[Freeipa-devel] [freeipa PR#416][comment] replica install: relax domain level check for promotion

2017-02-03 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion frasertweedale commented: """ @stlaz there are three considerations when "checking the DL": 1. Retrieving the current DL. 2. Checking that current

[Freeipa-devel] [freeipa PR#416][comment] replica install: relax domain level check for promotion

2017-01-31 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion frasertweedale commented: """ @HonzaCholasta @MartinBasti PR updated. I extracted the specific (== 0) and (>= 1) checks to the relevant call sites.

[Freeipa-devel] [freeipa PR#415][synchronized] ca-del: require CA to already be disabled

2017-01-31 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/415 Author: frasertweedale Title: #415: ca-del: require CA to already be disabled Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/415/head:pr415 git checkout

[Freeipa-devel] [freeipa PR#416][synchronized] replica install: relax domain level check for promotion

2017-01-31 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/416 Author: frasertweedale Title: #416: replica install: relax domain level check for promotion Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/416/head:pr416

[Freeipa-devel] [freeipa PR#415][comment] ca-del: require CA to already be disabled

2017-01-31 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/415 Title: #415: ca-del: require CA to already be disabled frasertweedale commented: """ @apophys done; PR updated. """ See the full comment at https://github.com/freeipa/freeipa/pull/415#issuecomment-27657141

[Freeipa-devel] [freeipa PR#370][closed] ci: send build log to paste.fedoraproject.org

2017-02-08 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/370 Author: frasertweedale Title: #370: ci: send build log to paste.fedoraproject.org Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/370/head:pr370 git checkout

[Freeipa-devel] [freeipa PR#370][comment] ci: send build log to paste.fedoraproject.org

2017-02-08 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/370 Title: #370: ci: send build log to paste.fedoraproject.org frasertweedale commented: """ Superseded by https://github.com/freeipa/freeipa/pull/449 ; closing. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#451][comment] certdb: remove unused keysize property

2017-02-08 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/451 Title: #451: certdb: remove unused keysize property frasertweedale commented: """ Conditional ACK: just fix the type `s/moths/months/` in the commit message. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#451][comment] certdb: remove unused keysize property

2017-02-08 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/451 Title: #451: certdb: remove unused keysize property frasertweedale commented: """ Conditional ACK: just fix the type `s/moths/months/` in the commit message. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#370][comment] ci: send build log to paste.fedoraproject.org

2017-02-07 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/370 Title: #370: ci: send build log to paste.fedoraproject.org frasertweedale commented: """ So... any blocker on merging this? """ See the full comment at https://github.com/freeipa/freeipa/pull/370#issuecom

[Freeipa-devel] [freeipa PR#416][comment] replica install: relax domain level check for promotion

2017-02-07 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion frasertweedale commented: """ Any other changes requested? What's preventing ack on this? """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#415][comment] ca-del: require CA to already be disabled

2017-02-07 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/415 Title: #415: ca-del: require CA to already be disabled frasertweedale commented: """ Shelving this PR for now. It might get resurrected later. Discussion: https://www.redhat.com/archives/freeipa-devel/2017-February/msg0015

[Freeipa-devel] [freeipa PR#415][closed] ca-del: require CA to already be disabled

2017-02-07 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/415 Author: frasertweedale Title: #415: ca-del: require CA to already be disabled Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/415/head:pr415 git checkout pr415

[Freeipa-devel] [freeipa PR#370][comment] ci: send build log to paste.fedoraproject.org

2017-02-08 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/370 Title: #370: ci: send build log to paste.fedoraproject.org frasertweedale commented: """ :+1: sounds good. Take what's there and run with it :) """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#416][comment] replica install: relax domain level check for promotion

2017-01-31 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion frasertweedale commented: """ So, what do we want the behaviour of `check_domain_level` to be? I just want to make a small change so that replica install does

