Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread Simo Sorce
On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote: > On 03/01/2017 04:32 PM, Simo Sorce wrote: > > On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote: > >> On 03/01/2017 03:42 PM, Simo Sorce wrote: > >>> On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky wrote: > Hello list, >

[Freeipa-devel] [freeipa PR#526][+ack] server install: do not attempt to issue PKINIT cert in CA-less

2017-03-01 Thread abbra
URL: https://github.com/freeipa/freeipa/pull/526 Title: #526: server install: do not attempt to issue PKINIT cert in CA-less Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread Alexander Bokovoy
On ke, 01 maalis 2017, Simo Sorce wrote: > My take is: cut API/UI work, and do the underlying infrastructure work > for the widest set of serves/clients possible instead. > > It is much more important to get the underlying gears done than to add > UI candy, that can be delayed. > > Simo. > I

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread Martin Basti
On 01.03.2017 17:04, Simo Sorce wrote: On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote: On 03/01/2017 04:32 PM, Simo Sorce wrote: On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote: On 03/01/2017 03:42 PM, Simo Sorce wrote: On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky

Re: [Freeipa-devel] FreeIPA: upgrading from priv-separation to git-master

2017-03-01 Thread Standa Laznicka
On 03/01/2017 12:01 PM, Standa Laznicka wrote: Hello, Please note that https://github.com/freeipa/freeipa/pull/367 was pushed today. What this means for you is that your IPA installations won't work if you had privilege separation patches applied and try to upgrade your instances to current

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread Martin Babinsky
On 03/01/2017 05:51 PM, Simo Sorce wrote: On Wed, 2017-03-01 at 17:29 +0100, Martin Basti wrote: On 01.03.2017 17:04, Simo Sorce wrote: On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote: On 03/01/2017 04:32 PM, Simo Sorce wrote: On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/502 Title: #502: Make pylint and jsl optional HonzaCholasta commented: """ I tend to agree with @lslebodn, but I don't have a strong opinion on this. I noticed a couple of issues though: * `--without-jslint` does not seem to work correctly: ```

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread Martin Babinsky
On 03/01/2017 05:28 PM, Alexander Bokovoy wrote: On ke, 01 maalis 2017, Simo Sorce wrote: > My take is: cut API/UI work, and do the underlying infrastructure work > for the widest set of serves/clients possible instead. > > It is much more important to get the underlying gears done than to add

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-01 Thread lslebodn
URL: https://github.com/freeipa/freeipa/pull/502 Title: #502: Make pylint and jsl optional lslebodn commented: """ On (01/03/17 22:37), Jan Cholasta wrote: >I tend to agree with @lslebodn, but I don't have a strong opinion on this. I >noticed a couple of issues though: > >* `--without-jslint`

[Freeipa-devel] [freeipa PR#526][comment] server install: do not attempt to issue PKINIT cert in CA-less

2017-03-01 Thread abbra
URL: https://github.com/freeipa/freeipa/pull/526 Title: #526: server install: do not attempt to issue PKINIT cert in CA-less abbra commented: """ ACK for the patch. However, I'm not claiming that CA does not need to be trusted. What I'm saying is that for Anonymous PKINIT's use in privilege

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread Simo Sorce
On Wed, 2017-03-01 at 17:29 +0100, Martin Basti wrote: > > On 01.03.2017 17:04, Simo Sorce wrote: > > On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote: > >> On 03/01/2017 04:32 PM, Simo Sorce wrote: > >>> On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote: > On 03/01/2017 03:42

[Freeipa-devel] [freeipa PR#529][opened] installer: update time estimates

2017-03-01 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/529 Author: tomaskrizek Title: #529: installer: update time estimates Action: opened PR body: """ Time estimates have been updated to be more accurate. Only tasks that are estimated to take longer than 10 seconds have the estimate displayed.

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-01 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/502 Title: #502: Make pylint and jsl optional pvoborni commented: """ +1 Reasoning for not skipping linters was that reviewer or patch author can forget to run those. This problem was solved by travis checks. """ See the full comment at

[Freeipa-devel] [freeipa PR#530][opened] man: update ipa-cacert-manage

2017-03-01 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/530 Author: tomaskrizek Title: #530: man: update ipa-cacert-manage Action: opened PR body: """ Make it clear this command is used to only renew certificate for the CA and provide guidance on how to renew other certificates.

