== Highlights in 4.8.5 ==
- [8214] openDNSSEC 2.1 support
- [8221] AJP connector protection
for Dogtag/FreeIPA communication for CVE-2020-1938 mitigation. Fedora
and RHEL do not force encrypted AJP connector by default with 9.0.31
but FreeIPA 4.8.5 will convert to encrypted AJP channel on upgrade or
at a new deployment. Use of AJP is limited to localhost connections
with integrated CA already.
- Default authentication indicators are now documented in FreeIPA
workshop,
https://github.com/freeipa/freeipa-workshop/blob/master/11-kerberos-ticket-policy.rst
- [6891] FreeIPA SELinux policy is now part of the upstream packaging
and replaces distribution-wide policies.
- New internal mechanism to promote Trust Agents in
ipa-adtrust-install, to allow configuring schema compatibility plugin
on remote replicas.
- [8124] New "ipa-cacert-manage delete" command to allow pruning a CA
certificate from LDAP store
=== Enhancements ===
- Backup / restore tools now check whether packages for various optional
IPA master features installed before restore
- IPA CLI commands for DNS operations display additional attributes and
handle optional parameters when a record is removed
- Additional checks for external CA certificate properties during
installation
- Minor content improvements in ipa-client-samba's tool output
- Preliminary support for building with MIT Kerberos 1.18
- Increased test coverage in upstream test suite
- Ability to test multi-host scenarios in upstream CI using Azure
Pipelines
=== Known Issues ===
=== Bug fixes ===
FreeIPA 4.8.5 is a stabilization release for the features delivered as a
part of 4.8.0 release series.
There are more than 50 bug-fixes details of which can be seen in
the list of resolved tickets below.
== Upgrading ==
Upgrade instructions are available on [[Upgrade]] page.
== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users mailing
list
(https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/)
or #freeipa channel on Freenode.
== Resolved tickets ==
* [https://pagure.io/freeipa/issue/6891 #6891] Move FreeIPA SELinux policy from
system policy to project policy
* [https://pagure.io/freeipa/issue/7522 #7522] Disable cert publishing in dogtag
* [https://pagure.io/freeipa/issue/7537 #7537] PR-CI: external_ca tests are
hitting timeout
* [https://pagure.io/freeipa/issue/7600 #7600] Enable compat tree to provide
information about AD users and groups on trust agents
* [https://pagure.io/freeipa/issue/7630 #7630] ipa-restore should check that
optional feature packages are installed before restoring a backup using a
feature
* [https://pagure.io/freeipa/issue/7744 #7744] ipa-replica-install picks wrong
replica for CA initial replication
* [https://pagure.io/freeipa/issue/7830 #7830] FreeIPA installation fails with
389-DS 1.4.0.20-1
* [https://pagure.io/freeipa/issue/7856 #7856] Nightly test failure in
test_uninstallation.py::TestUninstallBase::()::test_failed_uninstall
* [https://pagure.io/freeipa/issue/7861 #7861] Make IPADiscovery available in
PyPI packages
* [https://pagure.io/freeipa/issue/7909 #7909] Wrong evaluation of replication
update status
* [https://pagure.io/freeipa/issue/7917 #7917] Occasional 'whoami.data is
undefined' error in FreeIPA web UI
* [https://pagure.io/freeipa/issue/7938 #7938] 'ipa dnszone-show/find' should display "Dynamic
Update" and "Bind update policy" by default
* [https://pagure.io/freeipa/issue/7941 #7941] ipapython/dn_ctypes.py:
libldap_r shared library missing
* [https://pagure.io/freeipa/issue/7942 #7942] WebUI test for automount is
broken
* [https://pagure.io/freeipa/issue/7948 #7948] [FIPS] Use 3DES for certificate
encryption when creating a PKCS#12
* [https://pagure.io/freeipa/issue/7953 #7953] ipa-pwd-extop: do not remove
MagicRegen mod, replace it
* [https://pagure.io/freeipa/issue/7965 #7965] Stop using 389-ds legacy tools
for backup and restore