[Freeipa-devel] [freeipa PR#370][comment] ci: send build log to paste.fedoraproject.org

2017-01-24 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/370 Title: #370: ci: send build log to paste.fedoraproject.org frasertweedale commented: """ @martbab the paste looks like gobbledygook; it's gzipped. We will see it in action soon enough :) """ See the full comment

[Freeipa-devel] [freeipa PR#417][comment] private_ccache: yield ccache name

2017-01-30 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/417 Title: #417: private_ccache: yield ccache name frasertweedale commented: """ Build failure is unrelated to patch. """ See the full comment at https://github.com/freeipa/freeipa/pull/417#issuecomment-27624145

[Freeipa-devel] [freeipa PR#416][synchronized] replica install: relax domain level check for promotion

2017-01-30 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/416 Author: frasertweedale Title: #416: replica install: relax domain level check for promotion Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/416/head:pr416

[Freeipa-devel] [freeipa PR#422][opened] Fix reference before assignment

2017-01-30 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/422 Author: frasertweedale Title: #422: Fix reference before assignment Action: opened PR body: """ In 'store_session_cookie', if the server does not set the session cookie for some reason, the 'session_cookie' variable does n

[Freeipa-devel] [freeipa PR#419][+ack] ipa-ca-install: do not fail without --subject-base and --ca-subject

2017-01-30 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/419 Title: #419: ipa-ca-install: do not fail without --subject-base and --ca-subject Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#417][opened] private_ccache: yield ccache name

2017-01-29 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/417 Author: frasertweedale Title: #417: private_ccache: yield ccache name Action: opened PR body: """ When using private_ccache, yield 'path' from the context manager. This is cleaner than inspecting 'os.environ['KRB5CCNAME']' wit

[Freeipa-devel] [freeipa PR#416][comment] replica install: relax domain level check for promotion

2017-01-29 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion frasertweedale commented: """ Build failure is unrelated to patch. """ See the full comment at https://github.com/freeipa/freeipa/pull/416#iss

[Freeipa-devel] [freeipa PR#415][opened] ca-del: require CA to already be disabled

2017-01-29 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/415 Author: frasertweedale Title: #415: ca-del: require CA to already be disabled Action: opened PR body: """ Currently ca-del disables the target CA before deleting it. Conceptually, this involves two separate permissions: mo

[Freeipa-devel] [freeipa PR#416][opened] replica install: relax domain level check for promotion

2017-01-29 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/416 Author: frasertweedale Title: #416: replica install: relax domain level check for promotion Action: opened PR body: """ promote_check currently requires DL == 1. Relax the check to require DL >= 1, so that things will

[Freeipa-devel] [freeipa PR#480][comment] Add request_type doc string in cert-request

2017-02-21 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Add request_type doc string in cert-request frasertweedale commented: """ @Akasurde if we just want to hide it, I think you use a client override for the `cert_request` command and filter out the option. @HonzaChola

[Freeipa-devel] [freeipa PR#480][comment] Add request_type doc string in cert-request

2017-02-20 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/480 Title: #480: Add request_type doc string in cert-request frasertweedale commented: """ I would like to NACK this. We instead want to hide or remove the option, because we only support PKCS #10 and this is unlikely to chang

[Freeipa-devel] [freeipa PR#506][comment] Use IPA CA cert in Custodia secrets client

2017-02-26 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/506 Title: #506: Use IPA CA cert in Custodia secrets client frasertweedale commented: """ @tiran FYI custodia is also used for Lightweight CA key replication, at any time a new LWCA gets created, to propagate its signing key amon

[Freeipa-devel] [freeipa PR#506][comment] Use IPA CA cert in Custodia secrets client

2017-02-26 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/506 Title: #506: Use IPA CA cert in Custodia secrets client frasertweedale commented: """ @tiran FYI custodia is also used for Lightweight CA key replication, at any time a new LWCA gets created, to propagate its signing key amon

