
+This Debian base platform module exports default filesystem paths as common
+in Debian-based systems.
+"""
+
+# Fallback to default path definitions
+from ipaplatform.base.paths import BasePathNamespace
+import sysconfig
+
+MULTIARCH = sysconfig.get_config_var('MULTIARCH')
+
+class DebianPathNamespace(BasePathNamespace):
+BIN_HOSTNAMECTL = "/usr/bin/hostnamectl"
+AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
+ETC_HTTPD_DIR = "/etc/apache2"
+HTTPD_ALIAS_DIR = "/etc/apache2/nssdb"
+ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc"
+ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt"
+HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/"
+HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/apache2/conf-enabled/ipa-kdc-proxy.conf"
+HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
+HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf"
+HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf"
+HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf"
+IPA_KEYTAB = "/etc/apache2/ipa.keytab"
+HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf"
+NAMED_CONF = "/etc/bind/named.conf"
+NAMED_VAR_DIR = "/var/cache/bind"
+NAMED_KEYTAB = "/etc/bind/named.keytab"
+NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
+NAMED_ROOT_KEY = "/etc/bind/bind.keys"
+NAMED_BINDKEYS_FILE = "/etc/bind/bind.keys"
+NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic"
+OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf"
+

[Freeipa-devel] [freeipa PR#373][synchronized] ipaplatform: Add Debian platform module.

2017-01-11 Thread tjaalton
   URL: https://github.com/freeipa/freeipa/pull/373
Author: tjaalton
 Title: #373: ipaplatform: Add Debian platform module.
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/373/head:pr373
git checkout pr373
From 1d9022b643aa928c9b42b9f1f10794706c2889a1 Mon Sep 17 00:00:00 2001
From: Timo Aaltonen 
Date: Thu, 5 Jan 2017 12:41:08 +0200
Subject: [PATCH] ipaplatform: Add Debian platform module.

v2:
- use redhat_services.redhat_system_units.copy
- don't use wildcard imports
- add some empty lines to make pep8 happy

v3:
- make parse_ipa_version static

v4:
- make more methods static
---
 ipaplatform/base/tasks.py   |   3 +-
 ipaplatform/debian/__init__.py  |   7 ++
 ipaplatform/debian/constants.py |  25 ++
 ipaplatform/debian/paths.py |  97 +
 ipaplatform/debian/services.py  | 184 
 ipaplatform/debian/tasks.py |  50 +++
 ipaplatform/setup.py|   1 +
 7 files changed, 366 insertions(+), 1 deletion(-)
 create mode 100644 ipaplatform/debian/__init__.py
 create mode 100644 ipaplatform/debian/constants.py
 create mode 100644 ipaplatform/debian/paths.py
 create mode 100644 ipaplatform/debian/services.py
 create mode 100644 ipaplatform/debian/tasks.py

diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index 702da6b..8cf6fde 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -227,7 +227,8 @@ def create_system_user(self, name, group, homedir, shell, uid=None, gid=None, co
 else:
 log.debug('user %s exists', name)
 
-def parse_ipa_version(self, version):
+@staticmethod
+def parse_ipa_version(version):
 """
 :param version: textual version
 :return: object implementing proper __cmp__ method for version compare
diff --git a/ipaplatform/debian/__init__.py b/ipaplatform/debian/__init__.py
new file mode 100644
index 000..6305270
--- /dev/null
+++ b/ipaplatform/debian/__init__.py
@@ -0,0 +1,7 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+#
+
+"""
+This module contains Debian specific platform files.
+"""
diff --git a/ipaplatform/debian/constants.py b/ipaplatform/debian/constants.py
new file mode 100644
index 000..1edcb5a
--- /dev/null
+++ b/ipaplatform/debian/constants.py
@@ -0,0 +1,25 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+#
+
+'''
+This Debian family platform module exports platform dependant constants.
+'''
+
+# Fallback to default path definitions
+from ipaplatform.base.constants import BaseConstantsNamespace
+
+
+class DebianConstantsNamespace(BaseConstantsNamespace):
+HTTPD_USER = "www-data"
+NAMED_USER = "bind"
+NAMED_GROUP = "bind"
+# ntpd init variable used for daemon options
+NTPD_OPTS_VAR = "NTPD_OPTS"
+# quote used for daemon options
+NTPD_OPTS_QUOTE = "\'"
+ODS_USER = "opendnssec"
+ODS_GROUP = "opendnssec"
+SECURE_NFS_VAR = "NEED_GSSD"
+
+constants = DebianConstantsNamespace()
diff --git a/ipaplatform/debian/paths.py b/ipaplatform/debian/paths.py
new file mode 100644
index 000..4ceb218
--- /dev/null
+++ b/ipaplatform/debian/paths.py
@@ -0,0 +1,97 @@
+#
+# Copyright (C) 2017  FreeIPA Contributors see COPYING for license
+#
+
+"""
+This Debian base platform module exports default filesystem paths as common
+in Debian-based systems.
+"""
+
+# Fallback to default path definitions
+from ipaplatform.base.paths import BasePathNamespace
+import sysconfig
+
+MULTIARCH = sysconfig.get_config_var('MULTIARCH')
+
+class DebianPathNamespace(BasePathNamespace):
+BIN_HOSTNAMECTL = "/usr/bin/hostnamectl"
+AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
+ETC_HTTPD_DIR = "/etc/apache2"
+HTTPD_ALIAS_DIR = "/etc/apache2/nssdb"
+ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc"
+ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt"
+HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/"
+HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/apache2/conf-enabled/ipa-kdc-proxy.conf"
+HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
+HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf"
+HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf"
+HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf"
+IPA_KEYTAB = "/etc/apache2/ipa.keytab"
+HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf"
+NAMED_CONF = "/etc/bind/named.conf"
+NAMED_VAR_DIR = "/var/cache/bind"
+NAMED_KEYTAB = "/etc/bind/named.keytab"
+NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
+NAMED_ROOT_KEY = "/etc/bind/bind.keys"
+NAMED_BINDKEYS_FILE = "/etc/bind/bind.keys"
+NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic"
+OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf"
+ETC_DEBIAN_VERSION = "/etc/debian_version"
+IPA_P11_KIT = 

[Freeipa-devel] [freeipa PR#389][comment] Fix build in mock

2017-01-11 Thread lslebodn
  URL: https://github.com/freeipa/freeipa/pull/389
Title: #389: Fix build in mock

lslebodn commented:
"""
I updated doc help do jslint in latest version
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/389#issuecomment-271931555
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#389][synchronized] Fix build in mock

2017-01-11 Thread lslebodn
   URL: https://github.com/freeipa/freeipa/pull/389
Author: lslebodn
 Title: #389: Fix build in mock
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/389/head:pr389
git checkout pr389
From 496c47a4549b327f28d8cd6466af3a520dc0797d Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 11 Jan 2017 17:08:30 +0100
Subject: [PATCH 1/3] CONFIGURE: Fix detection of pylint

If configure script was executed with --enable-pylint then
it behaved the same as --disable-pylint. It does not make
any sense.

Resolves:
https://fedorahosted.org/freeipa/ticket/6604
---
 configure.ac | 20 +++-
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index e8a4701..c84c1bc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -446,16 +446,18 @@ AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"])
 AC_ARG_ENABLE([pylint],
 	AS_HELP_STRING([--disable-pylint],
 			   [skip Pylint in make lint target]),
-	[PYLINT=no],
-	[PYLINT=yes
-	 AC_MSG_CHECKING([for Pylint])
-	 $PYTHON -m pylint --version > /dev/null
-	 if test "$?" != "0"; then
-		AC_MSG_ERROR([cannot find pylint for $PYTHON])
-	 fi
-	 AC_MSG_RESULT([yes])
-	]
+	[PYLINT=$enableval],
+	[PYLINT=yes]
 )
+if test x$PYLINT != xno; then
+AC_MSG_CHECKING([for Pylint])
+$PYTHON -m pylint --version > /dev/null
+if test "$?" != "0"; then
+AC_MSG_ERROR([cannot find pylint for $PYTHON])
+else
+AC_MSG_RESULT([yes])
+fi
+fi
 AC_SUBST([PYLINT])
 AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"])
 

From 1a4cbc1528b248ea6060e32f0f741ebd09b82e07 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 11 Jan 2017 18:14:49 +0100
Subject: [PATCH 2/3] CONFIGURE: Update help message for jslint

Resolves:
https://fedorahosted.org/freeipa/ticket/6604
---
 configure.ac | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index c84c1bc..6cd3a89 100644
--- a/configure.ac
+++ b/configure.ac
@@ -463,11 +463,12 @@ AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"])
 
 
 AC_ARG_WITH([jslint],
-	AS_HELP_STRING([--with-jslint=path to jsl],
-			   [path to JavaScript lint]),
+AS_HELP_STRING([--with-jslint=[FILE]],
+   [path to JavaScript linter. Default is autodetection of
+   utility "jsl" ]),
 dnl --without-jslint will set JSLINT=no
-	[JSLINT=$with_jslint],
-	[AC_PATH_PROG([JSLINT], [jsl])]
+[JSLINT=$with_jslint],
+[AC_PATH_PROG([JSLINT], [jsl])]
 )
 if test "x${JSLINT}" == "x"; then
 	AC_MSG_ERROR([cannot find JS lint])

