[Freeipa-devel] [freeipa PR#945][opened] DNS update: reduce timeout for CA records
URL: https://github.com/freeipa/freeipa/pull/945 Author: MartinBasti Title: #945: DNS update: reduce timeout for CA records Action: opened PR body: """ Timeout 120 seconds is quite long and it makes uninstallation too long for. Given that this is non critical operation and may be executed manually later, waiting 120 seconds is too much. Usually waiting longer will not help at all to resolve missing record. 30 seconds is long enough """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/945/head:pr945 git checkout pr945 From abbad9d68880c635482e8c6df7ff17348a412d79 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Fri, 28 Jul 2017 15:43:16 +0200 Subject: [PATCH] DNS update: reduce timeout for CA records MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Timeout 120 seconds is quite long and it makes uninstallation too long for. Given that this is non critical operation and may be executed manually later, waiting 120 seconds is too much. Usually waiting longer will not help at all to resolve missing record. 30 seconds is long enough --- ipaserver/dns_data_management.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py index 9965028ce0..bdf83de0cd 100644 --- a/ipaserver/dns_data_management.py +++ b/ipaserver/dns_data_management.py @@ -55,6 +55,8 @@ (DNSName("_ntp._udp"), 123), ) +CA_RECORDS_DNS_TIMEOUT = 30 # timeout in seconds + class IPADomainIsNotManagedByIPAError(Exception): pass @@ -134,7 +136,7 @@ def __add_ca_records_from_hostname(self, zone_obj, hostname): assert isinstance(hostname, DNSName) and hostname.is_absolute() r_name = DNSName('ipa-ca') + self.domain_abs rrsets = [] -end_time = time() + 120 # timeout in seconds +end_time = time() + CA_RECORDS_DNS_TIMEOUT while time() < end_time: try: rrsets = resolve_rrsets(hostname, (rdatatype.A, rdatatype.)) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#839][closed] Use standard Python logging
URL: https://github.com/freeipa/freeipa/pull/839 Author: HonzaCholasta Title: #839: Use standard Python logging Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/839/head:pr839 git checkout pr839 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#916][opened] Py3 adtrust
URL: https://github.com/freeipa/freeipa/pull/916 Author: MartinBasti Title: #916: Py3 adtrust Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/916/head:pr916 git checkout pr916 From ac8b251b9b0c60f300ebd1afcd04b5adf8cbf55a Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Wed, 12 Jul 2017 17:29:30 +0200 Subject: [PATCH 1/2] py3: set samba dependencies Set proper python3 dependencies for samba package https://pagure.io/freeipa/issue/4985 --- freeipa.spec.in | 14 +++--- ipaserver/dcerpc.py | 3 --- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 72ce4ccc2c..0a56a038e6 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -208,8 +208,7 @@ BuildRequires: python2-jinja2 BuildRequires: python2-augeas %if 0%{?with_python3} -# FIXME: this depedency is missing - server will not work -#BuildRequires: python3-samba +BuildRequires: python3-samba # 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199) BuildRequires: python3-cryptography >= 1.6 BuildRequires: python3-gssapi >= 1.2.0 @@ -470,12 +469,21 @@ Summary: Virtual package to install packages required for Active Directory trust Group: System Environment/Base Requires: %{name}-server = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} -Requires: samba-python + Requires: samba >= %{samba_version} Requires: samba-winbind Requires: libsss_idmap + +%if 0%{?with_python3} +Requires: python3-samba +Requires: python3-libsss_nss_idmap +Requires: python3-sss +%endif # with_python3 +# FIXME: put else here when py3 porting is done +Requires: samba-python Requires: python-libsss_nss_idmap Requires: python-sss + # We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5 # on the installes where server-trust-ad subpackage is installed because # IPA AD trusts cannot be used at the same time with the locator plugin diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index d684a17cab..8b259ea595 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -37,8 +37,6 @@ import struct import random -# TODO: Remove pylint disable when Python 3 bindings are available. -# pylint: disable=import-error from samba import param from samba import credentials from samba.dcerpc import security, lsa, drsblobs, nbt, netlogon @@ -46,7 +44,6 @@ from samba import net from samba import arcfour_encrypt import samba -# pylint: enable=import-error import ldap as _ldap from ipapython import ipaldap From 0ca6e06952c3dc1ddc16b4d02c603525a069251e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 13 Jul 2017 13:02:30 +0200 Subject: [PATCH 2/2] py3: ipa-adtrust-install under py3 by default ipa-adtrust-install works under py3 https://pagure.io/freeipa/issue/4985 --- freeipa.spec.in | 1 + 1 file changed, 1 insertion(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 0a56a038e6..2e92166a1b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -878,6 +878,7 @@ find \ # TODO: workaround: some scripts are copied over, so the are always py2. # We have to explicitly set python3 here for ported files here PY3_SUBST_PATHS=' +install/tools/ipa-adtrust-install install/tools/ipa-backup install/tools/ipa-compat-manage install/tools/ipa-dns-install ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#914][opened] baseldap: fix format string
URL: https://github.com/freeipa/freeipa/pull/914 Author: MartinBasti Title: #914: baseldap: fix format string Action: opened PR body: """ Fixes missing type specification in format string. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/914/head:pr914 git checkout pr914 From 1e36f5c6786f2f2b88712d73e987d22ffd577c9a Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Wed, 12 Jul 2017 16:22:05 +0200 Subject: [PATCH] baseldap: fix format string Fixes missing type specification in format string. --- ipaserver/plugins/baseldap.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py index a6fc88b591..47bd184278 100644 --- a/ipaserver/plugins/baseldap.py +++ b/ipaserver/plugins/baseldap.py @@ -2406,7 +2406,7 @@ def exc_callback(self, keys, options, exc, call_func, *call_args, class BaseLDAPAddAttribute(BaseLDAPModAttribute): -msg_summary = _('added attribute value to entry %(value)') +msg_summary = _('added attribute value to entry %(value)s') def _update_attrs(self, update, entry_attrs): for name, value in entry_attrs.items(): @@ -2422,7 +2422,7 @@ def _update_attrs(self, update, entry_attrs): class BaseLDAPRemoveAttribute(BaseLDAPModAttribute): -msg_summary = _('removed attribute values from entry %(value)') +msg_summary = _('removed attribute values from entry %(value)s') def _update_attrs(self, update, entry_attrs): for name, value in entry_attrs.items(): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#913][closed] Passdb privates for ipa-4-5
URL: https://github.com/freeipa/freeipa/pull/913 Author: abbra Title: #913: Passdb privates for ipa-4-5 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/913/head:pr913 git checkout pr913 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#901][closed] Passdb private state
URL: https://github.com/freeipa/freeipa/pull/901 Author: abbra Title: #901: Passdb private state Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/901/head:pr901 git checkout pr901 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#909][opened] IPAOptionParser: fix dict comprehension
URL: https://github.com/freeipa/freeipa/pull/909 Author: MartinBasti Title: #909: IPAOptionParser: fix dict comprehension Action: opened PR body: """ The statement can be simplified and be more resources friendly """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/909/head:pr909 git checkout pr909 From eea18338ac36c3d4a9d44fe671d47eafd15f936d Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Mon, 10 Jul 2017 14:54:10 +0200 Subject: [PATCH] IPAOptionParser: fix dict comprehension The statement can be simplified and be more resources friendly --- ipapython/config.py | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ipapython/config.py b/ipapython/config.py index 19abfc51ee..6e53472e08 100644 --- a/ipapython/config.py +++ b/ipapython/config.py @@ -114,7 +114,10 @@ def get_safe_opts(self, opts): Returns all options except those with sensitive=True in the same fashion as parse_args would """ -all_opts_dict = dict([ (o.dest, o) for o in self._get_all_options() if hasattr(o, 'sensitive') ]) +all_opts_dict = { +o.dest: o for o in self._get_all_options() +if hasattr(o, 'sensitive') +} safe_opts_dict = {} for option, value in opts.__dict__.items(): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#886][closed] *config-show: do not show empty roles/attributes
URL: https://github.com/freeipa/freeipa/pull/886 Author: martbab Title: #886: *config-show: do not show empty roles/attributes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/886/head:pr886 git checkout pr886 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#864][closed] Create indexes for 'serverhostname' attribute
URL: https://github.com/freeipa/freeipa/pull/864 Author: Tiboris Title: #864: Create indexes for 'serverhostname' attribute Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/864/head:pr864 git checkout pr864 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#492][closed] config: remove meaningless defaults
URL: https://github.com/freeipa/freeipa/pull/492 Author: HonzaCholasta Title: #492: config: remove meaningless defaults Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/492/head:pr492 git checkout pr492 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#893][closed] smard card advises fixes + general improvements
URL: https://github.com/freeipa/freeipa/pull/893 Author: martbab Title: #893: smard card advises fixes + general improvements Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/893/head:pr893 git checkout pr893 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#882][closed] Py3 fixes
URL: https://github.com/freeipa/freeipa/pull/882 Author: MartinBasti Title: #882: Py3 fixes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/882/head:pr882 git checkout pr882 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#896][closed] [py3] wsgi fixes
