URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
lslebodn commented:
"""
On (01/03/17 22:37), Jan Cholasta wrote:
>I tend to agree with @lslebodn, but I don't have a strong opinion on this. I
>noticed a couple of issues though:
>
>* `--without-jslint`
On 1.3.2017 14:58, Alexander Bokovoy wrote:
On ke, 01 maalis 2017, Jan Cholasta wrote:
On 1.3.2017 14:05, Alexander Bokovoy wrote:
On ke, 01 maalis 2017, Jan Cholasta wrote:
On 1.3.2017 13:39, Martin Babinsky wrote:
Alexander,
thank you for your comments. Replies inline:
On 02/28/2017
On 03/01/2017 05:28 PM, Alexander Bokovoy wrote:
On ke, 01 maalis 2017, Simo Sorce wrote:
> My take is: cut API/UI work, and do the underlying infrastructure work
> for the widest set of serves/clients possible instead.
>
> It is much more important to get the underlying gears done than to add
On 03/01/2017 05:51 PM, Simo Sorce wrote:
On Wed, 2017-03-01 at 17:29 +0100, Martin Basti wrote:
On 01.03.2017 17:04, Simo Sorce wrote:
On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote:
On 03/01/2017 04:32 PM, Simo Sorce wrote:
On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky
On 03/01/2017 12:01 PM, Standa Laznicka wrote:
Hello,
Please note that https://github.com/freeipa/freeipa/pull/367 was
pushed today. What this means for you is that your IPA installations
won't work if you had privilege separation patches applied and try to
upgrade your instances to current
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
HonzaCholasta commented:
"""
I tend to agree with @lslebodn, but I don't have a strong opinion on this. I
noticed a couple of issues though:
* `--without-jslint` does not seem to work correctly:
```
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
lslebodn commented:
"""
On (01/03/17 09:39), Petr Vobornik wrote:
>+1 Reasoning for not skipping linters was that reviewer or patch author can
>forget to run those. This problem was solved by travis
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
sumit-bose commented:
"""
Yes, a hint aka user name will be used during authentication. But this PR here
is about to get an idea which user is allowed to authenticate based on
URL: https://github.com/freeipa/freeipa/pull/517
Title: #517: [WIP] Use Custodia 0.3 features
tiran commented:
"""
Custodia 0.3 is out,
https://koji.fedoraproject.org/koji/taskinfo?taskID=18127414
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/517#issuecomment-283421294
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
simo5 commented:
"""
I am not sure we want to wait for replies from trusted domains, it may be very
slow, and in some cases it will just not work right (one way trusts with
URL: https://github.com/freeipa/freeipa/pull/530
Author: tomaskrizek
Title: #530: man: update ipa-cacert-manage
Action: opened
PR body:
"""
Make it clear this command is used to only renew certificate for
the CA and provide guidance on how to renew other certificates.
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
pvoborni commented:
"""
+1 Reasoning for not skipping linters was that reviewer or patch author can
forget to run those. This problem was solved by travis checks.
"""
See the full comment at
On Wed, 2017-03-01 at 17:29 +0100, Martin Basti wrote:
>
> On 01.03.2017 17:04, Simo Sorce wrote:
> > On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote:
> >> On 03/01/2017 04:32 PM, Simo Sorce wrote:
> >>> On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote:
> On 03/01/2017 03:42
URL: https://github.com/freeipa/freeipa/pull/529
Author: tomaskrizek
Title: #529: installer: update time estimates
Action: opened
PR body:
"""
Time estimates have been updated to be more accurate. Only
tasks that are estimated to take longer than 10 seconds have
the estimate displayed.