From eda6c2a147cb5c1927cefee7aa69b6b5a761ba83 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 11 Jan 2017 15:02:09 +0100
Subject: [PATCH 3/3] SPEC: Fix build in mock

Neither pylint nor jsl is installed by default because rpm macro with_lint
is not defined in spec file. However, configure script tried to
find pylint/jsl anyway.

  checking for Pylint... /usr/bin/python2: No module named pylint
  configure: error: cannot find pylint for /usr/bin/python2

  RPM build errors:
  error: Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build)
  Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build)

Resolves:
https://fedorahosted.org/freeipa/ticket/6604
---
 freeipa.spec.in | 15 +--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index c4420a0..99820d1 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -10,6 +10,12 @@
 
 # lint is not executed during rpmbuild
 # %%global with_lint 1
+%if 0%{?with_lint}
+%global enable_pylint_option --enable-pylint
+%else
+%global enable_pylint_option --disable-pylint
+%global without_jslint_option --without-jslint
+%endif
 
 %global alt_name ipa
 %if 0%{?rhel}
@@ -778,7 +784,10 @@ find \
 	! -name '*.pyo' -a \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
-%configure --with-vendor-suffix=-%{release}
+%configure --with-vendor-suffix=-%{release} \
+   %{enable_pylint_option} \
+   %{?without_jslint_option}
+
 # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405
 %make_build -Onone
 
@@ -793,7 +802,9 @@ find \
 	! -name '*.pyo' -a \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \;
-%configure --with-vendor-suffix=-%{release}
+%configure --with-vendor-suffix=-%{release} \
+   %{enable_pylint_option} \
+   %{?without_jslint_option}
 popd
 %endif # with_python3
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#389][synchronized] Fix build in mock

2017-01-11 Thread lslebodn
   URL: https://github.com/freeipa/freeipa/pull/389
Author: lslebodn
 Title: #389: Fix build in mock
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/389/head:pr389
git checkout pr389
From c28b3c5f5ea7aedfe8d67143c569760b8d2d851a Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 11 Jan 2017 17:08:30 +0100
Subject: [PATCH 1/2] BUILD: Fix detection of pylint

If configure script was executed with --enable-pylint then
it behaved the same as --disable-pylint. It does not make
any sense.
---
 configure.ac | 20 +++-
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index e8a4701..c84c1bc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -446,16 +446,18 @@ AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"])
 AC_ARG_ENABLE([pylint],
 	AS_HELP_STRING([--disable-pylint],
 			   [skip Pylint in make lint target]),
-	[PYLINT=no],
-	[PYLINT=yes
-	 AC_MSG_CHECKING([for Pylint])
-	 $PYTHON -m pylint --version > /dev/null
-	 if test "$?" != "0"; then
-		AC_MSG_ERROR([cannot find pylint for $PYTHON])
-	 fi
-	 AC_MSG_RESULT([yes])
-	]
+	[PYLINT=$enableval],
+	[PYLINT=yes]
 )
+if test x$PYLINT != xno; then
+AC_MSG_CHECKING([for Pylint])
+$PYTHON -m pylint --version > /dev/null
+if test "$?" != "0"; then
+AC_MSG_ERROR([cannot find pylint for $PYTHON])
+else
+AC_MSG_RESULT([yes])
+fi
+fi
 AC_SUBST([PYLINT])
 AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"])
 

From d1c0d0e777b504cbc33e0db09b2c3e0c66cf0846 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 11 Jan 2017 15:02:09 +0100
Subject: [PATCH 2/2] SPEC: Fix build in mock

Neither pylint nor jsl is installed by default because rpm macro with_lint
is not defined in spec file. However, configure script tried to
find pylint/jsl anyway.

  checking for Pylint... /usr/bin/python2: No module named pylint
  configure: error: cannot find pylint for /usr/bin/python2

  RPM build errors:
  error: Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build)
  Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build)
---
 freeipa.spec.in | 15 +--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index c4420a0..99820d1 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -10,6 +10,12 @@
 
 # lint is not executed during rpmbuild
 # %%global with_lint 1
+%if 0%{?with_lint}
+%global enable_pylint_option --enable-pylint
+%else
+%global enable_pylint_option --disable-pylint
+%global without_jslint_option --without-jslint
+%endif
 
 %global alt_name ipa
 %if 0%{?rhel}
@@ -778,7 +784,10 @@ find \
 	! -name '*.pyo' -a \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
-%configure --with-vendor-suffix=-%{release}
+%configure --with-vendor-suffix=-%{release} \
+   %{enable_pylint_option} \
+   %{?without_jslint_option}
+
 # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405
 %make_build -Onone
 
@@ -793,7 +802,9 @@ find \
 	! -name '*.pyo' -a \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \;
-%configure --with-vendor-suffix=-%{release}
+%configure --with-vendor-suffix=-%{release} \
+   %{enable_pylint_option} \
+   %{?without_jslint_option}
 popd
 %endif # with_python3
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#389][synchronized] Fix build in mock

2017-01-11 Thread lslebodn
   URL: https://github.com/freeipa/freeipa/pull/389
Author: lslebodn
 Title: #389: Fix build in mock
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/389/head:pr389
git checkout pr389
From b847c8f98655d6b6099b47052aa89c279929bf29 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 11 Jan 2017 17:08:30 +0100
Subject: [PATCH 1/2] BUILD: Fix detection of pylint

If configure script was executed with --enable-pylint then
it behaved the same as --disable-pylint. It does not make
any sense.
---
 configure.ac | 20 +++-
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index e8a4701..c706018 100644
--- a/configure.ac
+++ b/configure.ac
@@ -446,16 +446,18 @@ AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"])
 AC_ARG_ENABLE([pylint],
 	AS_HELP_STRING([--disable-pylint],
 			   [skip Pylint in make lint target]),
-	[PYLINT=no],
-	[PYLINT=yes
-	 AC_MSG_CHECKING([for Pylint])
-	 $PYTHON -m pylint --version > /dev/null
-	 if test "$?" != "0"; then
-		AC_MSG_ERROR([cannot find pylint for $PYTHON])
-	 fi
-	 AC_MSG_RESULT([yes])
-	]
+	[PYLINT=$enableval],
+	[PYLINT=no]
 )
+if test x$PYLINT != no; then
+AC_MSG_CHECKING([for Pylint])
+$PYTHON -m pylint --version > /dev/null
+if test "$?" != "0"; then
+AC_MSG_ERROR([cannot find pylint for $PYTHON])
+else
+AC_MSG_RESULT([yes])
+fi
+fi
 AC_SUBST([PYLINT])
 AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"])
 

From 4f62f8d77cd0a5ac16bbdbbc86103f231a1ca343 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 11 Jan 2017 15:02:09 +0100
Subject: [PATCH 2/2] SPEC: Fix build in mock

Neither pylint nor jsl is installed by default because rpm macro with_lint
is not defined in spec file. However, configure script tried to
find pylint/jsl anyway.

  checking for Pylint... /usr/bin/python2: No module named pylint
  configure: error: cannot find pylint for /usr/bin/python2

  RPM build errors:
  error: Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build)
  Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build)
---
 configure.ac|  2 +-
 freeipa.spec.in | 15 +--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index c706018..1616f31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -447,7 +447,7 @@ AC_ARG_ENABLE([pylint],
 	AS_HELP_STRING([--disable-pylint],
 			   [skip Pylint in make lint target]),
 	[PYLINT=$enableval],
-	[PYLINT=no]
+	[PYLINT=yes]
 )
 if test x$PYLINT != no; then
 AC_MSG_CHECKING([for Pylint])
diff --git a/freeipa.spec.in b/freeipa.spec.in
index c4420a0..99820d1 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -10,6 +10,12 @@
 
 # lint is not executed during rpmbuild
 # %%global with_lint 1
+%if 0%{?with_lint}
+%global enable_pylint_option --enable-pylint
+%else
+%global enable_pylint_option --disable-pylint
+%global without_jslint_option --without-jslint
+%endif
 
 %global alt_name ipa
 %if 0%{?rhel}
@@ -778,7 +784,10 @@ find \
 	! -name '*.pyo' -a \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
-%configure --with-vendor-suffix=-%{release}
+%configure --with-vendor-suffix=-%{release} \
+   %{enable_pylint_option} \
+   %{?without_jslint_option}
+
 # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405
 %make_build -Onone
 
@@ -793,7 +802,9 @@ find \
 	! -name '*.pyo' -a \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \;
-%configure --with-vendor-suffix=-%{release}
+%configure --with-vendor-suffix=-%{release} \
+   %{enable_pylint_option} \
+   %{?without_jslint_option}
 popd
 %endif # with_python3
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#389][comment] Fix build in mock

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/389
Title: #389: Fix build in mock

tiran commented:
"""
Thanks, your PR fixes some concerns of my ticket 
https://fedorahosted.org/freeipa/ticket/6604.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/389#issuecomment-271914990
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#390][opened] WebUI: Fix Coverity JS bugs

2017-01-11 Thread pvomacka
   URL: https://github.com/freeipa/freeipa/pull/390
Author: pvomacka
 Title: #390: WebUI: Fix Coverity JS bugs
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/390/head:pr390
git checkout pr390
From 8b35a9710d8476903f00c57e63b8f734a344235c Mon Sep 17 00:00:00 2001
From: Pavel Vomacka 
Date: Wed, 11 Jan 2017 17:13:19 +0100
Subject: [PATCH 1/2] Coverity: Fix possibility of access to attribute of
 undefined

