From rcritten at redhat.com Mon Feb 1 19:03:25 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 01 Feb 2010 14:03:25 -0500 Subject: [Freeipa-devel] [PATCH] 364 base64-encode binary data for outputting to cli Message-ID: <4B67257D.4030608@redhat.com> The python type (str or unicode) tells us whether a variable is binary or text. Use this knowledge to base64-encode binary data so we stop hosing up terminals, especially when displaying certificates. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-364-cli.patch Type: application/mbox Size: 2729 bytes Desc: not available URL: From rcritten at redhat.com Mon Feb 1 19:05:36 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 01 Feb 2010 14:05:36 -0500 Subject: [Freeipa-devel] [PATCH] 365 be smarter about base64 decoding Message-ID: <4B672600.7060102@redhat.com> Try to be a little smarter about base64 decoding certificates. For the most part certificates are handled as DER blobs internally. When loading certs from files or an NSS database they may come in as base64-endoded blobs but they will also have BEGIN/END headers to use those to distinguish between what should and shouldn't be decoded. Hopefully this will be the last we see of this. I was going to address some of the code duplication that John pointed out earlier in this patch but figured I'd keep this short and simple and do that work later. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-365-der.patch Type: application/mbox Size: 4065 bytes Desc: not available URL: From jdennis at redhat.com Mon Feb 1 19:32:48 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 01 Feb 2010 14:32:48 -0500 Subject: [Freeipa-devel] [PATCH] 364 base64-encode binary data for outputting to cli In-Reply-To: <4B67257D.4030608@redhat.com> References: <4B67257D.4030608@redhat.com> Message-ID: <4B672C60.1080606@redhat.com> On 02/01/2010 02:03 PM, Rob Crittenden wrote: > The python type (str or unicode) tells us whether a variable is binary > or text. Use this knowledge to base64-encode binary data so we stop > hosing up terminals, especially when displaying certificates. > > rob ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jdennis at redhat.com Mon Feb 1 19:33:13 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 01 Feb 2010 14:33:13 -0500 Subject: [Freeipa-devel] [PATCH] 365 be smarter about base64 decoding In-Reply-To: <4B672600.7060102@redhat.com> References: <4B672600.7060102@redhat.com> Message-ID: <4B672C79.6040008@redhat.com> On 02/01/2010 02:05 PM, Rob Crittenden wrote: > Try to be a little smarter about base64 decoding certificates. For the > most part certificates are handled as DER blobs internally. When loading > certs from files or an NSS database they may come in as base64-endoded > blobs but they will also have BEGIN/END headers to use those to > distinguish between what should and shouldn't be decoded. > > Hopefully this will be the last we see of this. > > I was going to address some of the code duplication that John pointed > out earlier in this patch but figured I'd keep this short and simple and > do that work later. > > rob ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From pzuna at redhat.com Tue Feb 2 10:27:59 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Tue, 02 Feb 2010 11:27:59 +0100 Subject: [Freeipa-devel] Implementing --all as a global option Message-ID: <4B67FE2F.6010400@redhat.com> I've run into a little problem when implementing --all as a global option. The problem is that I can't see a way, to propagate it to the server side. Plugins could always retrieve all attributes and the client would choose what to display, but that would be very ineffective (especially when executing *-find commands). Either we add a way to pass additional information over XML-RPC (command independent flags) or we go back to non-global --all options. Thoughts? Pavel From rcritten at redhat.com Tue Feb 2 19:02:57 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 02 Feb 2010 14:02:57 -0500 Subject: [Freeipa-devel] [PATCH] 364 base64-encode binary data for outputting to cli In-Reply-To: <4B672C60.1080606@redhat.com> References: <4B67257D.4030608@redhat.com> <4B672C60.1080606@redhat.com> Message-ID: <4B6876E1.8040603@redhat.com> John Dennis wrote: > On 02/01/2010 02:03 PM, Rob Crittenden wrote: >> The python type (str or unicode) tells us whether a variable is binary >> or text. Use this knowledge to base64-encode binary data so we stop >> hosing up terminals, especially when displaying certificates. >> >> rob > > ACK > pushed to master From rcritten at redhat.com Tue Feb 2 19:03:04 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 02 Feb 2010 14:03:04 -0500 Subject: [Freeipa-devel] [PATCH] 365 be smarter about base64 decoding In-Reply-To: <4B672C79.6040008@redhat.com> References: <4B672600.7060102@redhat.com> <4B672C79.6040008@redhat.com> Message-ID: <4B6876E8.1080102@redhat.com> John Dennis wrote: > On 02/01/2010 02:05 PM, Rob Crittenden wrote: >> Try to be a little smarter about base64 decoding certificates. For the >> most part certificates are handled as DER blobs internally. When loading >> certs from files or an NSS database they may come in as base64-endoded >> blobs but they will also have BEGIN/END headers to use those to >> distinguish between what should and shouldn't be decoded. >> >> Hopefully this will be the last we see of this. >> >> I was going to address some of the code duplication that John pointed >> out earlier in this patch but figured I'd keep this short and simple and >> do that work later. >> >> rob > > ACK > pushed to master From rcritten at redhat.com Tue Feb 2 20:54:30 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 02 Feb 2010 15:54:30 -0500 Subject: [Freeipa-devel] [PATCH] add l10n support In-Reply-To: <4B647D8F.4000306@redhat.com> References: <4B647D8F.4000306@redhat.com> Message-ID: <4B689106.3000308@redhat.com> John Dennis wrote: > There are 2 patches attached which add internationalized message > catalog support (l10n, i.e. localization). The patch was split into 2 > pieces for easier review. The first patch contains only the > modifications to build components and the new framework. The second > patch adds all the translation files which really don't need review > because they're generated files but must be kept in our source code > repository for translators to update. > > The primary patch has two major changes: > > * modification of our existing build mechanism > > * a new directory install/po which contains the l10n framework and > translation catalogs. > > The first major change to the build mechanism was replacing the > autogen.sh script. I had discovered it was buggy, in particular it's > logic for comparing the version of tools was flawed (used just string > comparison so it thought version 7 of a tool was newer than version > 11). Also there didn't seem to be a reason for this script since the > autoregen tool is the preferred mechanism to bootstrap an autotools > build. Older OS's do not have autoregen but We only need to bootstrap > when we generate a distribution which can always be done on a current > Fedora system. > > The second part of the changes to the build mechanism were the > necessary modifications to build the l10n components. > > * edit Makefile.am to add the new subdir to descent into > > * Add new files to generate to configure.ac > > * Add new macros to configure.ac to find the gettext tools and set the > message catalog name. > > * Edit the spec file to add a build dependency on gettext and add the > translation files. > > Then add the l10n framework in install/po. There is a README there you > might want to peruse. The initial set of languages we'll provide > translations for is in the install/po/LINGUAS file. The set of files > to scan for translatable strings is in install/po/Makefile.in, we'll > need to manually update this file when we add or remove source files > containing translatable strings. > > We provide one message catalog for all strings in IPA. Message > catalogs are referred to as "domains". This means we have just one > domain for IPA and it's installed under the name "ipa". The message > catalogs are not partitioned by rpm component. The message catalogs > are provided in the ipapython rpm which all other rpms depend on. > > Please note, there is now a build dependency on gettext, most you > should already have this package installed. > > This patch does alter the way the build runs and it's possible it > might introduce a build failure. I have tested builds in clean trees > on F12 and did not have any problems. I wanted to do a scratch build > for Fedora just to bullet proof but I couldn't figure out how to do > it. I'll of course fix any build issue which might arise that I didn't > catch earlier. > > Jason and I did discuss adding a "test" language to test translations > in our test framework. This patch does not include that, but it's not > hard to add once this patch is in place. > > John We discussed in IRC whether we should include the untranslated po files or not. The sssd project only ships those that are already translated, I'm wondering if we should take a simliar approach. One advantage is we could quickly see what translations (or partial translations) we have by merely seeing what po files there are. Otherwise I guess we'd have to look in each one to be able to tell. It otherwise applies and builds fine, I don't otherwise see any problems with this patch. rob From jdennis at redhat.com Tue Feb 2 21:06:05 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 02 Feb 2010 16:06:05 -0500 Subject: [Freeipa-devel] [PATCH] add l10n support In-Reply-To: <4B689106.3000308@redhat.com> References: <4B647D8F.4000306@redhat.com> <4B689106.3000308@redhat.com> Message-ID: <4B6893BD.5080903@redhat.com> On 02/02/2010 03:54 PM, Rob Crittenden wrote: > We discussed in IRC whether we should include the untranslated po files > or not. The sssd project only ships those that are already translated, > I'm wondering if we should take a simliar approach. > > One advantage is we could quickly see what translations (or partial > translations) we have by merely seeing what po files there are. > Otherwise I guess we'd have to look in each one to be able to tell. > > It otherwise applies and builds fine, I don't otherwise see any problems > with this patch. > > rob Let me track down how transifex wants to handle po files. I think it's o.k. to only initially supply the ipa.pot file and let the translator generate the .po from the ipa.pot file in git. We would then get a patch from the translator adding the .po and we can then also update the LINGUAS file. If it looks like that's the right way to work with transifex (which I think it is) I'll resubmit the patch with just those changes. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From rcritten at redhat.com Tue Feb 2 22:22:03 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 02 Feb 2010 17:22:03 -0500 Subject: [Freeipa-devel] [PATCH] 366 don't reset log level Message-ID: <4B68A58B.9040803@redhat.com> Don't let the framework reset the log level of an existing log handler. In the installer we initialize logging and set the log level of the install/uninstall log to DEBUG. When we initialize the framework later it resets the log level to INFO which means we lose a lot of information in the logs, particularly a problem when there are failures. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-366-log.patch Type: application/mbox Size: 1193 bytes Desc: not available URL: From rcritten at redhat.com Tue Feb 2 22:23:07 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 02 Feb 2010 17:23:07 -0500 Subject: [Freeipa-devel] [PATCH] 367 fix some encoding issues Message-ID: <4B68A5CB.6030102@redhat.com> I forgot the 'make test' step before submitting my base64 encoding in the cli patch. This fixes a few minor embedded documentation test failures and a limitation that it only accepted string types. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-367-cli.patch Type: application/mbox Size: 2990 bytes Desc: not available URL: From jdennis at redhat.com Tue Feb 2 22:26:43 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 02 Feb 2010 17:26:43 -0500 Subject: [Freeipa-devel] [PATCH] 366 don't reset log level In-Reply-To: <4B68A58B.9040803@redhat.com> References: <4B68A58B.9040803@redhat.com> Message-ID: <4B68A6A3.9060702@redhat.com> On 02/02/2010 05:22 PM, Rob Crittenden wrote: > Don't let the framework reset the log level of an existing log handler. > In the installer we initialize logging and set the log level of the > install/uninstall log to DEBUG. When we initialize the framework later > it resets the log level to INFO which means we lose a lot of information > in the logs, particularly a problem when there are failures. > > rob ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jdennis at redhat.com Tue Feb 2 22:43:03 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 02 Feb 2010 17:43:03 -0500 Subject: [Freeipa-devel] [PATCH] 367 fix some encoding issues In-Reply-To: <4B68A5CB.6030102@redhat.com> References: <4B68A5CB.6030102@redhat.com> Message-ID: <4B68AA77.3080208@redhat.com> On 02/02/2010 05:23 PM, Rob Crittenden wrote: > I forgot the 'make test' step before submitting my base64 encoding in > the cli patch. This fixes a few minor embedded documentation test > failures and a limitation that it only accepted string types. > > rob ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jdennis at redhat.com Tue Feb 2 22:49:41 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 02 Feb 2010 17:49:41 -0500 Subject: [Freeipa-devel] [PATCH] 355 allow named to use ldapi In-Reply-To: <4B6099D2.7080205@redhat.com> References: <4B6099D2.7080205@redhat.com> Message-ID: <4B68AC05.9080605@redhat.com> On 01/27/2010 02:53 PM, Rob Crittenden wrote: > Add SELinux rules so named can communicate to the DS over ldapi. > > This should fix the installation error when --setup-dns is set and > SELinux is enforcing. ACK to the patch of selinux/ipa_httpd/ipa_httpd.te which is *not* the subject line -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jdennis at redhat.com Tue Feb 2 22:51:05 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 02 Feb 2010 17:51:05 -0500 Subject: [Freeipa-devel] [PATCH] 357 ipa-server-install man updates In-Reply-To: <4B60BDE6.8050206@redhat.com> References: <4B60BDE6.8050206@redhat.com> Message-ID: <4B68AC59.2050905@redhat.com> On 01/27/2010 05:27 PM, Rob Crittenden wrote: > Bring ipa-server-install man page up-to-date, fix some syntax errors: > > Remove a bunch of trailing spaces > Add the --ca option > Add the --no-host-dns option > Add the --subject option > Fix the one-character option for --no-ntp, should be -N not -n > Add missing line break between --no-ntp and --uninstall > > rob ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From rcritten at redhat.com Wed Feb 3 03:56:26 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 02 Feb 2010 22:56:26 -0500 Subject: [Freeipa-devel] [PATCH] 368 remove some duplicate code Message-ID: <4B68F3EA.6070300@redhat.com> Move the dogtag HTTP and HTTPS request functions to a common library to remove duplication. I'm next planning on moving the XML parsing code into ipapython/dogtag because that is needed by the installer as well to identify errors. This is going to be quite a bit messier I think. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-368-dogtag.patch Type: application/mbox Size: 12953 bytes Desc: not available URL: From jderose at redhat.com Wed Feb 3 10:07:31 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 03 Feb 2010 03:07:31 -0700 Subject: [Freeipa-devel] [PATCH] Remove (un)wrap_binary_data cruft from */ipautil.py In-Reply-To: <1264700109-20661-1-git-send-email-jdennis@redhat.com> References: <1264700109-20661-1-git-send-email-jdennis@redhat.com> Message-ID: <1265191651.19231.7.camel@jgd-dsk> On Thu, 2010-01-28 at 12:35 -0500, John Dennis wrote: > Remove SAFE_STRING_PATTERN, safe_string_re, needs_base64(), > wrap_binary_data(), unwrap_binary_data() from both instances > of ipautil.py. This code is no longer in use and the > SAFE_STRING_PATTERN regular expression string was causing xgettext > to abort because it wasn't a valid ASCII string. > --- > ipapython/ipautil.py | 62 -------------------------------------------------- > ipaserver/ipautil.py | 62 -------------------------------------------------- > 2 files changed, 0 insertions(+), 124 deletions(-) Patch looks good, but I get an error when trying to apply with `git am`: Patch does not have a valid e-mail address. Did you figure out your attachment problem? For what it's worth, I prepare patches with `git format-patch -1` and then manually attach the patch to an email (I'm using Evolution). Could you submit this again? Or if someone with more git experience could instruct me as to a work-around. From jderose at redhat.com Wed Feb 3 11:17:51 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 03 Feb 2010 04:17:51 -0700 Subject: [Freeipa-devel] [PATCH] jderose 038 Fix ipalib doctest Message-ID: <1265195871.19231.20.camel@jgd-dsk> This patch fixes doctests in ipalib/__init__.py that were broken by Rob's "364 base64-encode binary data..." patch. This patch also removes the unneeded use of textui.encode_binary() in the textui.print_keyval() method. repr('cannot print me') will escape non-ascii characters using the Python \xHH hexadecimal literal notation... so the output will be terminal safe even without base64 encoding. textui.print_keyval() isn't being used at the moment, AFAIK, but it's indented for developer-centric debugging type commands where printing the repr() is helpful. P.S.: I think it might have got lost in the shuffle, but could someone ack my 037 patch? With 037 and this patch, all the unit tests should be working again. -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-038-Fix-doctest-for-ipalib-package.patch Type: text/x-patch Size: 2539 bytes Desc: not available URL: From jdennis at redhat.com Wed Feb 3 14:34:41 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 03 Feb 2010 09:34:41 -0500 Subject: [Freeipa-devel] [PATCH] Remove (un)wrap_binary_data cruft from */ipautil.py In-Reply-To: <1265191651.19231.7.camel@jgd-dsk> References: <1264700109-20661-1-git-send-email-jdennis@redhat.com> <1265191651.19231.7.camel@jgd-dsk> Message-ID: <4B698981.7010408@redhat.com> On 02/03/2010 05:07 AM, Jason Gerard DeRose wrote: > Could you submit this again? Done, attached. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Remove-un-wrap_binary_data-cruft-from-ipautil.py.patch Type: text/x-patch Size: 5429 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 3 14:51:06 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 09:51:06 -0500 Subject: [Freeipa-devel] [PATCH] Remove (un)wrap_binary_data cruft from */ipautil.py In-Reply-To: <4B698981.7010408@redhat.com> References: <1264700109-20661-1-git-send-email-jdennis@redhat.com> <1265191651.19231.7.camel@jgd-dsk> <4B698981.7010408@redhat.com> Message-ID: <4B698D5A.7070706@redhat.com> John Dennis wrote: > On 02/03/2010 05:07 AM, Jason Gerard DeRose wrote: > >> Could you submit this again? > > Done, attached. This patch has already been committed. Jason, btw what I did was to copy the entire message, headers and all, and give that to git-am. It was able to grok things ok. The update attachment is much easier to handle though. rob From rcritten at redhat.com Wed Feb 3 15:05:11 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 10:05:11 -0500 Subject: [Freeipa-devel] [PATCH] jderose 037 Fix broken unit tests In-Reply-To: <1264602340.14486.38.camel@jgd-dsk> References: <1264602340.14486.38.camel@jgd-dsk> Message-ID: <4B6990A7.7040207@redhat.com> Jason Gerard DeRose wrote: > This patch gets (almost) all the XML-RPC tests working again under > Fedora12. Some may not pass under Fedora11 due to 389 schema changes, > but Fedora12 should be our primary test target at this point, IHMO. > Does anyone disagree? > > 3 cert tests still fail, but I'm not familiar enough with the cert > plugins to confidently decide whether the tests need to be updated or > whether something is broken. Rob or John, could you take a look at > these when you get a chance? > > We really need to get strict about patches with regard to tests. If a > patch breaks a test, the test needs to be updated in that same patch (or > if the test is correct, the code needs to be updated). If a patch > introduces new functionality, it must be accompanied by tests. > > Rob and Pavel, I'm looking at you. If tests no passy, no acky-acky. ;) > > I know I've been at fault too, but I've already scolded myself off-list. I'd rather you simply remove the extra attributes rather than commenting them out. If we aren't going to be providing them to the end-user we should eliminate them from the tests as well. But there seems to be a deeper problem here, the question is: why aren't these attributes appearing? In the case of 'l' or 'localityname' it seems to be a bug. It is in the default_attributes list in the host plugin but it isn't being returned by host_show(). I also wonder if we really should be returning uidnumber and gidnumber, they seem kinda handy. IIRC I based the output of the v1 ipa-finduser on finger which doesn't include these values. So nack for now until we can figure out what is going on under the hood. rob From rcritten at redhat.com Wed Feb 3 16:50:21 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 11:50:21 -0500 Subject: [Freeipa-devel] [PATCH] jderose 038 Fix ipalib doctest In-Reply-To: <1265195871.19231.20.camel@jgd-dsk> References: <1265195871.19231.20.camel@jgd-dsk> Message-ID: <4B69A94D.9090405@redhat.com> Jason Gerard DeRose wrote: > This patch fixes doctests in ipalib/__init__.py that were broken by > Rob's "364 base64-encode binary data..." patch. > > This patch also removes the unneeded use of textui.encode_binary() in > the textui.print_keyval() method. repr('cannot print me') will escape > non-ascii characters using the Python \xHH hexadecimal literal > notation... so the output will be terminal safe even without base64 > encoding. > > textui.print_keyval() isn't being used at the moment, AFAIK, but it's > indented for developer-centric debugging type commands where printing > the repr() is helpful. Ok, this is essentially identical to my patch "367 fix some encoding issues". I had 2 other changes not included: 1. Remove the assert in encode_binary() 2. I had a fix for the docstrings in the textui class related to the value of production. Did you not run into this one? rob > > > P.S.: I think it might have got lost in the shuffle, but could someone > ack my 037 patch? With 037 and this patch, all the unit tests should be > working again. From rcritten at redhat.com Wed Feb 3 16:52:31 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 11:52:31 -0500 Subject: [Freeipa-devel] [PATCH] 366 don't reset log level In-Reply-To: <4B68A6A3.9060702@redhat.com> References: <4B68A58B.9040803@redhat.com> <4B68A6A3.9060702@redhat.com> Message-ID: <4B69A9CF.8080600@redhat.com> John Dennis wrote: > On 02/02/2010 05:22 PM, Rob Crittenden wrote: >> Don't let the framework reset the log level of an existing log handler. >> In the installer we initialize logging and set the log level of the >> install/uninstall log to DEBUG. When we initialize the framework later >> it resets the log level to INFO which means we lose a lot of information >> in the logs, particularly a problem when there are failures. >> >> rob > > ACK > pushed to master From rcritten at redhat.com Wed Feb 3 18:23:13 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 13:23:13 -0500 Subject: [Freeipa-devel] [PATCH] 359 allow cert renewal In-Reply-To: <4B620319.6050209@redhat.com> References: <4B61FE0E.5000501@redhat.com> <4B61FEB7.80001@redhat.com> <4B620319.6050209@redhat.com> Message-ID: <4B69BF11.9090802@redhat.com> John Dennis wrote: > On 01/28/2010 04:16 PM, Rob Crittenden wrote: >> Rob Crittenden wrote: >>> Be a bit smarter about decoding certificates that might be base64 >>> encoded. First see if it only contains those characters allowed before >>> trying to decode it. This reduces the number of false positives. >>> >>> rob >> >> >> Er, duh, I got this description goofed up. > > ACK to the correct patch > I pushed a slightly modified patch. I've done away with the --revoke flag for now. I wanted a way to warn the user that they are about to overwrite an existing cert. This raises other issues though and would require some changes to the certmonger program so for now I'll just let it overwrite. rob From rcritten at redhat.com Wed Feb 3 18:28:19 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 13:28:19 -0500 Subject: [Freeipa-devel] [PATCH 363 find all group pwd policy In-Reply-To: <4B62DF58.3010600@redhat.com> References: <4B620F02.4090908@redhat.com> <4B62DF58.3010600@redhat.com> Message-ID: <4B69C043.9090401@redhat.com> Pavel Zuna wrote: > Rob Crittenden wrote: >> Provide pwpolicy-find command to display all group-specific password >> policies. >> >> find is a bit of a misnomer since you can't provide any terms to limit >> the search scope, but it's a start. I'm not sure this is the kind of >> thing we need/want to be able to query things like "give me all the >> policies where the max lifetime is > 20 days". But I could be wrong. >> >> rob >> > > entries = tuple(e for (dn, e) in entries) > for entry in xrange(len(entries)): > _convert_time_for_output(entries[entry]) > > Should be: > > for e in entries: > _convert_time_for_output(e[1]) > e[1]['dn'] = e[0] > entries = tuple(e for (dn, e) in entries) > > Otherwise DNs is lost in the conversion from (dn, entry_attrs) to > entry_with_dn_as_dict. Also, there's no need for xrange - I'm using it > myself in LDAPSearch.execute(), but that's because I overwrite elements > in the entries list. (And as I think about it now, overwriting elements > there is also unnecessary, so it will be removed in a future patch.) > > Everything else about the patch is fine. > > Pavel Good point about the dn, fixed and pushed to master. rob From rcritten at redhat.com Wed Feb 3 19:42:27 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 14:42:27 -0500 Subject: [Freeipa-devel] [PATCH] 355 allow named to use ldapi In-Reply-To: <4B68AC05.9080605@redhat.com> References: <4B6099D2.7080205@redhat.com> <4B68AC05.9080605@redhat.com> Message-ID: <4B69D1A3.5090509@redhat.com> John Dennis wrote: > On 01/27/2010 02:53 PM, Rob Crittenden wrote: >> Add SELinux rules so named can communicate to the DS over ldapi. >> >> This should fix the installation error when --setup-dns is set and >> SELinux is enforcing. > > ACK > to the patch of selinux/ipa_httpd/ipa_httpd.te > which is *not* the subject line > Yeah, I guess it is a little confusing to have this rule in a file named *httpd*. Perhaps we can split things out. pushed to master From rcritten at redhat.com Wed Feb 3 19:43:40 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 14:43:40 -0500 Subject: [Freeipa-devel] [PATCH] fix error message to be i18n translator friendly In-Reply-To: <1264701420-21093-1-git-send-email-jdennis@redhat.com> References: <1264701420-21093-1-git-send-email-jdennis@redhat.com> Message-ID: <4B69D1EC.5040604@redhat.com> John Dennis wrote: > This error message was producing a warning from xgettext > because there were multiple substations in the string. > In some languages it may be necessary to reorder the > substitutions for a proper translation, this is only > possible if the substitutions use named values. > --- > ipaserver/plugins/selfsign.py | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > pushed to master From rcritten at redhat.com Wed Feb 3 19:43:50 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 14:43:50 -0500 Subject: [Freeipa-devel] [PATCH] 357 ipa-server-install man updates In-Reply-To: <4B68AC59.2050905@redhat.com> References: <4B60BDE6.8050206@redhat.com> <4B68AC59.2050905@redhat.com> Message-ID: <4B69D1F6.8010409@redhat.com> John Dennis wrote: > On 01/27/2010 05:27 PM, Rob Crittenden wrote: >> Bring ipa-server-install man page up-to-date, fix some syntax errors: >> >> Remove a bunch of trailing spaces >> Add the --ca option >> Add the --no-host-dns option >> Add the --subject option >> Fix the one-character option for --no-ntp, should be -N not -n >> Add missing line break between --no-ntp and --uninstall >> >> rob > > ACK > pushed to master From rcritten at redhat.com Wed Feb 3 19:50:29 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 14:50:29 -0500 Subject: [Freeipa-devel] [PATCH] fix install example error Message-ID: <4B69D385.6060104@redhat.com> I pushed this patch under the 1-line trivial rule. I just changed the command name in the sample we provide at the end of installation: --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -798,7 +798,7 @@ def main(): print "\t\t * 123: ntp" print "" print "\t2. You can now obtain a kerberos ticket using the command: 'kinit admin'" - print "\t This ticket will allow you to use the IPA tools (e.g., ipa-adduser)" + print "\t This ticket will allow you to use the IPA tools (e.g., ipa user-add)" print "\t and the web user interface." if not service.is_running("ntpd"): From rcritten at redhat.com Wed Feb 3 19:57:48 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 14:57:48 -0500 Subject: [Freeipa-devel] [PATCH] 369 fix word usage in installer Message-ID: <4B69D53C.9000306@redhat.com> Proper use of "set up" vs "setup". rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-369-setup.patch Type: application/mbox Size: 1661 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 3 20:41:48 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 15:41:48 -0500 Subject: [Freeipa-devel] [PATCH] 353 enable sssd and certmonger In-Reply-To: <1264026577.3535.17.camel@wolverine.englab.brq.redhat.com> References: <4B577D24.8010401@redhat.com> <1264026577.3535.17.camel@wolverine.englab.brq.redhat.com> Message-ID: <4B69DF8C.1060407@redhat.com> Martin Nagy wrote: > On Wed, 2010-01-20 at 17:01 -0500, Rob Crittenden wrote: >> Configure sssd and certmonger in ipa-client-install >> >> This does a number of things under the hood: >> >> - Use authconfig to enable sssd in nss and pam >> - Configure /etc/sssd/sssd.conf to use our IPA provider >> - Enable the certmonger process and request a server cert >> - join the IPA domain and retrieve a principal. The clinet machine >> *must* exist in IPA to be able to do a join. >> - And then undo all this on uninstall >> rob > > Heh, joining FreeIPA and SSSD at last, cool :-) > > ACK > > Martin > Pushed to master certmonger is in updates-testing right now so to install you'll need to enable the updates-testing repo. rob From rcritten at redhat.com Wed Feb 3 21:27:34 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 16:27:34 -0500 Subject: [Freeipa-devel] [PATCH] 370 set default log level Message-ID: <4B69EA46.6080503@redhat.com> The ipa-*-manage programs had the default log level set to NOTSET which was causing copious logging to occur. Setting it to ERROR fixes this. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-370-log.patch Type: application/mbox Size: 1178 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 3 21:33:20 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 16:33:20 -0500 Subject: [Freeipa-devel] [PATCH] 371 add status to ipactl Message-ID: <4B69EBA0.7030900@redhat.com> We had an RFE for adding status to ipactl, seemed like low-hanging fruit (bug 503437) rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-371-ipactl.patch Type: application/mbox Size: 1121 bytes Desc: not available URL: From jdennis at redhat.com Wed Feb 3 21:39:46 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 03 Feb 2010 16:39:46 -0500 Subject: [Freeipa-devel] [PATCH] 370 set default log level In-Reply-To: <4B69EA46.6080503@redhat.com> References: <4B69EA46.6080503@redhat.com> Message-ID: <4B69ED22.8050305@redhat.com> On 02/03/2010 04:27 PM, Rob Crittenden wrote: > The ipa-*-manage programs had the default log level set to NOTSET which > was causing copious logging to occur. Setting it to ERROR fixes this. ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From rcritten at redhat.com Wed Feb 3 21:58:52 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 16:58:52 -0500 Subject: [Freeipa-devel] [PATCH] 373 fix ipa-getkeytab man page Message-ID: <4B69F19C.4030902@redhat.com> The usage on the man page didn't follow standard conventions. Optional arguments shouldn't be enclosed in brackets []. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-373-man.patch Type: application/mbox Size: 991 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 3 22:44:43 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 03 Feb 2010 17:44:43 -0500 Subject: [Freeipa-devel] [PATCH] 374 don't make assumptions about cwd Message-ID: <4B69FC5B.4040700@redhat.com> Don't assume that cwd exists or is writable. I had worked on this previously so that we change to a known writable directory when issuing server certs. Enhance that so we change to the NSS db dir when issuing the self-signed CA. certutil wants to write a file to the cwd when generating a key so we need to be some place writable. Also handle the case where cwd is an invalid directory. I tested this with: term 1: mkdir foo cd foo term 2: rmdir foo term 1: ipa-server-install ... Probably not a major issue but not hard to more carefully handle it either. The installation will still fail but at least we have a good message when it does. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-374-chdir.patch Type: application/mbox Size: 1725 bytes Desc: not available URL: From davido at redhat.com Thu Feb 4 00:10:44 2010 From: davido at redhat.com (David O'Brien) Date: Thu, 04 Feb 2010 10:10:44 +1000 Subject: [Freeipa-devel] [PATCH] 369 fix word usage in installer In-Reply-To: <4B69D53C.9000306@redhat.com> References: <4B69D53C.9000306@redhat.com> Message-ID: <4B6A1084.6060309@redhat.com> Rob Crittenden wrote: > Proper use of "set up" vs "setup". > > rob I don't know how pedantic you want to get in these messages, but: 1. "setup" is a noun 2. "set up" is a verb 3. "set-up" is a compound adjective So, for print "on the computer (i.e. a non-root user). The set up procedure" If you're describing the procedure, this would appear as "The set-up procedure" in our documentation, same as you did for "server-specific operations". The other variants are correct. /nit-pick -- David O'Brien Senior Technical Writer, Engineering Content Services Red Hat Asia Pacific Pty Ltd 193 North Quay, Brisbane +61 7 3514 8189 http://freeipa.org/page/DocumentationPortal http://git.fedorahosted.org/git/ipadocs.git http://www.opensource.com He who asks is a fool for five minutes, but he who does not ask remains a fool forever." ~ Chinese proverb From pzuna at redhat.com Thu Feb 4 14:55:57 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Thu, 04 Feb 2010 15:55:57 +0100 Subject: [Freeipa-devel] Implementing --all as a global option In-Reply-To: <4B67FE2F.6010400@redhat.com> References: <4B67FE2F.6010400@redhat.com> Message-ID: <4B6ADFFD.9070803@redhat.com> Pavel Zuna wrote: > I've run into a little problem when implementing --all as a global > option. The problem is that I can't see a way, to propagate it to the > server side. Plugins could always retrieve all attributes and the client > would choose what to display, but that would be very ineffective > (especially when executing *-find commands). > > Either we add a way to pass additional information over XML-RPC (command > independent flags) or we go back to non-global --all options. > > Thoughts? > > Pavel > Hey Jason, we talked about this a bit on Tuesday meeting and you mentioned having some plans about extending the information being transmitted over XML-RPC. I remember something about "extras" and "cookies", but that's pretty much it. If you could just summarize what you had in mind, I'll start figuring stuff out and implementing it. Pavel From pzuna at redhat.com Thu Feb 4 15:39:31 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Thu, 04 Feb 2010 16:39:31 +0100 Subject: [Freeipa-devel] [PATCH] Fix condition bug in ipa-pwd-extop plugin. Variable used uninitialized. [Was: Re: Adding new IPA users on the CLI] In-Reply-To: <4B6ADC7E.5010701@redhat.com> References: <4B6A585E.2060704@redhat.com> <4B6ADC7E.5010701@redhat.com> Message-ID: <4B6AEA33.7000500@redhat.com> Rob Crittenden wrote: > David O'Brien wrote: >> I tried this: >> >> # /usr/bin/ipa user-add --first=My --last=Name --password >> User login [mname]: >> password: >> Enter password again to verify: >> ipa: ERROR: Constraint violation:pre-hashed passwords are not valid >> >> I entered "password" as the password. >> If I enter nothing, it seems to create the user ok, but without a >> password (I think), so I don't know how to get a ticket. None of the >> shortened options (-f, -l, -p, etc.,) from v1.x work, either. > > This seems related to the changes we made for password migration. Pavel, > can you take a look? It is easily reproduced. > > rob > Programming mistake on my part. This should fix it. I also replaced all conditions, that assume LDAP_SUCCESS == 0. Please, add me to CC next time, otherwise I might take longer to notice. :) Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-condition-bug-in-ipa-pwd-extop-plugin.