[Freeipa-devel] [freeipa PR#373][synchronized] ipaplatform: Add Debian platform module.
URL: https://github.com/freeipa/freeipa/pull/373 Author: tjaalton Title: #373: ipaplatform: Add Debian platform module. Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/373/head:pr373 git checkout pr373 From c7b64b72481529f0b7370047a40ab82f49465a49 Mon Sep 17 00:00:00 2001 From: Timo Aaltonen Date: Thu, 5 Jan 2017 12:41:08 +0200 Subject: [PATCH] ipaplatform: Add Debian platform module. v2: - use redhat_services.redhat_system_units.copy - don't use wildcard imports - add some empty lines to make pep8 happy v3: - make parse_ipa_version static v4: - make more methods static v5: - fix pylint issues - use syntax that doesn't break with python3 --- ipaplatform/base/tasks.py | 3 +- ipaplatform/debian/__init__.py | 7 ++ ipaplatform/debian/constants.py | 25 ++ ipaplatform/debian/paths.py | 97 + ipaplatform/debian/services.py | 184 ipaplatform/debian/tasks.py | 50 +++ ipaplatform/setup.py| 1 + 7 files changed, 366 insertions(+), 1 deletion(-) create mode 100644 ipaplatform/debian/__init__.py create mode 100644 ipaplatform/debian/constants.py create mode 100644 ipaplatform/debian/paths.py create mode 100644 ipaplatform/debian/services.py create mode 100644 ipaplatform/debian/tasks.py diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 702da6b..8cf6fde 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -227,7 +227,8 @@ def create_system_user(self, name, group, homedir, shell, uid=None, gid=None, co else: log.debug('user %s exists', name) -def parse_ipa_version(self, version): +@staticmethod +def parse_ipa_version(version): """ :param version: textual version :return: object implementing proper __cmp__ method for version compare diff --git a/ipaplatform/debian/__init__.py b/ipaplatform/debian/__init__.py new file mode 100644 index 000..6305270 --- /dev/null +++ b/ipaplatform/debian/__init__.py @@ -0,0 +1,7 @@ +# +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +# + +""" +This module contains Debian specific platform files. +""" diff --git a/ipaplatform/debian/constants.py b/ipaplatform/debian/constants.py new file mode 100644 index 000..1edcb5a --- /dev/null +++ b/ipaplatform/debian/constants.py @@ -0,0 +1,25 @@ +# +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +# + +''' +This Debian family platform module exports platform dependant constants. +''' + +# Fallback to default path definitions +from ipaplatform.base.constants import BaseConstantsNamespace + + +class DebianConstantsNamespace(BaseConstantsNamespace): +HTTPD_USER = "www-data" +NAMED_USER = "bind" +NAMED_GROUP = "bind" +# ntpd init variable used for daemon options +NTPD_OPTS_VAR = "NTPD_OPTS" +# quote used for daemon options +NTPD_OPTS_QUOTE = "\'" +ODS_USER = "opendnssec" +ODS_GROUP = "opendnssec" +SECURE_NFS_VAR = "NEED_GSSD" + +constants = DebianConstantsNamespace() diff --git a/ipaplatform/debian/paths.py b/ipaplatform/debian/paths.py new file mode 100644 index 000..4ceb218 --- /dev/null +++ b/ipaplatform/debian/paths.py @@ -0,0 +1,97 @@ +# +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +# + +""" +This Debian base platform module exports default filesystem paths as common +in Debian-based systems. +""" + +# Fallback to default path definitions +from ipaplatform.base.paths import BasePathNamespace +import sysconfig + +MULTIARCH = sysconfig.get_config_var('MULTIARCH') + +class DebianPathNamespace(BasePathNamespace): +BIN_HOSTNAMECTL = "/usr/bin/hostnamectl" +AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf" +ETC_HTTPD_DIR = "/etc/apache2" +HTTPD_ALIAS_DIR = "/etc/apache2/nssdb" +ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc" +ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt" +HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/" +HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/apache2/conf-enabled/ipa-kdc-proxy.conf" +HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf" +HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf" +HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf" +HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf" +IPA_KEYTAB = "/etc/apache2/ipa.keytab" +HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf" +NAMED_CONF = "/etc/bind/named.conf" +NAMED_VAR_DIR = "/var/cache/bind" +NAMED_KEYTAB = "/etc/bind/named.keytab" +NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones" +NAMED_ROOT_KEY = "/etc/bind/bind.keys" +NAMED_BINDKEYS_FILE = "/etc/bind/bind.keys" +NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic" +OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf" +ETC_DEBIAN_VERSION = "/etc/de
[Freeipa-devel] [freeipa PR#373][synchronized] ipaplatform: Add Debian platform module.
URL: https://github.com/freeipa/freeipa/pull/373 Author: tjaalton Title: #373: ipaplatform: Add Debian platform module. Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/373/head:pr373 git checkout pr373 From 1d9022b643aa928c9b42b9f1f10794706c2889a1 Mon Sep 17 00:00:00 2001 From: Timo Aaltonen Date: Thu, 5 Jan 2017 12:41:08 +0200 Subject: [PATCH] ipaplatform: Add Debian platform module. v2: - use redhat_services.redhat_system_units.copy - don't use wildcard imports - add some empty lines to make pep8 happy v3: - make parse_ipa_version static v4: - make more methods static --- ipaplatform/base/tasks.py | 3 +- ipaplatform/debian/__init__.py | 7 ++ ipaplatform/debian/constants.py | 25 ++ ipaplatform/debian/paths.py | 97 + ipaplatform/debian/services.py | 184 ipaplatform/debian/tasks.py | 50 +++ ipaplatform/setup.py| 1 + 7 files changed, 366 insertions(+), 1 deletion(-) create mode 100644 ipaplatform/debian/__init__.py create mode 100644 ipaplatform/debian/constants.py create mode 100644 ipaplatform/debian/paths.py create mode 100644 ipaplatform/debian/services.py create mode 100644 ipaplatform/debian/tasks.py diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 702da6b..8cf6fde 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -227,7 +227,8 @@ def create_system_user(self, name, group, homedir, shell, uid=None, gid=None, co else: log.debug('user %s exists', name) -def parse_ipa_version(self, version): +@staticmethod +def parse_ipa_version(version): """ :param version: textual version :return: object implementing proper __cmp__ method for version compare diff --git a/ipaplatform/debian/__init__.py b/ipaplatform/debian/__init__.py new file mode 100644 index 000..6305270 --- /dev/null +++ b/ipaplatform/debian/__init__.py @@ -0,0 +1,7 @@ +# +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +# + +""" +This module contains Debian specific platform files. +""" diff --git a/ipaplatform/debian/constants.py b/ipaplatform/debian/constants.py new file mode 100644 index 000..1edcb5a --- /dev/null +++ b/ipaplatform/debian/constants.py @@ -0,0 +1,25 @@ +# +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +# + +''' +This Debian family platform module exports platform dependant constants. +''' + +# Fallback to default path definitions +from ipaplatform.base.constants import BaseConstantsNamespace + + +class DebianConstantsNamespace(BaseConstantsNamespace): +HTTPD_USER = "www-data" +NAMED_USER = "bind" +NAMED_GROUP = "bind" +# ntpd init variable used for daemon options +NTPD_OPTS_VAR = "NTPD_OPTS" +# quote used for daemon options +NTPD_OPTS_QUOTE = "\'" +ODS_USER = "opendnssec" +ODS_GROUP = "opendnssec" +SECURE_NFS_VAR = "NEED_GSSD" + +constants = DebianConstantsNamespace() diff --git a/ipaplatform/debian/paths.py b/ipaplatform/debian/paths.py new file mode 100644 index 000..4ceb218 --- /dev/null +++ b/ipaplatform/debian/paths.py @@ -0,0 +1,97 @@ +# +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +# + +""" +This Debian base platform module exports default filesystem paths as common +in Debian-based systems. +""" + +# Fallback to default path definitions +from ipaplatform.base.paths import BasePathNamespace +import sysconfig + +MULTIARCH = sysconfig.get_config_var('MULTIARCH') + +class DebianPathNamespace(BasePathNamespace): +BIN_HOSTNAMECTL = "/usr/bin/hostnamectl" +AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf" +ETC_HTTPD_DIR = "/etc/apache2" +HTTPD_ALIAS_DIR = "/etc/apache2/nssdb" +ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc" +ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt" +HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/" +HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/apache2/conf-enabled/ipa-kdc-proxy.conf" +HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf" +HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf" +HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf" +HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf" +IPA_KEYTAB = "/etc/apache2/ipa.keytab" +HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf" +NAMED_CONF = "/etc/bind/named.conf" +NAMED_VAR_DIR = "/var/cache/bind" +NAMED_KEYTAB = "/etc/bind/named.keytab" +NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones" +NAMED_ROOT_KEY = "/etc/bind/bind.keys" +NAMED_BINDKEYS_FILE = "/etc/bind/bind.keys" +NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic" +OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf" +ETC_DEBIAN_VERSION = "/etc/debian_version" +IPA_P11_KIT = "/usr/local/share/ca-certificates/ipa
[Freeipa-devel] [freeipa PR#389][comment] Fix build in mock
URL: https://github.com/freeipa/freeipa/pull/389 Title: #389: Fix build in mock lslebodn commented: """ I updated doc help do jslint in latest version """ See the full comment at https://github.com/freeipa/freeipa/pull/389#issuecomment-271931555 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#389][synchronized] Fix build in mock
