[Freeipa-devel] [freeipa PR#17] Tests: Random issuer certificate can be added to a service (opened)

mirielka's pull request #17: "Tests: Random issuer certificate can be added to a service" was opened PR body: """ Changing negative test case that verified that a certificate with different than expected issuer cannot be added to a service to a positive one that verifies that this operation now

[Freeipa-devel] Karma Requests for pki-core-10.3.5-3

*The following updated candidate builds of pki-core 10.3.5 on Fedora 24, 25, and 26 (rawhide) consist of the following:* * *Fedora 24* o *pki-core-10.3.5-3.fc24 * * *Fedora 25* o *pki-core-10.3.5-3.fc25

Re: [Freeipa-devel] [PATCH] 0004 Fix ipa-server-install in pure IPv6 environment

On 19.08.2016 14:09, Tomas Krizek wrote: Hi, please review the attached patch. Make sure the hostname isn't resolved to link local IPv6(feXX:...) during testing, which doesn't work (and isn't supposed to). It did not work for me, pki-ca-spawn.log: /ca/getStatus (Caused by

[Freeipa-devel] [freeipa PR#16] Require httpd 2.4.6-31 with mod_proxy Unix socket support (comment)

mbasti-rh commented on a pull request """ I realized that we should use 2.4.7 in upstream specfile, to make porting of IPA easier """ See the full comment at https://github.com/freeipa/freeipa/pull/16#issuecomment-242108719 -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [freeipa PR#13] Handled empty hostname in server-del command (comment)

Akasurde commented on a pull request """ @mbasti-rh @stlaz Thanks for comments """ See the full comment at https://github.com/freeipa/freeipa/pull/13#issuecomment-242105659 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [freeipa PR#16] Require httpd 2.4.6-31 with mod_proxy Unix socket support (comment)

mbasti-rh commented on a pull request """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/17bb9b9a9ba983020c66f4b83a5918be636ef3bd """ See the full comment at https://github.com/freeipa/freeipa/pull/16#issuecomment-242103959 -- Manage your subscription for the Freeipa-devel

[Freeipa-devel] [freeipa PR#15] Secure permissions of Custodia server.keys (closed)

tiran's pull request #15: "Secure permissions of Custodia server.keys" was closed See the full pull-request at https://github.com/freeipa/freeipa/pull/15 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/15/head:pr15 git

[Freeipa-devel] [freeipa PR#15] Secure permissions of Custodia server.keys (+pushed)

tiran's pull request #15: "Secure permissions of Custodia server.keys" label *pushed* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/15 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [freeipa PR#15] Secure permissions of Custodia server.keys (comment)

mbasti-rh commented on a pull request """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/d9ab0097e15618b0c614b3fdfa2ac4ea52b902c0 """ See the full comment at https://github.com/freeipa/freeipa/pull/15#issuecomment-242095453 -- Manage your subscription for the Freeipa-devel

[Freeipa-devel] [freeipa PR#15] Secure permissions of Custodia server.keys (+ack)

tiran's pull request #15: "Secure permissions of Custodia server.keys" label *ack* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/15 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0036, 0037][Tests] Host/service tests do not recognize newly added attribute

On 24.08.2016 15:49, Ganna Kaihorodova wrote: Hello! [0036] ACK [0037] ACK Best regards, Ganna Kaihorodova Associate Software Quality Engineer - Original Message - From: "Lenka Doudova" To: "freeipa-devel" Sent: Monday, August 22,

[Freeipa-devel] [freeipa PR#13] Handled empty hostname in server-del command (closed)

Akasurde's pull request #13: "Handled empty hostname in server-del command" was closed See the full pull-request at https://github.com/freeipa/freeipa/pull/13 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/13/head:pr13 git

[Freeipa-devel] [freeipa PR#13] Handled empty hostname in server-del command (+pushed)

Akasurde's pull request #13: "Handled empty hostname in server-del command" label *pushed* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/13 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [freeipa PR#13] Handled empty hostname in server-del command (comment)

mbasti-rh commented on a pull request Fixed upstream master: https://fedorahosted.org/freeipa/changeset/95a594af4c99255ea4da27e609cf41b79ca7ed91 See the full comment at https://github.com/freeipa/freeipa/pull/13#issuecomment-242071162 -- Manage your subscription for the Freeipa-devel mailing

[Freeipa-devel] [freeipa PR#13] Handled empty hostname in server-del command (+ack)

Akasurde's pull request #13: "Handled empty hostname in server-del command" label *ack* has been added See the full pull-request at https://github.com/freeipa/freeipa/pull/13 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] certmonger "failed to verify signature on server response" after receiving valid certificate

it depends on the depth of the cert chain if the verification fails or not. fails: RootCA-> SubCA-> end-entity works: RootCA-> SubCA-> SubSubCA->end-entity works: RootCA-> SubCA-> SubCA-> SubSubCA-> SubSubSubCA->end-entity when looking into the CA file, in cases where it works I see an extra