-Variable-.patch Type: application/mbox Size: 2679 bytes Desc: not available URL: From jderose at redhat.com Thu Feb 4 15:46:51 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Thu, 04 Feb 2010 08:46:51 -0700 Subject: [Freeipa-devel] Implementing --all as a global option In-Reply-To: <4B6ADFFD.9070803@redhat.com> References: <4B67FE2F.6010400@redhat.com> <4B6ADFFD.9070803@redhat.com> Message-ID: <1265298411.6813.39.camel@jgd-dsk> On Thu, 2010-02-04 at 15:55 +0100, Pavel Zuna wrote: > Pavel Zuna wrote: > > I've run into a little problem when implementing --all as a global > > option. The problem is that I can't see a way, to propagate it to the > > server side. Plugins could always retrieve all attributes and the client > > would choose what to display, but that would be very ineffective > > (especially when executing *-find commands). > > > > Either we add a way to pass additional information over XML-RPC (command > > independent flags) or we go back to non-global --all options. > > > > Thoughts? > > > > Pavel > > > > Hey Jason, > we talked about this a bit on Tuesday meeting and you mentioned having some > plans about extending the information being transmitted over XML-RPC. I remember > something about "extras" and "cookies", but that's pretty much it. If you could > just summarize what you had in mind, I'll start figuring stuff out and > implementing it. > > Pavel > Sure. XML-RPC arguments are supplied in a single params list (this is the XML-RPC spec, not an IPA specific thing). Right now our calling signature is: [arg1, arg2, ..., argN, ] We make an educated guess as to whether the last argument is in fact an options dict based on its type. This works for now as the parameter system doesn't yet support compound dict values (it only supports compound list values, which you create using multivalue=True). I'm sure it's only a matter of time till we need compound dict values, so we really need to change the XML-RPC signature before we release v2 and become obligated to stay backward compatible. I propose we change the signature to: [args, options, extra] Where: `args` is a list of arguments for the command (can be empty) `options` is a dict of options for the command (can be empty) `extra` is a dict of extensible special variables (can be empty) We really need the `extra` dict because a lot of XML-RPC libraries don't make it especially easy (if even possible) to set HTTP headers (the Python implementation included). So my main use case for `extra` is to pass things like cookies and the locale when they can't be supplied in the HTTP headers. Global options like --all are also a great use case for `extra`, and I'm sure we'll have more down the road. If something like the locale is present in both the HTTP headers and in `extra`, the value in `extra` should take precedence. We should allow `extra`, `options`, and `args` to be missing in the call so that all of these would be valid calls: [] # Implies [[], {}, {}] [['foo']] # Implies [['foo'], {}, {}] [[], {'foo': 'bar'}] # Implies [[], {'foo': 'bar'}, {}] [[], {}, {'foo': 'bar'}] Make sense? Does anyone disagree with this approach, have suggestions? The JSON-RPC call signature is already [args, options]... and I'll change this to [args, options, extra] shorty after the alpha release. From nalin at redhat.com Thu Feb 4 15:52:06 2010 From: nalin at redhat.com (Nalin Dahyabhai) Date: Thu, 4 Feb 2010 10:52:06 -0500 Subject: [Freeipa-devel] [PATCH] add krbCanonicalName to the schema Message-ID: <20100204155206.GA502@redhat.com> We'll need to incorporate this from krb5 1.7 as a prerequisite for maybe issuing server referrals at some point. Nalin -------------- next part -------------- >From d0faa0e87ea1f4c211d29f78dc95e7953eaabee6 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 4 Feb 2010 10:46:43 -0500 Subject: [PATCH 1/1] - pull in updated schema which adds the krbCanonicalName attribute --- install/share/60kerberos.ldif | 16 +++++++++++++++- 1 files changed, 15 insertions(+), 1 deletions(-) diff --git a/install/share/60kerberos.ldif b/install/share/60kerberos.ldif index 3431d22..edfdb57 100644 --- a/install/share/60kerberos.ldif +++ b/install/share/60kerberos.ldif @@ -21,12 +21,26 @@ dn: cn=schema # specific syntax definitions # Kerberos Object Class(6) class# version# # specific class definitions +# +# iso(1) +# member-body(2) +# United States(840) +# mit (113554) +# infosys(1) +# ldap(4) +# attributeTypes(1) +# Kerberos(6) ######################################################################## ######################################################################## # Attribute Type Definitions # ######################################################################## ##### This is the principal name in the RFC 1964 specified format attributetypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) +##### If there are multiple krbPrincipalName values for an entry, this +##### is the canonical principal name in the RFC 1964 specified +##### format. (If this attribute does not exist, then all +##### krbPrincipalName values are treated as canonical.) +attributetypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) ##### This specifies the type of the principal, the types could be any of ##### the types mentioned in section 6.2 of RFC 4120 attributetypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) @@ -262,7 +276,7 @@ objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP ( krbSer objectClasses: ( 2.16.840.1.113719.1.301.6.5.1 NAME 'krbPwdService' SUP ( krbService ) ) ###### The principal data auxiliary class. Holds principal information ###### and is used to store principal information for Person, Service objects. -objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' AUXILIARY MAY ( krbPrincipalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' AUXILIARY MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData ) ) ###### This class is used to create additional principals and stand alone principals. objectClasses: ( 2.16.840.1.113719.1.301.6.9.1 NAME 'krbPrincipal' SUP ( top ) MUST ( krbPrincipalName ) MAY ( krbObjectReferences ) ) ###### The principal references auxiliary class. Holds all principals referred -- 1.6.6.1 From rcritten at redhat.com Thu Feb 4 16:10:25 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 04 Feb 2010 11:10:25 -0500 Subject: [Freeipa-devel] [PATCH] Fix condition bug in ipa-pwd-extop plugin. Variable used uninitialized. [Was: Re: Adding new IPA users on the CLI] In-Reply-To: <4B6AEA33.7000500@redhat.com> References: <4B6A585E.2060704@redhat.com> <4B6ADC7E.5010701@redhat.com> <4B6AEA33.7000500@redhat.com> Message-ID: <4B6AF171.4090109@redhat.com> Pavel Zuna wrote: > Rob Crittenden wrote: >> David O'Brien wrote: >>> I tried this: >>> >>> # /usr/bin/ipa user-add --first=My --last=Name --password >>> User login [mname]: >>> password: >>> Enter password again to verify: >>> ipa: ERROR: Constraint violation:pre-hashed passwords are not valid >>> >>> I entered "password" as the password. >>> If I enter nothing, it seems to create the user ok, but without a >>> password (I think), so I don't know how to get a ticket. None of the >>> shortened options (-f, -l, -p, etc.,) from v1.x work, either. >> >> This seems related to the changes we made for password migration. >> Pavel, can you take a look? It is easily reproduced. >> >> rob >> > Programming mistake on my part. This should fix it. I also replaced all > conditions, that assume LDAP_SUCCESS == 0. > > Please, add me to CC next time, otherwise I might take longer to notice. :) > > Pavel Ack, pushed to master. rob From rcritten at redhat.com Thu Feb 4 16:36:30 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 04 Feb 2010 11:36:30 -0500 Subject: [Freeipa-devel] [PATCH] add krbCanonicalName to the schema In-Reply-To: <20100204155206.GA502@redhat.com> References: <20100204155206.GA502@redhat.com> Message-ID: <4B6AF78E.7030109@redhat.com> Nalin Dahyabhai wrote: > We'll need to incorporate this from krb5 1.7 as a prerequisite for maybe > issuing server referrals at some point. > > Nalin ack, pushed to master. From rcritten at redhat.com Thu Feb 4 16:37:09 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 04 Feb 2010 11:37:09 -0500 Subject: [Freeipa-devel] [PATCH] 370 set default log level In-Reply-To: <4B69ED22.8050305@redhat.com> References: <4B69EA46.6080503@redhat.com> <4B69ED22.8050305@redhat.com> Message-ID: <4B6AF7B5.7020100@redhat.com> John Dennis wrote: > On 02/03/2010 04:27 PM, Rob Crittenden wrote: >> The ipa-*-manage programs had the default log level set to NOTSET which >> was causing copious logging to occur. Setting it to ERROR fixes this. > > ACK > pushed to master From jderose at redhat.com Thu Feb 4 17:34:42 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Thu, 04 Feb 2010 10:34:42 -0700 Subject: [Freeipa-devel] [PATCH] jderose 039 Add support for the 'no_create', 'no_update', and 'no_search' Param flags Message-ID: <1265304882.6813.47.camel@jgd-dsk> This feature will help restore some missing CLI functionality. It's also a step toward making sure all our attribute metadata is plugable with a per-attribute granularity. See the new module docstring in ipalib/crud.py for details. -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-039-no_create-and-friends.patch Type: text/x-patch Size: 7765 bytes Desc: not available URL: From nalin at redhat.com Thu Feb 4 23:01:17 2010 From: nalin at redhat.com (Nalin Dahyabhai) Date: Thu, 4 Feb 2010 18:01:17 -0500 Subject: [Freeipa-devel] [PATCH] more basic stuff for krbCanonicalName Message-ID: <20100204230117.GD502@redhat.com> Just like the krbPrincipalName attribute, we want to let the KDC read the krbCanonicalName, if it's set, and we want it to be unique as well. Nalin -------------- next part -------------- >From ff32dfe1f68a3ec20d247adbe042307eeb919e6b Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 4 Feb 2010 11:02:49 -0500 Subject: [PATCH 1/2] - allow the KDC to read krbCanonicalName --- install/share/default-aci.ldif | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index 9c058ae..3f74690 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -10,7 +10,7 @@ aci: (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaN aci: (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Password change service can read/write passwords"; allow (read, write) userdn="ldap:///krbprincipalname=kadmin/changepw@$REALM,cn=$REALM,cn=kerberos,$SUFFIX";) aci: (targetattr = "userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "KDC System Account can access passwords"; allow (all) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) aci: (targetattr = "krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "KDC System Account can update some fields"; allow (write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) -aci: (targetattr = "krbPrincipalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "Only the KDC System Account has access to kerberos material"; allow (read, search, compare) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) +aci: (targetattr = "krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "Only the KDC System Account has access to kerberos material"; allow (read, search, compare) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) aci: (targetfilter = "(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))")(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add, delete, read, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) aci: (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) aci: (targetattr = "givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou")(version 3.0;acl "Self service";allow (write) userdn = "ldap:///self";) @@ -35,7 +35,7 @@ aci: (targetfilter = "(objectClass=radiusprofile)")(targetattr != "aci || userPa dn: cn=services,cn=accounts,$SUFFIX changetype: modify add: aci -aci: (targetattr="krbPrincipalName || krbUPEnabled || krbPrincipalKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData")(version 3.0; acl "KDC System Account"; allow (read, search, compare, write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) +aci: (targetattr="krbPrincipalName || krbCanonicalName || krbUPEnabled || krbPrincipalKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData")(version 3.0; acl "KDC System Account"; allow (read, search, compare, write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) # Define which hosts can edit services dn: cn=services,cn=accounts,$SUFFIX -- 1.6.6.1 -------------- next part -------------- >From 6edabfa2ccc3ca9216108e301f553da83c9aa9ad Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 4 Feb 2010 11:07:48 -0500 Subject: [PATCH 2/2] - also ensure that krbCanonicalName is unique --- install/share/unique-attributes.ldif | 18 ++++++++++++++++++ 1 files changed, 18 insertions(+), 0 deletions(-) diff --git a/install/share/unique-attributes.ldif b/install/share/unique-attributes.ldif index 764c632..7cc684d 100644 --- a/install/share/unique-attributes.ldif +++ b/install/share/unique-attributes.ldif @@ -16,6 +16,24 @@ nsslapd-pluginVersion: 1.1.0 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: Enforce unique attribute values +dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config +changetype: add +objectClass: top +objectClass: nsSlapdPlugin +objectClass: extensibleObject +cn: krbCanonicalName uniqueness +nsslapd-pluginPath: libattr-unique-plugin +nsslapd-pluginInitfunc: NSUniqueAttr_Init +nsslapd-pluginType: preoperation +nsslapd-pluginEnabled: on +nsslapd-pluginarg0: krbCanonicalName +nsslapd-pluginarg1: $SUFFIX +nsslapd-plugin-depends-on-type: database +nsslapd-pluginId: NSUniqueAttr +nsslapd-pluginVersion: 1.1.0 +nsslapd-pluginVendor: Fedora Project +nsslapd-pluginDescription: Enforce unique attribute values + dn: cn=netgroup uniqueness,cn=plugins,cn=config changetype: add objectClass: top -- 1.6.6.1 From jderose at redhat.com Fri Feb 5 16:11:43 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 05 Feb 2010 09:11:43 -0700 Subject: [Freeipa-devel] FYI: python-wehjit and python-assets in Fedora 11 Message-ID: <1265386303.2655.1.camel@jgd-dsk> python-wehjit 0.2.0 and python-assets 0.1.1 have landed in Fedora 11. From rcritten at redhat.com Fri Feb 5 19:32:10 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 05 Feb 2010 14:32:10 -0500 Subject: [Freeipa-devel] [PATCH] jderose 039 Add support for the 'no_create', 'no_update', and 'no_search' Param flags In-Reply-To: <1265304882.6813.47.camel@jgd-dsk> References: <1265304882.6813.47.camel@jgd-dsk> Message-ID: <4B6C723A.1020607@redhat.com> Jason Gerard DeRose wrote: > This feature will help restore some missing CLI functionality. It's > also a step toward making sure all our attribute metadata is plugable > with a per-attribute granularity. > > See the new module docstring in ipalib/crud.py for details. > ack, pushed to master. rob From ssorce at redhat.com Fri Feb 5 20:21:51 2010 From: ssorce at redhat.com (Simo Sorce) Date: Fri, 5 Feb 2010 15:21:51 -0500 Subject: [Freeipa-devel] [PATCH] more basic stuff for krbCanonicalName In-Reply-To: <20100204230117.GD502@redhat.com> References: <20100204230117.GD502@redhat.com> Message-ID: <20100205152152.25316c24@willson.li.ssimo.org> On Thu, 4 Feb 2010 18:01:17 -0500 Nalin Dahyabhai wrote: > Just like the krbPrincipalName attribute, we want to let the KDC read > the krbCanonicalName, if it's set, and we want it to be unique as > well. > > Nalin > > [0001-allow-the-KDC-to-read-krbCanonicalName.patch text/plain (4679 > bytes)] > > [0002-also-ensure-that-krbCanonicalName-is-unique.patch text/plain > (1399 bytes)] ACK to both. Simo. -- Simo Sorce * Red Hat, Inc * New York From rcritten at redhat.com Fri Feb 5 20:34:40 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 05 Feb 2010 15:34:40 -0500 Subject: [Freeipa-devel] [PATCH] more basic stuff for krbCanonicalName In-Reply-To: <20100205152152.25316c24@willson.li.ssimo.org> References: <20100204230117.GD502@redhat.com> <20100205152152.25316c24@willson.li.ssimo.org> Message-ID: <4B6C80E0.7050306@redhat.com> Simo Sorce wrote: > On Thu, 4 Feb 2010 18:01:17 -0500 > Nalin Dahyabhai wrote: > >> Just like the krbPrincipalName attribute, we want to let the KDC read >> the krbCanonicalName, if it's set, and we want it to be unique as >> well. >> >> Nalin >> >> [0001-allow-the-KDC-to-read-krbCanonicalName.patch text/plain (4679 >> bytes)] >> >> [0002-also-ensure-that-krbCanonicalName-is-unique.patch text/plain >> (1399 bytes)] > > ACK to both. > > Simo. > pushed to master From jderose at redhat.com Mon Feb 8 12:42:52 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 08 Feb 2010 05:42:52 -0700 Subject: [Freeipa-devel] [PATCH] jderose 040 Message-ID: <1265632972.2715.7.camel@jgd-dsk> This is (knock on wood) a low risk change that adds an Object.label attribute that is exposed through the webUI, cleans up some UI funkiness. I was accidentally making post-alpha changes in the same branch as my error and other string cleanups, which is taking me a bit to sort out, so this is the last patch from me till after the alpha. -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-040-Object_label-in-webUI.patch Type: text/x-patch Size: 10944 bytes Desc: not available URL: From jderose at redhat.com Mon Feb 8 13:44:59 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 08 Feb 2010 06:44:59 -0700 Subject: [Freeipa-devel] [PATCH] jderose 041 Fix logging Message-ID: <1265636699.2715.26.camel@jgd-dsk> I lied one, more. Rob, I see you changed how the log level on the root logger is set in API.bootstrap()... unfortunately, under the server and CLI, the result is that the root logger always stays at its default level of logging.WARNING, so none of our info() nor debug() messages are going into the server log nor out to stderr (even with --debug). My solution is to unconditionally set the root logger to logging.DEBUG, the most verbose we use, and then configure the levels on individual handlers as appropriate (which we already do). Rob, I know you make this change because of problems with logging from the installer, so can you see if still works the way you want it to with this patch? By the way, are you setting up your own logging handler in the installer, or using the ones configured in API.bootstrap()? Anyway, we really shouldn't release our alpha with broken logging. Not nice to our brave and helpful testers. ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-041-Fix-logging.patch Type: text/x-patch Size: 1195 bytes Desc: not available URL: From jdennis at redhat.com Mon Feb 8 15:40:20 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 08 Feb 2010 10:40:20 -0500 Subject: [Freeipa-devel] [PATCH] 368 remove some duplicate code In-Reply-To: <4B68F3EA.6070300@redhat.com> References: <4B68F3EA.6070300@redhat.com> Message-ID: <4B703064.70105@redhat.com> On 02/02/2010 10:56 PM, Rob Crittenden wrote: > Move the dogtag HTTP and HTTPS request functions to a common library to > remove duplication. > > I'm next planning on moving the XML parsing code into ipapython/dogtag > because that is needed by the installer as well to identify errors. This > is going to be quite a bit messier I think. There are a couple of minor things which need cleaning up. The new functions https_request and http_request are not general request mechanisms because the request type is hardcoded to POST and the headers are hardcoded as well. We need to either change the names to https_post and http_post -or- add parameters specifying the request type and headers. POST is specialized enough and called often enough I think the first option is best, just rename the function to what it actually is, a post request. The logging statements still refer to the old function names, they should be updated to match the name of the function. If all you do is just edit the names I don't think you need to repost the patch, I'll ACK it now. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From rcritten at redhat.com Mon Feb 8 16:02:20 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 08 Feb 2010 11:02:20 -0500 Subject: [Freeipa-devel] [PATCH] jderose 041 Fix logging In-Reply-To: <1265636699.2715.26.camel@jgd-dsk> References: <1265636699.2715.26.camel@jgd-dsk> Message-ID: <4B70358C.5030508@redhat.com> Jason Gerard DeRose wrote: > I lied one, more. > > Rob, I see you changed how the log level on the root logger is set in > API.bootstrap()... unfortunately, under the server and CLI, the result > is that the root logger always stays at its default level of > logging.WARNING, so none of our info() nor debug() messages are going > into the server log nor out to stderr (even with --debug). Hmm, I must've misread the logging code. I was sure it defaulted to NOTSET. > > My solution is to unconditionally set the root logger to logging.DEBUG, > the most verbose we use, and then configure the levels on individual > handlers as appropriate (which we already do). > > Rob, I know you make this change because of problems with logging from > the installer, so can you see if still works the way you want it to with > this patch? By the way, are you setting up your own logging handler in > the installer, or using the ones configured in API.bootstrap()? Yes, we set up a file logger. I wonder if there is a better way to detect if there is a root logger configured so we can avoid twiddling with the log level in api.bootstrap(). > > Anyway, we really shouldn't release our alpha with broken logging. Not > nice to our brave and helpful testers. ;) Yup. I'll give it a test but I'm not sure forcing DEBUG is going to be the best way to deal with this. rob From rcritten at redhat.com Mon Feb 8 16:03:15 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 08 Feb 2010 11:03:15 -0500 Subject: [Freeipa-devel] [PATCH] 368 remove some duplicate code In-Reply-To: <4B703064.70105@redhat.com> References: <4B68F3EA.6070300@redhat.com> <4B703064.70105@redhat.com> Message-ID: <4B7035C3.6050007@redhat.com> John Dennis wrote: > On 02/02/2010 10:56 PM, Rob Crittenden wrote: >> Move the dogtag HTTP and HTTPS request functions to a common library to >> remove duplication. >> >> I'm next planning on moving the XML parsing code into ipapython/dogtag >> because that is needed by the installer as well to identify errors. This >> is going to be quite a bit messier I think. > > There are a couple of minor things which need cleaning up. > > The new functions https_request and http_request are not general request > mechanisms because the request type is hardcoded to POST and the headers > are hardcoded as well. We need to either change the names to https_post > and http_post -or- add parameters specifying the request type and > headers. POST is specialized enough and called often enough I think the > first option is best, just rename the function to what it actually is, a > post request. > > The logging statements still refer to the old function names, they > should be updated to match the name of the function. > > If all you do is just edit the names I don't think you need to repost > the patch, I'll ACK it now. > Yeah, I had the same thoughts on the naming. I decided to go with them since the context is within dogtag and not a general HTTP/S client. I'm ok with renaming them again for clarity/maintainability. rob From rcritten at redhat.com Mon Feb 8 16:38:40 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 08 Feb 2010 11:38:40 -0500 Subject: [Freeipa-devel] [PATCH] jderose 041 Fix logging In-Reply-To: <1265636699.2715.26.camel@jgd-dsk> References: <1265636699.2715.26.camel@jgd-dsk> Message-ID: <4B703E10.2070304@redhat.com> Jason Gerard DeRose wrote: > I lied one, more. > > Rob, I see you changed how the log level on the root logger is set in > API.bootstrap()... unfortunately, under the server and CLI, the result > is that the root logger always stays at its default level of > logging.WARNING, so none of our info() nor debug() messages are going > into the server log nor out to stderr (even with --debug). > > My solution is to unconditionally set the root logger to logging.DEBUG, > the most verbose we use, and then configure the levels on individual > handlers as appropriate (which we already do). > > Rob, I know you make this change because of problems with logging from > the installer, so can you see if still works the way you want it to with > this patch? By the way, are you setting up your own logging handler in > the installer, or using the ones configured in API.bootstrap()? > > Anyway, we really shouldn't release our alpha with broken logging. Not > nice to our brave and helpful testers. ;) Jason, I think we can instead test for len(log.handlers) == 0 to determine if we have already configured a file handler for it. Can you confirm this? So if there are no handlers configured we set the log level, otherwise we skip it. rob From jderose at redhat.com Mon Feb 8 19:51:17 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 08 Feb 2010 12:51:17 -0700 Subject: [Freeipa-devel] [PATCH] jderose 041 Fix logging In-Reply-To: <4B703E10.2070304@redhat.com> References: <1265636699.2715.26.camel@jgd-dsk> <4B703E10.2070304@redhat.com> Message-ID: <1265658677.11794.27.camel@jgd-dsk> On Mon, 2010-02-08 at 11:38 -0500, Rob Crittenden wrote: > Jason Gerard DeRose wrote: > > I lied one, more. > > > > Rob, I see you changed how the log level on the root logger is set in > > API.bootstrap()... unfortunately, under the server and CLI, the result > > is that the root logger always stays at its default level of > > logging.WARNING, so none of our info() nor debug() messages are going > > into the server log nor out to stderr (even with --debug). > > > > My solution is to unconditionally set the root logger to logging.DEBUG, > > the most verbose we use, and then configure the levels on individual > > handlers as appropriate (which we already do). > > > > Rob, I know you make this change because of problems with logging from > > the installer, so can you see if still works the way you want it to with > > this patch? By the way, are you setting up your own logging handler in > > the installer, or using the ones configured in API.bootstrap()? > > > > Anyway, we really shouldn't release our alpha with broken logging. Not > > nice to our brave and helpful testers. ;) > > Jason, I think we can instead test for len(log.handlers) == 0 to > determine if we have already configured a file handler for it. Can you > confirm this? So if there are no handlers configured we set the log > level, otherwise we skip it. > > rob The logging levels range in numeric value from 0 (NOTSET) to 50 (CRITICAL). Setting the the root logger to log level DEBUG (10) doesn't actually change the effective level (in our case) because the effective level at a given handler is max(logger.level, handler.level). API.bootstrap() by default sets the stderr handler to WARNING (30) and the file handler to INFO (20). --verbose sets the stderr handler to INFO. --debug sets both the stderr and file handlers to DEBUG (10). Anyway, would it be possible to have the installer use the same file handler that API.bootstrap() sets up? You can change what log file is used like this: api.env.log = '/the/installer/log.txt' api.bootstrap() api.finalize() Would that work? I'm open to tweaking API.bootstrap() as needed so we can have a uniform logging setup. From mnagy at redhat.com Mon Feb 8 20:21:40 2010 From: mnagy at redhat.com (Martin Nagy) Date: Mon, 08 Feb 2010 21:21:40 +0100 Subject: [Freeipa-devel] [PATCHES] Add ipa-dns-install In-Reply-To: <4B58D718.6000502@redhat.com> References: <1264016193.3535.9.camel@wolverine.englab.brq.redhat.com> <4B58CCA5.3000603@redhat.com> <4B58D718.6000502@redhat.com> Message-ID: <1265660500.5345.2.camel@wolverine.englab.brq.redhat.com> On Thu, 2010-01-21 at 17:37 -0500, Rob Crittenden wrote: > Rob Crittenden wrote: > > Martin Nagy wrote: > >> Hi, > >> with these patches, the user will be able to install DNS additionally, > >> after ipa-server-install. No --uninstall yet, however. I do have it in > >> my tree, but it causes a lot of problems. Hopefully, I'll manage to > >> solve them later. Thanks. > >> > >> Martin > >> > > > > Nack, it isn't working for me: > > > > # ipa-dns-install > > > > The log file for this installation can be found in > > /var/log/ipaserver-install.log > > ============================================================================== > > > > This program will setup DNS for the FreeIPA Server. > > > > This includes: > > * Configure DNS (bind) > > > > To accept the default shown in brackets, press the Enter key. > > > > Existing BIND configuration detected, overwrite? [no]: y > > Enter IP address for a DNS forwarder (empty to stop): > > No DNS forwarders configured > > Directory Manager password: > > > > The following operations may take some minutes to complete. > > Please wait until the prompt is returned. > > > > Unexpected error - see ipaserver-install.log for details: > > {'info': 'Unauthenticated binds are not allowed', 'desc': 'Server is > > unwilling to perform'} > > > > There is nothing in the install log, 389 access log had: > > > > [21/Jan/2010:16:50:37 -0500] conn=22 fd=70 slot=70 connection from > > localhost to localhost > > [21/Jan/2010:16:50:37 -0500] conn=22 op=0 BIND dn="cn=Directory Manager" > > method=128 version=3 > > [21/Jan/2010:16:50:37 -0500] conn=22 op=0 RESULT err=53 tag=97 > > nentries=0 etime=0 > > [21/Jan/2010:16:50:37 -0500] conn=22 op=1 UNBIND > > [21/Jan/2010:16:50:37 -0500] conn=22 op=1 fd=70 closed - U1 > > > > It also throws an exception if you press ^C at the prompts. > > > > rob > > I had a discussion with Martin in irc about this. The patch actually > does work it just doesn't handle the case where you don't get a DM > password. I'm still nacking this particular patch due to this but the > first two patches are fine, so ack for those and I'm pushing them to master. > > rob New patch with fixed script. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-ipa-dns-install-script.patch Type: text/x-patch Size: 8294 bytes Desc: not available URL: From mnagy at redhat.com Mon Feb 8 20:24:07 2010 From: mnagy at redhat.com (Martin Nagy) Date: Mon, 08 Feb 2010 21:24:07 +0100 Subject: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare In-Reply-To: <4B59C492.8050801@redhat.com> References: <1264025502.3535.14.camel@wolverine.englab.brq.redhat.com> <4B59C492.8050801@redhat.com> Message-ID: <1265660647.5345.3.camel@wolverine.englab.brq.redhat.com> On Fri, 2010-01-22 at 10:30 -0500, Rob Crittenden wrote: > Martin Nagy wrote: > > Hi, > > these patches will allow one to specify an ip address of the replica to > > ipa-replica-prepare. The dns records will then be added. This should > > make life better for QA :) > > > > Martin > > nack, it shouldn't allow the option if DNS is not configured, or at > least it shouldn't blow up: > > # ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com > Directory Manager (existing master) password: > > Preparing replica for replica4.example.com from luna.example.com > Creating SSL certificate for the Directory Server > Creating SSL certificate for the Web Server > Exporting RA certificate > Copying additional files > Finalizing configuration > Packaging replica information into > /var/lib/ipa/replica-info-replica4.example.com.gpg > Adding DNS records for replica4.example.com > preparation of replica failed: no such entry > no such entry > File "/usr/sbin/ipa-replica-prepare", line 338, in > main() > > File "/usr/sbin/ipa-replica-prepare", line 329, in main > zone = add_zone(domain) > > File > "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", > line 73, in add_zone > idnsupdatepolicy=unicode(update_policy)) > > File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412, > in __call__ > ret = self.run(*args, **options) > > File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680, > in run > return self.execute(*args, **options) > > File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line > 203, in execute > ldap.add_entry(dn, entry_attrs) > > File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, > in new_f > return f(*new_args, **kwargs) > > File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", > line 334, in add_entry > _handle_errors(e, **{}) > > File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", > line 71, in _handle_errors > raise errors.NotFound(reason='no such entry') > > rob Thanks, new patches attached. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Get-rid-of-ipapython.config-in-ipa-replica-prepare.patch Type: text/x-patch Size: 12701 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Add-A-and-PTR-records-during-ipa-replica-prepare.patch Type: text/x-patch Size: 3369 bytes Desc: not available URL: From mnagy at redhat.com Mon Feb 8 20:31:43 2010 From: mnagy at redhat.com (Martin Nagy) Date: Mon, 08 Feb 2010 21:31:43 +0100 Subject: [Freeipa-devel] [PATCH] Make the DNS forwarders interactive input less confusing Message-ID: <1265661103.5345.10.camel@wolverine.englab.brq.redhat.com> Here's the simple patch for #558984. Specifically, with this patch, ipa-server-install/ipa-dns-install will ask you this: Do you wish to configure DNS forwarders? If you say yes, you will also see: Please enter the IP addresses of DNS forwarders that you want to use. After you are done, enter a blank line to stop. And the rest is the same, except it doesn't say "(empty to stop)" at the end of the prompt as it used to. David, Jenny, do you think this is good enough? I can change it easily if there are any objections/ideas. Patch attached. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Make-the-DNS-forwarders-interactive-input-less-confu.patch Type: text/x-patch Size: 1906 bytes Desc: not available URL: From jderose at redhat.com Tue Feb 9 10:24:59 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Tue, 09 Feb 2010 03:24:59 -0700 Subject: [Freeipa-devel] [PATCH] 361 fix cert tests In-Reply-To: <4B61FF25.2070507@redhat.com> References: <4B61FF25.2070507@redhat.com> Message-ID: <1265711099.14671.0.camel@jgd-dsk> On Thu, 2010-01-28 at 16:18 -0500, Rob Crittenden wrote: > This fixes some problems with the cert plugin tests. > > - It checks to see if a self-signed CA is available in ~/.ipa/alias. If > not the tests are skipped > - Be a bit smarter about cleaning up by moving it to a separate test > - This relies on patch the service fix in 360. Some binary certs were > being decoded as base64 resulting in an unparsable cert for the ASN.1 > parser. > > I also added a bit of documentation on how to set up the self-signed CA. > It is a one-time thing. > > rob ack. pushed to master. From jderose at redhat.com Tue Feb 9 10:55:40 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Tue, 09 Feb 2010 03:55:40 -0700 Subject: [Freeipa-devel] [PATCH] 368 remove some duplicate code In-Reply-To: <4B7035C3.6050007@redhat.com> References: <4B68F3EA.6070300@redhat.com> <4B703064.70105@redhat.com> <4B7035C3.6050007@redhat.com> Message-ID: <1265712940.14671.2.camel@jgd-dsk> On Mon, 2010-02-08 at 11:03 -0500, Rob Crittenden wrote: > John Dennis wrote: > > On 02/02/2010 10:56 PM, Rob Crittenden wrote: > >> Move the dogtag HTTP and HTTPS request functions to a common library to > >> remove duplication. > >> > >> I'm next planning on moving the XML parsing code into ipapython/dogtag > >> because that is needed by the installer as well to identify errors. This > >> is going to be quite a bit messier I think. > > > > There are a couple of minor things which need cleaning up. > > > > The new functions https_request and http_request are not general request > > mechanisms because the request type is hardcoded to POST and the headers > > are hardcoded as well. We need to either change the names to https_post > > and http_post -or- add parameters specifying the request type and > > headers. POST is specialized enough and called often enough I think the > > first option is best, just rename the function to what it actually is, a > > post request. > > > > The logging statements still refer to the old function names, they > > should be updated to match the name of the function. > > > > If all you do is just edit the names I don't think you need to repost > > the patch, I'll ACK it now. > > > > Yeah, I had the same thoughts on the naming. I decided to go with them > since the context is within dogtag and not a general HTTP/S client. I'm > ok with renaming them again for clarity/maintainability. > > rob ack. pushed to master. We can rename these functions for greater clarity in a subsequent patch, but in the mean time we should move forward with this code consolidation. From jderose at redhat.com Tue Feb 9 11:08:30 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Tue, 09 Feb 2010 04:08:30 -0700 Subject: [Freeipa-devel] [PATCH] 371 add status to ipactl In-Reply-To: <4B69EBA0.7030900@redhat.com> References: <4B69EBA0.7030900@redhat.com> Message-ID: <1265713710.14671.3.camel@jgd-dsk> On Wed, 2010-02-03 at 16:33 -0500, Rob Crittenden wrote: > We had an RFE for adding status to ipactl, seemed like low-hanging fruit > (bug 503437) > > rob ack. pushed to master. From jderose at redhat.com Tue Feb 9 12:00:20 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Tue, 09 Feb 2010 05:00:20 -0700 Subject: [Freeipa-devel] [PATCH] jderose 041 Fix logging In-Reply-To: <4B703E10.2070304@redhat.com> References: <1265636699.2715.26.camel@jgd-dsk> <4B703E10.2070304@redhat.com> Message-ID: <1265716821.14671.10.camel@jgd-dsk> On Mon, 2010-02-08 at 11:38 -0500, Rob Crittenden wrote: > Jason Gerard DeRose wrote: > > I lied one, more. > > > > Rob, I see you changed how the log level on the root logger is set in > > API.bootstrap()... unfortunately, under the server and CLI, the result > > is that the root logger always stays at its default level of > > logging.WARNING, so none of our info() nor debug() messages are going > > into the server log nor out to stderr (even with --debug). > > > > My solution is to unconditionally set the root logger to logging.DEBUG, > > the most verbose we use, and then configure the levels on individual > > handlers as appropriate (which we already do). > > > > Rob, I know you make this change because of problems with logging from > > the installer, so can you see if still works the way you want it to with > > this patch? By the way, are you setting up your own logging handler in > > the installer, or using the ones configured in API.bootstrap()? > > > > Anyway, we really shouldn't release our alpha with broken logging. Not > > nice to our brave and helpful testers. ;) > > Jason, I think we can instead test for len(log.handlers) == 0 to > determine if we have already configured a file handler for it. Can you > confirm this? So if there are no handlers configured we set the log > level, otherwise we skip it. > > rob Yep, that fixes it. Updated patch attached (replaces my original 041 patch). -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-041.2-Fix-logging.patch Type: text/x-patch Size: 1217 bytes Desc: not available URL: From pzuna at redhat.com Tue Feb 9 14:01:48 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Tue, 09 Feb 2010 15:01:48 +0100 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality Message-ID: <4B716ACC.6040602@redhat.com> I compiled 3 patches, that effectively bring back all the functionality we had before Jasons big patch (i.e. before introducing output validation and the common output interface). --all and --raw are back, but this time as global options replacing DNs with primary keys is back clever attribute printing (word-wrapping etc.) is back too To implement --all and --raw as global options, we had to find a way to propagate additional information (apart from command name and parameters) from client to server. We extended the XML-RPC signature from: (arg0, arg1, ..., options) to: (args, options, extras) The extras dict is currently only filled with the 'print_all_attrs' and 'print_raw_attrs' settings when forwarding a call. The server saves the extras dict into the thread specific context variable. I also replaced the decoding table in Encoder, because it didn't really work as expected in special cases. It now uses a dont-decode function. In the case of ldap2, this function checks attribute type OIDs and returns False for binary types. This patch introduces a little problem with the env command, because it fixes a bug/feature, that made it work before. Before outputting an attribute, we check if it isn't of type str. If it is, we assume it is binary and decode it. All values in Env are str. I propose we either write a specific output_for_cli for the env command or think about switching from str to unicode. I tried the later and it didn't cause any problems so far. How it's supposed to work: # ./ipa user-show admin User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash # ./ipa --all user-show admin dn: uid=admin,cn=users,cn=accounts,dc=pzuna User login: admin Last name: Administrator Full name: Administrator Home directory: /home/admin GECOS field: Administrator Login shell: /bin/bash Kerberos principal: admin at PZUNA UID: 1083719807 GID: 1083719807 Last password change date: 20100208132706Z Password expiration date: 20100509132706Z Member of groups: admins objectclass: top, person, posixaccount, krbprincipalaux, krbticketpolicyaux, inetuser # ./ipa --raw user-show admin uid: admin sn: Administrator homedirectory: /home/admin loginshell: /bin/bash # ./ipa --all --raw user-show admin dn: uid=admin,cn=users,cn=accounts,dc=pzuna uid: admin sn: Administrator cn: Administrator homedirectory: /home/admin gecos: Administrator loginshell: /bin/bash krbprincipalname: admin at PZUNA uidnumber: 1083719807 gidnumber: 1083719807 krblastpwdchange: 20100208132706Z krbpasswordexpiration: 20100509132706Z memberof: cn=admins,cn=groups,cn=accounts,dc=pzuna objectclass: top objectclass: person objectclass: posixaccount objectclass: krbprincipalaux objectclass: krbticketpolicyaux objectclass: inetuser Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-all-and-raw-global-options.patch Type: application/mbox Size: 8429 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Change-XML-RPC-call-signature-to-args-options-extras.patch Type: application/mbox Size: 13410 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0003-Replace-decoding-table-in-Encoder-with-dont-decode-f.patch Type: application/mbox Size: 4642 bytes Desc: not available URL: From pzuna at redhat.com Tue Feb 9 14:04:36 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Tue, 09 Feb 2010 15:04:36 +0100 Subject: [Freeipa-devel] [PATCH] Complete the list of user attributes. Message-ID: <4B716B74.2000308@redhat.com> This patch completes the list of attributes in the user plugin. It uses Jason's no_create,no_update,no_search flags. I mainly did this to test the "Bring back old outputting functionality" series of patches I posted earlier, but we need to do this for all plugins anyway. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0004-Complete-the-list-of-user-attributes.patch Type: application/mbox Size: 2270 bytes Desc: not available URL: From jdennis at redhat.com Tue Feb 9 18:27:44 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 09 Feb 2010 13:27:44 -0500 Subject: [Freeipa-devel] [PATCH] add i18n translation support Message-ID: <4B71A920.80307@redhat.com> This patch is a rework of the "add l10n support" sent on 1/30/2010. It is virtually identical except no initial languages are defined (install/po/LINGUAS is empty) and it contains an initial .pot file. This should set us up to flip the switch on transifex.net to start our translations. Comments from the original patch follow. Rob did apply that patch and everything worked for him (but he wanted to delay creation of the .po files which this rework accomplishes). The primary patch has two major changes: * modification of our existing build mechanism * a new directory install/po which contains the l10n framework and translation catalogs. The first major change to the build mechanism was replacing the autogen.sh script. I had discovered it was buggy, in particular it's logic for comparing the version of tools was flawed (used just string comparison so it thought version 7 of a tool was newer than version 11). Also there didn't seem to be a reason for this script since the autoregen tool is the preferred mechanism to bootstrap an autotools build. Older OS's do not have autoregen but We only need to bootstrap when we generate a distribution which can always be done on a current Fedora system. The second part of the changes to the build mechanism were the necessary modifications to build the l10n components. * edit Makefile.am to add the new subdir to descent into * Add new files to generate to configure.ac * Add new macros to configure.ac to find the gettext tools and set the message catalog name. * Edit the spec file to add a build dependency on gettext and add the translation files. Then add the l10n framework in install/po. There is a README there you might want to peruse. The initial set of languages we'll provide translations for is in the install/po/LINGUAS file. The set of files to scan for translatable strings is in install/po/Makefile.in, we'll need to manually update this file when we add or remove source files containing translatable strings. We provide one message catalog for all strings in IPA. Message catalogs are referred to as "domains". This means we have just one domain for IPA and it's installed under the name "ipa". The message catalogs are not partitioned by rpm component. The message catalogs are provided in the ipapython rpm which all other rpms depend on. Please note, there is now a build dependency on gettext, most you should already have this package installed. This patch does alter the way the build runs and it's possible it might introduce a build failure. I have tested builds in clean trees on F12 and did not have any problems. I wanted to do a scratch build for Fedora just to bullet proof but I couldn't figure out how to do it. I'll of course fix any build issue which might arise that I didn't catch earlier. Jason and I did discuss adding a "test" language to test translations in our test framework. This patch does not include that, it will follow. John -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-support-for-building-internationalized-translati.patch Type: text/x-patch Size: 38914 bytes Desc: not available URL: From rcritten at redhat.com Tue Feb 9 20:09:19 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 09 Feb 2010 15:09:19 -0500 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality In-Reply-To: <4B716ACC.6040602@redhat.com> References: <4B716ACC.6040602@redhat.com> Message-ID: <4B71C0EF.3040201@redhat.com> Pavel Zuna wrote: > I compiled 3 patches, that effectively bring back all the functionality > we had before Jasons big patch (i.e. before introducing output > validation and the common output interface). > > --all and --raw are back, but this time as global options > replacing DNs with primary keys is back > clever attribute printing (word-wrapping etc.) is back too > > To implement --all and --raw as global options, we had to find a way to > propagate additional information (apart from command name and > parameters) from client to server. We extended the XML-RPC signature from: > > (arg0, arg1, ..., options) > > to: > > (args, options, extras) > > The extras dict is currently only filled with the 'print_all_attrs' and > 'print_raw_attrs' settings when forwarding a call. The server saves the > extras dict into the thread specific context variable. > > I also replaced the decoding table in Encoder, because it didn't really > work as expected in special cases. It now uses a dont-decode function. > In the case of ldap2, this function checks attribute type OIDs and > returns False for binary types. > > This patch introduces a little problem with the env command, because it > fixes a bug/feature, that made it work before. Before outputting an > attribute, we check if it isn't of type str. If it is, we assume it is > binary and decode it. All values in Env are str. I propose we either > write a specific output_for_cli for the env command or think about > switching from str to unicode. I tried the later and it didn't cause any > problems so far. > > How it's supposed to work: > > # ./ipa user-show admin > User login: admin > Last name: Administrator > Home directory: /home/admin > Login shell: /bin/bash > > # ./ipa --all user-show admin > dn: uid=admin,cn=users,cn=accounts,dc=pzuna > User login: admin > Last name: Administrator > Full name: Administrator > Home directory: /home/admin > GECOS field: Administrator > Login shell: /bin/bash > Kerberos principal: admin at PZUNA > UID: 1083719807 > GID: 1083719807 > Last password change date: 20100208132706Z > Password expiration date: 20100509132706Z > Member of groups: admins > objectclass: top, person, posixaccount, krbprincipalaux, > krbticketpolicyaux, inetuser > > # ./ipa --raw user-show admin > uid: admin > sn: Administrator > homedirectory: /home/admin > loginshell: /bin/bash > > # ./ipa --all --raw user-show admin > dn: uid=admin,cn=users,cn=accounts,dc=pzuna > uid: admin > sn: Administrator > cn: Administrator > homedirectory: /home/admin > gecos: Administrator > loginshell: /bin/bash > krbprincipalname: admin at PZUNA > uidnumber: 1083719807 > gidnumber: 1083719807 > krblastpwdchange: 20100208132706Z > krbpasswordexpiration: 20100509132706Z > memberof: cn=admins,cn=groups,cn=accounts,dc=pzuna > objectclass: top > objectclass: person > objectclass: posixaccount > objectclass: krbprincipalaux > objectclass: krbticketpolicyaux > objectclass: inetuser > > Pavel Generally looks ok, have some questions though: - We currently rely on the fact that binary objects are encoded as python str, it's how we determine what to base64-encode. What mechanism will we have to do that now? - Is print_* the right prefix for these new global variables? It affects more than just printing in the case of all because it returns everything over XML-RPC as well. - Is there/should there be a way for a plugin to define its own extras? And not to be too pedantic but is extras the best description for these values? Not that I have any suggestions for an improvement :-( Perhaps global_options? - Why are you removing get_options() from LDAPSearch()? It doesn't look like this is going to conflict too much with the parallel work I've done in regard to including member/memberof in return values, nor in the output work I've done. So you don't need to work on the individual plugins at all, I've got that ready in my tree though I'm going to hold onto it until we can get these patches committed. rob From rcritten at redhat.com Tue Feb 9 20:45:49 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 09 Feb 2010 15:45:49 -0500 Subject: [Freeipa-devel] [PATCHES] Add ipa-dns-install In-Reply-To: <1265660500.5345.2.camel@wolverine.englab.brq.redhat.com> References: <1264016193.3535.9.camel@wolverine.englab.brq.redhat.com> <4B58CCA5.3000603@redhat.com> <4B58D718.6000502@redhat.com> <1265660500.5345.2.camel@wolverine.englab.brq.redhat.com> Message-ID: <4B71C97D.3080008@redhat.com> Martin Nagy wrote: > On Thu, 2010-01-21 at 17:37 -0500, Rob Crittenden wrote: >> Rob Crittenden wrote: >>> Martin Nagy wrote: >>>> Hi, >>>> with these patches, the user will be able to install DNS additionally, >>>> after ipa-server-install. No --uninstall yet, however. I do have it in >>>> my tree, but it causes a lot of problems. Hopefully, I'll manage to >>>> solve them later. Thanks. >>>> >>>> Martin >>>> >>> Nack, it isn't working for me: >>> >>> # ipa-dns-install >>> >>> The log file for this installation can be found in >>> /var/log/ipaserver-install.log >>> ============================================================================== >>> >>> This program will setup DNS for the FreeIPA Server. >>> >>> This includes: >>> * Configure DNS (bind) >>> >>> To accept the default shown in brackets, press the Enter key. >>> >>> Existing BIND configuration detected, overwrite? [no]: y >>> Enter IP address for a DNS forwarder (empty to stop): >>> No DNS forwarders configured >>> Directory Manager password: >>> >>> The following operations may take some minutes to complete. >>> Please wait until the prompt is returned. >>> >>> Unexpected error - see ipaserver-install.log for details: >>> {'info': 'Unauthenticated binds are not allowed', 'desc': 'Server is >>> unwilling to perform'} >>> >>> There is nothing in the install log, 389 access log had: >>> >>> [21/Jan/2010:16:50:37 -0500] conn=22 fd=70 slot=70 connection from >>> localhost to localhost >>> [21/Jan/2010:16:50:37 -0500] conn=22 op=0 BIND dn="cn=Directory Manager" >>> method=128 version=3 >>> [21/Jan/2010:16:50:37 -0500] conn=22 op=0 RESULT err=53 tag=97 >>> nentries=0 etime=0 >>> [21/Jan/2010:16:50:37 -0500] conn=22 op=1 UNBIND >>> [21/Jan/2010:16:50:37 -0500] conn=22 op=1 fd=70 closed - U1 >>> >>> It also throws an exception if you press ^C at the prompts. >>> >>> rob >> I had a discussion with Martin in irc about this. The patch actually >> does work it just doesn't handle the case where you don't get a DM >> password. I'm still nacking