[Freeipa-devel] [freeipa PR#430][opened] [py3] tests_xmlrpc: do not call str() on bytes
URL: https://github.com/freeipa/freeipa/pull/430 Author: MartinBasti Title: #430: [py3] tests_xmlrpc: do not call str() on bytes Action: opened PR body: """ Calling str() on bytes causes undesired side effect: it adds prefix "b" to the result of conversion. The method decode() should be used instead. https://fedorahosted.org/freeipa/ticket/4985 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/430/head:pr430 git checkout pr430 From 959dc8c7932f59dbf66fa66429da80991d162a57 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Wed, 1 Feb 2017 22:41:23 +0100 Subject: [PATCH] py3: tests_xmlrpc: do not call str() on bytes Calling str() on bytes causes undesired side effect: it adds prefix "b" to the result of conversion. The method decode() should be used instead. https://fedorahosted.org/freeipa/ticket/4985 --- ipatests/test_xmlrpc/test_caacl_profile_enforcement.py | 2 +- ipatests/test_xmlrpc/test_kerberos_principal_aliases.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py index e5cf091..fa474c6 100644 --- a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py +++ b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py @@ -434,7 +434,7 @@ def santest_csr(request, santest_host_1, santest_host_2): pkey, hashes.SHA256(), backend ).public_bytes(serialization.Encoding.PEM) -return unicode(csr) +return csr.decode('ascii') class SubjectAltNameOneServiceBase(XMLRPC_test): diff --git a/ipatests/test_xmlrpc/test_kerberos_principal_aliases.py b/ipatests/test_xmlrpc/test_kerberos_principal_aliases.py index a1973af..9f062cc 100644 --- a/ipatests/test_xmlrpc/test_kerberos_principal_aliases.py +++ b/ipatests/test_xmlrpc/test_kerberos_principal_aliases.py @@ -260,7 +260,7 @@ def test_enterprise_principal_UPN_overlap( # Add an alias overlapping the UPN of a trusted domain upn_suffix = ( trusted_domain_with_suffix['ldif']['ipaNTAdditionalSuffixes'] -) +).decode('utf-8') with pytest.raises(errors.ValidationError): krbalias_user.add_principal( @@ -278,7 +278,7 @@ def test_enterprise_principal_NETBIOS_overlap( # Add an alias overlapping the NETBIOS name of a trusted domain netbios_name = ( trusted_domain_with_suffix['ldif']['ipaNTFlatName'] -) +).decode('utf-8') with pytest.raises(errors.ValidationError): krbalias_user.add_principal( -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#431][opened] py3: ldapupdate: fix logging str(bytes) issue
URL: https://github.com/freeipa/freeipa/pull/431 Author: MartinBasti Title: #431: py3: ldapupdate: fix logging str(bytes) issue Action: opened PR body: """ bytes as argument of str() gives unexpected result by adding prefix "b" there. Also add missing safe_option() call to logging (it will fix another str(bytes) issue) https://fedorahosted.org/freeipa/ticket/4985 Other byteswarnings are from https://github.com/etingof/pyasn1/issues/14 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/431/head:pr431 git checkout pr431 From 5e095d19f446973cefc9c2e43d437799948a2595 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Thu, 2 Feb 2017 00:20:48 +0100 Subject: [PATCH] py3: ldapupdate: fix logging str(bytes) issue bytes as argument of str() gives unexpected result by adding prefix "b" there. Also add missing safe_option() call to logging (it will fix another str(bytes) issue) https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/install/ldapupdate.py | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index bc2673b..c6ab3e2 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -119,10 +119,10 @@ def safe_output(attr, values): values = [values] try: -all(v.decode('ascii') for v in values) +values = [v.decode('ascii') for v in values] except UnicodeDecodeError: try: -values = [base64.b64encode(v) for v in values] +values = [base64.b64encode(v).decode('ascii') for v in values] except TypeError: pass @@ -656,7 +656,9 @@ def _apply_update_disposition(self, updates, entry): try: entry_values.remove(update_value) except ValueError: -self.debug("remove: '%s' not in %s", update_value, attr) +self.debug( +"remove: '%s' not in %s", +safe_output(attr, update_value), attr) else: entry[attr] = entry_values self.debug('remove: updated value %s', safe_output( -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#423][synchronized] dns-update-system-records: add support for nsupdate output format
URL: https://github.com/freeipa/freeipa/pull/423 Author: MartinBasti Title: #423: dns-update-system-records: add support for nsupdate output format Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/423/head:pr423 git checkout pr423 From 23c3ca4761ab6cfd9a2ecee631cc2f8e4a5c3dc9 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 13:42:19 +0100 Subject: [PATCH 1/2] DNS: dns-update-system-record can create nsupdate file Added option --out creates a file with IPA DNS data in nsupdate format. https://fedorahosted.org/freeipa/ticket/6585 --- ipaclient/plugins/dns.py | 71 1 file changed, 65 insertions(+), 6 deletions(-) diff --git a/ipaclient/plugins/dns.py b/ipaclient/plugins/dns.py index 42ccd3d..944546f 100644 --- a/ipaclient/plugins/dns.py +++ b/ipaclient/plugins/dns.py @@ -35,6 +35,7 @@ from ipalib.parameters import Bool, Str from ipalib.plugable import Registry from ipalib import _, ngettext +from ipalib import util from ipapython.dnsutil import DNSName if six.PY3: @@ -417,6 +418,63 @@ def interactive_prompt_callback(self, kw): @register(override=True, no_fail=True) class dns_update_system_records(MethodOverride): +record_groups = ('ipa_records', 'location_records') + +def get_options(self): +for option in super(dns_update_system_records, self).get_options(): +yield option +yield Str( +'out?', +include='cli', +doc=_('file to store DNS records in nsupdate format') +) + +def _standard_output(self, textui, result, labels): +"""Print output in standard format common across the other plugins""" +for key in self.record_groups: +if result.get(key): +textui.print_indented(u'{}:'.format(labels[key]), indent=1) +for val in sorted(result[key]): +textui.print_indented(val, indent=2) +textui.print_line(u'') + +def _nsupdate_output_file(self, file, result, labels): +"""Store data in nsupdate format in file""" +def parse_rname_rtype(record): +"""Get rname and rtype from textual representation of record""" +l = record.split(' ', 5) +return l[0], l[3] + +already_removed = set() +for key in self.record_groups: +if result.get(key): +file.write("; {}\n".format(labels[key])) # comment +for val in sorted(result[key]): +# delete old first +r_name_type = parse_rname_rtype(val) +if r_name_type not in already_removed: +# remove it only once +already_removed.add(r_name_type) +file.write("update delete {rname} {rtype}\n".format( +rname=r_name_type[0], rtype=r_name_type[1] +)) +# add new +file.write("update add {}\n".format(val)) +file.write("send\n\n") + +def forward(self, *keys, **options): +# pop `out` before sending to server as it is only client side option +out = options.pop('out', None) +if out: +util.check_writable_file(out) + +res = super(dns_update_system_records, self).forward(*keys, **options) + +if out: +options['out'] = out + +return res + def output_for_cli(self, textui, output, *args, **options): output_super = copy.deepcopy(output) super_res = output_super.get('result', {}) @@ -431,11 +489,12 @@ def output_for_cli(self, textui, output, *args, **options): } result = output.get('result', {}) -for key in ('ipa_records', 'location_records'): -if result.get(key): -textui.print_indented(u'{}:'.format(labels[key]), indent=1) -for val in sorted(result[key]): -textui.print_indented(val, indent=2) -textui.print_line(u'') + +self._standard_output(textui, result, labels) + +out = options.get('out') # output to file +if out: +with open(out, "w") as f: +self._nsupdate_output_file(f, result, labels) return int(not output['value']) From 6da4085429f505d68923a48e38b3e09c10393b09 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Mon, 30 Jan 2017 21:18:46 +0100 Subject: [PATCH 2/2] Test: DNS nsupdate from dns-update-system-records Get nsupdate data from dns-update-system-records, remove system records and run nsupdate to verify that all system records were updated https://fedoraho
[Freeipa-devel] [freeipa PR#422][+ack] Fix reference before assignment
URL: https://github.com/freeipa/freeipa/pull/422 Title: #422: Fix reference before assignment Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#424][opened] Tests: fix wait_for_replication task
URL: https://github.com/freeipa/freeipa/pull/424 Author: MartinBasti Title: #424: Tests: fix wait_for_replication task Action: opened PR body: """ DS changed a format of replication status attribute. Now it is with prefix "Error (x)" where x is the error code. Both formats were kept to allow tests run on older and new versions of DS. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/424/head:pr424 git checkout pr424 From ade8a8fc9f98c91b53ab2944b6e2a6d79fbdddb3 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 31 Jan 2017 09:19:22 +0100 Subject: [PATCH] Tests: fix wait_for_replication task DS changed a format of replication status attribute. Now it is with prefix "Error (x)" where x is the error code. Both formats were kept to allow tests run on older and new versions of DS. --- ipatests/test_integration/tasks.py | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index 5a9d526..f6fa451 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -1067,8 +1067,15 @@ def wait_for_replication(ldap, timeout=30): filter='(objectclass=nsds5replicationagreement)', attrs_list=[status_attr, progress_attr]) log.debug('Replication agreements: \n%s', _entries_to_ldif(entries)) -if any(not e.single_value[status_attr].startswith('0 ') - for e in entries): +if any( +not ( +# older DS format +e.single_value[status_attr].startswith('0 ') or +# newer DS format +e.single_value[status_attr].startswith('Error (0) ') +) +for e in entries +): log.error('Replication error') continue if any(e.single_value[progress_attr] == 'TRUE' for e in entries): -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#416][+ack] replica install: relax domain level check for promotion
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#421][comment] Update warning message for replica install
URL: https://github.com/freeipa/freeipa/pull/421 Title: #421: Update warning message for replica install MartinBasti commented: """ Hello, I'd not omit the fact, that insufficient privilege error can be be caused by user credentials as well, I also wouldn't mention that hostgroup must exists explicitly. I propose something like this, but I'm open to any suggestions and improvements ``` Insufficient privileges to promote the server. Possible issues: - a user has insufficient privileges - this client has insufficient privileges to become replica (is the host member of "ipaservers" group) ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/421#issuecomment-276313860 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#423][opened] dns-update-system-records: add support for nsupdate output format
URL: https://github.com/freeipa/freeipa/pull/423 Author: MartinBasti Title: #423: dns-update-system-records: add support for nsupdate output format Action: opened PR body: """ Option --out does the trick """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/423/head:pr423 git checkout pr423 From 472fb7d73295fd582a71a23dd819e81fb3f049d2 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 13:42:19 +0100 Subject: [PATCH 1/2] DNS: dns-update-system-record can create nsupdate file Added option --out creates a file with IPA DNS data in nsupdate format. https://fedorahosted.org/freeipa/ticket/6585 --- ipaclient/plugins/dns.py | 71 1 file changed, 65 insertions(+), 6 deletions(-) diff --git a/ipaclient/plugins/dns.py b/ipaclient/plugins/dns.py index 42ccd3d..0c612a3 100644 --- a/ipaclient/plugins/dns.py +++ b/ipaclient/plugins/dns.py @@ -26,6 +26,7 @@ from ipaclient.frontend import MethodOverride from ipalib import errors +from ipalib import Flag from ipalib.dns import (get_record_rrtype, has_cli_options, iterate_rrparams_by_parts, @@ -35,6 +36,7 @@ from ipalib.parameters import Bool, Str from ipalib.plugable import Registry from ipalib import _, ngettext +from ipalib import util from ipapython.dnsutil import DNSName if six.PY3: @@ -417,6 +419,62 @@ def interactive_prompt_callback(self, kw): @register(override=True, no_fail=True) class dns_update_system_records(MethodOverride): +record_groups = ('ipa_records', 'location_records') +def get_options(self): +for option in super(dns_update_system_records, self).get_options(): +yield option +yield Str( +'out?', +include='cli', +doc=_('file to store DNS records in nsupdate format') +) + +def _standard_output(self, textui, result, labels): +"""Print output in standard format common across the other plugins""" +for key in self.record_groups: +if result.get(key): +textui.print_indented(u'{}:'.format(labels[key]), indent=1) +for val in sorted(result[key]): +textui.print_indented(val, indent=2) +textui.print_line(u'') + +def _nsupdate_output_file(self, file, result, labels): +"""Store data in nsupdate format in file""" +def parse_rname_rtype(record): +"""Get rname and rtype from textual representation of record""" +l = record.split(' ', 5) +return l[0], l[3] + +already_removed = set() +for key in self.record_groups: +if result.get(key): +file.write("; {}\n".format(labels[key])) # comment +for val in sorted(result[key]): +# delete old first +r_name_type = parse_rname_rtype(val) +if r_name_type not in already_removed: +# remove it only once +already_removed.add(r_name_type) +file.write("update delete {rname} {rtype}\n".format( +rname=r_name_type[0], rtype=r_name_type[1] +)) +# add new +file.write("update add {}\n".format(val)) +file.write("send\n\n") + +def forward(self, *keys, **options): +# pop `out` before sending to server as it is only client side option +out = options.pop('out', None) +if out: +util.check_writable_file(out) + +res = super(dns_update_system_records, self).forward(*keys, **options) + +if out: +options['out'] = out + +return res + def output_for_cli(self, textui, output, *args, **options): output_super = copy.deepcopy(output) super_res = output_super.get('result', {}) @@ -431,11 +489,12 @@ def output_for_cli(self, textui, output, *args, **options): } result = output.get('result', {}) -for key in ('ipa_records', 'location_records'): -if result.get(key): -textui.print_indented(u'{}:'.format(labels[key]), indent=1) -for val in sorted(result[key]): -textui.print_indented(val, indent=2) -textui.print_line(u'') + +self._standard_output(textui, result, labels) + +out = options.get('out') # output to file +if out: +with open(out, "w") as f: +self._nsupdate_output_file(f, result, labels) return int(not output['value']) From 4428fc65c01a4135f99892baefd52e8896b4ef49 Mon Sep 17