---
 install/ui/src/freeipa/widgets/APIBrowserWidget.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/ui/src/freeipa/widgets/APIBrowserWidget.js b/install/ui/src/freeipa/widgets/APIBrowserWidget.js
index 2164df2..ff1c8ee 100644
--- a/install/ui/src/freeipa/widgets/APIBrowserWidget.js
+++ b/install/ui/src/freeipa/widgets/APIBrowserWidget.js
@@ -253,7 +253,7 @@ widgets.APIBrowserWidget = declare([Stateful, Evented], {
 
 // switch widget
 if (widget && !widget.el) widget.render();
-if (this.current_details_w !== widget) {
+if (widget && this.current_details_w !== widget) {
 this.details_el.empty();
 this.details_el.append(widget.el);
 }

From 9b07762989f53adeb6dbad92f61622946cf52509 Mon Sep 17 00:00:00 2001
From: Pavel Vomacka 
Date: Wed, 11 Jan 2017 17:14:01 +0100
Subject: [PATCH 2/2] Coverity: removed useless semicolon which ends statement
 earlier

---
 install/ui/src/freeipa/widgets/LoginScreen.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js
index 29a5efc..0096433 100644
--- a/install/ui/src/freeipa/widgets/LoginScreen.js
+++ b/install/ui/src/freeipa/widgets/LoginScreen.js
@@ -339,10 +339,10 @@ define(['dojo/_base/declare',
 set_login_aside_text: function() {
 var aside = "";
 if (this.password_enabled()) {
-aside += ""+this.form_auth_msg;+"";
+aside += ""+this.form_auth_msg+"";
 }
 if (this.kerberos_enabled()) {
-aside += ""+this.kerberos_msg;+"";
+aside += ""+this.kerberos_msg+"";
 }
 this.set('aside', aside);
 },
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#389][opened] Fix build in mock

2017-01-11 Thread lslebodn
   URL: https://github.com/freeipa/freeipa/pull/389
Author: lslebodn
 Title: #389: Fix build in mock
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/389/head:pr389
git checkout pr389
From b847c8f98655d6b6099b47052aa89c279929bf29 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 11 Jan 2017 17:08:30 +0100
Subject: [PATCH 1/2] BUILD: Fix detection of pylint

If configure script was executed with --enable-pylint then
it behaved the same as --disable-pylint. It does not make
any sense.
---
 configure.ac | 20 +++-
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index e8a4701..c706018 100644
--- a/configure.ac
+++ b/configure.ac
@@ -446,16 +446,18 @@ AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"])
 AC_ARG_ENABLE([pylint],
 	AS_HELP_STRING([--disable-pylint],
 			   [skip Pylint in make lint target]),
-	[PYLINT=no],
-	[PYLINT=yes
-	 AC_MSG_CHECKING([for Pylint])
-	 $PYTHON -m pylint --version > /dev/null
-	 if test "$?" != "0"; then
-		AC_MSG_ERROR([cannot find pylint for $PYTHON])
-	 fi
-	 AC_MSG_RESULT([yes])
-	]
+	[PYLINT=$enableval],
+	[PYLINT=no]
 )
+if test x$PYLINT != no; then
+AC_MSG_CHECKING([for Pylint])
+$PYTHON -m pylint --version > /dev/null
+if test "$?" != "0"; then
+AC_MSG_ERROR([cannot find pylint for $PYTHON])
+else
+AC_MSG_RESULT([yes])
+fi
+fi
 AC_SUBST([PYLINT])
 AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"])
 

From 19a0a3b8c5e4855d047d098262c1a44a76ea5ebf Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Wed, 11 Jan 2017 15:02:09 +0100
Subject: [PATCH 2/2] SPEC: Fix build in mock

Neither pylint nor jsl is installed by default because rpm macro with_lint
is not defined in spec file. However, configure script tried to
find pylint/jsl anyway.

  checking for Pylint... /usr/bin/python2: No module named pylint
  configure: error: cannot find pylint for /usr/bin/python2

  RPM build errors:
  error: Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build)
  Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build)
---
 freeipa.spec.in | 15 +--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index c4420a0..99820d1 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -10,6 +10,12 @@
 
 # lint is not executed during rpmbuild
 # %%global with_lint 1
+%if 0%{?with_lint}
+%global enable_pylint_option --enable-pylint
+%else
+%global enable_pylint_option --disable-pylint
+%global without_jslint_option --without-jslint
+%endif
 
 %global alt_name ipa
 %if 0%{?rhel}
@@ -778,7 +784,10 @@ find \
 	! -name '*.pyo' -a \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
-%configure --with-vendor-suffix=-%{release}
+%configure --with-vendor-suffix=-%{release} \
+   %{enable_pylint_option} \
+   %{?without_jslint_option}
+
 # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405
 %make_build -Onone
 
@@ -793,7 +802,9 @@ find \
 	! -name '*.pyo' -a \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \;
-%configure --with-vendor-suffix=-%{release}
+%configure --with-vendor-suffix=-%{release} \
+   %{enable_pylint_option} \
+   %{?without_jslint_option}
 popd
 %endif # with_python3
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/364
Title: #364: Client-only builds with --disable-server