URL: https://github.com/freeipa/freeipa/pull/389 Author: lslebodn Title: #389: Fix build in mock Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/389/head:pr389 git checkout pr389 From 496c47a4549b327f28d8cd6466af3a520dc0797d Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 11 Jan 2017 17:08:30 +0100 Subject: [PATCH 1/3] CONFIGURE: Fix detection of pylint If configure script was executed with --enable-pylint then it behaved the same as --disable-pylint. It does not make any sense. Resolves: https://fedorahosted.org/freeipa/ticket/6604 --- configure.ac | 20 +++- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index e8a4701..c84c1bc 100644 --- a/configure.ac +++ b/configure.ac @@ -446,16 +446,18 @@ AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"]) AC_ARG_ENABLE([pylint], AS_HELP_STRING([--disable-pylint], [skip Pylint in make lint target]), - [PYLINT=no], - [PYLINT=yes - AC_MSG_CHECKING([for Pylint]) - $PYTHON -m pylint --version > /dev/null - if test "$?" != "0"; then - AC_MSG_ERROR([cannot find pylint for $PYTHON]) - fi - AC_MSG_RESULT([yes]) - ] + [PYLINT=$enableval], + [PYLINT=yes] ) +if test x$PYLINT != xno; then +AC_MSG_CHECKING([for Pylint]) +$PYTHON -m pylint --version > /dev/null +if test "$?" != "0"; then +AC_MSG_ERROR([cannot find pylint for $PYTHON]) +else +AC_MSG_RESULT([yes]) +fi +fi AC_SUBST([PYLINT]) AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"]) From 1a4cbc1528b248ea6060e32f0f741ebd09b82e07 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 11 Jan 2017 18:14:49 +0100 Subject: [PATCH 2/3] CONFIGURE: Update help message for jslint Resolves: https://fedorahosted.org/freeipa/ticket/6604 --- configure.ac | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index c84c1bc..6cd3a89 100644 --- a/configure.ac +++ b/configure.ac @@ -463,11 +463,12 @@ AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"]) AC_ARG_WITH([jslint], - AS_HELP_STRING([--with-jslint=path to jsl], - [path to JavaScript lint]), +AS_HELP_STRING([--with-jslint=[FILE]], + [path to JavaScript linter. Default is autodetection of + utility "jsl" ]), dnl --without-jslint will set JSLINT=no - [JSLINT=$with_jslint], - [AC_PATH_PROG([JSLINT], [jsl])] +[JSLINT=$with_jslint], +[AC_PATH_PROG([JSLINT], [jsl])] ) if test "x${JSLINT}" == "x"; then AC_MSG_ERROR([cannot find JS lint]) From eda6c2a147cb5c1927cefee7aa69b6b5a761ba83 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 11 Jan 2017 15:02:09 +0100 Subject: [PATCH 3/3] SPEC: Fix build in mock Neither pylint nor jsl is installed by default because rpm macro with_lint is not defined in spec file. However, configure script tried to find pylint/jsl anyway. checking for Pylint... /usr/bin/python2: No module named pylint configure: error: cannot find pylint for /usr/bin/python2 RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build) Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build) Resolves: https://fedorahosted.org/freeipa/ticket/6604 --- freeipa.spec.in | 15 +-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index c4420a0..99820d1 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -10,6 +10,12 @@ # lint is not executed during rpmbuild # %%global with_lint 1 +%if 0%{?with_lint} +%global enable_pylint_option --enable-pylint +%else +%global enable_pylint_option --disable-pylint +%global without_jslint_option --without-jslint +%endif %global alt_name ipa %if 0%{?rhel} @@ -778,7 +784,10 @@ find \ ! -name '*.pyo' -a \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \; -%configure --with-vendor-suffix=-%{release} +%configure --with-vendor-suffix=-%{release} \ + %{enable_pylint_option} \ + %{?without_jslint_option} + # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405 %make_build -Onone @@ -793,7 +802,9 @@ find \ ! -name '*.pyo' -a \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \; -%configure --with-vendor-suffix=-%{release} +%configure --with-vendor-suffix=-%{release} \ + %{enable_pylint_option} \ + %{?without_jslint_option} popd %endif # with_python3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#389][synchronized] Fix build in mock
URL: https://github.com/freeipa/freeipa/pull/389 Author: lslebodn Title: #389: Fix build in mock Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/389/head:pr389 git checkout pr389 From c28b3c5f5ea7aedfe8d67143c569760b8d2d851a Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 11 Jan 2017 17:08:30 +0100 Subject: [PATCH 1/2] BUILD: Fix detection of pylint If configure script was executed with --enable-pylint then it behaved the same as --disable-pylint. It does not make any sense. --- configure.ac | 20 +++- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index e8a4701..c84c1bc 100644 --- a/configure.ac +++ b/configure.ac @@ -446,16 +446,18 @@ AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"]) AC_ARG_ENABLE([pylint], AS_HELP_STRING([--disable-pylint], [skip Pylint in make lint target]), - [PYLINT=no], - [PYLINT=yes - AC_MSG_CHECKING([for Pylint]) - $PYTHON -m pylint --version > /dev/null - if test "$?" != "0"; then - AC_MSG_ERROR([cannot find pylint for $PYTHON]) - fi - AC_MSG_RESULT([yes]) - ] + [PYLINT=$enableval], + [PYLINT=yes] ) +if test x$PYLINT != xno; then +AC_MSG_CHECKING([for Pylint]) +$PYTHON -m pylint --version > /dev/null +if test "$?" != "0"; then +AC_MSG_ERROR([cannot find pylint for $PYTHON]) +else +AC_MSG_RESULT([yes]) +fi +fi AC_SUBST([PYLINT]) AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"]) From d1c0d0e777b504cbc33e0db09b2c3e0c66cf0846 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 11 Jan 2017 15:02:09 +0100 Subject: [PATCH 2/2] SPEC: Fix build in mock Neither pylint nor jsl is installed by default because rpm macro with_lint is not defined in spec file. However, configure script tried to find pylint/jsl anyway. checking for Pylint... /usr/bin/python2: No module named pylint configure: error: cannot find pylint for /usr/bin/python2 RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build) Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build) --- freeipa.spec.in | 15 +-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index c4420a0..99820d1 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -10,6 +10,12 @@ # lint is not executed during rpmbuild # %%global with_lint 1 +%if 0%{?with_lint} +%global enable_pylint_option --enable-pylint +%else +%global enable_pylint_option --disable-pylint +%global without_jslint_option --without-jslint +%endif %global alt_name ipa %if 0%{?rhel} @@ -778,7 +784,10 @@ find \ ! -name '*.pyo' -a \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \; -%configure --with-vendor-suffix=-%{release} +%configure --with-vendor-suffix=-%{release} \ + %{enable_pylint_option} \ + %{?without_jslint_option} + # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405 %make_build -Onone @@ -793,7 +802,9 @@ find \ ! -name '*.pyo' -a \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \; -%configure --with-vendor-suffix=-%{release} +%configure --with-vendor-suffix=-%{release} \ + %{enable_pylint_option} \ + %{?without_jslint_option} popd %endif # with_python3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#389][synchronized] Fix build in mock
URL: https://github.com/freeipa/freeipa/pull/389 Author: lslebodn Title: #389: Fix build in mock Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/389/head:pr389 git checkout pr389 From b847c8f98655d6b6099b47052aa89c279929bf29 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 11 Jan 2017 17:08:30 +0100 Subject: [PATCH 1/2] BUILD: Fix detection of pylint If configure script was executed with --enable-pylint then it behaved the same as --disable-pylint. It does not make any sense. --- configure.ac | 20 +++- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index e8a4701..c706018 100644 --- a/configure.ac +++ b/configure.ac @@ -446,16 +446,18 @@ AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"]) AC_ARG_ENABLE([pylint], AS_HELP_STRING([--disable-pylint], [skip Pylint in make lint target]), - [PYLINT=no], - [PYLINT=yes - AC_MSG_CHECKING([for Pylint]) - $PYTHON -m pylint --version > /dev/null - if test "$?" != "0"; then - AC_MSG_ERROR([cannot find pylint for $PYTHON]) - fi - AC_MSG_RESULT([yes]) - ] + [PYLINT=$enableval], + [PYLINT=no] ) +if test x$PYLINT != no; then +AC_MSG_CHECKING([for Pylint]) +$PYTHON -m pylint --version > /dev/null +if test "$?" != "0"; then +AC_MSG_ERROR([cannot find pylint for $PYTHON]) +else +AC_MSG_RESULT([yes]) +fi +fi AC_SUBST([PYLINT]) AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"]) From 4f62f8d77cd0a5ac16bbdbbc86103f231a1ca343 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 11 Jan 2017 15:02:09 +0100 Subject: [PATCH 2/2] SPEC: Fix build in mock Neither pylint nor jsl is installed by default because rpm macro with_lint is not defined in spec file. However, configure script tried to find pylint/jsl anyway. checking for Pylint... /usr/bin/python2: No module named pylint configure: error: cannot find pylint for /usr/bin/python2 RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build) Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build) --- configure.ac| 2 +- freeipa.spec.in | 15 +-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index c706018..1616f31 100644 --- a/configure.ac +++ b/configure.ac @@ -447,7 +447,7 @@ AC_ARG_ENABLE([pylint], AS_HELP_STRING([--disable-pylint], [skip Pylint in make lint target]), [PYLINT=$enableval], - [PYLINT=no] + [PYLINT=yes] ) if test x$PYLINT != no; then AC_MSG_CHECKING([for Pylint]) diff --git a/freeipa.spec.in b/freeipa.spec.in index c4420a0..99820d1 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -10,6 +10,12 @@ # lint is not executed during rpmbuild # %%global with_lint 1 +%if 0%{?with_lint} +%global enable_pylint_option --enable-pylint +%else +%global enable_pylint_option --disable-pylint +%global without_jslint_option --without-jslint +%endif %global alt_name ipa %if 0%{?rhel} @@ -778,7 +784,10 @@ find \ ! -name '*.pyo' -a \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \; -%configure --with-vendor-suffix=-%{release} +%configure --with-vendor-suffix=-%{release} \ + %{enable_pylint_option} \ + %{?without_jslint_option} + # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405 %make_build -Onone @@ -793,7 +802,9 @@ find \ ! -name '*.pyo' -a \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \; -%configure --with-vendor-suffix=-%{release} +%configure --with-vendor-suffix=-%{release} \ + %{enable_pylint_option} \ + %{?without_jslint_option} popd %endif # with_python3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#389][comment] Fix build in mock