[Freeipa-devel] [freeipa PR#522][opened] dogtag: remove redundant property definition

2017-02-28 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/522 Author: frasertweedale Title: #522: dogtag: remove redundant property definition Action: opened PR body: """ The dogtag `ra' backend defines a `ca_host' property, which is also defined (identically) by the `RestClient' class,

[Freeipa-devel] [freeipa PR#523][opened] cert-request: minor refactors

2017-02-28 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/523 Author: frasertweedale Title: #523: cert-request: minor refactors Action: opened PR body: """ A couple of minor refactors done as part of GSS-API work (https://pagure.io/freeipa/issue/5011). """ To pull the PR

[Freeipa-devel] [freeipa PR#108][synchronized] Bump pki min version and add commentary about sub-CA revocation on delete

2016-10-05 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/108 Author: frasertweedale Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#108][comment] Bump pki min version and add commentary about sub-CA revocation on delete

2016-10-05 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/108 Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete frasertweedale commented: """ On Tue, Oct 04, 2016 at 11:41:39PM -0700, mbasti-rh wrote: > IMO for that there is 'Requires' statement. We d

[Freeipa-devel] [freeipa PR#131][comment] Fixed script generating certs to address untrusted sub-ca

2016-10-04 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/131 Title: #131: Fixed script generating certs to address untrusted sub-ca frasertweedale commented: """ Obvious ACK. """ See the full comment at https://github.com/freeipa/freeipa/pull/131#issuecomment-25153263

[Freeipa-devel] [freeipa PR#108][comment] Bump pki min version and add commentary about sub-CA revocation on delete

2016-10-04 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/108 Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete frasertweedale commented: """ @mbasti-rh I think the BuildRequires bump is appropriate. If we say (in the doc) that such and such will

[Freeipa-devel] [freeipa PR#108][synchronized] Bump pki min version and add commentary about sub-CA revocation on delete

2016-10-04 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/108 Author: frasertweedale Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#108][opened] https://fedorahosted.org/freeipa/ticket/6256

2016-09-23 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/108 Author: frasertweedale Title: #108: https://fedorahosted.org/freeipa/ticket/6256 Action: opened PR body: """ None """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeip

[Freeipa-devel] [freeipa PR#109][opened] sudorule: add SELinux transition examples to plugin doc

2016-09-23 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/109 Author: frasertweedale Title: #109: sudorule: add SELinux transition examples to plugin doc Action: opened PR body: """ It is not obvious how to add SELinux type and role transitions to a Sudo rule. Update the 'sudorule' plugi

[Freeipa-devel] [freeipa PR#108][edited] Bump pki min version and add commentary about sub-CA revocation on delete

2016-09-23 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/108 Author: frasertweedale Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete Action: edited To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/108

[Freeipa-devel] [freeipa PR#108][edited] Bump pki min version and add commentary about sub-CA revocation on delete

2016-09-23 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/108 Author: frasertweedale Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete Action: edited To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/108

[Freeipa-devel] [freeipa PR#217][synchronized] change certificate processing code to use python-cryptography

2016-11-09 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/217 Author: frasertweedale Title: #217: change certificate processing code to use python-cryptography Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/217

[Freeipa-devel] [freeipa PR#217][comment] change certificate processing code to use python-cryptography

2016-11-09 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/217 Title: #217: change certificate processing code to use python-cryptography frasertweedale commented: """ The travis-ci failure is due to two minor pep8 violations, which I intend :) """ See the full comment at http

[Freeipa-devel] [freeipa PR#217][synchronized] change certificate processing code to use python-cryptography

2016-11-09 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/217 Author: frasertweedale Title: #217: change certificate processing code to use python-cryptography Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/217

[Freeipa-devel] [freeipa PR#217][opened] change certificate processing code to use python-cryptography

2016-11-09 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/217 Author: frasertweedale Title: #217: change certificate processing code to use python-cryptography Action: opened PR body: """ This commit changes certificate processing code to use python-cryptography instead of NSS. Part of