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread Jan Cholasta
On 1.3.2017 14:58, Alexander Bokovoy wrote: On ke, 01 maalis 2017, Jan Cholasta wrote: On 1.3.2017 14:05, Alexander Bokovoy wrote: On ke, 01 maalis 2017, Jan Cholasta wrote: On 1.3.2017 13:39, Martin Babinsky wrote: Alexander, thank you for your comments. Replies inline: On 02/28/2017

[Freeipa-devel] [freeipa PR#488][+ack] Speed up client schema cache

2017-03-01 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/488 Title: #488: Speed up client schema cache Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#488][comment] Speed up client schema cache

2017-03-01 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/488 Title: #488: Speed up client schema cache dkupka commented: """ The speedup I see is smaller (10-15%) [1] than what you're reporting but that might be caused by the fact that I store the cache on really slow file system (NFS mount). Anyway the

[Freeipa-devel] [freeipa PR#467][comment] ipaclient: schema cache: Write all schema files in concurrent-safe way

2017-03-01 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/467 Title: #467: ipaclient: schema cache: Write all schema files in concurrent-safe way dkupka commented: """ superseded by #488 """ See the full comment at https://github.com/freeipa/freeipa/pull/467#issuecomment-283271969 -- Manage your

[Freeipa-devel] [freeipa PR#467][+rejected] ipaclient: schema cache: Write all schema files in concurrent-safe way

2017-03-01 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/467 Title: #467: ipaclient: schema cache: Write all schema files in concurrent-safe way Label: +rejected -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#467][closed] ipaclient: schema cache: Write all schema files in concurrent-safe way

2017-03-01 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/467 Author: dkupka Title: #467: ipaclient: schema cache: Write all schema files in concurrent-safe way Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/467/head:pr467

[Freeipa-devel] [freeipa PR#397][synchronized] Improve wheel building and provide ipaserver wheel for local testing

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/397 Author: tiran Title: #397: Improve wheel building and provide ipaserver wheel for local testing Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#522][+ack] dogtag: remove redundant property definition

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/522 Title: #522: dogtag: remove redundant property definition Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing tiran commented: """ @jdennis released python-nss 1.0.1. I removed my workaround. """ See the full comment at

[Freeipa-devel] [freeipa PR#515][closed] Re-add ipapython.config.config for backwards compatibilty

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/515 Author: tiran Title: #515: Re-add ipapython.config.config for backwards compatibilty Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/515/head:pr515 git checkout

[Freeipa-devel] [freeipa PR#515][comment] Re-add ipapython.config.config for backwards compatibilty

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/515 Title: #515: Re-add ipapython.config.config for backwards compatibilty tiran commented: """ OK, I'm closing this PR then. @HonzaCholasta, please open another PR and revert 7b966e8. """ See the full comment at

[Freeipa-devel] [freeipa PR#515][+rejected] Re-add ipapython.config.config for backwards compatibilty

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/515 Title: #515: Re-add ipapython.config.config for backwards compatibilty Label: +rejected -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#521][comment] Add nsaccountlock to user attributes when a new user is created

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/521 Title: #521: Add nsaccountlock to user attributes when a new user is created MartinBasti commented: """ It looks that my proposal is not the right way, sorry. (See: #444) """ See the full comment at

[Freeipa-devel] [freeipa PR#521][closed] Add nsaccountlock to user attributes when a new user is created

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/521 Author: redhatrises Title: #521: Add nsaccountlock to user attributes when a new user is created Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/521/head:pr521

[Freeipa-devel] [freeipa PR#521][+rejected] Add nsaccountlock to user attributes when a new user is created

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/521 Title: #521: Add nsaccountlock to user attributes when a new user is created Label: +rejected -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA stlaz commented: """ This should now be fixed. In my endless naivety I had thought passing no password to `export_pkcs12()` would actually mean no password will be set. """ See the full comment at

[Freeipa-devel] [freeipa PR#488][comment] Speed up client schema cache

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/488 Title: #488: Speed up client schema cache tiran commented: """ It looks like your IPA server is about half as fast (26sec / 13sec for 20 pings). In absolute numbers, it's still ~2.5 sec faster. In your case, performance probably dominated by

[Freeipa-devel] [freeipa PR#509][comment] Migrate OTP import script to python-cryptography

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/509 Title: #509: Migrate OTP import script to python-cryptography stlaz commented: """ This is tested by our tests and the code is fine => ACK. """ See the full comment at https://github.com/freeipa/freeipa/pull/509#issuecomment-283280320 --

