Re: [Pki-devel] [PATCH] patches for authz realm and fixing output on request rejection

Thanks. Fixed as below. Pushed to master. On Mon, 2016-05-09 at 17:51 -0500, Endi Sukma Dewata wrote: > On 5/9/2016 2:18 PM, Ade Lee wrote: > > Patch descriptions .. in reverse order. > > > > Note that the CA setup for authz is further documented at > >

Re: [Pki-devel] [PATCH] 302 - migration script for registry.cfg for realm

On 5/9/2016 5:11 PM, Ade Lee wrote: Migration script to add entries for new constraints and defaults for authz realm changes. Please review, Thanks, Ade Couple things: 1. I think we still have to create an empty 10.3.0 folder in the base/common to make sure both system and server upgrades

Re: [Pki-devel] [PATCH] patches for authz realm and fixing output on request rejection

On 5/9/2016 2:18 PM, Ade Lee wrote: Patch descriptions .. in reverse order. Note that the CA setup for authz is further documented at pki.fedoraproject.org/wiki/Kra_authz_realm , where I have added a section on 'CA Configuration". Thanks, Ade

Re: [Pki-devel] [PATCH] 0105 Add pki-server ca-cert-db-upgrade command

On Mon, May 09, 2016 at 04:06:46PM -0400, Ade Lee wrote: > Isn't all this predicated on a schema change that adds the issuer as an > optional field for the certRecord? > The schema already exists but was unused. > Ade > > On Mon, 2016-05-09 at 17:15 +1000, Fraser Tweedale wrote: > > Hi all, > >

[Pki-devel] [PATCH] 302 - migration script for registry.cfg for realm

Migration script to add entries for new constraints and defaults for authz realm changes. Please review, Thanks, Ade From 8dd438fe42060e29cbe4d6d55f81ff1c1b31d9b4 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Mon, 9 May 2016 17:24:29 -0400 Subject: [PATCH] Add migration script

Re: [Pki-devel] [PATCH] 0105 Add pki-server ca-cert-db-upgrade command

Isn't all this predicated on a schema change that adds the issuer as an optional field for the certRecord? Ade On Mon, 2016-05-09 at 17:15 +1000, Fraser Tweedale wrote: > Hi all, > > The following patch adds a pki-server subcommand for updating > certificate records to add the issuerName

Re: [Pki-devel] [PATCH] 737-739 Added deployment parameters for number ranges.

On 5/6/2016 9:21 PM, Endi Sukma Dewata wrote: Attached are patches to add deployment parameters for serial, request, and replica number ranges. https://fedorahosted.org/pki/ticket/2278 ACKed by alee (thanks!). Pushed to master. The man page will be updated in ticket #2318. -- Endi S.

[Pki-devel] [PATCH] patches for authz realm and fixing output on request rejection

Patch descriptions .. in reverse order. Note that the CA setup for authz is further documented at pki.fedoraproject.org/wiki/Kra_authz_realm , where I have added a section on 'CA Configuration". Thanks, Ade commit

Re: [Pki-devel] [Freeipa-devel] [DESIGN] Lightweight CA renewal

On 05/09/2016 09:35 AM, Jan Cholasta wrote: > Hi, > > On 6.5.2016 08:01, Fraser Tweedale wrote: >> Hullo all, >> >> FreeIPA Lightweight CAs implementation is progressing well. The >> remaining big unknown in the design is how to do renewal. I have >> put my ideas into the design page[1] and

[Pki-devel] [PATCH] 0105 Add pki-server ca-cert-db-upgrade command

Hi all, The following patch adds a pki-server subcommand for updating certificate records to add the issuerName attribute. It is for #1667 (Database upgrade script to add issuerName attribute to all cert entries). Follow-up question: should I (and if so, how should I) also add an upgrade