[Freeipa-devel] [freeipa PR#945][opened] DNS update: reduce timeout for CA records

2017-07-31 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/945
Author: MartinBasti
 Title: #945: DNS update: reduce timeout for CA records
Action: opened

PR body:
"""
Timeout 120 seconds is quite long and it makes uninstallation too long
for. Given that this is non critical operation and may be executed
manually later, waiting 120 seconds is too much. Usually waiting longer
will not help at all to resolve missing record.

30 seconds is long enough 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/945/head:pr945
git checkout pr945
From abbad9d68880c635482e8c6df7ff17348a412d79 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 28 Jul 2017 15:43:16 +0200
Subject: [PATCH] DNS update: reduce timeout for CA records
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Timeout 120 seconds is quite long and it makes uninstallation too long
for. Given that this is non critical operation and may be executed
manually later, waiting 120 seconds is too much. Usually waiting longer
will not help at all to resolve missing record.

30 seconds is long enough 
---
 ipaserver/dns_data_management.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py
index 9965028ce0..bdf83de0cd 100644
--- a/ipaserver/dns_data_management.py
+++ b/ipaserver/dns_data_management.py
@@ -55,6 +55,8 @@
 (DNSName("_ntp._udp"), 123),
 )
 
+CA_RECORDS_DNS_TIMEOUT = 30  # timeout in seconds
+
 
 class IPADomainIsNotManagedByIPAError(Exception):
 pass
@@ -134,7 +136,7 @@ def __add_ca_records_from_hostname(self, zone_obj, hostname):
 assert isinstance(hostname, DNSName) and hostname.is_absolute()
 r_name = DNSName('ipa-ca') + self.domain_abs
 rrsets = []
-end_time = time() + 120  # timeout in seconds
+end_time = time() + CA_RECORDS_DNS_TIMEOUT
 while time() < end_time:
 try:
 rrsets = resolve_rrsets(hostname, (rdatatype.A, rdatatype.))
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#839][closed] Use standard Python logging

2017-07-14 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/839
Author: HonzaCholasta
 Title: #839: Use standard Python logging
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/839/head:pr839
git checkout pr839
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#916][opened] Py3 adtrust

2017-07-13 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/916
Author: MartinBasti
 Title: #916: Py3 adtrust
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/916/head:pr916
git checkout pr916
From ac8b251b9b0c60f300ebd1afcd04b5adf8cbf55a Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 12 Jul 2017 17:29:30 +0200
Subject: [PATCH 1/2] py3: set samba dependencies

Set proper python3 dependencies for samba package

https://pagure.io/freeipa/issue/4985
---
 freeipa.spec.in | 14 +++---
 ipaserver/dcerpc.py |  3 ---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 72ce4ccc2c..0a56a038e6 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -208,8 +208,7 @@ BuildRequires:  python2-jinja2
 BuildRequires:  python2-augeas
 
 %if 0%{?with_python3}
-# FIXME: this depedency is missing - server will not work
-#BuildRequires:  python3-samba
+BuildRequires:  python3-samba
 # 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199)
 BuildRequires:  python3-cryptography >= 1.6
 BuildRequires:  python3-gssapi >= 1.2.0
@@ -470,12 +469,21 @@ Summary: Virtual package to install packages required for Active Directory trust
 Group: System Environment/Base
 Requires: %{name}-server = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
-Requires: samba-python
+
 Requires: samba >= %{samba_version}
 Requires: samba-winbind
 Requires: libsss_idmap
+
+%if 0%{?with_python3}
+Requires: python3-samba
+Requires: python3-libsss_nss_idmap
+Requires: python3-sss
+%endif  # with_python3
+# FIXME: put else here when py3 porting is done
+Requires: samba-python
 Requires: python-libsss_nss_idmap
 Requires: python-sss
+
 # We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5
 # on the installes where server-trust-ad subpackage is installed because
 # IPA AD trusts cannot be used at the same time with the locator plugin
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index d684a17cab..8b259ea595 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -37,8 +37,6 @@
 import struct
 import random
 
-# TODO: Remove pylint disable when Python 3 bindings are available.
-# pylint: disable=import-error
 from samba import param
 from samba import credentials
 from samba.dcerpc import security, lsa, drsblobs, nbt, netlogon
@@ -46,7 +44,6 @@
 from samba import net
 from samba import arcfour_encrypt
 import samba
-# pylint: enable=import-error
 
 import ldap as _ldap
 from ipapython import ipaldap

From 0ca6e06952c3dc1ddc16b4d02c603525a069251e Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Thu, 13 Jul 2017 13:02:30 +0200
Subject: [PATCH 2/2] py3: ipa-adtrust-install under py3 by default

ipa-adtrust-install works under py3

https://pagure.io/freeipa/issue/4985
---
 freeipa.spec.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 0a56a038e6..2e92166a1b 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -878,6 +878,7 @@ find \
 # TODO: workaround: some scripts are copied over, so the are always py2.
 # We have to explicitly set python3 here for ported files here
 PY3_SUBST_PATHS='
+install/tools/ipa-adtrust-install
 install/tools/ipa-backup
 install/tools/ipa-compat-manage
 install/tools/ipa-dns-install
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#914][opened] baseldap: fix format string

2017-07-12 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/914
Author: MartinBasti
 Title: #914: baseldap: fix format string
Action: opened

PR body:
"""
Fixes missing type specification in format string.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/914/head:pr914
git checkout pr914
From 1e36f5c6786f2f2b88712d73e987d22ffd577c9a Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 12 Jul 2017 16:22:05 +0200
Subject: [PATCH] baseldap: fix format string

Fixes missing type specification in format string.
---
 ipaserver/plugins/baseldap.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipaserver/plugins/baseldap.py b/ipaserver/plugins/baseldap.py
index a6fc88b591..47bd184278 100644
--- a/ipaserver/plugins/baseldap.py
+++ b/ipaserver/plugins/baseldap.py
@@ -2406,7 +2406,7 @@ def exc_callback(self, keys, options, exc, call_func, *call_args,
 
 
 class BaseLDAPAddAttribute(BaseLDAPModAttribute):
-msg_summary = _('added attribute value to entry %(value)')
+msg_summary = _('added attribute value to entry %(value)s')
 
 def _update_attrs(self, update, entry_attrs):
 for name, value in entry_attrs.items():
@@ -2422,7 +2422,7 @@ def _update_attrs(self, update, entry_attrs):
 
 
 class BaseLDAPRemoveAttribute(BaseLDAPModAttribute):
-msg_summary = _('removed attribute values from entry %(value)')
+msg_summary = _('removed attribute values from entry %(value)s')
 
 def _update_attrs(self, update, entry_attrs):
 for name, value in entry_attrs.items():
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#913][closed] Passdb privates for ipa-4-5

2017-07-12 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/913
Author: abbra
 Title: #913: Passdb privates for ipa-4-5
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/913/head:pr913
git checkout pr913
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#901][closed] Passdb private state

2017-07-11 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/901
Author: abbra
 Title: #901: Passdb private state
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/901/head:pr901
git checkout pr901
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#909][opened] IPAOptionParser: fix dict comprehension

2017-07-10 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/909
Author: MartinBasti
 Title: #909: IPAOptionParser: fix dict comprehension
Action: opened

PR body:
"""
The statement can be simplified and be more resources friendly
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/909/head:pr909
git checkout pr909
From eea18338ac36c3d4a9d44fe671d47eafd15f936d Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 10 Jul 2017 14:54:10 +0200
Subject: [PATCH] IPAOptionParser: fix dict comprehension

The statement can be simplified and be more resources friendly
---
 ipapython/config.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ipapython/config.py b/ipapython/config.py
index 19abfc51ee..6e53472e08 100644
--- a/ipapython/config.py
+++ b/ipapython/config.py
@@ -114,7 +114,10 @@ def get_safe_opts(self, opts):
 Returns all options except those with sensitive=True in the same
 fashion as parse_args would
 """
-all_opts_dict = dict([ (o.dest, o) for o in self._get_all_options() if hasattr(o, 'sensitive') ])
+all_opts_dict = {
+o.dest: o for o in self._get_all_options()
+if hasattr(o, 'sensitive')
+}
 safe_opts_dict = {}
 
 for option, value in opts.__dict__.items():
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#886][closed] *config-show: do not show empty roles/attributes

2017-07-04 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/886
Author: martbab
 Title: #886: *config-show: do not show empty roles/attributes
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/886/head:pr886
git checkout pr886
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#864][closed] Create indexes for 'serverhostname' attribute

2017-07-04 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/864
Author: Tiboris
 Title: #864: Create indexes for 'serverhostname' attribute
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/864/head:pr864
git checkout pr864
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#492][closed] config: remove meaningless defaults

2017-07-04 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/492
Author: HonzaCholasta
 Title: #492: config: remove meaningless defaults
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/492/head:pr492
git checkout pr492
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#893][closed] smard card advises fixes + general improvements

2017-07-04 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/893
Author: martbab
 Title: #893: smard card advises fixes + general improvements
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/893/head:pr893
git checkout pr893
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#882][closed] Py3 fixes

2017-06-28 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/882
Author: MartinBasti
 Title: #882: Py3 fixes
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/882/head:pr882
git checkout pr882
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#896][closed] [py3] wsgi fixes

2017-06-27 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/896
Author: stlaz
 Title: #896: [py3] wsgi fixes
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/896/head:pr896
git checkout pr896
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#898][opened] py3: ipa-dnskeysyncd: fix bytes issues

