URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
@simo5, I can't reproduce the bug anymore with the latest update.
Pylint found one trivial issue:
```
ipaserver/install/server/upgrade.py:83:
URL: https://github.com/freeipa/freeipa/pull/394
Author: Akasurde
Title: #394: Add fix for ipa plugins command
Action: opened
PR body:
"""
Fix adds count of plugins loaded to return dict
Fixes https://fedorahosted.org/freeipa/ticket/6513
Signed-off-by: Abhijeet Kasurde
URL: https://github.com/freeipa/freeipa/pull/377
Title: #377: dogtaginstance: track server certificate with our renew agent
abbra commented:
"""
Looks very good to me. ACK from my side.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/377#issuecomment-272106955
--
Manage
On 11.1.2017 00:38, Ben Lipton wrote:
On 01/10/2017 01:58 AM, Jan Cholasta wrote:
On 19.12.2016 21:59, Ben Lipton wrote:
On 12/15/2016 11:11 PM, Ben Lipton wrote:
On 12/12/2016 03:52 AM, Jan Cholasta wrote:
On 5.12.2016 16:48, Ben Lipton wrote:
Hi Jan, thanks for the comments.
On
URL: https://github.com/freeipa/freeipa/pull/391
Author: tiran
Title: #391: ipapython: Add dependencies on version.py
Action: opened
PR body:
"""
install-exec and bdist_wheel also depend on version.py. Let's ensure
that version.py is correctly generated when installing or building
packages.
URL: https://github.com/freeipa/freeipa/pull/385
Title: #385: Generate sha256 ssh pubkey fingerprints for hosts
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/385
Title: #385: Generate sha256 ssh pubkey fingerprints for hosts
mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/721105c53de6fbc0abc7799ec7f48920e02089bd
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/385
Author: stlaz
Title: #385: Generate sha256 ssh pubkey fingerprints for hosts
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/385/head:pr385
git checkout pr385
--
URL: https://github.com/freeipa/freeipa/pull/377
Title: #377: dogtaginstance: track server certificate with our renew agent
stlaz commented:
"""
Works fine.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/377#issuecomment-272137913
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/210
Title: #210: Tests: Stage User Tracker implementation
mbasti-rh commented:
"""
Needs rebase
```
Applying: Unaccessible variable self.attrs in Tracker
Patch failed at 0001 Unaccessible variable self.attrs in Tracker
The copy of the patch that
URL: https://github.com/freeipa/freeipa/pull/374
Title: #374: pytest: set rules to find test files and functions
mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/68cb4d2b0f6b28f20513371e46b279d80c0b3070
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/374
Author: tiran
Title: #374: pytest: set rules to find test files and functions
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/374/head:pr374
git checkout pr374
--
URL: https://github.com/freeipa/freeipa/pull/374
Title: #374: pytest: set rules to find test files and functions
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/179
Author: Akasurde
Title: #179: Fix for handling CalledProcessError in authconfig
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/179/head:pr179
git checkout
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
Not sure if it's this PR or not, but `ipa-server-install` *sometimes* fails
with:
```
[11/22]: setting up ssl
[error] NetworkError: cannot connect to
URL: https://github.com/freeipa/freeipa/pull/181
Title: #181: Tests : User Tracker creation of user with minimal values
mbasti-rh commented:
"""
This PR still needs rebase, it is not possible to apply patch without 3way
merge, please pull the latest master and do rebase, we merge only patches
URL: https://github.com/freeipa/freeipa/pull/383
Title: #383: Remove duplicated step from DS install
mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/083b4241d287a731e2cf7fed5c61b30da52a8e37
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/383
Title: #383: Remove duplicated step from DS install
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
tiran commented:
"""
Let's not make @stlaz jump through more bike-shedding hoops. How about we let
him finish this PR, and then address TLS versions, ciphers and other
simplifications in another PR?
"""
See
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
tiran commented:
"""
@rcritten I wonder if we need to support any version except TLS 1.2 at all. Are
there any versions of FreeIPA stack that do not have TLS 1.2 support?