[Freeipa-devel] [freeipa PR#177][comment] Add options to write lightweight CA cert or chain to file

2016-11-09 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Title: #177: Add options to write lightweight CA cert or chain to file frasertweedale commented: """ Bump for review """ See the full comment at https://github.com/freeipa/freeipa/pull/177#issuecomment-25938737

[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates

2016-11-09 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates frasertweedale commented: """ Although there are conflicts with `master`, there are problems when the patches are rebased. Server installation (CA-ful) fails when re

[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates

2016-11-09 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates frasertweedale commented: """ Although there are no conflicts with `master`, there are problems when the patches are rebased. Server installation (CA-ful) fails when re

[Freeipa-devel] [freeipa PR#229][comment] Remove the renewal lock file upon uninstall

2016-11-10 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/229 Title: #229: Remove the renewal lock file upon uninstall frasertweedale commented: """ Works as expected. """ See the full comment at https://github.com/freeipa/freeipa/pull/229#issuecomment-25988330

[Freeipa-devel] [freeipa PR#173][synchronized] Ensure correct IPA CA nickname in DS and HTTP NSSDBs

2016-11-10 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/173 Author: frasertweedale Title: #173: Ensure correct IPA CA nickname in DS and HTTP NSSDBs Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/173/head:pr173 git

[Freeipa-devel] [freeipa PR#177][synchronized] Add options to write lightweight CA cert or chain to file

2016-11-10 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Author: frasertweedale Title: #177: Add options to write lightweight CA cert or chain to file Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/177/head:pr177

[Freeipa-devel] [freeipa PR#230][opened] cert-request: accept CSRs with extraneous data

2016-11-10 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/230 Author: frasertweedale Title: #230: cert-request: accept CSRs with extraneous data Action: opened PR body: """ The cert-request command used to accept CSRs that had extra data surrounding the PEM data, e.g. commentary abo

[Freeipa-devel] [freeipa PR#228][opened] cert-request: allow directoryName in SAN extension

2016-11-10 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/228 Author: frasertweedale Title: #228: cert-request: allow directoryName in SAN extension Action: opened PR body: """ Allow directoryName in SAN extension if the value matches the subject principal's DN in the IPA directory

[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates

2016-11-10 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates frasertweedale commented: """ Well I couldn't wait 'til tomorrow so I checked just then. I could not reproduce the issue :) """ See the full comment

[Freeipa-devel] [freeipa PR#227][synchronized] cert-request: match names against principal alises

2016-11-10 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/227 Author: frasertweedale Title: #227: cert-request: match names against principal alises Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/227/head:pr227 git

[Freeipa-devel] [freeipa PR#227][opened] cert-request: match names against principal alises

2016-11-10 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/227 Author: frasertweedale Title: #227: cert-request: match names against principal alises Action: opened PR body: """ Currently we do not check Kerberos principal aliases when validating a CSR. Enhance cert-request to accep

[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates

2016-11-10 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates frasertweedale commented: """ @jcholast sure, especially if it is related to renewal locks or some other tangential matter. ( @flo-renaud I have not yet confirmed the

[Freeipa-devel] [freeipa PR#162][closed] Certificate processing refactoring

2016-10-19 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/162 Author: frasertweedale Title: #162: Certificate processing refactoring Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/162/head:pr162 git checkout pr162

[Freeipa-devel] [freeipa PR#162][comment] Certificate processing refactoring

2016-10-19 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/162 Title: #162: Certificate processing refactoring frasertweedale commented: """ Closing PR (will retarget to @dkupka's refactoring-certificates staging branch. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#173][opened] Ensure correct IPA CA nickname in DS and HTTP NSSDBs

2016-10-19 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/173 Author: frasertweedale Title: #173: Ensure correct IPA CA nickname in DS and HTTP NSSDBs Action: opened PR body: """ During replica installation, if the IPA deployment has a custom subject_base, the routines that create the DS