2017-06-27 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/898
Author: MartinBasti
 Title: #898: py3: ipa-dnskeysyncd: fix bytes issues
Action: opened

PR body:
"""
LDAP client returns values as bytes, thus ipa-dnskeysyncd must work with
bytes properly.

https://pagure.io/freeipa/issue/4985
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/898/head:pr898
git checkout pr898
From e1205de4ff16b796529b581f38a8a66a82b27504 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Mon, 26 Jun 2017 14:23:44 +0200
Subject: [PATCH] py3: ipa-dnskeysyncd: fix bytes issues

LDAP client returns values as bytes, thus ipa-dnskeysyncd must work with
bytes properly.

https://pagure.io/freeipa/issue/4985
---
 ipaserver/dnssec/keysyncer.py | 22 +++---
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/ipaserver/dnssec/keysyncer.py b/ipaserver/dnssec/keysyncer.py
index a8dc92354e..c3a382ec20 100644
--- a/ipaserver/dnssec/keysyncer.py
+++ b/ipaserver/dnssec/keysyncer.py
@@ -42,7 +42,7 @@ def _get_objclass(self, attrs):
 
 Given set of attributes has to have exactly one supported object class.
 """
-supported_objclasses = set(['idnszone', 'idnsseckey', 'ipk11publickey'])
+supported_objclasses = {b'idnszone', b'idnsseckey', b'ipk11publickey'}
 present_objclasses = set([o.lower() for o in attrs[OBJCLASS_ATTR]]).intersection(supported_objclasses)
 assert len(present_objclasses) == 1, attrs[OBJCLASS_ATTR]
 return present_objclasses.pop()
@@ -64,31 +64,31 @@ def __is_replica_pubkey(self, attrs):
 vals = attrs.get('ipk11label', [])
 if len(vals) != 1:
 return False
-return vals[0].startswith('dnssec-replica:')
+return vals[0].startswith(b'dnssec-replica:')
 
 def application_add(self, uuid, dn, newattrs):
 objclass = self._get_objclass(newattrs)
-if objclass == 'idnszone':
+if objclass == b'idnszone':
 self.zone_add(uuid, dn, newattrs)
-elif objclass == 'idnsseckey':
+elif objclass == b'idnsseckey':
 self.key_meta_add(uuid, dn, newattrs)
-elif objclass == 'ipk11publickey' and \
+elif objclass == b'ipk11publickey' and \
 self.__is_replica_pubkey(newattrs):
 self.hsm_master_sync()
 
 def application_del(self, uuid, dn, oldattrs):
 objclass = self._get_objclass(oldattrs)
-if objclass == 'idnszone':
+if objclass == b'idnszone':
 self.zone_del(uuid, dn, oldattrs)
-elif objclass == 'idnsseckey':
+elif objclass == b'idnsseckey':
 self.key_meta_del(uuid, dn, oldattrs)
-elif objclass == 'ipk11publickey' and \
+elif objclass == b'ipk11publickey' and \
 self.__is_replica_pubkey(oldattrs):
 self.hsm_master_sync()
 
 def application_sync(self, uuid, dn, newattrs, oldattrs):
 objclass = self._get_objclass(oldattrs)
-if objclass == 'idnszone':
+if objclass == b'idnszone':
 olddn = ldap.dn.str2dn(oldattrs['dn'])
 newdn = ldap.dn.str2dn(newattrs['dn'])
 assert olddn == newdn, 'modrdn operation is not supported'
@@ -101,10 +101,10 @@ def application_sync(self, uuid, dn, newattrs, oldattrs):
 else:
 self.zone_del(uuid, olddn, oldattrs)
 
-elif objclass == 'idnsseckey':
+elif objclass == b'idnsseckey':
 self.key_metadata_sync(uuid, dn, oldattrs, newattrs)
 
-elif objclass == 'ipk11publickey' and \
+elif objclass == b'ipk11publickey' and \
 self.__is_replica_pubkey(newattrs):
 self.hsm_master_sync()
 
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#890][closed] Make sure we check ccaches in all rpcserver paths

2017-06-23 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/890
Author: simo5
 Title: #890: Make sure we check ccaches in all rpcserver paths
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/890/head:pr890
git checkout pr890
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#883][closed] Travis: check for BytesWarnings in httpd error_log

2017-06-22 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/883
Author: MartinBasti
 Title: #883: Travis: check for BytesWarnings in httpd error_log
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/883/head:pr883
git checkout pr883
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#888][opened] Make py3 default for ported scripts

2017-06-21 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/888
Author: MartinBasti
 Title: #888: Make py3 default for ported scripts
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/888/head:pr888
git checkout pr888
From a514972310b480671030df42dd2b4dcecbdac2e1 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 21 Jun 2017 17:08:18 +0200
Subject: [PATCH 1/2] py3: temporary set dependencies to both py2 and py3
 packages

We are slowly migrating python scripts to py3 and setting py3 as default
for them. Thus we need to depend on both py2 and py3 packages until
everything is migrated.

https://pagure.io/freeipa/issue/4985
---
 freeipa.spec.in | 9 +
 1 file changed, 9 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 9fbe5ad006..8bb8ee57d2 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -277,6 +277,9 @@ Group: System Environment/Base
 Requires: %{name}-server-common = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
+%if 0%{?with_python3}
+Requires: python3-ipaserver = %{version}-%{release}
+%endif
 Requires: python2-ipaserver = %{version}-%{release}
 Requires: 389-ds-base >= 1.3.5.14
 Requires: openldap-clients > 2.4.35-4
@@ -499,6 +502,9 @@ Summary: IPA authentication for use on clients
 Group: System Environment/Base
 Requires: %{name}-client-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
+%if 0%{?with_python3}
+Requires: python3-ipaclient = %{version}-%{release}
+%endif
 Requires: python2-ipaclient = %{version}-%{release}
 Requires: python-ldap
 Requires: cyrus-sasl-gssapi%{?_isa}
@@ -618,6 +624,9 @@ BuildArch: noarch
 Obsoletes: %{name}-python < 4.2.91
 Provides: %{name}-python = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
+%if 0%{?with_python3}
+Requires: python3-ipalib = %{version}-%{release}
+%endif
 Requires: python2-ipalib = %{version}-%{release}
 
 Provides: %{alt_name}-python-compat = %{version}

From 0e27d70cd23a9b8f88eb351d27b006197e93334a Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 21 Jun 2017 17:59:57 +0200
Subject: [PATCH 2/2] py3: run already ported scripts under py3 by default

To prevent regressions in py3, all ported scripts should be run by py3
by default.

This is temporary and will be removed once porting to py3 is done

https://pagure.io/freeipa/issue/4985
---
 freeipa.spec.in | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 8bb8ee57d2..ed9a60a6df 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -864,6 +864,24 @@ find \
 	! -name '*.pyo' -a \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
+
+%if 0%{?with_python3}
+# TODO: temporary solution until all scripts are ported to python3,
+# TODO: workaround: some scripts are copied over, so the are always py2.
+# We have to explicitly set python3 here for ported files here
+PY3_SUBST_PATHS='
+install/tools/ipa-backup
+install/tools/ipa-compat-manage
+install/tools/ipa-managed-entries
+install/tools/ipa-nis-manage
+install/tools/ipactl
+'
+for P in $PY3_SUBST_PATHS; do
+sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python3}|' $P
+done;
+
+%endif # with_python3
+
 %configure --with-vendor-suffix=-%{release} \
%{enable_server_option} \
%{with_ipatests_option} \
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#875][comment] Fix ip address checks

2017-06-20 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/875
Title: #875: Fix ip address checks

MartinBasti commented:
"""
Rebased in #881 
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/875#issuecomment-309712146
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#439][-WIP] Testing both py2/py3 in travis

2017-06-20 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/439
Title: #439: Testing both py2/py3 in travis

Label: -WIP
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#881][opened] [4.5] fix ip address checks

2017-06-20 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/881
Author: MartinBasti
 Title: #881: [4.5] fix ip address checks
Action: opened

PR body:
"""

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/881/head:pr881
git checkout pr881
From 110b8c09454da75043948952cb0cc48f4756d360 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 13 Jun 2017 17:03:30 +0200
Subject: [PATCH 1/7] Fix local IP address validation

Previously bf9886a84393d1d1546db7e49b102e08a16a83e7 match_local has
undesirable side effect that CheckedIPAddress object has set self._net
from local interface.

However with the recent changes, match_local is usually set to False,
thus this side effect stops happening and default mask per address class
is used. This causes validation error because mask on interface and mask
used for provided IP addresses differ (reporducible only with classless
masks).