tiran commented:
"""
Nit-pick: A build does not produce any files outside the build environment. Of 
course **make install** produces the files -- unless you change the prefix with 
```./configure --prefix```.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/364#issuecomment-271901278
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server

2017-01-11 Thread tomaskrizek
  URL: https://github.com/freeipa/freeipa/pull/364
Title: #364: Client-only builds with --disable-server

tomaskrizek commented:
"""
The extra dependencies are indeed not necessary with this change.

However, `make install` produces  directories like 
`/usr/lib/python2.7/site-packages/ipaserver`, 
`/usr/lib/python2.7/site-packages/ipatests`, ... I don't think these should be 
present when doing a client-only build.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/364#issuecomment-271895769
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#381][closed] disable hostname canonicalization by Kerberos library

2017-01-11 Thread martbab
   URL: https://github.com/freeipa/freeipa/pull/381
Author: martbab
 Title: #381: disable hostname canonicalization by Kerberos library
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/381/head:pr381
git checkout pr381
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#381][+pushed] disable hostname canonicalization by Kerberos library

2017-01-11 Thread martbab
  URL: https://github.com/freeipa/freeipa/pull/381
Title: #381: disable hostname canonicalization by Kerberos library

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library

2017-01-11 Thread martbab
  URL: https://github.com/freeipa/freeipa/pull/381
Title: #381: disable hostname canonicalization by Kerberos library

martbab commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/566c86a782bfd7d50938866e9f89faf56cea773f
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/381#issuecomment-271895542
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library

2017-01-11 Thread martbab
  URL: https://github.com/freeipa/freeipa/pull/381
Title: #381: disable hostname canonicalization by Kerberos library

martbab commented:
"""
@pvoborni will do.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/381#issuecomment-271894729
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#382][synchronized] [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)

2017-01-11 Thread mbasti-rh
   URL: https://github.com/freeipa/freeipa/pull/382
Author: mbasti-rh
 Title: #382: [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/382/head:pr382
git checkout pr382
From 0ba8877d4f0a6e96d4e338a88f8638d00ad980b1 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 11:53:59 +0100
Subject: [PATCH 01/16] py3: create_cert_db: write to file in a compatible way

Py3 expect bytes to be writed using os.write. Instead of that using
io module is more pythonic.

https://fedorahosted.org/freeipa/ticket/4985
---
 ipaserver/install/httpinstance.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index bacd5fc..ded0553 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,6 +19,7 @@
 
 from __future__ import print_function
 
+import io
 import os
 import os.path
 import pwd
@@ -314,9 +315,8 @@ def create_cert_db(self):
 
 # Create the password file for this db
 password = ipautil.ipa_generate_password()
-f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-os.write(f, password)
-os.close(f)
+with io.open(pwd_file, 'w') as f:
+f.write(password)
 
 ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"])
 

From 447691cc4a08ea66d8a0d8bc3dd674bc1dfb273e Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 10 Jan 2017 13:45:11 +0100
Subject: [PATCH 02/16] py3: service.py: replace mkstemp by NamedTemporaryFile

NamedTemporaryfile can be used in more pythonic way and file can be
opened in textual mode that is required with PY3

https://fedorahosted.org/freeipa/ticket/4985
---
 ipapython/ipautil.py | 2 +-
 ipaserver/install/service.py | 7 ---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index e3e4611..34d10ef 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -852,7 +852,7 @@ def ipa_generate_password(entropy_bits=256, uppercase=1, lowercase=1, digits=1,
 rnd = random.SystemRandom()
 
 todo_entropy = entropy_bits
-password = ''
+password = u''
 # Generate required character classes:
 # The order of generated characters is fixed to comply with check in
 # NSS function sftk_newPinCheck() in nss/lib/softoken/fipstokn.c.
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 6451f92..fbe3f23 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -208,9 +208,10 @@ def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True,
 args += ["-H", ldap_uri]
 
 if dm_password:
-[pw_fd, pw_name] = tempfile.mkstemp()
-os.write(pw_fd, dm_password)
-os.close(pw_fd)
+with tempfile.NamedTemporaryFile(
+mode='w', delete=False) as pw_file:
+pw_file.write(dm_password)
+pw_name = pw_file.name
 auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name]
 # Use GSSAPI auth when not using DM password or not being root
 elif os.getegid() != 0:

From a88a49b9df29c4d0ee72fb570ed9d847115ced18 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 12:42:23 +0100
Subject: [PATCH 03/16] py3: open temporary ldif file in text mode

ldif parser uses file in text mode, so we have to open it in text mode
in py3

Also values passed to parser should be bytes

https://fedorahosted.org/freeipa/ticket/4985
---
 ipaserver/install/dsinstance.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 89315b6..2721d88 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -582,14 +582,15 @@ def __update_dse_ldif(self):
 'dse.ldif'
 )
 
-with tempfile.NamedTemporaryFile(delete=False) as new_dse_ldif:
+with tempfile.NamedTemporaryFile(
+mode='w', delete=False) as new_dse_ldif:
 temp_filename = new_dse_ldif.name
 with open(dse_filename, "r") as input_file:
 parser = installutils.ModifyLDIF(input_file, new_dse_ldif)
 parser.replace_value(
 'cn=config,cn=ldbm database,cn=plugins,cn=config',
 'nsslapd-db-locks',
-['5']
+[b'5']
 )
 if self.config_ldif:
 # parse modifications from ldif file supplied by the admin

From de38448a7ede9ce49818be053f14f07a200bb915 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 

[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library

2017-01-11 Thread pvoborni
  URL: https://github.com/freeipa/freeipa/pull/381
Title: #381: disable hostname canonicalization by Kerberos library

pvoborni commented:
"""
To not forget to update the release notes later at release, @martbab could you 
update the respected fields in both ticket and BZ when the patch is pushed.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/381#issuecomment-271883989
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#382][synchronized] [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)

2017-01-11 Thread mbasti-rh
   URL: https://github.com/freeipa/freeipa/pull/382
Author: mbasti-rh
 Title: #382: [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/382/head:pr382
git checkout pr382
From 0ba8877d4f0a6e96d4e338a88f8638d00ad980b1 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 11:53:59 +0100
Subject: [PATCH 01/16] py3: create_cert_db: write to file in a compatible way

Py3 expect bytes to be writed using os.write. Instead of that using
io module is more pythonic.

https://fedorahosted.org/freeipa/ticket/4985
---
 ipaserver/install/httpinstance.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index bacd5fc..ded0553 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,6 +19,7 @@
 
 from __future__ import print_function
 
+import io
 import os
 import os.path
 import pwd
@@ -314,9 +315,8 @@ def create_cert_db(self):
 
 # Create the password file for this db
 password = ipautil.ipa_generate_password()
-f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-os.write(f, password)
-os.close(f)
+with io.open(pwd_file, 'w') as f:
+f.write(password)
 
 ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"])
 

From 447691cc4a08ea66d8a0d8bc3dd674bc1dfb273e Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 10 Jan 2017 13:45:11 +0100
Subject: [PATCH 02/16] py3: service.py: replace mkstemp by NamedTemporaryFile

NamedTemporaryfile can be used in more pythonic way and file can be
opened in textual mode that is required with PY3

https://fedorahosted.org/freeipa/ticket/4985
---
 ipapython/ipautil.py | 2 +-
 ipaserver/install/service.py | 7 ---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index e3e4611..34d10ef 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -852,7 +852,7 @@ def ipa_generate_password(entropy_bits=256, uppercase=1, lowercase=1, digits=1,
 rnd = random.SystemRandom()
 
 todo_entropy = entropy_bits
-password = ''
+password = u''
 # Generate required character classes:
 # The order of generated characters is fixed to comply with check in
 # NSS function sftk_newPinCheck() in nss/lib/softoken/fipstokn.c.
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 6451f92..fbe3f23 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -208,9 +208,10 @@ def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True,
 args += ["-H", ldap_uri]
 
 if dm_password:
-[pw_fd, pw_name] = tempfile.mkstemp()
-os.write(pw_fd, dm_password)
-os.close(pw_fd)
+with tempfile.NamedTemporaryFile(
+mode='w', delete=False) as pw_file:
+pw_file.write(dm_password)
+pw_name = pw_file.name
 auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name]
 # Use GSSAPI auth when not using DM password or not being root
 elif os.getegid() != 0:

From a88a49b9df29c4d0ee72fb570ed9d847115ced18 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 12:42:23 +0100
Subject: [PATCH 03/16] py3: open temporary ldif file in text mode

ldif parser uses file in text mode, so we have to open it in text mode
in py3

Also values passed to parser should be bytes

https://fedorahosted.org/freeipa/ticket/4985
---
 ipaserver/install/dsinstance.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 89315b6..2721d88 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -582,14 +582,15 @@ def __update_dse_ldif(self):
 'dse.ldif'
 )
 
-with tempfile.NamedTemporaryFile(delete=False) as new_dse_ldif:
+with tempfile.NamedTemporaryFile(
+mode='w', delete=False) as new_dse_ldif:
 temp_filename = new_dse_ldif.name
 with open(dse_filename, "r") as input_file:
 parser = installutils.ModifyLDIF(input_file, new_dse_ldif)
 parser.replace_value(
 'cn=config,cn=ldbm database,cn=plugins,cn=config',
 'nsslapd-db-locks',
-['5']
+[b'5']
 )
 if self.config_ldif:
 # parse modifications from ldif file supplied by the admin

From de38448a7ede9ce49818be053f14f07a200bb915 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 

[Freeipa-devel] [freeipa PR#382][synchronized] [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)

2017-01-11 Thread mbasti-rh
   URL: https://github.com/freeipa/freeipa/pull/382
Author: mbasti-rh
 Title: #382: [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/382/head:pr382
git checkout pr382
From 0ba8877d4f0a6e96d4e338a88f8638d00ad980b1 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 11:53:59 +0100
Subject: [PATCH 01/16] py3: create_cert_db: write to file in a compatible way

Py3 expect bytes to be writed using os.write. Instead of that using
io module is more pythonic.