[Freeipa-devel] [freeipa PR#518][synchronized] README to README.md

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/518 Author: stlaz Title: #518: README to README.md Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/518/head:pr518 git checkout pr518 From

[Freeipa-devel] [freeipa PR#509][+ack] Migrate OTP import script to python-cryptography

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/509 Title: #509: Migrate OTP import script to python-cryptography Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread David Kupka
On Tue, Feb 28, 2017 at 02:48:02PM +0200, Alexander Bokovoy wrote: > On ti, 28 helmi 2017, Martin Babinsky wrote: > > Hello list, > > > > I have put together a draft of design page describing server-side > > implementation of user short name -> fully-qualified name resolution.[1] > > > > In the

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

2017-03-01 Thread Alexander Bokovoy
On ke, 01 maalis 2017, David Kupka wrote: On Tue, Feb 28, 2017 at 02:48:02PM +0200, Alexander Bokovoy wrote: On ti, 28 helmi 2017, Martin Babinsky wrote: > Hello list, > > I have put together a draft of design page describing server-side > implementation of user short name -> fully-qualified

[Freeipa-devel] [freeipa PR#517][comment] [WIP] Use Custodia 0.3 features

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/517 Title: #517: [WIP] Use Custodia 0.3 features tiran commented: """ FYI, Custodia 0.3 hasn't been released yet. I'm still doing smoke tests with FreeIPA's secrets service. So far, FreeIPA master and Custodia master work flawlessly. """ See the

[Freeipa-devel] [freeipa PR#520][synchronized] Change README to use Markdown

2017-03-01 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/520 Author: pvoborni Title: #520: Change README to use Markdown Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/520/head:pr520 git checkout pr520 From

[Freeipa-devel] [freeipa PR#518][+rejected] README to README.md

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/518 Title: #518: README to README.md Label: +rejected -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#518][closed] README to README.md

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/518 Author: stlaz Title: #518: README to README.md Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/518/head:pr518 git checkout pr518 -- Manage your subscription for

[Freeipa-devel] [freeipa PR#518][comment] README to README.md

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/518 Title: #518: README to README.md stlaz commented: """ Overridden by https://github.com/freeipa/freeipa/pull/520. """ See the full comment at https://github.com/freeipa/freeipa/pull/518#issuecomment-283284401 -- Manage your subscription for the

[Freeipa-devel] [freeipa PR#513][comment] certdb: Don't restore_context() of new NSSDB

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/513 Title: #513: certdb: Don't restore_context() of new NSSDB MartinBasti commented: """ This is old code, initially added here 49b36583a50e7f542e0667f3e2432ab1aa63924e But I failed to detect why restorecon call has been added for new databases.

[Freeipa-devel] [freeipa PR#513][comment] certdb: Don't restore_context() of new NSSDB

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/513 Title: #513: certdb: Don't restore_context() of new NSSDB stlaz commented: """ I don't see how this could break anything given that it's been used like that for ages prior to priv-sep patches. """ See the full comment at

[Freeipa-devel] [freeipa PR#513][comment] certdb: Don't restore_context() of new NSSDB

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/513 Title: #513: certdb: Don't restore_context() of new NSSDB tiran commented: """ Maybe it was required back then. 7, 8 years is a long time. Nowadays new files are created with correct context: ``` # rm -f /etc/ipa/nssdb/testfile # touch

[Freeipa-devel] [freeipa PR#513][comment] certdb: Don't restore_context() of new NSSDB

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/513 Title: #513: certdb: Don't restore_context() of new NSSDB MartinBasti commented: """ Ok, I agree """ See the full comment at https://github.com/freeipa/freeipa/pull/513#issuecomment-283285379 -- Manage your subscription for the Freeipa-devel

[Freeipa-devel] [freeipa PR#513][+ack] certdb: Don't restore_context() of new NSSDB

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/513 Title: #513: certdb: Don't restore_context() of new NSSDB Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA

2017-03-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA HonzaCholasta commented: """ CA-less to CA-ful conversion still fails: ``` 2017-03-01T09:14:40Z DEBUG Starting external process 2017-03-01T09:14:40Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpgj_Ue4

[Freeipa-devel] [freeipa PR#501][comment] C compilation fixes and hardening

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/501 Title: #501: C compilation fixes and hardening stlaz commented: """ I agree that C compilation should be hardened for FreeIPA, seeing warnings is nothing unusual here. This builds fine. ACK. """ See the full comment at