[Freeipa-devel] [freeipa PR#416][comment] replica install: relax domain level check for promotion
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion MartinBasti commented: """ expected is for domain level 0, because there are different expectations about replica file, it must exactly match domain level 0, you cannot have higher DL. """ See the full comment at https://github.com/freeipa/freeipa/pull/416#issuecomment-276319884 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#423][synchronized] dns-update-system-records: add support for nsupdate output format
URL: https://github.com/freeipa/freeipa/pull/423 Author: MartinBasti Title: #423: dns-update-system-records: add support for nsupdate output format Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/423/head:pr423 git checkout pr423 From 56b42b34e9896fdacc2beb767bb0e0633d347d3d Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 13:42:19 +0100 Subject: [PATCH 1/2] DNS: dns-update-system-record can create nsupdate file Added option --out creates a file with IPA DNS data in nsupdate format. https://fedorahosted.org/freeipa/ticket/6585 --- ipaclient/plugins/dns.py | 72 1 file changed, 66 insertions(+), 6 deletions(-) diff --git a/ipaclient/plugins/dns.py b/ipaclient/plugins/dns.py index 42ccd3d..2cb9d5a 100644 --- a/ipaclient/plugins/dns.py +++ b/ipaclient/plugins/dns.py @@ -26,6 +26,7 @@ from ipaclient.frontend import MethodOverride from ipalib import errors +from ipalib import Flag from ipalib.dns import (get_record_rrtype, has_cli_options, iterate_rrparams_by_parts, @@ -35,6 +36,7 @@ from ipalib.parameters import Bool, Str from ipalib.plugable import Registry from ipalib import _, ngettext +from ipalib import util from ipapython.dnsutil import DNSName if six.PY3: @@ -417,6 +419,63 @@ def interactive_prompt_callback(self, kw): @register(override=True, no_fail=True) class dns_update_system_records(MethodOverride): +record_groups = ('ipa_records', 'location_records') + +def get_options(self): +for option in super(dns_update_system_records, self).get_options(): +yield option +yield Str( +'out?', +include='cli', +doc=_('file to store DNS records in nsupdate format') +) + +def _standard_output(self, textui, result, labels): +"""Print output in standard format common across the other plugins""" +for key in self.record_groups: +if result.get(key): +textui.print_indented(u'{}:'.format(labels[key]), indent=1) +for val in sorted(result[key]): +textui.print_indented(val, indent=2) +textui.print_line(u'') + +def _nsupdate_output_file(self, file, result, labels): +"""Store data in nsupdate format in file""" +def parse_rname_rtype(record): +"""Get rname and rtype from textual representation of record""" +l = record.split(' ', 5) +return l[0], l[3] + +already_removed = set() +for key in self.record_groups: +if result.get(key): +file.write("; {}\n".format(labels[key])) # comment +for val in sorted(result[key]): +# delete old first +r_name_type = parse_rname_rtype(val) +if r_name_type not in already_removed: +# remove it only once +already_removed.add(r_name_type) +file.write("update delete {rname} {rtype}\n".format( +rname=r_name_type[0], rtype=r_name_type[1] +)) +# add new +file.write("update add {}\n".format(val)) +file.write("send\n\n") + +def forward(self, *keys, **options): +# pop `out` before sending to server as it is only client side option +out = options.pop('out', None) +if out: +util.check_writable_file(out) + +res = super(dns_update_system_records, self).forward(*keys, **options) + +if out: +options['out'] = out + +return res + def output_for_cli(self, textui, output, *args, **options): output_super = copy.deepcopy(output) super_res = output_super.get('result', {}) @@ -431,11 +490,12 @@ def output_for_cli(self, textui, output, *args, **options): } result = output.get('result', {}) -for key in ('ipa_records', 'location_records'): -if result.get(key): -textui.print_indented(u'{}:'.format(labels[key]), indent=1) -for val in sorted(result[key]): -textui.print_indented(val, indent=2) -textui.print_line(u'') + +self._standard_output(textui, result, labels) + +out = options.get('out') # output to file +if out: +with open(out, "w") as f: +self._nsupdate_output_file(f, result, labels) return int(not output['value']) From a707cf99d9ac4c417b17f9145830eb01b26e885a Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date:
[Freeipa-devel] [freeipa PR#417][+ack] private_ccache: yield ccache name
URL: https://github.com/freeipa/freeipa/pull/417 Title: #417: private_ccache: yield ccache name Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#336][comment] [py3] pki: add missing depedency pki-base[-python3]
URL: https://github.com/freeipa/freeipa/pull/336 Title: #336: [py3] pki: add missing depedency pki-base[-python3] MartinBasti commented: """ bump for review """ See the full comment at https://github.com/freeipa/freeipa/pull/336#issuecomment-276607135 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#413][comment] Complete stageuser API
URL: https://github.com/freeipa/freeipa/pull/413 Title: #413: Complete stageuser API MartinBasti commented: """ LGTM except first commit that shouldn't be here and `ipalib.x509: Handle missing SAN gracefully` has no ticket in commit message """ See the full comment at https://github.com/freeipa/freeipa/pull/413#issuecomment-276376015 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#416][-ack] replica install: relax domain level check for promotion
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion Label: -ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#416][comment] replica install: relax domain level check for promotion
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion MartinBasti commented: """ IMO the whole `check_domain_level` is somehow broken, AFAIK the main purpose of it is to print correct error message related to replica file option, depending on current and expected domain level. @stlaz may know more details """ See the full comment at https://github.com/freeipa/freeipa/pull/416#issuecomment-276351845 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#426][opened] DNSSEC: forwarders validation improvement
URL: https://github.com/freeipa/freeipa/pull/426 Author: MartinBasti Title: #426: DNSSEC: forwarders validation improvement Action: opened PR body: """ Some DNS servers behaves oddly and instead sending result without RRSIG records don't reply at all when DNSSEC flag is enabled (timeout). Instead of hard error IPA should this handle as DNSSEC error and continue with installation/adding forwarders. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/426/head:pr426 git checkout pr426 From 204b1f3e0147e418be3d50a0b5f5fa57e186ceb2 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 31 Jan 2017 16:47:44 +0100 Subject: [PATCH] DNSSEC: forwarders validation improvement Some DNS servers behaves oddly and instead sending result without RRSIG records don't reply at all when DNSSEC flag is enabled (timeout). Instead of hard error IPA should this handle as DNSSEC error and continue with installation/adding forwarders. --- ipalib/util.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ipalib/util.py b/ipalib/util.py index 1c354b6..1509607 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -670,8 +670,7 @@ def validate_dnssec_global_forwarder(ip_addr, log=None, timeout=10): timeout=timeout) except DNSException as e: _log_response(log, e) -raise UnresolvableRecordError(owner=owner, rtype=rtype, ip=ip_addr, - error=e) +raise DNSSECSignatureMissingError(owner=owner, rtype=rtype, ip=ip_addr) try: ans.response.find_rrset( -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#427][opened] [Py3] WSGI part 2
URL: https://github.com/freeipa/freeipa/pull/427 Author: MartinBasti Title: #427: [Py3] WSGI part 2 Action: opened PR body: """ with this PR: * server can be installed with python3-mod_wsgi * any xmlrpc test can be executed to find a new py3 issues (still a lot of them there) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/427/head:pr427 git checkout pr427 From 2f86d65d64bf3034d2fd91623f4b7c3bdfdc00be Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 24 Jan 2017 17:49:06 +0100 Subject: [PATCH 1/7] py3: base64 encoding/decoding returns always bytes don't mix it Using unicode(bytes) call causes undesired side effect that is inserting `b` character to result. This obviously causes issues with binary base64 data https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/plugins/baseldap.py | 4 ++-- ipaserver/plugins/ca.py | 2 +- ipaserver/plugins/cert.py | 2 +- ipaserver/secrets/client.py | 6 -- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index e7bf43c..2f7889b 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -1036,8 +1036,8 @@ def process_attr_options(self, entry_attrs, dn, keys, options): except ValueError: if isinstance(delval, bytes): # This is a Binary value, base64 encode it -delval = unicode(base64.b64encode(delval)) -raise errors.AttrValueNotFound(attr=attr, value=delval) +delval = base64.b64encode(delval).decode('ascii') +raise errors.AttrValueNotFound(attr=attr, value=delval) # normalize all values changedattrs = setattrs | addattrs | delattrs diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py index 4f24278..ac9f68e 100644 --- a/ipaserver/plugins/ca.py +++ b/ipaserver/plugins/ca.py @@ -176,7 +176,7 @@ def set_certificate_attrs(entry, options, want_cert=True): with api.Backend.ra_lightweight_ca as ca_api: if want_cert or full: der = ca_api.read_ca_cert(ca_id) -entry['certificate'] = six.text_type(base64.b64encode(der)) +entry['certificate'] = base64.b64encode(der).decode('ascii') if want_chain or full: pkcs7_der = ca_api.read_ca_chain(ca_id) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 5bf4cfb..6bf5c03 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1260,7 +1260,7 @@ def _get_cert_key(self, cert): return (DN(cert_obj.issuer), cert_obj.serial) def _get_cert_obj(self, cert, all, raw, pkey_only): -obj = {'certificate': unicode(base64.b64encode(cert))} +obj = {'certificate': base64.b64encode(cert).decode('ascii')} full = not pkey_only and all if not raw: diff --git a/ipaserver/secrets/client.py b/ipaserver/secrets/client.py index a04b9a6..a945e01 100644 --- a/ipaserver/secrets/client.py +++ b/ipaserver/secrets/client.py @@ -70,7 +70,8 @@ def init_creds(self): name = gssapi.Name(self.client_service, gssapi.NameType.hostbased_service) store = {'client_keytab': self.keytab, - 'ccache': 'MEMORY:Custodia_%s' % b64encode(os.urandom(8))} + 'ccache': 'MEMORY:Custodia_%s' % b64encode( + os.urandom(8)).decode('ascii')} return gssapi.Credentials(name=name, store=store, usage='initiate') def _auth_header(self): @@ -78,7 +79,8 @@ def _auth_header(self): self.creds = self.init_creds() ctx = gssapi.SecurityContext(name=self.service_name, creds=self.creds) authtok = ctx.step() -return {'Authorization': 'Negotiate %s' % b64encode(authtok)} +return {'Authorization': 'Negotiate %s' % b64encode( +authtok).decode('ascii')} def fetch_key(self, keyname, store=True): From df975b68875628940ce50c5470d34f30cc716762 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 24 Jan 2017 18:31:50 +0100 Subject: [PATCH 2/7] py3: base64.b64encode requires bytes as param Decimal must be changed to string first and then encoded to bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipalib/rpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index fb739f8..a3642a6 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -308,7 +308,7 @@ def json_encode_binary(val, version): encoded = encoded.decode('ascii') return {'__base64__': encoded} elif isinstance(val, Decimal): -return {'__base64__': base64.b64encode(str(val))} +return {'__base64__': base64.b64encode(str(val).enco
[Freeipa-devel] [freeipa PR#417][closed] private_ccache: yield ccache name
URL: https://github.com/freeipa/freeipa/pull/417 Author: frasertweedale Title: #417: private_ccache: yield ccache name Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/417/head:pr417 git checkout pr417 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#417][comment] private_ccache: yield ccache name