https://fedorahosted.org/freeipa/ticket/4985
---
 ipaserver/install/httpinstance.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index bacd5fc..ded0553 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,6 +19,7 @@
 
 from __future__ import print_function
 
+import io
 import os
 import os.path
 import pwd
@@ -314,9 +315,8 @@ def create_cert_db(self):
 
 # Create the password file for this db
 password = ipautil.ipa_generate_password()
-f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-os.write(f, password)
-os.close(f)
+with io.open(pwd_file, 'w') as f:
+f.write(password)
 
 ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"])
 

From f97b56d35539dbc091d20282e01b7a804c6f8732 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 10 Jan 2017 13:45:11 +0100
Subject: [PATCH 02/16] py3: service.py: replace mkstemp by NamedTemporaryFile

NamedTemporaryfile can be used in more pythonic way and file can be
opened in textual mode that is required with PY3

https://fedorahosted.org/freeipa/ticket/4985
---
 ipapython/ipautil.py | 2 +-
 ipaserver/install/service.py | 9 +
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index e3e4611..34d10ef 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -852,7 +852,7 @@ def ipa_generate_password(entropy_bits=256, uppercase=1, lowercase=1, digits=1,
 rnd = random.SystemRandom()
 
 todo_entropy = entropy_bits
-password = ''
+password = u''
 # Generate required character classes:
 # The order of generated characters is fixed to comply with check in
 # NSS function sftk_newPinCheck() in nss/lib/softoken/fipstokn.c.
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 6451f92..c96cd8b 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -208,10 +208,11 @@ def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True,
 args += ["-H", ldap_uri]
 
 if dm_password:
-[pw_fd, pw_name] = tempfile.mkstemp()
-os.write(pw_fd, dm_password)
-os.close(pw_fd)
-auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name]
+with tempfile.NamedTemporaryFile(
+mode='w', delete=False) as pw_file:
+pw_name = pw_file.name
+pw_file.write(dm_password)
+auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name]
 # Use GSSAPI auth when not using DM password or not being root
 elif os.getegid() != 0:
 auth_parms = ["-Y", "GSSAPI"]

From 381a6570f75a581d01e8ed57d701654ae36d388e Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 12:42:23 +0100
Subject: [PATCH 03/16] py3: open temporary ldif file in text mode

ldif parser uses file in text mode, so we have to open it in text mode
in py3

Also values passed to parser should be bytes

https://fedorahosted.org/freeipa/ticket/4985
---
 ipaserver/install/dsinstance.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 89315b6..2721d88 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -582,14 +582,15 @@ def __update_dse_ldif(self):
 'dse.ldif'
 )
 
-with tempfile.NamedTemporaryFile(delete=False) as new_dse_ldif:
+with tempfile.NamedTemporaryFile(
+mode='w', delete=False) as new_dse_ldif:
 temp_filename = new_dse_ldif.name
 with open(dse_filename, "r") as input_file:
 parser = installutils.ModifyLDIF(input_file, new_dse_ldif)
 parser.replace_value(
 'cn=config,cn=ldbm database,cn=plugins,cn=config',
 'nsslapd-db-locks',
-['5']
+[b'5']
 )
 if self.config_ldif:
 # parse modifications from ldif file supplied by the admin

From 

[Freeipa-devel] [freeipa PR#245][+pushed] Allow full customisability of IPA CA subject DN

2017-01-11 Thread HonzaCholasta
  URL: https://github.com/freeipa/freeipa/pull/245
Title: #245: Allow full customisability of IPA CA subject DN

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN

2017-01-11 Thread HonzaCholasta
  URL: https://github.com/freeipa/freeipa/pull/245
Title: #245: Allow full customisability of IPA CA subject DN

HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/324183cd63aeadbaa9678d610ba59e1295a606fe
https://fedorahosted.org/freeipa/changeset/db6674096c598918ea6b12ca33a96cf5e617a434
https://fedorahosted.org/freeipa/changeset/c6db493b06320455a2366945911939a605df2a73
https://fedorahosted.org/freeipa/changeset/6f3eb85c302f54bec561337e6627c89144b589ff
https://fedorahosted.org/freeipa/changeset/46bf0e89ae054b34adc66d08f205a5155e6f3fd6
https://fedorahosted.org/freeipa/changeset/f54df62abae4a15064bf297634558eb9be83ce33
https://fedorahosted.org/freeipa/changeset/09a65df6842411d42966111e50924df3de0b7031
https://fedorahosted.org/freeipa/changeset/3d01ec14c6e36fa962d0c54b2e08df0ecd401bd6
https://fedorahosted.org/freeipa/changeset/3f5660973251fe4b178e6486b6b86fbdd162d4d6
https://fedorahosted.org/freeipa/changeset/0c95a00147b1dd508736dacc847873afb504
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/245#issuecomment-271880802
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#245][closed] Allow full customisability of IPA CA subject DN

2017-01-11 Thread HonzaCholasta
   URL: https://github.com/freeipa/freeipa/pull/245
Author: frasertweedale
 Title: #245: Allow full customisability of IPA CA subject DN
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/245/head:pr245
git checkout pr245
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#245][+ack] Allow full customisability of IPA CA subject DN

2017-01-11 Thread HonzaCholasta
  URL: https://github.com/freeipa/freeipa/pull/245
Title: #245: Allow full customisability of IPA CA subject DN

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/364
Title: #364: Client-only builds with --disable-server

tiran commented:
"""
The PR only affects ```make install```, Python packaging and integration 
efforts. The goal is to reduce the amount of necessary build dependencies for 
installation and packaging of Python wheels or for developers that are only 
interested to build ipa-client locally.

At the moment it is not possible to build FreeIPA without Samba, talloc, 
tevent, 389 DS, systemd and a couple of more packages. The dependency tree is 
rather heavy. These dependencies are not relevant for clients, though.

I haven't touched RPM builds deliberately. RPM spec can be adjusted in a 
subsequent PR. It's not relevant for me.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/364#issuecomment-271879617
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#382][edited] [WIP] Py3 ipa-server-install fixes

2017-01-11 Thread mbasti-rh
   URL: https://github.com/freeipa/freeipa/pull/382
Author: mbasti-rh
 Title: #382: [WIP] Py3 ipa-server-install fixes
Action: edited

 Changed field: title
Original value:
"""
[WIP] Py3 ipa-server-install fixes
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#382][edited] [WIP] Py3 ipa-server-install fixes

2017-01-11 Thread mbasti-rh
   URL: https://github.com/freeipa/freeipa/pull/382
Author: mbasti-rh
 Title: #382: [WIP] Py3 ipa-server-install fixes
Action: edited

 Changed field: body
Original value:
"""
This PR should allow to install server  with py3
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#382][synchronized] [WIP] Py3 ipa-server-install fixes

2017-01-11 Thread mbasti-rh
   URL: https://github.com/freeipa/freeipa/pull/382
Author: mbasti-rh
 Title: #382: [WIP] Py3 ipa-server-install fixes
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/382/head:pr382
git checkout pr382
From 0ba8877d4f0a6e96d4e338a88f8638d00ad980b1 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 11:53:59 +0100
Subject: [PATCH 01/16] py3: create_cert_db: write to file in a compatible way

Py3 expect bytes to be writed using os.write. Instead of that using
io module is more pythonic.

https://fedorahosted.org/freeipa/ticket/4985
---
 ipaserver/install/httpinstance.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index bacd5fc..ded0553 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,6 +19,7 @@
 
 from __future__ import print_function
 
+import io
 import os
 import os.path
 import pwd
@@ -314,9 +315,8 @@ def create_cert_db(self):
 
 # Create the password file for this db
 password = ipautil.ipa_generate_password()
-f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-os.write(f, password)
-os.close(f)
+with io.open(pwd_file, 'w') as f:
+f.write(password)
 
 ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"])
 

From f97b56d35539dbc091d20282e01b7a804c6f8732 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 10 Jan 2017 13:45:11 +0100
Subject: [PATCH 02/16] py3: service.py: replace mkstemp by NamedTemporaryFile

NamedTemporaryfile can be used in more pythonic way and file can be
opened in textual mode that is required with PY3

https://fedorahosted.org/freeipa/ticket/4985
---
 ipapython/ipautil.py | 2 +-
 ipaserver/install/service.py | 9 +
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index e3e4611..34d10ef 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -852,7 +852,7 @@ def ipa_generate_password(entropy_bits=256, uppercase=1, lowercase=1, digits=1,
 rnd = random.SystemRandom()
 
 todo_entropy = entropy_bits
-password = ''
+password = u''
 # Generate required character classes:
 # The order of generated characters is fixed to comply with check in
 # NSS function sftk_newPinCheck() in nss/lib/softoken/fipstokn.c.
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 6451f92..c96cd8b 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -208,10 +208,11 @@ def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True,
 args += ["-H", ldap_uri]
 
 if dm_password:
-[pw_fd, pw_name] = tempfile.mkstemp()
-os.write(pw_fd, dm_password)
-os.close(pw_fd)
-auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name]
+with tempfile.NamedTemporaryFile(
+mode='w', delete=False) as pw_file:
+pw_name = pw_file.name
+pw_file.write(dm_password)
+auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name]
 # Use GSSAPI auth when not using DM password or not being root
 elif os.getegid() != 0:
 auth_parms = ["-Y", "GSSAPI"]

From 381a6570f75a581d01e8ed57d701654ae36d388e Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 9 Jan 2017 12:42:23 +0100
Subject: [PATCH 03/16] py3: open temporary ldif file in text mode

ldif parser uses file in text mode, so we have to open it in text mode
in py3

Also values passed to parser should be bytes

https://fedorahosted.org/freeipa/ticket/4985
---
 ipaserver/install/dsinstance.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 89315b6..2721d88 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -582,14 +582,15 @@ def __update_dse_ldif(self):
 'dse.ldif'
 )
 
-with tempfile.NamedTemporaryFile(delete=False) as new_dse_ldif:
+with tempfile.NamedTemporaryFile(
+mode='w', delete=False) as new_dse_ldif:
 temp_filename = new_dse_ldif.name
 with open(dse_filename, "r") as input_file:
 parser = installutils.ModifyLDIF(input_file, new_dse_ldif)
 parser.replace_value(
 'cn=config,cn=ldbm database,cn=plugins,cn=config',
 'nsslapd-db-locks',
-['5']
+[b'5']
 )
 if self.config_ldif:
 # parse modifications from ldif file supplied by the admin

From 

[Freeipa-devel] [freeipa PR#364][synchronized] Client-only builds with --disable-server

2017-01-11 Thread tiran
   URL: https://github.com/freeipa/freeipa/pull/364
Author: tiran
 Title: #364: Client-only builds with --disable-server
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/364/head:pr364
git checkout pr364