[Freeipa-devel] [freeipa PR#501][+ack] C compilation fixes and hardening

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/501 Title: #501: C compilation fixes and hardening Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-01 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/502 Title: #502: Make pylint and jsl optional tomaskrizek commented: """ Please clean up the confgure.ac and update freeipa.spec file as well. ``` configure.ac:375: AS_HELP_STRING([--disable-pylint], freeipa.spec.in:16:%global

[Freeipa-devel] [freeipa PR#508][closed] Fix ipa.service unit re. gssproxy

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/508 Author: flo-renaud Title: #508: Fix ipa.service unit re. gssproxy Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/508/head:pr508 git checkout pr508 -- Manage

[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA

2017-03-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA HonzaCholasta commented: """ `ipa-replica-install --setup-ca` still fails with the same error though. """ See the full comment at https://github.com/freeipa/freeipa/pull/367#issuecomment-283289474 -- Manage

[Freeipa-devel] [freeipa PR#508][+pushed] Fix ipa.service unit re. gssproxy

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/508 Title: #508: Fix ipa.service unit re. gssproxy Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA stlaz commented: """ @HonzaCholasta I saw this issue as well, once you hit it on a VM no `pkispawn` will run correctly. I am not sure if it's caused by this PR, my guess is it shouldn't be as `pkispawn` was

[Freeipa-devel] [freeipa PR#508][comment] Fix ipa.service unit re. gssproxy

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/508 Title: #508: Fix ipa.service unit re. gssproxy MartinBasti commented: """ master: * 98e3b14a0477232054b02065c857fb1b16ce85a6 Fix ipa.service unit re. gssproxy """ See the full comment at

[Freeipa-devel] [freeipa PR#367][+ack] Remove nsslib from IPA

2017-03-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/502 Title: #502: Make pylint and jsl optional tiran commented: """ good catch, @tomaskrizek """ See the full comment at https://github.com/freeipa/freeipa/pull/502#issuecomment-283290260 -- Manage your subscription for the Freeipa-devel mailing

[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA

2017-03-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA HonzaCholasta commented: """ OK. Let's fix it later. """ See the full comment at https://github.com/freeipa/freeipa/pull/367#issuecomment-283290295 -- Manage your subscription for the Freeipa-devel mailing

[Freeipa-devel] [freeipa PR#501][comment] C compilation fixes and hardening

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/501 Title: #501: C compilation fixes and hardening MartinBasti commented: """ master: * 2828a2b92b89932d66b640e5047161448d522e2e C compilation fixes and hardening """ See the full comment at

[Freeipa-devel] [freeipa PR#501][closed] C compilation fixes and hardening

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/501 Author: tiran Title: #501: C compilation fixes and hardening Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/501/head:pr501 git checkout pr501 -- Manage your

[Freeipa-devel] [freeipa PR#501][+pushed] C compilation fixes and hardening

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/501 Title: #501: C compilation fixes and hardening Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA

2017-03-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/dfd560a190cb2ab13f34ed9e21c5fb5c6e793f18

[Freeipa-devel] [freeipa PR#367][closed] Remove nsslib from IPA

2017-03-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/367 Author: stlaz Title: #367: Remove nsslib from IPA Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/367/head:pr367 git checkout pr367 -- Manage your subscription

[Freeipa-devel] [freeipa PR#367][+pushed] Remove nsslib from IPA

2017-03-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#502][synchronized] Make pylint and jsl optional

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/502 Author: tiran Title: #502: Make pylint and jsl optional Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/502/head:pr502 git checkout pr502 From

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-01 Thread lslebodn
URL: https://github.com/freeipa/freeipa/pull/502 Title: #502: Make pylint and jsl optional lslebodn commented: """ May I know why the default was changed without design discussion? IIRC pscacek intentionally enabled it by default. Much better approach would be to print hint at configure time

[Freeipa-devel] [freeipa PR#501][comment] C compilation fixes and hardening

2017-03-01 Thread lslebodn
URL: https://github.com/freeipa/freeipa/pull/501 Title: #501: C compilation fixes and hardening lslebodn commented: """ FYI; it is far far away from best practice to modify `CFLAGS` and configure time; unless you test compiler options. Such change should be in makefile `AM_CFLAGS` In the

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/502 Title: #502: Make pylint and jsl optional tiran commented: """ Please see ticket for reasoning. My solution is the best thing, I could come up with in short time. It's not worth the trouble to burn a lot of time on it. It's write-once code. You