[Freeipa-devel] [freeipa PR#177][synchronized] Add options to write lightweight CA cert or chain to file

2016-10-21 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Author: frasertweedale Title: #177: Add options to write lightweight CA cert or chain to file Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/177/head:pr177

[Freeipa-devel] [freeipa PR#176][opened] cert-show: show validity in default output

2016-10-20 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/176 Author: frasertweedale Title: #176: cert-show: show validity in default output Action: opened PR body: """ cert-show no longer shows validity dates without `--all', but this is important information that should be shown by defau

[Freeipa-devel] [freeipa PR#177][synchronized] Add options to write lightweight CA cert or chain to file

2016-11-24 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Author: frasertweedale Title: #177: Add options to write lightweight CA cert or chain to file Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/177/head:pr177

[Freeipa-devel] [freeipa PR#177][comment] Add options to write lightweight CA cert or chain to file

2016-11-24 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Title: #177: Add options to write lightweight CA cert or chain to file frasertweedale commented: """ @tomaskrizek thanks for reviewing. Updated tests and change the `--certificate-out` metavar to `FILE`. """

[Freeipa-devel] [freeipa PR#228][comment] cert-request: allow directoryName in SAN extension

2016-11-28 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/228 Title: #228: cert-request: allow directoryName in SAN extension frasertweedale commented: """ @tomaskrizek 1. The SAN DN is permitted if it matches the IPA principal's full DN in LDAP. The _certificate_ subject DN need not ma

[Freeipa-devel] [freeipa PR#227][comment] cert-request: match names against principal aliases

2016-11-16 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/227 Title: #227: cert-request: match names against principal aliases frasertweedale commented: """ @martbab thanks for review; I will revisit this some time in next week (hopefully) """ See the full comment at http

[Freeipa-devel] [freeipa PR#245][synchronized] Allow full customisability of IPA CA subject DN

2016-11-16 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/245 Author: frasertweedale Title: #245: Allow full customisability of IPA CA subject DN Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/245/head:pr245 git

[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN

2016-11-16 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/245 Title: #245: Allow full customisability of IPA CA subject DN frasertweedale commented: """ Added a new commit to add DNs-in-ldap-order comments. """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#249][opened] Remove references to ds_newinst.pl

2016-11-16 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/249 Author: frasertweedale Title: #249: Remove references to ds_newinst.pl Action: opened PR body: """ ds_newinst.pl was removed from 389 DS over 9 years ago. Remove references to it. Fixes: https://fedorahosted.org/free

[Freeipa-devel] [freeipa PR#227][comment] cert-request: match names against principal aliases

2016-11-16 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/227 Title: #227: cert-request: match names against principal aliases frasertweedale commented: """ @martbab Semantics: 0. *Subject principal* is looked up by `--principal` option, via `{PRINCIPAL_TYPE}_show` command. If you th

[Freeipa-devel] [freeipa PR#245][opened] Allow full customisability of IPA CA subject DN

2016-11-16 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/245 Author: frasertweedale Title: #245: Allow full customisability of IPA CA subject DN Action: opened PR body: """ This patchset adds full customisability of CA subject DN apart from subject base, via the ipa-server-install `--ca-

[Freeipa-devel] [freeipa PR#177][synchronized] Add options to write lightweight CA cert or chain to file

2016-11-17 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Author: frasertweedale Title: #177: Add options to write lightweight CA cert or chain to file Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/177/head:pr177

[Freeipa-devel] [freeipa PR#227][synchronized] cert-request: match names against principal alises

2016-11-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/227 Author: frasertweedale Title: #227: cert-request: match names against principal alises Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/227/head:pr227 git

[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN

2016-11-20 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/245 Title: #245: Allow full customisability of IPA CA subject DN frasertweedale commented: """ @tiran I haven't a clue about that pep8 error... my commits don't even touch that file. """ See the full comment at http