From bdafd0463d5b5dac3e8ec323b3101b185d231183 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Tue, 3 Jan 2017 14:32:05 +0100
Subject: [PATCH] Client-only builds with --disable-server

https://fedorahosted.org/freeipa/ticket/6517
---
 Makefile.am  |   6 +-
 configure.ac | 317 +--
 2 files changed, 182 insertions(+), 141 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 9bfc899..e6e8ebc 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,7 +1,11 @@
 ACLOCAL_AMFLAGS = -I m4
 
 IPACLIENT_SUBDIRS = ipaclient ipalib ipapython
-SUBDIRS = asn1 util client contrib daemons init install $(IPACLIENT_SUBDIRS) ipaplatform ipaserver ipatests po
+SUBDIRS = asn1 util client contrib $(IPACLIENT_SUBDIRS) ipaplatform ipaserver ipatests po
+
+if ENABLE_SERVER
+SUBDIRS += daemons init install
+endif
 
 MOSTLYCLEANFILES = ipasetup.pyc ipasetup.pyo \
 		   ignore_import_errors.pyc ignore_import_errors.pyo \
diff --git a/configure.ac b/configure.ac
index e8a4701..825ca18 100644
--- a/configure.ac
+++ b/configure.ac
@@ -24,6 +24,17 @@ LT_INIT
 
 AC_HEADER_STDC
 
+PKG_PROG_PKG_CONFIG
+
+AC_ARG_ENABLE([server],
+[  --disable-serverDisable server support],
+[case "${enableval}" in
+  yes) enable_server=true ;;
+  no)  enable_server=false ;;
+  *) AC_MSG_ERROR([bad value ${enableval} for --disable-server]) ;;
+esac],[enable_server=true])
+AM_CONDITIONAL([ENABLE_SERVER], [test x$enable_server = xtrue])
+
 AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
 
 dnl ---
@@ -36,34 +47,39 @@ dnl ---
 dnl - Check for DS slapi plugin
 dnl ---
 
-# Need to hack CPPFLAGS to be able to correctly detetct slapi-plugin.h
-SAVE_CPPFLAGS=$CPPFLAGS
-CPPFLAGS=$NSPR_CFLAGS
-AC_CHECK_HEADER(dirsrv/slapi-plugin.h)
-if test "x$ac_cv_header_dirsrv_slapi-plugin_h" = "xno" ; then
-	AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)])
-fi
-AC_CHECK_HEADER(dirsrv/repl-session-plugin.h)
-if test "x$ac_cv_header_dirsrv_repl_session_plugin_h" = "xno" ; then
-	AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)])
-fi
-CPPFLAGS=$SAVE_CPPFLAGS
-
-if test "x$ac_cv_header_dirsrv_slapi_plugin_h" = "xno" ; then
-	AC_MSG_ERROR([Required DS slapi plugin header not available (fedora-ds-base-devel)])
-fi
+AM_COND_IF([ENABLE_SERVER], [
+# Need to hack CPPFLAGS to be able to correctly detetct slapi-plugin.h
+SAVE_CPPFLAGS=$CPPFLAGS
+CPPFLAGS=$NSPR_CFLAGS
+AC_CHECK_HEADER(dirsrv/slapi-plugin.h)
+if test "x$ac_cv_header_dirsrv_slapi-plugin_h" = "xno" ; then
+AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)])
+fi
+AC_CHECK_HEADER(dirsrv/repl-session-plugin.h)
+if test "x$ac_cv_header_dirsrv_repl_session_plugin_h" = "xno" ; then
+AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)])
+fi
+CPPFLAGS=$SAVE_CPPFLAGS
+
+if test "x$ac_cv_header_dirsrv_slapi_plugin_h" = "xno" ; then
+AC_MSG_ERROR([Required DS slapi plugin header not available (fedora-ds-base-devel)])
+fi
+])
 
 dnl ---
 dnl - Check for KRB5
 dnl ---
 
 PKG_CHECK_MODULES([KRB5], [krb5])
-AC_CHECK_HEADER(krad.h, [], [AC_MSG_ERROR([krad.h not found])])
-AC_CHECK_LIB(krad, main, [], [AC_MSG_ERROR([libkrad not found])])
-KRAD_LIBS="-lkrad"
-krb5rundir="${localstatedir}/run/krb5kdc"
-AC_SUBST(KRAD_LIBS)
-AC_SUBST(krb5rundir)
+
+AM_COND_IF([ENABLE_SERVER], [
+AC_CHECK_HEADER(krad.h, [], [AC_MSG_ERROR([krad.h not found])])
+AC_CHECK_LIB(krad, main, [], [AC_MSG_ERROR([libkrad not found])])
+KRAD_LIBS="-lkrad"
+krb5rundir="${localstatedir}/run/krb5kdc"
+AC_SUBST(KRAD_LIBS)
+AC_SUBST(krb5rundir)
+])
 
 dnl ---
 dnl - Check for OpenLDAP SDK
@@ -104,64 +120,69 @@ dnl ---
 dnl Check for ndr_krb5pac and other samba libraries
 dnl ---
 
-PKG_PROG_PKG_CONFIG()
-PKG_CHECK_MODULES([TALLOC], [talloc])
-PKG_CHECK_MODULES([TEVENT], [tevent])
-PKG_CHECK_MODULES([NDRPAC], [ndr_krb5pac])
-PKG_CHECK_MODULES([NDRNBT], [ndr_nbt])
-PKG_CHECK_MODULES([NDR], [ndr])
-PKG_CHECK_MODULES([SAMBAUTIL], [samba-util])

[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library

2017-01-11 Thread simo5
  URL: https://github.com/freeipa/freeipa/pull/381
Title: #381: disable hostname canonicalization by Kerberos library

simo5 commented:
"""
@martbab this change actually improves security by avoiding a DNS lookup that 
could be manipulated by an attacker, however it also means some setups may 
break, because they depend on canonicalization to actually get the correct 
name, and should be documented in release notes.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/381#issuecomment-271875472
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server

2017-01-11 Thread tomaskrizek
  URL: https://github.com/freeipa/freeipa/pull/364
Title: #364: Client-only builds with --disable-server

tomaskrizek commented:
"""
Could you please extend [V4/Build system 
refactoring](http://www.freeipa.org/page/V4/Build_system_refactoring) to 
include steps describing how to perform client-only build?

Also, is this supposed to build the freeipa-client rpm package? I wasn't able 
to build the rpm (``` *** No rule to make target 'distdir'.  Stop.```).

Or does it only support make + make install? When I tried to do this it also 
produced ipaserver and ipatests directories. It was probably a misconfiguration 
on my side.

Please provide instructions on how to do a proper client-only build.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/364#issuecomment-271871528
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#245][synchronized] Allow full customisability of IPA CA subject DN

2017-01-11 Thread frasertweedale
   URL: https://github.com/freeipa/freeipa/pull/245
Author: frasertweedale
 Title: #245: Allow full customisability of IPA CA subject DN
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/245/head:pr245
git checkout pr245
From d3088f763ef28cc570e54cfa20601a9df412 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Fri, 11 Nov 2016 18:54:01 +1000
Subject: [PATCH 01/10] Refactor and relocate set_subject_base_in_config

Refactor set_subject_base_in_config to use api.Backend.ldap2 instead
of a manually created LDAP connection.

Also rename the function to have a more accurate name, and move it
to 'ipaserver.install.ca' to avoid cyclic import (we will eventually
need to use it from within that module).

Part of: https://fedorahosted.org/freeipa/ticket/2614
---
 ipaserver/install/ca.py |  9 +
 ipaserver/install/server/install.py | 24 +---
 2 files changed, 10 insertions(+), 23 deletions(-)

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 4f64d99..820c6ee 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -48,6 +48,15 @@
 external_ca_file = None
 
 
+def set_subject_base_in_config(subject_base):
+entry_attrs = api.Backend.ldap2.get_ipa_config()
+entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)]
+try:
+api.Backend.ldap2.update_entry(entry_attrs)
+except errors.EmptyModlist:
+pass
+
+
 def install_check(standalone, replica_config, options):
 global external_cert_file
 global external_ca_file
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index fc319d9..36bbb4b 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -16,7 +16,6 @@
 
 from ipalib.install import certmonger, sysrestore
 from ipapython import ipautil
-from ipapython.dn import DN
 from ipapython.ipa_log_manager import root_logger
 from ipapython.ipautil import (
 format_netloc, ipa_generate_password, run, user_input)
@@ -40,7 +39,6 @@
 IPA_MODULES, BadHostError, get_fqdn, get_server_ip_address,
 is_ipa_configured, load_pkcs12, read_password, verify_fqdn,
 update_hosts_file)
-from ipaserver.plugins.ldap2 import ldap2
 
 if six.PY3:
 unicode = str
@@ -242,25 +240,6 @@ def check_dirsrv(unattended):
 raise ScriptError(msg)
 
 
-def set_subject_in_config(realm_name, dm_password, suffix, subject_base):
-ldapuri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % (
-installutils.realm_to_serverid(realm_name)
-)
-try:
-conn = ldap2(api, ldap_uri=ldapuri)
-conn.connect(bind_dn=DN(('cn', 'directory manager')),
- bind_pw=dm_password)
-except errors.ExecutionError as e:
-root_logger.critical("Could not connect to the Directory Server "
- "on %s" % realm_name)
-raise e
-entry_attrs = conn.get_ipa_config()
-if 'ipacertificatesubjectbase' not in entry_attrs:
-entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)]
-conn.update_entry(entry_attrs)
-conn.disconnect()
-
-
 def common_cleanup(func):
 def decorated(installer):
 success = False
@@ -848,8 +827,7 @@ def install(installer):
 os.chmod(paths.IPA_CA_CRT, 0o644)
 ca_db.publish_ca_cert(paths.IPA_CA_CRT)
 
-set_subject_in_config(realm_name, dm_password,
-  ipautil.realm_to_suffix(realm_name), options.subject)
+ca.set_subject_base_in_config(options.subject_base)
 
 # Apply any LDAP updates. Needs to be done after the configuration file
 # is created. DS is restarted in the process.

From efd9f21899daa3d4813ca838bbaeaa1bbe8f6118 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Wed, 16 Nov 2016 19:31:19 +1000
Subject: [PATCH 02/10] installutils: remove hardcoded subject DN assumption

`installutils.load_external_cert` assumes that the IPA CA subject
DN is `CN=Certificate Authority, {subject_base}`.  In preparation
for full customisability of IPA CA subject DN, push this assumption
out of this function to call sites (which will be updated in a
subsequent commit).

Part of: https://fedorahosted.org/freeipa/ticket/2614
---
 ipaserver/install/ca.py| 4 +++-
 ipaserver/install/installutils.py  | 7 ---
 ipaserver/install/ipa_cacert_manage.py | 7 +--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 820c6ee..56f6692 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -109,7 +109,9 @@ def install_check(standalone, replica_config, options):
   "--external-ca.")
 
 external_cert_file, external_ca_file = installutils.load_external_cert(
-

[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN

2017-01-11 Thread frasertweedale
  URL: https://github.com/freeipa/freeipa/pull/245
Title: #245: Allow full customisability of IPA CA subject DN

frasertweedale commented:
"""
@HonzaCholasta whups!  Thanks for clarifying; fixed.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/245#issuecomment-271863765
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN

2017-01-11 Thread HonzaCholasta
  URL: https://github.com/freeipa/freeipa/pull/245
Title: #245: Allow full customisability of IPA CA subject DN

HonzaCholasta commented:
"""
@frasertweedale, the ticket *number* is correct, but the URL points to Dogtag 
Trac.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/245#issuecomment-271861244
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN

2017-01-11 Thread frasertweedale
  URL: https://github.com/freeipa/freeipa/pull/245
Title: #245: Allow full customisability of IPA CA subject DN

frasertweedale commented:
"""
@HonzaCholasta PR updated.  Re ticket URL, I think 2614 is the correct one for 
that commit.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/245#issuecomment-271859881
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#245][synchronized] Allow full customisability of IPA CA subject DN

2017-01-11 Thread frasertweedale
   URL: https://github.com/freeipa/freeipa/pull/245
Author: frasertweedale
 Title: #245: Allow full customisability of IPA CA subject DN
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/245/head:pr245
git checkout pr245