* [https://pagure.io/freeipa/issue/7974 #7974] Nightly test failure in
ipatests.test_integration.test_user_permissions.TestUserPermissions
* [https://pagure.io/freeipa/issue/7984 #7984] make sure 'make fastlint'
processes Python .in files
* [https://pagure.io/freeipa/issue/7987 #7987] Python shebang: Use isolated mode
* [https://pagure.io/freeipa/issue/7989 #7989] Pytest4.2+ errors
* [https://pagure.io/freeipa/issue/7990 #7990] Assumptions about systemd name
of `named`
* [https://pagure.io/freeipa/issue/7998 #7998] Use system-wide crypto policy in
TLS client
* [https://pagure.io/freeipa/issue/8001 #8001] Need default authentication
indicators for SPAKE, PKINIT and encrypted challenge preauth
* [https://pagure.io/freeipa/issue/8004 #8004] RHEL 8 uses nis-domainname
instead of rhel-domainname
* [https://pagure.io/freeipa/issue/8029 #8029] ipa host-find --pkey-only
includes SSH keys in output
* [https://pagure.io/freeipa/issue/8079 #8079] [Security] By default, DNS
recursion is open, breaking best practices
* [https://pagure.io/freeipa/issue/8098 #8098] Host principals lack ACI to look
up DNS objects in LDAP
* [https://pagure.io/freeipa/issue/8105 #8105] getcert with -F option returns
before cacert file is created
* [https://pagure.io/freeipa/issue/8110 #8110] Enable AES SHA 256 and 384
Kerberos enctypes
* [https://pagure.io/freeipa/issue/8116 #8116] Pylint parallel execution with
custom plugin
* [https://pagure.io/freeipa/issue/8124 #8124] Add option to ipa-cacert-manage
to delete certificates
* [https://pagure.io/freeipa/issue/8135 #8135] When Service weight is set as 0 for server
in IPA location "IPA Error 903: InternalError" is displayed
* [https://pagure.io/freeipa/issue/8142 #8142] check Not Before / Not After in
externally signed CA sanity check
* [https://pagure.io/freeipa/issue/8149 #8149] SIDs of AD domains do not
display in ipa-client-samba installer
* [https://pagure.io/freeipa/issue/8150 #8150] IPA Server install fail
* [https://pagure.io/freeipa/issue/8151 #8151] test_commands timing-out
* [https://pagure.io/freeipa/issue/8153 #8153] Kerberos ticket policy
reset does not reset per-indicator policies *
[https://pagure.io/freeipa/issue/8157 #8157] NIghtly test failure in
fedora-rawhide/test_webui_network
* [https://pagure.io/freeipa/issue/8163 #8163] "Internal Server Error" reported
for minor issues implies IPA is broken [IdmHackfest2019]
* [https://pagure.io/freeipa/issue/8164 #8164] Renewed certs are not picked up
by IPA CAs
* [https://pagure.io/freeipa/issue/8169 #8169] NIghtly test failure in
fedora-rawhide/test_webui_policy
* [https://pagure.io/freeipa/issue/8170 #8170] Nightly test failure in
fedora-rawhide/test_backup_and_restore_TestBackupReinstallRestoreWithDNS
* [https://pagure.io/freeipa/issue/8173 #8173] Broken -k argument parsing in
ipa-run-tests 4.8.4-1 package
* [https://pagure.io/freeipa/issue/8176 #8176] External CA is tracked for
renewals and replaced with a self-signed certificate
* [https://pagure.io/freeipa/issue/8179 #8179] Tests broken with python version
< 3.7 (module 're' has no attribute 'Pattern')
* [https://pagure.io/freeipa/issue/8190 #8190] ipa-client-automount fails after
repeated installation/uninstallation
* [https://pagure.io/freeipa/issue/8192 #8192] ipa-adtrust-install does not
list service records for manual addition to DNS zone
* [https://pagure.io/freeipa/issue/8193 #8193] Re-order
50-externalmembers.update to be after 80-schema_compat.update
* [https://pagure.io/freeipa/issue/8196 #8196] API: dnsrecord_del failure with
empty list aaaarecord
* [https://pagure.io/freeipa/issue/8200 #8200] ipa krb5kdc db: krb5kdc coredump
* [https://pagure.io/freeipa/issue/8201 #8201] update ssbrowser.html
* [https://pagure.io/freeipa/issue/8202 #8202] Azure: add support for
multi-container tests
* [https://pagure.io/freeipa/issue/8214 #8214] Support for opendnssec 2.1.6