URL: https://github.com/freeipa/freeipa/pull/417 Title: #417: private_ccache: yield ccache name MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/caca181d3b73c045abd72e464a195c6b61c251c7 """ See the full comment at https://github.com/freeipa/freeipa/pull/417#issuecomment-276437158 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#393][comment] [Py3] allow to run wsgi - part1
URL: https://github.com/freeipa/freeipa/pull/393 Title: #393: [Py3] allow to run wsgi - part1 MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/a9fec1de1aa2b3c0f4c4ec6eff25ff2e75c774b0 https://fedorahosted.org/freeipa/changeset/9739d0354a8ac5fd357f7d131b3f75aa05df058b https://fedorahosted.org/freeipa/changeset/7e8eb533752bbf5e2f05ec6bfb0ffefa8e9dcddf https://fedorahosted.org/freeipa/changeset/35e135c4e3a7f0bf21ed4c838b8f76b43701a047 https://fedorahosted.org/freeipa/changeset/cca9aa43e146f15e235eee1197209d0ca88eb39c https://fedorahosted.org/freeipa/changeset/aa036e5f332ef0b1ebbff6b824e236b1eeaf076e https://fedorahosted.org/freeipa/changeset/dd3d9f1ca61946ea5d7daa17ba1d8a883922d526 https://fedorahosted.org/freeipa/changeset/49333058c869dd4bd654a7974e6e144ffd3f0dc3 https://fedorahosted.org/freeipa/changeset/b37d18288d40b4ec0b5a8df676456e09ae5f26c1 https://fedorahosted.org/freeipa/changeset/deaf9ae2473833dacb64c4961db3ae9f7c570ebd https://fedorahosted.org/freeipa/changeset/1023cfebff99af165212dee94290a05754297270 https://fedorahosted.org/freeipa/changeset/d5ab0637fe89cbcb61491fe08b7376aeaf7ccdb8 https://fedorahosted.org/freeipa/changeset/47e76e16ef2e5d714881f3cce204611a95b4e5c8 https://fedorahosted.org/freeipa/changeset/b8d6524d43dd0667184aebc79fb77a9b8a46939a https://fedorahosted.org/freeipa/changeset/980c8a5f9e4ccbcd3c11def9cab33d0e61e945ae """ See the full comment at https://github.com/freeipa/freeipa/pull/393#issuecomment-276433723 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#393][+pushed] [Py3] allow to run wsgi - part1
URL: https://github.com/freeipa/freeipa/pull/393 Title: #393: [Py3] allow to run wsgi - part1 Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#393][closed] [Py3] allow to run wsgi - part1
URL: https://github.com/freeipa/freeipa/pull/393 Author: MartinBasti Title: #393: [Py3] allow to run wsgi - part1 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/393/head:pr393 git checkout pr393 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#417][+pushed] private_ccache: yield ccache name
URL: https://github.com/freeipa/freeipa/pull/417 Title: #417: private_ccache: yield ccache name Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#435][opened] py3: cert.py: create principal object from string
URL: https://github.com/freeipa/freeipa/pull/435 Author: MartinBasti Title: #435: py3: cert.py: create principal object from string Action: opened PR body: """ Principal object must be created from string not from bytes https://fedorahosted.org/freeipa/ticket/4985 https://fedorahosted.org/freeipa/ticket/6640 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/435/head:pr435 git checkout pr435 From 75b8399e8075be666e074a7161f1c10079ff4c08 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Mon, 6 Feb 2017 12:14:38 +0100 Subject: [PATCH] py3: cert.py: create principal object from string Principal object must be created from string not from bytes https://fedorahosted.org/freeipa/ticket/4985 https://fedorahosted.org/freeipa/ticket/6640 --- ipaserver/plugins/cert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 5bf4cfb..fb35c2d 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -772,7 +772,7 @@ def execute(self, csr, all=False, raw=False, **kw): principal_obj['krbprincipalname'] = [ kerberos.Principal((u'krbtgt', realm), realm)] if not _principal_name_matches_principal( -gn.name, principal_obj): +gn.name.decode('utf-8'), principal_obj): raise errors.ValidationError( name='csr', error=_( -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check MartinBasti commented: """ @pvoborni more or less brainstorming, as I'm almost sure that people will want to migrate current deployments to FIPS mode """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-277966347 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#435][comment] py3: fix replica install regression
URL: https://github.com/freeipa/freeipa/pull/435 Title: #435: py3: fix replica install regression MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/91ab650ac42d34d4958e33da7ef0641842511a89 """ See the full comment at https://github.com/freeipa/freeipa/pull/435#issuecomment-277961075 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#435][closed] py3: fix replica install regression
URL: https://github.com/freeipa/freeipa/pull/435 Author: MartinBasti Title: #435: py3: fix replica install regression Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/435/head:pr435 git checkout pr435 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#409][closed] ipatests: nested netgroups (intg)
URL: https://github.com/freeipa/freeipa/pull/409 Author: celestian Title: #409: ipatests: nested netgroups (intg) Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/409/head:pr409 git checkout pr409 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#394][comment] Add fix for ipa plugins command
URL: https://github.com/freeipa/freeipa/pull/394 Title: #394: Add fix for ipa plugins command MartinBasti commented: """ @Akasurde sorry for delay, we still miss test. Otherwise I'm fine with this approach (when issue commented inline fixed) """ See the full comment at https://github.com/freeipa/freeipa/pull/394#issuecomment-277977077 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#413][+pushed] Complete stageuser API
URL: https://github.com/freeipa/freeipa/pull/413 Title: #413: Complete stageuser API Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#336][+pushed] [py3] pki: add missing depedency pki-base[-python3]
URL: https://github.com/freeipa/freeipa/pull/336 Title: #336: [py3] pki: add missing depedency pki-base[-python3] Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#336][comment] [py3] pki: add missing depedency pki-base[-python3]
URL: https://github.com/freeipa/freeipa/pull/336 Title: #336: [py3] pki: add missing depedency pki-base[-python3] MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/66fa0585aa3a7219aa3f5b548a0a84f052d62b8e https://fedorahosted.org/freeipa/changeset/bd83fdf51621fe777c1f7823dcb13c4dfa26fa8e """ See the full comment at https://github.com/freeipa/freeipa/pull/336#issuecomment-277982495 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#336][closed] [py3] pki: add missing depedency pki-base[-python3]
URL: https://github.com/freeipa/freeipa/pull/336 Author: MartinBasti Title: #336: [py3] pki: add missing depedency pki-base[-python3] Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/336/head:pr336 git checkout pr336 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#413][comment] Complete stageuser API
URL: https://github.com/freeipa/freeipa/pull/413 Title: #413: Complete stageuser API MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/9c0e86530ec693606ca4f69e74a9dfe4118a21aa https://fedorahosted.org/freeipa/changeset/7e2d185ba09382a815e9b0530aeae3d56f9378d1 https://fedorahosted.org/freeipa/changeset/308c790ee90f00e0bc2c40abf51c30e5250631e9 https://fedorahosted.org/freeipa/changeset/7b68cc5b08c5563535486d72f37b766209791dbf https://fedorahosted.org/freeipa/changeset/c5c98af99db53b5f9453bf70e9fd4c11e219cf3e https://fedorahosted.org/freeipa/changeset/9382efde4fbc027dcfb5dc5f22d25296f232e0a6 https://fedorahosted.org/freeipa/changeset/8e139d4b559a6f19d859e078e1940a69d8977fdb """ See the full comment at https://github.com/freeipa/freeipa/pull/413#issuecomment-277991933 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#413][closed] Complete stageuser API
URL: https://github.com/freeipa/freeipa/pull/413 Author: dkupka Title: #413: Complete stageuser API Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/413/head:pr413 git checkout pr413 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#418][closed] replica install: do not log host OTP
URL: https://github.com/freeipa/freeipa/pull/418 Author: HonzaCholasta Title: #418: replica install: do not log host OTP Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/418/head:pr418 git checkout pr418 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#435][+pushed] py3: fix replica install regression
URL: https://github.com/freeipa/freeipa/pull/435 Title: #435: py3: fix replica install regression Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#418][+ack] replica install: do not log host OTP
URL: https://github.com/freeipa/freeipa/pull/418 Title: #418: replica install: do not log host OTP Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#418][+pushed] replica install: do not log host OTP
URL: https://github.com/freeipa/freeipa/pull/418 Title: #418: replica install: do not log host OTP Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#409][+pushed] ipatests: nested netgroups (intg)
URL: https://github.com/freeipa/freeipa/pull/409 Title: #409: ipatests: nested netgroups (intg) Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#409][comment] ipatests: nested netgroups (intg)
URL: https://github.com/freeipa/freeipa/pull/409 Title: #409: ipatests: nested netgroups (intg) MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/dc99d3c04e43b08d2364209a641b8b9111e5986c """ See the full comment at https://github.com/freeipa/freeipa/pull/409#issuecomment-277965285 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#413][+ack] Complete stageuser API
URL: https://github.com/freeipa/freeipa/pull/413 Title: #413: Complete stageuser API Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#439][synchronized] [Py3] tests: fix various bytes related issues in tests
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [Py3] tests: fix various bytes related issues in tests Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 182650cef909592963e9f30423d2f3a7c045bd07 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/2] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From 1a0142addfacd4cee29cc8da1f0a86c238d00599 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/2] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6301974..402c3ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,8 +15,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipalib diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0..b51a712 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="RPMBUILD_OPTS=--define \'with_python3 0\'" +else +env_opt="RPMBUILD_OPTS=" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment $env_opt \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#439][edited] [Py3] tests: fix various bytes related issues in tests
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [Py3] tests: fix various bytes related issues in tests Action: edited Changed field: title Original value: """ [Py3] tests: fix various bytes related issues in tests """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#440][opened] [Py3] fix various issues in tests related to BytesWarning
URL: https://github.com/freeipa/freeipa/pull/440 Author: MartinBasti Title: #440: [Py3] fix various issues in tests related to BytesWarning Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/440/head:pr440 git checkout pr440 From 2196847478d8cb9b7a6f69db3b20b26360ffe7f1 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Thu, 2 Feb 2017 15:48:19 +0100 Subject: [PATCH 1/3] py3: DN: fix BytesWarning User repr() instead of str() for bytes, it has the same effect, but it is proper way how to print bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/dn.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipapython/dn.py b/ipapython/dn.py index 2f7655d..4e8c22b 100644 --- a/ipapython/dn.py +++ b/ipapython/dn.py @@ -452,7 +452,7 @@ def _adjust_indices(start, end, length): def _normalize_ava_input(val): if six.PY3 and isinstance(val, bytes): -raise TypeError('expected str, got bytes: %s' % val) +raise TypeError('expected str, got bytes: %r' % val) elif not isinstance(val, six.string_types): val = val_encode(six.text_type(val)) elif six.PY2 and isinstance(val, unicode): From 3f5564741e3eb1927ee34f5c9834d41c6282142d Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Thu, 2 Feb 2017 16:51:21 +0100 Subject: [PATCH 2/3] py3: get_memberofindirect: fix ByteWarnings DN must be converted to bytes as other variables adn lists contain bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/ipaldap.py | 6 -- ipaserver/plugins/baseldap.py | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 497b947..4de8a21 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -379,8 +379,10 @@ def _set_raw(self, name, value): name, value.__class__.__name__, value)) for (i, item) in enumerate(value): if not isinstance(item, bytes): -raise TypeError("%s[%d] value must be str, got %s object %r" % ( -name, i, item.__class__.__name__, item)) +raise TypeError( +"%s[%d] value must be bytes, got %s object %r" % ( +name, i, item.__class__.__name__, item) +) name = self._add_attr_name(name) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index e7bf43c..94c8547 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -722,7 +722,7 @@ def get_memberofindirect(self, entry): direct = set() indirect = set(entry.raw.get('memberof', [])) for group_entry in result: -dn = str(group_entry.dn) +dn = str(group_entry.dn).encode('utf-8') if dn in indirect: indirect.remove(dn) direct.add(dn) From 0479dfa6030943caceef011d990fc313f8b4b8b6 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 13:37:56 +0100 Subject: [PATCH 3/3] py3: test_ipaserver: fix BytesWarnings https://fedorahosted.org/freeipa/ticket/6633 --- ipatests/test_ipaserver/test_rpcserver.py | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ipatests/test_ipaserver/test_rpcserver.py b/ipatests/test_ipaserver/test_rpcserver.py index 6cc2472..7ee94d3 100644 --- a/ipatests/test_ipaserver/test_rpcserver.py +++ b/ipatests/test_ipaserver/test_rpcserver.py @@ -62,7 +62,7 @@ def test_not_found(): url = '/ipa/foo/stuff' assert_equal( f.not_found(None, s, url, None), -[t % dict(url='/ipa/foo/stuff')] +[(t % dict(url='/ipa/foo/stuff')).encode('utf-8')] ) assert s.status == '404 Not Found' assert s.headers == [('Content-Type', 'text/html; charset=utf-8')] @@ -72,7 +72,9 @@ def test_not_found(): url ='' + 'do_bad_stuff();' assert_equal( f.not_found(None, s, url, None), -[t % dict(url='nbsp;scriptdo_bad_stuff();/script')] +[(t % dict( +url='nbsp;scriptdo_bad_stuff();/script') +).encode('utf-8')] ) assert s.status == '404 Not Found' assert s.headers == [('Content-Type', 'text/html; charset=utf-8')] @@ -86,7 +88,7 @@ def test_bad_request(): assert_equal( f.bad_request(None, s, 'illegal request'), -[t % dict(message='illegal request')] +[(t % dict(message='illegal request')).encode('utf-8')] ) assert s.status == '400 Bad Request' assert s.headers == [('Content-Type', 'text/html; charset=utf-8')] @@ -100,7 +102,7 @@ def test_internal_error(): assert_equal( f.internal_error(None, s, 'request failed'), -[t % dict(message='request failed')] +[(t % dict(message='request fai