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: do not attempt to issue PKINIT cert in CA-less
abbra commented:
"""
ACK for the patch. However, I'm not claiming that CA does not need to be
trusted. What I'm saying is that for Anonymous PKINIT's use in privilege
On 01.03.2017 17:04, Simo Sorce wrote:
On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote:
On 03/01/2017 04:32 PM, Simo Sorce wrote:
On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote:
On 03/01/2017 03:42 PM, Simo Sorce wrote:
On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky
On ke, 01 maalis 2017, Simo Sorce wrote:
> My take is: cut API/UI work, and do the underlying infrastructure work
> for the widest set of serves/clients possible instead.
>
> It is much more important to get the underlying gears done than to add
> UI candy, that can be delayed.
>
> Simo.
>
I
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: do not attempt to issue PKINIT cert in CA-less
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
On Wed, 2017-03-01 at 16:47 +0100, Martin Babinsky wrote:
> On 03/01/2017 04:32 PM, Simo Sorce wrote:
> > On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote:
> >> On 03/01/2017 03:42 PM, Simo Sorce wrote:
> >>> On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky wrote:
> Hello list,
>
On 03/01/2017 04:32 PM, Simo Sorce wrote:
On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote:
On 03/01/2017 03:42 PM, Simo Sorce wrote:
On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky wrote:
Hello list,
I have put together a draft of design page describing server-side
implementation
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: do not attempt to issue PKINIT cert in CA-less
HonzaCholasta commented:
"""
Updated the PR to also handle CA-less server upgrade.
@abbra, I'm not opposed to the idea of using the local CA to issue the KDC
cert, but
URL: https://github.com/freeipa/freeipa/pull/526
Author: HonzaCholasta
Title: #526: server install: properly handle PKINIT-related options
Action: edited
Changed field: body
Original value:
"""
Do not ignore --no-pkinit. If --http-cert-file or --dirsrv-cert-file is
specified, require that
URL: https://github.com/freeipa/freeipa/pull/526
Author: HonzaCholasta
Title: #526: server install: properly handle PKINIT-related options
Action: edited
Changed field: title
Original value:
"""
server install: properly handle PKINIT-related options
"""
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/526
Author: HonzaCholasta
Title: #526: server install: properly handle PKINIT-related options
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/526/head:pr526
git
URL: https://github.com/freeipa/freeipa/pull/528
Title: #528: Fix CA-less upgrade
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/528
Author: stlaz
Title: #528: Fix CA-less upgrade
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/528/head:pr528
git checkout pr528
--
Manage your subscription for
On Wed, 2017-03-01 at 16:17 +0100, Martin Babinsky wrote:
> On 03/01/2017 03:42 PM, Simo Sorce wrote:
> > On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky wrote:
> >> Hello list,
> >>
> >> I have put together a draft of design page describing server-side
> >> implementation of user short name ->
URL: https://github.com/freeipa/freeipa/pull/528
Title: #528: Fix CA-less upgrade
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 03/01/2017 03:42 PM, Simo Sorce wrote:
On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky wrote:
Hello list,
I have put together a draft of design page describing server-side
implementation of user short name -> fully-qualified name resolution.[1]
In the end I have taken the liberty to
URL: https://github.com/freeipa/freeipa/pull/524
Title: #524: Remove NSPRError exception from platform tasks
MartinBasti commented:
"""
master:
* 88fd936a761dfce099c4b03529d679256c9860d6 Remove NSPRError exception from
platform tasks
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/524
Author: tiran
Title: #524: Remove NSPRError exception from platform tasks
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/524/head:pr524
git checkout pr524
--
URL: https://github.com/freeipa/freeipa/pull/524
Title: #524: Remove NSPRError exception from platform tasks
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
MartinBasti commented:
"""
master:
* 4ba6b968399204aac66d82d917a8cc159e77ad4d Refactor the code checking for
missing SIDs
* c5bae577597fbababdd25ab3ae6463c490d90a40 only check for
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/479
Author: martbab
Title: #479: Merge AD trust installer into composite ones
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/479/head:pr479
git checkout pr479
--
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/528
Author: stlaz
Title: #528: Fix CA-less upgrade
Action: opened
PR body:
"""
In CA-less mode there's no /etc/pki/pki-tomcat/password.conf so it
does not make sense to try to create a password file for an NSS
database from it (the NSS database
On 02/28/2017 12:03 PM, Petr Vobornik wrote:
On 02/28/2017 12:00 PM, Petr Vobornik wrote:
On 02/27/2017 12:46 PM, Petr Vobornik wrote:
Hello list,
today and tomorrow a migration of FreeIPA issue tracker[1] and git repo
will take place.
