freeipa.git/install/conf, branch ad-work FreeIPA project Do not redirect to https in /ipa/ui on non-HTML files 2013-06-26T13:02:13+00:00 Petr Vobornik pvoborni@redhat.com 2013-06-24T15:44:15+00:00 093fa2daa03c8071ec65442c926c23ec34ae7184 Those resources are needed by page which has to use http(browser config) prior to acceptance of CA cert. https://fedorahosted.org/freeipa/ticket/3748 
Those resources are needed by page which has to use http(browser config) prior to acceptance of CA cert.

https://fedorahosted.org/freeipa/ticket/3748
Do not redirect ipa/crl to HTTPS 2013-06-20T10:56:01+00:00 Tomas Babej tbabej@redhat.com 2013-06-20T08:55:39+00:00 6118b73fab1bfbbbaf0ce10ebb48fb3864b90a5e https://fedorahosted.org/freeipa/ticket/3713 
https://fedorahosted.org/freeipa/ticket/3713
Generate plugin index dynamically 2013-05-06T14:22:30+00:00 Petr Vobornik pvoborni@redhat.com 2013-04-23T17:54:21+00:00 c72d0f5075c63df0d75331d5afd0da2dc752ec14 https://fedorahosted.org/freeipa/ticket/3235 
https://fedorahosted.org/freeipa/ticket/3235
Update pki proxy configuration 2013-05-06T11:33:52+00:00 Martin Kosek mkosek@redhat.com 2013-05-06T07:22:27+00:00 77e4f445cce087a915533ad3ae2e35e93db762c5 Replicas with Dogtag pki-ca 10.0.2 CA require access to additional Dogtag REST API calls. Update pki proxy configuration to allow that. https://fedorahosted.org/freeipa/ticket/3601 
Replicas with Dogtag pki-ca 10.0.2 CA require access to additional
Dogtag REST API calls. Update pki proxy configuration to allow that.

https://fedorahosted.org/freeipa/ticket/3601
Update mod_wsgi socket directory 2013-03-29T07:59:50+00:00 Martin Kosek mkosek@redhat.com 2013-03-20T15:40:53+00:00 d27878ce9d274c6e9d10fbdd07fde7589e50fcda Fedora 19 splitted /var/run and /run directories. Update mod_wsgi configuration so that it generates its sockets in the right one. 
Fedora 19 splitted /var/run and /run directories. Update mod_wsgi
configuration so that it generates its sockets in the right one.
Enable mod_deflate 2013-01-17T16:19:29+00:00 Petr Vobornik pvoborni@redhat.com 2012-12-04T12:24:58+00:00 c19af96cb8b1e272fbbd0f478ff203141a9572f7 Enabled mod_deflate for: * text/html (HTML files) * text/plain (for future use) * text/css (CSS files) * text/xml (XML RPC) * application/javascript (JavaScript files) * application/json (JSON RPC) * application/x-font-woff (woff fonts) Added proper mime type for woff fonts. Disabled etag header because it doesn't work with mod_deflate. https://fedorahosted.org/freeipa/ticket/3326 
Enabled mod_deflate for:
* text/html (HTML files)
* text/plain (for future use)
* text/css (CSS files)
* text/xml (XML RPC)
* application/javascript (JavaScript files)
* application/json (JSON RPC)
* application/x-font-woff (woff fonts)

Added proper mime type for woff fonts.
Disabled etag header because it doesn't work with mod_deflate.

https://fedorahosted.org/freeipa/ticket/3326
Configure the initial CA as the CRL generator. 2012-10-09T23:24:43+00:00 Rob Crittenden rcritten@redhat.com 2012-10-09T14:40:20+00:00 392097f20673708a684da168aec302da7ccda9a6 Any installed clones will have CRL generation explicitly disabled. It is a manual process to make a different CA the CRL generator. There should be only one. https://fedorahosted.org/freeipa/ticket/3051 
Any installed clones will have CRL generation explicitly disabled.
It is a manual process to make a different CA the CRL generator.
There should be only one.

https://fedorahosted.org/freeipa/ticket/3051
Move CRL publish directory to IPA owned directory 2012-10-09T14:00:01+00:00 Martin Kosek mkosek@redhat.com 2012-10-08T13:58:48+00:00 74ebd0fd75fababe7d080080ef019b53e96c0c4f Currently, CRL files are being exported to /var/lib/pki-ca sub-directory, which is then served by httpd to clients. However, this approach has several disadvantages: * We depend on pki-ca directory structure and relevant permissions. If pki-ca changes directory structure or permissions on upgrade, IPA may break. This is also a root cause of the latest error, where the pki-ca directory does not have X permission for others and CRL publishing by httpd breaks. * Since the directory is not static and is generated during ipa-server-install, RPM upgrade of IPA packages report errors when defining SELinux policy for these directories. Move CRL publish directory to /var/lib/ipa/pki-ca/publish (common for both dogtag 9 and 10) which is created on RPM upgrade, i.e. SELinux policy configuration does not report any error. The new CRL publish directory is used for both new IPA installs and upgrades, where contents of the directory (CRLs) is first migrated to the new location and then the actual configuration change is made. https://fedorahosted.org/freeipa/ticket/3144 
Currently, CRL files are being exported to /var/lib/pki-ca
sub-directory, which is then served by httpd to clients. However,
this approach has several disadvantages:
 * We depend on pki-ca directory structure and relevant permissions.
   If pki-ca changes directory structure or permissions on upgrade,
   IPA may break. This is also a root cause of the latest error, where
   the pki-ca directory does not have X permission for others and CRL
   publishing by httpd breaks.
 * Since the directory is not static and is generated during
   ipa-server-install, RPM upgrade of IPA packages report errors when
   defining SELinux policy for these directories.

Move CRL publish directory to /var/lib/ipa/pki-ca/publish (common for
both dogtag 9 and 10) which is created on RPM upgrade, i.e. SELinux policy
configuration does not report any error. The new CRL publish directory
is used for both new IPA installs and upgrades, where contents of
the directory (CRLs) is first migrated to the new location and then the
actual configuration change is made.

https://fedorahosted.org/freeipa/ticket/3144
Add mime type to httpd ipa.conf for xpi exetension 2012-10-09T13:41:48+00:00 Petr Vobornik pvoborni@redhat.com 2012-10-09T08:17:16+00:00 9bb927eb1cca3fd4ac4768b2ef53aab75b848bd6 Some configuration doesn't give proper mime type to xpi files. This patch explicitly sets it. https://fedorahosted.org/freeipa/ticket/3094 
Some configuration doesn't give proper mime type to xpi files. This patch explicitly sets it.

https://fedorahosted.org/freeipa/ticket/3094
Use Dogtag 10 only when it is available 2012-09-17T22:43:59+00:00 Petr Viktorin pviktori@redhat.com 2012-08-23T16:38:45+00:00 4f76c143d2f2036af02677469c542f563a10158d Put the changes from Ade's dogtag 10 patch into namespaced constants in dogtag.py, which are then referenced in the code. Make ipaserver.install.CAInstance use the service name specified in the configuration. Uninstallation, where config is removed before CA uninstall, also uses the (previously) configured value. This and Ade's patch address https://fedorahosted.org/freeipa/ticket/2846 
Put the changes from Ade's dogtag 10 patch into namespaced constants in
dogtag.py, which are then referenced in the code.

Make ipaserver.install.CAInstance use the service name specified in the
configuration. Uninstallation, where config is removed before CA uninstall,
also uses the (previously) configured value.

This and Ade's patch address https://fedorahosted.org/freeipa/ticket/2846