[Freeipa-devel] [freeipa PR#439][synchronized] [WIP] [Py3] testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [WIP] [Py3] testing both py2/py3 in travis Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 182650cef909592963e9f30423d2f3a7c045bd07 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/2] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From aeef677b29279341d85994c9b969d0a0ba9c8743 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/2] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6301974..402c3ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,8 +15,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipalib diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0..43fcaae 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="RPMBUILD_OPTS=--define 'with_python3 0'" +else +env_opt="RPMBUILD_OPTS=" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment $env_opt \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#427][synchronized] [Py3] WSGI part 2
URL: https://github.com/freeipa/freeipa/pull/427 Author: MartinBasti Title: #427: [Py3] WSGI part 2 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/427/head:pr427 git checkout pr427 From 090bc4b7d6fa8b7ed79f04f46c85f98b271d2fe8 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 24 Jan 2017 17:49:06 +0100 Subject: [PATCH 1/7] py3: base64 encoding/decoding returns always bytes don't mix it Using unicode(bytes) call causes undesired side effect that is inserting `b` character to result. This obviously causes issues with binary base64 data https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/plugins/baseldap.py | 2 +- ipaserver/plugins/ca.py | 4 +--- ipaserver/plugins/cert.py | 2 +- ipaserver/secrets/client.py | 6 -- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index e7bf43c..24b6db7 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -1036,7 +1036,7 @@ def process_attr_options(self, entry_attrs, dn, keys, options): except ValueError: if isinstance(delval, bytes): # This is a Binary value, base64 encode it -delval = unicode(base64.b64encode(delval)) +delval = base64.b64encode(delval).decode('ascii') raise errors.AttrValueNotFound(attr=attr, value=delval) # normalize all values diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py index 4f24278..3a052a1 100644 --- a/ipaserver/plugins/ca.py +++ b/ipaserver/plugins/ca.py @@ -4,8 +4,6 @@ import base64 -import six - from ipalib import api, errors, output, Bytes, DNParam, Flag, Str from ipalib.constants import IPA_CA_CN from ipalib.plugable import Registry @@ -176,7 +174,7 @@ def set_certificate_attrs(entry, options, want_cert=True): with api.Backend.ra_lightweight_ca as ca_api: if want_cert or full: der = ca_api.read_ca_cert(ca_id) -entry['certificate'] = six.text_type(base64.b64encode(der)) +entry['certificate'] = base64.b64encode(der).decode('ascii') if want_chain or full: pkcs7_der = ca_api.read_ca_chain(ca_id) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 5bf4cfb..6bf5c03 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1260,7 +1260,7 @@ def _get_cert_key(self, cert): return (DN(cert_obj.issuer), cert_obj.serial) def _get_cert_obj(self, cert, all, raw, pkey_only): -obj = {'certificate': unicode(base64.b64encode(cert))} +obj = {'certificate': base64.b64encode(cert).decode('ascii')} full = not pkey_only and all if not raw: diff --git a/ipaserver/secrets/client.py b/ipaserver/secrets/client.py index a04b9a6..a945e01 100644 --- a/ipaserver/secrets/client.py +++ b/ipaserver/secrets/client.py @@ -70,7 +70,8 @@ def init_creds(self): name = gssapi.Name(self.client_service, gssapi.NameType.hostbased_service) store = {'client_keytab': self.keytab, - 'ccache': 'MEMORY:Custodia_%s' % b64encode(os.urandom(8))} + 'ccache': 'MEMORY:Custodia_%s' % b64encode( + os.urandom(8)).decode('ascii')} return gssapi.Credentials(name=name, store=store, usage='initiate') def _auth_header(self): @@ -78,7 +79,8 @@ def _auth_header(self): self.creds = self.init_creds() ctx = gssapi.SecurityContext(name=self.service_name, creds=self.creds) authtok = ctx.step() -return {'Authorization': 'Negotiate %s' % b64encode(authtok)} +return {'Authorization': 'Negotiate %s' % b64encode( +authtok).decode('ascii')} def fetch_key(self, keyname, store=True): From cc25007e23504097f63173fa18324b9586aad675 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Wed, 25 Jan 2017 14:56:07 +0100 Subject: [PATCH 2/7] py3: remove_entry_from_group: attribute name must be string Do not encode attribute names https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/plugins/ldap2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 71c095d..e671ecb 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -442,7 +442,7 @@ def remove_entry_from_group(self, dn, group_dn, member_attr='member'): # update group entry try: with self.error_handler(): -modlist = [(a, self.encode(b), self.encode(c)) +modlist = [(a, b, self.encode(c)) for a, b, c in modlist] self.conn.modify_s(str(group_dn), modlist)
[Freeipa-devel] [freeipa PR#439][opened] [Py3] tests: fix various bytes related issues in tests
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [Py3] tests: fix various bytes related issues in tests Action: opened PR body: """ This is more or less for testing purposes of py2/py3 compatibility """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 182650cef909592963e9f30423d2f3a7c045bd07 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#439][synchronized] [WIP] [Py3] testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [WIP] [Py3] testing both py2/py3 in travis Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 182650cef909592963e9f30423d2f3a7c045bd07 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/3] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From aeef677b29279341d85994c9b969d0a0ba9c8743 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/3] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6301974..402c3ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,8 +15,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipalib diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0..43fcaae 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="RPMBUILD_OPTS=--define 'with_python3 0'" +else +env_opt="RPMBUILD_OPTS=" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment $env_opt \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set From 7c03c5153ef913f29c538f8a674288d45acb6dfb Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 18:29:08 +0100 Subject: [PATCH 3/3] Travis: enable temporal Py3 testing This testconfig is temporal until all plugins are migrated into py3. After that this temporal config file will be removed and used only the previous one a
[Freeipa-devel] [freeipa PR#433][comment] csrgen: Allow some certificate fields to be specified by the user
URL: https://github.com/freeipa/freeipa/pull/433 Title: #433: csrgen: Allow some certificate fields to be specified by the user MartinBasti commented: """ ``` * Module ipaclient.csrgen ipaclient/csrgen.py:376: [E1101(no-member), CSRGenerator.get_user_prompts] Module 'ipalib.errors' has no 'CertificateMappingError' member) ipaclient/csrgen.py:380: [E1101(no-member), CSRGenerator.get_user_prompts] Module 'ipalib.errors' has no 'CertificateMappingError' member) ipaclient/csrgen.py:385: [E1101(no-member), CSRGenerator.get_user_prompts] Module 'ipalib.errors' has no 'CertificateMappingError' member) ipaclient/csrgen.py:367: [W0612(unused-variable), CSRGenerator.get_user_prompts] Unused variable 'syntax_rules') * Module ipatests.test_ipaclient.test_csrgen ipatests/test_ipaclient/test_csrgen.py:322: [W0612(unused-variable), test_rule_handling.test_userdata_included] Unused variable 'script') ipatests/test_ipaclient/test_csrgen.py:324: [W0612(unused-variable), test_rule_handling.test_userdata_included] Unused variable 'expected_script'm) ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/433#issuecomment-278083528 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#439][synchronized] [WIP] [Py3] testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [WIP] [Py3] testing both py2/py3 in travis Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 182650cef909592963e9f30423d2f3a7c045bd07 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/3] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From aeef677b29279341d85994c9b969d0a0ba9c8743 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/3] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6301974..402c3ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,8 +15,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipalib diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0..43fcaae 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="RPMBUILD_OPTS=--define 'with_python3 0'" +else +env_opt="RPMBUILD_OPTS=" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment $env_opt \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set From 3d24d7075b72e1ccc4953cb920888ef29b047ed1 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 18:29:08 +0100 Subject: [PATCH 3/3] Travis: enable temporal Py3 testing This testconfig is temporal until all plugins are migrated into py3. After that this temporal config file will be removed and used only the previous one a
[Freeipa-devel] [freeipa PR#440][+pushed] [Py3] fix various issues in tests related to BytesWarning
URL: https://github.com/freeipa/freeipa/pull/440 Title: #440: [Py3] fix various issues in tests related to BytesWarning Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#440][comment] [Py3] fix various issues in tests related to BytesWarning
URL: https://github.com/freeipa/freeipa/pull/440 Title: #440: [Py3] fix various issues in tests related to BytesWarning MartinBasti commented: """ The last commit has wrong ticket """ See the full comment at https://github.com/freeipa/freeipa/pull/440#issuecomment-278346559 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#440][comment] [Py3] fix various issues in tests related to BytesWarning
URL: https://github.com/freeipa/freeipa/pull/440 Title: #440: [Py3] fix various issues in tests related to BytesWarning MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/d38540acd614bcaa489023401fc8db7c02cd3892 https://fedorahosted.org/freeipa/changeset/6bb5af7bea21d44b4e5ee20cfaa2f76b12ea0929 https://fedorahosted.org/freeipa/changeset/a5ccdc16cbcec433ef061dfe65515e32c3021ea2 """ See the full comment at https://github.com/freeipa/freeipa/pull/440#issuecomment-278346715 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#439][synchronized] [WIP] [Py3] testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [WIP] [Py3] testing both py2/py3 in travis Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 06d613cbcba799b0510fd3e4b7245a94de12aa1e Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/3] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From 7c5f2fe33ad20259dfe082a5a291c6d0ace8dfe4 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/3] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6301974..402c3ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,8 +15,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipalib diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0..da0b88f 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="'RPMBUILD_OPTS=--define \'with_python3 0\''" +else +env_opt="RPMBUILD_OPTS=" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment $env_opt \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set From 97c17b98fc7922f721f70dc4f5f2ccda56623983 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 18:29:08 +0100 Subject: [PATCH 3/3] Travis: enable temporal Py3 testing This testconfig is temporal until all plugins are migrated into py3. After that this temporal config file will be removed and used only the previous