URL: https://github.com/freeipa/freeipa/pull/389 Title: #389: Fix build in mock tiran commented: """ Thanks, your PR fixes some concerns of my ticket https://fedorahosted.org/freeipa/ticket/6604. """ See the full comment at https://github.com/freeipa/freeipa/pull/389#issuecomment-271914990 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#390][opened] WebUI: Fix Coverity JS bugs
URL: https://github.com/freeipa/freeipa/pull/390 Author: pvomacka Title: #390: WebUI: Fix Coverity JS bugs Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/390/head:pr390 git checkout pr390 From 8b35a9710d8476903f00c57e63b8f734a344235c Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Wed, 11 Jan 2017 17:13:19 +0100 Subject: [PATCH 1/2] Coverity: Fix possibility of access to attribute of undefined --- install/ui/src/freeipa/widgets/APIBrowserWidget.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/widgets/APIBrowserWidget.js b/install/ui/src/freeipa/widgets/APIBrowserWidget.js index 2164df2..ff1c8ee 100644 --- a/install/ui/src/freeipa/widgets/APIBrowserWidget.js +++ b/install/ui/src/freeipa/widgets/APIBrowserWidget.js @@ -253,7 +253,7 @@ widgets.APIBrowserWidget = declare([Stateful, Evented], { // switch widget if (widget && !widget.el) widget.render(); -if (this.current_details_w !== widget) { +if (widget && this.current_details_w !== widget) { this.details_el.empty(); this.details_el.append(widget.el); } From 9b07762989f53adeb6dbad92f61622946cf52509 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Wed, 11 Jan 2017 17:14:01 +0100 Subject: [PATCH 2/2] Coverity: removed useless semicolon which ends statement earlier --- install/ui/src/freeipa/widgets/LoginScreen.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js index 29a5efc..0096433 100644 --- a/install/ui/src/freeipa/widgets/LoginScreen.js +++ b/install/ui/src/freeipa/widgets/LoginScreen.js @@ -339,10 +339,10 @@ define(['dojo/_base/declare', set_login_aside_text: function() { var aside = ""; if (this.password_enabled()) { -aside += ""+this.form_auth_msg;+""; +aside += ""+this.form_auth_msg+""; } if (this.kerberos_enabled()) { -aside += ""+this.kerberos_msg;+""; +aside += ""+this.kerberos_msg+""; } this.set('aside', aside); }, -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#389][opened] Fix build in mock
URL: https://github.com/freeipa/freeipa/pull/389 Author: lslebodn Title: #389: Fix build in mock Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/389/head:pr389 git checkout pr389 From b847c8f98655d6b6099b47052aa89c279929bf29 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 11 Jan 2017 17:08:30 +0100 Subject: [PATCH 1/2] BUILD: Fix detection of pylint If configure script was executed with --enable-pylint then it behaved the same as --disable-pylint. It does not make any sense. --- configure.ac | 20 +++- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index e8a4701..c706018 100644 --- a/configure.ac +++ b/configure.ac @@ -446,16 +446,18 @@ AM_CONDITIONAL([WITH_POLINT], [test "x${enable_i18ntests}" == "xyes"]) AC_ARG_ENABLE([pylint], AS_HELP_STRING([--disable-pylint], [skip Pylint in make lint target]), - [PYLINT=no], - [PYLINT=yes - AC_MSG_CHECKING([for Pylint]) - $PYTHON -m pylint --version > /dev/null - if test "$?" != "0"; then - AC_MSG_ERROR([cannot find pylint for $PYTHON]) - fi - AC_MSG_RESULT([yes]) - ] + [PYLINT=$enableval], + [PYLINT=no] ) +if test x$PYLINT != no; then +AC_MSG_CHECKING([for Pylint]) +$PYTHON -m pylint --version > /dev/null +if test "$?" != "0"; then +AC_MSG_ERROR([cannot find pylint for $PYTHON]) +else +AC_MSG_RESULT([yes]) +fi +fi AC_SUBST([PYLINT]) AM_CONDITIONAL([WITH_PYLINT], [test "x${PYLINT}" != "xno"]) From 19a0a3b8c5e4855d047d098262c1a44a76ea5ebf Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 11 Jan 2017 15:02:09 +0100 Subject: [PATCH 2/2] SPEC: Fix build in mock Neither pylint nor jsl is installed by default because rpm macro with_lint is not defined in spec file. However, configure script tried to find pylint/jsl anyway. checking for Pylint... /usr/bin/python2: No module named pylint configure: error: cannot find pylint for /usr/bin/python2 RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build) Bad exit status from /var/tmp/rpm-tmp.2GAFh4 (%build) --- freeipa.spec.in | 15 +-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index c4420a0..99820d1 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -10,6 +10,12 @@ # lint is not executed during rpmbuild # %%global with_lint 1 +%if 0%{?with_lint} +%global enable_pylint_option --enable-pylint +%else +%global enable_pylint_option --disable-pylint +%global without_jslint_option --without-jslint +%endif %global alt_name ipa %if 0%{?rhel} @@ -778,7 +784,10 @@ find \ ! -name '*.pyo' -a \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \; -%configure --with-vendor-suffix=-%{release} +%configure --with-vendor-suffix=-%{release} \ + %{enable_pylint_option} \ + %{?without_jslint_option} + # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405 %make_build -Onone @@ -793,7 +802,9 @@ find \ ! -name '*.pyo' -a \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' {} \; -%configure --with-vendor-suffix=-%{release} +%configure --with-vendor-suffix=-%{release} \ + %{enable_pylint_option} \ + %{?without_jslint_option} popd %endif # with_python3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server
URL: https://github.com/freeipa/freeipa/pull/364 Title: #364: Client-only builds with --disable-server tiran commented: """ Nit-pick: A build does not produce any files outside the build environment. Of course **make install** produces the files -- unless you change the prefix with ```./configure --prefix```. """ See the full comment at https://github.com/freeipa/freeipa/pull/364#issuecomment-271901278 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server
URL: https://github.com/freeipa/freeipa/pull/364 Title: #364: Client-only builds with --disable-server tomaskrizek commented: """ The extra dependencies are indeed not necessary with this change. However, `make install` produces directories like `/usr/lib/python2.7/site-packages/ipaserver`, `/usr/lib/python2.7/site-packages/ipatests`, ... I don't think these should be present when doing a client-only build. """ See the full comment at https://github.com/freeipa/freeipa/pull/364#issuecomment-271895769 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#381][closed] disable hostname canonicalization by Kerberos library
URL: https://github.com/freeipa/freeipa/pull/381 Author: martbab Title: #381: disable hostname canonicalization by Kerberos library Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/381/head:pr381 git checkout pr381 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#381][+pushed] disable hostname canonicalization by Kerberos library
URL: https://github.com/freeipa/freeipa/pull/381 Title: #381: disable hostname canonicalization by Kerberos library Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library
URL: https://github.com/freeipa/freeipa/pull/381 Title: #381: disable hostname canonicalization by Kerberos library martbab commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/566c86a782bfd7d50938866e9f89faf56cea773f """ See the full comment at https://github.com/freeipa/freeipa/pull/381#issuecomment-271895542 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library
URL: https://github.com/freeipa/freeipa/pull/381 Title: #381: disable hostname canonicalization by Kerberos library martbab commented: """ @pvoborni will do. """ See the full comment at https://github.com/freeipa/freeipa/pull/381#issuecomment-271894729 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#382][synchronized] [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)