FreeIPA should compare only IP addresses with local addresses without masks

https://pagure.io/freeipa/issue/4317
---
 ipapython/ipautil.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index a277ed8747..647ee833ae 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -216,10 +216,10 @@ def get_matching_interface(self):
 addr=ifaddr,
 netmask=ifdata['netmask']
 ))
-if ifnet == self._net or (
-self._net is None and ifnet.ip == self):
-self._net = ifnet
+
+if ifnet.ip == self:
 iface = interface
+self._net = ifnet
 break
 
 return iface

From 3eb681b61cf51ab707db42f8ed99bfe34a0320c4 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 14 Jun 2017 14:45:03 +0200
Subject: [PATCH 2/7] ipa-dns-install: remove check for local ip address

This check was forgotten and will be removed now.

https://pagure.io/freeipa/issue/4317
---
 install/tools/ipa-dns-install | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 5bd0ba6d77..cb6c5d887f 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -47,7 +47,9 @@ def parse_options():
   default=False, help="print debugging information")
 parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS",
   default=[], action="append",
-  type="ip", ip_local=True, help="Master Server IP Address. This option can be used multiple times")
+  type="ip",
+  help="Master Server IP Address. This option can be used "
+   "multiple times")
 parser.add_option("--forwarder", dest="forwarders", action="append",
   type="ip", help="Add a DNS forwarder. This option can be used multiple times")
 parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",

From e07e6664308a198064f0e16c1c8c135c3e9caa4f Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 14 Jun 2017 14:47:23 +0200
Subject: [PATCH 3/7] refactor CheckedIPAddress class

Make methods without side effects (setting mask)

https://pagure.io/freeipa/issue/4317
---
 ipapython/ipautil.py | 29 ++---
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 647ee833ae..2c020e3ecb 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -62,6 +62,12 @@
 socket.SOCK_DGRAM: 'udp'
 }
 
+InterfaceDetails = collections.namedtuple(
+'InterfaceDetails', [
+'name',  # interface name
+'ifnet'  # network details of interface
+])
+
 
 class UnsafeIPAddress(netaddr.IPAddress):
 """Any valid IP address with or without netmask."""
@@ -161,9 +167,12 @@ def __init__(self, addr, match_local=False, parse_netmask=True,
 raise ValueError("cannot use multicast IP address {}".format(addr))
 
 if match_local:
-if not self.get_matching_interface():
+intf_details = self.get_matching_interface()
+if not intf_details:
 raise ValueError('no network interface matches the IP address '
  'and netmask {}'.format(addr))
+else:
+self.set_ip_net(intf_details.ifnet)
 
 if self._net is None:
 if self.version == 4:
@@ -193,7 +202,8 @@ def is_broadcast_addr(self):
 
 def get_matching_interface(self):
 """Find matching local interface for address
-:return: Interface name or None if no interface has this address
+:return: InterfaceDetails named tuple or None if no interface has
+this address
 """
 if

[Freeipa-devel] [freeipa PR#875][comment] Fix ip address checks

2017-06-20 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/875
Title: #875: Fix ip address checks

MartinBasti commented:
"""
@dkupka it is not aim of this PR to fix what you mentioned.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/875#issuecomment-309666594
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#439][synchronized] Testing both py2/py3 in travis

2017-06-19 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/439
Author: MartinBasti
 Title: #439: Testing both py2/py3 in travis
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/439/head:pr439
git checkout pr439
From f5afc91e05487e3b786feeb94f894c6d53f79169 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 7 Feb 2017 14:56:39 +0100
Subject: [PATCH 1/3] Build: allow to build only py2 rpms for fedora

This is more or less for testing purposes of py2/py3 compatibility
---
 BUILD.txt   | 5 +
 Makefile.am | 4 ++--
 freeipa.spec.in | 4 
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/BUILD.txt b/BUILD.txt
index 7901d0748c..1729daebf5 100644
--- a/BUILD.txt
+++ b/BUILD.txt
@@ -36,6 +36,11 @@ It may be possible to do a simple make install but this has not been
 well-tested. Additional work is done in pre/post install scripts in the ipa
 spec file.
 
+To build only python2 packages on fedora following steps are required:
+$ autoreconf -i
+$ ./configure
+$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'"
+
 Developing plugins
 --
 
diff --git a/Makefile.am b/Makefile.am
index cbe4f2df49..972e260012 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -122,7 +122,7 @@ rpms: $(VERSION_UPDATE_TARGET)
 	$(MAKE) _rpms-body
 
 _rpms-body: _rpms-prep
-	rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec
+	rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec  $(RPMBUILD_OPTS)
 	cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/
 	cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/
 	rm -f rm -f $(top_builddir)/.version
@@ -131,7 +131,7 @@ srpms: $(VERSION_UPDATE_TARGET)
 	$(MAKE) _srpms-body
 
 _srpms-body: _rpms-prep
-	rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec
+	rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS)
 	cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/
 	rm -f rm -f $(top_builddir)/.version
 
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 72f79c9f35..6c57cbe9e4 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -17,11 +17,15 @@
 %global with_ipatests_option --without-ipatests
 %endif
 
+%if 0%{?with_python3:1}
+# with_python3 already defined
+%else
 %if 0%{?rhel}
 %global with_python3 0
 %else
 %global with_python3 1
 %endif
+%endif
 
 # lint is not executed during rpmbuild
 # %%global with_lint 1

From ff8b98d1401a5f7fb9463e3ff1a53b77f2330d5b Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 7 Feb 2017 17:23:54 +0100
Subject: [PATCH 2/3] Travis: build only py2 packages for py2 testing

We will testing both py2 and py3 packages, first step is use only py2
builds for testing py2 packages
---
 .travis.yml |  2 ++
 .travis_run_task.sh | 10 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index c275cdca5d..62578d3e41 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -17,8 +17,10 @@ env:
 matrix:
 - TASK_TO_RUN="lint"
 - TASK_TO_RUN="run-tests"
+  PYTHON=/usr/bin/python2
   TESTS_TO_RUN="test_xmlrpc/test_[a-k]*.py"
 - TASK_TO_RUN="run-tests"
+  PYTHON=/usr/bin/python2
   TESTS_TO_RUN="test_cmdline
 test_install
 test_ipaclient
diff --git a/.travis_run_task.sh b/.travis_run_task.sh
index 7d050b0b6f..540c883d83 100755
--- a/.travis_run_task.sh
+++ b/.travis_run_task.sh
@@ -4,10 +4,17 @@
 #
 # NOTE: this script is intended to run in Travis CI only
 
-PYTHON="/usr/bin/python${TRAVIS_PYTHON_VERSION}"
 test_set=""
 developer_mode_opt="--developer-mode"
 
+if [[ $PYTHON == "/usr/bin/python2" ]]
+then
+env_opt="--define 'with_python3 0'"
+else
+env_opt=""
+fi
+
+
 function truncate_log_to_test_failures() {
 # chop off everything in the CI_RESULTS_LOG preceding pytest error output
 # if there are pytest errors in the log
@@ -43,6 +50,7 @@ ipa-docker-test-runner -l $CI_RESULTS_LOG \
 -c $TEST_RUNNER_CONFIG \
 $developer_mode_opt \
 --container-environment "PYTHON=$PYTHON" \
+--container-environment "RPMBUILD_OPTS=$env_opt" \
 --container-image $TEST_RUNNER_IMAGE \
 --git-repo $TRAVIS_BUILD_DIR \
 $TASK_TO_RUN $test_set

From 2a3df10e7298374ae50cad2fef73be48574043df Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 7 Feb 2017 18:29:08 +0100
Subject: [PATCH 3/3] Travis: enable temporal Py3 testing

This testconfig is temporal until all plugins are migrated into py3.
After that this temporal config file will be removed and used only the
previous one again
---
 .test_runner_config_py3_temp.yaml | 60 ++
 .travis.yml   | 90 ++-
 2 files

[Freeipa-devel] [freeipa PR#872][comment] Add IPA-specific bind unit file

2017-06-19 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/872
Title: #872: Add IPA-specific bind unit file

MartinBasti commented:
"""
I checked BZ, this may not be worth fixing as those fails are just during 
upgrade but at the end named is working. For sure this huge change cannot go to 
ipa-4-4 or ipa-4-5
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/872#issuecomment-309485173
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#876][synchronized] python-netifaces: update to reflect upstream changes

2017-06-19 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/876
Author: MartinBasti
 Title: #876: python-netifaces: update to reflect upstream changes
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/876/head:pr876
git checkout pr876
From 42b125584a50672e5536c6e66830f1cff685b127 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 16 Jun 2017 13:42:53 +0200
Subject: [PATCH] python-netifaces: update to reflect upstream changes

python-netifaces now provides IPv6 netmask in format mask/prefix. It
breaks freeipa as it is unexpected format for python-netaddr. We must
split netmask and provide only prefix for netaddr.

https://pagure.io/freeipa/issue/7021
---
 ipapython/ipautil.py | 17 ++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index a277ed8747..f214ccbbc2 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -195,6 +195,7 @@ def get_matching_interface(self):
 """Find matching local interface for address
 :return: Interface name or None if no interface has this address
 """
+root_logger.debug("Searching for an interface of IP address: %s", self)
 if self.version == 4:
 family = netifaces.AF_INET
 elif self.version == 6:
@@ -212,10 +213,20 @@ def get_matching_interface(self):
 # errors in IPNetwork
 ifaddr = ifdata['addr'].split(u'%', 1)[0]
 
-ifnet = netaddr.IPNetwork('{addr}/{netmask}'.format(
+# newer versions of netifaces provide IPv6 netmask in format
+# ':::::/64'. We have to split and use prefix
+# or the netmask with older versions
+ifmask = ifdata['netmask'].split(u'/')[-1]
+
+ifaddrmask = '{addr}/{netmask}'.format(
 addr=ifaddr,
-netmask=ifdata['netmask']
-))
+netmask=ifmask
+)
+root_logger.debug(
+"Testing local IP address: %s (interface: %s)",
+ifaddrmask, interface)
+
+ifnet = netaddr.IPNetwork(ifaddrmask)
 if ifnet == self._net or (
 self._net is None and ifnet.ip == self):
 self._net = ifnet
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#876][comment] python-netifaces: update to reflect upstream changes