[Freeipa-devel] [freeipa PR#439][synchronized] [WIP] [Py3] testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [WIP] [Py3] testing both py2/py3 in travis Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 06d613cbcba799b0510fd3e4b7245a94de12aa1e Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/3] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From 95d57e6580a466693ff737006e9336b671bec95c Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/3] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6301974..402c3ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,8 +15,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipalib diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0..90bc039 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="\"RPMBUILD_OPTS=--define 'with_python3 0'\"" +else +env_opt="RPMBUILD_OPTS=" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment $env_opt \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set From 23ade9c30793ef61ddecef2c39e254eb87e71d77 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 18:29:08 +0100 Subject: [PATCH 3/3] Travis: enable temporal Py3 testing This testconfig is temporal until all plugins are migrated into py3. After that this temporal config file will be removed and used only th
[Freeipa-devel] [freeipa PR#439][synchronized] [WIP] [Py3] testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [WIP] [Py3] testing both py2/py3 in travis Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 06d613cbcba799b0510fd3e4b7245a94de12aa1e Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/3] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From 27cf7f47de77db640a8c17f99cf482469b34f090 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/3] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6301974..402c3ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,8 +15,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipalib diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0..3637692 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="--define 'with_python3 0'" +else +env_opt="" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment "RPMBUILD_OPTS=\"$env_opt\"" \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set From 04f2f3763249850a529180f92cb1295ba89f515e Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 18:29:08 +0100 Subject: [PATCH 3/3] Travis: enable temporal Py3 testing This testconfig is temporal until all plugins are migrated into py3. After that this temporal config file will be removed and used only the
[Freeipa-devel] [freeipa PR#440][closed] [Py3] fix various issues in tests related to BytesWarning
URL: https://github.com/freeipa/freeipa/pull/440 Author: MartinBasti Title: #440: [Py3] fix various issues in tests related to BytesWarning Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/440/head:pr440 git checkout pr440 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#426][comment] DNSSEC: forwarders validation improvement
URL: https://github.com/freeipa/freeipa/pull/426 Title: #426: DNSSEC: forwarders validation improvement MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/387a1513bb9dc0dc546753bfaa8a59aae8f30b83 """ See the full comment at https://github.com/freeipa/freeipa/pull/426#issuecomment-278351747 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#426][closed] DNSSEC: forwarders validation improvement
URL: https://github.com/freeipa/freeipa/pull/426 Author: MartinBasti Title: #426: DNSSEC: forwarders validation improvement Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/426/head:pr426 git checkout pr426 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#426][+pushed] DNSSEC: forwarders validation improvement
URL: https://github.com/freeipa/freeipa/pull/426 Title: #426: DNSSEC: forwarders validation improvement Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#440][synchronized] [Py3] fix various issues in tests related to BytesWarning
URL: https://github.com/freeipa/freeipa/pull/440 Author: MartinBasti Title: #440: [Py3] fix various issues in tests related to BytesWarning Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/440/head:pr440 git checkout pr440 From 2196847478d8cb9b7a6f69db3b20b26360ffe7f1 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Thu, 2 Feb 2017 15:48:19 +0100 Subject: [PATCH 1/3] py3: DN: fix BytesWarning User repr() instead of str() for bytes, it has the same effect, but it is proper way how to print bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/dn.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipapython/dn.py b/ipapython/dn.py index 2f7655d..4e8c22b 100644 --- a/ipapython/dn.py +++ b/ipapython/dn.py @@ -452,7 +452,7 @@ def _adjust_indices(start, end, length): def _normalize_ava_input(val): if six.PY3 and isinstance(val, bytes): -raise TypeError('expected str, got bytes: %s' % val) +raise TypeError('expected str, got bytes: %r' % val) elif not isinstance(val, six.string_types): val = val_encode(six.text_type(val)) elif six.PY2 and isinstance(val, unicode): From 3f5564741e3eb1927ee34f5c9834d41c6282142d Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Thu, 2 Feb 2017 16:51:21 +0100 Subject: [PATCH 2/3] py3: get_memberofindirect: fix ByteWarnings DN must be converted to bytes as other variables adn lists contain bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/ipaldap.py | 6 -- ipaserver/plugins/baseldap.py | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 497b947..4de8a21 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -379,8 +379,10 @@ def _set_raw(self, name, value): name, value.__class__.__name__, value)) for (i, item) in enumerate(value): if not isinstance(item, bytes): -raise TypeError("%s[%d] value must be str, got %s object %r" % ( -name, i, item.__class__.__name__, item)) +raise TypeError( +"%s[%d] value must be bytes, got %s object %r" % ( +name, i, item.__class__.__name__, item) +) name = self._add_attr_name(name) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index e7bf43c..94c8547 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -722,7 +722,7 @@ def get_memberofindirect(self, entry): direct = set() indirect = set(entry.raw.get('memberof', [])) for group_entry in result: -dn = str(group_entry.dn) +dn = str(group_entry.dn).encode('utf-8') if dn in indirect: indirect.remove(dn) direct.add(dn) From a34e9db9711e8e63a35655b50a2e8fd875018746 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 13:37:56 +0100 Subject: [PATCH 3/3] py3: test_ipaserver: fix BytesWarnings https://fedorahosted.org/freeipa/ticket/4985 --- ipatests/test_ipaserver/test_rpcserver.py | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ipatests/test_ipaserver/test_rpcserver.py b/ipatests/test_ipaserver/test_rpcserver.py index 6cc2472..7ee94d3 100644 --- a/ipatests/test_ipaserver/test_rpcserver.py +++ b/ipatests/test_ipaserver/test_rpcserver.py @@ -62,7 +62,7 @@ def test_not_found(): url = '/ipa/foo/stuff' assert_equal( f.not_found(None, s, url, None), -[t % dict(url='/ipa/foo/stuff')] +[(t % dict(url='/ipa/foo/stuff')).encode('utf-8')] ) assert s.status == '404 Not Found' assert s.headers == [('Content-Type', 'text/html; charset=utf-8')] @@ -72,7 +72,9 @@ def test_not_found(): url ='' + 'do_bad_stuff();' assert_equal( f.not_found(None, s, url, None), -[t % dict(url='nbsp;scriptdo_bad_stuff();/script')] +[(t % dict( +url='nbsp;scriptdo_bad_stuff();/script') +).encode('utf-8')] ) assert s.status == '404 Not Found' assert s.headers == [('Content-Type', 'text/html; charset=utf-8')] @@ -86,7 +88,7 @@ def test_bad_request(): assert_equal( f.bad_request(None, s, 'illegal request'), -[t % dict(message='illegal request')] +[(t % dict(message='illegal request')).encode('utf-8')] ) assert s.status == '400 Bad Request' assert s.headers == [('Content-Type', 'text/html; charset=utf-8')] @@ -100,7 +102,7 @@ def test_internal_error(): assert_equal( f.internal_error(None, s, 'request failed'), -[t % dict(message='request failed')] +[(t % dict(message='request failed')).encode('utf-8')] ) assert
[Freeipa-devel] [freeipa PR#439][synchronized] [WIP] [Py3] testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [WIP] [Py3] testing both py2/py3 in travis Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 06d613cbcba799b0510fd3e4b7245a94de12aa1e Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/3] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From 7c5f2fe33ad20259dfe082a5a291c6d0ace8dfe4 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/3] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6301974..402c3ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,8 +15,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipalib diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0..da0b88f 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="'RPMBUILD_OPTS=--define \'with_python3 0\''" +else +env_opt="RPMBUILD_OPTS=" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment $env_opt \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set From aa180046761cbd7b5ca5c2a213d08d2aa443e4b9 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 18:29:08 +0100 Subject: [PATCH 3/3] Travis: enable temporal Py3 testing This testconfig is temporal until all plugins are migrated into py3. After that this temporal config file will be removed and used only the previous
[Freeipa-devel] [freeipa PR#440][comment] [Py3] fix various issues in tests related to BytesWarning
URL: https://github.com/freeipa/freeipa/pull/440 Title: #440: [Py3] fix various issues in tests related to BytesWarning MartinBasti commented: """ The last commit has wrong ticket """ See the full comment at https://github.com/freeipa/freeipa/pull/440#issuecomment-278346559 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#439][synchronized] [WIP] [Py3] testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: [WIP] [Py3] testing both py2/py3 in travis Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From 06d613cbcba799b0510fd3e4b7245a94de12aa1e Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/3] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 620adc3..9b5ff1d 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -30,6 +30,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index 9bfc899..0ad50e4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,7 +106,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -115,7 +115,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 27a979c..7e77b32 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -2,11 +2,15 @@ # subpackages %{!?ONLY_CLIENT:%global ONLY_CLIENT 0} +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From 314dee7f389defd7fe53d38a0106552322a8e213 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/3] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6301974..402c3ee 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,8 +15,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipalib diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0..540c883 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="--define 'with_python3 0'" +else +env_opt="" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment "RPMBUILD_OPTS=$env_opt" \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set From 138cb93cfb1f7da5e6e50442efbbf0e40c26d9bc Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 7 Feb 2017 18:29:08 +0100 Subject: [PATCH 3/3] Travis: enable temporal Py3 testing This testconfig is temporal until all plugins are migrated into py3. After that this temporal config file will be removed and used only the previous one ag
[Freeipa-devel] [freeipa PR#431][comment] py3: ldapupdate: fix logging str(bytes) issue
URL: https://github.com/freeipa/freeipa/pull/431 Title: #431: py3: ldapupdate: fix logging str(bytes) issue MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/b24787a67fd8b19b9222979a963a8f28b22153ee """ See the full comment at https://github.com/freeipa/freeipa/pull/431#issuecomment-278394914 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#431][closed] py3: ldapupdate: fix logging str(bytes) issue
URL: https://github.com/freeipa/freeipa/pull/431 Author: MartinBasti Title: #431: py3: ldapupdate: fix logging str(bytes) issue Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/431/head:pr431 git checkout pr431 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#452][opened] [ WIP] ipa-run-tests: allow to run tests with server-api