From d3088f763ef28cc570e54cfa20601a9df412 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Fri, 11 Nov 2016 18:54:01 +1000
Subject: [PATCH 01/10] Refactor and relocate set_subject_base_in_config

Refactor set_subject_base_in_config to use api.Backend.ldap2 instead
of a manually created LDAP connection.

Also rename the function to have a more accurate name, and move it
to 'ipaserver.install.ca' to avoid cyclic import (we will eventually
need to use it from within that module).

Part of: https://fedorahosted.org/freeipa/ticket/2614
---
 ipaserver/install/ca.py |  9 +
 ipaserver/install/server/install.py | 24 +---
 2 files changed, 10 insertions(+), 23 deletions(-)

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 4f64d99..820c6ee 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -48,6 +48,15 @@
 external_ca_file = None
 
 
+def set_subject_base_in_config(subject_base):
+entry_attrs = api.Backend.ldap2.get_ipa_config()
+entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)]
+try:
+api.Backend.ldap2.update_entry(entry_attrs)
+except errors.EmptyModlist:
+pass
+
+
 def install_check(standalone, replica_config, options):
 global external_cert_file
 global external_ca_file
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index fc319d9..36bbb4b 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -16,7 +16,6 @@
 
 from ipalib.install import certmonger, sysrestore
 from ipapython import ipautil
-from ipapython.dn import DN
 from ipapython.ipa_log_manager import root_logger
 from ipapython.ipautil import (
 format_netloc, ipa_generate_password, run, user_input)
@@ -40,7 +39,6 @@
 IPA_MODULES, BadHostError, get_fqdn, get_server_ip_address,
 is_ipa_configured, load_pkcs12, read_password, verify_fqdn,
 update_hosts_file)
-from ipaserver.plugins.ldap2 import ldap2
 
 if six.PY3:
 unicode = str
@@ -242,25 +240,6 @@ def check_dirsrv(unattended):
 raise ScriptError(msg)
 
 
-def set_subject_in_config(realm_name, dm_password, suffix, subject_base):
-ldapuri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % (
-installutils.realm_to_serverid(realm_name)
-)
-try:
-conn = ldap2(api, ldap_uri=ldapuri)
-conn.connect(bind_dn=DN(('cn', 'directory manager')),
- bind_pw=dm_password)
-except errors.ExecutionError as e:
-root_logger.critical("Could not connect to the Directory Server "
- "on %s" % realm_name)
-raise e
-entry_attrs = conn.get_ipa_config()
-if 'ipacertificatesubjectbase' not in entry_attrs:
-entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)]
-conn.update_entry(entry_attrs)
-conn.disconnect()
-
-
 def common_cleanup(func):
 def decorated(installer):
 success = False
@@ -848,8 +827,7 @@ def install(installer):
 os.chmod(paths.IPA_CA_CRT, 0o644)
 ca_db.publish_ca_cert(paths.IPA_CA_CRT)
 
-set_subject_in_config(realm_name, dm_password,
-  ipautil.realm_to_suffix(realm_name), options.subject)
+ca.set_subject_base_in_config(options.subject_base)
 
 # Apply any LDAP updates. Needs to be done after the configuration file
 # is created. DS is restarted in the process.

From efd9f21899daa3d4813ca838bbaeaa1bbe8f6118 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Wed, 16 Nov 2016 19:31:19 +1000
Subject: [PATCH 02/10] installutils: remove hardcoded subject DN assumption

`installutils.load_external_cert` assumes that the IPA CA subject
DN is `CN=Certificate Authority, {subject_base}`.  In preparation
for full customisability of IPA CA subject DN, push this assumption
out of this function to call sites (which will be updated in a
subsequent commit).

Part of: https://fedorahosted.org/freeipa/ticket/2614
---
 ipaserver/install/ca.py| 4 +++-
 ipaserver/install/installutils.py  | 7 ---
 ipaserver/install/ipa_cacert_manage.py | 7 +--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 820c6ee..56f6692 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -109,7 +109,9 @@ def install_check(standalone, replica_config, options):
   "--external-ca.")
 
 external_cert_file, external_ca_file = installutils.load_external_cert(
-

[Freeipa-devel] [freeipa PR#378][edited] Clean / ignore make check artefact

2017-01-11 Thread tiran
   URL: https://github.com/freeipa/freeipa/pull/378
Author: tiran
 Title: #378: Clean / ignore make check artefact
Action: edited

 Changed field: title
Original value:
"""
Integrate make check into CI
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#378][synchronized] Integrate make check into CI

2017-01-11 Thread tiran
   URL: https://github.com/freeipa/freeipa/pull/378
Author: tiran
 Title: #378: Integrate make check into CI
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/378/head:pr378
git checkout pr378
From 91450e2dac2000994f300e48c9cb60b723a3652c Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 9 Jan 2017 11:23:32 +0100
Subject: [PATCH] Clean / ignore make check artefact

In tree runs of make check leave some artifacts around. The patch adds
them to make clean and .gitignore.

Signed-off-by: Christian Heimes 
---
 .gitignore  | 5 +
 daemons/ipa-kdb/Makefile.am | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/.gitignore b/.gitignore
index 6dcda76..04553fd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -72,9 +72,14 @@ freeipa2-dev-doc
 /daemons/dnssec/ipa-dnskeysyncd.service
 /daemons/dnssec/ipa-ods-exporter.service
 /daemons/dnssec/ipa-ods-exporter.socket
+/daemons/ipa-kdb/ipa_kdb_tests
+/daemons/ipa-kdb/tests/.dirstamp
 /daemons/ipa-otpd/ipa-otpd
 /daemons/ipa-otpd/ipa-otpd.socket
 /daemons/ipa-otpd/ipa-otpd@.service
+/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_tests
+/daemons/ipa-slapi-plugins/ipa-extdom-extop/extdom_cmocka_tests
+/daemons/ipa-slapi-plugins/libotp/t_hotp
 /daemons/ipa-version.h
 /daemons/test-driver
 
diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am
index 19583c9..6a2caa0 100644
--- a/daemons/ipa-kdb/Makefile.am
+++ b/daemons/ipa-kdb/Makefile.am
@@ -85,6 +85,9 @@ ipa_kdb_tests_LDADD =  \
 
 dist_noinst_DATA = ipa_kdb.exports
 
+clean-local:
+	rm -f tests/.dirstamp
+
 EXTRA_DIST =			\
 	README			\
 	README.s4u2proxy.txt	\
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][+pushed] py3: enable py3 pylint

2017-01-11 Thread mbasti-rh
  URL: https://github.com/freeipa/freeipa/pull/388
Title: #388: py3: enable py3 pylint

Label: +pushed
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][comment] py3: enable py3 pylint

2017-01-11 Thread mbasti-rh
  URL: https://github.com/freeipa/freeipa/pull/388
Title: #388: py3: enable py3 pylint

mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/d648c6a6925298a1db0c61381d72b6c4d0500c10
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/388#issuecomment-271854430
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][closed] py3: enable py3 pylint

2017-01-11 Thread mbasti-rh
   URL: https://github.com/freeipa/freeipa/pull/388
Author: mbasti-rh
 Title: #388: py3: enable py3 pylint
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/388/head:pr388
git checkout pr388
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#378][comment] Integrate make check into CI

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/378
Title: #378: Integrate make check into CI

tiran commented:
"""
The changes to .gitignore and clean-local are still required to fix in-tree 
testing. make check leaves some files around.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/378#issuecomment-271854570
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][comment] py3: enable py3 pylint

2017-01-11 Thread mbasti-rh
  URL: https://github.com/freeipa/freeipa/pull/388
Title: #388: py3: enable py3 pylint

mbasti-rh commented:
"""
Lint part of travis-CI passed
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/388#issuecomment-271854299
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][+ack] py3: enable py3 pylint

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/388
Title: #388: py3: enable py3 pylint

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][comment] py3: enable py3 pylint

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/388
Title: #388: py3: enable py3 pylint

tiran commented:
"""
It's just a minor performance improvements to speed up CI.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/388#issuecomment-271848791
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][synchronized] py3: enable py3 pylint

2017-01-11 Thread mbasti-rh
   URL: https://github.com/freeipa/freeipa/pull/388
Author: mbasti-rh
 Title: #388: py3: enable py3 pylint
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/388/head:pr388
git checkout pr388
From 57129450673d0cfd3eca38c492c442c0758f0e75 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 11 Jan 2017 09:55:00 +0100
Subject: [PATCH] py3: enable py3 pylint

We should run pylint in both python2 and python3 versions
---
 .test_runner_config.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml
index 2aece9a..dc08d79 100644
--- a/.test_runner_config.yaml
+++ b/.test_runner_config.yaml
@@ -40,7 +40,8 @@ steps:
 -a ${server_password} --setup-dns --auto-forwarders
   - ipa-kra-install -p ${server_password}
   lint:
-  - make V=0 lint
+  - PYTHON=/usr/bin/python2 make V=0 lint
+  - PYTHON=/usr/bin/python3 make V=0 pylint
   prepare_tests:
   - echo ${server_password} | kinit admin && ipa ping
   - cp -r /etc/ipa/* ~/.ipa/
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/385
Title: #385: Generate sha256 ssh pubkey fingerprints for hosts

tiran commented:
"""
@stlaz I'm sorry, go ahead and ignore what I said! :)
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/385#issuecomment-271845641
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA

2017-01-11 Thread stlaz
  URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA

stlaz commented:
"""
I created the design for this effort: 
http://www.freeipa.org/page/V4/Replace_NSS_with_OpenSSL
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/367#issuecomment-271845272
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA

2017-01-11 Thread stlaz
  URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA

stlaz commented:
"""
I created the design for this effort: 
http://www.freeipa.org/page/V4/Replace_NSS_with_OpenSSL
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/367#issuecomment-271845272
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts

2017-01-11 Thread stlaz
  URL: https://github.com/freeipa/freeipa/pull/385
Title: #385: Generate sha256 ssh pubkey fingerprints for hosts

stlaz commented:
"""
@tiran Yes, exactly, this is only a UI thing.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/385#issuecomment-271845090
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/385
Title: #385: Generate sha256 ssh pubkey fingerprints for hosts

tiran commented:
"""
Your change influenced the value of ```entry_attrs['sshpubkeyfp']``` in 
```convert_sshpubkey_post```. Is the value only used in UI or does it affect 
data in LDAP like DNS SSHFP records? I tracked down some code paths and it 
looks like the pubkey fingerprint isn't stored in LDAP. The DNS plugin uses 
different method to calculate SSHFP records. Am I right to assume that this 
change only affects UI?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/385#issuecomment-271844780
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#367][edited] Remove nsslib from IPA