URL: https://github.com/freeipa/freeipa/pull/382 Author: mbasti-rh Title: #382: [Py3] ipa-server-install fixes (working NTP, DS, CA install steps) Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/382/head:pr382 git checkout pr382 From 0ba8877d4f0a6e96d4e338a88f8638d00ad980b1 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 11:53:59 +0100 Subject: [PATCH 01/16] py3: create_cert_db: write to file in a compatible way Py3 expect bytes to be writed using os.write. Instead of that using io module is more pythonic. https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/install/httpinstance.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index bacd5fc..ded0553 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -19,6 +19,7 @@ from __future__ import print_function +import io import os import os.path import pwd @@ -314,9 +315,8 @@ def create_cert_db(self): # Create the password file for this db password = ipautil.ipa_generate_password() -f = os.open(pwd_file, os.O_CREAT | os.O_RDWR) -os.write(f, password) -os.close(f) +with io.open(pwd_file, 'w') as f: +f.write(password) ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"]) From 447691cc4a08ea66d8a0d8bc3dd674bc1dfb273e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 10 Jan 2017 13:45:11 +0100 Subject: [PATCH 02/16] py3: service.py: replace mkstemp by NamedTemporaryFile NamedTemporaryfile can be used in more pythonic way and file can be opened in textual mode that is required with PY3 https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/ipautil.py | 2 +- ipaserver/install/service.py | 7 --- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index e3e4611..34d10ef 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -852,7 +852,7 @@ def ipa_generate_password(entropy_bits=256, uppercase=1, lowercase=1, digits=1, rnd = random.SystemRandom() todo_entropy = entropy_bits -password = '' +password = u'' # Generate required character classes: # The order of generated characters is fixed to comply with check in # NSS function sftk_newPinCheck() in nss/lib/softoken/fipstokn.c. diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 6451f92..fbe3f23 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -208,9 +208,10 @@ def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True, args += ["-H", ldap_uri] if dm_password: -[pw_fd, pw_name] = tempfile.mkstemp() -os.write(pw_fd, dm_password) -os.close(pw_fd) +with tempfile.NamedTemporaryFile( +mode='w', delete=False) as pw_file: +pw_file.write(dm_password) +pw_name = pw_file.name auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name] # Use GSSAPI auth when not using DM password or not being root elif os.getegid() != 0: From a88a49b9df29c4d0ee72fb570ed9d847115ced18 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 12:42:23 +0100 Subject: [PATCH 03/16] py3: open temporary ldif file in text mode ldif parser uses file in text mode, so we have to open it in text mode in py3 Also values passed to parser should be bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/install/dsinstance.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 89315b6..2721d88 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -582,14 +582,15 @@ def __update_dse_ldif(self): 'dse.ldif' ) -with tempfile.NamedTemporaryFile(delete=False) as new_dse_ldif: +with tempfile.NamedTemporaryFile( +mode='w', delete=False) as new_dse_ldif: temp_filename = new_dse_ldif.name with open(dse_filename, "r") as input_file: parser = installutils.ModifyLDIF(input_file, new_dse_ldif) parser.replace_value( 'cn=config,cn=ldbm database,cn=plugins,cn=config', 'nsslapd-db-locks', -['5'] +[b'5'] ) if self.config_ldif: # parse modifications from ldif file supplied by the admin From de38448a7ede9ce49818be053f14f07a200bb915 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 19:01:29 +0100 Subject: [PATCH 04/16] py3: ldap modlist must have keys as string, n
[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library
URL: https://github.com/freeipa/freeipa/pull/381 Title: #381: disable hostname canonicalization by Kerberos library pvoborni commented: """ To not forget to update the release notes later at release, @martbab could you update the respected fields in both ticket and BZ when the patch is pushed. """ See the full comment at https://github.com/freeipa/freeipa/pull/381#issuecomment-271883989 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#382][synchronized] [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)
URL: https://github.com/freeipa/freeipa/pull/382 Author: mbasti-rh Title: #382: [Py3] ipa-server-install fixes (working NTP, DS, CA install steps) Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/382/head:pr382 git checkout pr382 From 0ba8877d4f0a6e96d4e338a88f8638d00ad980b1 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 11:53:59 +0100 Subject: [PATCH 01/16] py3: create_cert_db: write to file in a compatible way Py3 expect bytes to be writed using os.write. Instead of that using io module is more pythonic. https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/install/httpinstance.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index bacd5fc..ded0553 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -19,6 +19,7 @@ from __future__ import print_function +import io import os import os.path import pwd @@ -314,9 +315,8 @@ def create_cert_db(self): # Create the password file for this db password = ipautil.ipa_generate_password() -f = os.open(pwd_file, os.O_CREAT | os.O_RDWR) -os.write(f, password) -os.close(f) +with io.open(pwd_file, 'w') as f: +f.write(password) ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"]) From 447691cc4a08ea66d8a0d8bc3dd674bc1dfb273e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 10 Jan 2017 13:45:11 +0100 Subject: [PATCH 02/16] py3: service.py: replace mkstemp by NamedTemporaryFile NamedTemporaryfile can be used in more pythonic way and file can be opened in textual mode that is required with PY3 https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/ipautil.py | 2 +- ipaserver/install/service.py | 7 --- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index e3e4611..34d10ef 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -852,7 +852,7 @@ def ipa_generate_password(entropy_bits=256, uppercase=1, lowercase=1, digits=1, rnd = random.SystemRandom() todo_entropy = entropy_bits -password = '' +password = u'' # Generate required character classes: # The order of generated characters is fixed to comply with check in # NSS function sftk_newPinCheck() in nss/lib/softoken/fipstokn.c. diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 6451f92..fbe3f23 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -208,9 +208,10 @@ def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True, args += ["-H", ldap_uri] if dm_password: -[pw_fd, pw_name] = tempfile.mkstemp() -os.write(pw_fd, dm_password) -os.close(pw_fd) +with tempfile.NamedTemporaryFile( +mode='w', delete=False) as pw_file: +pw_file.write(dm_password) +pw_name = pw_file.name auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name] # Use GSSAPI auth when not using DM password or not being root elif os.getegid() != 0: From a88a49b9df29c4d0ee72fb570ed9d847115ced18 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 12:42:23 +0100 Subject: [PATCH 03/16] py3: open temporary ldif file in text mode ldif parser uses file in text mode, so we have to open it in text mode in py3 Also values passed to parser should be bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/install/dsinstance.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 89315b6..2721d88 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -582,14 +582,15 @@ def __update_dse_ldif(self): 'dse.ldif' ) -with tempfile.NamedTemporaryFile(delete=False) as new_dse_ldif: +with tempfile.NamedTemporaryFile( +mode='w', delete=False) as new_dse_ldif: temp_filename = new_dse_ldif.name with open(dse_filename, "r") as input_file: parser = installutils.ModifyLDIF(input_file, new_dse_ldif) parser.replace_value( 'cn=config,cn=ldbm database,cn=plugins,cn=config', 'nsslapd-db-locks', -['5'] +[b'5'] ) if self.config_ldif: # parse modifications from ldif file supplied by the admin From de38448a7ede9ce49818be053f14f07a200bb915 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 19:01:29 +0100 Subject: [PATCH 04/16] py3: ldap modlist must have keys as string, n
[Freeipa-devel] [freeipa PR#382][synchronized] [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)
URL: https://github.com/freeipa/freeipa/pull/382 Author: mbasti-rh Title: #382: [Py3] ipa-server-install fixes (working NTP, DS, CA install steps) Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/382/head:pr382 git checkout pr382 From 0ba8877d4f0a6e96d4e338a88f8638d00ad980b1 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 11:53:59 +0100 Subject: [PATCH 01/16] py3: create_cert_db: write to file in a compatible way Py3 expect bytes to be writed using os.write. Instead of that using io module is more pythonic. https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/install/httpinstance.