"""
See the full comment at
On 2016-12-19 15:07, John Dennis wrote:
> I'm not a big fan of NSS, it has it's issues. As the author of the
> Python binding I'm quite aware of all the nasty behaviors NSS has and
> needs to be worked around. I wouldn't be sad to see it go but OpenSSL
> has it's own issues too. If you remove NSS
URL: https://github.com/freeipa/freeipa/pull/392
Author: tomaskrizek
Title: #392: Fix coverity issue
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/392/head:pr392
git checkout pr392
From
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
stlaz commented:
"""
@rcritten `tls_version_min/max` could have been set to "ssl2" just as well as
"ssl3" but perhaps it's for the best to remove them. I will try to do the
certmonger part and will remove
Tomas Krizek wrote:
> On 12/19/2016 04:41 PM, Standa Laznicka wrote:
>> On 12/19/2016 03:07 PM, John Dennis wrote:
>>> On 12/19/2016 03:12 AM, Standa Laznicka wrote:
On 12/16/2016 03:23 PM, Rob Crittenden wrote:
> Standa Laznicka wrote:
>> Hello,
>>
>> I started a design page
URL: https://github.com/freeipa/freeipa/pull/377
Title: #377: dogtaginstance: track server certificate with our renew agent
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/377
Title: #377: dogtaginstance: track server certificate with our renew agent
stlaz commented:
"""
I made a patch that makes is_renewal_master and set_renewal_master classmethods
on @tiran recommendation. Feel free to push it along or leave it,
Hello list,
In PR https://github.com/freeipa/freeipa/pull/385 we changed the hashing
algorithm for SSH public key fingerprints which are printed for
hosts/users in their respective show commands. These fingerprints are
not stored anywhere and are calculated during runtime on demand.
We did
URL: https://github.com/freeipa/freeipa/pull/391
Title: #391: ipapython: Add dependencies on version.py
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
simo5 commented:
"""
Thanks @HonzaCholasta I already fixed the service thing but didn't push as I
started getting another error on install, buit before I fix that I am working
on
URL: https://github.com/freeipa/freeipa/pull/367
Author: stlaz
Title: #367: Remove nsslib from IPA
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/367/head:pr367
git checkout pr367
From
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
rcritten commented:
"""
Wait, you added support for SSLv2? Please remove it, it isn't needed even for
backwards compatibility and would not be considered a regression.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/392
Author: tomaskrizek
Title: #392: Fix coverity issue
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/392/head:pr392
git checkout pr392
From
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
stlaz commented:
"""
@rcritten I spoke to the NSS people who assured me it's the intended behavior.
But thanks for the remainder, I will open a Bugzilla for that as well, I was
considering it before
URL: https://github.com/freeipa/freeipa/pull/392
Title: #392: Fix coverity issue
mbasti-rh commented:
"""
Could be commit message more descriptive or at least any?
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/392#issuecomment-272158709
--
Manage your subscription for
URL: https://github.com/freeipa/freeipa/pull/181
Title: #181: Tests : User Tracker creation of user with minimal values
gkaihorodova commented:
"""
@mbasti-rh done. hope now it's fine
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/181#issuecomment-272172666
--
Manage
In ca_add.pre_callback, we have:
if not ldap.can_add(dn[1:]):
raise ACIError(...)
`can_add' uses the GetEffectiveRights control to see what rights the
user has.
When a user with the 'System: Add CA' permission attempts to add a
CA, the above ACIError gets raised. This is definitely a
URL: https://github.com/freeipa/freeipa/pull/395
Author: flo-renaud
Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1"
Action: opened
PR body:
"""
When ipa-server-install configures PKI, it provides a configuration file
with the parameter pki_ajp_host set to ::1.
Related to design:
http://www.freeipa.org/page/V4/Dogtag_GSS-API_Authentication
Currently there are some operations that hit the CA that involve a
number of privileged operations against the CA, but for which there
is only one associated IPA permission. Deleting a CA is a good
example (but it is
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
rcritten commented:
"""
SSLv2 should not be supported, period.
Not that it would work anyway because most SSL libs have completely removed
this support, but it is just a terrible idea to even try and allow
On to, 12 tammi 2017, Christian Heimes wrote:
On 2016-12-19 15:07, John Dennis wrote:
I'm not a big fan of NSS, it has it's issues. As the author of the
Python binding I'm quite aware of all the nasty behaviors NSS has and
needs to be worked around. I wouldn't be sad to see it go but OpenSSL
URL: https://github.com/freeipa/freeipa/pull/382
Author: mbasti-rh
Title: #382: [Py3] ipa-server-install fixes (working NTP, DS, CA install steps)
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/393
Author: mbasti-rh
Title: #393: [WIP] Py3 allow to run wsgi
Action: opened
PR body:
"""
With these patches we can run commands with server running on py3
Note: to use py3 install module `python3-mod_wsgi` that enables py3 wsgi
automatically
URL: https://github.com/freeipa/freeipa/pull/393
Author: mbasti-rh
Title: #393: [WIP] Py3 allow to run wsgi
Action: edited
Changed field: body
Original value:
"""
With these patches we can run commands with server running on py3
Note: to use py3 install module `python3-mod_wsgi` that
URL: https://github.com/freeipa/freeipa/pull/393
Author: mbasti-rh
Title: #393: [WIP] Py3 allow to run wsgi
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/393/head:pr393
git checkout pr393
From
44 matches
Mail list logo