2017-06-16 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/876
Title: #876: python-netifaces: update to reflect upstream changes

MartinBasti commented:
"""
@martbab should work with both versions, I don't want to bump requires for this
@pvoborni It could, I'll update PR
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/876#issuecomment-309011126
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#871][comment] Add --force-join into ipa-replica-install manpage

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/871
Title: #871: Add --force-join into ipa-replica-install manpage

MartinBasti commented:
"""
master:

* 7fd2102a78f2e008f2cd5fe68e9be58ead914b35 Add --force-join into 
ipa-replica-install manpage


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/871#issuecomment-308709569
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#871][+pushed] Add --force-join into ipa-replica-install manpage

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/871
Title: #871: Add --force-join into ipa-replica-install manpage

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#866][comment] Add a README to certificate profile templates directory

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/866
Title: #866: Add a README to certificate profile templates directory

MartinBasti commented:
"""
master:

* d7e1ab8438b02db9250b0985be29ac3325c2d2dc Add a README to certificate profile 
templates directory


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/866#issuecomment-308709300
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#866][+pushed] Add a README to certificate profile templates directory

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/866
Title: #866: Add a README to certificate profile templates directory

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#866][closed] Add a README to certificate profile templates directory

2017-06-15 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/866
Author: frasertweedale
 Title: #866: Add a README to certificate profile templates directory
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/866/head:pr866
git checkout pr866
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#865][comment] ipatests: do not collect systemd journal when logfile_dir is missing

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/865
Title: #865: ipatests: do not collect systemd journal when logfile_dir is 
missing

MartinBasti commented:
"""
master:

* 44e3496bd1a3004bc7a6497cbd212bba7910b2e3 ipatests: do not collect systemd 
journal when logfile_dir is missing


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/865#issuecomment-308708834
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#865][+pushed] ipatests: do not collect systemd journal when logfile_dir is missing

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/865
Title: #865: ipatests: do not collect systemd journal when logfile_dir is 
missing

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#862][comment] dnsserver.py: dnsserver-find no longer returns internal server error

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/862
Title: #862: dnsserver.py: dnsserver-find no longer returns internal server 
error

MartinBasti commented:
"""
master:

* 74d36a8af69a2946007ebd4d57c7bf0891d561db dnsserver.py: dnsserver-find no 
longer returns internal server error


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/862#issuecomment-308708624
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#862][+pushed] dnsserver.py: dnsserver-find no longer returns internal server error

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/862
Title: #862: dnsserver.py: dnsserver-find no longer returns internal server 
error

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#860][comment] adtrustinstance: fix ID range comparison

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/860
Title: #860: adtrustinstance: fix ID range comparison

MartinBasti commented:
"""
master:

* 440c61dc40353833cad3a5fc509821ce1f23757f adtrustinstance: fix ID range 
comparison


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/860#issuecomment-308708256
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#860][+pushed] adtrustinstance: fix ID range comparison

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/860
Title: #860: adtrustinstance: fix ID range comparison

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#860][+ack] adtrustinstance: fix ID range comparison

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/860
Title: #860: adtrustinstance: fix ID range comparison

Label: +ack
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#865][+ack] ipatests: do not collect systemd journal when logfile_dir is missing

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/865
Title: #865: ipatests: do not collect systemd journal when logfile_dir is 
missing

Label: +ack
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#862][+ack] dnsserver.py: dnsserver-find no longer returns internal server error

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/862
Title: #862: dnsserver.py: dnsserver-find no longer returns internal server 
error

Label: +ack
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#875][opened] Fix ip address checks

2017-06-15 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/875
Author: MartinBasti
 Title: #875: Fix ip address checks
Action: opened

PR body:
"""
Fix various checks of IP address in installers, removal of some unneeded checks 
that are not working correctly,  and mainly causes only false positive errors.

This PR also fixes regressions caused by 
bf9886a84393d1d1546db7e49b102e08a16a83e7

https://pagure.io/freeipa/issue/4317
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/875/head:pr875
git checkout pr875
From f342625aa0da367792cfbd5c4f1a164bf878ee8c Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 13 Jun 2017 17:03:30 +0200
Subject: [PATCH 1/7] Fix local IP address validation

Previously bf9886a84393d1d1546db7e49b102e08a16a83e7 match_local has
undesirable side effect that CheckedIPAddress object has set self._net
from local interface.

However with the recent changes, match_local is usually set to False,
thus this side effect stops happening and default mask per address class
is used. This causes validation error because mask on interface and mask
used for provided IP addresses differ (reporducible only with classless
masks).

FreeIPA should compare only IP addresses with local addresses without masks

https://pagure.io/freeipa/issue/4317
---
 ipapython/ipautil.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index a277ed8747..647ee833ae 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -216,10 +216,10 @@ def get_matching_interface(self):
 addr=ifaddr,
 netmask=ifdata['netmask']
 ))
-if ifnet == self._net or (
-self._net is None and ifnet.ip == self):
-self._net = ifnet
+
+if ifnet.ip == self:
 iface = interface
+self._net = ifnet
 break
 
 return iface

From 446d8fbfa0a912f993191c1447fb4f8002ea065d Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 14 Jun 2017 14:45:03 +0200
Subject: [PATCH 2/7] ipa-dns-install: remove check for local ip address

This check was forgotten and will be removed now.

https://pagure.io/freeipa/issue/4317
---
 install/tools/ipa-dns-install | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 5bd0ba6d77..cb6c5d887f 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -47,7 +47,9 @@ def parse_options():
   default=False, help="print debugging information")
 parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS",
   default=[], action="append",
-  type="ip", ip_local=True, help="Master Server IP Address. This option can be used multiple times")
+  type="ip",
+  help="Master Server IP Address. This option can be used "
+   "multiple times")
 parser.add_option("--forwarder", dest="forwarders", action="append",
   type="ip", help="Add a DNS forwarder. This option can be used multiple times")
 parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",

From 082ff655fd44b82e26b675f1a20fc4be5a3abc05 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 14 Jun 2017 14:47:23 +0200
Subject: [PATCH 3/7] refactor CheckedIPAddress class

Make methods without side effects (setting mask)

https://pagure.io/freeipa/issue/4317
---
 ipapython/ipautil.py | 29 ++---
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 647ee833ae..2c020e3ecb 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -62,6 +62,12 @@
 socket.SOCK_DGRAM: 'udp'
 }
 
+InterfaceDetails = collections.namedtuple(
+'InterfaceDetails', [
+'name',  # interface name
+'ifnet'  # network details of interface
+])
+
 
 class UnsafeIPAddress(netaddr.IPAddress):
 """Any valid IP address with or without netmask."""
@@ -161,9 +167,12 @@ def __init__(self, addr, match_local=False, parse_netmask=True,
 raise ValueError("cannot use multicast IP address {}".format(addr))
 
 if match_local:
-if not self.get_matching_interface():
+intf_details = self.get_matching_interface()
+if not intf_details:
 raise ValueError('no network interface matches the IP address '
  'and netmask {}'.format(addr))
+else:
+self.set_ip_net(intf_details.ifnet)
 
 if self._net is None:
 if self.version == 4:
@@ -193,7 +202,8 @@ def is_broadcast_addr(self):
 
 def

[Freeipa-devel] [freeipa PR#842][closed] Changed ownership of ldiffile to DS_USER

2017-06-15 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/842
Author: tscherf
 Title: #842: Changed ownership of ldiffile to DS_USER
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/842/head:pr842
git checkout pr842
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#842][+pushed] Changed ownership of ldiffile to DS_USER

2017-06-15 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/842
Title: #842: Changed ownership of ldiffile to DS_USER

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#872][comment] Add IPA-specific bind unit file

2017-06-14 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/872
Title: #872: Add IPA-specific bind unit file

MartinBasti commented:
"""
I have a few comments:

* named-pkcs11 should be masked in installer and upgrader to avoid issues when 
users start incorrect named service manually
* please update release notes, this is a quite big change that we changed name 
of service


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/872#issuecomment-308362410
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#838][comment] Explicitly ask for py2 dependencies in py2 packages

2017-06-09 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/838
Title: #838: Explicitly ask for py2 dependencies in py2 packages

MartinBasti commented:
"""
Resolved
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/838#issuecomment-307393128
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#845][comment] ipadiscovery: Return realm as a string

2017-06-08 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/845
Title: #845: ipadiscovery: Return realm as a string

MartinBasti commented:
"""
LGTM, we anyway assume inside framework that everything is in utf-8
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/845#issuecomment-307142144
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#849][+ack] session_storage: Correctly handle string/byte types

2017-06-08 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/849
Title: #849: session_storage: Correctly handle string/byte types

Label: +ack
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#857][closed] server.py: Removes dns-server configuration from ldap

2017-06-08 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/857
Author: Tiboris
 Title: #857: server.py: Removes dns-server configuration from ldap
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/857/head:pr857
git checkout pr857
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#857][+pushed] server.py: Removes dns-server configuration from ldap

2017-06-08 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/857
Title: #857: server.py: Removes dns-server configuration from ldap

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#857][comment] server.py: Removes dns-server configuration from ldap

2017-06-08 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/857
Title: #857: server.py: Removes dns-server configuration from ldap

MartinBasti commented:
"""
master:

* 063211d665d02fc343952f5b158fd8d89223fbc9 server.py: Removes dns-server 
configuration from ldap


ipa-4-5:

* 005c92868ce36770ce89e87ef3cdeae62d11ece4 server.py: Removes dns-server 
configuration from ldap



"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/857#issuecomment-307131102
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#848][closed] sssd.py: Deprecating no-sssd option.