[Freeipa-devel] [freeipa PR#227][edited] cert-request: match names against principal aliases

2016-11-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/227 Author: frasertweedale Title: #227: cert-request: match names against principal aliases Action: edited Changed field: title Original value: """ cert-request: match names against principal alises """

[Freeipa-devel] [freeipa PR#177][opened] Add options to write lightweight CA cert or chain to file

2016-10-21 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Author: frasertweedale Title: #177: Add options to write lightweight CA cert or chain to file Action: opened PR body: """ Administrators need a way to retrieve the certificate or certificate chain of an IPA-managed lightweight

[Freeipa-devel] [freeipa PR#162][opened] Certificate processing refactoring

2016-10-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/162 Author: frasertweedale Title: #162: Certificate processing refactoring Action: opened PR body: """ This PR contains ready-for-review/test commits that: - support converting python-cryptography Name type to DN - avoid th

[Freeipa-devel] [freeipa PR#163][opened] Do not create Object Signing certificate

2016-10-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/163 Author: frasertweedale Title: #163: Do not create Object Signing certificate Action: opened PR body: """ The Object Signing certificate created during server installation was used only for signing the (recently removed) Firefo

[Freeipa-devel] [freeipa PR#162][synchronized] Certificate processing refactoring

2016-10-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/162 Author: frasertweedale Title: #162: Certificate processing refactoring Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/162/head:pr162 git checkout pr162

[Freeipa-devel] [freeipa PR#127][comment] Move ipa-otpd to $libexecdir/ipa, purge ffextension

2016-10-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/127 Title: #127: Move ipa-otpd to $libexecdir/ipa, purge ffextension frasertweedale commented: """ I think this change has caused SELinux errors when starting the daemon. (I had to `setenforce 0` to get the installer to complete). &q

[Freeipa-devel] [freeipa PR#228][comment] cert-request: allow directoryName in SAN extension

2016-11-29 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/228 Title: #228: cert-request: allow directoryName in SAN extension frasertweedale commented: """ @jcholast OK. Let's put this PR on ice for now... I may well take up your suggestion to allow subject DN to match LDAP DN, but I don't

[Freeipa-devel] [freeipa PR#177][synchronized] Add options to write lightweight CA cert or chain to file

2016-12-08 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Author: frasertweedale Title: #177: Add options to write lightweight CA cert or chain to file Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/177/head:pr177

[Freeipa-devel] [freeipa PR#177][comment] Add options to write lightweight CA cert or chain to file

2016-12-08 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Title: #177: Add options to write lightweight CA cert or chain to file frasertweedale commented: """ @jcholast updated PR to include `certificate` and `certificate_chain` in `ca_find` output when `--all` is specified. "&quo

[Freeipa-devel] [freeipa PR#329][opened] experiment: did pull/177 break ci?

2016-12-12 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Author: frasertweedale Title: #329: experiment: did pull/177 break ci? Action: opened PR body: """ This PR reverts the commits from pull/177 to test the hypothesis that something in these commits broke CI. """ To

[Freeipa-devel] [freeipa PR#329][comment] experiment: did pull/177 break ci?

2016-12-12 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Title: #329: experiment: did pull/177 break ci? frasertweedale commented: """ Yes, it looks like I broke CI. Feel free to merge this PR if I don't find a fix quickly enough. """ See the full comment at https://g

[Freeipa-devel] [freeipa PR#177][comment] Add options to write lightweight CA cert or chain to file

2016-12-11 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Title: #177: Add options to write lightweight CA cert or chain to file frasertweedale commented: """ On Sun, Dec 11, 2016 at 10:36:27PM -0800, Jan Cholasta wrote: > @frasertweedale, thanks. What about > [this](https://githu

[Freeipa-devel] [freeipa PR#329][synchronized] experiment: did pull/177 break ci?