URL: https://github.com/freeipa/freeipa/pull/896 Author: stlaz Title: #896: [py3] wsgi fixes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/896/head:pr896 git checkout pr896 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#898][opened] py3: ipa-dnskeysyncd: fix bytes issues
URL: https://github.com/freeipa/freeipa/pull/898 Author: MartinBasti Title: #898: py3: ipa-dnskeysyncd: fix bytes issues Action: opened PR body: """ LDAP client returns values as bytes, thus ipa-dnskeysyncd must work with bytes properly. https://pagure.io/freeipa/issue/4985 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/898/head:pr898 git checkout pr898 From e1205de4ff16b796529b581f38a8a66a82b27504 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Mon, 26 Jun 2017 14:23:44 +0200 Subject: [PATCH] py3: ipa-dnskeysyncd: fix bytes issues LDAP client returns values as bytes, thus ipa-dnskeysyncd must work with bytes properly. https://pagure.io/freeipa/issue/4985 --- ipaserver/dnssec/keysyncer.py | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/ipaserver/dnssec/keysyncer.py b/ipaserver/dnssec/keysyncer.py index a8dc92354e..c3a382ec20 100644 --- a/ipaserver/dnssec/keysyncer.py +++ b/ipaserver/dnssec/keysyncer.py @@ -42,7 +42,7 @@ def _get_objclass(self, attrs): Given set of attributes has to have exactly one supported object class. """ -supported_objclasses = set(['idnszone', 'idnsseckey', 'ipk11publickey']) +supported_objclasses = {b'idnszone', b'idnsseckey', b'ipk11publickey'} present_objclasses = set([o.lower() for o in attrs[OBJCLASS_ATTR]]).intersection(supported_objclasses) assert len(present_objclasses) == 1, attrs[OBJCLASS_ATTR] return present_objclasses.pop() @@ -64,31 +64,31 @@ def __is_replica_pubkey(self, attrs): vals = attrs.get('ipk11label', []) if len(vals) != 1: return False -return vals[0].startswith('dnssec-replica:') +return vals[0].startswith(b'dnssec-replica:') def application_add(self, uuid, dn, newattrs): objclass = self._get_objclass(newattrs) -if objclass == 'idnszone': +if objclass == b'idnszone': self.zone_add(uuid, dn, newattrs) -elif objclass == 'idnsseckey': +elif objclass == b'idnsseckey': self.key_meta_add(uuid, dn, newattrs) -elif objclass == 'ipk11publickey' and \ +elif objclass == b'ipk11publickey' and \ self.__is_replica_pubkey(newattrs): self.hsm_master_sync() def application_del(self, uuid, dn, oldattrs): objclass = self._get_objclass(oldattrs) -if objclass == 'idnszone': +if objclass == b'idnszone': self.zone_del(uuid, dn, oldattrs) -elif objclass == 'idnsseckey': +elif objclass == b'idnsseckey': self.key_meta_del(uuid, dn, oldattrs) -elif objclass == 'ipk11publickey' and \ +elif objclass == b'ipk11publickey' and \ self.__is_replica_pubkey(oldattrs): self.hsm_master_sync() def application_sync(self, uuid, dn, newattrs, oldattrs): objclass = self._get_objclass(oldattrs) -if objclass == 'idnszone': +if objclass == b'idnszone': olddn = ldap.dn.str2dn(oldattrs['dn']) newdn = ldap.dn.str2dn(newattrs['dn']) assert olddn == newdn, 'modrdn operation is not supported' @@ -101,10 +101,10 @@ def application_sync(self, uuid, dn, newattrs, oldattrs): else: self.zone_del(uuid, olddn, oldattrs) -elif objclass == 'idnsseckey': +elif objclass == b'idnsseckey': self.key_metadata_sync(uuid, dn, oldattrs, newattrs) -elif objclass == 'ipk11publickey' and \ +elif objclass == b'ipk11publickey' and \ self.__is_replica_pubkey(newattrs): self.hsm_master_sync() ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#890][closed] Make sure we check ccaches in all rpcserver paths
URL: https://github.com/freeipa/freeipa/pull/890 Author: simo5 Title: #890: Make sure we check ccaches in all rpcserver paths Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/890/head:pr890 git checkout pr890 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#883][closed] Travis: check for BytesWarnings in httpd error_log
URL: https://github.com/freeipa/freeipa/pull/883 Author: MartinBasti Title: #883: Travis: check for BytesWarnings in httpd error_log Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/883/head:pr883 git checkout pr883 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#888][opened] Make py3 default for ported scripts
URL: https://github.com/freeipa/freeipa/pull/888 Author: MartinBasti Title: #888: Make py3 default for ported scripts Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/888/head:pr888 git checkout pr888 From a514972310b480671030df42dd2b4dcecbdac2e1 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Wed, 21 Jun 2017 17:08:18 +0200 Subject: [PATCH 1/2] py3: temporary set dependencies to both py2 and py3 packages We are slowly migrating python scripts to py3 and setting py3 as default for them. Thus we need to depend on both py2 and py3 packages until everything is migrated. https://pagure.io/freeipa/issue/4985 --- freeipa.spec.in | 9 + 1 file changed, 9 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 9fbe5ad006..8bb8ee57d2 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -277,6 +277,9 @@ Group: System Environment/Base Requires: %{name}-server-common = %{version}-%{release} Requires: %{name}-client = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} +%if 0%{?with_python3} +Requires: python3-ipaserver = %{version}-%{release} +%endif Requires: python2-ipaserver = %{version}-%{release} Requires: 389-ds-base >= 1.3.5.14 Requires: openldap-clients > 2.4.35-4 @@ -499,6 +502,9 @@ Summary: IPA authentication for use on clients Group: System Environment/Base Requires: %{name}-client-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} +%if 0%{?with_python3} +Requires: python3-ipaclient = %{version}-%{release} +%endif Requires: python2-ipaclient = %{version}-%{release} Requires: python-ldap Requires: cyrus-sasl-gssapi%{?_isa} @@ -618,6 +624,9 @@ BuildArch: noarch Obsoletes: %{name}-python < 4.2.91 Provides: %{name}-python = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} +%if 0%{?with_python3} +Requires: python3-ipalib = %{version}-%{release} +%endif Requires: python2-ipalib = %{version}-%{release} Provides: %{alt_name}-python-compat = %{version} From 0e27d70cd23a9b8f88eb351d27b006197e93334a Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 21 Jun 2017 17:59:57 +0200 Subject: [PATCH 2/2] py3: run already ported scripts under py3 by default To prevent regressions in py3, all ported scripts should be run by py3 by default. This is temporary and will be removed once porting to py3 is done https://pagure.io/freeipa/issue/4985 --- freeipa.spec.in | 18 ++ 1 file changed, 18 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 8bb8ee57d2..ed9a60a6df 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -864,6 +864,24 @@ find \ ! -name '*.pyo' -a \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \; + +%if 0%{?with_python3} +# TODO: temporary solution until all scripts are ported to python3, +# TODO: workaround: some scripts are copied over, so the are always py2. +# We have to explicitly set python3 here for ported files here +PY3_SUBST_PATHS=' +install/tools/ipa-backup +install/tools/ipa-compat-manage +install/tools/ipa-managed-entries +install/tools/ipa-nis-manage +install/tools/ipactl +' +for P in $PY3_SUBST_PATHS; do +sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' $P +done; + +%endif # with_python3 + %configure --with-vendor-suffix=-%{release} \ %{enable_server_option} \ %{with_ipatests_option} \ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#875][comment] Fix ip address checks
URL: https://github.com/freeipa/freeipa/pull/875 Title: #875: Fix ip address checks MartinBasti commented: """ Rebased in #881 """ See the full comment at https://github.com/freeipa/freeipa/pull/875#issuecomment-309712146 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#439][-WIP] Testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Title: #439: Testing both py2/py3 in travis Label: -WIP ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#881][opened] [4.5] fix ip address checks
URL: https://github.com/freeipa/freeipa/pull/881 Author: MartinBasti Title: #881: [4.5] fix ip address checks Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/881/head:pr881 git checkout pr881 From 110b8c09454da75043948952cb0cc48f4756d360 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Tue, 13 Jun 2017 17:03:30 +0200 Subject: [PATCH 1/7] Fix local IP address validation Previously bf9886a84393d1d1546db7e49b102e08a16a83e7 match_local has undesirable side effect that CheckedIPAddress object has set self._net from local interface. However with the recent changes, match_local is usually set to False, thus this side effect stops happening and default mask per address class is used. This causes validation error because mask on interface and mask used for provided IP addresses differ (reporducible only with classless masks). FreeIPA should compare only IP addresses with local addresses without masks https://pagure.io/freeipa/issue/4317 --- ipapython/ipautil.