2017-06-08 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/848
Author: Tiboris
 Title: #848: sssd.py: Deprecating no-sssd option.
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/848/head:pr848
git checkout pr848
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#848][comment] sssd.py: Deprecating no-sssd option.

2017-06-08 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/848
Title: #848: sssd.py: Deprecating no-sssd option.

MartinBasti commented:
"""
master:

* dfc271fdf4514481c11c342fabda135feeb44de6 sssd.py: Deprecating no-sssd option.


ipa-4-5:

* f984cef6ed49e04a4e3754d2f3214d64715d26df sssd.py: Deprecating no-sssd option.


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/848#issuecomment-307108648
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#829][+pushed] client.py: Replace hardcoded 'admin' with options.principal

2017-06-08 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/829
Title: #829: client.py: Replace hardcoded 'admin' with options.principal

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#840][comment] Add Role 'Client Administrator'

2017-06-08 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/840
Title: #840: Add Role 'Client Administrator'

MartinBasti commented:
"""
Off Topic: Shouldn't have "IT specialists" also 'Host Enrollment' privilege, 
because they have 'Host administrators' already and this should close the 
circle.

"Client administrator" sounds to me like too much as the role can only enroll 
client.  How about "Enrolling Administrator"/"Client Enrolling Administrator". 
But I'm not sure.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/840#issuecomment-307098685
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#857][comment] baseldap.py: Removes dns-server configuration from ldap

2017-06-08 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/857
Title: #857: baseldap.py: Removes dns-server configuration from ldap

MartinBasti commented:
"""
Actually NACK until you fix commit message, this is not related to baseldap.py
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/857#issuecomment-307016671
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#842][+ack] Changed ownership of ldiffile to DS_USER

2017-06-07 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/842
Title: #842: Changed ownership of ldiffile to DS_USER

Label: +ack
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#848][+ack] sssd.py: Deprecating no-sssd option.

2017-06-07 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/848
Title: #848: sssd.py: Deprecating no-sssd option.

Label: +ack
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#862][comment] dnsserver.py: dnsserver-find no longer returns internal server error

2017-06-07 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/862
Title: #862: dnsserver.py: dnsserver-find no longer returns internal server 
error

MartinBasti commented:
"""
LGTM
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/862#issuecomment-306849641
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#855][+pushed] Prevent issues with older clients

2017-06-07 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/855
Title: #855: Prevent issues with older clients

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#859][comment] Add CommonNameToSANDefault to default cert profile

2017-06-07 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/859
Title: #859: Add CommonNameToSANDefault to default cert profile

MartinBasti commented:
"""
How are upgrades of cert profile handled? (if they are needed)
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/859#issuecomment-306761729
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#855][comment] Prevent issues with older clients

2017-06-07 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/855
Title: #855: Prevent issues with older clients

MartinBasti commented:
"""
@pvoborni yes, this is the way how to handle false positive missing members in 
pylint
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/855#issuecomment-306759907
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#858][edited] Bump version of python-gssapi

2017-06-07 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/858
Author: pvomacka
 Title: #858: Bump version of python-gssapi
Action: edited

 Changed field: title
Original value:
"""
Bumb version of python-gssapi
"""

___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#857][comment] baseldap.py: Removes dns-server configuration from ldap

2017-06-07 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/857
Title: #857: baseldap.py: Removes dns-server configuration from ldap

MartinBasti commented:
"""
NACK

Please create a new method `_cleanup_server_dns_config` because this patch 
unrelated to DNS records but it is for DNS configuration per server.


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/857#issuecomment-306727089
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#846][synchronized] Travis: Add tox tests

2017-06-07 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/846
Author: MartinBasti
 Title: #846: Travis: Add tox tests
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/846/head:pr846
git checkout pr846
From 2b199c35532710cfb4459b7128bf950d958a6990 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 2 Jun 2017 10:41:20 +0200
Subject: [PATCH] Travis: Add tox tests

Tox tests contain various testcases for PyPI wheel builds
---
 .test_runner_config.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml
index 014c64854b..948b844d4c 100644
--- a/.test_runner_config.yaml
+++ b/.test_runner_config.yaml
@@ -28,7 +28,8 @@ steps:
   builddep:
   - rm -rf /var/cache/dnf/*
   - "dnf makecache fast || :"
-  - dnf builddep -y ${builddep_opts} --spec freeipa.spec.in --best --allowerasing
+  - dnf install -y python2-tox python3-tox
+  - dnf builddep -y ${builddep_opts} -D "with_lint 1" -D "with_wheels 1" --spec freeipa.spec.in --best --allowerasing
   cleanup:
   - chown -R ${uid}:${gid} ${container_working_dir}
   - journalctl -b --no-pager > systemd_journal.log
@@ -53,6 +54,7 @@ steps:
   lint:
   - make PYTHON=/usr/bin/python2 V=0 lint
   - make PYTHON=/usr/bin/python3 V=0 pylint
+  - tox pypi
   prepare_tests:
   - echo ${server_password} | kinit admin && ipa ping
   - cp -r /etc/ipa/* ~/.ipa/
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#848][comment] sssd.py: Deprecating no-sssd option.

2017-06-06 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/848
Title: #848: sssd.py: Deprecating no-sssd option.

MartinBasti commented:
"""
Please fill `changelog` in the ticket about this change.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/848#issuecomment-306537875
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#836][closed] Only warn when specified server IP addresses don't match intf

2017-06-06 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/836
Author: MartinBasti
 Title: #836: Only warn when specified server IP addresses don't match intf
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/836/head:pr836
git checkout pr836
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#812][closed] Refactoring cert-find to use API call directly instead of using

2017-06-02 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/812
Author: felipevolpone
 Title: #812: Refactoring cert-find to use API call directly instead of using
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/812/head:pr812
git checkout pr812
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#812][+pushed] Refactoring cert-find to use API call directly instead of using

2017-06-02 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/812
Title: #812: Refactoring cert-find to use API call directly instead of using

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#812][comment] Refactoring cert-find to use API call directly instead of using

2017-06-02 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/812
Title: #812: Refactoring cert-find to use API call directly instead of using

MartinBasti commented:
"""
master:

* 44bd5e358b027f8956b730f250854efb5087f05e Changing cert-find to do not use 
only primary key to search in LDAP.


ipa-4-5:

* df1276e9daf9ee8db05538f47706855cb3d11e01 Changing cert-find to do not use 
only primary key to search in LDAP.


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/812#issuecomment-305811098
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#818][closed] Avoid possible endless recursion in RPC call from client

2017-06-02 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/818
Author: stlaz
 Title: #818: Avoid possible endless recursion in RPC call from client
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/818/head:pr818
git checkout pr818
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#818][comment] Avoid possible endless recursion in RPC call from client

2017-06-02 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/818
Title: #818: Avoid possible endless recursion in RPC call from client

MartinBasti commented:
"""
master:

* 81a808caeb5676427610e113b5a259511c2835d6 Avoid possible endless recursion in 
RPC call
* 79d1752577e8fcb568b701509fe5b52f949d5e4b rpc: preparations for recursion fix
* e1f8684e858b4ae47b54acd0d76a844bc20ce443 rpc: avoid possible recursion in 
create_connection


ipa-4-5:

* a5b413b72e224120acde09d1c877be11b3f61b6b Avoid possible endless recursion in 
RPC call
* d8aab383a39a22cc613cf64e5d66ce69111d97df rpc: preparations for recursion fix
* cb6c93dad044c724ba2cedbff49bf71aea939418 rpc: avoid possible recursion in 
create_connection


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/818#issuecomment-305808729
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#818][+pushed] Avoid possible endless recursion in RPC call from client

2017-06-02 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/818
Title: #818: Avoid possible endless recursion in RPC call from client

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#823][closed] ipa-kdb: reload certificate mapping rules periodically

2017-06-02 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/823
Author: sumit-bose
 Title: #823: ipa-kdb: reload certificate mapping rules periodically
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/823/head:pr823
git checkout pr823
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#846][synchronized] Travis: Add tox tests

2017-06-02 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/846
Author: MartinBasti
 Title: #846: Travis: Add tox tests
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/846/head:pr846
git checkout pr846
From 0bd0a1a84941814a6e30f311ced7627ba2fda79b Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 2 Jun 2017 10:41:20 +0200
Subject: [PATCH] Travis: Add tox tests

Tox tests contain various testcases for PyPI wheel builds
---
 .test_runner_config.yaml | 1 +
 .travis.yml  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.test_runner_config.yaml b/.test_runner_config.yaml
index 014c64854b..9161d5db28 100644
--- a/.test_runner_config.yaml
+++ b/.test_runner_config.yaml
@@ -53,6 +53,7 @@ steps:
   lint:
   - make PYTHON=/usr/bin/python2 V=0 lint
   - make PYTHON=/usr/bin/python3 V=0 pylint
+  - tox pypi
   prepare_tests:
   - echo ${server_password} | kinit admin && ipa ping
   - cp -r /etc/ipa/* ~/.ipa/
diff --git a/.travis.yml b/.travis.yml
index c275cdca5d..61db22d6e3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -31,6 +31,7 @@ install:
 - pip install --upgrade pip
 - pip3 install --upgrade pip
 - pip install pep8
+- pip install tox
 - >
   pip3 install
   git+https://github.com/freeipa/ipa-docker-test-runner@release-0-2-1
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#850][+py3] ipaldap py3 fixes

2017-06-02 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/850
Title: #850: ipaldap py3 fixes

Label: +py3
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#845][comment] ipadiscovery: Return realm as a string

2017-06-02 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/845
Title: #845: ipadiscovery: Return realm as a string

MartinBasti commented:
"""
That is an experimental only RFC. By general it can contain any byte textually 
represented in octal form.

str() in python2 converts from bytes using ASCII codec, so by keeping 
compatibility and avoiding to parse weird realms it should be IMO ASCII. But I 
can live with utf-8 as well, but I haven't checked how is this handled later in 
code
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/845#issuecomment-305739666
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#845][comment] ipadiscovery: Return realm as a string

2017-06-02 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/845
Title: #845: ipadiscovery: Return realm as a string

MartinBasti commented:
"""
A TXT record can contain anything in any encoding, it contains just bytes 
without predefined semantic, we should play safe here and catch 
UnicodeDecodeError.