[Freeipa-devel] [freeipa PR#501][comment] C compilation fixes and hardening

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/501 Title: #501: C compilation fixes and hardening tiran commented: """ @lslebodn feel free to open a new PR. This PR and #364 are closed. """ See the full comment at https://github.com/freeipa/freeipa/pull/501#issuecomment-283297846 -- Manage

[Freeipa-devel] [freeipa PR#398][+ack] Support for Certificate Identity Mapping

2017-03-01 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-01 Thread lslebodn
URL: https://github.com/freeipa/freeipa/pull/502 Title: #502: Make pylint and jsl optional lslebodn commented: """ Writing hint together with error is the simplest solution. And still remind developers to install pylint/jslint. e.g. ``` diff --git a/configure.ac b/configure.ac index

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

2017-03-01 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping dkupka commented: """ Works for me. """ See the full comment at https://github.com/freeipa/freeipa/pull/398#issuecomment-283297105 -- Manage your subscription for the Freeipa-devel mailing

[Freeipa-devel] [freeipa PR#453][synchronized] Cleanup certdb

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/453 Author: tiran Title: #453: Cleanup certdb Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/453/head:pr453 git checkout pr453 From

[Freeipa-devel] [freeipa PR#501][comment] C compilation fixes and hardening

2017-03-01 Thread lslebodn
URL: https://github.com/freeipa/freeipa/pull/501 Title: #501: C compilation fixes and hardening lslebodn commented: """ I know it's closed. It was just a kindly reminder to address obvious problems as part of review process. """ See the full comment at

[Freeipa-devel] [freeipa PR#524][opened] Remove NSPRError exception from platform tasks

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/524 Author: tiran Title: #524: Remove NSPRError exception from platform tasks Action: opened PR body: """ ipalib.x509 no longer raises NSPRError. PyCA cryptography raises ValueError for invalid certs. https://fedorahosted.org/freeipa/ticket/5695

[Freeipa-devel] [freeipa PR#525][opened] Remove import nss from test_ldap

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/525 Author: tiran Title: #525: Remove import nss from test_ldap Action: opened PR body: """ test_ldap just imported nss.nss to call nss_init_nodb(). It should be safe to remove the call. Let's see what CI has to say. Signed-off-by: Christian

[Freeipa-devel] [freeipa PR#502][comment] Make pylint and jsl optional

2017-03-01 Thread lslebodn
URL: https://github.com/freeipa/freeipa/pull/502 Title: #502: Make pylint and jsl optional lslebodn commented: """ Please add explanation to the thumb down """ See the full comment at https://github.com/freeipa/freeipa/pull/502#issuecomment-283309329 -- Manage your subscription for the

[Freeipa-devel] FreeIPA: upgrading from priv-separation to git-master

2017-03-01 Thread Standa Laznicka
Hello, Please note that https://github.com/freeipa/freeipa/pull/367 was pushed today. What this means for you is that your IPA installations won't work if you had privilege separation patches applied and try to upgrade your instances to current master. This is because privilege separation

[Freeipa-devel] Certmonger uses different "Subject" representation based on storage

2017-03-01 Thread Standa Laznicka
Hello, Please note that when you make a request for a certificate to certmonger, it uses different representation of the "Subject" that you provide to it, based on the storage you aim for (LDAP representation when storing to NSS DB, X509 representation when storing to a file). This issue

[Freeipa-devel] [freeipa PR#525][comment] Remove import nss from test_ldap

2017-03-01 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/525 Title: #525: Remove import nss from test_ldap martbab commented: """ looks like Travis did not mind at all """ See the full comment at https://github.com/freeipa/freeipa/pull/525#issuecomment-283313255 -- Manage your subscription for the

[Freeipa-devel] [freeipa PR#525][+ack] Remove import nss from test_ldap

2017-03-01 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/525 Title: #525: Remove import nss from test_ldap Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#448][closed] Tests: Basic coverage with tree root domain

2017-03-01 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/448 Author: gkaihorodova Title: #448: Tests: Basic coverage with tree root domain Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/448/head:pr448 git checkout pr448 --

[Freeipa-devel] [freeipa PR#448][+pushed] Tests: Basic coverage with tree root domain

2017-03-01 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/448 Title: #448: Tests: Basic coverage with tree root domain Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#448][comment] Tests: Basic coverage with tree root domain