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index a277ed8747..647ee833ae 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -216,10 +216,10 @@ def get_matching_interface(self): addr=ifaddr, netmask=ifdata['netmask'] )) -if ifnet == self._net or ( -self._net is None and ifnet.ip == self): -self._net = ifnet + +if ifnet.ip == self: iface = interface +self._net = ifnet break return iface From 3eb681b61cf51ab707db42f8ed99bfe34a0320c4 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 14 Jun 2017 14:45:03 +0200 Subject: [PATCH 2/7] ipa-dns-install: remove check for local ip address This check was forgotten and will be removed now. https://pagure.io/freeipa/issue/4317 --- install/tools/ipa-dns-install | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 5bd0ba6d77..cb6c5d887f 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -47,7 +47,9 @@ def parse_options(): default=False, help="print debugging information") parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS", default=[], action="append", - type="ip", ip_local=True, help="Master Server IP Address. This option can be used multiple times") + type="ip", + help="Master Server IP Address. This option can be used " + "multiple times") parser.add_option("--forwarder", dest="forwarders", action="append", type="ip", help="Add a DNS forwarder. This option can be used multiple times") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", From e07e6664308a198064f0e16c1c8c135c3e9caa4f Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 14 Jun 2017 14:47:23 +0200 Subject: [PATCH 3/7] refactor CheckedIPAddress class Make methods without side effects (setting mask) https://pagure.io/freeipa/issue/4317 --- ipapython/ipautil.py | 29 ++--- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 647ee833ae..2c020e3ecb 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -62,6 +62,12 @@ socket.SOCK_DGRAM: 'udp' } +InterfaceDetails = collections.namedtuple( +'InterfaceDetails', [ +'name', # interface name +'ifnet' # network details of interface +]) + class UnsafeIPAddress(netaddr.IPAddress): """Any valid IP address with or without netmask.""" @@ -161,9 +167,12 @@ def __init__(self, addr, match_local=False, parse_netmask=True, raise ValueError("cannot use multicast IP address {}".format(addr)) if match_local: -if not self.get_matching_interface(): +intf_details = self.get_matching_interface() +if not intf_details: raise ValueError('no network interface matches the IP address ' 'and netmask {}'.format(addr)) +else: +self.set_ip_net(intf_details.ifnet) if self._net is None: if self.version == 4: @@ -193,7 +202,8 @@ def is_broadcast_addr(self): def get_matching_interface(self): """Find matching local interface for address -:return: Interface name or None if no interface has this address +:return: InterfaceDetails named tuple or None if no interface has +this address """ if
[Freeipa-devel] [freeipa PR#875][comment] Fix ip address checks
URL: https://github.com/freeipa/freeipa/pull/875 Title: #875: Fix ip address checks MartinBasti commented: """ @dkupka it is not aim of this PR to fix what you mentioned. """ See the full comment at https://github.com/freeipa/freeipa/pull/875#issuecomment-309666594 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#439][synchronized] Testing both py2/py3 in travis
URL: https://github.com/freeipa/freeipa/pull/439 Author: MartinBasti Title: #439: Testing both py2/py3 in travis Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/439/head:pr439 git checkout pr439 From f5afc91e05487e3b786feeb94f894c6d53f79169 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Tue, 7 Feb 2017 14:56:39 +0100 Subject: [PATCH 1/3] Build: allow to build only py2 rpms for fedora This is more or less for testing purposes of py2/py3 compatibility --- BUILD.txt | 5 + Makefile.am | 4 ++-- freeipa.spec.in | 4 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/BUILD.txt b/BUILD.txt index 7901d0748c..1729daebf5 100644 --- a/BUILD.txt +++ b/BUILD.txt @@ -36,6 +36,11 @@ It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. +To build only python2 packages on fedora following steps are required: +$ autoreconf -i +$ ./configure +$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" + Developing plugins -- diff --git a/Makefile.am b/Makefile.am index cbe4f2df49..972e260012 100644 --- a/Makefile.am +++ b/Makefile.am @@ -122,7 +122,7 @@ rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version @@ -131,7 +131,7 @@ srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep - rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec + rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version diff --git a/freeipa.spec.in b/freeipa.spec.in index 72f79c9f35..6c57cbe9e4 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -17,11 +17,15 @@ %global with_ipatests_option --without-ipatests %endif +%if 0%{?with_python3:1} +# with_python3 already defined +%else %if 0%{?rhel} %global with_python3 0 %else %global with_python3 1 %endif +%endif # lint is not executed during rpmbuild # %%global with_lint 1 From ff8b98d1401a5f7fb9463e3ff1a53b77f2330d5b Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 7 Feb 2017 17:23:54 +0100 Subject: [PATCH 2/3] Travis: build only py2 packages for py2 testing We will testing both py2 and py3 packages, first step is use only py2 builds for testing py2 packages --- .travis.yml | 2 ++ .travis_run_task.sh | 10 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c275cdca5d..62578d3e41 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,8 +17,10 @@ env: matrix: - TASK_TO_RUN="lint" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py" - TASK_TO_RUN="run-tests" + PYTHON=/usr/bin/python2 TESTS_TO_RUN="test_cmdline test_install test_ipaclient diff --git a/.travis_run_task.sh b/.travis_run_task.sh index 7d050b0b6f..540c883d83 100755 --- a/.travis_run_task.sh +++ b/.travis_run_task.sh @@ -4,10 +4,17 @@ # # NOTE: this script is intended to run in Travis CI only -PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}" test_set="" developer_mode_opt="--developer-mode" +if [[ $PYTHON == "/usr/bin/python2" ]] +then +env_opt="--define 'with_python3 0'" +else +env_opt="" +fi + + function truncate_log_to_test_failures() { # chop off everything in the CI_RESULTS_LOG preceding pytest error output # if there are pytest errors in the log @@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \ -c $TEST_RUNNER_CONFIG \ $developer_mode_opt \ --container-environment "PYTHON=$PYTHON" \ +--container-environment "RPMBUILD_OPTS=$env_opt" \ --container-image $TEST_RUNNER_IMAGE \ --git-repo $TRAVIS_BUILD_DIR \ $TASK_TO_RUN $test_set From 2a3df10e7298374ae50cad2fef73be48574043df Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 7 Feb 2017 18:29:08 +0100 Subject: [PATCH 3/3] Travis: enable temporal Py3 testing This testconfig is temporal until all plugins are migrated into py3. After that this temporal config file will be removed and used only the previous one again --- .test_runner_config_py3_temp.yaml | 60 ++ .travis.yml | 90 ++- 2 files
[Freeipa-devel] [freeipa PR#872][comment] Add IPA-specific bind unit file
URL: https://github.com/freeipa/freeipa/pull/872 Title: #872: Add IPA-specific bind unit file MartinBasti commented: """ I checked BZ, this may not be worth fixing as those fails are just during upgrade but at the end named is working. For sure this huge change cannot go to ipa-4-4 or ipa-4-5 """ See the full comment at https://github.com/freeipa/freeipa/pull/872#issuecomment-309485173 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#876][synchronized] python-netifaces: update to reflect upstream changes
URL: https://github.com/freeipa/freeipa/pull/876 Author: MartinBasti Title: #876: python-netifaces: update to reflect upstream changes Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/876/head:pr876 git checkout pr876 From 42b125584a50672e5536c6e66830f1cff685b127 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Fri, 16 Jun 2017 13:42:53 +0200 Subject: [PATCH] python-netifaces: update to reflect upstream changes python-netifaces now provides IPv6 netmask in format mask/prefix. It breaks freeipa as it is unexpected format for python-netaddr. We must split netmask and provide only prefix for netaddr. https://pagure.io/freeipa/issue/7021 --- ipapython/ipautil.py | 17 ++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index a277ed8747..f214ccbbc2 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -195,6 +195,7 @@ def get_matching_interface(self): """Find matching local interface for address :return: Interface name or None if no interface has this address """ +root_logger.debug("Searching for an interface of IP address: %s", self) if self.version == 4: family = netifaces.AF_INET elif self.version == 6: @@ -212,10 +213,20 @@ def get_matching_interface(self): # errors in IPNetwork ifaddr = ifdata['addr'].split(u'%', 1)[0] -ifnet = netaddr.IPNetwork('{addr}/{netmask}'.format( +# newer versions of netifaces provide IPv6 netmask in format +# ':::::/64'. We have to split and use prefix +# or the netmask with older versions +ifmask = ifdata['netmask'].split(u'/')[-1] + +ifaddrmask = '{addr}/{netmask}'.format( addr=ifaddr, -netmask=ifdata['netmask'] -)) +netmask=ifmask +) +root_logger.debug( +"Testing local IP address: %s (interface: %s)", +ifaddrmask, interface) + +ifnet = netaddr.IPNetwork(ifaddrmask) if ifnet == self._net or ( self._net is None and ifnet.ip == self): self._net = ifnet ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#876][comment] python-netifaces: update to reflect upstream changes
URL: https://github.com/freeipa/freeipa/pull/876 Title: #876: python-netifaces: update to reflect upstream changes MartinBasti commented: """ @martbab should work with both versions, I don't want to bump requires for this @pvoborni It could, I'll update PR """ See the full comment at https://github.com/freeipa/freeipa/pull/876#issuecomment-309011126 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#871][comment] Add --force-join into ipa-replica-install manpage
URL: https://github.com/freeipa/freeipa/pull/871 Title: #871: Add --force-join into ipa-replica-install manpage MartinBasti commented: """ master: * 7fd2102a78f2e008f2cd5fe68e9be58ead914b35 Add --force-join into ipa-replica-install manpage """ See the full comment at https://github.com/freeipa/freeipa/pull/871#issuecomment-308709569 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#871][+pushed] Add --force-join into ipa-replica-install manpage
URL: https://github.com/freeipa/freeipa/pull/871 Title: #871: Add --force-join into ipa-replica-install manpage Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#866][comment] Add a README to certificate profile templates directory
URL: https://github.com/freeipa/freeipa/pull/866 Title: #866: Add a README to certificate profile templates directory MartinBasti commented: """ master: * d7e1ab8438b02db9250b0985be29ac3325c2d2dc Add a README to certificate profile templates directory """ See the full comment at https://github.com/freeipa/freeipa/pull/866#issuecomment-308709300 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#866][+pushed] Add a README to certificate profile templates directory
URL: https://github.com/freeipa/freeipa/pull/866 Title: #866: Add a README to certificate profile templates directory Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#866][closed] Add a README to certificate profile templates directory