Also currently we support only ASCII for realms, I'm not sure which character 
are allowed to be in realm outside IPA world, I haven't found a clear answer.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/845#issuecomment-305722760
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#844][comment] py3: fix regression in schemaupdate

2017-06-02 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/844
Title: #844: py3: fix regression in schemaupdate

MartinBasti commented:
"""
master:

* 89eb162fcd60861ed4c628dab4e1aaf10c6160bb py3: fix regression in schemaupdate


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/844#issuecomment-305717022
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#838][opened] Explicitly ask for py2 dependencies in py2 packages

2017-06-01 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/838
Author: MartinBasti
 Title: #838: Explicitly ask for py2 dependencies in py2 packages
Action: opened

PR body:
"""
In future default package names can start to pointing to py3 instead of
py2. We have to explicitly ask for python2-* and python3-* packages.

This commit changes only dependencies that are available in both F25 and
F26

https://pagure.io/freeipa/issue/4985
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/838/head:pr838
git checkout pr838
From 61ec8905cadecf8cd69ea63829bca1f5ad756e6a Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Thu, 1 Jun 2017 10:45:08 +0200
Subject: [PATCH] Explicitly ask for py2 dependencies in py2 packages

In future default package names can start to pointing to py3 instead of
py2. We have to explicitly ask for python2-* and python3-* packages.

This commit changes only dependencies that are available in both F25 and
F26

https://pagure.io/freeipa/issue/4985
---
 freeipa.spec.in | 74 -
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 1446dfbb7c..e6a5e6be8c 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -139,12 +139,12 @@ BuildRequires:  python-lesscpy
 #
 BuildRequires:  python-ldap
 BuildRequires:  python-netaddr
-BuildRequires:  python-pyasn1
-BuildRequires:  python-pyasn1-modules
-BuildRequires:  python-dns
+BuildRequires:  python2-pyasn1
+BuildRequires:  python2-pyasn1-modules
+BuildRequires:  python2-dns
 BuildRequires:  python-six
-BuildRequires:  python-libsss_nss_idmap
-BuildRequires:  python-cffi
+BuildRequires:  python2-libsss_nss_idmap
+BuildRequires:  python2-cffi
 
 #
 # Build dependencies for wheel packaging and PyPI upload
@@ -152,7 +152,7 @@ BuildRequires:  python-cffi
 %if 0%{?with_wheels}
 BuildRequires:  dbus-glib-devel
 BuildRequires:  libffi-devel
-BuildRequires:  python-tox
+BuildRequires:  python2-tox
 BuildRequires:  python2-twine
 BuildRequires:  python2-wheel
 %if 0%{?with_python3}
@@ -177,14 +177,14 @@ BuildRequires:  pylint >= 1.6
 %endif
 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
 BuildRequires:  python2-polib
-BuildRequires:  python-libipa_hbac
-BuildRequires:  python-lxml
+BuildRequires:  python2-libipa_hbac
+BuildRequires:  python2-lxml
 # 5.0.0: QRCode.print_ascii
 BuildRequires:  python-qrcode-core >= 5.0.0
 # 1.15: python-dns changed return type in to_text() method in PY3
-BuildRequires:  python-dns >= 1.15
+BuildRequires:  python2-dns >= 1.15
 BuildRequires:  jsl
-BuildRequires:  python-yubico
+BuildRequires:  python2-yubico
 # pki Python package
 BuildRequires:  pki-base-python2
 BuildRequires:  python-pytest-multihost
@@ -193,17 +193,17 @@ BuildRequires:  python-jwcrypto
 # 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
 BuildRequires:  python2-custodia >= 0.3.1
 BuildRequires:  dbus-python
-BuildRequires:  python-dateutil
+BuildRequires:  python2-dateutil
 BuildRequires:  python-enum34
 BuildRequires:  python-netifaces
-BuildRequires:  python-sss
-BuildRequires:  python-sss-murmur
-BuildRequires:  python-sssdconfig
-BuildRequires:  python-nose
-BuildRequires:  python-paste
+BuildRequires:  python2-sss
+BuildRequires:  python2-sss-murmur
+BuildRequires:  python2-sssdconfig
+BuildRequires:  python2-nose
+BuildRequires:  python2-paste
 BuildRequires:  systemd-python
 BuildRequires:  python2-jinja2
-BuildRequires:  python-augeas
+BuildRequires:  python2-augeas
 
 %if 0%{?with_python3}
 # FIXME: this depedency is missing - server will not work
@@ -360,16 +360,16 @@ Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipaclient = %{version}-%{release}
 Requires: python2-custodia >= 0.3.1
 Requires: python-ldap >= 2.4.15
-Requires: python-lxml
+Requires: python2-lxml
 Requires: python-gssapi >= 1.2.0
-Requires: python-sssdconfig
-Requires: python-pyasn1
+Requires: python2-sssdconfig
+Requires: python2-pyasn1
 Requires: dbus-python
-Requires: python-dns >= 1.15
+Requires: python2-dns >= 1.15
 Requires: python-kdcproxy >= 0.3
 Requires: rpm-libs
 Requires: pki-base-python2
-Requires: python-augeas
+Requires: python2-augeas
 
 %description -n python2-ipaserver
 IPA is an integrated solution to provide centrally managed Identity (users,
@@ -552,7 +552,7 @@ BuildArch: noarch
 Requires: %{name}-client-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipalib = %{version}-%{release}
-Requires: python-dns >= 1.15
+Requires: python2-dns >= 1.15
 Requires: python2-jinja2
 
 %description -n python2-ipaclient
@@ -658,21 +658,21 @@ Requires: pyOpenSSL
 Requires: python >= 2.7.9
 Requires: python2-cryptography >= 1.6
 Requires: python-netaddr >= %{python_netaddr_version}
-Requires: python-libipa_hbac
+Requires: python2-libipa_hbac
 Requires: python-qrcode-core >= 5.0.0
-Requires: python-pyasn1

[Freeipa-devel] [freeipa PR#827][comment] pylint: explicitly depends on python2-pylint

2017-06-01 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/827
Title: #827: pylint: explicitly depends on python2-pylint

MartinBasti commented:
"""
master:

* be1415b6cc8f5dadc1ac3766305a33f370fdf9bb pylint: explicitly depends on 
python2-pylint


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/827#issuecomment-305417588
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#827][closed] pylint: explicitly depends on python2-pylint

2017-06-01 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/827
Author: MartinBasti
 Title: #827: pylint: explicitly depends on python2-pylint
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/827/head:pr827
git checkout pr827
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#827][+pushed] pylint: explicitly depends on python2-pylint

2017-06-01 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/827
Title: #827: pylint: explicitly depends on python2-pylint

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#834][closed] [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure

2017-06-01 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/834
Author: tomaskrizek
 Title: #834: [4.4] NSSNickname enclosed in single quotes causes 
ipa-server-certinstall failure
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/834/head:pr834
git checkout pr834
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#834][comment] [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure

2017-06-01 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/834
Title: #834: [4.4] NSSNickname enclosed in single quotes causes 
ipa-server-certinstall failure

MartinBasti commented:
"""
ipa-4-4:

* e4363c5c26982f9126e7df16ba7a1a060cdb8721 Fix the installutils.set_directive 
docstring
* e40f9a5183fc3ebe160ea6b6ae4fb5c3190c1462 installutils: improve directive 
value parsing in `get_directive`
* 67c8f5fd4e50283e7680e7ded142e3234c7ab5f1 Delegate directive value 
quoting/unquoting to separate functions
* 60a05de4122a26f3a9d148b8c014668d296229fc Explicitly handle quoting/unquoting 
of NSSNickname directive


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/834#issuecomment-305416276
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#834][+pushed] [4.4] NSSNickname enclosed in single quotes causes ipa-server-certinstall failure

2017-06-01 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/834
Title: #834: [4.4] NSSNickname enclosed in single quotes causes 
ipa-server-certinstall failure

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#824][+pushed] ca-add: validate Subject DN name attributes

2017-06-01 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/824
Title: #824: ca-add: validate Subject DN name attributes

Label: +pushed
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#824][comment] ca-add: validate Subject DN name attributes

