The FreeIPA team would like to announce FreeIPA 4.9.0 release candidate 2!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora Rawhide will be available from the official repository soon.
We are not planning producing builds of release candidates for the Fedora 32/33
at this moment. Final FreeIPA 4.9.0 release might be produced for Fedora 33
depending on upgrade test results.
== Highlights in 4.9.0 release candidate 2 ==
=== Bug fixes ===
FreeIPA 4.9.0 release candidate 2 is a stabilization release for the features
delivered as a part of 4.9 version series.
There are more than 10 bug-fixes since FreeIPA 4.9.0 release candidate 1.
Details of the bug-fixes can be seen in the list of resolved tickets below.
== Upgrading ==
Upgrade instructions are available on [[Upgrade]] page.
== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users mailing
list
(https://lists.fedoraproject.org/archives/list/[email protected]/)
or #freeipa channel on Freenode.
== Resolved tickets ==
* [https://pagure.io/freeipa/issue/3299 #3299] [RFE] Switch the client to JSON
RPC
* [https://pagure.io/freeipa/issue/7534 #7534]
([https://bugzilla.redhat.com/show_bug.cgi?id=1569011 rhbz#1569011])
Investigate failures to restore 389-ds attriubtes on upgrade failure
* [https://pagure.io/freeipa/issue/7676 #7676]
([https://bugzilla.redhat.com/show_bug.cgi?id=1544379 rhbz#1544379])
ipa-client-install changes system wide ssh configuration
* [https://pagure.io/freeipa/issue/7975 #7975] Accept 389-ds JSON replication
status messages
* [https://pagure.io/freeipa/issue/8424 #8424] Add ipa.p11-kit to
ipa-client-install man page files list
* [https://pagure.io/freeipa/issue/8514 #8514]
([https://bugzilla.redhat.com/show_bug.cgi?id=1885126 rhbz#1885126]) Nightly
failure (enforcing mode) in test_acme.py::TestACME::test_mod_md
* [https://pagure.io/freeipa/issue/8524 #8524]
([https://bugzilla.redhat.com/show_bug.cgi?id=1851835 rhbz#1851835]) Deploy &
manage the ACME service topology wide from a single system
* [https://pagure.io/freeipa/issue/8531 #8531] RFE: Use host keytab to obtain
ticket for ipa-certupdate
* [https://pagure.io/freeipa/issue/8545 #8545]
([https://bugzilla.redhat.com/show_bug.cgi?id=1869605 rhbz#1869605]) KRA
Transport and Storage Certificates do not renew
* [https://pagure.io/freeipa/issue/8554 #8554]
([https://bugzilla.redhat.com/show_bug.cgi?id=1891056 rhbz#1891056]) ipa-kdb:
support subordinate/superior UPN suffixes
* [https://pagure.io/freeipa/issue/8581 #8581] Nightly test failure in
test_acme.py::TestACME::test_third_party_certs (updates-testing)
* [https://pagure.io/freeipa/issue/8587 #8587] client-only build fails due to
unconditional use of pwquality features
* [https://pagure.io/freeipa/issue/8589 #8589]
([https://bugzilla.redhat.com/show_bug.cgi?id=1812871 rhbz#1812871])
Intermittent IdM Client Registration Failures
* [https://pagure.io/freeipa/issue/8590 #8590] Nightly test failure in
test_integration/test_krbtpolicy.py::TestPWPolicy::test_krbtpolicy_default::setup
* [https://pagure.io/freeipa/issue/8595 #8595] Allow ipa-ca as a name for an
IPA server
* [https://pagure.io/freeipa/issue/8597 #8597]
([https://bugzilla.redhat.com/show_bug.cgi?id=1901068 rhbz#1901068]) Traceback
while doing ipa-backup
* [https://pagure.io/freeipa/issue/8601 #8601] Nightly test failure in
test_trust.py::TestTrust::test_subordinate_suffix
* [https://pagure.io/freeipa/issue/8603 #8603]
([https://bugzilla.redhat.com/show_bug.cgi?id=1902727 rhbz#1902727])
ipa-acme-manage enable fails after upgrade