URL: https://github.com/freeipa/freeipa/pull/866 Author: frasertweedale Title: #866: Add a README to certificate profile templates directory Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/866/head:pr866 git checkout pr866 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#865][comment] ipatests: do not collect systemd journal when logfile_dir is missing
URL: https://github.com/freeipa/freeipa/pull/865 Title: #865: ipatests: do not collect systemd journal when logfile_dir is missing MartinBasti commented: """ master: * 44e3496bd1a3004bc7a6497cbd212bba7910b2e3 ipatests: do not collect systemd journal when logfile_dir is missing """ See the full comment at https://github.com/freeipa/freeipa/pull/865#issuecomment-308708834 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#865][+pushed] ipatests: do not collect systemd journal when logfile_dir is missing
URL: https://github.com/freeipa/freeipa/pull/865 Title: #865: ipatests: do not collect systemd journal when logfile_dir is missing Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#862][comment] dnsserver.py: dnsserver-find no longer returns internal server error
URL: https://github.com/freeipa/freeipa/pull/862 Title: #862: dnsserver.py: dnsserver-find no longer returns internal server error MartinBasti commented: """ master: * 74d36a8af69a2946007ebd4d57c7bf0891d561db dnsserver.py: dnsserver-find no longer returns internal server error """ See the full comment at https://github.com/freeipa/freeipa/pull/862#issuecomment-308708624 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#862][+pushed] dnsserver.py: dnsserver-find no longer returns internal server error
URL: https://github.com/freeipa/freeipa/pull/862 Title: #862: dnsserver.py: dnsserver-find no longer returns internal server error Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#860][comment] adtrustinstance: fix ID range comparison
URL: https://github.com/freeipa/freeipa/pull/860 Title: #860: adtrustinstance: fix ID range comparison MartinBasti commented: """ master: * 440c61dc40353833cad3a5fc509821ce1f23757f adtrustinstance: fix ID range comparison """ See the full comment at https://github.com/freeipa/freeipa/pull/860#issuecomment-308708256 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#860][+pushed] adtrustinstance: fix ID range comparison
URL: https://github.com/freeipa/freeipa/pull/860 Title: #860: adtrustinstance: fix ID range comparison Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#860][+ack] adtrustinstance: fix ID range comparison
URL: https://github.com/freeipa/freeipa/pull/860 Title: #860: adtrustinstance: fix ID range comparison Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#865][+ack] ipatests: do not collect systemd journal when logfile_dir is missing
URL: https://github.com/freeipa/freeipa/pull/865 Title: #865: ipatests: do not collect systemd journal when logfile_dir is missing Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#862][+ack] dnsserver.py: dnsserver-find no longer returns internal server error
URL: https://github.com/freeipa/freeipa/pull/862 Title: #862: dnsserver.py: dnsserver-find no longer returns internal server error Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#875][opened] Fix ip address checks
URL: https://github.com/freeipa/freeipa/pull/875 Author: MartinBasti Title: #875: Fix ip address checks Action: opened PR body: """ Fix various checks of IP address in installers, removal of some unneeded checks that are not working correctly, and mainly causes only false positive errors. This PR also fixes regressions caused by bf9886a84393d1d1546db7e49b102e08a16a83e7 https://pagure.io/freeipa/issue/4317 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/875/head:pr875 git checkout pr875 From f342625aa0da367792cfbd5c4f1a164bf878ee8c Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Tue, 13 Jun 2017 17:03:30 +0200 Subject: [PATCH 1/7] Fix local IP address validation Previously bf9886a84393d1d1546db7e49b102e08a16a83e7 match_local has undesirable side effect that CheckedIPAddress object has set self._net from local interface. However with the recent changes, match_local is usually set to False, thus this side effect stops happening and default mask per address class is used. This causes validation error because mask on interface and mask used for provided IP addresses differ (reporducible only with classless masks). FreeIPA should compare only IP addresses with local addresses without masks https://pagure.io/freeipa/issue/4317 --- ipapython/ipautil.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index a277ed8747..647ee833ae 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -216,10 +216,10 @@ def get_matching_interface(self): addr=ifaddr, netmask=ifdata['netmask'] )) -if ifnet == self._net or ( -self._net is None and ifnet.ip == self): -self._net = ifnet + +if ifnet.ip == self: iface = interface +self._net = ifnet break return iface From 446d8fbfa0a912f993191c1447fb4f8002ea065d Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 14 Jun 2017 14:45:03 +0200 Subject: [PATCH 2/7] ipa-dns-install: remove check for local ip address This check was forgotten and will be removed now. https://pagure.io/freeipa/issue/4317 --- install/tools/ipa-dns-install | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 5bd0ba6d77..cb6c5d887f 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -47,7 +47,9 @@ def parse_options(): default=False, help="print debugging information") parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS", default=[], action="append", - type="ip", ip_local=True, help="Master Server IP Address. This option can be used multiple times") + type="ip", + help="Master Server IP Address. This option can be used " + "multiple times") parser.add_option("--forwarder", dest="forwarders", action="append", type="ip", help="Add a DNS forwarder. This option can be used multiple times") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", From 082ff655fd44b82e26b675f1a20fc4be5a3abc05 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 14 Jun 2017 14:47:23 +0200 Subject: [PATCH 3/7] refactor CheckedIPAddress class Make methods without side effects (setting mask) https://pagure.io/freeipa/issue/4317 --- ipapython/ipautil.py | 29 ++--- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 647ee833ae..2c020e3ecb 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -62,6 +62,12 @@ socket.SOCK_DGRAM: 'udp' } +InterfaceDetails = collections.namedtuple( +'InterfaceDetails', [ +'name', # interface name +'ifnet' # network details of interface +]) + class UnsafeIPAddress(netaddr.IPAddress): """Any valid IP address with or without netmask.""" @@ -161,9 +167,12 @@ def __init__(self, addr, match_local=False, parse_netmask=True, raise ValueError("cannot use multicast IP address {}".format(addr)) if match_local: -if not self.get_matching_interface(): +intf_details = self.get_matching_interface() +if not intf_details: raise ValueError('no network interface matches the IP address ' 'and netmask {}'.format(addr)) +else: +self.set_ip_net(intf_details.ifnet) if self._net is None: if self.version == 4: @@ -193,7 +202,8 @@ def is_broadcast_addr(self): def
[Freeipa-devel] [freeipa PR#842][closed] Changed ownership of ldiffile to DS_USER
URL: https://github.com/freeipa/freeipa/pull/842 Author: tscherf Title: #842: Changed ownership of ldiffile to DS_USER Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/842/head:pr842 git checkout pr842 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#842][+pushed] Changed ownership of ldiffile to DS_USER
URL: https://github.com/freeipa/freeipa/pull/842 Title: #842: Changed ownership of ldiffile to DS_USER Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#872][comment] Add IPA-specific bind unit file
URL: https://github.com/freeipa/freeipa/pull/872 Title: #872: Add IPA-specific bind unit file MartinBasti commented: """ I have a few comments: * named-pkcs11 should be masked in installer and upgrader to avoid issues when users start incorrect named service manually * please update release notes, this is a quite big change that we changed name of service """ See the full comment at https://github.com/freeipa/freeipa/pull/872#issuecomment-308362410 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#838][comment] Explicitly ask for py2 dependencies in py2 packages
URL: https://github.com/freeipa/freeipa/pull/838 Title: #838: Explicitly ask for py2 dependencies in py2 packages MartinBasti commented: """ Resolved """ See the full comment at https://github.com/freeipa/freeipa/pull/838#issuecomment-307393128 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#845][comment] ipadiscovery: Return realm as a string
URL: https://github.com/freeipa/freeipa/pull/845 Title: #845: ipadiscovery: Return realm as a string MartinBasti commented: """ LGTM, we anyway assume inside framework that everything is in utf-8 """ See the full comment at https://github.com/freeipa/freeipa/pull/845#issuecomment-307142144 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#849][+ack] session_storage: Correctly handle string/byte types
URL: https://github.com/freeipa/freeipa/pull/849 Title: #849: session_storage: Correctly handle string/byte types Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#857][closed] server.py: Removes dns-server configuration from ldap
URL: https://github.com/freeipa/freeipa/pull/857 Author: Tiboris Title: #857: server.py: Removes dns-server configuration from ldap Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/857/head:pr857 git checkout pr857 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#857][+pushed] server.py: Removes dns-server configuration from ldap
URL: https://github.com/freeipa/freeipa/pull/857 Title: #857: server.py: Removes dns-server configuration from ldap Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#857][comment] server.py: Removes dns-server configuration from ldap
URL: https://github.com/freeipa/freeipa/pull/857 Title: #857: server.py: Removes dns-server configuration from ldap MartinBasti commented: """ master: * 063211d665d02fc343952f5b158fd8d89223fbc9 server.py: Removes dns-server configuration from ldap ipa-4-5: * 005c92868ce36770ce89e87ef3cdeae62d11ece4 server.py: Removes dns-server configuration from ldap """ See the full comment at https://github.com/freeipa/freeipa/pull/857#issuecomment-307131102 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#848][closed] sssd.py: Deprecating no-sssd option.