2017-06-01 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/824
Title: #824: ca-add: validate Subject DN name attributes

MartinBasti commented:
"""
master:

* 5f0e13ce9c3d1ead02de61a148de973fc6787b96 ca-add: validate Subject DN name 
attributes


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/824#issuecomment-305412301
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#824][closed] ca-add: validate Subject DN name attributes

2017-06-01 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/824
Author: frasertweedale
 Title: #824: ca-add: validate Subject DN name attributes
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/824/head:pr824
git checkout pr824
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#460][closed] ipa-server-install, ipa-server-upgrade fixes

2017-06-01 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/460
Author: MartinBasti
 Title: #460: ipa-server-install, ipa-server-upgrade fixes
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/460/head:pr460
git checkout pr460
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#460][comment] ipa-server-install, ipa-server-upgrade fixes

2017-06-01 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/460
Title: #460: ipa-server-install, ipa-server-upgrade fixes

MartinBasti commented:
"""
master:

* 2e63ec42d0f879f2d129c4f81f88a1712ce86b8c py3: use ConfigParser instead of 
SafeConfigParser
* 6e7071d6add24e8923d705d35a362761f356d56d py3: ConfigParser: replace 
deprecated readfd with read
* 27f8f9f03d69276f9ee410169b76574da2461794 py3: ipaldap: encode Boolean as bytes
* d7a9e81fbd7a33941a8c5ae9f29252522944 py3: softhsm key_id must be bytes
* bc9addac30d69d88f5040e194be1e32a881cfba9 py3: LDAP updates: use only 
bytes/raw values
* d89de4219d0e8ee33e81d6b6d1bc6c22ac9ffbaa py3: schemaupdate: fix BytesWarning
* b09a941f34507cfce682d8c5a3acf6dfe7fa624e py3: cainstance: fix BytesWarning
* c6a57d8091aeefb6067711189ee0ce11411dee57 py3: urlfetch: use "file://" prefix 
with filenames
* 99771ceb9ffcf21d0364bf57994716322b24551e py3: update_mod_nss_cipher_suite: 
ordering doesn't work with None


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/460#issuecomment-305411368
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#836][opened] Only warn when specified server IP addresses don't match intf

2017-05-31 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/836
Author: MartinBasti
 Title: #836: Only warn when specified server IP addresses don't match intf
Action: opened

PR body:
"""
In containers local addresses differ from public addresses and we need
a way to provide only public address to installers.

https://pagure.io/freeipa/issue/2715
https://pagure.io/freeipa/issue/4317
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/836/head:pr836
git checkout pr836
From dff7a4961a9cbc6f6625de4702e07b150b4561c4 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Wed, 31 May 2017 15:50:05 +0200
Subject: [PATCH] Only warn when specified server IP addresses don't match intf

In containers local addresses differ from public addresses and we need
a way to provide only public address to installers.

https://pagure.io/freeipa/issue/2715
https://pagure.io/freeipa/issue/4317
---
 ipalib/install/hostname.py |  2 +-
 ipalib/util.py | 14 +++
 ipapython/ipautil.py   | 62 --
 ipaserver/install/dns.py   |  1 +
 ipaserver/install/installutils.py  |  2 +-
 ipaserver/install/server/install.py|  2 +
 ipaserver/install/server/replicainstall.py |  2 +
 7 files changed, 55 insertions(+), 30 deletions(-)

diff --git a/ipalib/install/hostname.py b/ipalib/install/hostname.py
index ecc2963d15..25ac21e09c 100644
--- a/ipalib/install/hostname.py
+++ b/ipalib/install/hostname.py
@@ -34,7 +34,7 @@ class HostNameInstallInterface(service.ServiceInstallInterface):
 def ip_addresses(self, values):
 for value in values:
 try:
-CheckedIPAddress(value, match_local=True)
+CheckedIPAddress(value)
 except Exception as e:
 raise ValueError("invalid IP address {0}: {1}".format(
 value, e))
diff --git a/ipalib/util.py b/ipalib/util.py
index 713fc107e9..1bd8495a49 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -1128,3 +1128,17 @@ def broadcast_ip_address_warning(addr_list):
 # print
 print("WARNING: IP address {} might be broadcast address".format(
 ip), file=sys.stderr)
+
+
+def no_matching_interface_for_ip_address_warning(addr_list):
+for ip in addr_list:
+if not ip.get_matching_interface():
+root_logger.warning(
+"No network interface matches the IP address %s", ip)
+# fixme: once when loggers will be fixed, we can remove this
+# print
+print(
+"WARNING: No network interface matches the IP address "
+"{}".format(ip),
+file=sys.stderr
+)
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 317fc225b7..a277ed8747 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -161,34 +161,7 @@ def __init__(self, addr, match_local=False, parse_netmask=True,
 raise ValueError("cannot use multicast IP address {}".format(addr))
 
 if match_local:
-if self.version == 4:
-family = netifaces.AF_INET
-elif self.version == 6:
-family = netifaces.AF_INET6
-else:
-raise ValueError(
-"Unsupported address family ({})".format(self.version)
-)
-
-iface = None
-for interface in netifaces.interfaces():
-for ifdata in netifaces.ifaddresses(interface).get(family, []):
-
-# link-local addresses contain '%suffix' that causes parse
-# errors in IPNetwork
-ifaddr = ifdata['addr'].split(u'%', 1)[0]
-
-ifnet = netaddr.IPNetwork('{addr}/{netmask}'.format(
-addr=ifaddr,
-netmask=ifdata['netmask']
-))
-if ifnet == self._net or (
-self._net is None and ifnet.ip == self):
-self._net = ifnet
-iface = interface
-break
-
-if iface is None:
+if not self.get_matching_interface():
 raise ValueError('no network interface matches the IP address '
  'and netmask {}'.format(addr))
 
@@ -218,6 +191,39 @@ def is_network_addr(self):
 def is_broadcast_addr(self):
 return self.version == 4 and self == self._net.broadcast
 
+def get_matching_interface(self):
+"""Find matching local interface for address
+:return: Interface name or None if no interface has this address
+"""
+if self.version == 4:
+family = netifaces.AF_INET
+elif self.version == 6:
+family = netifaces.AF_INET6
+else:
+raise

[Freeipa-devel] [freeipa PR#803][+ack] ipatests: add systemd journal collection for multihost tests

2017-05-31 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/803
Title: #803: ipatests: add systemd journal collection for multihost tests

Label: +ack
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#460][synchronized] ipa-server-install, ipa-server-upgrade fixes

2017-05-31 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/460
Author: MartinBasti
 Title: #460: ipa-server-install, ipa-server-upgrade fixes
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/460/head:pr460
git checkout pr460
From 69369de4b67ca1a0e0286253ffe1cd42c853a0cd Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 10 Feb 2017 17:05:02 +0100
Subject: [PATCH 1/9] py3: use ConfigParser instead of SafeConfigParser

DeprecationWarning: The SafeConfigParser class has been renamed
to ConfigParser in Python 3.2. This alias will be removed in
future versions. Use ConfigParser directly instead.

https://fedorahosted.org/freeipa/ticket/4985
---
 ipalib/install/sysrestore.py |  6 +-
 ipaserver/install/installutils.py|  7 ++-
 ipaserver/install/ipa_backup.py  |  7 ++-
 ipaserver/install/ipa_replica_prepare.py |  7 ++-
 ipaserver/install/ipa_restore.py | 11 ++-
 ipaserver/install/server/upgrade.py  |  6 +-
 6 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/ipalib/install/sysrestore.py b/ipalib/install/sysrestore.py
index b1bf4b9127..5c21956898 100644
--- a/ipalib/install/sysrestore.py
+++ b/ipalib/install/sysrestore.py
@@ -31,7 +31,11 @@
 
 import six
 # pylint: disable=import-error
-from six.moves.configparser import SafeConfigParser
+if six.PY3:
+# The SafeConfigParser class has been renamed to ConfigParser in Py3
+from configparser import ConfigParser as SafeConfigParser
+else:
+from ConfigParser import SafeConfigParser
 # pylint: enable=import-error
 
 from ipaplatform.tasks import tasks
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index d2283af204..15ab65974e 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -41,7 +41,12 @@
 import ldapurl
 import six
 # pylint: disable=import-error
-from six.moves.configparser import SafeConfigParser, NoOptionError
+if six.PY3:
+# The SafeConfigParser class has been renamed to ConfigParser in Py3
+from configparser import ConfigParser as SafeConfigParser
+else:
+from ConfigParser import SafeConfigParser
+from six.moves.configparser import NoOptionError
 # pylint: enable=import-error
 
 from ipalib.install import sysrestore
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index f8cdd56d26..f17de1e6f2 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -23,8 +23,13 @@
 import time
 import pwd
 
+import six
 # pylint: disable=import-error
-from six.moves.configparser import SafeConfigParser
+if six.PY3:
+# The SafeConfigParser class has been renamed to ConfigParser in Py3
+from configparser import ConfigParser as SafeConfigParser
+else:
+from ConfigParser import SafeConfigParser
 # pylint: enable=import-error
 
 from ipaplatform.paths import paths
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index d4456dd796..fcb652859c 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -30,8 +30,13 @@
 # pylint: enable=deprecated-module
 
 import dns.resolver
+import six
 # pylint: disable=import-error
-from six.moves.configparser import SafeConfigParser
+if six.PY3:
+# The SafeConfigParser class has been renamed to ConfigParser in Py3
+from configparser import ConfigParser as SafeConfigParser
+else:
+from ConfigParser import SafeConfigParser
 # pylint: enable=import-error
 
 from ipaserver.install import certs, installutils, bindinstance, dsinstance, ca
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index f786c746bb..ea308dba4e 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -25,8 +25,13 @@
 import ldif
 import itertools
 