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

On 24.08.2016 13:32, Tomas Krizek wrote: Fixed the typo in error message. On 08/23/2016 12:15 PM, Tomas Krizek wrote: In that case, the first version of the patch solves the issue. I'm attaching the patch once again, but it's the same as the one in the original message. On 08/23/2016

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

On 24.08.2016 13:32, Tomas Krizek wrote: Fixed the typo in error message. On 08/23/2016 12:15 PM, Tomas Krizek wrote: In that case, the first version of the patch solves the issue. I'm attaching the patch once again, but it's the same as the one in the original message. On 08/23/2016

Re: [Freeipa-devel] [PATCH 0035] Remove Custodia server keys from LDAP

On 08/24/2016 12:21 PM, Martin Basti wrote: > > > On 24.08.2016 11:25, Christian Heimes wrote: >> On 2016-08-23 12:42, Petr Vobornik wrote: >>> On 08/11/2016 04:13 PM, Martin Basti wrote: On 08.08.2016 16:10, Christian Heimes wrote: > The server-del plugin now removes the Custodia

Re: [Freeipa-devel] [PATCH 0039][Tests] ID views tests do not recognize 'krbcanonicalname' attribute

On 22.08.2016 15:46, Lenka Doudova wrote: Hi, ID views tests still do not recognize 'krbcanonicalname' attribute - fix attached. Lenka ACK Pushed to master: 775c37bb812604496594524d8c6c7d936b4d3b15 -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [Test][patch-0058] Fixed topology tests failures in CI

Hi Martin, Updated the test according to our discussion. There are 2 patches: the one related to the dynamic segment naming and the one that xfails one of the tests which fails due to trac ticket 6250. Please, disregard my previous patch On 08/12/2016 04:05 PM, Martin Basti wrote: On

Re: [Freeipa-devel] [Test][patch-0058] Fixed topology tests failures in CI

And here is how the run looks like: $ ipa-run-tests test_integration/test_topology.py WARNING: Couldn't write lextab module 'pycparser.lextab'. [Errno 13] Permission denied: 'lextab.py' WARNING: yacc table file version is out of date WARNING: Couldn't create 'pycparser.yacctab'. [Errno 13]

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

Fixed the typo in error message. On 08/23/2016 12:15 PM, Tomas Krizek wrote: In that case, the first version of the patch solves the issue. I'm attaching the patch once again, but it's the same as the one in the original message. On 08/23/2016 11:53 AM, Jan Cholasta wrote: On 22.8.2016

[Freeipa-devel] [freeipa PR#16] Require httpd 2.4.6-31 with mod_proxy Unix socket support (opened)

tiran's pull request #16: "Require httpd 2.4.6-31 with mod_proxy Unix socket support" was opened PR body: httpd 2.4.6-6 does not support mod_proxy ProxyPass for Unix sockets. The feature is provided by 2.4.7 upstream was backported to 2.4.6-31 (bz1168081). It's required to proxy Custodia.

Re: [Freeipa-devel] [PATCH 0035] Remove Custodia server keys from LDAP

On 24.08.2016 11:25, Christian Heimes wrote: On 2016-08-23 12:42, Petr Vobornik wrote: On 08/11/2016 04:13 PM, Martin Basti wrote: On 08.08.2016 16:10, Christian Heimes wrote: The server-del plugin now removes the Custodia keys for encryption and key signing from LDAP.

Re: [Freeipa-devel] [PATCH 0035] Remove Custodia server keys from LDAP

On 2016-08-23 12:42, Petr Vobornik wrote: > On 08/11/2016 04:13 PM, Martin Basti wrote: >> >> >> On 08.08.2016 16:10, Christian Heimes wrote: >>> The server-del plugin now removes the Custodia keys for encryption and >>> key signing from LDAP. >>> >>> https://fedorahosted.org/freeipa/ticket/6015

Re: [Freeipa-devel] [PATCH 0034] Secure permissions of Custodia server.keys

On 2016-08-23 12:49, Petr Vobornik wrote: > On 08/09/2016 01:53 PM, Martin Basti wrote: >> >> >> On 08.08.2016 16:09, Christian Heimes wrote: >>> I have split up patch 0032 into two smaller patches. This patch only >>> addresses the server.keys file. >>> >>> Custodia's server.keys file contain the

[Freeipa-devel] [freeipa PR#15] Secure permissions of Custodia server.keys (opened)

tiran's pull request #15: "Secure permissions of Custodia server.keys" was opened PR body: Custodia's server.keys file contain the private RSA keys for encrypting and signing Custodia messages. The file was created with permission 644 and is only secured by permission 700 of the directory