freeipa.git/install/tools, branch fix_ber_scanf FreeIPA patches Move ipachangeconf from ipaclient.install to ipapython 2019-08-29T02:15:50+00:00 Rob Critenden rcritten@redhat.com 2019-08-16T18:10:05+00:00 e5af8c19a9e40fb3b96c56ace081f79980437fc2 This will let us call it from ipaplatform. Mark the original location as deprecated. Reviewed-By: Francois Cami <fcami@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> 
This will let us call it from ipaplatform.

Mark the original location as deprecated.

Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Fix UnboundLocalError in ipa-replica-manage on errors 2019-08-06T05:13:37+00:00 Theodor van Nahl tvn+fed@van-nahl.org 2019-08-05T14:47:16+00:00 adcf04255cb24564230604469ae34c180e057dfa If ipa-replica-manage is unable to retrieve e.g. due to certificate validity problem. An UnboundLocalError is thrown for `type1`. This fixes the issue with a clean exit. Reviewed-By: Christian Heimes <cheimes@redhat.com> 
If ipa-replica-manage is unable to retrieve e.g. due to certificate
validity problem. An UnboundLocalError is thrown for `type1`. This fixes
the issue with a clean exit.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
move MSCSTemplate classes to ipalib 2019-07-17T14:58:58+00:00 Fraser Tweedale ftweedal@redhat.com 2019-07-11T05:17:04+00:00 130e1dc3433977f7a80aed139d29d21c5d30d558 As we expand the integration tests for external CA functionality, it is helpful (and avoids duplication) to use the MSCSTemplate* classes. These currently live in ipaserver.install.cainstance, but ipatests is no longer permitted to import from ipaserver (see commit 81714976e5e13131654c78eb734746a20237c933). So move these classes to ipalib. Part of: https://pagure.io/freeipa/issue/7548 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> 
As we expand the integration tests for external CA functionality, it
is helpful (and avoids duplication) to use the MSCSTemplate*
classes.  These currently live in ipaserver.install.cainstance, but
ipatests is no longer permitted to import from ipaserver (see commit
81714976e5e13131654c78eb734746a20237c933).  So move these classes to
ipalib.

Part of: https://pagure.io/freeipa/issue/7548

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Introduce minimal ipa-client-automount.in and ipactl.in 2019-06-28T08:53:07+00:00 François Cami fcami@redhat.com 2019-06-27T15:59:04+00:00 37ab150cc70be21ca57ca253d2a337533131457a Now that ipa-client-automount and ipactl main logic has been moved into modules, introduce minimal executables. Fixes: https://pagure.io/freeipa/issue/7984 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> 
Now that ipa-client-automount and ipactl main logic has been
moved into modules, introduce minimal executables.

Fixes: https://pagure.io/freeipa/issue/7984
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Move ipa-client-automount.in and ipactl into modules 2019-06-28T08:53:07+00:00 François Cami fcami@redhat.com 2019-06-26T15:59:08+00:00 c0cf65c4f78bdb410a472f63b98870321fd751e1 Fixes: https://pagure.io/freeipa/issue/7984 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> 
Fixes: https://pagure.io/freeipa/issue/7984
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Replace PYTHONSHEBANG with valid shebang 2019-06-24T07:35:57+00:00 Christian Heimes cheimes@redhat.com 2019-06-21T10:05:19+00:00 6d02eddd3ef7f65c1a922125371fcbb83e35d7f8 Replace the @PYTHONSHEBANG@ substitution with a valid #!/usr/bin/python3 shebang. This turns Python .in files into valid Python files. The files can now be checked with pylint and IDEs recognize the files as Python files. The shebang is still replaced with "#!$(PYTHON) -E" to support platform-python. Related: https://pagure.io/freeipa/issue/7984 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com> 
Replace the @PYTHONSHEBANG@ substitution with a valid #!/usr/bin/python3
shebang. This turns Python .in files into valid Python files. The files
can now be checked with pylint and IDEs recognize the files as Python
files.

The shebang is still replaced with "#!$(PYTHON) -E" to support
platform-python.

Related: https://pagure.io/freeipa/issue/7984
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Fix CustodiaClient ccache handling 2019-06-18T00:36:24+00:00 Christian Heimes cheimes@redhat.com 2019-06-12T20:02:52+00:00 c027b9334b8c3fbb1f31674d7b46c9edb5445208 A CustodiaClient object has to the process environment a bit, e.g. set up GSSAPI credentials. To reuse the credentials in libldap connections, it is also necessary to set up a custom ccache store and to set the environment variable KRBCCNAME temporarily. Fixes: https://pagure.io/freeipa/issue/7964 Co-Authored-By: Fraser Tweedale <ftweedal@redhat.com> Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> 
A CustodiaClient object has to the process environment a bit, e.g. set
up GSSAPI credentials. To reuse the credentials in libldap connections,
it is also necessary to set up a custom ccache store and to set the
environment variable KRBCCNAME temporarily.

Fixes: https://pagure.io/freeipa/issue/7964
Co-Authored-By: Fraser Tweedale <ftweedal@redhat.com>
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
ipa-cert-fix: add man page 2019-05-29T02:49:27+00:00 Fraser Tweedale ftweedal@redhat.com 2019-03-25T05:13:38+00:00 a9f09fee56645120d2e202e5707dc017f8d3d3f3 Part of: https://pagure.io/freeipa/issue/7885 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> 
Part of: https://pagure.io/freeipa/issue/7885

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Add ipa-cert-fix tool 2019-05-29T02:49:27+00:00 Fraser Tweedale ftweedal@redhat.com 2019-03-22T05:53:53+00:00 09aa3d1f769ac532069e2c39c2ff1eaf8ba0331f The ipa-cert-fix tool wraps `pki-server cert-fix`, performing additional certificate requests for non-Dogtag IPA certificates and performing additional actions. In particular: - Run cert-fix with arguments particular to the IPA deployment. - Update IPA RA certificate in the ipara user entry (if renewed). - Add shared certificates (if renewed) to the ca_renewal LDAP container for replication. - Become the CA renewal master if shared certificates were renewed. This ensures other CA replicas, including the previous CA renewal master if not the current host, pick up those new certificates when Certmonger attempts to renew them. Fixes: https://pagure.io/freeipa/issue/7885 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> 
The ipa-cert-fix tool wraps `pki-server cert-fix`, performing
additional certificate requests for non-Dogtag IPA certificates and
performing additional actions.  In particular:

- Run cert-fix with arguments particular to the IPA deployment.

- Update IPA RA certificate in the ipara user entry (if renewed).

- Add shared certificates (if renewed) to the ca_renewal LDAP
  container for replication.

- Become the CA renewal master if shared certificates were renewed.
  This ensures other CA replicas, including the previous CA renewal
  master if not the current host, pick up those new certificates
  when Certmonger attempts to renew them.

Fixes: https://pagure.io/freeipa/issue/7885
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
ipa-replica-manage: remove "last init status" if it's None. 2019-05-28T07:47:55+00:00 German Parente gparente@redhat.com 2018-10-01T15:39:20+00:00 ef324a7f13887c581d74d4c09c8436af8523c635 we remove the "last init status" section in the output of ipa-replica-manage to avoid confusion and show epoch date when status is None Fixes: https://pagure.io/freeipa/issue/7716 Signed-off-by: German Parente <gparente@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> 
we remove the "last init status" section in the output of
ipa-replica-manage to avoid confusion and show epoch date
when status is None

Fixes: https://pagure.io/freeipa/issue/7716

Signed-off-by: German Parente <gparente@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>