URL: https://github.com/freeipa/freeipa/pull/452 Author: MartinBasti Title: #452: [ WIP] ipa-run-tests: allow to run tests with server-api Action: opened PR body: """ This allow to test server-api with ipa-run-tests. It is useful because internal error tracebacks are printed to test output and it is handy to use it with python -bb option to check BytesWarnings - I havent tested option parsing in pytest yet, only the code around that allows to run server_api - This can be useful with Travis to see tracebacks directly in test output - tests may be faster - we should really rename test_xmlrpc to something like test_api - I will use this for python -bb testing """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/452/head:pr452 git checkout pr452 From 5844f0ab0a63ea162b46399774cb8ec0ba845706 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Wed, 8 Feb 2017 20:03:53 +0100 Subject: [PATCH] ipa-run-tests: allow to run tests with server-api This allow to test server-api with ipa-run-tests. It is useful because internal error tracebacks are printed to test output and it is handy to use it with python -bb option to check BytesWarnings --- ipatests/conftest.py| 24 +++- ipatests/test_xmlrpc/xmlrpc_test.py | 16 2 files changed, 35 insertions(+), 5 deletions(-) diff --git a/ipatests/conftest.py b/ipatests/conftest.py index 6d8ba60..7e3c0e9 100644 --- a/ipatests/conftest.py +++ b/ipatests/conftest.py @@ -71,9 +71,31 @@ def pytest_configure(config): config.option.doctestmodules = True +def pytest_addoption(parser): +def truefalse(arg): +if arg.lower() == 'true': +return True +if arg.lower() == 'false': +return False +return arg # triggers an error later + +group = parser.getgroup("IPA integration tests") +group.addoption( +'--in-server', +dest="ipa_in_server", +type=truefalse, +choices=(True, False), +default=False, +help="Run IPA tests with in-server API (talk directly to LDAP, avoid " + "http communications). Requires to run test on " + "installed server (default: False)" +) + + def pytest_cmdline_main(config): api.bootstrap( -context=u'cli', in_server=False, in_tree=True, fallback=False +context=u'cli', in_server=config.option.ipa_in_server, +in_tree=True, fallback=False ) for klass in cli_plugins: api.add_plugin(klass) diff --git a/ipatests/test_xmlrpc/xmlrpc_test.py b/ipatests/test_xmlrpc/xmlrpc_test.py index 67565b0..7bc4fcc 100644 --- a/ipatests/test_xmlrpc/xmlrpc_test.py +++ b/ipatests/test_xmlrpc/xmlrpc_test.py @@ -131,8 +131,12 @@ def fuzzy_set_ci(s): return Fuzzy(test=lambda other: set(x.lower() for x in other) == set(y.lower() for y in s)) try: -if not api.Backend.rpcclient.isconnected(): -api.Backend.rpcclient.connect() +if api.env.in_server: +if not api.Backend.ldap2.isconnected(): +api.Backend.ldap2.connect() +else: +if not api.Backend.rpcclient.isconnected(): +api.Backend.rpcclient.connect() res = api.Command['user_show'](u'notfound') except errors.NetworkError: server_available = False @@ -206,8 +210,12 @@ def setup_class(cls): if not server_available: raise nose.SkipTest('%r: Server not available: %r' % (cls.__module__, api.env.xmlrpc_uri)) -if not api.Backend.rpcclient.isconnected(): -api.Backend.rpcclient.connect() +if api.env.in_server: +if not api.Backend.ldap2.isconnected(): +api.Backend.ldap2.connect() +else: +if not api.Backend.rpcclient.isconnected(): +api.Backend.rpcclient.connect() @classmethod def teardown_class(cls): -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#430][comment] [py3] tests_xmlrpc: do not call str() on bytes
URL: https://github.com/freeipa/freeipa/pull/430 Title: #430: [py3] tests_xmlrpc: do not call str() on bytes MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/5de70e31999eb219bd47aa81b0c003a6c15cf748 """ See the full comment at https://github.com/freeipa/freeipa/pull/430#issuecomment-276947658 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#430][+pushed] [py3] tests_xmlrpc: do not call str() on bytes
URL: https://github.com/freeipa/freeipa/pull/430 Title: #430: [py3] tests_xmlrpc: do not call str() on bytes Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#430][closed] [py3] tests_xmlrpc: do not call str() on bytes
URL: https://github.com/freeipa/freeipa/pull/430 Author: MartinBasti Title: #430: [py3] tests_xmlrpc: do not call str() on bytes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/430/head:pr430 git checkout pr430 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#425][closed] ipa-kra-install must create directory if it does not exist
URL: https://github.com/freeipa/freeipa/pull/425 Author: flo-renaud Title: #425: ipa-kra-install must create directory if it does not exist Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/425/head:pr425 git checkout pr425 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#427][synchronized] [Py3] WSGI part 2
URL: https://github.com/freeipa/freeipa/pull/427 Author: MartinBasti Title: #427: [Py3] WSGI part 2 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/427/head:pr427 git checkout pr427 From 162cbe92129170f45267e38e14ebdb31e09ab4cd Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 24 Jan 2017 17:49:06 +0100 Subject: [PATCH 1/8] py3: base64 encoding/decoding returns always bytes don't mix it Using unicode(bytes) call causes undesired side effect that is inserting `b` character to result. This obviously causes issues with binary base64 data https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/plugins/baseldap.py | 2 +- ipaserver/plugins/ca.py | 4 +--- ipaserver/plugins/cert.py | 2 +- ipaserver/secrets/client.py | 6 -- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index e7bf43c..24b6db7 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -1036,7 +1036,7 @@ def process_attr_options(self, entry_attrs, dn, keys, options): except ValueError: if isinstance(delval, bytes): # This is a Binary value, base64 encode it -delval = unicode(base64.b64encode(delval)) +delval = base64.b64encode(delval).decode('ascii') raise errors.AttrValueNotFound(attr=attr, value=delval) # normalize all values diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py index 4f24278..3a052a1 100644 --- a/ipaserver/plugins/ca.py +++ b/ipaserver/plugins/ca.py @@ -4,8 +4,6 @@ import base64 -import six - from ipalib import api, errors, output, Bytes, DNParam, Flag, Str from ipalib.constants import IPA_CA_CN from ipalib.plugable import Registry @@ -176,7 +174,7 @@ def set_certificate_attrs(entry, options, want_cert=True): with api.Backend.ra_lightweight_ca as ca_api: if want_cert or full: der = ca_api.read_ca_cert(ca_id) -entry['certificate'] = six.text_type(base64.b64encode(der)) +entry['certificate'] = base64.b64encode(der).decode('ascii') if want_chain or full: pkcs7_der = ca_api.read_ca_chain(ca_id) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 5bf4cfb..6bf5c03 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1260,7 +1260,7 @@ def _get_cert_key(self, cert): return (DN(cert_obj.issuer), cert_obj.serial) def _get_cert_obj(self, cert, all, raw, pkey_only): -obj = {'certificate': unicode(base64.b64encode(cert))} +obj = {'certificate': base64.b64encode(cert).decode('ascii')} full = not pkey_only and all if not raw: diff --git a/ipaserver/secrets/client.py b/ipaserver/secrets/client.py index a04b9a6..a945e01 100644 --- a/ipaserver/secrets/client.py +++ b/ipaserver/secrets/client.py @@ -70,7 +70,8 @@ def init_creds(self): name = gssapi.Name(self.client_service, gssapi.NameType.hostbased_service) store = {'client_keytab': self.keytab, - 'ccache': 'MEMORY:Custodia_%s' % b64encode(os.urandom(8))} + 'ccache': 'MEMORY:Custodia_%s' % b64encode( + os.urandom(8)).decode('ascii')} return gssapi.Credentials(name=name, store=store, usage='initiate') def _auth_header(self): @@ -78,7 +79,8 @@ def _auth_header(self): self.creds = self.init_creds() ctx = gssapi.SecurityContext(name=self.service_name, creds=self.creds) authtok = ctx.step() -return {'Authorization': 'Negotiate %s' % b64encode(authtok)} +return {'Authorization': 'Negotiate %s' % b64encode( +authtok).decode('ascii')} def fetch_key(self, keyname, store=True): From 29b280bf7e3c88de40647adc3b06bf84f4b827f1 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 24 Jan 2017 18:31:50 +0100 Subject: [PATCH 2/8] py3: base64.b64encode requires bytes as param Decimal must be changed to string first and then encoded to bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipalib/rpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 356ec42..3dc7936 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -308,7 +308,7 @@ def json_encode_binary(val, version): encoded = encoded.decode('ascii') return {'__base64__': encoded} elif isinstance(val, Decimal): -return {'__base64__': base64.b64encode(str(val))} +return {'__base64__': base64.b64encode(str(val).encode('ascii'))} elif isinstance(val, DN): return str(val) elif isinstance(val, datetime.datetime): From 91876550e768b362fdab729ee21d
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check MartinBasti commented: """ @tomaskrizek on current versions of RHEL and fedora IPA doesn't start in FIPS, but upgrading first and then enabling FIPS might be the way """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-28586 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#432][comment] build: Add missing dependency on libxmlrpc{, _util}
URL: https://github.com/freeipa/freeipa/pull/432 Title: #432: build: Add missing dependency on libxmlrpc{,_util} MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/f4088b3a00b3cbd1a0133ac90cba85e501573f76 """ See the full comment at https://github.com/freeipa/freeipa/pull/432#issuecomment-277732073 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#435][synchronized] py3: cert.py: create principal object from string
URL: https://github.com/freeipa/freeipa/pull/435 Author: MartinBasti Title: #435: py3: cert.py: create principal object from string Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/435/head:pr435 git checkout pr435 From aa2169f023287e308f6541bec56720865f54b331 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Mon, 6 Feb 2017 12:14:38 +0100 Subject: [PATCH] py3: x509.py: return principal as unicode string X509 return principal as unicode string https://fedorahosted.org/freeipa/ticket/4985 https://fedorahosted.org/freeipa/ticket/6640 --- ipalib/x509.py | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ipalib/x509.py b/ipalib/x509.py index 87d46ae..60a947b 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -361,13 +361,13 @@ class _KRB5PrincipalName(univ.Sequence): def _decode_krb5principalname(data): principal = decoder.decode(data, asn1Spec=_KRB5PrincipalName())[0] -realm = (str(principal['realm']).replace('\\', '') -.replace('@', '\\@')) +realm = (unicode(principal['realm']).replace('\\', '') +.replace('@', '\\@')) name = principal['principalName']['name-string'] -name = '/'.join(str(n).replace('\\', '') - .replace('/', '\\/') - .replace('@', '\\@') for n in name) -name = '%s@%s' % (name, realm) +name = u'/'.join(unicode(n).replace('\\', '') + .replace('/', '\\/') + .replace('@', '\\@') for n in name) +name = u'%s@%s' % (name, realm) return name -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check MartinBasti commented: """ I'm still afraid that users may want to create a FIPS replica from the non-FIPS master, even if it is not recommended due security. How can be this achieved? """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-277743511 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#432][+pushed] build: Add missing dependency on libxmlrpc{, _util}
URL: https://github.com/freeipa/freeipa/pull/432 Title: #432: build: Add missing dependency on libxmlrpc{,_util} Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#432][closed] build: Add missing dependency on libxmlrpc{, _util}
URL: https://github.com/freeipa/freeipa/pull/432 Author: dkupka Title: #432: build: Add missing dependency on libxmlrpc{,_util} Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/432/head:pr432 git checkout pr432 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#422][+pushed] Fix reference before assignment
URL: https://github.com/freeipa/freeipa/pull/422 Title: #422: Fix reference before assignment Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#422][closed] Fix reference before assignment
URL: https://github.com/freeipa/freeipa/pull/422 Author: frasertweedale Title: #422: Fix reference before assignment Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/422/head:pr422 git checkout pr422 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#422][comment] Fix reference before assignment
URL: https://github.com/freeipa/freeipa/pull/422 Title: #422: Fix reference before assignment MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/924794f62b9d3d0f46ca18e4f9338eaed865c03e """ See the full comment at https://github.com/freeipa/freeipa/pull/422#issuecomment-277734802 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#435][edited] py3: fix replica install regression
URL: https://github.com/freeipa/freeipa/pull/435 Author: MartinBasti Title: #435: py3: fix replica install regression Action: edited Changed field: title Original value: """ py3: cert.py: create principal object from string """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#409][+ack] ipatests: nested netgroups (intg)
URL: https://github.com/freeipa/freeipa/pull/409 Title: #409: ipatests: nested netgroups (intg) Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#428][edited] [WIP] [Py3] ipa-server-install
URL: https://github.com/freeipa/freeipa/pull/428 Author: MartinBasti Title: #428: [WIP] [Py3] ipa-server-install Action: edited Changed field: title Original value: """ [WIP] [Py3] ipa-server-install """ -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#428][synchronized] [WIP] [Py3] ipa-server-install