URL: https://github.com/freeipa/freeipa/pull/848 Author: Tiboris Title: #848: sssd.py: Deprecating no-sssd option. Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/848/head:pr848 git checkout pr848 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#848][comment] sssd.py: Deprecating no-sssd option.
URL: https://github.com/freeipa/freeipa/pull/848 Title: #848: sssd.py: Deprecating no-sssd option. MartinBasti commented: """ master: * dfc271fdf4514481c11c342fabda135feeb44de6 sssd.py: Deprecating no-sssd option. ipa-4-5: * f984cef6ed49e04a4e3754d2f3214d64715d26df sssd.py: Deprecating no-sssd option. """ See the full comment at https://github.com/freeipa/freeipa/pull/848#issuecomment-307108648 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#829][+pushed] client.py: Replace hardcoded 'admin' with options.principal
URL: https://github.com/freeipa/freeipa/pull/829 Title: #829: client.py: Replace hardcoded 'admin' with options.principal Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#840][comment] Add Role 'Client Administrator'
URL: https://github.com/freeipa/freeipa/pull/840 Title: #840: Add Role 'Client Administrator' MartinBasti commented: """ Off Topic: Shouldn't have "IT specialists" also 'Host Enrollment' privilege, because they have 'Host administrators' already and this should close the circle. "Client administrator" sounds to me like too much as the role can only enroll client. How about "Enrolling Administrator"/"Client Enrolling Administrator". But I'm not sure. """ See the full comment at https://github.com/freeipa/freeipa/pull/840#issuecomment-307098685 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#857][comment] baseldap.py: Removes dns-server configuration from ldap
URL: https://github.com/freeipa/freeipa/pull/857 Title: #857: baseldap.py: Removes dns-server configuration from ldap MartinBasti commented: """ Actually NACK until you fix commit message, this is not related to baseldap.py """ See the full comment at https://github.com/freeipa/freeipa/pull/857#issuecomment-307016671 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#842][+ack] Changed ownership of ldiffile to DS_USER
URL: https://github.com/freeipa/freeipa/pull/842 Title: #842: Changed ownership of ldiffile to DS_USER Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#848][+ack] sssd.py: Deprecating no-sssd option.
URL: https://github.com/freeipa/freeipa/pull/848 Title: #848: sssd.py: Deprecating no-sssd option. Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#862][comment] dnsserver.py: dnsserver-find no longer returns internal server error
URL: https://github.com/freeipa/freeipa/pull/862 Title: #862: dnsserver.py: dnsserver-find no longer returns internal server error MartinBasti commented: """ LGTM """ See the full comment at https://github.com/freeipa/freeipa/pull/862#issuecomment-306849641 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#855][+pushed] Prevent issues with older clients
URL: https://github.com/freeipa/freeipa/pull/855 Title: #855: Prevent issues with older clients Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#859][comment] Add CommonNameToSANDefault to default cert profile
URL: https://github.com/freeipa/freeipa/pull/859 Title: #859: Add CommonNameToSANDefault to default cert profile MartinBasti commented: """ How are upgrades of cert profile handled? (if they are needed) """ See the full comment at https://github.com/freeipa/freeipa/pull/859#issuecomment-306761729 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#855][comment] Prevent issues with older clients
URL: https://github.com/freeipa/freeipa/pull/855 Title: #855: Prevent issues with older clients MartinBasti commented: """ @pvoborni yes, this is the way how to handle false positive missing members in pylint """ See the full comment at https://github.com/freeipa/freeipa/pull/855#issuecomment-306759907 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#858][edited] Bump version of python-gssapi
URL: https://github.com/freeipa/freeipa/pull/858 Author: pvomacka Title: #858: Bump version of python-gssapi Action: edited Changed field: title Original value: """ Bumb version of python-gssapi """ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#857][comment] baseldap.py: Removes dns-server configuration from ldap
URL: https://github.com/freeipa/freeipa/pull/857 Title: #857: baseldap.py: Removes dns-server configuration from ldap MartinBasti commented: """ NACK Please create a new method `_cleanup_server_dns_config` because this patch unrelated to DNS records but it is for DNS configuration per server. """ See the full comment at https://github.com/freeipa/freeipa/pull/857#issuecomment-306727089 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#846][synchronized] Travis: Add tox tests
URL: https://github.com/freeipa/freeipa/pull/846 Author: MartinBasti Title: #846: Travis: Add tox tests Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/846/head:pr846 git checkout pr846 From 2b199c35532710cfb4459b7128bf950d958a6990 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Fri, 2 Jun 2017 10:41:20 +0200 Subject: [PATCH] Travis: Add tox tests Tox tests contain various testcases for PyPI wheel builds --- .test_runner_config.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml index 014c64854b..948b844d4c 100644 --- a/.test_runner_config.yaml +++ b/.test_runner_config.yaml @@ -28,7 +28,8 @@ steps: builddep: - rm -rf /var/cache/dnf/* - "dnf makecache fast || :" - - dnf builddep -y ${builddep_opts} --spec freeipa.spec.in --best --allowerasing + - dnf install -y python2-tox python3-tox + - dnf builddep -y ${builddep_opts} -D "with_lint 1" -D "with_wheels 1" --spec freeipa.spec.in --best --allowerasing cleanup: - chown -R ${uid}:${gid} ${container_working_dir} - journalctl -b --no-pager > systemd_journal.log @@ -53,6 +54,7 @@ steps: lint: - make PYTHON=/usr/bin/python2 V=0 lint - make PYTHON=/usr/bin/python3 V=0 pylint + - tox pypi prepare_tests: - echo ${server_password} | kinit admin && ipa ping - cp -r /etc/ipa/* ~/.ipa/ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#848][comment] sssd.py: Deprecating no-sssd option.
URL: https://github.com/freeipa/freeipa/pull/848 Title: #848: sssd.py: Deprecating no-sssd option. MartinBasti commented: """ Please fill `changelog` in the ticket about this change. """ See the full comment at https://github.com/freeipa/freeipa/pull/848#issuecomment-306537875 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#836][closed] Only warn when specified server IP addresses don't match intf
URL: https://github.com/freeipa/freeipa/pull/836 Author: MartinBasti Title: #836: Only warn when specified server IP addresses don't match intf Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/836/head:pr836 git checkout pr836 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][closed] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: Refactoring cert-find to use API call directly instead of using Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/812/head:pr812 git checkout pr812 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][+pushed] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Title: #812: Refactoring cert-find to use API call directly instead of using Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][comment] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Title: #812: Refactoring cert-find to use API call directly instead of using MartinBasti commented: """ master: * 44bd5e358b027f8956b730f250854efb5087f05e Changing cert-find to do not use only primary key to search in LDAP. ipa-4-5: * df1276e9daf9ee8db05538f47706855cb3d11e01 Changing cert-find to do not use only primary key to search in LDAP. """ See the full comment at https://github.com/freeipa/freeipa/pull/812#issuecomment-305811098 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#818][closed] Avoid possible endless recursion in RPC call from client
URL: https://github.com/freeipa/freeipa/pull/818 Author: stlaz Title: #818: Avoid possible endless recursion in RPC call from client Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/818/head:pr818 git checkout pr818 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#818][comment] Avoid possible endless recursion in RPC call from client
URL: https://github.com/freeipa/freeipa/pull/818 Title: #818: Avoid possible endless recursion in RPC call from client MartinBasti commented: """ master: * 81a808caeb5676427610e113b5a259511c2835d6 Avoid possible endless recursion in RPC call * 79d1752577e8fcb568b701509fe5b52f949d5e4b rpc: preparations for recursion fix * e1f8684e858b4ae47b54acd0d76a844bc20ce443 rpc: avoid possible recursion in create_connection ipa-4-5: * a5b413b72e224120acde09d1c877be11b3f61b6b Avoid possible endless recursion in RPC call * d8aab383a39a22cc613cf64e5d66ce69111d97df rpc: preparations for recursion fix * cb6c93dad044c724ba2cedbff49bf71aea939418 rpc: avoid possible recursion in create_connection """ See the full comment at https://github.com/freeipa/freeipa/pull/818#issuecomment-305808729 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#818][+pushed] Avoid possible endless recursion in RPC call from client
URL: https://github.com/freeipa/freeipa/pull/818 Title: #818: Avoid possible endless recursion in RPC call from client Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#823][closed] ipa-kdb: reload certificate mapping rules periodically
URL: https://github.com/freeipa/freeipa/pull/823 Author: sumit-bose Title: #823: ipa-kdb: reload certificate mapping rules periodically Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/823/head:pr823 git checkout pr823 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#846][synchronized] Travis: Add tox tests