* [https://pagure.io/freeipa/issue/8219 #8219] ipatests: unify editing of
sssd.conf
* [https://pagure.io/freeipa/issue/8221 #8221] Secure AJP connector between
Dogtag and Apache proxy
* [https://pagure.io/freeipa/issue/8226 #8226] ipa-restore does not restart
httpd
== Detailed changelog since 4.8.4 ==
=== Armando Neto (4) ===
* prci: update fedora used for testing ipa-4-8
[https://pagure.io/freeipa/c/c1660a4c023a28cdad40720fd91d7e57870b4808
commit] * prci: Bump template version
[https://pagure.io/freeipa/c/59593194d3eaf646ae757b88dc8a9231c21301c2
commit] * ipatests: Skip test_sss_ssh_authorizedkeys method
[https://pagure.io/freeipa/c/011734279c37ca1e9a013694525563b4e77ace78
commit] [https://pagure.io/freeipa/issue/8151 #8151]
* ipatests: Improve test_commands reliability
[https://pagure.io/freeipa/c/5431dd9706253ea7cd75f62f5cd387bbf25ac878
commit]
=== Alexander Bokovoy (11) ===
* Become FreeIPA 4.8.5
[https://pagure.io/freeipa/c/5f49e6d1aaab56f8dd72e991f16ff575b7f4c9ee
commit] * Add new contributors to the list
[https://pagure.io/freeipa/c/1af953680ba95d7a9da382e05f373375d1e6a35d
commit] * Add more contributor emails to the mailmap
[https://pagure.io/freeipa/c/b598982520891d2907070101c8953019613a4694
commit] * Secure AJP connector between Dogtag and Apache proxy
[https://pagure.io/freeipa/c/d4d8b98c3588b212db6a26610e690cccb3af84ca
commit] [https://pagure.io/freeipa/issue/8221 #8221]
* Tighten permissions on PKI proxy configuration
[https://pagure.io/freeipa/c/1deb1010b245df6c363c5655f9a548bdf4dbc040 commit]
[https://pagure.io/freeipa/issue/8221 #8221]
* Azure Pipelines: re-enable nodejs:12 stream for Fedora 31+
[https://pagure.io/freeipa/c/4eb48492b354ecc30ffe1dd9654dcc0e0e833d64
commit] * kdb: make sure audit_as_req callback signature change is
preserved
[https://pagure.io/freeipa/c/30b8c8b9985a5eb41e700b80fd03f95548e45fba
commit] [https://pagure.io/freeipa/issue/8200 #8200]
* adtrust: print DNS records for external DNS case after role is enabled
[https://pagure.io/freeipa/c/936e27f75961c67e619ecfa641e256ce80662d68 commit]
[https://pagure.io/freeipa/issue/8192 #8192]
* Update Azure Pipelines to use Fedora 31
[https://pagure.io/freeipa/c/f4e2acd1333f0f3d88da81d3fda80e85c9c418c2
commit] * install/updates: move external members past schema compat
update
[https://pagure.io/freeipa/c/14dbf04148c6284b176eca34aa70df4bef09b857
commit] [https://pagure.io/freeipa/issue/8193 #8193]
* Reset per-indicator Kerberos policy
[https://pagure.io/freeipa/c/a8b52eaf3cf56c90e3d94fdef0b9e426052634ea commit]
[https://pagure.io/freeipa/issue/8153 #8153]
=== Anuja More (11) ===
* Mark test to skip sssd-2.2.2
[https://pagure.io/freeipa/c/a9922639f3541fe25cadbba79a94de7ada29c7f3
commit] * ipatests: User and group with same name should not break
reading AD user data.
[https://pagure.io/freeipa/c/c3053e287b8d29da40ef9c36fbe8915f616f8501
commit] * ipatests: Added test when 2FA prompting configurations is
set.
[https://pagure.io/freeipa/c/dcdcbe37f42a219541716938fd34ac1df7d8170c
commit] * ipatests: SSSD should fetch external groups without any
limit.
[https://pagure.io/freeipa/c/d4b8081e6c0a745451ff314f7a42d5ff344ac327
commit] * ipatests: Add test for ipa-extdom-extop plugin should allow
@ in group name
[https://pagure.io/freeipa/c/985c99fc7ad6fdd30d428d099e006b1a0836a87d
commit] * Update topology for test_integration/test_sssd.py
[https://pagure.io/freeipa/c/2d0da2f9aff2e6256ae9f43838ca24335381e7e8
commit] * After mounting "Unspecified GSS failure" should not be in
logs.
[https://pagure.io/freeipa/c/4d7eac93b0249d6f4081bb4857079875afa21423
commit] * Add xmlrpc test with input validation check for kerberos
ticket policy.
[https://pagure.io/freeipa/c/acbbc52999f8c7694d549b709bc8caea801dc94c
commit] * Fix fedora version for xfail for sssd test
[https://pagure.io/freeipa/c/2b19749a3769bbac5f11aa901bf6291b6240dddb
commit] * Add integration test for otp kerberos ticket policy.
