freeipa.git/ipaplatform/base, branch mindatefix FreeIPA patches Do not allow installation in FIPS mode 2016-06-29T14:17:27+00:00 Florence Blanc-Renaud frenaud@redhat.com 2016-06-27T08:23:14+00:00 3c40d3aa9e3d431be1e625aa91cdcbeffd0d1271 https://fedorahosted.org/freeipa/ticket/5761 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5761

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Fixes CA always being presented as running 2016-06-15T16:11:28+00:00 Stanislav Laznicka slaznick@redhat.com 2016-05-26T13:24:15+00:00 fb4e19713d509a0a14acb7eee37f5fee7a9fb375 Even after manually stopping the pki-tomcatd service instance the service's is_running() method would still return True. https://fedorahosted.org/freeipa/ticket/5898 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Even after manually stopping the pki-tomcatd service instance the
service's is_running() method would still return True.

https://fedorahosted.org/freeipa/ticket/5898

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Add custodia store for lightweight CA key replication 2016-06-09T07:04:27+00:00 Fraser Tweedale ftweedal@redhat.com 2016-04-19T01:47:29+00:00 4660bb7ff0197649c8777151a3a2a5378929e842 Due to limitations in Dogtag's use of NSSDB, importing private keys must be done by the Dogtag Java process itself. This requires a PKIArchiveOptions format (signing key wrapped with host CA key) - PKCS #12 cannot be used because that would require decrypting the key in Dogtag's memory, albeit temporarily. Add a new custodia store that executes a 'pki' command to acquire the wrapped key. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Due to limitations in Dogtag's use of NSSDB, importing private keys
must be done by the Dogtag Java process itself.  This requires a
PKIArchiveOptions format (signing key wrapped with host CA key) -
PKCS #12 cannot be used because that would require decrypting the
key in Dogtag's memory, albeit temporarily.

Add a new custodia store that executes a 'pki' command to acquire
the wrapped key.

Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Added krb5.conf.d/ to included dirs in krb5.conf 2016-06-05T07:47:13+00:00 Stanislav Laznicka slaznick@redhat.com 2016-05-27T14:12:31+00:00 2026677635c6d4b086670cb9d8f3570bd1b95c27 The include of /etc/krb5.conf.d/ is required for crypto-policies to work properly https://fedorahosted.org/freeipa/ticket/5912 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
The include of /etc/krb5.conf.d/ is required for crypto-policies to work properly

https://fedorahosted.org/freeipa/ticket/5912

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Tasks: raise NotImplementedError for not implemented methods 2016-04-26T12:01:42+00:00 Martin Basti mbasti@redhat.com 2016-04-19T16:52:21+00:00 813aab1b8e4026e10056677b2fc98fc4faa56ddb Is safer to raise error than trying to find what is wrong with method that is not correctly overriden The new method set_hostname has been added which should be overriden on other platforms. https://fedorahosted.org/freeipa/ticket/5794 Reviewed-By: David Kupka <dkupka@redhat.com> 
Is safer to raise error than trying to find what is wrong with method
that is not correctly overriden

The new method set_hostname has been added which should be overriden on other
platforms.

https://fedorahosted.org/freeipa/ticket/5794

Reviewed-By: David Kupka <dkupka@redhat.com>
Remove deprecated hostname restoration from Fedora18 2016-04-26T12:01:42+00:00 Martin Basti mbasti@redhat.com 2016-04-19T16:44:59+00:00 30f3d198d0dcac32deb1c129a1bf406e70b57774 This is not needed on new Fedora, because restore will not be effective. https://fedorahosted.org/freeipa/ticket/5794 Reviewed-By: David Kupka <dkupka@redhat.com> 
This is not needed on new Fedora, because restore will not be effective.

https://fedorahosted.org/freeipa/ticket/5794

Reviewed-By: David Kupka <dkupka@redhat.com>
Always set hostname 2016-04-26T12:01:42+00:00 Martin Basti mbasti@redhat.com 2016-04-19T16:36:32+00:00 c5686295f14c955d34d9598ddb80b30cb9df663c This prevents cases when hostname on system is set inconsistently (transient and static hostname differs) and may cause IPA errors. This commit ensures that all hostnames are set properly. https://fedorahosted.org/freeipa/ticket/5794 Reviewed-By: David Kupka <dkupka@redhat.com> 
This prevents cases when hostname on system is set inconsistently
(transient and static hostname differs) and may cause IPA errors.

This commit ensures that all hostnames are set properly.

https://fedorahosted.org/freeipa/ticket/5794

Reviewed-By: David Kupka <dkupka@redhat.com>
Configure httpd service from installer instead of directly from RPM 2016-04-22T08:19:25+00:00 Martin Basti mbasti@redhat.com 2016-03-16T08:04:42+00:00 586fee293f42388510fa5436af19460bbe1fdec5 File httpd.service was created by RPM, what causes that httpd service may fail due IPA specific configuration even if IPA wasn't installed or was uninstalled (without erasing RPMs). With this patch httpd service is configured by httpd.d/ipa.conf during IPA installation and this config is removed by uninstaller, so no residual http configuration related to IPA should stay there. https://fedorahosted.org/freeipa/ticket/5681 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
File httpd.service was created by RPM, what causes that httpd service may
fail due IPA specific configuration even if IPA wasn't installed or was
uninstalled (without erasing RPMs).

With this patch httpd service is configured by httpd.d/ipa.conf during
IPA installation and this config is removed by uninstaller, so no
residual http configuration related to IPA should stay there.

https://fedorahosted.org/freeipa/ticket/5681

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Use netifaces module instead of 'ip' command 2016-04-14T11:53:27+00:00 Martin Basti mbasti@redhat.com 2016-04-13T14:14:42+00:00 70fd78928cb874006f218ae4e7aca00e0babf99a Netifaces allows to get addresses from local interfaces of the host in safer way than parsing output of the ip command. https://fedorahosted.org/freeipa/ticket/5591 Reviewed-By: David Kupka <dkupka@redhat.com> 
Netifaces allows to get addresses from local interfaces of the host in
safer way than parsing output of the ip command.

https://fedorahosted.org/freeipa/ticket/5591

Reviewed-By: David Kupka <dkupka@redhat.com>
Fix kdc.conf.template to use ipaplatform.paths. 2016-03-23T12:35:29+00:00 Timo Aaltonen tjaalton@debian.org 2016-03-22T22:32:52+00:00 b793c9049ec1bf72eb7d3395e9221b229237171b https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: David Kupka <dkupka@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5343

Reviewed-By: David Kupka <dkupka@redhat.com>