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Author: frasertweedale Title: #329: experiment: did pull/177 break ci? Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/329/head:pr329 git checkout pr329

[Freeipa-devel] [freeipa PR#245][comment] Allow full customisability of IPA CA subject DN

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/245 Title: #245: Allow full customisability of IPA CA subject DN frasertweedale commented: """ @jcholast: new tickets pertaining to subject_base / certmap.conf config: - **do not update ipaCertificateSubjectBase and certmap.conf

[Freeipa-devel] [freeipa PR#329][reopened] experiment: did pull/177 break ci?

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Author: frasertweedale Title: #329: experiment: did pull/177 break ci? Action: reopened To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/329/head:pr329 git checkout pr329

[Freeipa-devel] [freeipa PR#329][synchronized] experiment: did pull/177 break ci?

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Author: frasertweedale Title: #329: experiment: did pull/177 break ci? Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/329/head:pr329 git checkout pr329

[Freeipa-devel] [freeipa PR#329][synchronized] experiment: did pull/177 break ci?

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Author: frasertweedale Title: #329: experiment: did pull/177 break ci? Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/329/head:pr329 git checkout pr329

[Freeipa-devel] [freeipa PR#329][synchronized] experiment: did pull/177 break ci?

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Author: frasertweedale Title: #329: experiment: did pull/177 break ci? Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/329/head:pr329 git checkout pr329

[Freeipa-devel] [freeipa PR#329][synchronized] experiment: did pull/177 break ci?

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Author: frasertweedale Title: #329: experiment: did pull/177 break ci? Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/329/head:pr329 git checkout pr329

[Freeipa-devel] [freeipa PR#329][synchronized] experiment: did pull/177 break ci?

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Author: frasertweedale Title: #329: experiment: did pull/177 break ci? Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/329/head:pr329 git checkout pr329

[Freeipa-devel] [freeipa PR#177][synchronized] Add options to write lightweight CA cert or chain to file

2016-12-12 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Author: frasertweedale Title: #177: Add options to write lightweight CA cert or chain to file Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/177/head:pr177

[Freeipa-devel] [freeipa PR#177][comment] Add options to write lightweight CA cert or chain to file

2016-12-12 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Title: #177: Add options to write lightweight CA cert or chain to file frasertweedale commented: """ @jcholast right you are. PR updated with conditional import. Thanks. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#245][synchronized] Allow full customisability of IPA CA subject DN

2016-12-12 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/245 Author: frasertweedale Title: #245: Allow full customisability of IPA CA subject DN Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/245/head:pr245 git

[Freeipa-devel] [freeipa PR#329][closed] experiment: did pull/177 break ci?

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/329 Author: frasertweedale Title: #329: experiment: did pull/177 break ci? Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/329/head:pr329 git checkout pr329

[Freeipa-devel] [freeipa PR#332][synchronized] Fix regression in test suite

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/332 Author: frasertweedale Title: #332: Fix regression in test suite Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/332/head:pr332 git checkout pr332 From

[Freeipa-devel] [freeipa PR#332][opened] Fix regression in test suite

2016-12-13 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/332 Author: frasertweedale Title: #332: Fix regression in test suite Action: opened PR body: """ 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d introduced a regression in test_serverroles.py, caused by ca_find attempting to log into the

[Freeipa-devel] [freeipa PR#177][comment] Add options to write lightweight CA cert or chain to file

2016-12-07 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Title: #177: Add options to write lightweight CA cert or chain to file frasertweedale commented: """ @jcholast returning cert and chain in `ca_find` when `--all` is given will incur `n * 2` additional round-trips to Dogtag. I am

[Freeipa-devel] [freeipa PR#177][synchronized] Add options to write lightweight CA cert or chain to file

2016-12-07 Thread frasertweedale
URL: https://github.com/freeipa/freeipa/pull/177 Author: frasertweedale Title: #177: Add options to write lightweight CA cert or chain to file Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/177/head:pr177

  1   2   >