URL: https://github.com/freeipa/freeipa/pull/846 Author: MartinBasti Title: #846: Travis: Add tox tests Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/846/head:pr846 git checkout pr846 From 0bd0a1a84941814a6e30f311ced7627ba2fda79b Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Fri, 2 Jun 2017 10:41:20 +0200 Subject: [PATCH] Travis: Add tox tests Tox tests contain various testcases for PyPI wheel builds --- .test_runner_config.yaml | 1 + .travis.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml index 014c64854b..9161d5db28 100644 --- a/.test_runner_config.yaml +++ b/.test_runner_config.yaml @@ -53,6 +53,7 @@ steps: lint: - make PYTHON=/usr/bin/python2 V=0 lint - make PYTHON=/usr/bin/python3 V=0 pylint + - tox pypi prepare_tests: - echo ${server_password} | kinit admin && ipa ping - cp -r /etc/ipa/* ~/.ipa/ diff --git a/.travis.yml b/.travis.yml index c275cdca5d..61db22d6e3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,6 +31,7 @@ install: - pip install --upgrade pip - pip3 install --upgrade pip - pip install pep8 +- pip install tox - > pip3 install git+https://github.com/freeipa/ipa-docker-test-runner@release-0-2-1 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#850][+py3] ipaldap py3 fixes
URL: https://github.com/freeipa/freeipa/pull/850 Title: #850: ipaldap py3 fixes Label: +py3 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#845][comment] ipadiscovery: Return realm as a string
URL: https://github.com/freeipa/freeipa/pull/845 Title: #845: ipadiscovery: Return realm as a string MartinBasti commented: """ That is an experimental only RFC. By general it can contain any byte textually represented in octal form. str() in python2 converts from bytes using ASCII codec, so by keeping compatibility and avoiding to parse weird realms it should be IMO ASCII. But I can live with utf-8 as well, but I haven't checked how is this handled later in code """ See the full comment at https://github.com/freeipa/freeipa/pull/845#issuecomment-305739666 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#845][comment] ipadiscovery: Return realm as a string
URL: https://github.com/freeipa/freeipa/pull/845 Title: #845: ipadiscovery: Return realm as a string MartinBasti commented: """ A TXT record can contain anything in any encoding, it contains just bytes without predefined semantic, we should play safe here and catch UnicodeDecodeError. Also currently we support only ASCII for realms, I'm not sure which character are allowed to be in realm outside IPA world, I haven't found a clear answer. """ See the full comment at https://github.com/freeipa/freeipa/pull/845#issuecomment-305722760 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#844][comment] py3: fix regression in schemaupdate
URL: https://github.com/freeipa/freeipa/pull/844 Title: #844: py3: fix regression in schemaupdate MartinBasti commented: """ master: * 89eb162fcd60861ed4c628dab4e1aaf10c6160bb py3: fix regression in schemaupdate """ See the full comment at https://github.com/freeipa/freeipa/pull/844#issuecomment-305717022 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#838][opened] Explicitly ask for py2 dependencies in py2 packages
URL: https://github.com/freeipa/freeipa/pull/838 Author: MartinBasti Title: #838: Explicitly ask for py2 dependencies in py2 packages Action: opened PR body: """ In future default package names can start to pointing to py3 instead of py2. We have to explicitly ask for python2-* and python3-* packages. This commit changes only dependencies that are available in both F25 and F26 https://pagure.io/freeipa/issue/4985 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/838/head:pr838 git checkout pr838 From 61ec8905cadecf8cd69ea63829bca1f5ad756e6a Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Thu, 1 Jun 2017 10:45:08 +0200 Subject: [PATCH] Explicitly ask for py2 dependencies in py2 packages In future default package names can start to pointing to py3 instead of py2. We have to explicitly ask for python2-* and python3-* packages. This commit changes only dependencies that are available in both F25 and F26 https://pagure.io/freeipa/issue/4985 --- freeipa.spec.in | 74 - 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 1446dfbb7c..e6a5e6be8c 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -139,12 +139,12 @@ BuildRequires: python-lesscpy # BuildRequires: python-ldap BuildRequires: python-netaddr -BuildRequires: python-pyasn1 -BuildRequires: python-pyasn1-modules -BuildRequires: python-dns +BuildRequires: python2-pyasn1 +BuildRequires: python2-pyasn1-modules +BuildRequires: python2-dns BuildRequires: python-six -BuildRequires: python-libsss_nss_idmap -BuildRequires: python-cffi +BuildRequires: python2-libsss_nss_idmap +BuildRequires: python2-cffi # # Build dependencies for wheel packaging and PyPI upload @@ -152,7 +152,7 @@ BuildRequires: python-cffi %if 0%{?with_wheels} BuildRequires: dbus-glib-devel BuildRequires: libffi-devel -BuildRequires: python-tox +BuildRequires: python2-tox BuildRequires: python2-twine BuildRequires: python2-wheel %if 0%{?with_python3} @@ -177,14 +177,14 @@ BuildRequires: pylint >= 1.6 %endif # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 BuildRequires: python2-polib -BuildRequires: python-libipa_hbac -BuildRequires: python-lxml +BuildRequires: python2-libipa_hbac +BuildRequires: python2-lxml # 5.0.0: QRCode.print_ascii BuildRequires: python-qrcode-core >= 5.0.0 # 1.15: python-dns changed return type in to_text() method in PY3 -BuildRequires: python-dns >= 1.15 +BuildRequires: python2-dns >= 1.15 BuildRequires: jsl -BuildRequires: python-yubico +BuildRequires: python2-yubico # pki Python package BuildRequires: pki-base-python2 BuildRequires: python-pytest-multihost @@ -193,17 +193,17 @@ BuildRequires: python-jwcrypto # 0.3: sd_notify (https://pagure.io/freeipa/issue/5825) BuildRequires: python2-custodia >= 0.3.1 BuildRequires: dbus-python -BuildRequires: python-dateutil +BuildRequires: python2-dateutil BuildRequires: python-enum34 BuildRequires: python-netifaces -BuildRequires: python-sss -BuildRequires: python-sss-murmur -BuildRequires: python-sssdconfig -BuildRequires: python-nose -BuildRequires: python-paste +BuildRequires: python2-sss +BuildRequires: python2-sss-murmur +BuildRequires: python2-sssdconfig +BuildRequires: python2-nose +BuildRequires: python2-paste BuildRequires: systemd-python BuildRequires: python2-jinja2 -BuildRequires: python-augeas +BuildRequires: python2-augeas %if 0%{?with_python3} # FIXME: this depedency is missing - server will not work @@ -360,16 +360,16 @@ Requires: %{name}-common = %{version}-%{release} Requires: python2-ipaclient = %{version}-%{release} Requires: python2-custodia >= 0.3.1 Requires: python-ldap >= 2.4.15 -Requires: python-lxml +Requires: python2-lxml Requires: python-gssapi >= 1.2.0 -Requires: python-sssdconfig -Requires: python-pyasn1 +Requires: python2-sssdconfig +Requires: python2-pyasn1 Requires: dbus-python -Requires: python-dns >= 1.15 +Requires: python2-dns >= 1.15 Requires: python-kdcproxy >= 0.3 Requires: rpm-libs Requires: pki-base-python2 -Requires: python-augeas +Requires: python2-augeas %description -n python2-ipaserver IPA is an integrated solution to provide centrally managed Identity (users, @@ -552,7 +552,7 @@ BuildArch: noarch Requires: %{name}-client-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} Requires: python2-ipalib = %{version}-%{release} -Requires: python-dns >= 1.15 +Requires: python2-dns >= 1.15 Requires: python2-jinja2 %description -n python2-ipaclient @@ -658,21 +658,21 @@ Requires: pyOpenSSL Requires: python >= 2.7.9 Requires: python2-cryptography >= 1.6 Requires: python-netaddr >= %{python_netaddr_version} -Requires: python-libipa_hbac +Requires: python2-libipa_hbac Requires: python-qrcode-core >= 5.0.0 -Requires: python-pyasn1
[Freeipa-devel] [freeipa PR#827][comment] pylint: explicitly depends on python2-pylint
URL: https://github.com/freeipa/freeipa/pull/827 Title: #827: pylint: explicitly depends on python2-pylint MartinBasti commented: """ master: * be1415b6cc8f5dadc1ac3766305a33f370fdf9bb pylint: explicitly depends on python2-pylint """ See the full comment at https://github.com/freeipa/freeipa/pull/827#issuecomment-305417588 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#827][closed] pylint: explicitly depends on python2-pylint
URL: https://github.com/freeipa/freeipa/pull/827 Author: MartinBasti Title: #827: pylint: explicitly depends on python2-pylint Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/827/head:pr827 git checkout pr827 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#827][+pushed] pylint: explicitly depends on python2-pylint
URL: https://github.com/freeipa/freeipa/pull/827 Title: #827: pylint: explicitly depends on python2-pylint Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#834][closed] [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure
URL: https://github.com/freeipa/freeipa/pull/834 Author: tomaskrizek Title: #834: [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/834/head:pr834 git checkout pr834 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#834][comment] [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure
URL: https://github.com/freeipa/freeipa/pull/834 Title: #834: [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure MartinBasti commented: """ ipa-4-4: * e4363c5c26982f9126e7df16ba7a1a060cdb8721 Fix the installutils.set_directive docstring * e40f9a5183fc3ebe160ea6b6ae4fb5c3190c1462 installutils: improve directive value parsing in `get_directive` * 67c8f5fd4e50283e7680e7ded142e3234c7ab5f1 Delegate directive value quoting/unquoting to separate functions * 60a05de4122a26f3a9d148b8c014668d296229fc Explicitly handle quoting/unquoting of NSSNickname directive """ See the full comment at https://github.com/freeipa/freeipa/pull/834#issuecomment-305416276 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#834][+pushed] [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure
URL: https://github.com/freeipa/freeipa/pull/834 Title: #834: [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#824][+pushed] ca-add: validate Subject DN name attributes
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes Label: +pushed ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#824][comment] ca-add: validate Subject DN name attributes
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes MartinBasti commented: """ master: * 5f0e13ce9c3d1ead02de61a148de973fc6787b96 ca-add: validate Subject DN name attributes """ See the full comment at https://github.com/freeipa/freeipa/pull/824#issuecomment-305412301 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#824][closed] ca-add: validate Subject DN name attributes
URL: https://github.com/freeipa/freeipa/pull/824 Author: frasertweedale Title: #824: ca-add: validate Subject DN name attributes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/824/head:pr824 git checkout pr824 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#460][closed] ipa-server-install, ipa-server-upgrade fixes
URL: https://github.com/freeipa/freeipa/pull/460 Author: MartinBasti Title: #460: ipa-server-install, ipa-server-upgrade fixes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/460/head:pr460 git checkout pr460 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#460][comment] ipa-server-install, ipa-server-upgrade fixes
URL: https://github.com/freeipa/freeipa/pull/460 Title: #460: ipa-server-install, ipa-server-upgrade fixes MartinBasti commented: """ master: * 2e63ec42d0f879f2d129c4f81f88a1712ce86b8c py3: use ConfigParser instead of SafeConfigParser * 6e7071d6add24e8923d705d35a362761f356d56d py3: ConfigParser: replace deprecated readfd with read * 27f8f9f03d69276f9ee410169b76574da2461794 py3: ipaldap: encode Boolean as bytes * d7a9e81fbd7a33941a8c5ae9f29252522944 py3: softhsm key_id must be bytes * bc9addac30d69d88f5040e194be1e32a881cfba9 py3: LDAP updates: use only bytes/raw values * d89de4219d0e8ee33e81d6b6d1bc6c22ac9ffbaa py3: schemaupdate: fix BytesWarning * b09a941f34507cfce682d8c5a3acf6dfe7fa624e py3: cainstance: fix BytesWarning * c6a57d8091aeefb6067711189ee0ce11411dee57 py3: urlfetch: use "file://" prefix with filenames * 99771ceb9ffcf21d0364bf57994716322b24551e py3: update_mod_nss_cipher_suite: ordering doesn't work with None """ See the full comment at https://github.com/freeipa/freeipa/pull/460#issuecomment-305411368 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#836][opened] Only warn when specified server IP addresses don't match intf
URL: https://github.com/freeipa/freeipa/pull/836 Author: MartinBasti Title: #836: Only warn when specified server IP addresses don't match intf Action: opened PR body: """ In containers local addresses differ from public addresses and we need a way to provide only public address to installers. https://pagure.io/freeipa/issue/2715 https://pagure.io/freeipa/issue/4317 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/836/head:pr836 git checkout pr836 From dff7a4961a9cbc6f6625de4702e07b150b4561c4 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Wed, 31 May 2017 15:50:05 +0200 Subject: [PATCH] Only warn when specified server IP addresses don't match intf In containers local addresses differ from public addresses and we need a way to provide only public address to installers. https://pagure.io/freeipa/issue/2715 https://pagure.io/freeipa/issue/4317 --- ipalib/install/hostname.py | 2 +- ipalib/util.py | 14 +++ ipapython/ipautil.py | 62 -- ipaserver/install/dns.py | 1 + ipaserver/install/installutils.py | 2 +- ipaserver/install/server/install.py| 2 + ipaserver/install/server/replicainstall.py | 2 + 7 files changed, 55 insertions(+), 30 deletions(-) diff --git a/ipalib/install/hostname.py b/ipalib/install/hostname.py index ecc2963d15..25ac21e09c 100644 --- a/ipalib/install/hostname.py +++ b/ipalib/install/hostname.py @@ -34,7 +34,7 @@ class HostNameInstallInterface(service.ServiceInstallInterface): def ip_addresses(self, values): for value in values: try: -CheckedIPAddress(value, match_local=True) +CheckedIPAddress(value) except Exception as e: raise ValueError("invalid IP address {0}: {1}".format( value, e)) diff --git a/ipalib/util.py b/ipalib/util.py index 713fc107e9..1bd8495a49 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -1128,3 +1128,17 @@ def broadcast_ip_address_warning(addr_list): # print print("WARNING: IP address {} might be broadcast address".format( ip), file=sys.stderr) + + +def no_matching_interface_for_ip_address_warning(addr_list): +for ip in addr_list: +if not ip.get_matching_interface(): +root_logger.warning( +"No network interface matches the IP address %s", ip) +# fixme: once when loggers will be fixed, we can remove this +# print +print( +"WARNING: No network interface matches the IP address " +"{}".format(ip), +file=sys.stderr +) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 317fc225b7..a277ed8747 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -161,34 +161,7 @@ def __init__(self, addr, match_local=False, parse_netmask=True, raise ValueError("cannot use multicast IP address {}".format(addr)) if match_local: -if self.version == 4: -family = netifaces.AF_INET -elif self.version == 6: -family = netifaces.AF_INET6 -else: -raise ValueError( -"Unsupported address family ({})".format(self.version) -) - -iface = None -for interface in netifaces.interfaces(): -for ifdata in netifaces.ifaddresses(interface).get(family, []): - -# link-local addresses contain '%suffix' that causes parse -# errors in IPNetwork -ifaddr = ifdata['addr'].split(u'%', 1)[0] - -ifnet = netaddr.IPNetwork('{addr}/{netmask}'.format( -addr=ifaddr, -netmask=ifdata['netmask'] -)) -if ifnet == self._net or ( -self._net is None and ifnet.ip == self): -self._net = ifnet -iface = interface -break - -if iface is None: +if not self.get_matching_interface(): raise ValueError('no network interface matches the IP address ' 'and netmask {}'.format(addr)) @@ -218,6 +191,39 @@ def is_network_addr(self): def is_broadcast_addr(self): return self.version == 4 and self == self._net.broadcast +def get_matching_interface(self): +"""Find matching local interface for address +:return: Interface name or None if no interface has this address +""" +if self.version == 4: +family = netifaces.AF_INET +elif self.version == 6: +family = netifaces.AF_INET6 +else: +raise
[Freeipa-devel] [freeipa PR#803][+ack] ipatests: add systemd journal collection for multihost tests
URL: https://github.com/freeipa/freeipa/pull/803 Title: #803: ipatests: add systemd journal collection for multihost tests Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#460][synchronized] ipa-server-install, ipa-server-upgrade fixes
URL: https://github.com/freeipa/freeipa/pull/460 Author: MartinBasti Title: #460: ipa-server-install, ipa-server-upgrade fixes Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/460/head:pr460 git checkout pr460 From 69369de4b67ca1a0e0286253ffe1cd42c853a0cd Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Fri, 10 Feb 2017 17:05:02 +0100 Subject: [PATCH 1/9] py3: use ConfigParser instead of SafeConfigParser DeprecationWarning: The SafeConfigParser class has been renamed to ConfigParser in Python 3.2. This alias will be removed in future versions. Use ConfigParser directly instead. https://fedorahosted.org/freeipa/ticket/4985 --- ipalib/install/sysrestore.py | 6 +- ipaserver/install/installutils.py| 7 ++- ipaserver/install/ipa_backup.py | 7 ++- ipaserver/install/ipa_replica_prepare.py | 7 ++- ipaserver/install/ipa_restore.py | 11 ++- ipaserver/install/server/upgrade.py | 6 +- 6 files changed, 38 insertions(+), 6 deletions(-) diff --git a/ipalib/install/sysrestore.py b/ipalib/install/sysrestore.py index b1bf4b9127..5c21956898 100644 --- a/ipalib/install/sysrestore.py +++ b/ipalib/install/sysrestore.py @@ -31,7 +31,11 @@ import six # pylint: disable=import-error -from six.moves.configparser import SafeConfigParser +if six.PY3: +# The SafeConfigParser class has been renamed to ConfigParser in Py3 +from configparser import ConfigParser as SafeConfigParser +else: +from ConfigParser import SafeConfigParser # pylint: enable=import-error from ipaplatform.tasks import tasks diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index d2283af204..15ab65974e 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -41,7 +41,12 @@ import ldapurl import six # pylint: disable=import-error -from six.moves.configparser import SafeConfigParser, NoOptionError +if six.PY3: +# The SafeConfigParser class has been renamed to ConfigParser in Py3 +from configparser import ConfigParser as SafeConfigParser +else: +from ConfigParser import SafeConfigParser +from six.moves.configparser import NoOptionError # pylint: enable=import-error from ipalib.install import sysrestore diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index f8cdd56d26..f17de1e6f2 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -23,8 +23,13 @@ import time import pwd +import six # pylint: disable=import-error -from six.moves.configparser import SafeConfigParser +if six.PY3: +# The SafeConfigParser class has been renamed to ConfigParser in Py3 +from configparser import ConfigParser as SafeConfigParser +else: +from ConfigParser import SafeConfigParser # pylint: enable=import-error from ipaplatform.paths import paths diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index d4456dd796..fcb652859c 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -30,8 +30,13 @@ # pylint: enable=deprecated-module import dns.resolver +import six # pylint: disable=import-error -from six.moves.configparser import SafeConfigParser +if six.PY3: +# The SafeConfigParser class has been renamed to ConfigParser in Py3 +from configparser import ConfigParser as SafeConfigParser +else: +from ConfigParser import SafeConfigParser # pylint: enable=import-error from ipaserver.install import certs, installutils, bindinstance, dsinstance, ca diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index f786c746bb..ea308dba4e 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -25,8 +25,13 @@ import ldif import itertools +import six # pylint: disable=import-error -from six.moves.configparser import SafeConfigParser +if six.PY3: +# The SafeConfigParser class has been renamed to ConfigParser in Py3 +from configparser import ConfigParser as SafeConfigParser +else: +from ConfigParser import SafeConfigParser # pylint: enable=import-error from ipaclient.install.client import update_ipa_nssdb @@ -715,7 +720,11 @@ def read_header(self): self.backup_host = config.get('ipa', 'host') self.backup_ipa_version = config.get('ipa', 'ipa_version') self.backup_version = config.get('ipa', 'version') +# pylint: disable=no-member +# we can assume that returned object is string and it has .split() +# method self.backup_services = config.get('ipa', 'services').split(',') +# pylint: enable=no-member def extract_backup(self, keyring=None): diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index db86353165..e8ceafa310 100644 ---