[https://pagure.io/freeipa/c/27a6920d50e5d63afbfc198e64885a2cd3fadc48
commit] [https://pagure.io/freeipa/issue/8001 #8001]
* ipatests: filter_users should be applied correctly.
[https://pagure.io/freeipa/c/71a4d574bd94eda3cb7490a2254ce764fe9bcdb1
commit]
=== Christian Heimes (7) ===
* Allow hosts to read DNS records for IP SAN
[https://pagure.io/freeipa/c/e4a611aee8ca839c59798210b56e65f21a24e965 commit]
[https://pagure.io/freeipa/issue/8098 #8098]
* Cleanup SELinux policy
[https://pagure.io/freeipa/c/87e0d82dd4409cdecaacee1fa27d27033aa65f7a commit]
[https://pagure.io/freeipa/issue/6891 #6891]
* Integrate SELinux policy into build system
[https://pagure.io/freeipa/c/18ce2033c04aed2c4a34f61b9ee3642b01f53017
commit] * dnsrecord: Treat empty list arguments correctly
[https://pagure.io/freeipa/c/2ade60ac63ff9a626ae1ec17196121fe694ee212
commit] [https://pagure.io/freeipa/issue/8196 #8196]
* Remove dependency on custodia package
[https://pagure.io/freeipa/c/b240b54bb4ff160851c7681914eb210934ae2abc
commit] * Make assert_error compatible with Python 3.6
[https://pagure.io/freeipa/c/e9ed8e78454f12fcfc3d0484dd36995cbef65961
commit] [https://pagure.io/freeipa/issue/8179 #8179]
* Print LDAP diagnostic messages on error
[https://pagure.io/freeipa/c/4fe1f7701a616c17167f75e1e81f3a479a2ee50f
commit]
=== Dinesh Prasanth M K (1) ===
* Adding auto COPR builds
[https://pagure.io/freeipa/c/21fb038c9bdfa05fa96ac2a0fc6f4cc1e74ce916
commit]
=== François Cami (5) ===
* ipa-restore: restart services at the end
[https://pagure.io/freeipa/c/8d6a609d6e55dc11b4768ee54da46393228660f9 commit]
[https://pagure.io/freeipa/issue/8226 #8226]
* ipatests: make sure ipa-client-automount reverts sssd.conf
[https://pagure.io/freeipa/c/7ae804c726970ae467a7f76efa21bae40405551d commit]
[https://pagure.io/freeipa/issue/8190 #8190]
* ipa-client-automount: call save_domain() for each change
[https://pagure.io/freeipa/c/6332aed9ba67e2ee759a9d988ba92139486469d4 commit]
[https://pagure.io/freeipa/issue/8190 #8190]
* ipatests: expect "Dynamic Update" and "Bind update policy" in default
dnszone* output [https://pagure.io/freeipa/c/578bdce292c142b7fca6e237ccb3f5cec641e618 commit]
[https://pagure.io/freeipa/issue/7938 #7938]
* ipaserver/plugins/dns.py: add "Dynamic Update" and "Bind update policy" to
default dnszone* output [https://pagure.io/freeipa/c/e3cff5d152fc36802f7ddfcd0730696e154d1b4c
commit] [https://pagure.io/freeipa/issue/7938 #7938]
=== Florence Blanc-Renaud (16) ===
* opendnssec2.1 support: move all ods tasks to specific file
[https://pagure.io/freeipa/c/799ebc8be681165e622778848a9b2989434a29dd commit]
[https://pagure.io/freeipa/issue/8214 #8214]
* DnsSecMaster migration: move the call to zonelist export later
[https://pagure.io/freeipa/c/598c55cc0dc884aa780ac2dc2f3adfd8299e6ea0 commit]
[https://pagure.io/freeipa/issue/8214 #8214]
* Support OpenDNSSEC 2.1: new ods-signer protocol
[https://pagure.io/freeipa/c/fc4ccfa5c3a7ecd7c9e5539595e0440965d62336 commit]
[https://pagure.io/freeipa/issue/8214 #8214]
* With opendnssec 2, read the zone list from file
[https://pagure.io/freeipa/c/6cb3b11a61d5b9b7df93130188c7feef83398090 commit]
[https://pagure.io/freeipa/issue/8214 #8214]
* Remove the <Interval> from opendnssec conf
[https://pagure.io/freeipa/c/5716c3b78f43391d2ab7b4b1fd672135f3b55bdb commit]
[https://pagure.io/freeipa/issue/8214 #8214]
* Support opendnssec 2.1.6