this particular patch due to this but the >> first two patches are fine, so ack for those and I'm pushing them to master. >> >> rob > > New patch with fixed script. > > Martin > ack, pushed to master rob From rcritten at redhat.com Tue Feb 9 21:30:40 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 09 Feb 2010 16:30:40 -0500 Subject: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare In-Reply-To: <1265660647.5345.3.camel@wolverine.englab.brq.redhat.com> References: <1264025502.3535.14.camel@wolverine.englab.brq.redhat.com> <4B59C492.8050801@redhat.com> <1265660647.5345.3.camel@wolverine.englab.brq.redhat.com> Message-ID: <4B71D400.2050800@redhat.com> Martin Nagy wrote: > On Fri, 2010-01-22 at 10:30 -0500, Rob Crittenden wrote: >> Martin Nagy wrote: >>> Hi, >>> these patches will allow one to specify an ip address of the replica to >>> ipa-replica-prepare. The dns records will then be added. This should >>> make life better for QA :) >>> >>> Martin >> nack, it shouldn't allow the option if DNS is not configured, or at >> least it shouldn't blow up: >> >> # ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com >> Directory Manager (existing master) password: >> >> Preparing replica for replica4.example.com from luna.example.com >> Creating SSL certificate for the Directory Server >> Creating SSL certificate for the Web Server >> Exporting RA certificate >> Copying additional files >> Finalizing configuration >> Packaging replica information into >> /var/lib/ipa/replica-info-replica4.example.com.gpg >> Adding DNS records for replica4.example.com >> preparation of replica failed: no such entry >> no such entry >> File "/usr/sbin/ipa-replica-prepare", line 338, in >> main() >> >> File "/usr/sbin/ipa-replica-prepare", line 329, in main >> zone = add_zone(domain) >> >> File >> "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", >> line 73, in add_zone >> idnsupdatepolicy=unicode(update_policy)) >> >> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412, >> in __call__ >> ret = self.run(*args, **options) >> >> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680, >> in run >> return self.execute(*args, **options) >> >> File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line >> 203, in execute >> ldap.add_entry(dn, entry_attrs) >> >> File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, >> in new_f >> return f(*new_args, **kwargs) >> >> File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", >> line 334, in add_entry >> _handle_errors(e, **{}) >> >> File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", >> line 71, in _handle_errors >> raise errors.NotFound(reason='no such entry') >> >> rob > > Thanks, new patches attached. > > Martin > ack both, pushed to master From rcritten at redhat.com Tue Feb 9 21:36:44 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 09 Feb 2010 16:36:44 -0500 Subject: [Freeipa-devel] [PATCH] jderose 041 Fix logging In-Reply-To: <1265716821.14671.10.camel@jgd-dsk> References: <1265636699.2715.26.camel@jgd-dsk> <4B703E10.2070304@redhat.com> <1265716821.14671.10.camel@jgd-dsk> Message-ID: <4B71D56C.5010804@redhat.com> Jason Gerard DeRose wrote: > On Mon, 2010-02-08 at 11:38 -0500, Rob Crittenden wrote: >> Jason Gerard DeRose wrote: >>> I lied one, more. >>> >>> Rob, I see you changed how the log level on the root logger is set in >>> API.bootstrap()... unfortunately, under the server and CLI, the result >>> is that the root logger always stays at its default level of >>> logging.WARNING, so none of our info() nor debug() messages are going >>> into the server log nor out to stderr (even with --debug). >>> >>> My solution is to unconditionally set the root logger to logging.DEBUG, >>> the most verbose we use, and then configure the levels on individual >>> handlers as appropriate (which we already do). >>> >>> Rob, I know you make this change because of problems with logging from >>> the installer, so can you see if still works the way you want it to with >>> this patch? By the way, are you setting up your own logging handler in >>> the installer, or using the ones configured in API.bootstrap()? >>> >>> Anyway, we really shouldn't release our alpha with broken logging. Not >>> nice to our brave and helpful testers. ;) >> Jason, I think we can instead test for len(log.handlers) == 0 to >> determine if we have already configured a file handler for it. Can you >> confirm this? So if there are no handlers configured we set the log >> level, otherwise we skip it. >> >> rob > > Yep, that fixes it. Updated patch attached (replaces my original 041 > patch). > Works for me, ack, pushed to master rob From rcritten at redhat.com Tue Feb 9 22:25:49 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 09 Feb 2010 17:25:49 -0500 Subject: [Freeipa-devel] [PATCH] 375 selinux fix for CRLs Message-ID: <4B71E0ED.4070908@redhat.com> Fix an SELinux permissions problem when retrieving CRLs via Apache. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-375-selinux.patch Type: application/mbox Size: 1095 bytes Desc: not available URL: From rcritten at redhat.com Tue Feb 9 23:16:35 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 09 Feb 2010 18:16:35 -0500 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality In-Reply-To: <4B716ACC.6040602@redhat.com> References: <4B716ACC.6040602@redhat.com> Message-ID: <4B71ECD3.5080405@redhat.com> Pavel Zuna wrote: > I compiled 3 patches, that effectively bring back all the functionality > we had before Jasons big patch (i.e. before introducing output > validation and the common output interface). > > --all and --raw are back, but this time as global options > replacing DNs with primary keys is back > clever attribute printing (word-wrapping etc.) is back too > > To implement --all and --raw as global options, we had to find a way to > propagate additional information (apart from command name and > parameters) from client to server. We extended the XML-RPC signature from: > > (arg0, arg1, ..., options) > > to: > > (args, options, extras) > > The extras dict is currently only filled with the 'print_all_attrs' and > 'print_raw_attrs' settings when forwarding a call. The server saves the > extras dict into the thread specific context variable. > > I also replaced the decoding table in Encoder, because it didn't really > work as expected in special cases. It now uses a dont-decode function. > In the case of ldap2, this function checks attribute type OIDs and > returns False for binary types. > > This patch introduces a little problem with the env command, because it > fixes a bug/feature, that made it work before. Before outputting an > attribute, we check if it isn't of type str. If it is, we assume it is > binary and decode it. All values in Env are str. I propose we either > write a specific output_for_cli for the env command or think about > switching from str to unicode. I tried the later and it didn't cause any > problems so far. > > How it's supposed to work: > > # ./ipa user-show admin > User login: admin > Last name: Administrator > Home directory: /home/admin > Login shell: /bin/bash > > # ./ipa --all user-show admin > dn: uid=admin,cn=users,cn=accounts,dc=pzuna > User login: admin > Last name: Administrator > Full name: Administrator > Home directory: /home/admin > GECOS field: Administrator > Login shell: /bin/bash > Kerberos principal: admin at PZUNA > UID: 1083719807 > GID: 1083719807 > Last password change date: 20100208132706Z > Password expiration date: 20100509132706Z > Member of groups: admins > objectclass: top, person, posixaccount, krbprincipalaux, > krbticketpolicyaux, inetuser > > # ./ipa --raw user-show admin > uid: admin > sn: Administrator > homedirectory: /home/admin > loginshell: /bin/bash > > # ./ipa --all --raw user-show admin > dn: uid=admin,cn=users,cn=accounts,dc=pzuna > uid: admin > sn: Administrator > cn: Administrator > homedirectory: /home/admin > gecos: Administrator > loginshell: /bin/bash > krbprincipalname: admin at PZUNA > uidnumber: 1083719807 > gidnumber: 1083719807 > krblastpwdchange: 20100208132706Z > krbpasswordexpiration: 20100509132706Z > memberof: cn=admins,cn=groups,cn=accounts,dc=pzuna > objectclass: top > objectclass: person > objectclass: posixaccount > objectclass: krbprincipalaux > objectclass: krbticketpolicyaux > objectclass: inetuser > > Pavel Am I to assume that a plugin that wants to call api.Command['some_command'] will need to set the local context for all if it wants to return all values? How are we going to do --all for tests? Isn't the environment fixed once the API is initialized? rob From jdennis at redhat.com Wed Feb 10 01:43:53 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 09 Feb 2010 20:43:53 -0500 Subject: [Freeipa-devel] [PATCH] add a test locale to our i18n support, used for testing translations Message-ID: <4B720F59.60203@redhat.com> This patch adds testing support to our i18n translations. Read the file test_i18n.py to see how this is done. Makefile now supports a test_lang and test target "make test" creates the test language, installs it in under a temporary locale directory in the install/po subdir and then runs test_i18n.py. At some point in the future we need to add a real test for translations but that is dependent on Jason finishing the LazyText work. That test will follow the logic in test_i18n.py. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-i18n-test.patch Type: text/x-patch Size: 4902 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 10 03:08:01 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 09 Feb 2010 22:08:01 -0500 Subject: [Freeipa-devel] [PATCH] add i18n translation support In-Reply-To: <4B71A920.80307@redhat.com> References: <4B71A920.80307@redhat.com> Message-ID: <4B722311.3000709@redhat.com> John Dennis wrote: > This patch is a rework of the "add l10n support" sent on 1/30/2010. > It is virtually identical except no initial languages are defined > (install/po/LINGUAS is empty) and it contains an initial .pot file. This > should set us up to flip the switch on transifex.net to start our > translations. > > Comments from the original patch follow. Rob did apply that patch and > everything worked for him (but he wanted to delay creation of the .po > files which this rework accomplishes). > > The primary patch has two major changes: > > * modification of our existing build mechanism > > * a new directory install/po which contains the l10n framework and > translation catalogs. > > The first major change to the build mechanism was replacing the > autogen.sh script. I had discovered it was buggy, in particular it's > logic for comparing the version of tools was flawed (used just string > comparison so it thought version 7 of a tool was newer than version > 11). Also there didn't seem to be a reason for this script since the > autoregen tool is the preferred mechanism to bootstrap an autotools > build. Older OS's do not have autoregen but We only need to bootstrap > when we generate a distribution which can always be done on a current > Fedora system. > > The second part of the changes to the build mechanism were the > necessary modifications to build the l10n components. > > * edit Makefile.am to add the new subdir to descent into > > * Add new files to generate to configure.ac > > * Add new macros to configure.ac to find the gettext tools and set the > message catalog name. > > * Edit the spec file to add a build dependency on gettext and add the > translation files. > > Then add the l10n framework in install/po. There is a README there you > might want to peruse. The initial set of languages we'll provide > translations for is in the install/po/LINGUAS file. The set of files > to scan for translatable strings is in install/po/Makefile.in, we'll > need to manually update this file when we add or remove source files > containing translatable strings. > > We provide one message catalog for all strings in IPA. Message > catalogs are referred to as "domains". This means we have just one > domain for IPA and it's installed under the name "ipa". The message > catalogs are not partitioned by rpm component. The message catalogs > are provided in the ipapython rpm which all other rpms depend on. > > Please note, there is now a build dependency on gettext, most you > should already have this package installed. > > This patch does alter the way the build runs and it's possible it > might introduce a build failure. I have tested builds in clean trees > on F12 and did not have any problems. I wanted to do a scratch build > for Fedora just to bullet proof but I couldn't figure out how to do > it. I'll of course fix any build issue which might arise that I didn't > catch earlier. > > Jason and I did discuss adding a "test" language to test translations > in our test framework. This patch does not include that, it will follow. > > John Nice. Ack, pushed to master. rob From rcritten at redhat.com Wed Feb 10 04:04:24 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 09 Feb 2010 23:04:24 -0500 Subject: [Freeipa-devel] [PATCH[ 376 fix ipa-join segfault Message-ID: <4B723048.4010105@redhat.com> Make sure incoming data isn't NULL before trying to strdup() it. Bad things happen otherwise. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-376-client.patch Type: application/mbox Size: 875 bytes Desc: not available URL: From pzuna at redhat.com Wed Feb 10 10:53:39 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Wed, 10 Feb 2010 11:53:39 +0100 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality In-Reply-To: <4B71C0EF.3040201@redhat.com> References: <4B716ACC.6040602@redhat.com> <4B71C0EF.3040201@redhat.com> Message-ID: <4B729033.20308@redhat.com> Rob Crittenden wrote: > Pavel Zuna wrote: >> I compiled 3 patches, that effectively bring back all the >> functionality we had before Jasons big patch (i.e. before introducing >> output validation and the common output interface). >> >> --all and --raw are back, but this time as global options >> replacing DNs with primary keys is back >> clever attribute printing (word-wrapping etc.) is back too >> >> To implement --all and --raw as global options, we had to find a way >> to propagate additional information (apart from command name and >> parameters) from client to server. We extended the XML-RPC signature >> from: >> >> (arg0, arg1, ..., options) >> >> to: >> >> (args, options, extras) >> >> The extras dict is currently only filled with the 'print_all_attrs' >> and 'print_raw_attrs' settings when forwarding a call. The server >> saves the extras dict into the thread specific context variable. >> >> I also replaced the decoding table in Encoder, because it didn't >> really work as expected in special cases. It now uses a dont-decode >> function. In the case of ldap2, this function checks attribute type >> OIDs and returns False for binary types. >> >> This patch introduces a little problem with the env command, because >> it fixes a bug/feature, that made it work before. Before outputting an >> attribute, we check if it isn't of type str. If it is, we assume it is >> binary and decode it. All values in Env are str. I propose we either >> write a specific output_for_cli for the env command or think about >> switching from str to unicode. I tried the later and it didn't cause >> any problems so far. >> >> How it's supposed to work: >> >> # ./ipa user-show admin >> User login: admin >> Last name: Administrator >> Home directory: /home/admin >> Login shell: /bin/bash >> >> # ./ipa --all user-show admin >> dn: uid=admin,cn=users,cn=accounts,dc=pzuna >> User login: admin >> Last name: Administrator >> Full name: Administrator >> Home directory: /home/admin >> GECOS field: Administrator >> Login shell: /bin/bash >> Kerberos principal: admin at PZUNA >> UID: 1083719807 >> GID: 1083719807 >> Last password change date: 20100208132706Z >> Password expiration date: 20100509132706Z >> Member of groups: admins >> objectclass: top, person, posixaccount, krbprincipalaux, >> krbticketpolicyaux, inetuser >> >> # ./ipa --raw user-show admin >> uid: admin >> sn: Administrator >> homedirectory: /home/admin >> loginshell: /bin/bash >> >> # ./ipa --all --raw user-show admin >> dn: uid=admin,cn=users,cn=accounts,dc=pzuna >> uid: admin >> sn: Administrator >> cn: Administrator >> homedirectory: /home/admin >> gecos: Administrator >> loginshell: /bin/bash >> krbprincipalname: admin at PZUNA >> uidnumber: 1083719807 >> gidnumber: 1083719807 >> krblastpwdchange: 20100208132706Z >> krbpasswordexpiration: 20100509132706Z >> memberof: cn=admins,cn=groups,cn=accounts,dc=pzuna >> objectclass: top >> objectclass: person >> objectclass: posixaccount >> objectclass: krbprincipalaux >> objectclass: krbticketpolicyaux >> objectclass: inetuser >> >> Pavel > > Generally looks ok, have some questions though: > > - We currently rely on the fact that binary objects are encoded as > python str, it's how we determine what to base64-encode. What mechanism > will we have to do that now? I didn't (and I'm not planning to) make any changes in this matter. What I'm saying is that the Env object stores all strings as str and the env command uses the same output_for_cli as LDAP commands, that only use str for binary. So, we either need to override output_for_cli or switch to unicode in Env. > - Is print_* the right prefix for these new global variables? It affects > more than just printing in the case of all because it returns everything > over XML-RPC as well. You're right, maybe get_* or something similar would be better. I'm open to suggestions. > - Is there/should there be a way for a plugin to define its own extras? > And not to be too pedantic but is extras the best description for these > values? Not that I have any suggestions for an improvement :-( Perhaps > global_options? The extras dict is there to pass additional information, that is command independent. Commands probably shouldn't define their own. I say probably, because it is possible, that we're going to find out this is actually the best way to accomplish something. Extras might not be the best description, but we need something general, because it can