It is due to FedoraHosted sunset [2]. Both will be
On Tue, 2017-02-28 at 13:29 +0100, Martin Babinsky wrote:
> Hello list,
>
> I have put together a draft of design page describing server-side
> implementation of user short name -> fully-qualified name resolution.[1]
>
> In the end I have taken the liberty to change a few aspects of the
>
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
HonzaCholasta commented:
"""
The local CA is in fact not used in CA-less upgrade. This is what you get after
upgrade from 4.4.3 to current master:
```
# getcert list
Number of
On ke, 01 maalis 2017, Jan Cholasta wrote:
On 1.3.2017 14:05, Alexander Bokovoy wrote:
On ke, 01 maalis 2017, Jan Cholasta wrote:
On 1.3.2017 13:39, Martin Babinsky wrote:
Alexander,
thank you for your comments. Replies inline:
On 02/28/2017 01:48 PM, Alexander Bokovoy wrote:
On ti, 28
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
MartinBasti commented:
"""
Since we have gating here each PR is checked by linters, commits are checked
before pushed, that was reason why linters are optional now in build.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/479
Author: martbab
Title: #479: Merge AD trust installer into composite ones
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/479/head:pr479
git checkout pr479
URL: https://github.com/freeipa/freeipa/pull/453
Author: tiran
Title: #453: Cleanup certdb
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/453/head:pr453
git checkout pr453
From
URL: https://github.com/freeipa/freeipa/pull/524
Title: #524: Remove NSPRError exception from platform tasks
stlaz commented:
"""
The patch seems ok now. ACK.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/524#issuecomment-283342093
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/524
Title: #524: Remove NSPRError exception from platform tasks
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
tomaskrizek commented:
"""
Wiki page updated (along with `--without-ipatests`` option from #364).
@lslebodn Ok, let's keep the PR open for a couple days to see if there's any
disagreement. I don't see
On 1.3.2017 14:05, Alexander Bokovoy wrote:
On ke, 01 maalis 2017, Jan Cholasta wrote:
On 1.3.2017 13:39, Martin Babinsky wrote:
Alexander,
thank you for your comments. Replies inline:
On 02/28/2017 01:48 PM, Alexander Bokovoy wrote:
On ti, 28 helmi 2017, Martin Babinsky wrote:
Hello list,
URL: https://github.com/freeipa/freeipa/pull/527
Title: #527: Fix replica with --setup-ca issues
HonzaCholasta commented:
"""
master:
* 052de4308c64b126bee440e970be4cf8449c5ebc Fix replica with --setup-ca issues
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/527
Title: #527: Fix replica with --setup-ca issues
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/527
Author: stlaz
Title: #527: Fix replica with --setup-ca issues
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/527/head:pr527
git checkout pr527
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/527
Title: #527: Fix replica with --setup-ca issues
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
tiran commented:
"""
@tomaskrizek good point, I added a TODO item to the ticket,
https://pagure.io/freeipa/issue/6604#comment-415669
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
lslebodn commented:
"""
> But you're right we should update the wiki pages to mention the new defaults.