[https://pagure.io/freeipa/c/23993f58e1da98e537b03b9274d91308cbc63a6c commit]
[https://pagure.io/freeipa/issue/8214 #8214]
* selinux policy: add the right context for
org.freeipa.server.trust-enable-agent
[https://pagure.io/freeipa/c/df0df14bf31dba5800747aa08824b24b8be41eab commit]
[https://pagure.io/freeipa/issue/7600 #7600]
* ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg missing
[https://pagure.io/freeipa/c/21c923c4cf21f30f20ec4b21c488db6f6fa92b67 commit]
[https://pagure.io/freeipa/issue/7600 #7600]
* ipatests: fix TestSubCAkeyReplication
[https://pagure.io/freeipa/c/c444f7a35ada0dcb4f565557b7c71f3644fdd446
commit] * ipatests: add test for ipa-adtrust-install --add-agents
[https://pagure.io/freeipa/c/4afd6e5e07061dde6e30b5352668bdf23cd6dedd
commit] [https://pagure.io/freeipa/issue/7600 #7600]
* ipa-adtrust-install: run remote configuration for new agents
[https://pagure.io/freeipa/c/5edc674e7262ce4506c40b8c066207f9e5f55c33 commit]
[https://pagure.io/freeipa/issue/7600 #7600]
* Privilege: add a helper checking if a principal has a given privilege
[https://pagure.io/freeipa/c/66154f8bf79584b8fa6792e3d2ca534900dfa481 commit]
[https://pagure.io/freeipa/issue/7600 #7600]
* Part2: Don't fully quality the FQDN in ssbrowser.html for Chrome
[https://pagure.io/freeipa/c/8a5bfaba83da700bed29fc82ef1d280bfabb8379 commit]
[https://pagure.io/freeipa/issue/8201 #8201]
* ipatests: fix modify_sssd_conf()
[https://pagure.io/freeipa/c/8e527507c0971ed1a8468e10246232491b1ef36c
commit] * ipatests: fix backup and restore
[https://pagure.io/freeipa/c/1b7cf51e292b917a18ec7959708cb62ceddd44b7
commit] [https://pagure.io/freeipa/issue/8170 #8170]
* AD user without override receive InternalServerError with API
[https://pagure.io/freeipa/c/4db18be5467c0b8f7633b281c724f469f907e573 commit]
[https://pagure.io/freeipa/issue/8163 #8163]
=== Fraser Tweedale (4) ===
* Do not renew externally-signed CA as self-signed
[https://pagure.io/freeipa/c/4b5513660cb73ee685e09c4f84634ac9d1fa792d commit]
[https://pagure.io/freeipa/issue/8176 #8176]
* ipatests: add test for certinstall with notBefore in the future
[https://pagure.io/freeipa/c/25310105da0540eb84b6d0ee4c30649750583703 commit]
[https://pagure.io/freeipa/issue/8142 #8142]
* Fix test regressions caused by certificate validation changes
[https://pagure.io/freeipa/c/d833b5ba607f79a495e0245722e8ccef7cefbd7a commit]
[https://pagure.io/freeipa/issue/8142 #8142]
* ipatests: assert_error: allow regexp match
[https://pagure.io/freeipa/c/44fca092ead0316084d68917032e28e5cbb20ad4 commit]
[https://pagure.io/freeipa/issue/8142 #8142]
=== Gaurav Talreja (1) ===
* Normalize test definations titles
[https://pagure.io/freeipa/c/875769c7c0a66a217a152b7c8cb064c3ceabf541
commit]
=== Isaac Boukris (2) ===
* Fix legacy S4U2Proxy in DAL v8 support
[https://pagure.io/freeipa/c/0806c1582b2f1dfaf04eb2e8fa222c190e24d818
commit] * Fix DAL v8 support
[https://pagure.io/freeipa/c/99a920cb69e213d211a6ff9622950e81c3e71c8d
commit]
=== Jayesh (3) ===
* Test for ipa-ca-install on replica
[https://pagure.io/freeipa/c/e1ff95fc618f22886b505a8dbfdfa7651e1a3b9b
commit] * Test ipa-getkeytab quiet mode, encryptons
[https://pagure.io/freeipa/c/631054a1c9aff849378278f99722a8711d6bacf3
commit] * Test if ipactl starts services stopped by systemctl
[https://pagure.io/freeipa/c/acbd90d9fb16e76964d36b3d6e8e542a30631172
commit]
=== Kaleemullah Siddiqui (1) ===
* Tests for backup-restore when pkg required is missing