URL: https://github.com/freeipa/freeipa/pull/428 Author: MartinBasti Title: #428: [WIP] [Py3] ipa-server-install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/428/head:pr428 git checkout pr428 From 4d367dfa6e02858132f62e5695714939310c1637 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 17:00:42 +0100 Subject: [PATCH 01/11] py3: modify_s: attribute name must be str not bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/ipaldap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 37d23d7..3df82b3 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -727,7 +727,7 @@ def modify_s(self, dn, modlist): # FIXME: for backwards compatibility only assert isinstance(dn, DN) dn = str(dn) -modlist = [(a, self.encode(b), self.encode(c)) for a, b, c in modlist] +modlist = [(a, b, self.encode(c)) for a, b, c in modlist] return self.conn.modify_s(dn, modlist) @property From 9a045ddb67760192766923cd5a597227d5a4edda Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 17:33:44 +0100 Subject: [PATCH 02/11] py3: configparser: use raw keyword configparser.get() changed in python3 and `raw` is now a keyword attribute. Also it must be set to True, otherwise InterpolationSyntaxError is raised ''' InterpolationSyntaxError: '%' must be followed by '%' or '(', found: '%2fvar%2frun%2fslapd-EXAMPLE-COM.socket' ''' https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/secrets/kem.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py index 143caaf..3577975 100644 --- a/ipaserver/secrets/kem.py +++ b/ipaserver/secrets/kem.py @@ -181,7 +181,7 @@ def __init__(self, config=None, ipaconf=paths.IPA_DEFAULT_CONF): self.realm = conf.get('global', 'realm') self.ldap_uri = config.get('ldap_uri', None) if self.ldap_uri is None: -self.ldap_uri = conf.get('global', 'ldap_uri', None) +self.ldap_uri = conf.get('global', 'ldap_uri', raw=True) self._server_keys = None def find_key(self, kid, usage): From 7dcd8723ef638c23b7d22a0f36cf242cc8aef71c Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 18:10:37 +0100 Subject: [PATCH 03/11] py3: custodia: basedn must be unicode basedn in custodia related modules has type bytes, that causes issues in Py3 when strings were concatenated with bytes ``` malformed RDN string = "cn=custodia,cn=ipa,cn=etc,b'dc=example,dc=com'" ``` https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/secrets/common.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/secrets/common.py b/ipaserver/secrets/common.py index 2b906b6..f3dc320 100644 --- a/ipaserver/secrets/common.py +++ b/ipaserver/secrets/common.py @@ -23,7 +23,7 @@ def basedn(self): if self._basedn is None: conn = self.connect() r = conn.search_s('', ldap.SCOPE_BASE) -self._basedn = r[0][1]['defaultnamingcontext'][0] +self._basedn = r[0][1]['defaultnamingcontext'][0].decode('utf-8') return self._basedn def connect(self): From b07246ffe79a5dd00a9ab02c7f6ae23260e4cecd Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 31 Jan 2017 18:11:42 +0100 Subject: [PATCH 04/11] py3: kem.py: user bytes with ldap values python ldap requires bytes as values https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/secrets/kem.py | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py index 3577975..5d784b7 100644 --- a/ipaserver/secrets/kem.py +++ b/ipaserver/secrets/kem.py @@ -130,13 +130,13 @@ def set_key(self, usage, principal, key): service_rdn = ('cn', servicename) if servicename != 'host' else DN() dn = str(DN(('cn', name), service_rdn, self.keysbase)) try: -mods = [('objectClass', ['nsContainer', - 'ipaKeyPolicy', - 'ipaPublicKeyObject', - 'groupOfPrincipals']), -('cn', name), -('ipaKeyUsage', RFC5280_USAGE_MAP[usage]), -('memberPrincipal', principal), +mods = [('objectClass', [b'nsContainer', + b'ipaKeyPolicy', + b'ipaPublicKeyObject', + b'groupOfPrincipals']), +('cn', name.encode('utf-8')), +('ipaKeyUsage', RFC5280_USAGE_MAP[usage].encode('utf-8')), +('
[Freeipa-devel] [freeipa PR#424][comment] Tests: fix wait_for_replication task
URL: https://github.com/freeipa/freeipa/pull/424 Title: #424: Tests: fix wait_for_replication task MartinBasti commented: """ bump for review """ See the full comment at https://github.com/freeipa/freeipa/pull/424#issuecomment-278315718 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#423][synchronized] dns-update-system-records: add support for nsupdate output format
URL: https://github.com/freeipa/freeipa/pull/423 Author: MartinBasti Title: #423: dns-update-system-records: add support for nsupdate output format Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/423/head:pr423 git checkout pr423 From 2a54c73bb54b63cb966998db8a01b4224264af25 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 13:42:19 +0100 Subject: [PATCH 1/2] DNS: dns-update-system-record can create nsupdate file Added option --out creates a file with IPA DNS data in nsupdate format. https://fedorahosted.org/freeipa/ticket/6585 --- ipaclient/plugins/dns.py | 74 1 file changed, 68 insertions(+), 6 deletions(-) diff --git a/ipaclient/plugins/dns.py b/ipaclient/plugins/dns.py index 42ccd3d..b3021ba 100644 --- a/ipaclient/plugins/dns.py +++ b/ipaclient/plugins/dns.py @@ -35,6 +35,7 @@ from ipalib.parameters import Bool, Str from ipalib.plugable import Registry from ipalib import _, ngettext +from ipalib import util from ipapython.dnsutil import DNSName if six.PY3: @@ -417,6 +418,63 @@ def interactive_prompt_callback(self, kw): @register(override=True, no_fail=True) class dns_update_system_records(MethodOverride): +record_groups = ('ipa_records', 'location_records') + +def get_options(self): +for option in super(dns_update_system_records, self).get_options(): +yield option +yield Str( +'out?', +include='cli', +doc=_('file to store DNS records in nsupdate format') +) + +def _standard_output(self, textui, result, labels): +"""Print output in standard format common across the other plugins""" +for key in self.record_groups: +if result.get(key): +textui.print_indented(u'{}:'.format(labels[key]), indent=1) +for val in sorted(result[key]): +textui.print_indented(val, indent=2) +textui.print_line(u'') + +def _nsupdate_output_file(self, file, result, labels): +"""Store data in nsupdate format in file""" +def parse_rname_rtype(record): +"""Get rname and rtype from textual representation of record""" +l = record.split(' ', 4) +return l[0], l[3] + +already_removed = set() +for key in self.record_groups: +if key in result: +file.write("; {}\n".format(labels[key])) # comment +for val in sorted(result[key]): +# delete old first +r_name_type = parse_rname_rtype(val) +if r_name_type not in already_removed: +# remove it only once +already_removed.add(r_name_type) +file.write("update delete {rname} {rtype}\n".format( +rname=r_name_type[0], rtype=r_name_type[1] +)) +# add new +file.write("update add {}\n".format(val)) +file.write("send\n\n") + +def forward(self, *keys, **options): +# pop `out` before sending to server as it is only client side option +out = options.pop('out', None) +if out: +util.check_writable_file(out) + +res = super(dns_update_system_records, self).forward(*keys, **options) + +if out: +options['out'] = out + +return res + def output_for_cli(self, textui, output, *args, **options): output_super = copy.deepcopy(output) super_res = output_super.get('result', {}) @@ -431,11 +489,15 @@ def output_for_cli(self, textui, output, *args, **options): } result = output.get('result', {}) -for key in ('ipa_records', 'location_records'): -if result.get(key): -textui.print_indented(u'{}:'.format(labels[key]), indent=1) -for val in sorted(result[key]): -textui.print_indented(val, indent=2) -textui.print_line(u'') + +self._standard_output(textui, result, labels) + +out = options.get('out') # output to file +if out: +try: +with open(out, "w") as f: +self._nsupdate_output_file(f, result, labels) +except (OSError, IOError) as e: +raise errors.FileError(reason=unicode(e)) return int(not output['value']) From c772fac83753ca5db4fa4fb5a6cdb80cb128bc05 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Mon, 30 Jan 2017 21:18:46 +0100 Subject: [PATCH 2/2] Test: DNS nsupdate from dns-update-system-records Get nsupdate data from dns-up
[Freeipa-devel] [freeipa PR#434][comment] csrgen: Automate full cert request flow
URL: https://github.com/freeipa/freeipa/pull/434 Title: #434: csrgen: Automate full cert request flow MartinBasti commented: """ - pylint: ``` * Module ipaclient.plugins.cert ipaclient/plugins/cert.py:102: [W1612(unicode-builtin), cert_request.forward] unicode built-in referenced) ipaclient/plugins/cert.py:127: [W1612(unicode-builtin), cert_request.forward] unicode built-in referenced) ipaclient/plugins/cert.py:99: [W0612(unused-variable), cert_request.forward] Unused variable 'requestdata') ``` for unicode you can use etiher `six.string_type()` or ``` if six.PY3: unicode = str ``` - pep8 errors - failing test expects DN object instead of String """ See the full comment at https://github.com/freeipa/freeipa/pull/434#issuecomment-278085296 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#426][comment] DNSSEC: forwarders validation improvement
URL: https://github.com/freeipa/freeipa/pull/426 Title: #426: DNSSEC: forwarders validation improvement MartinBasti commented: """ I was thinking about it and I disagree. Checking forwards zone behaves differently than check for global forwarders. The validate `_dnssec_zone_forwarder_step2` is called aginst an IPA DNS server, so there shouln't be that issue as we know how bind is supposed to work. """ See the full comment at https://github.com/freeipa/freeipa/pull/426#issuecomment-278326644 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#428][synchronized] [Py3] ipa-server-install
URL: https://github.com/freeipa/freeipa/pull/428 Author: MartinBasti Title: #428: [Py3] ipa-server-install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/428/head:pr428 git checkout pr428 From 4d367dfa6e02858132f62e5695714939310c1637 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 17:00:42 +0100 Subject: [PATCH 01/11] py3: modify_s: attribute name must be str not bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/ipaldap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 37d23d7..3df82b3 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -727,7 +727,7 @@ def modify_s(self, dn, modlist): # FIXME: for backwards compatibility only assert isinstance(dn, DN) dn = str(dn) -modlist = [(a, self.encode(b), self.encode(c)) for a, b, c in modlist] +modlist = [(a, b, self.encode(c)) for a, b, c in modlist] return self.conn.modify_s(dn, modlist) @property From 9a045ddb67760192766923cd5a597227d5a4edda Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 17:33:44 +0100 Subject: [PATCH 02/11] py3: configparser: use raw keyword configparser.get() changed in python3 and `raw` is now a keyword attribute. Also it must be set to True, otherwise InterpolationSyntaxError is raised ''' InterpolationSyntaxError: '%' must be followed by '%' or '(', found: '%2fvar%2frun%2fslapd-EXAMPLE-COM.socket' ''' https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/secrets/kem.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py index 143caaf..3577975 100644 --- a/ipaserver/secrets/kem.py +++ b/ipaserver/secrets/kem.py @@ -181,7 +181,7 @@ def __init__(self, config=None, ipaconf=paths.IPA_DEFAULT_CONF): self.realm = conf.get('global', 'realm') self.ldap_uri = config.get('ldap_uri', None) if self.ldap_uri is None: -self.ldap_uri = conf.get('global', 'ldap_uri', None) +self.ldap_uri = conf.get('global', 'ldap_uri', raw=True) self._server_keys = None def find_key(self, kid, usage): From 7dcd8723ef638c23b7d22a0f36cf242cc8aef71c Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 27 Jan 2017 18:10:37 +0100 Subject: [PATCH 03/11] py3: custodia: basedn must be unicode basedn in custodia related modules has type bytes, that causes issues in Py3 when strings were concatenated with bytes ``` malformed RDN string = "cn=custodia,cn=ipa,cn=etc,b'dc=example,dc=com'" ``` https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/secrets/common.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/secrets/common.py b/ipaserver/secrets/common.py index 2b906b6..f3dc320 100644 --- a/ipaserver/secrets/common.py +++ b/ipaserver/secrets/common.py @@ -23,7 +23,7 @@ def basedn(self): if self._basedn is None: conn = self.connect() r = conn.search_s('', ldap.SCOPE_BASE) -self._basedn = r[0][1]['defaultnamingcontext'][0] +self._basedn = r[0][1]['defaultnamingcontext'][0].decode('utf-8') return self._basedn def connect(self): From b07246ffe79a5dd00a9ab02c7f6ae23260e4cecd Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 31 Jan 2017 18:11:42 +0100 Subject: [PATCH 04/11] py3: kem.py: user bytes with ldap values python ldap requires bytes as values https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/secrets/kem.py | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py index 3577975..5d784b7 100644 --- a/ipaserver/secrets/kem.py +++ b/ipaserver/secrets/kem.py @@ -130,13 +130,13 @@ def set_key(self, usage, principal, key): service_rdn = ('cn', servicename) if servicename != 'host' else DN() dn = str(DN(('cn', name), service_rdn, self.keysbase)) try: -mods = [('objectClass', ['nsContainer', - 'ipaKeyPolicy', - 'ipaPublicKeyObject', - 'groupOfPrincipals']), -('cn', name), -('ipaKeyUsage', RFC5280_USAGE_MAP[usage]), -('memberPrincipal', principal), +mods = [('objectClass', [b'nsContainer', + b'ipaKeyPolicy', + b'ipaPublicKeyObject', + b'groupOfPrincipals']), +('cn', name.encode('utf-8')), +('ipaKeyUsage', RFC5280_USAGE_MAP[usage].encode('utf-8')), +('memberP
[Freeipa-devel] [freeipa PR#427][synchronized] [Py3] WSGI part 2