Such change require broader discussion.
e.g. I know that @rcritten had strong opinion about pylint
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
tomaskrizek commented:
"""
@lslebodn We don't want to have linters enabled by default when you run
`./configure` without options. But you're right we should update the wiki
pages to mention the new
URL: https://github.com/freeipa/freeipa/pull/527
Author: stlaz
Title: #527: Fix replica with --setup-ca issues
Action: opened
PR body:
"""
nolog argument of ipautil.run requires tuple, not a string.
https://fedorahosted.org/freeipa/ticket/5695
I am a bad person.
"""
To pull the PR as Git
URL: https://github.com/freeipa/freeipa/pull/502
Author: tiran
Title: #502: Make pylint and jsl optional
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/502/head:pr502
git checkout pr502
From
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
abbra commented:
"""
This PR does not handle upgrade case which is what Local CA considers. We don't
need other systems trust the certificate and we don't need to synchronize
URL: https://github.com/freeipa/freeipa/pull/502
Title: #502: Make pylint and jsl optional
lslebodn commented:
"""
It was explained on IRC
> < cheimes> lslebodn: Your proposal is missing the point of the ticket. It
> doesn't not simplify
> building, but rather improves error
URL: https://github.com/freeipa/freeipa/pull/472
Title: #472: Packaging: Add placeholder packages
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/524
Author: tiran
Title: #524: Remove NSPRError exception from platform tasks
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/524/head:pr524
git checkout pr524
On ke, 01 maalis 2017, Martin Babinsky wrote:
Alexander,
thank you for your comments. Replies inline:
On 02/28/2017 01:48 PM, Alexander Bokovoy wrote:
On ti, 28 helmi 2017, Martin Babinsky wrote:
Hello list,
I have put together a draft of design page describing server-side
implementation of
URL: https://github.com/freeipa/freeipa/pull/525
Title: #525: Remove import nss from test_ldap
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
On 1.3.2017 13:39, Martin Babinsky wrote:
Alexander,
thank you for your comments. Replies inline:
On 02/28/2017 01:48 PM, Alexander Bokovoy wrote:
On ti, 28 helmi 2017, Martin Babinsky wrote:
Hello list,
I have put together a draft of design page describing server-side
implementation of
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
MartinBasti commented:
"""
Please rebase
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/479#issuecomment-283332782
--
Manage your subscription for the Freeipa-devel
URL: https://github.com/freeipa/freeipa/pull/525
Author: tiran
Title: #525: Remove import nss from test_ldap
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/525/head:pr525
git checkout pr525
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/525
Title: #525: Remove import nss from test_ldap
MartinBasti commented:
"""
master:
* 79c0e6d355c9e7bcc7cacc37faaba8e999d56400 Remove import nss from test_ldap
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/522
Author: frasertweedale
Title: #522: dogtag: remove redundant property definition
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/522/head:pr522
git checkout pr522
URL: https://github.com/freeipa/freeipa/pull/522
Title: #522: dogtag: remove redundant property definition
MartinBasti commented:
"""
master:
* 49f87f34be5f04f18a6d916276153e9ef1e5852c dogtag: remove redundant property
definition
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/522
Title: #522: dogtag: remove redundant property definition
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/502
Author: tiran
Title: #502: Make pylint and jsl optional
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/502/head:pr502
git checkout pr502
From
URL: https://github.com/freeipa/freeipa/pull/520
Title: #520: Change README to use Markdown
stlaz commented:
"""
This patch should fix the build:
https://transfer.sh/AgQWD/0001-readme-fixup.patch
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/520#issuecomment-283331951
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
HonzaCholasta commented:
"""
In CA-less mode one has to provide all the certs manually. I don't see why the
KDC cert should be an exception and why we should reinvent the wheel
URL: https://github.com/freeipa/freeipa/pull/514
Title: #514: Limit sessions to 30 minutes by default
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/514
Title: #514: Limit sessions to 30 minutes by default
MartinBasti commented:
"""
master:
* d5e7a57e5b25b9cecb7a65096487a65374ad860d Limit sessions to 30 minutes by
default
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/514
Author: simo5
Title: #514: Limit sessions to 30 minutes by default