[https://pagure.io/freeipa/c/3ced5532576779ee7bb2e7f15ff4b5039ba4daba commit]
[https://pagure.io/freeipa/issue/7630 #7630]
=== Mohammad Rizwan Yusuf (6) ===
* Test if getcert creates cacert file with -F option
[https://pagure.io/freeipa/c/937fb1d9518c54bf9c05bc0b7d6f43b29971eb3c commit]
[https://pagure.io/freeipa/issue/8105 #8105]
* Move wait_for_request() method to tasks.py
[https://pagure.io/freeipa/c/5d8d9198ce1ddfd44eb7c0268c397359e6239fca
commit] * Test if server installer lock Bind9 recursion
[https://pagure.io/freeipa/c/3fbbd02b0e8bc5e4f196e8d26ecfa8c989dadabb
commit] [https://pagure.io/freeipa/issue/8079 #8079]
* Add certmonger wait_for_request that uses run_command
[https://pagure.io/freeipa/c/84ae778c8731b0934e011155b668acbb97d775c2
commit] * Test if certmonger reads the token in HSM
[https://pagure.io/freeipa/c/eaf9e79c8000118317527caad4cf6aa521fd0028
commit] * Test AES SHA 256 and 384 Kerberos enctypes enabled
[https://pagure.io/freeipa/c/61577c851e81beabc65e5b96603b88e9f7ec973b
commit] [https://pagure.io/freeipa/issue/8110 #8110]
=== Rob Crittenden (7) ===
* Move execution of ipa-healthcheck to a separate function
[https://pagure.io/freeipa/c/f36b8697a1d7dcf0f698147b3791c8ed338863d7
commit] * Fix div-by-zero when svc weight is 0 for all masters in
location
[https://pagure.io/freeipa/c/12d6864b6dc30155414e2483f7634684ccc9ee3e
commit] [https://pagure.io/freeipa/issue/8135 #8135]
* Don't fully quality the FQDN in ssbrowser.html for Chrome
[https://pagure.io/freeipa/c/f356d5734662d0a20f06702353b2f10f29b9f55d commit]
[https://pagure.io/freeipa/issue/8201 #8201]
* Add tests for ipa-cacert-manage delete command
[https://pagure.io/freeipa/c/78827db1aa561613d3fb40f39525f7e8fcae2b98 commit]
[https://pagure.io/freeipa/issue/8124 #8124]
* ipa-certupdate removes all CA certs from db before adding new ones
[https://pagure.io/freeipa/c/7d81a3458c266a1e0c4baa07717aac110c435e59 commit]
[https://pagure.io/freeipa/issue/8124 #8124]
* Add delete option to ipa-cacert-manage to remove CA certificates
[https://pagure.io/freeipa/c/37f81cc566cc37a47b7d1b0d900a53273eae01ac commit]
[https://pagure.io/freeipa/issue/8124 #8124]
* Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit
[https://pagure.io/freeipa/c/3d7d58d8214f3c899c0afd1a3a6a6678f38b7b39 commit]
[https://pagure.io/freeipa/issue/8164 #8164]
=== Robbie Harwood (6) ===
* Drop support for DAL version 5.0
[https://pagure.io/freeipa/c/196350444ccab2b99e86accf7eb19ff8327a1e95
commit] * Support DAL version 8.0
[https://pagure.io/freeipa/c/089c47e212ac077dcd27bc60013d7ac7bf2270ee
commit] * Handle the removal of KRB5_KDB_FLAG_ALIAS_OK
[https://pagure.io/freeipa/c/d97cfd72721ed2f7e77f5c397a0ca7b389ea6d72
commit] * Fix several leaks in ipadb_find_principal
[https://pagure.io/freeipa/c/6bdd6b3d265ffc2f437e2a69707978758c2efdd8
commit] * Use separate variable for client fetch in kdcpolicy
[https://pagure.io/freeipa/c/01c1b270cd83ab6573dc0a502ac37d0182503c3d
commit] * Make the coding style explicit
[https://pagure.io/freeipa/c/86a8d9480aa402f885c72ccbcfeeb2bac488f268
commit]
=== Stanislav Levin (24) ===
* spec: Take the ownership over '/usr/libexec/ipa/custodia'
[https://pagure.io/freeipa/c/5df2f5d856f15c6283644a00004fad5873eb1671
commit] * Azure: Report elapsed time
[https://pagure.io/freeipa/c/8fd1eacfb5c49738f9a26124cfa7a2423244637b
commit] * Azure: Rebalance tests
[https://pagure.io/freeipa/c/1fe5c04cdd2f5f998f92debc7f3f46f2807ddc88