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index bacd5fc..ded0553 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -19,6 +19,7 @@ from __future__ import print_function +import io import os import os.path import pwd @@ -314,9 +315,8 @@ def create_cert_db(self): # Create the password file for this db password = ipautil.ipa_generate_password() -f = os.open(pwd_file, os.O_CREAT | os.O_RDWR) -os.write(f, password) -os.close(f) +with io.open(pwd_file, 'w') as f: +f.write(password) ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"]) From f97b56d35539dbc091d20282e01b7a804c6f8732 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 10 Jan 2017 13:45:11 +0100 Subject: [PATCH 02/16] py3: service.py: replace mkstemp by NamedTemporaryFile NamedTemporaryfile can be used in more pythonic way and file can be opened in textual mode that is required with PY3 https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/ipautil.py | 2 +- ipaserver/install/service.py | 9 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index e3e4611..34d10ef 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -852,7 +852,7 @@ def ipa_generate_password(entropy_bits=256, uppercase=1, lowercase=1, digits=1, rnd = random.SystemRandom() todo_entropy = entropy_bits -password = '' +password = u'' # Generate required character classes: # The order of generated characters is fixed to comply with check in # NSS function sftk_newPinCheck() in nss/lib/softoken/fipstokn.c. diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 6451f92..c96cd8b 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -208,10 +208,11 @@ def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True, args += ["-H", ldap_uri] if dm_password: -[pw_fd, pw_name] = tempfile.mkstemp() -os.write(pw_fd, dm_password) -os.close(pw_fd) -auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name] +with tempfile.NamedTemporaryFile( +mode='w', delete=False) as pw_file: +pw_name = pw_file.name +pw_file.write(dm_password) +auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name] # Use GSSAPI auth when not using DM password or not being root elif os.getegid() != 0: auth_parms = ["-Y", "GSSAPI"] From 381a6570f75a581d01e8ed57d701654ae36d388e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 12:42:23 +0100 Subject: [PATCH 03/16] py3: open temporary ldif file in text mode ldif parser uses file in text mode, so we have to open it in text mode in py3 Also values passed to parser should be bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/install/dsinstance.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 89315b6..2721d88 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -582,14 +582,15 @@ def __update_dse_ldif(self): 'dse.ldif' ) -with tempfile.NamedTemporaryFile(delete=False) as new_dse_ldif: +with tempfile.NamedTemporaryFile( +mode='w', delete=False) as new_dse_ldif: temp_filename = new_dse_ldif.name with open(dse_filename, "r") as input_file: parser = installutils.ModifyLDIF(input_file, new_dse_ldif) parser.replace_value( 'cn=config,cn=ldbm database,cn=plugins,cn=config', 'nsslapd-db-locks', -['5'] +[b'5'] ) if self.config_ldif: # parse modifications from ldif file supplied by the admin From cbc2abe019f87a0bf69e63704fe06376e9b4c556 Mon Sep 17 00:00:00 20
[Freeipa-devel] [freeipa PR#245][+pushed] Allow full customisability of IPA CA subject DN
URL: https://github.com/freeipa/freeipa/pull/245 Title: #245: Allow full customisability of IPA CA subject DN Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#245][closed] Allow full customisability of IPA CA subject DN
URL: https://github.com/freeipa/freeipa/pull/245 Author: frasertweedale Title: #245: Allow full customisability of IPA CA subject DN Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/245/head:pr245 git checkout pr245 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN
URL: https://github.com/freeipa/freeipa/pull/245 Title: #245: Allow full customisability of IPA CA subject DN HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/324183cd63aeadbaa9678d610ba59e1295a606fe https://fedorahosted.org/freeipa/changeset/db6674096c598918ea6b12ca33a96cf5e617a434 https://fedorahosted.org/freeipa/changeset/c6db493b06320455a2366945911939a605df2a73 https://fedorahosted.org/freeipa/changeset/6f3eb85c302f54bec561337e6627c89144b589ff https://fedorahosted.org/freeipa/changeset/46bf0e89ae054b34adc66d08f205a5155e6f3fd6 https://fedorahosted.org/freeipa/changeset/f54df62abae4a15064bf297634558eb9be83ce33 https://fedorahosted.org/freeipa/changeset/09a65df6842411d42966111e50924df3de0b7031 https://fedorahosted.org/freeipa/changeset/3d01ec14c6e36fa962d0c54b2e08df0ecd401bd6 https://fedorahosted.org/freeipa/changeset/3f5660973251fe4b178e6486b6b86fbdd162d4d6 https://fedorahosted.org/freeipa/changeset/0c95a00147b1dd508736dacc847873afb504 """ See the full comment at https://github.com/freeipa/freeipa/pull/245#issuecomment-271880802 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#245][+ack] Allow full customisability of IPA CA subject DN
URL: https://github.com/freeipa/freeipa/pull/245 Title: #245: Allow full customisability of IPA CA subject DN Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server
URL: https://github.com/freeipa/freeipa/pull/364 Title: #364: Client-only builds with --disable-server tiran commented: """ The PR only affects ```make install```, Python packaging and integration efforts. The goal is to reduce the amount of necessary build dependencies for installation and packaging of Python wheels or for developers that are only interested to build ipa-client locally. At the moment it is not possible to build FreeIPA without Samba, talloc, tevent, 389 DS, systemd and a couple of more packages. The dependency tree is rather heavy. These dependencies are not relevant for clients, though. I haven't touched RPM builds deliberately. RPM spec can be adjusted in a subsequent PR. It's not relevant for me. """ See the full comment at https://github.com/freeipa/freeipa/pull/364#issuecomment-271879617 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#382][edited] [WIP] Py3 ipa-server-install fixes
URL: https://github.com/freeipa/freeipa/pull/382 Author: mbasti-rh Title: #382: [WIP] Py3 ipa-server-install fixes Action: edited Changed field: title Original value: """ [WIP] Py3 ipa-server-install fixes """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#382][edited] [WIP] Py3 ipa-server-install fixes
URL: https://github.com/freeipa/freeipa/pull/382 Author: mbasti-rh Title: #382: [WIP] Py3 ipa-server-install fixes Action: edited Changed field: body Original value: """ This PR should allow to install server with py3 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#382][synchronized] [WIP] Py3 ipa-server-install fixes
URL: https://github.com/freeipa/freeipa/pull/382 Author: mbasti-rh Title: #382: [WIP] Py3 ipa-server-install fixes Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/382/head:pr382 git checkout pr382 From 0ba8877d4f0a6e96d4e338a88f8638d00ad980b1 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 11:53:59 +0100 Subject: [PATCH 01/16] py3: create_cert_db: write to file in a compatible way Py3 expect bytes to be writed using os.write. Instead of that using io module is more pythonic. https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/install/httpinstance.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index bacd5fc..ded0553 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -19,6 +19,7 @@ from __future__ import print_function +import io import os import os.path import pwd @@ -314,9 +315,8 @@ def create_cert_db(self): # Create the password file for this db password = ipautil.ipa_generate_password() -f = os.open(pwd_file, os.O_CREAT | os.O_RDWR) -os.write(f, password) -os.close(f) +with io.open(pwd_file, 'w') as f: +f.write(password) ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"]) From f97b56d35539dbc091d20282e01b7a804c6f8732 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 10 Jan 2017 13:45:11 +0100 Subject: [PATCH 02/16] py3: service.py: replace mkstemp by NamedTemporaryFile NamedTemporaryfile can be used in more pythonic way and file can be opened in textual mode that is required with PY3 https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/ipautil.py | 2 +- ipaserver/install/service.py | 9 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index e3e4611..34d10ef 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -852,7 +852,7 @@ def ipa_generate_password(entropy_bits=256, uppercase=1, lowercase=1, digits=1, rnd = random.SystemRandom() todo_entropy = entropy_bits -password = '' +password = u'' # Generate required character classes: # The order of generated characters is fixed to comply with check in # NSS function sftk_newPinCheck() in nss/lib/softoken/fipstokn.c. diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 6451f92..c96cd8b 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -208,10 +208,11 @@ def _ldap_mod(self, ldif, sub_dict=None, raise_on_err=True, args += ["-H", ldap_uri] if dm_password: -[pw_fd, pw_name] = tempfile.mkstemp() -os.write(pw_fd, dm_password) -os.close(pw_fd) -auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name] +with tempfile.NamedTemporaryFile( +mode='w', delete=False) as pw_file: +pw_name = pw_file.name +pw_file.write(dm_password) +auth_parms = ["-x", "-D", "cn=Directory Manager", "-y", pw_name] # Use GSSAPI auth when not using DM password or not being root elif os.getegid() != 0: auth_parms = ["-Y", "GSSAPI"] From 381a6570f75a581d01e8ed57d701654ae36d388e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 9 Jan 2017 12:42:23 +0100 Subject: [PATCH 03/16] py3: open temporary ldif file in text mode ldif parser uses file in text mode, so we have to open it in text mode in py3 Also values passed to parser should be bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/install/dsinstance.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 89315b6..2721d88 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -582,14 +582,15 @@ def __update_dse_ldif(self): 'dse.ldif' ) -with tempfile.NamedTemporaryFile(delete=False) as new_dse_ldif: +with tempfile.NamedTemporaryFile( +mode='w', delete=False) as new_dse_ldif: temp_filename = new_dse_ldif.name with open(dse_filename, "r") as input_file: parser = installutils.ModifyLDIF(input_file, new_dse_ldif) parser.replace_value( 'cn=config,cn=ldbm database,cn=plugins,cn=config', 'nsslapd-db-locks', -['5'] +[b'5'] ) if self.config_ldif: # parse modifications from ldif file supplied by the admin From cbc2abe019f87a0bf69e63704fe06376e9b4c556 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon
[Freeipa-devel] [freeipa PR#364][synchronized] Client-only builds with --disable-server
URL: https://github.com/freeipa/freeipa/pull/364 Author: tiran Title: #364: Client-only builds with --disable-server Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/364/head:pr364 git checkout pr364 From bdafd0463d5b5dac3e8ec323b3101b185d231183 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 3 Jan 2017 14:32:05 +0100 Subject: [PATCH] Client-only builds with --disable-server https://fedorahosted.org/freeipa/ticket/6517 --- Makefile.am | 6 +- configure.ac | 317 +-- 2 files changed, 182 insertions(+), 141 deletions(-) diff --git a/Makefile.am b/Makefile.am index 9bfc899..e6e8ebc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,11 @@ ACLOCAL_AMFLAGS = -I m4 IPACLIENT_SUBDIRS = ipaclient ipalib ipapython -SUBDIRS = asn1 util client contrib daemons init install $(IPACLIENT_SUBDIRS) ipaplatform ipaserver ipatests po +SUBDIRS = asn1 util client contrib $(IPACLIENT_SUBDIRS) ipaplatform ipaserver ipatests po + +if ENABLE_SERVER +SUBDIRS += daemons init install +endif MOSTLYCLEANFILES = ipasetup.pyc ipasetup.pyo \ ignore_import_errors.pyc ignore_import_errors.pyo \ diff --git a/configure.ac b/configure.ac index e8a4701..825ca18 100644 --- a/configure.ac +++ b/configure.ac @@ -24,6 +24,17 @@ LT_INIT AC_HEADER_STDC +PKG_PROG_PKG_CONFIG + +AC_ARG_ENABLE([server], +[ --disable-serverDisable server support], +[case "${enableval}" in + yes) enable_server=true ;; + no) enable_server=false ;; + *) AC_MSG_ERROR([bad value ${enableval} for --disable-server]) ;; +esac],[enable_server=true]) +AM_CONDITIONAL([ENABLE_SERVER], [test x$enable_server = xtrue]) + AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes]) dnl --- @@ -36,34 +47,39 @@ dnl --- dnl - Check for DS slapi plugin dnl --- -# Need to hack CPPFLAGS to be able to correctly detetct slapi-plugin.h -SAVE_CPPFLAGS=$CPPFLAGS -CPPFLAGS=$NSPR_CFLAGS -AC_CHECK_HEADER(dirsrv/slapi-plugin.h) -if test "x$ac_cv_header_dirsrv_slapi-plugin_h" = "xno" ; then - AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)]) -fi -AC_CHECK_HEADER(dirsrv/repl-session-plugin.h) -if test "x$ac_cv_header_dirsrv_repl_session_plugin_h" = "xno" ; then - AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)]) -fi -CPPFLAGS=$SAVE_CPPFLAGS - -if test "x$ac_cv_header_dirsrv_slapi_plugin_h" = "xno" ; then - AC_MSG_ERROR([Required DS slapi plugin header not available (fedora-ds-base-devel)]) -fi +AM_COND_IF([ENABLE_SERVER], [ +# Need to hack CPPFLAGS to be able to correctly detetct slapi-plugin.h +SAVE_CPPFLAGS=$CPPFLAGS +CPPFLAGS=$NSPR_CFLAGS +AC_CHECK_HEADER(dirsrv/slapi-plugin.h) +if test "x$ac_cv_header_dirsrv_slapi-plugin_h" = "xno" ; then +AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)]) +fi +AC_CHECK_HEADER(dirsrv/repl-session-plugin.h) +if test "x$ac_cv_header_dirsrv_repl_session_plugin_h" = "xno" ; then +AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)]) +fi +CPPFLAGS=$SAVE_CPPFLAGS + +if test "x$ac_cv_header_dirsrv_slapi_plugin_h" = "xno" ; then +AC_MSG_ERROR([Required DS slapi plugin header not available (fedora-ds-base-devel)]) +fi +]) dnl --- dnl - Check for KRB5 dnl --- PKG_CHECK_MODULES([KRB5], [krb5]) -AC_CHECK_HEADER(krad.h, [], [AC_MSG_ERROR([krad.h not found])]) -AC_CHECK_LIB(krad, main, [], [AC_MSG_ERROR([libkrad not found])]) -KRAD_LIBS="-lkrad" -krb5rundir="${localstatedir}/run/krb5kdc" -AC_SUBST(KRAD_LIBS) -AC_SUBST(krb5rundir) + +AM_COND_IF([ENABLE_SERVER], [ +AC_CHECK_HEADER(krad.h, [], [AC_MSG_ERROR([krad.h not found])]) +AC_CHECK_LIB(krad, main, [], [AC_MSG_ERROR([libkrad not found])]) +KRAD_LIBS="-lkrad" +krb5rundir="${localstatedir}/run/krb5kdc" +AC_SUBST(KRAD_LIBS) +AC_SUBST(krb5rundir) +]) dnl --- dnl - Check for OpenLDAP SDK @@ -104,64 +120,69 @@ dnl --- dnl Check for ndr_krb5pac and other samba libraries dnl --- -PKG_PROG_PKG_CONFIG() -PKG_CHECK_MODULES([TALLOC], [talloc]) -PKG_CHECK_MODULES([TEVENT], [tevent]) -PKG_CHECK_MODULES([NDRPAC], [ndr_krb5pac]) -PKG_CHECK_MODULES([NDRNBT], [ndr_nbt]) -PKG_CHECK_MODULES([NDR], [ndr]) -PKG_CHECK_MODULES([SAMBAUTIL], [samba-util]) -SAMBA40EXTRA_LIBPATH="-L`$PKG_CO
[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library
URL: https://github.com/freeipa/freeipa/pull/381 Title: #381: disable hostname canonicalization by Kerberos library simo5 commented: """ @martbab this change actually improves security by avoiding a DNS lookup that could be manipulated by an attacker, however it also means some setups may break, because they depend on canonicalization to actually get the correct name, and should be documented in release notes. """ See the full comment at https://github.com/freeipa/freeipa/pull/381#issuecomment-271875472 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server
URL: https://github.com/freeipa/freeipa/pull/364 Title: #364: Client-only builds with --disable-server tomaskrizek commented: """ Could you please extend [V4/Build system refactoring](http://www.freeipa.org/page/V4/Build_system_refactoring) to include steps describing how to perform client-only build? Also, is this supposed to build the freeipa-client rpm package? I wasn't able to build the rpm (``` *** No rule to make target 'distdir'. Stop.```). Or does it only support make + make install? When I tried to do this it also produced ipaserver and ipatests directories. It was probably a misconfiguration on my side. Please provide instructions on how to do a proper client-only build. """ See the full comment at https://github.com/freeipa/freeipa/pull/364#issuecomment-271871528 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#245][synchronized] Allow full customisability of IPA CA subject DN
URL: https://github.com/freeipa/freeipa/pull/245 Author: frasertweedale Title: #245: Allow full customisability of IPA CA subject DN Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/245/head:pr245 git checkout pr245 From d3088f763ef28cc570e54cfa20601a9df412 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Fri, 11 Nov 2016 18:54:01 +1000 Subject: [PATCH 01/10] Refactor and relocate set_subject_base_in_config Refactor set_subject_base_in_config to use api.Backend.ldap2 instead of a manually created LDAP connection. Also rename the function to have a more accurate name, and move it to 'ipaserver.install.ca' to avoid cyclic import (we will eventually need to use it from within that module). Part of: https://fedorahosted.org/freeipa/ticket/2614 --- ipaserver/install/ca.py | 9 + ipaserver/install/server/install.py | 24 +--- 2 files changed, 10 insertions(+), 23 deletions(-) diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 4f64d99..820c6ee 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -48,6 +48,15 @@ external_ca_file = None +def set_subject_base_in_config(subject_base): +entry_attrs = api.Backend.ldap2.get_ipa_config() +entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)] +try: +api.Backend.ldap2.update_entry(entry_attrs) +except errors.EmptyModlist: +pass + + def install_check(standalone, replica_config, options): global external_cert_file global external_ca_file diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index fc319d9..36bbb4b 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -16,7 +16,6 @@ from ipalib.install import certmonger, sysrestore from ipapython import ipautil -from ipapython.dn import DN from ipapython.ipa_log_manager import root_logger from ipapython.ipautil import ( format_netloc, ipa_generate_password, run, user_input) @@ -40,7 +39,6 @@ IPA_MODULES, BadHostError, get_fqdn, get_server_ip_address, is_ipa_configured, load_pkcs12, read_password, verify_fqdn, update_hosts_file) -from ipaserver.plugins.ldap2 import ldap2 if six.PY3: unicode = str @@ -242,25 +240,6 @@ def check_dirsrv(unattended): raise ScriptError(msg) -def set_subject_in_config(realm_name, dm_password, suffix, subject_base): -ldapuri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % ( -installutils.realm_to_serverid(realm_name) -) -try: -conn = ldap2(api, ldap_uri=ldapuri) -conn.connect(bind_dn=DN(('cn', 'directory manager')), - bind_pw=dm_password) -except errors.ExecutionError as e: -root_logger.critical("Could not connect to the Directory Server " - "on %s" % realm_name) -raise e -entry_attrs = conn.get_ipa_config() -if 'ipacertificatesubjectbase' not in entry_attrs: -entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)] -conn.update_entry(entry_attrs) -conn.disconnect() - - def common_cleanup(func): def decorated(installer): success = False @@ -848,8 +827,7 @@ def install(installer): os.chmod(paths.IPA_CA_CRT, 0o644) ca_db.publish_ca_cert(paths.IPA_CA_CRT) -set_subject_in_config(realm_name, dm_password, - ipautil.realm_to_suffix(realm_name), options.subject) +ca.set_subject_base_in_config(options.subject_base) # Apply any LDAP updates. Needs to be done after the configuration file # is created. DS is restarted in the process. From efd9f21899daa3d4813ca838bbaeaa1bbe8f6118 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 16 Nov 2016 19:31:19 +1000 Subject: [PATCH 02/10] installutils: remove hardcoded subject DN assumption `installutils.load_external_cert` assumes that the IPA CA subject DN is `CN=Certificate Authority, {subject_base}`. In preparation for full customisability of IPA CA subject DN, push this assumption out of this function to call sites (which will be updated in a subsequent commit). Part of: https://fedorahosted.org/freeipa/ticket/2614 --- ipaserver/install/ca.py| 4 +++- ipaserver/install/installutils.py | 7 --- ipaserver/install/ipa_cacert_manage.py | 7 +-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 820c6ee..56f6692 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -109,7 +109,9 @@ def install_check(standalone, replica_config, options): "--external-ca.") external_cert_file, external_ca_file = installutils.load_external_cert( -options.external_cert_files, options.subject) +opt