URL: https://github.com/freeipa/freeipa/pull/427 Author: MartinBasti Title: #427: [Py3] WSGI part 2 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/427/head:pr427 git checkout pr427 From 8cb5b0f48c8f273cdc227ac8d7f399670f4bad5a Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 24 Jan 2017 17:49:06 +0100 Subject: [PATCH 1/7] py3: base64 encoding/decoding returns always bytes don't mix it Using unicode(bytes) call causes undesired side effect that is inserting `b` character to result. This obviously causes issues with binary base64 data https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/plugins/baseldap.py | 4 ++-- ipaserver/plugins/ca.py | 4 +--- ipaserver/plugins/cert.py | 2 +- ipaserver/secrets/client.py | 6 -- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index e7bf43c..2f7889b 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -1036,8 +1036,8 @@ def process_attr_options(self, entry_attrs, dn, keys, options): except ValueError: if isinstance(delval, bytes): # This is a Binary value, base64 encode it -delval = unicode(base64.b64encode(delval)) -raise errors.AttrValueNotFound(attr=attr, value=delval) +delval = base64.b64encode(delval).decode('ascii') +raise errors.AttrValueNotFound(attr=attr, value=delval) # normalize all values changedattrs = setattrs | addattrs | delattrs diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py index 4f24278..3a052a1 100644 --- a/ipaserver/plugins/ca.py +++ b/ipaserver/plugins/ca.py @@ -4,8 +4,6 @@ import base64 -import six - from ipalib import api, errors, output, Bytes, DNParam, Flag, Str from ipalib.constants import IPA_CA_CN from ipalib.plugable import Registry @@ -176,7 +174,7 @@ def set_certificate_attrs(entry, options, want_cert=True): with api.Backend.ra_lightweight_ca as ca_api: if want_cert or full: der = ca_api.read_ca_cert(ca_id) -entry['certificate'] = six.text_type(base64.b64encode(der)) +entry['certificate'] = base64.b64encode(der).decode('ascii') if want_chain or full: pkcs7_der = ca_api.read_ca_chain(ca_id) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 5bf4cfb..6bf5c03 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1260,7 +1260,7 @@ def _get_cert_key(self, cert): return (DN(cert_obj.issuer), cert_obj.serial) def _get_cert_obj(self, cert, all, raw, pkey_only): -obj = {'certificate': unicode(base64.b64encode(cert))} +obj = {'certificate': base64.b64encode(cert).decode('ascii')} full = not pkey_only and all if not raw: diff --git a/ipaserver/secrets/client.py b/ipaserver/secrets/client.py index a04b9a6..a945e01 100644 --- a/ipaserver/secrets/client.py +++ b/ipaserver/secrets/client.py @@ -70,7 +70,8 @@ def init_creds(self): name = gssapi.Name(self.client_service, gssapi.NameType.hostbased_service) store = {'client_keytab': self.keytab, - 'ccache': 'MEMORY:Custodia_%s' % b64encode(os.urandom(8))} + 'ccache': 'MEMORY:Custodia_%s' % b64encode( + os.urandom(8)).decode('ascii')} return gssapi.Credentials(name=name, store=store, usage='initiate') def _auth_header(self): @@ -78,7 +79,8 @@ def _auth_header(self): self.creds = self.init_creds() ctx = gssapi.SecurityContext(name=self.service_name, creds=self.creds) authtok = ctx.step() -return {'Authorization': 'Negotiate %s' % b64encode(authtok)} +return {'Authorization': 'Negotiate %s' % b64encode( +authtok).decode('ascii')} def fetch_key(self, keyname, store=True): From fcfeedf682f8993c0afe8bc85ec19cb275018882 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 24 Jan 2017 18:31:50 +0100 Subject: [PATCH 2/7] py3: base64.b64encode requires bytes as param Decimal must be changed to string first and then encoded to bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipalib/rpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index fb739f8..a3642a6 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -308,7 +308,7 @@ def json_encode_binary(val, version): encoded = encoded.decode('ascii') return {'__base64__': encoded} elif isinstance(val, Decimal): -return {'__base64__': base64.b64encode(str(val))} +return {'__base64__': base64.b64encode(str(val).e
[Freeipa-devel] [freeipa PR#429][synchronized] [py3] ipactl restart: log httplib failues as debug
URL: https://github.com/freeipa/freeipa/pull/429 Author: MartinBasti Title: #429: [py3] ipactl restart: log httplib failues as debug Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/429/head:pr429 git checkout pr429 From d8c7d3397536de66158828b29a7987fe6f1501b3 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 31 Jan 2017 22:51:31 +0100 Subject: [PATCH] py3: ipactl restart: log httplib failues as debug With python3 there are several excerptions ConnectionRefusedError raised before ipactl is able to connect to dogtag after restart. These exception should be logged on debug level until timeout is reached. https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/dogtag.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 01fc5cb..b171754 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -209,7 +209,7 @@ def _httplib_request( http_body = res.read() conn.close() except Exception as e: -root_logger.exception("httplib request failed:") +root_logger.debug("httplib request failed:", exc_info=True) raise NetworkError(uri=uri, error=str(e)) root_logger.debug('response status %d',http_status) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#429][opened] [py3] ipactl restart: log httplib failues as debug
URL: https://github.com/freeipa/freeipa/pull/429 Author: MartinBasti Title: #429: [py3] ipactl restart: log httplib failues as debug Action: opened PR body: """ With python3 there are several excerptions ConnectionRefusedError raised before ipactl is able to connect to dogtag after restart. These exception should be logged on debug level until timeout is reached. https://fedorahosted.org/freeipa/ticket/4985 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/429/head:pr429 git checkout pr429 From 6b3b2ea4058737003525c4571331284ee8d05cbb Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 31 Jan 2017 22:51:31 +0100 Subject: [PATCH] py3: ipactl restart: log httplib failues as debug With python3 there are several excerptions ConnectionRefusedError raised before ipactl is able to connect to dogtag after restart. These exception should be logged on debug level until timeout is reached. https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/dogtag.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 01fc5cb..c42b9d2 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -19,6 +19,7 @@ import collections import xml.dom.minidom +import traceback import nss.nss as nss import six @@ -209,7 +210,8 @@ def _httplib_request( http_body = res.read() conn.close() except Exception as e: -root_logger.exception("httplib request failed:") +root_logger.debug("httplib request failed") +root_logger.debug(traceback.format_exc()) raise NetworkError(uri=uri, error=str(e)) root_logger.debug('response status %d',http_status) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#427][synchronized] [Py3] WSGI part 2
URL: https://github.com/freeipa/freeipa/pull/427 Author: MartinBasti Title: #427: [Py3] WSGI part 2 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/427/head:pr427 git checkout pr427 From 7e99c15c21231e018132215ae6d3f6f0ddd3a40e Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 24 Jan 2017 17:49:06 +0100 Subject: [PATCH 1/7] py3: base64 encoding/decoding returns always bytes don't mix it Using unicode(bytes) call causes undesired side effect that is inserting `b` character to result. This obviously causes issues with binary base64 data https://fedorahosted.org/freeipa/ticket/4985 --- ipaserver/plugins/baseldap.py | 2 +- ipaserver/plugins/ca.py | 4 +--- ipaserver/plugins/cert.py | 2 +- ipaserver/secrets/client.py | 6 -- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index e7bf43c..24b6db7 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -1036,7 +1036,7 @@ def process_attr_options(self, entry_attrs, dn, keys, options): except ValueError: if isinstance(delval, bytes): # This is a Binary value, base64 encode it -delval = unicode(base64.b64encode(delval)) +delval = base64.b64encode(delval).decode('ascii') raise errors.AttrValueNotFound(attr=attr, value=delval) # normalize all values diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py index 4f24278..3a052a1 100644 --- a/ipaserver/plugins/ca.py +++ b/ipaserver/plugins/ca.py @@ -4,8 +4,6 @@ import base64 -import six - from ipalib import api, errors, output, Bytes, DNParam, Flag, Str from ipalib.constants import IPA_CA_CN from ipalib.plugable import Registry @@ -176,7 +174,7 @@ def set_certificate_attrs(entry, options, want_cert=True): with api.Backend.ra_lightweight_ca as ca_api: if want_cert or full: der = ca_api.read_ca_cert(ca_id) -entry['certificate'] = six.text_type(base64.b64encode(der)) +entry['certificate'] = base64.b64encode(der).decode('ascii') if want_chain or full: pkcs7_der = ca_api.read_ca_chain(ca_id) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 5bf4cfb..6bf5c03 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1260,7 +1260,7 @@ def _get_cert_key(self, cert): return (DN(cert_obj.issuer), cert_obj.serial) def _get_cert_obj(self, cert, all, raw, pkey_only): -obj = {'certificate': unicode(base64.b64encode(cert))} +obj = {'certificate': base64.b64encode(cert).decode('ascii')} full = not pkey_only and all if not raw: diff --git a/ipaserver/secrets/client.py b/ipaserver/secrets/client.py index a04b9a6..a945e01 100644 --- a/ipaserver/secrets/client.py +++ b/ipaserver/secrets/client.py @@ -70,7 +70,8 @@ def init_creds(self): name = gssapi.Name(self.client_service, gssapi.NameType.hostbased_service) store = {'client_keytab': self.keytab, - 'ccache': 'MEMORY:Custodia_%s' % b64encode(os.urandom(8))} + 'ccache': 'MEMORY:Custodia_%s' % b64encode( + os.urandom(8)).decode('ascii')} return gssapi.Credentials(name=name, store=store, usage='initiate') def _auth_header(self): @@ -78,7 +79,8 @@ def _auth_header(self): self.creds = self.init_creds() ctx = gssapi.SecurityContext(name=self.service_name, creds=self.creds) authtok = ctx.step() -return {'Authorization': 'Negotiate %s' % b64encode(authtok)} +return {'Authorization': 'Negotiate %s' % b64encode( +authtok).decode('ascii')} def fetch_key(self, keyname, store=True): From 24316d1ca054f262f438dfe96b5025c57170d5d9 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 24 Jan 2017 18:31:50 +0100 Subject: [PATCH 2/7] py3: base64.b64encode requires bytes as param Decimal must be changed to string first and then encoded to bytes https://fedorahosted.org/freeipa/ticket/4985 --- ipalib/rpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index fb739f8..a3642a6 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -308,7 +308,7 @@ def json_encode_binary(val, version): encoded = encoded.decode('ascii') return {'__base64__': encoded} elif isinstance(val, Decimal): -return {'__base64__': base64.b64encode(str(val))} +return {'__base64__': base64.b64encode(str(val).encode('ascii'))} elif isinstance(val, DN): return str(val) elif isinstance(val, datetime.datetime): From 3127a030d6678f920f2d79ca0db6
[Freeipa-devel] [freeipa PR#196][+rejected] ipatests: unresolvable nested netgroups
URL: https://github.com/freeipa/freeipa/pull/196 Title: #196: ipatests: unresolvable nested netgroups Label: +rejected -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#409][comment] ipatests: nested netgroups (intg)
URL: https://github.com/freeipa/freeipa/pull/409 Title: #409: ipatests: nested netgroups (intg) MartinBasti commented: """ Travis: ``` PEP-8 errors: ./ipatests/test_integration/test_netgroup.py:87:80: E501 line too long (84 > 79 characters) ./ipatests/test_integration/test_netgroup.py:96:80: E501 line too long (88 > 79 characters) Pylint: Pylint is running, please wait ... * Module ipatests.test_integration.test_netgroup ipatests/test_integration/test_netgroup.py:2: [W0512(invalid-encoded-data), ] Cannot decode using encoding "ascii", unexpected byte at position 9) ipatests/test_integration/test_netgroup.py:87: [E1101(no-member), TestNetgroups.check_users_in_netgroups] Class 'domain' has no 'name' member) ipatests/test_integration/test_netgroup.py:96: [E1101(no-member), TestNetgroups.check_nested_netgroup_hierarchy] Class 'domain' has no 'name' member) ipatests/test_integration/test_netgroup.py:125: [E1101(no-member), TestNetgroups.test_remove_nested_netgroup] Class 'domain' has no 'name' member) ipatests/test_integration/test_netgroup.py:130: [E1101(no-member), TestNetgroups.test_remove_nested_netgroup] Class 'domain' has no 'name' member) ipatests/test_integration/test_netgroup.py:131: [E1101(no-member), TestNetgroups.test_remove_nested_netgroup] Class 'domain' has no 'name' member) ipatests/test_integration/test_netgroup.py:132: [E1101(no-member), TestNetgroups.test_remove_nested_netgroup] Class 'domain' has no 'name' member) ipatests/test_integration/test_netgroup.py:147: [E1101(no-member), TestNetgroups.test_remove_nested_netgroup] Class 'domain' has no 'name' member) ipatests/test_integration/test_netgroup.py:148: [E1101(no-member), TestNetgroups.test_remove_nested_netgroup] Class 'domain' has no 'name' member) ipatests/test_integration/test_netgroup.py:149: [E1101(no-member), TestNetgroups.test_remove_nested_netgroup] Class 'domain' has no 'name' member) make: *** [pylint] Error 6 ``` I'm afraid that pylint cannot handle it, so probably you have to disable problematic lines. """ See the full comment at https://github.com/freeipa/freeipa/pull/409#issuecomment-27472 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#408][comment] ipaldap: properly escape raw binary values in LDAP filters
URL: https://github.com/freeipa/freeipa/pull/408 Title: #408: ipaldap: properly escape raw binary values in LDAP filters MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/84a9611cb885f04c72cd657c3a3e7bc4aff39d93 """ See the full comment at https://github.com/freeipa/freeipa/pull/408#issuecomment-274770296 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#408][closed] ipaldap: properly escape raw binary values in LDAP filters
URL: https://github.com/freeipa/freeipa/pull/408 Author: HonzaCholasta Title: #408: ipaldap: properly escape raw binary values in LDAP filters Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/408/head:pr408 git checkout pr408 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#408][+ack] ipaldap: properly escape raw binary values in LDAP filters
URL: https://github.com/freeipa/freeipa/pull/408 Title: #408: ipaldap: properly escape raw binary values in LDAP filters Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code