commit] * Azure: Skip tests requiring external DNS
[https://pagure.io/freeipa/c/ec21ecc5c6677f9e87fc8ffa5652645469865230
commit] * Azure: Free Docker resources after usage
[https://pagure.io/freeipa/c/4b2cdeef29094dd6b3e4f485993ad5f69c8d84b5
commit] * Azure: Preliminary check for provided limits
[https://pagure.io/freeipa/c/4e6e0c88bb2831b65c1a5a6f1f4a7f09c0b112cf
commit] * Azure: Sync Gating definitions to current PR-CI
[https://pagure.io/freeipa/c/0fbdb1357ca3e861bba14d21ceb6e2a6e753a14c
commit] * pylint: Run Pylint over Azure Python scripts
[https://pagure.io/freeipa/c/3fff86757cfc7a78db33801e3c75e208b01660f7
commit] [https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Add support for testing multi IPA environments
[https://pagure.io/freeipa/c/245a9dc93f086b685b09984ea4a3395b93fd5789 commit]
[https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Don't collect twice systemd_journal.log
[https://pagure.io/freeipa/c/685d902ca4cf10c8c440036016c2dd3e05d76222 commit]
[https://pagure.io/freeipa/issue/8202 #8202]
* yamllint: Lint all the YAML files
[https://pagure.io/freeipa/c/2988f5f30c9379f8ac7cbfc56af382f2779479cf commit]
[https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Make it possible to configure distro-specific stuff
[https://pagure.io/freeipa/c/198cd506592c8dc078e7956a42d0d4e0342cf86d commit]
[https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Allow to run integration tests
[https://pagure.io/freeipa/c/d33b7d61fc8e012ecfd0354a6d3431301a66d768 commit]
[https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Allow SSH for Docker environments
[https://pagure.io/freeipa/c/6a6e3f2339c5773f051aaea08922f6853ef5942d commit]
[https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Allow to not provide tests to be ignored
[https://pagure.io/freeipa/c/11d145300dcd1b9b986f259efa57eddcca9b2e32 commit]
[https://pagure.io/freeipa/issue/8202 #8202]
* ipatests: Allow zero-length arguments
[https://pagure.io/freeipa/c/c35c066a6d7b7a493e22a4af3043d5d2a72133d4 commit]
[https://pagure.io/freeipa/issue/8173 #8173]
* lint: Make Pylint-2.4 happy again
[https://pagure.io/freeipa/c/44a59ff39a3f481e90043e546c892c9108231d67 commit]
[https://pagure.io/freeipa/issue/8116 #8116]
* pylint: Clean up comment
[https://pagure.io/freeipa/c/6f48848562f4e9ab9584154fd85e6ad1ac331ecd commit]
[https://pagure.io/freeipa/issue/8116 #8116]
* pylint: Synchronize pylint plugin to ipatests code
[https://pagure.io/freeipa/c/3460db4ee7c7ce6c9a639a644a39c4df09ce31ac commit]
[https://pagure.io/freeipa/issue/8116 #8116]
* pylint: Teach Pylint how to handle request.context
[https://pagure.io/freeipa/c/5939c90752db9da1adaf8c0bfe6bec3d6c1e2ad6 commit]
[https://pagure.io/freeipa/issue/8116 #8116]
* ipatests: Properly kill gpg-agent
[https://pagure.io/freeipa/c/294694ad69fa909e2f699cb2dad0f36b966a246f commit]
[https://pagure.io/freeipa/issue/7989 #7989]
* pytest: Warn about unittest/nose/xunit tests
[https://pagure.io/freeipa/c/3659b46d6aeea06b4875860ec69a9215afcbdd91 commit]
[https://pagure.io/freeipa/issue/7989 #7989]
* pytest: Migrate unittest/nose to Pytest fixtures
[https://pagure.io/freeipa/c/356f907fc255ab3a9f93ff2808646b92a6652aec commit]
[https://pagure.io/freeipa/issue/7989 #7989]
* pytest: Migrate xunit-style setups to Pytest fixtures
[https://pagure.io/freeipa/c/87bc31464b6133af9befd412af54403665c22628 commit]
[https://pagure.io/freeipa/issue/7989 #7989]