[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN
URL: https://github.com/freeipa/freeipa/pull/245 Title: #245: Allow full customisability of IPA CA subject DN frasertweedale commented: """ @HonzaCholasta whups! Thanks for clarifying; fixed. """ See the full comment at https://github.com/freeipa/freeipa/pull/245#issuecomment-271863765 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN
URL: https://github.com/freeipa/freeipa/pull/245 Title: #245: Allow full customisability of IPA CA subject DN HonzaCholasta commented: """ @frasertweedale, the ticket *number* is correct, but the URL points to Dogtag Trac. """ See the full comment at https://github.com/freeipa/freeipa/pull/245#issuecomment-271861244 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN
URL: https://github.com/freeipa/freeipa/pull/245 Title: #245: Allow full customisability of IPA CA subject DN frasertweedale commented: """ @HonzaCholasta PR updated. Re ticket URL, I think 2614 is the correct one for that commit. """ See the full comment at https://github.com/freeipa/freeipa/pull/245#issuecomment-271859881 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#245][synchronized] Allow full customisability of IPA CA subject DN
URL: https://github.com/freeipa/freeipa/pull/245 Author: frasertweedale Title: #245: Allow full customisability of IPA CA subject DN Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/245/head:pr245 git checkout pr245 From d3088f763ef28cc570e54cfa20601a9df412 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Fri, 11 Nov 2016 18:54:01 +1000 Subject: [PATCH 01/10] Refactor and relocate set_subject_base_in_config Refactor set_subject_base_in_config to use api.Backend.ldap2 instead of a manually created LDAP connection. Also rename the function to have a more accurate name, and move it to 'ipaserver.install.ca' to avoid cyclic import (we will eventually need to use it from within that module). Part of: https://fedorahosted.org/freeipa/ticket/2614 --- ipaserver/install/ca.py | 9 + ipaserver/install/server/install.py | 24 +--- 2 files changed, 10 insertions(+), 23 deletions(-) diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 4f64d99..820c6ee 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -48,6 +48,15 @@ external_ca_file = None +def set_subject_base_in_config(subject_base): +entry_attrs = api.Backend.ldap2.get_ipa_config() +entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)] +try: +api.Backend.ldap2.update_entry(entry_attrs) +except errors.EmptyModlist: +pass + + def install_check(standalone, replica_config, options): global external_cert_file global external_ca_file diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index fc319d9..36bbb4b 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -16,7 +16,6 @@ from ipalib.install import certmonger, sysrestore from ipapython import ipautil -from ipapython.dn import DN from ipapython.ipa_log_manager import root_logger from ipapython.ipautil import ( format_netloc, ipa_generate_password, run, user_input) @@ -40,7 +39,6 @@ IPA_MODULES, BadHostError, get_fqdn, get_server_ip_address, is_ipa_configured, load_pkcs12, read_password, verify_fqdn, update_hosts_file) -from ipaserver.plugins.ldap2 import ldap2 if six.PY3: unicode = str @@ -242,25 +240,6 @@ def check_dirsrv(unattended): raise ScriptError(msg) -def set_subject_in_config(realm_name, dm_password, suffix, subject_base): -ldapuri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % ( -installutils.realm_to_serverid(realm_name) -) -try: -conn = ldap2(api, ldap_uri=ldapuri) -conn.connect(bind_dn=DN(('cn', 'directory manager')), - bind_pw=dm_password) -except errors.ExecutionError as e: -root_logger.critical("Could not connect to the Directory Server " - "on %s" % realm_name) -raise e -entry_attrs = conn.get_ipa_config() -if 'ipacertificatesubjectbase' not in entry_attrs: -entry_attrs['ipacertificatesubjectbase'] = [str(subject_base)] -conn.update_entry(entry_attrs) -conn.disconnect() - - def common_cleanup(func): def decorated(installer): success = False @@ -848,8 +827,7 @@ def install(installer): os.chmod(paths.IPA_CA_CRT, 0o644) ca_db.publish_ca_cert(paths.IPA_CA_CRT) -set_subject_in_config(realm_name, dm_password, - ipautil.realm_to_suffix(realm_name), options.subject) +ca.set_subject_base_in_config(options.subject_base) # Apply any LDAP updates. Needs to be done after the configuration file # is created. DS is restarted in the process. From efd9f21899daa3d4813ca838bbaeaa1bbe8f6118 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 16 Nov 2016 19:31:19 +1000 Subject: [PATCH 02/10] installutils: remove hardcoded subject DN assumption `installutils.load_external_cert` assumes that the IPA CA subject DN is `CN=Certificate Authority, {subject_base}`. In preparation for full customisability of IPA CA subject DN, push this assumption out of this function to call sites (which will be updated in a subsequent commit). Part of: https://fedorahosted.org/freeipa/ticket/2614 --- ipaserver/install/ca.py| 4 +++- ipaserver/install/installutils.py | 7 --- ipaserver/install/ipa_cacert_manage.py | 7 +-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 820c6ee..56f6692 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -109,7 +109,9 @@ def install_check(standalone, replica_config, options): "--external-ca.") external_cert_file, external_ca_file = installutils.load_external_cert( -options.external_cert_files, options.subject) +opt
[Freeipa-devel] [freeipa PR#378][edited] Clean / ignore make check artefact
URL: https://github.com/freeipa/freeipa/pull/378 Author: tiran Title: #378: Clean / ignore make check artefact Action: edited Changed field: title Original value: """ Integrate make check into CI """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#378][synchronized] Integrate make check into CI
URL: https://github.com/freeipa/freeipa/pull/378 Author: tiran Title: #378: Integrate make check into CI Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/378/head:pr378 git checkout pr378 From 91450e2dac2000994f300e48c9cb60b723a3652c Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 9 Jan 2017 11:23:32 +0100 Subject: [PATCH] Clean / ignore make check artefact In tree runs of make check leave some artifacts around. The patch adds them to make clean and .gitignore. Signed-off-by: Christian Heimes --- .gitignore | 5 + daemons/ipa-kdb/Makefile.am | 3 +++ 2 files changed, 8 insertions(+) diff --git a/.gitignore b/.gitignore index 6dcda76..04553fd 100644 --- a/.gitignore +++ b/.gitignore @@ -72,9 +72,14 @@ freeipa2-dev-doc /daemons/dnssec/ipa-dnskeysyncd.service /daemons/dnssec/ipa-ods-exporter.service /daemons/dnssec/ipa-ods-exporter.socket +/daemons/ipa-kdb/ipa_kdb_tests +/daemons/ipa-kdb/tests/.dirstamp /daemons/ipa-otpd/ipa-otpd /daemons/ipa-otpd/ipa-otpd.socket /daemons/ipa-otpd/ipa-otpd@.service +/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_tests +/daemons/ipa-slapi-plugins/ipa-extdom-extop/extdom_cmocka_tests +/daemons/ipa-slapi-plugins/libotp/t_hotp /daemons/ipa-version.h /daemons/test-driver diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am index 19583c9..6a2caa0 100644 --- a/daemons/ipa-kdb/Makefile.am +++ b/daemons/ipa-kdb/Makefile.am @@ -85,6 +85,9 @@ ipa_kdb_tests_LDADD = \ dist_noinst_DATA = ipa_kdb.exports +clean-local: + rm -f tests/.dirstamp + EXTRA_DIST = \ README \ README.s4u2proxy.txt \ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][+pushed] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Title: #388: py3: enable py3 pylint Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][comment] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Title: #388: py3: enable py3 pylint mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/d648c6a6925298a1db0c61381d72b6c4d0500c10 """ See the full comment at https://github.com/freeipa/freeipa/pull/388#issuecomment-271854430 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][closed] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Author: mbasti-rh Title: #388: py3: enable py3 pylint Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/388/head:pr388 git checkout pr388 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#378][comment] Integrate make check into CI