[Freeipa-devel] [freeipa PR#814][closed] Add new permission to grant 'add' on cas container
URL: https://github.com/freeipa/freeipa/pull/814 Author: Tiboris Title: #814: Add new permission to grant 'add' on cas container Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/814/head:pr814 git checkout pr814 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#832][synchronized] Add remote_plugins subdirectories to RPM
URL: https://github.com/freeipa/freeipa/pull/832 Author: MartinBasti Title: #832: Add remote_plugins subdirectories to RPM Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/832/head:pr832 git checkout pr832 From 0bc60c16a5e57bb9a4801a3e4f7689e333221c5f Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Tue, 30 May 2017 16:55:41 +0200 Subject: [PATCH] Add remote_plugins subdirectories to RPM Subdirectories of remote plugins were forgotten in previous fix d22ac59828cc4339d509804ddb3e2e1da9cfaa20 . https://pagure.io/freeipa/issue/6927 --- freeipa.spec.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index e6f63a2675..cc64540ac7 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1430,6 +1430,7 @@ fi %{python_sitelib}/ipaclient/plugins/*.py* %dir %{python_sitelib}/ipaclient/remote_plugins %{python_sitelib}/ipaclient/remote_plugins/*.py* +%dir %{python_sitelib}/ipaclient/remote_plugins/2_* %{python_sitelib}/ipaclient/remote_plugins/2_*/*.py* %dir %{python_sitelib}/ipaclient/csrgen %dir %{python_sitelib}/ipaclient/csrgen/profiles @@ -1459,6 +1460,7 @@ fi %dir %{python3_sitelib}/ipaclient/remote_plugins %{python3_sitelib}/ipaclient/remote_plugins/*.py %{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py* +%dir %{python3_sitelib}/ipaclient/remote_plugins/2_* %{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py %{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py* %dir %{python3_sitelib}/ipaclient/csrgen ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#832][opened] Add remote_plugins subdirectories to RPM
URL: https://github.com/freeipa/freeipa/pull/832 Author: MartinBasti Title: #832: Add remote_plugins subdirectories to RPM Action: opened PR body: """ Subdirectories of remote plugins were forgotten in previous fix d22ac59828cc4339d509804ddb3e2e1da9cfaa20 . https://pagure.io/freeipa/issue/6927 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/832/head:pr832 git checkout pr832 From 855f34f8791e1ebcef11ef989a9969b3efd170a6 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Tue, 30 May 2017 16:55:41 +0200 Subject: [PATCH] Add remote_plugins subdirectories to RPM Subdirectories of remote plugins were forgotten in previous fix d22ac59828cc4339d509804ddb3e2e1da9cfaa20 . https://pagure.io/freeipa/issue/6927 --- freeipa.spec.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index e6f63a2675..33e4976da6 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1430,6 +1430,7 @@ fi %{python_sitelib}/ipaclient/plugins/*.py* %dir %{python_sitelib}/ipaclient/remote_plugins %{python_sitelib}/ipaclient/remote_plugins/*.py* +%dir %{python_sitelib}/ipaclient/remote_plugins/* %{python_sitelib}/ipaclient/remote_plugins/2_*/*.py* %dir %{python_sitelib}/ipaclient/csrgen %dir %{python_sitelib}/ipaclient/csrgen/profiles @@ -1459,6 +1460,7 @@ fi %dir %{python3_sitelib}/ipaclient/remote_plugins %{python3_sitelib}/ipaclient/remote_plugins/*.py %{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py* +%dir %{python3_sitelib}/ipaclient/remote_plugins/* %{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py %{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py* %dir %{python3_sitelib}/ipaclient/csrgen ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#827][synchronized] pylint: explicitly depends on python2-pylint
URL: https://github.com/freeipa/freeipa/pull/827 Author: MartinBasti Title: #827: pylint: explicitly depends on python2-pylint Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/827/head:pr827 git checkout pr827 From 32ee7e81840eebb3f704cfc4ba7928c4ed2be7d5 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Fri, 26 May 2017 22:30:28 +0200 Subject: [PATCH] pylint: explicitly depends on python2-pylint F26 defaults to python3 with pylint package, we have to explicitly ask for python2 version of pylint https://pagure.io/freeipa/issue/6986 --- freeipa.spec.in | 4 1 file changed, 4 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 3cb137f3a7..0d96d4cf4b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -170,7 +170,11 @@ BuildRequires: samba-python # 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199) BuildRequires: python2-cryptography >= 1.6 BuildRequires: python-gssapi >= 1.2.0 +%if 0%{?fedora} >= 26 +BuildRequires: python2-pylint +%else BuildRequires: pylint >= 1.6 +%endif # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506 BuildRequires: python2-polib BuildRequires: python-libipa_hbac ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#831][edited] [4.4] custodia dep: require explictly python2 version
URL: https://github.com/freeipa/freeipa/pull/831 Author: MartinBasti Title: #831: [4.4] custodia dep: require explictly python2 version Action: edited Changed field: title Original value: """ custodia dep: require explictly python2 version """ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#831][opened] custodia dep: require explictly python2 version
URL: https://github.com/freeipa/freeipa/pull/831 Author: MartinBasti Title: #831: custodia dep: require explictly python2 version Action: opened PR body: """ python-custodia matches python3-custodia, but for py2 installations we need python2-custodia explicitly https://pagure.io/freeipa/issue/6962 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/831/head:pr831 git checkout pr831 From 93a9ce20ac29e54b1a8c4f7b1dc62a64547510d7 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Tue, 30 May 2017 16:18:08 +0200 Subject: [PATCH] custodia dep: require explictly python2 version python-custodia matches python3-custodia, but for py2 installations we need python2-custodia explicitly https://pagure.io/freeipa/issue/6962 --- freeipa.spec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 6c9269ae20..11cb627a83 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -499,7 +499,7 @@ Requires: python-jwcrypto Requires: python-cffi Requires: python-ldap >= 2.4.15 Requires: python-requests -Requires: python-custodia >= 0.2 +Requires: python2-custodia >= 0.2 Requires: python-dns >= 1.13 Requires: python-netifaces >= 0.10.4 Requires: pyusb ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#830][opened] custodia dep: require explictly python2 version
URL: https://github.com/freeipa/freeipa/pull/830 Author: MartinBasti Title: #830: custodia dep: require explictly python2 version Action: opened PR body: """ python-custodia matches python3-custodia, but for py2 installations we need python2-custodia explicitly https://pagure.io/freeipa/issue/6962 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/830/head:pr830 git checkout pr830 From 8ae0e011c5b97977a2c0d4065075cf21b6400b85 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Tue, 30 May 2017 16:18:08 +0200 Subject: [PATCH] custodia dep: require explictly python2 version python-custodia matches python3-custodia, but for py2 installations we need python2-custodia explicitly https://pagure.io/freeipa/issue/6962 --- freeipa.spec.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index e6f63a2675..de3757a1fa 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -187,7 +187,7 @@ BuildRequires: python-pytest-multihost BuildRequires: python-pytest-sourceorder BuildRequires: python-jwcrypto # 0.3: sd_notify (https://pagure.io/freeipa/issue/5825) -BuildRequires: python-custodia >= 0.3.1 +BuildRequires: python2-custodia >= 0.3.1 BuildRequires: dbus-python BuildRequires: python-dateutil BuildRequires: python-enum34 @@ -354,7 +354,7 @@ BuildArch: noarch Requires: %{name}-server-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} Requires: python2-ipaclient = %{version}-%{release} -Requires: python-custodia >= 0.3.1 +Requires: python2-custodia >= 0.3.1 Requires: python-ldap >= 2.4.15 Requires: python-lxml Requires: python-gssapi >= 1.2.0 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#460][-ack] ipa-server-install, ipa-server-upgrade fixes
URL: https://github.com/freeipa/freeipa/pull/460 Title: #460: ipa-server-install, ipa-server-upgrade fixes Label: -ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org