=== Sergey Orlov (9) ===
* ipatests: add test for SSSD updating expired cache items
[https://pagure.io/freeipa/c/40fd96f27d2512212ac99fff9ace0fef1f5a57d4
commit] * ipatests: provide docstrings instead of imporperly placed
comments
[https://pagure.io/freeipa/c/1d416a5a5ceaaf3fff9df423cea9114f1918aad2
commit] * ipatests: remove invalid parameter from sssd.conf
[https://pagure.io/freeipa/c/a1695722125674204b6e880b6ac652d78b783c88
commit] [https://pagure.io/freeipa/issue/8219 #8219]
* ipatests: use remote_sssd_config to modify sssd.conf
[https://pagure.io/freeipa/c/32584ed34f466e8f474e22d778e3e964d0fcd2c4 commit]
[https://pagure.io/freeipa/issue/8219 #8219]
* ipatests: replace utility for editing sssd.conf
[https://pagure.io/freeipa/c/5ff9b6e2a506c3ef1179655ae2d2e479005ec99e commit]
[https://pagure.io/freeipa/issue/8219 #8219]
* ipatests: update docstring to reflect changes in
FileBackup.restore()
[https://pagure.io/freeipa/c/9cb8984112ff31721b71dcdd4febcc23c2641691
commit] * ipatests: add test_trust suite to nightly runs
[https://pagure.io/freeipa/c/0ff0ab85a8b1d90fb94e09bdbb3e9eeeb11d191a
commit] * ipatests: add check for output contents of ipa-client-samba
[https://pagure.io/freeipa/c/577dd1e47a092cf7e4527707111d28297bb58f53
commit] [https://pagure.io/freeipa/issue/8149 #8149]
* ipatests: add test_winsyncmigrate suite to nightly runs
[https://pagure.io/freeipa/c/72e1b135b3862a16df4e8b5a1a7c2bbfcd5b08c9
commit]
=== Sumedh Sidhaye (1) ===
* Added a test to check if ipa host-find --pkey-only does not return SSH public
key [https://pagure.io/freeipa/c/2cd67d5a9a22c009f050e493d4b3e2882dbfd81f
commit] [https://pagure.io/freeipa/issue/8029 #8029]
=== Serhii Tsymbaliuk (2) ===
* WebUI tests: Fix broken reference to parent facet in table record check
[https://pagure.io/freeipa/c/4e1d27c22a90d579a9019829f8ffd0bed51c2e5f commit]
[https://pagure.io/freeipa/issue/8157 #8157]
* WebUI tests: Fix 'Button is not displayed' exception
[https://pagure.io/freeipa/c/664eed7d0885791a3b16ad082d56f9a14682673e commit]
[https://pagure.io/freeipa/issue/8169 #8169]
=== sumenon (3) ===
* ipatests: check that ipa-healthcheck warns if no dna range is set
[https://pagure.io/freeipa/c/59bd2fec85a49ff75fbcad05cfd5a641a67c5d56
commit] * Nightly definition for ipa-healthcheck tool
[https://pagure.io/freeipa/c/7a45cd179f846920ffa91df7f28f21e7de09f328
commit] * Tier-1 test for ipa-healthcheck tool
[https://pagure.io/freeipa/c/a6dae4843c2fbaba984bf6bd3add6e2b62b1f59f
commit]
=== Thomas Woerner (2) ===
* ipaserver/plugins/hbacrule: Add HBAC to memberservice_hbacsvc*
labels
[https://pagure.io/freeipa/c/8b5dc6a29e5e1893f9ec864bdde1f769ad6efc39
commit] * DNS install check: Fix overlapping DNS zone from the master
itself
[https://pagure.io/freeipa/c/2c2cef7063315766d893b275185b422be3f3c019
commit] [https://pagure.io/freeipa/issue/8150 #8150]
=== Vit Mojzis (3) ===
* selinux: Remove obsolete memcached access
[https://pagure.io/freeipa/c/96565414b3fd1e2c946b21f205a3ac3c4b5bad0c
commit] * selinux: move BUILD_SELINUX_POLICY definition
[https://pagure.io/freeipa/c/bb6a5a5d9f850bde9b8d81c2dd51d41263c22cd4
commit] * Add freeipa-selinux subpackage
[https://pagure.io/freeipa/c/4ca100999b691c22ff63154edd32af0e8040ef1f
commit]
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-devel mailing list -- freeipa-de...@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-de...@lists.fedorahosted.org