+import six
 # pylint: disable=import-error
-from six.moves.configparser import SafeConfigParser
+if six.PY3:
+# The SafeConfigParser class has been renamed to ConfigParser in Py3
+from configparser import ConfigParser as SafeConfigParser
+else:
+from ConfigParser import SafeConfigParser
 # pylint: enable=import-error
 
 from ipaclient.install.client import update_ipa_nssdb
@@ -715,7 +720,11 @@ def read_header(self):
 self.backup_host = config.get('ipa', 'host')
 self.backup_ipa_version = config.get('ipa', 'ipa_version')
 self.backup_version = config.get('ipa', 'version')
+# pylint: disable=no-member
+# we can assume that returned object is string and it has .split()
+# method
 self.backup_services = config.get('ipa', 'services').split(',')
+# pylint: enable=no-member
 
 
 def extract_backup(self, keyring=None):
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index db86353165..e8ceafa310 100644
---

[Freeipa-devel] [freeipa PR#814][closed] Add new permission to grant 'add' on cas container

2017-05-31 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/814
Author: Tiboris
 Title: #814: Add new permission to grant 'add' on cas container
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/814/head:pr814
git checkout pr814
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#832][synchronized] Add remote_plugins subdirectories to RPM

2017-05-30 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/832
Author: MartinBasti
 Title: #832: Add remote_plugins subdirectories to RPM
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/832/head:pr832
git checkout pr832
From 0bc60c16a5e57bb9a4801a3e4f7689e333221c5f Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 30 May 2017 16:55:41 +0200
Subject: [PATCH] Add remote_plugins subdirectories to RPM

Subdirectories of remote plugins were forgotten in previous fix
d22ac59828cc4339d509804ddb3e2e1da9cfaa20 .

https://pagure.io/freeipa/issue/6927
---
 freeipa.spec.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index e6f63a2675..cc64540ac7 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1430,6 +1430,7 @@ fi
 %{python_sitelib}/ipaclient/plugins/*.py*
 %dir %{python_sitelib}/ipaclient/remote_plugins
 %{python_sitelib}/ipaclient/remote_plugins/*.py*
+%dir %{python_sitelib}/ipaclient/remote_plugins/2_*
 %{python_sitelib}/ipaclient/remote_plugins/2_*/*.py*
 %dir %{python_sitelib}/ipaclient/csrgen
 %dir %{python_sitelib}/ipaclient/csrgen/profiles
@@ -1459,6 +1460,7 @@ fi
 %dir %{python3_sitelib}/ipaclient/remote_plugins
 %{python3_sitelib}/ipaclient/remote_plugins/*.py
 %{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py*
+%dir %{python3_sitelib}/ipaclient/remote_plugins/2_*
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
 %dir %{python3_sitelib}/ipaclient/csrgen
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#832][opened] Add remote_plugins subdirectories to RPM

2017-05-30 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/832
Author: MartinBasti
 Title: #832: Add remote_plugins subdirectories to RPM
Action: opened

PR body:
"""
Subdirectories of remote plugins were forgotten in previous fix
d22ac59828cc4339d509804ddb3e2e1da9cfaa20 .

https://pagure.io/freeipa/issue/6927
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/832/head:pr832
git checkout pr832
From 855f34f8791e1ebcef11ef989a9969b3efd170a6 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 30 May 2017 16:55:41 +0200
Subject: [PATCH] Add remote_plugins subdirectories to RPM

Subdirectories of remote plugins were forgotten in previous fix
d22ac59828cc4339d509804ddb3e2e1da9cfaa20 .

https://pagure.io/freeipa/issue/6927
---
 freeipa.spec.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index e6f63a2675..33e4976da6 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1430,6 +1430,7 @@ fi
 %{python_sitelib}/ipaclient/plugins/*.py*
 %dir %{python_sitelib}/ipaclient/remote_plugins
 %{python_sitelib}/ipaclient/remote_plugins/*.py*
+%dir %{python_sitelib}/ipaclient/remote_plugins/*
 %{python_sitelib}/ipaclient/remote_plugins/2_*/*.py*
 %dir %{python_sitelib}/ipaclient/csrgen
 %dir %{python_sitelib}/ipaclient/csrgen/profiles
@@ -1459,6 +1460,7 @@ fi
 %dir %{python3_sitelib}/ipaclient/remote_plugins
 %{python3_sitelib}/ipaclient/remote_plugins/*.py
 %{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py*
+%dir %{python3_sitelib}/ipaclient/remote_plugins/*
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
 %{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
 %dir %{python3_sitelib}/ipaclient/csrgen
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#827][synchronized] pylint: explicitly depends on python2-pylint

2017-05-30 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/827
Author: MartinBasti
 Title: #827: pylint: explicitly depends on python2-pylint
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/827/head:pr827
git checkout pr827
From 32ee7e81840eebb3f704cfc4ba7928c4ed2be7d5 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 26 May 2017 22:30:28 +0200
Subject: [PATCH] pylint: explicitly depends on python2-pylint

F26 defaults to python3 with pylint package, we have to explicitly ask
for python2 version of pylint

https://pagure.io/freeipa/issue/6986
---
 freeipa.spec.in | 4 
 1 file changed, 4 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 3cb137f3a7..0d96d4cf4b 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -170,7 +170,11 @@ BuildRequires:  samba-python
 # 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199)
 BuildRequires:  python2-cryptography >= 1.6
 BuildRequires:  python-gssapi >= 1.2.0
+%if 0%{?fedora} >= 26
+BuildRequires:  python2-pylint
+%else
 BuildRequires:  pylint >= 1.6
+%endif
 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
 BuildRequires:  python2-polib
 BuildRequires:  python-libipa_hbac
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#831][edited] [4.4] custodia dep: require explictly python2 version

2017-05-30 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/831
Author: MartinBasti
 Title: #831: [4.4] custodia dep: require explictly python2 version
Action: edited

 Changed field: title
Original value:
"""
custodia dep: require explictly python2 version
"""

___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#831][opened] custodia dep: require explictly python2 version

2017-05-30 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/831
Author: MartinBasti
 Title: #831: custodia dep: require explictly python2 version
Action: opened

PR body:
"""
python-custodia matches python3-custodia, but for py2 installations we
need python2-custodia explicitly

https://pagure.io/freeipa/issue/6962
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/831/head:pr831
git checkout pr831
From 93a9ce20ac29e54b1a8c4f7b1dc62a64547510d7 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 30 May 2017 16:18:08 +0200
Subject: [PATCH] custodia dep: require explictly python2 version

python-custodia matches python3-custodia, but for py2 installations we
need python2-custodia explicitly

https://pagure.io/freeipa/issue/6962
---
 freeipa.spec.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 6c9269ae20..11cb627a83 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -499,7 +499,7 @@ Requires: python-jwcrypto
 Requires: python-cffi
 Requires: python-ldap >= 2.4.15
 Requires: python-requests
-Requires: python-custodia >= 0.2
+Requires: python2-custodia >= 0.2
 Requires: python-dns >= 1.13
 Requires: python-netifaces >= 0.10.4
 Requires: pyusb
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#830][opened] custodia dep: require explictly python2 version

2017-05-30 Thread MartinBasti via FreeIPA-devel 
   URL: https://github.com/freeipa/freeipa/pull/830
Author: MartinBasti
 Title: #830: custodia dep: require explictly python2 version
Action: opened

PR body:
"""
python-custodia matches python3-custodia, but for py2 installations we
need python2-custodia explicitly

https://pagure.io/freeipa/issue/6962
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/830/head:pr830
git checkout pr830
From 8ae0e011c5b97977a2c0d4065075cf21b6400b85 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 30 May 2017 16:18:08 +0200
Subject: [PATCH] custodia dep: require explictly python2 version

python-custodia matches python3-custodia, but for py2 installations we
need python2-custodia explicitly

https://pagure.io/freeipa/issue/6962
---
 freeipa.spec.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index e6f63a2675..de3757a1fa 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -187,7 +187,7 @@ BuildRequires:  python-pytest-multihost
 BuildRequires:  python-pytest-sourceorder
 BuildRequires:  python-jwcrypto
 # 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
-BuildRequires:  python-custodia >= 0.3.1
+BuildRequires:  python2-custodia >= 0.3.1
 BuildRequires:  dbus-python
 BuildRequires:  python-dateutil
 BuildRequires:  python-enum34
@@ -354,7 +354,7 @@ BuildArch: noarch
 Requires: %{name}-server-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipaclient = %{version}-%{release}
-Requires: python-custodia >= 0.3.1
+Requires: python2-custodia >= 0.3.1
 Requires: python-ldap >= 2.4.15
 Requires: python-lxml
 Requires: python-gssapi >= 1.2.0
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#460][-ack] ipa-server-install, ipa-server-upgrade fixes

2017-05-30 Thread MartinBasti via FreeIPA-devel 
  URL: https://github.com/freeipa/freeipa/pull/460
Title: #460: ipa-server-install, ipa-server-upgrade fixes

Label: -ack
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

  1   2   >