URL: https://github.com/freeipa/freeipa/pull/378 Title: #378: Integrate make check into CI tiran commented: """ The changes to .gitignore and clean-local are still required to fix in-tree testing. make check leaves some files around. """ See the full comment at https://github.com/freeipa/freeipa/pull/378#issuecomment-271854570 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][comment] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Title: #388: py3: enable py3 pylint mbasti-rh commented: """ Lint part of travis-CI passed """ See the full comment at https://github.com/freeipa/freeipa/pull/388#issuecomment-271854299 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][+ack] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Title: #388: py3: enable py3 pylint Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][comment] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Title: #388: py3: enable py3 pylint tiran commented: """ It's just a minor performance improvements to speed up CI. """ See the full comment at https://github.com/freeipa/freeipa/pull/388#issuecomment-271848791 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][synchronized] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Author: mbasti-rh Title: #388: py3: enable py3 pylint Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/388/head:pr388 git checkout pr388 From 57129450673d0cfd3eca38c492c442c0758f0e75 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 11 Jan 2017 09:55:00 +0100 Subject: [PATCH] py3: enable py3 pylint We should run pylint in both python2 and python3 versions --- .test_runner_config.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml index 2aece9a..dc08d79 100644 --- a/.test_runner_config.yaml +++ b/.test_runner_config.yaml @@ -40,7 +40,8 @@ steps: -a ${server_password} --setup-dns --auto-forwarders - ipa-kra-install -p ${server_password} lint: - - make V=0 lint + - PYTHON=/usr/bin/python2 make V=0 lint + - PYTHON=/usr/bin/python3 make V=0 pylint prepare_tests: - echo ${server_password} | kinit admin && ipa ping - cp -r /etc/ipa/* ~/.ipa/ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts tiran commented: """ @stlaz I'm sorry, go ahead and ignore what I said! :) """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271845641 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA stlaz commented: """ I created the design for this effort: http://www.freeipa.org/page/V4/Replace_NSS_with_OpenSSL """ See the full comment at https://github.com/freeipa/freeipa/pull/367#issuecomment-271845272 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA stlaz commented: """ I created the design for this effort: http://www.freeipa.org/page/V4/Replace_NSS_with_OpenSSL """ See the full comment at https://github.com/freeipa/freeipa/pull/367#issuecomment-271845272 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts stlaz commented: """ @tiran Yes, exactly, this is only a UI thing. """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271845090 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts tiran commented: """ Your change influenced the value of ```entry_attrs['sshpubkeyfp']``` in ```convert_sshpubkey_post```. Is the value only used in UI or does it affect data in LDAP like DNS SSHFP records? I tracked down some code paths and it looks like the pubkey fingerprint isn't stored in LDAP. The DNS plugin uses different method to calculate SSHFP records. Am I right to assume that this change only affects UI? """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271844780 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#367][edited] Remove nsslib from IPA
URL: https://github.com/freeipa/freeipa/pull/367 Author: stlaz Title: #367: Remove nsslib from IPA Action: edited Changed field: body Original value: """ This batch of patches removes NSSConnection along with the whole ipapython.nsslib from IPA and replaces it with more standard httplib.HTTPSConnection. NSSConnection was causing a lot of trouble in the past because it is apparently very fragile when it comes to nss library initialization. On top of that, when NSSConnection is used to set up an HTTPS connection in FIPS, it always requires a password to NSS database as NSS apparently tries to create a temporary private key and store it to the database even though client authentication is not required in the SSL connection. TODO (will require changes in certmonger/dogatg.c): - [x] remove NSSConnection from client modules - [x] remove NSSConnection from server modules where it's used to connect to the certificate server - [x] remove the nsslib library completely - [ ] we may probably remove ipaCert from /etc/httpd/alias and stop tracking it with certmonger - [ ] separate ra-agent.pem into certificate and private-key files, have private-key file encrypted - [ ] once ^- is done, track the new files in certmonger instead https://fedorahosted.org/freeipa/ticket/5695 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts stlaz commented: """ @tiran Which SSHFP records do you mean? """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271841277 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#373][comment] ipaplatform: Add Debian platform module.
URL: https://github.com/freeipa/freeipa/pull/373 Title: #373: ipaplatform: Add Debian platform module. tiran commented: """ pylint is failing: ``` Pylint is running, please wait ... * Module ipaplatform.debian.tasks ipaplatform/debian/tasks.py:10: [E0611(no-name-in-module), ] No name 'BaseTaskNameSpace' in module 'ipaplatform.base.tasks') ipaplatform/debian/tasks.py:49: [E0602(undefined-variable), DebianTaskNamespace.parse_ipa_version] Undefined variable 'BaseTaskNamespace') ipaplatform/debian/tasks.py:9: [W0611(unused-import), ] Unused paths imported from ipaplatform.paths) ipaplatform/debian/tasks.py:10: [W0611(unused-import), ] Unused BaseTaskNameSpace imported from ipaplatform.base.tasks) * Module ipaplatform.debian.services ipaplatform/debian/services.py:64: [R0102(simplifiable-if-statement), DebianSysvService.stop] The if statement can be replaced with 'var = bool(test)') ipaplatform/debian/services.py:65: [W0612(unused-variable), DebianSysvService.stop] Unused variable 'update_service_list') ipaplatform/debian/services.py:73: [R0102(simplifiable-if-statement), DebianSysvService.start] The if statement can be replaced with 'var = bool(test)') ipaplatform/debian/services.py:74: [W0612(unused-variable), DebianSysvService.start] Unused variable 'update_service_list') ipaplatform/debian/services.py:9: [W0611(unused-import), ] Unused import time) ipaplatform/debian/services.py:11: [W0611(unused-import), ] Unused tasks imported from ipaplatform.tasks) ipaplatform/debian/services.py:15: [W0611(unused-import), ] Unused root_logger imported from ipapython.ipa_log_manager) make: *** [pylint] Error 14 ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/373#issuecomment-271836117 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts tiran commented: """ What's the migration plan for existing SSHFP records? Are there any supported versions of OpenSSH or other SSH client that do not support SSHFP with SHA256? Would it make sense to run a hybrid mode for a while (SHA256 and MD5 records unless FIPS is enabled)? """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271835544 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][-ack] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Title: #388: py3: enable py3 pylint Label: -ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][+ack] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Title: #388: py3: enable py3 pylint Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library
URL: https://github.com/freeipa/freeipa/pull/381 Title: #381: disable hostname canonicalization by Kerberos library martbab commented: """ Thanks for ACK. I would like to ask @simo5 if this change is okay from krb5 point of view and does not pose any security problem for clients. """ See the full comment at https://github.com/freeipa/freeipa/pull/381#issuecomment-271820219 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#381][+ack] disable hostname canonicalization by Kerberos library
URL: https://github.com/freeipa/freeipa/pull/381 Title: #381: disable hostname canonicalization by Kerberos library Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#381][comment] disable hostname canonicalization by Kerberos library
URL: https://github.com/freeipa/freeipa/pull/381 Title: #381: disable hostname canonicalization by Kerberos library tomaskrizek commented: """ Works as expected. """ See the full comment at https://github.com/freeipa/freeipa/pull/381#issuecomment-271818581 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#386][edited] Tests: Add tree root domain role in legacy client tests
URL: https://github.com/freeipa/freeipa/pull/386 Author: gkaihorodova Title: #386: Tests: Add tree root domain role in legacy client tests Action: edited Changed field: body Original value: """ Legacy client tests inherits test cases from trust tests, that have role for tree root domain. That role was missing in legacy client tests. https://fedorahosted.org/freeipa/ticket/6600 """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#388][opened] py3: enable py3 pylint
URL: https://github.com/freeipa/freeipa/pull/388 Author: mbasti-rh Title: #388: py3: enable py3 pylint Action: opened PR body: """ We should run pylint in both python2 and python3 versions """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/388/head:pr388 git checkout pr388 From c4334efb7af4063bcf1e9fffcd7a597a270772d8 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 11 Jan 2017 09:55:00 +0100 Subject: [PATCH] py3: enable py3 pylint We should run pylint in both python2 and python3 versions --- .test_runner_config.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml index 2aece9a..abfcdd2 100644 --- a/.test_runner_config.yaml +++ b/.test_runner_config.yaml @@ -40,7 +40,8 @@ steps: -a ${server_password} --setup-dns --auto-forwarders - ipa-kra-install -p ${server_password} lint: - - make V=0 lint + - PYTHON=/usr/bin/python2 make V=0 lint + - PYTHON=/usr/bin/python3 make V=0 lint prepare_tests: - echo ${server_password} | kinit admin && ipa ping - cp -r /etc/ipa/* ~/.ipa/ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][+ack] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code