2017-03-01 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/448 Title: #448: Tests: Basic coverage with tree root domain martbab commented: """ master: * 10494b1bb34b6ff9c1b810cc0739c761b017202c Tests: Basic coverage with tree root domain """ See the full comment at

[Freeipa-devel] [freeipa PR#524][comment] Remove NSPRError exception from platform tasks

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/524 Title: #524: Remove NSPRError exception from platform tasks stlaz commented: """ Indeed, NSPRError is NSS-specific. """ See the full comment at https://github.com/freeipa/freeipa/pull/524#issuecomment-283319397 -- Manage your subscription for

[Freeipa-devel] [freeipa PR#412][comment] Define template version in certmap.conf

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/412 Title: #412: Define template version in certmap.conf MartinBasti commented: """ master: * c49320435ddc67210c0d95be273e971ea8ffad6d Define template version in certmap.conf """ See the full comment at

[Freeipa-devel] [freeipa PR#509][comment] Migrate OTP import script to python-cryptography

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/509 Title: #509: Migrate OTP import script to python-cryptography MartinBasti commented: """ master: * d00ae870dda2889545c9d93e82e44526bfd4f431 Migrate OTP import script to python-cryptography * 135d0b5dd111d40632e2cd5be8f5315684b45fc6 Finish port

[Freeipa-devel] [freeipa PR#524][comment] Remove NSPRError exception from platform tasks

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/524 Title: #524: Remove NSPRError exception from platform tasks stlaz commented: """ Indeed, NSPRError is NSS-specific. """ See the full comment at https://github.com/freeipa/freeipa/pull/524#issuecomment-283319397 -- Manage your subscription for

[Freeipa-devel] [freeipa PR#488][comment] Speed up client schema cache

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/488 Title: #488: Speed up client schema cache MartinBasti commented: """ master: * 332dbab1ff09eb719eb9e0a7a90bbf5b6e69ddc9 Speed up client schema cache * 3be696c92f6948ea0ced9784920600b73703e414 Drop in-memory copy of schema zip file """ See the

[Freeipa-devel] [freeipa PR#509][closed] Migrate OTP import script to python-cryptography

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/509 Author: tiran Title: #509: Migrate OTP import script to python-cryptography Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/509/head:pr509 git checkout pr509 --

[Freeipa-devel] [freeipa PR#488][+pushed] Speed up client schema cache

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/488 Title: #488: Speed up client schema cache Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#526][opened] server install: properly handle PKINIT-related options

2017-03-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/526 Author: HonzaCholasta Title: #526: server install: properly handle PKINIT-related options Action: opened PR body: """ Do not ignore --no-pkinit. If --http-cert-file or --dirsrv-cert-file is specified, require that either --pkinit-cert-file or

[Freeipa-devel] [freeipa PR#509][+pushed] Migrate OTP import script to python-cryptography

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/509 Title: #509: Migrate OTP import script to python-cryptography Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#412][closed] Define template version in certmap.conf

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/412 Author: flo-renaud Title: #412: Define template version in certmap.conf Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/412/head:pr412 git checkout pr412 --

[Freeipa-devel] [freeipa PR#412][+pushed] Define template version in certmap.conf

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/412 Title: #412: Define template version in certmap.conf Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#524][comment] Remove NSPRError exception from platform tasks

2017-03-01 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/524 Title: #524: Remove NSPRError exception from platform tasks tiran commented: """ ```CertificateFormatError``` is a custom exception that is only raised by ```ipalib.x509.CertificateFormatError```. The rest of the ```ipalib.x509``` propagates

[Freeipa-devel] [freeipa PR#520][comment] Change README to use Markdown

2017-03-01 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/520 Title: #520: Change README to use Markdown stlaz commented: """ This makes our build fail (`./makerpms` in project folder). """ See the full comment at https://github.com/freeipa/freeipa/pull/520#issuecomment-283321136 -- Manage your

[Freeipa-devel] [freeipa PR#488][closed] Speed up client schema cache

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/488 Author: tiran Title: #488: Speed up client schema cache Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/488/head:pr488 git checkout pr488 -- Manage your

[Freeipa-devel] [freeipa PR#512][+pushed] test_config: fix fips_mode key in Env

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/512 Title: #512: test_config: fix fips_mode key in Env Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#512][closed] test_config: fix fips_mode key in Env

2017-03-01 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/512 Author: tomaskrizek Title: #512: test_config: fix fips_mode key in Env Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/512/head:pr512 git checkout pr512 --

  1   2   >