2017-01-11 Thread stlaz
   URL: https://github.com/freeipa/freeipa/pull/367
Author: stlaz
 Title: #367: Remove nsslib from IPA
Action: edited

 Changed field: body
Original value:
"""
This batch of patches removes NSSConnection along with the whole 
ipapython.nsslib from IPA and replaces it with more standard 
httplib.HTTPSConnection.

NSSConnection was causing a lot of trouble in the past because it  is 
apparently very fragile when it comes to nss library initialization. On top of 
that, when NSSConnection is used to set up an HTTPS connection in FIPS, it 
always requires a password to NSS database as NSS apparently tries to create a 
temporary private key and store it to the database even though client 
authentication is not required in the SSL connection.

TODO (will require changes in certmonger/dogatg.c):
- [x] remove NSSConnection from client modules
- [x] remove NSSConnection from server modules where it's used to connect to 
the certificate server
- [x] remove the nsslib library completely
- [ ] we may probably remove ipaCert from /etc/httpd/alias and stop tracking it 
with certmonger
- [ ] separate ra-agent.pem into certificate and private-key files, have 
private-key file encrypted
- [ ] once ^- is done, track the new files in certmonger instead

https://fedorahosted.org/freeipa/ticket/5695
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts

2017-01-11 Thread stlaz
  URL: https://github.com/freeipa/freeipa/pull/385
Title: #385: Generate sha256 ssh pubkey fingerprints for hosts

stlaz commented:
"""
@tiran Which SSHFP records do you mean?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/385#issuecomment-271841277
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#373][comment] ipaplatform: Add Debian platform module.

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/373
Title: #373: ipaplatform: Add Debian platform module.

tiran commented:
"""
pylint is failing:
```
Pylint is running, please wait ...
* Module ipaplatform.debian.tasks
ipaplatform/debian/tasks.py:10: [E0611(no-name-in-module), ] No name 
'BaseTaskNameSpace' in module 'ipaplatform.base.tasks')
ipaplatform/debian/tasks.py:49: [E0602(undefined-variable), 
DebianTaskNamespace.parse_ipa_version] Undefined variable 'BaseTaskNamespace')
ipaplatform/debian/tasks.py:9: [W0611(unused-import), ] Unused paths imported 
from ipaplatform.paths)
ipaplatform/debian/tasks.py:10: [W0611(unused-import), ] Unused 
BaseTaskNameSpace imported from ipaplatform.base.tasks)
* Module ipaplatform.debian.services
ipaplatform/debian/services.py:64: [R0102(simplifiable-if-statement), 
DebianSysvService.stop] The if statement can be replaced with 'var = 
bool(test)')
ipaplatform/debian/services.py:65: [W0612(unused-variable), 
DebianSysvService.stop] Unused variable 'update_service_list')
ipaplatform/debian/services.py:73: [R0102(simplifiable-if-statement), 
DebianSysvService.start] The if statement can be replaced with 'var = 
bool(test)')
ipaplatform/debian/services.py:74: [W0612(unused-variable), 
DebianSysvService.start] Unused variable 'update_service_list')
ipaplatform/debian/services.py:9: [W0611(unused-import), ] Unused import time)
ipaplatform/debian/services.py:11: [W0611(unused-import), ] Unused tasks 
imported from ipaplatform.tasks)
ipaplatform/debian/services.py:15: [W0611(unused-import), ] Unused root_logger 
imported from ipapython.ipa_log_manager)
make: *** [pylint] Error 14
```
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/373#issuecomment-271836117
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/385
Title: #385: Generate sha256 ssh pubkey fingerprints for hosts

tiran commented:
"""
What's the migration plan for existing SSHFP records? Are there any supported 
versions of OpenSSH or other SSH client that do not support SSHFP with SHA256? 
Would it make sense to run a hybrid mode for a while (SHA256 and MD5 records 
unless FIPS is enabled)?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/385#issuecomment-271835544
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][-ack] py3: enable py3 pylint

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/388
Title: #388: py3: enable py3 pylint

Label: -ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][+ack] py3: enable py3 pylint

2017-01-11 Thread tiran
  URL: https://github.com/freeipa/freeipa/pull/388
Title: #388: py3: enable py3 pylint

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library

2017-01-11 Thread martbab
  URL: https://github.com/freeipa/freeipa/pull/381
Title: #381: disable hostname canonicalization by Kerberos library

martbab commented:
"""
Thanks for ACK. I would like to ask @simo5  if this change is okay from krb5 
point of view and does not pose any security problem for clients.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/381#issuecomment-271820219
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#381][+ack] disable hostname canonicalization by Kerberos library

2017-01-11 Thread tomaskrizek
  URL: https://github.com/freeipa/freeipa/pull/381
Title: #381: disable hostname canonicalization by Kerberos library

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library

2017-01-11 Thread tomaskrizek
  URL: https://github.com/freeipa/freeipa/pull/381
Title: #381: disable hostname canonicalization by Kerberos library

tomaskrizek commented:
"""
Works as expected.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/381#issuecomment-271818581
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#386][edited] Tests: Add tree root domain role in legacy client tests

2017-01-11 Thread gkaihorodova
   URL: https://github.com/freeipa/freeipa/pull/386
Author: gkaihorodova
 Title: #386: Tests: Add tree root domain role in legacy client tests
Action: edited

 Changed field: body
Original value:
"""
Legacy client tests inherits test cases from trust tests, that have
role for tree root domain. That role was missing in legacy client tests.

https://fedorahosted.org/freeipa/ticket/6600
"""

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#388][opened] py3: enable py3 pylint

2017-01-11 Thread mbasti-rh
   URL: https://github.com/freeipa/freeipa/pull/388
Author: mbasti-rh
 Title: #388: py3: enable py3 pylint
Action: opened

PR body:
"""
We should run pylint in both python2 and python3 versions
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/388/head:pr388
git checkout pr388
From c4334efb7af4063bcf1e9fffcd7a597a270772d8 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 11 Jan 2017 09:55:00 +0100
Subject: [PATCH] py3: enable py3 pylint

We should run pylint in both python2 and python3 versions
---
 .test_runner_config.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml
index 2aece9a..abfcdd2 100644
--- a/.test_runner_config.yaml
+++ b/.test_runner_config.yaml
@@ -40,7 +40,8 @@ steps:
 -a ${server_password} --setup-dns --auto-forwarders
   - ipa-kra-install -p ${server_password}
   lint:
-  - make V=0 lint
+  - PYTHON=/usr/bin/python2 make V=0 lint
+  - PYTHON=/usr/bin/python3 make V=0 lint
   prepare_tests:
   - echo ${server_password} | kinit admin && ipa ping
   - cp -r /etc/ipa/* ~/.ipa/
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#385][+ack] Generate sha256 ssh pubkey fingerprints for hosts

2017-01-11 Thread tomaskrizek
  URL: https://github.com/freeipa/freeipa/pull/385
Title: #385: Generate sha256 ssh pubkey fingerprints for hosts

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code