== Detailed changelog since 4.9.0rc1 ==
=== Armando Neto (1) ===
* ipatests: Bump PR-CI templates [https://pagure.io/freeipa/c/a3c5c71925b5fd8faa56379d92fa19631d230108 commit]
=== Alexander Bokovoy (5) ===
* Become FreeIPA 4.9.0rc2 [https://pagure.io/freeipa/c/e74d6409902b83fb81a0aec251280375a90d6f07 commit]
* Update contributors [https://pagure.io/freeipa/c/5f36ee51e4f9d270cc65668d9ab4666e0ac8c07f commit]
* freeipa.spec.in: unify spec files across upstream RHEL, and Fedora [https://pagure.io/freeipa/c/4b56a4cbaa3bb71260ffbc35f304ddf5ee31baed commit]
* ad trust: accept subordinate domains of the forest trust root [https://pagure.io/freeipa/c/381cc5e8eae1b7437fc15cb699983887d398f498 commit] [https://pagure.io/freeipa/issue/8554 #8554]
* util: Fix client-only build
[https://pagure.io/freeipa/c/244704cc156dba0731671c55661d82073f970c9b commit]
[https://pagure.io/freeipa/issue/8587 #8587]
=== Antonio Torres Moríñigo (1) ===
* ipa-client-install manpage: add ipa.p11-kit to list of files created
[https://pagure.io/freeipa/c/08bbd0a2d712a5a7f1a02999390c4be2a9df3f0e commit]
[https://pagure.io/freeipa/issue/8424 #8424]
=== Florence Blanc-Renaud (2) ===
* ipatests: fix TestTrust::test_subordinate_suffix
[https://pagure.io/freeipa/c/bf1d652ff946e448a5b97a12df926ae4a7d9db01 commit]
[https://pagure.io/freeipa/issue/8601 #8601]
* Always define the path DNSSEC_OPENSSL_CONF
[https://pagure.io/freeipa/c/06a7db1838ad9b9ebbe565dbbde126968f9c296f commit]
[https://pagure.io/freeipa/issue/8597 #8597]
=== Mark Reynolds (1) ===
* Accept 389-ds JSON replication status messages
[https://pagure.io/freeipa/c/826dccc9cb99f4bce8bd24b47c531f918f19d8d6 commit]
[https://pagure.io/freeipa/issue/7975 #7975]
=== Mohammad Rizwan (1) ===
* ipatests: Test certmonger IPA responder switched to JSONRPC
[https://pagure.io/freeipa/c/25eebb21a2f85817691ce65c431d6b5de3bebe3b commit]
[https://pagure.io/freeipa/issue/3299 #3299]
=== Rob Crittenden (25) ===
* Skip the ACME mod_md test when the client is in enforcing mode
[https://pagure.io/freeipa/c/2d576d5b4b1e9e0c43aafde7636c6a25b5ca294f commit]
[https://pagure.io/freeipa/issue/8514 #8514]
* Increase timeout for krbtpolicy to 4800
[https://pagure.io/freeipa/c/28ed75ca0251724e34a447174ae775edca9763e2 commit]
[https://pagure.io/freeipa/issue/8589 #8589]
* Enable the ccache sweep systemd timer
[https://pagure.io/freeipa/c/068d08577d97258267917f81363a1a033a681803 commit]
[https://pagure.io/freeipa/issue/8589 #8589]
* ipatests: test that stale caches are removed using the sweeper
[https://pagure.io/freeipa/c/22fa1a7e5c49a677b55f71d95d47cc58e0f29c57 commit]
[https://pagure.io/freeipa/issue/8589 #8589]
* Generate a unique cache for each connection
[https://pagure.io/freeipa/c/51b186b6033bafaa39a2b0544b5cdc9c0298208c commit]
[https://pagure.io/freeipa/issue/8589 #8589]
* Convert reset_to_default_policy into a pytest fixture
[https://pagure.io/freeipa/c/848dffb59273493ef3abde2a86864e85c8d19eff commit]
[https://pagure.io/freeipa/issue/8589 #8589]
* VERSION: back to git snapshots [https://pagure.io/freeipa/c/2e1cbcb7783704ef5d6c883e55003acac4ee1553 commit]
* ipatests: Test that ipa-ca.$domain can retrieve CRLs without redirect [https://pagure.io/freeipa/c/b478bf99d9f158dabae145169f242b2b5d26404c commit] [https://pagure.io/freeipa/issue/8595 #8595]
* Allow Apache to answer to ipa-ca requests without a redirect
[https://pagure.io/freeipa/c/4ba6a0371b6d12adf46a654356468e52bf3ee33f commit]
[https://pagure.io/freeipa/issue/8595 #8595]