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/514/head:pr514
git checkout pr514
--
Manage
URL: https://github.com/freeipa/freeipa/pull/513
Author: tiran
Title: #513: certdb: Don't restore_context() of new NSSDB
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/513/head:pr513
git checkout pr513
--
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
MartinBasti commented:
"""
master:
* a163ad77b3d12f2da2b135de29f594c06190b41a certdb: Don't restore_context() of
new NSSDB
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
Alexander,
thank you for your comments. Replies inline:
On 02/28/2017 01:48 PM, Alexander Bokovoy wrote:
On ti, 28 helmi 2017, Martin Babinsky wrote:
Hello list,
I have put together a draft of design page describing server-side
implementation of user short name -> fully-qualified name
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
abbra commented:
"""
No, you are wrong. Certmonger has own local self-signed CA in all installs:
# getcert list-cas
CA 'local':
is-default: no
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
abbra commented:
"""
This was, perhaps, missed in the original commit, though. The idea was that in
CA-less mode we change request to use Local CA.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/524
Author: tiran
Title: #524: Remove NSPRError exception from platform tasks
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/524/head:pr524
git checkout pr524
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
HonzaCholasta commented:
"""
This is what you currently get in CA-less install:
```
# getcert list
Number of certificates and requests being tracked: 1.
Request ID
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
HonzaCholasta commented:
"""
In CA-less there is no CA to request the certificate from, so there is a
dangling failed certmonger request. This PR removes the broken request and
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
abbra commented:
"""
An idea behind the original solution was to always produce PKINIT certificate
by certmonger in case of CA-less install to be able to have anonymous PKINIT
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
HonzaCholasta commented:
"""
In CA-less there is no CA to request the certificate from, so there is a
dangling failed certmonger request. This PR removes the broken request and
URL: https://github.com/freeipa/freeipa/pull/512
Author: tomaskrizek
Title: #512: test_config: fix fips_mode key in Env
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/512/head:pr512
git checkout pr512
--
URL: https://github.com/freeipa/freeipa/pull/512
Title: #512: test_config: fix fips_mode key in Env
MartinBasti commented:
"""
master:
* 770d4cda430803f8e020c57971c4dd8e802dc417 Env __setitem__: replace assert with
exception
* 5055b34cefd6e3f9b707aed076a49ae97b38aa3c test_config: fix
URL: https://github.com/freeipa/freeipa/pull/488
Author: tiran
Title: #488: Speed up client schema cache
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/488/head:pr488
git checkout pr488
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/512
Title: #512: test_config: fix fips_mode key in Env
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/520
Title: #520: Change README to use Markdown
stlaz commented:
"""
This makes our build fail (`./makerpms` in project folder).
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/520#issuecomment-283321136
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/524
Title: #524: Remove NSPRError exception from platform tasks
tiran commented:
"""
```CertificateFormatError``` is a custom exception that is only raised by
```ipalib.x509.CertificateFormatError```. The rest of the ```ipalib.x509```
propagates
URL: https://github.com/freeipa/freeipa/pull/412
Title: #412: Define template version in certmap.conf
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/412
Author: flo-renaud
Title: #412: Define template version in certmap.conf
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/412/head:pr412
git checkout pr412
--
URL: https://github.com/freeipa/freeipa/pull/509
Title: #509: Migrate OTP import script to python-cryptography
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/509
Author: tiran
Title: #509: Migrate OTP import script to python-cryptography
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/509/head:pr509
git checkout pr509
--
URL: https://github.com/freeipa/freeipa/pull/488
Title: #488: Speed up client schema cache
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/526
Author: HonzaCholasta
Title: #526: server install: properly handle PKINIT-related options
Action: opened
PR body:
"""
Do not ignore --no-pkinit. If --http-cert-file or --dirsrv-cert-file is
specified, require that either --pkinit-cert-file or
1 - 100 of 174 matches
Mail list logo