* Move where the restore state is marked during IPA server upgrade
[https://pagure.io/freeipa/c/20055ddaf169787c041f0baf0bd0cdca1f5fe7b5 commit]
[https://pagure.io/freeipa/issue/7534 #7534]
* Reorder when ACME is enabled to fix failure on upgrade
[https://pagure.io/freeipa/c/ea67962d5d2b4812234bb6c22c85b7716951b2f9 commit]
[https://pagure.io/freeipa/issue/8603 #8603]
* Remove test for minimum ACME support and rely on package deps [https://pagure.io/freeipa/c/0d6caf5d0eae315797b36abfe8444827bdd71fb7 commit]
* Require PKI 10.10+ for KRA profile and ACME support [https://pagure.io/freeipa/c/3e530e93c37ee71a560714e26285cd85e71557c9 commit] [https://pagure.io/freeipa/issue/8524 #8524], [https://pagure.io/freeipa/issue/8545 #8545]
* Test that the KRA profiles can renewal its three certificates
[https://pagure.io/freeipa/c/bd4771d75f8549fe1790540764f23d47bf3d187c commit]
[https://pagure.io/freeipa/issue/8545 #8545]
* Change KRA profiles in certmonger tracking so they can renew
[https://pagure.io/freeipa/c/a9e1c014f601a567f4aa5135d02883c498835268 commit]
[https://pagure.io/freeipa/issue/8545 #8545]
* ipatests: Increase timeout for ACME in gating.yaml
[https://pagure.io/freeipa/c/17f293e9da0375bac4871c0100c6146a8c2f8e55 commit]
[https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: honor class inheritance in TestACMEwithExternalCA
[https://pagure.io/freeipa/c/75ad5757528491616f7f4e596bb9f6b152944d99 commit]
[https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: configure MDStoreDir for mod_md ACME test
[https://pagure.io/freeipa/c/b474b263ed0161ba8411cc84014e4d08a44ac15f commit]
[https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: Clean up existing ACME registration and certs
[https://pagure.io/freeipa/c/5d286e79515c8a6c856a5acde6300271422acfac commit]
[https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: Configure a replica in TestACMEwithExternalCA
[https://pagure.io/freeipa/c/de5baf8516cde060f1606070b2a8824f71178f16 commit]
[https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: call the CALess install method to generate the CA
[https://pagure.io/freeipa/c/3cd6b81a68be98ae9f60da67d2bc640831f0cf0c commit]
[https://pagure.io/freeipa/issue/8581 #8581]
* ipatests: Test that Match ProxyCommand masks on no shell exec
[https://pagure.io/freeipa/c/d89e3abf2714092baae1607afd83da1c944d6c9f commit]
[https://pagure.io/freeipa/issue/7676 #7676]
* Create IPA ssh client configuration and move ProxyCommand
[https://pagure.io/freeipa/c/a525b2ebf01ffff83d0a5925035f4be0fc5c700c commit]
[https://pagure.io/freeipa/issue/7676 #7676]
* ipatests: Test that ipa-certupdate can run without credentials
[https://pagure.io/freeipa/c/4941d3d4b1ba10ccddf5429463debcefac6fbd9f commit]
[https://pagure.io/freeipa/issue/8531 #8531]
* Use host keytab to obtain credentials needed for ipa-certupdate
[https://pagure.io/freeipa/c/1a09ce9f3fa503eeefe394856be538892652accf commit]
[https://pagure.io/freeipa/issue/8531 #8531]
=== Robbie Harwood (1) ===
* Fix krbtpolicy tests
[https://pagure.io/freeipa/c/17a4198a666453dbec55409d4e2acc37a37b57ac commit]
[https://pagure.io/freeipa/issue/8590 #8590]
=== Sudhir Menon (2) ===
* ipatests: support subordinate upn suffixes [https://pagure.io/freeipa/c/7e605e958ef6d41584afc238433669c15458ac67 commit]
* ipatests: Tests for ipahealthcheck.ds.nss_ssl [https://pagure.io/freeipa/c/46f114d9e751b2a092b975b909f0e890257a507d commit]
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
Freeipa-interest mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-interest