contain pretty much anything and not just global options. > - Why are you removing get_options() from LDAPSearch()? Because it was only used to generate an option for the UUID attribute. Since Jason's no_create,no_update patch it isn't needed anymore, because we can just define an UUID param with these flags set. > It doesn't look like this is going to conflict too much with the > parallel work I've done in regard to including member/memberof in return > values, nor in the output work I've done. So you don't need to work on > the individual plugins at all, I've got that ready in my tree though I'm > going to hold onto it until we can get these patches committed. Cool, that's good to hear... er, I mean read. :) I was a bit worried, because on the meeting you sounded like you spent quite a bit of time working on it and having to deal with conflicts/merges/andwhatnot because of my work wouldn't be the most appropriate reward. :) > rob Pavel From pzuna at redhat.com Wed Feb 10 11:07:45 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Wed, 10 Feb 2010 12:07:45 +0100 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality In-Reply-To: <4B71ECD3.5080405@redhat.com> References: <4B716ACC.6040602@redhat.com> <4B71ECD3.5080405@redhat.com> Message-ID: <4B729381.30407@redhat.com> Rob Crittenden wrote: > Pavel Zuna wrote: >> I compiled 3 patches, that effectively bring back all the >> functionality we had before Jasons big patch (i.e. before introducing >> output validation and the common output interface). >> >> --all and --raw are back, but this time as global options >> replacing DNs with primary keys is back >> clever attribute printing (word-wrapping etc.) is back too >> >> To implement --all and --raw as global options, we had to find a way >> to propagate additional information (apart from command name and >> parameters) from client to server. We extended the XML-RPC signature >> from: >> >> (arg0, arg1, ..., options) >> >> to: >> >> (args, options, extras) >> >> The extras dict is currently only filled with the 'print_all_attrs' >> and 'print_raw_attrs' settings when forwarding a call. The server >> saves the extras dict into the thread specific context variable. >> >> I also replaced the decoding table in Encoder, because it didn't >> really work as expected in special cases. It now uses a dont-decode >> function. In the case of ldap2, this function checks attribute type >> OIDs and returns False for binary types. >> >> This patch introduces a little problem with the env command, because >> it fixes a bug/feature, that made it work before. Before outputting an >> attribute, we check if it isn't of type str. If it is, we assume it is >> binary and decode it. All values in Env are str. I propose we either >> write a specific output_for_cli for the env command or think about >> switching from str to unicode. I tried the later and it didn't cause >> any problems so far. >> >> How it's supposed to work: >> >> # ./ipa user-show admin >> User login: admin >> Last name: Administrator >> Home directory: /home/admin >> Login shell: /bin/bash >> >> # ./ipa --all user-show admin >> dn: uid=admin,cn=users,cn=accounts,dc=pzuna >> User login: admin >> Last name: Administrator >> Full name: Administrator >> Home directory: /home/admin >> GECOS field: Administrator >> Login shell: /bin/bash >> Kerberos principal: admin at PZUNA >> UID: 1083719807 >> GID: 1083719807 >> Last password change date: 20100208132706Z >> Password expiration date: 20100509132706Z >> Member of groups: admins >> objectclass: top, person, posixaccount, krbprincipalaux, >> krbticketpolicyaux, inetuser >> >> # ./ipa --raw user-show admin >> uid: admin >> sn: Administrator >> homedirectory: /home/admin >> loginshell: /bin/bash >> >> # ./ipa --all --raw user-show admin >> dn: uid=admin,cn=users,cn=accounts,dc=pzuna >> uid: admin >> sn: Administrator >> cn: Administrator >> homedirectory: /home/admin >> gecos: Administrator >> loginshell: /bin/bash >> krbprincipalname: admin at PZUNA >> uidnumber: 1083719807 >> gidnumber: 1083719807 >> krblastpwdchange: 20100208132706Z >> krbpasswordexpiration: 20100509132706Z >> memberof: cn=admins,cn=groups,cn=accounts,dc=pzuna >> objectclass: top >> objectclass: person >> objectclass: posixaccount >> objectclass: krbprincipalaux >> objectclass: krbticketpolicyaux >> objectclass: inetuser >> >> Pavel > > Am I to assume that a plugin that wants to call > api.Command['some_command'] will need to set the local context for all > if it wants to return all values? Well, yes. > How are we going to do --all for tests? Isn't the environment fixed once > the API is initialized? It is fixed, but we can use context in tests as well, right? I have to admit, that this is something I didn't think through when implementing --all and --raw as global options. Setting context to change the behavior of commands called internally isn't going to look very good. :( I'll think about this a little more and see if I can come up with a better solution. > rob Pavel From jdennis at redhat.com Wed Feb 10 14:39:13 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 10 Feb 2010 09:39:13 -0500 Subject: [Freeipa-devel] [PATCH] Pass target locale to msginit Message-ID: <4B72C511.20901@redhat.com> Pass target locale to msginit msginit should have been passed the locale because the resulting .po file is parameterized from the locale. Also, if the target locale is not specified it defaults to the current locale. If the target locale is English msgid's are copied to their msgstr's resulting in a fully translated .po instead of a fully untranslated .po. Add some comments to better explain some of the cryptic sed commands. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Pass-target-locale-to-msginit.patch Type: text/x-patch Size: 4976 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 10 15:30:38 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 10 Feb 2010 10:30:38 -0500 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality In-Reply-To: <4B729033.20308@redhat.com> References: <4B716ACC.6040602@redhat.com> <4B71C0EF.3040201@redhat.com> <4B729033.20308@redhat.com> Message-ID: <4B72D11E.3090108@redhat.com> Pavel Zuna wrote: > Rob Crittenden wrote: >> Pavel Zuna wrote: >>> I compiled 3 patches, that effectively bring back all the >>> functionality we had before Jasons big patch (i.e. before introducing >>> output validation and the common output interface). >>> >>> --all and --raw are back, but this time as global options >>> replacing DNs with primary keys is back >>> clever attribute printing (word-wrapping etc.) is back too >>> >>> To implement --all and --raw as global options, we had to find a way >>> to propagate additional information (apart from command name and >>> parameters) from client to server. We extended the XML-RPC signature >>> from: >>> >>> (arg0, arg1, ..., options) >>> >>> to: >>> >>> (args, options, extras) >>> >>> The extras dict is currently only filled with the 'print_all_attrs' >>> and 'print_raw_attrs' settings when forwarding a call. The server >>> saves the extras dict into the thread specific context variable. >>> >>> I also replaced the decoding table in Encoder, because it didn't >>> really work as expected in special cases. It now uses a dont-decode >>> function. In the case of ldap2, this function checks attribute type >>> OIDs and returns False for binary types. >>> >>> This patch introduces a little problem with the env command, because >>> it fixes a bug/feature, that made it work before. Before outputting >>> an attribute, we check if it isn't of type str. If it is, we assume >>> it is binary and decode it. All values in Env are str. I propose we >>> either write a specific output_for_cli for the env command or think >>> about switching from str to unicode. I tried the later and it didn't >>> cause any problems so far. >>> >>> How it's supposed to work: >>> >>> # ./ipa user-show admin >>> User login: admin >>> Last name: Administrator >>> Home directory: /home/admin >>> Login shell: /bin/bash >>> >>> # ./ipa --all user-show admin >>> dn: uid=admin,cn=users,cn=accounts,dc=pzuna >>> User login: admin >>> Last name: Administrator >>> Full name: Administrator >>> Home directory: /home/admin >>> GECOS field: Administrator >>> Login shell: /bin/bash >>> Kerberos principal: admin at PZUNA >>> UID: 1083719807 >>> GID: 1083719807 >>> Last password change date: 20100208132706Z >>> Password expiration date: 20100509132706Z >>> Member of groups: admins >>> objectclass: top, person, posixaccount, krbprincipalaux, >>> krbticketpolicyaux, inetuser >>> >>> # ./ipa --raw user-show admin >>> uid: admin >>> sn: Administrator >>> homedirectory: /home/admin >>> loginshell: /bin/bash >>> >>> # ./ipa --all --raw user-show admin >>> dn: uid=admin,cn=users,cn=accounts,dc=pzuna >>> uid: admin >>> sn: Administrator >>> cn: Administrator >>> homedirectory: /home/admin >>> gecos: Administrator >>> loginshell: /bin/bash >>> krbprincipalname: admin at PZUNA >>> uidnumber: 1083719807 >>> gidnumber: 1083719807 >>> krblastpwdchange: 20100208132706Z >>> krbpasswordexpiration: 20100509132706Z >>> memberof: cn=admins,cn=groups,cn=accounts,dc=pzuna >>> objectclass: top >>> objectclass: person >>> objectclass: posixaccount >>> objectclass: krbprincipalaux >>> objectclass: krbticketpolicyaux >>> objectclass: inetuser >>> >>> Pavel >> >> Generally looks ok, have some questions though: >> >> - We currently rely on the fact that binary objects are encoded as >> python str, it's how we determine what to base64-encode. What >> mechanism will we have to do that now? > I didn't (and I'm not planning to) make any changes in this matter. My point is that for binary objects we were explicitly setting their type to str. We don't seem to be doing that any more, so are we relying on python-ldap to default to the str type? It's ok if we do I'd just like to see a comment to that effect in case something changes in the future. > What I'm saying is that the Env object stores all strings as str and the > env command uses the same output_for_cli as LDAP commands, that only use > str for binary. So, we either need to override output_for_cli or switch > to unicode in Env. Not exactly sure what to do here though using unicode seems like the best route. > >> - Is print_* the right prefix for these new global variables? It >> affects more than just printing in the case of all because it returns >> everything over XML-RPC as well. > You're right, maybe get_* or something similar would be better. I'm open > to suggestions. I'm ok with print_raw because that is what it does. maybe print_all -> retrieve_all? >> - Is there/should there be a way for a plugin to define its own >> extras? And not to be too pedantic but is extras the best description >> for these values? Not that I have any suggestions for an improvement >> :-( Perhaps global_options? > The extras dict is there to pass additional information, that is command > independent. Commands probably shouldn't define their own. I say > probably, because it is possible, that we're going to find out this is > actually the best way to accomplish something. > > Extras might not be the best description, but we need something general, > because it can contain pretty much anything and not just global options. Ok, I don't want to agonize too much over a variable name. >> - Why are you removing get_options() from LDAPSearch()? > Because it was only used to generate an option for the UUID attribute. > Since Jason's no_create,no_update patch it isn't needed anymore, because > we can just define an UUID param with these flags set. Ok. >> It doesn't look like this is going to conflict too much with the >> parallel work I've done in regard to including member/memberof in >> return values, nor in the output work I've done. So you don't need to >> work on the individual plugins at all, I've got that ready in my tree >> though I'm going to hold onto it until we can get these patches >> committed. > Cool, that's good to hear... er, I mean read. :) I was a bit worried, > because on the meeting you sounded like you spent quite a bit of time > working on it and having to deal with conflicts/merges/andwhatnot > because of my work wouldn't be the most appropriate reward. :) Yeah, minus your 4th patch the merge went incredibly smoothly. My patch covered most of what it did with a few exceptions on some default parameters. rob From jdennis at redhat.com Wed Feb 10 16:13:28 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 10 Feb 2010 11:13:28 -0500 Subject: [Freeipa-devel] [PATCH] Add 1 intital language translation Message-ID: <4B72DB28.6090008@redhat.com> The %{find_lang} macro in the ipa.spec file will fail if there are no language translations causing the build to fail. This patch creates an Italian translation (in honor of Simo). The Italian translation is initially fully untranslated. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-1-intital-language-translation.patch Type: text/x-patch Size: 14875 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 10 16:48:28 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 10 Feb 2010 11:48:28 -0500 Subject: [Freeipa-devel] [PATCH] add a test locale to our i18n support, used for testing translations In-Reply-To: <4B720F59.60203@redhat.com> References: <4B720F59.60203@redhat.com> Message-ID: <4B72E35C.7080307@redhat.com> John Dennis wrote: > This patch adds testing support to our i18n translations. > > Read the file test_i18n.py to see how this is done. > > Makefile now supports a test_lang and test target "make test" creates > the test language, installs it in under a temporary locale directory in > the install/po subdir and then runs test_i18n.py. > > At some point in the future we need to add a real test for translations > but that is dependent on Jason finishing the LazyText work. That test > will follow the logic in test_i18n.py. > ack, pushed to master From rcritten at redhat.com Wed Feb 10 16:48:37 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 10 Feb 2010 11:48:37 -0500 Subject: [Freeipa-devel] [PATCH] Pass target locale to msginit In-Reply-To: <4B72C511.20901@redhat.com> References: <4B72C511.20901@redhat.com> Message-ID: <4B72E365.8090401@redhat.com> John Dennis wrote: > Pass target locale to msginit > > msginit should have been passed the locale because the resulting > .po file is parameterized from the locale. Also, if the target > locale is not specified it defaults to the current locale. > If the target locale is English msgid's are copied to their msgstr's > resulting in a fully translated .po instead of a fully untranslated > .po. > > Add some comments to better explain some of the cryptic sed commands. ack, pushed to master From rcritten at redhat.com Wed Feb 10 16:48:48 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 10 Feb 2010 11:48:48 -0500 Subject: [Freeipa-devel] [PATCH] Add 1 intital language translation In-Reply-To: <4B72DB28.6090008@redhat.com> References: <4B72DB28.6090008@redhat.com> Message-ID: <4B72E370.5040609@redhat.com> John Dennis wrote: > The %{find_lang} macro in the ipa.spec file will fail if there > are no language translations causing the build to fail. > This patch creates an Italian translation (in honor of Simo). > The Italian translation is initially fully untranslated. > ack, pushed to master From jderose at redhat.com Wed Feb 10 16:57:01 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 10 Feb 2010 09:57:01 -0700 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality In-Reply-To: <4B72D11E.3090108@redhat.com> References: <4B716ACC.6040602@redhat.com> <4B71C0EF.3040201@redhat.com> <4B729033.20308@redhat.com> <4B72D11E.3090108@redhat.com> Message-ID: <1265821021.2621.3.camel@jgd-dsk> On Wed, 2010-02-10 at 10:30 -0500, Rob Crittenden wrote: > Pavel Zuna wrote: > > What I'm saying is that the Env object stores all strings as str and the > > env command uses the same output_for_cli as LDAP commands, that only use > > str for binary. So, we either need to override output_for_cli or switch > > to unicode in Env. > > Not exactly sure what to do here though using unicode seems like the > best route. > Yes, we should store the env as `unicode`... this is something I've been meaning to do. I originally left them as `str` because I was having problems using `unicode` somewhere (maybe it was python-ldap), but we should just fix this special case in the appropriate place. As I wrote the latest Env version (using Martins work as a starting point), I can make this change. Should this be post-alpha? From jdennis at redhat.com Wed Feb 10 17:06:49 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 10 Feb 2010 12:06:49 -0500 Subject: [Freeipa-devel] [PATCH] Friendlier diagnostics for i18n test Message-ID: <4B72E7A9.70109@redhat.com> The diagnostic messages in test_i18n.py were a bit confusing because it didn't indicate what the test string was and where it came from. Hopefully this is clearer now. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Make-test_i18n.py-diagnostics-friendlier.patch Type: text/x-patch Size: 2582 bytes Desc: not available URL: From jdennis at redhat.com Wed Feb 10 19:42:22 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 10 Feb 2010 14:42:22 -0500 Subject: [Freeipa-devel] Important: Action required if you add a new file Message-ID: <4B730C1E.4070104@redhat.com> If you add a new file to our git tree and that file has translatable strings in it (e.g. a string enclosed in _()) then you must edit the file install/po/Makefile.in and add the file to one of the POTFILES list (currently there are two POTFILES lists, one for python sources and one for C sources). If the source code file is not listed in install/po/Makefile.in we won't pick up the translations for it. Sorry for introducing an extra manual step when adding a file but there is no way to automate this. If the new file is neither a python file nor a C file you will need to create a new POTFILES list for the language type (language as in source code language) and update the update-pot target in the Makefile.in to include the new POTFILES list (making sure to pay attention to the --language argument of xgettext). -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Wed Feb 10 21:48:12 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 10 Feb 2010 14:48:12 -0700 Subject: [Freeipa-devel] [PATCH] 375 selinux fix for CRLs In-Reply-To: <4B71E0ED.4070908@redhat.com> References: <4B71E0ED.4070908@redhat.com> Message-ID: <1265838492.2621.4.camel@jgd-dsk> On Tue, 2010-02-09 at 17:25 -0500, Rob Crittenden wrote: > Fix an SELinux permissions problem when retrieving CRLs via Apache. > > rob ack. pushed to master. From jderose at redhat.com Wed Feb 10 21:48:30 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 10 Feb 2010 14:48:30 -0700 Subject: [Freeipa-devel] [PATCH[ 376 fix ipa-join segfault In-Reply-To: <4B723048.4010105@redhat.com> References: <4B723048.4010105@redhat.com> Message-ID: <1265838510.2621.5.camel@jgd-dsk> On Tue, 2010-02-09 at 23:04 -0500, Rob Crittenden wrote: > Make sure incoming data isn't NULL before trying to strdup() it. Bad > things happen otherwise. > > rob ack. pushed to master. From jderose at redhat.com Thu Feb 11 04:24:51 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Thu, 11 Feb 2010 04:24:51 +0000 Subject: [Freeipa-devel] [PATCH] jderose 042 output_params Message-ID: <1265862291.2621.13.camel@jgd-dsk> As discussed with Rob on IRC, this patch changes the Command.get_output_params() method so that by default your Command.output_params will be the same as your Command.params. This make the behavior similar to how Method.get_output_params() fills your Method.params with the params in the corresponding Object.params. If you have args or options that you *don't* want in output_params, add the 'no_output' flag, like this: Str('foo', flags=['no_output']) This is similar to the 'no_create', 'no_update', and 'no_search' flags for Method plugins. If you need output that wont be in your args or options, add them in a `has_output_params` tuple, like this: has_output_params = ( 'bar', 'baz', ) I'll add docstrings in another patch, but this is blocking Rob, so I made it a quickie. -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-042-output_params.patch Type: text/x-patch Size: 2548 bytes Desc: not available URL: From jderose at redhat.com Thu Feb 11 09:46:28 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Thu, 11 Feb 2010 02:46:28 -0700 Subject: [Freeipa-devel] [PATCH] jderose 042 Fix ctypes SELinux problem Message-ID: <1265881588.2621.28.camel@jgd-dsk> Under Fedora12, the httpd SELinux policy causes IPA to bomb when the Python `ctypes` module gets imported. The `ctypes` module is used by python-pygments, which in turn is used by python-wehjit. I just made a python-wehjit 0.2.2 bugfix release with a hack to prevent wehjit from importing pygments. This also disables the pygments-based source code highlighting plugins, but we aren't using those in IPA at the moment anyway. This patch changes the .spec to require python-wehjit >= 0.2.2 and adds the pygments disabling hack in ipawebui/__init__.py -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-043-Fix-ctypes-SELinux-problem.patch Type: text/x-patch Size: 2167 bytes Desc: not available URL: From jderose at redhat.com Thu Feb 11 09:57:31 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Thu, 11 Feb 2010 02:57:31 -0700 Subject: [Freeipa-devel] [PATCH] jderose 042 Fix ctypes SELinux problem In-Reply-To: <1265881588.2621.28.camel@jgd-dsk> References: <1265881588.2621.28.camel@jgd-dsk> Message-ID: <1265882251.2621.29.camel@jgd-dsk> Oops, the subject should have been "jderose 043...". This does not replace my 042 patch in anyway. ;) On Thu, 2010-02-11 at 02:46 -0700, Jason Gerard DeRose wrote: > Under Fedora12, the httpd SELinux policy causes IPA to bomb when the > Python `ctypes` module gets imported. The `ctypes` module is used by > python-pygments, which in turn is used by python-wehjit. > > I just made a python-wehjit 0.2.2 bugfix release with a hack to prevent > wehjit from importing pygments. This also disables the pygments-based > source code highlighting plugins, but we aren't using those in IPA at > the moment anyway. > > This patch changes the .spec to require python-wehjit >= 0.2.2 and adds > the pygments disabling hack in ipawebui/__init__.py > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From pzuna at redhat.com Thu Feb 11 10:01:54 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Thu, 11 Feb 2010 11:01:54 +0100 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality In-Reply-To: <4B72D11E.3090108@redhat.com> References: <4B716ACC.6040602@redhat.com> <4B71C0EF.3040201@redhat.com> <4B729033.20308@redhat.com> <4B72D11E.3090108@redhat.com> Message-ID: <4B73D592.8000906@redhat.com> Rob Crittenden wrote: > Pavel Zuna wrote: >> Rob Crittenden wrote: >>> Pavel Zuna wrote: >>>> I compiled 3 patches, that effectively bring back all the >>>> functionality we had before Jasons big patch (i.e. before >>>> introducing output validation and the common output interface). >>>> >>>> --all and --raw are back, but this time as global options >>>> replacing DNs with primary keys is back >>>> clever attribute printing (word-wrapping etc.) is back too >>>> >>>> To implement --all and --raw as global options, we had to find a way >>>> to propagate additional information (apart from command name and >>>> parameters) from client to server. We extended the XML-RPC signature >>>> from: >>>> >>>> (arg0, arg1, ..., options) >>>> >>>> to: >>>> >>>> (args, options, extras) >>>> >>>> The extras dict is currently only filled with the 'print_all_attrs' >>>> and 'print_raw_attrs' settings when forwarding a call. The server >>>> saves the extras dict into the thread specific context variable. >>>> >>>> I also replaced the decoding table in Encoder, because it didn't >>>> really work as expected in special cases. It now uses a dont-decode >>>> function. In the case of ldap2, this function checks attribute type >>>> OIDs and returns False for binary types. >>>> >>>> This patch introduces a little problem with the env command, because >>>> it fixes a bug/feature, that made it work before. Before outputting >>>> an attribute, we check if it isn't of type str. If it is, we assume >>>> it is binary and decode it. All values in Env are str. I propose we >>>> either write a specific output_for_cli for the env command or think >>>> about switching from str to unicode. I tried the later and it didn't >>>> cause any problems so far. >>>> >>>> How it's supposed to work: >>>> >>>> # ./ipa user-show admin >>>> User login: admin >>>> Last name: Administrator >>>> Home directory: /home/admin >>>> Login shell: /bin/bash >>>> >>>> # ./ipa --all user-show admin >>>> dn: uid=admin,cn=users,cn=accounts,dc=pzuna >>>> User login: admin >>>> Last name: Administrator >>>> Full name: Administrator >>>> Home directory: /home/admin >>>> GECOS field: Administrator >>>> Login shell: /bin/bash >>>> Kerberos principal: admin at PZUNA >>>> UID: 1083719807 >>>> GID: 1083719807 >>>> Last password change date: 20100208132706Z >>>> Password expiration date: 20100509132706Z >>>> Member of groups: admins >>>> objectclass: top, person, posixaccount, krbprincipalaux, >>>> krbticketpolicyaux, inetuser >>>> >>>> # ./ipa --raw user-show admin >>>> uid: admin >>>> sn: Administrator >>>> homedirectory: /home/admin >>>> loginshell: /bin/bash >>>> >>>> # ./ipa --all --raw user-show admin >>>> dn: uid=admin,cn=users,cn=accounts,dc=pzuna >>>> uid: admin >>>> sn: Administrator >>>> cn: Administrator >>>> homedirectory: /home/admin >>>> gecos: Administrator >>>> loginshell: /bin/bash >>>> krbprincipalname: admin at PZUNA >>>> uidnumber: 1083719807 >>>> gidnumber: 1083719807 >>>> krblastpwdchange: 20100208132706Z >>>> krbpasswordexpiration: 20100509132706Z >>>> memberof: cn=admins,cn=groups,cn=accounts,dc=pzuna >>>> objectclass: top >>>> objectclass: person >>>> objectclass: posixaccount >>>> objectclass: krbprincipalaux >>>> objectclass: krbticketpolicyaux >>>> objectclass: inetuser >>>> >>>> Pavel >>> >>> Generally looks ok, have some questions though: >>> >>> - We currently rely on the fact that binary objects are encoded as >>> python str, it's how we determine what to base64-encode. What >>> mechanism will we have to do that now? >> I didn't (and I'm not planning to) make any changes in this matter. > > My point is that for binary objects we were explicitly setting their > type to str. We don't seem to be doing that any more, so are we relying > on python-ldap to default to the str type? It's ok if we do I'd just > like to see a comment to that effect in case something changes in the > future. Yeah, we do rely on python-ldap in this case. It returns everything as str. I didn't realize you were referring to the changes in the Encoder class. Some background information about Encoder: When I started working on the ldap2 backend, I realized that around every call to python-ldap, we had to encode/decode both compound and scalar values. With scalar values, it wasn't a problem to just choose what to encode/decode and what not. With compound values likes entries, it was more difficult, because all attributes are returned as str, but have different types. I implemented a feature in the Encoder class, that enabled its consumers to define a decoding table for dicts and a function of the dict key, that would return a key in the decoding table. The decoding table was supposed to contain callables (mostly python types), that would be used to decode the dict value. If the returned key was not in the table, default decoding (to unicode) would take place. The idea was, that we would convert boolean strings to bool, integer values to int and leave binary values as str. Unfortunatly, there were some difficulties with boolean types, then Simo chimed in about integers in LDAP not having the same range as int in python and you can't argue with Simo. Plus I didn't really feel like doing anything about the booleans, so the decoding table in ldap2 was just used to leave binary attributes as str. With the latest Encoder patch, I decided to remove the decoding table completely and replace it with a dont-decode function of the dict key, because that's just what we need in ldap2 and the decoding table wasn't working properly with complex compound types anyway (e.g. dicts in a dict). >> What I'm saying is that the Env object stores all strings as str and >> the env command uses the same output_for_cli as LDAP commands, that >> only use str for binary. So, we either need to override output_for_cli >> or switch to unicode in Env. > > Not exactly sure what to do here though using unicode seems like the > best route. > >> >>> - Is print_* the right prefix for these new global variables? It >>> affects more than just printing in the case of all because it returns >>> everything over XML-RPC as well. >> You're right, maybe get_* or something similar would be better. I'm >> open to suggestions. > > I'm ok with print_raw because that is what it does. maybe print_all -> > retrieve_all? > >>> - Is there/should there be a way for a plugin to define its own >>> extras? And not to be too pedantic but is extras the best description >>> for these values? Not that I have any suggestions for an improvement >>> :-( Perhaps global_options? >> The extras dict is there to pass additional information, that is >> command independent. Commands probably shouldn't define their own. I >> say probably, because it is possible, that we're going to find out >> this is actually the best way to accomplish something. >> >> Extras might not be the best description, but we need something >> general, because it can contain pretty much anything and not just >> global options. > > Ok, I don't want to agonize too much over a variable name. > >>> - Why are you removing get_options() from LDAPSearch()? >> Because it was only used to generate an option for the UUID attribute. >> Since Jason's no_create,no_update patch it isn't needed anymore, >> because we can just define an UUID param with these flags set. > > Ok. > >>> It doesn't look like this is going to conflict too much with the >>> parallel work I've done in regard to including member/memberof in >>> return values, nor in the output work I've done. So you don't need to >>> work on the individual plugins at all, I've got that ready in my tree >>> though I'm going to hold onto it until we can get these patches >>> committed. >> Cool, that's good to hear... er, I mean read. :) I was a bit worried, >> because on the meeting you sounded like you spent quite a bit of time >> working on it and having to deal with conflicts/merges/andwhatnot >> because of my work wouldn't be the most appropriate reward. :) > > Yeah, minus your 4th patch the merge went incredibly smoothly. My patch > covered most of what it did with a few exceptions on some default > parameters. Great. :) > rob Pavel From pzuna at redhat.com Thu Feb 11 10:04:18 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Thu, 11 Feb 2010 11:04:18 +0100 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality In-Reply-To: <1265821021.2621.3.camel@jgd-dsk> References: <4B716ACC.6040602@redhat.com> <4B71C0EF.3040201@redhat.com> <4B729033.20308@redhat.com> <4B72D11E.3090108@redhat.com> <1265821021.2621.3.camel@jgd-dsk> Message-ID: <4B73D622.4020903@redhat.com> Jason Gerard DeRose wrote: > On Wed, 2010-02-10 at 10:30 -0500, Rob Crittenden wrote: >> Pavel Zuna wrote: >>> What I'm saying is that the Env object stores all strings as str and the >>> env command uses the same output_for_cli as LDAP commands, that only use >>> str for binary. So, we either need to override output_for_cli or switch >>> to unicode in Env. >> Not exactly sure what to do here though using unicode seems like the >> best route. >> > > Yes, we should store the env as `unicode`... this is something I've been > meaning to do. I originally left them as `str` because I was having > problems using `unicode` somewhere (maybe it was python-ldap), but we > should just fix this special case in the appropriate place. That's possible, python-ldap seems to hate everything except str and list. > As I wrote the latest Env version (using Martins work as a starting > point), I can make this change. Actually, if you didn't start on it yet. I would take this task onto myself as I already did some experiments to see if it would work and I should be able to have a patch by tomorrow. > Should this be post-alpha? > Pavel From pzuna at redhat.com Thu Feb 11 14:20:42 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Thu, 11 Feb 2010 15:20:42 +0100 Subject: [Freeipa-devel] [PATCH] Use unicode instead of str for environmental variables in Env. Message-ID: <4B74123A.7010001@redhat.com> The patch is not far from trivial, but... It makes the assumption, that IPA config files are utf-8 encoded (or compatible like ASCII). Is that OK? Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Use-unicode-instead-of-str-for-environmental-variabl.patch Type: application/mbox Size: 1199 bytes Desc: not available URL: From jdennis at redhat.com Thu Feb 11 14:43:33 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 11 Feb 2010 09:43:33 -0500 Subject: [Freeipa-devel] [PATCH] Use unicode instead of str for environmental variables in Env. In-Reply-To: <4B74123A.7010001@redhat.com> References: <4B74123A.7010001@redhat.com> Message-ID: <4B741795.6060607@redhat.com> On 02/11/2010 09:20 AM, Pavel Zuna wrote: > The patch is not far from trivial, but... > > It makes the assumption, that IPA config files are utf-8 encoded (or > compatible like ASCII). Is that OK? Yes, assuming external data entering IPA is UTF-8 is valid. UTF-8 is supposed to be the standard encoding for everything (at least in our distribution). ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jdennis at redhat.com Thu Feb 11 14:57:35 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 11 Feb 2010 09:57:35 -0500 Subject: [Freeipa-devel] [PATCHES] Bring back old outputting functionality In-Reply-To: <4B73D592.8000906@redhat.com> References: <4B716ACC.6040602@redhat.com> <4B71C0EF.3040201@redhat.com> <4B729033.20308@redhat.com> <4B72D11E.3090108@redhat.com> <4B73D592.8000906@redhat.com> Message-ID: <4B741ADF.5080800@redhat.com> On 02/11/2010 05:01 AM, Pavel Z?na wrote: >> My point is that for binary objects we were explicitly setting their >> type to str. We don't seem to be doing that any more, so are we >> relying on python-ldap to default to the str type? It's ok if we do >> I'd just like to see a comment to that effect in case something >> changes in the future. > Yeah, we do rely on python-ldap in this case. It returns everything as > str. I didn't realize you were referring to the changes in the Encoder > class. > > Some background information about Encoder: > When I started working on the ldap2 backend, I realized that around > every call to python-ldap, we had to encode/decode both compound and > scalar values. With scalar values, it wasn't a problem to just choose > what to encode/decode and what not. With compound values likes entries, > it was more difficult, because all attributes are returned as str, but > have different types. I implemented a feature in the Encoder class, that > enabled its consumers to define a decoding table for dicts and a > function of the dict key, that would return a key in the decoding table. > The decoding table was supposed to contain callables (mostly python > types), that would be used to decode the dict value. If the returned key > was not in the table, default decoding (to unicode) would take place. > The idea was, that we would convert boolean strings to bool, integer > values to int and leave binary values as str. Unfortunatly, there were > some difficulties with boolean types, then Simo chimed in about integers > in LDAP not having the same range as int in python and you can't argue > with Simo. Plus I didn't really feel like doing anything about the > booleans, so the decoding table in ldap2 was just used to leave binary > attributes as str. With the latest Encoder patch, I decided to remove > the decoding table completely and replace it with a dont-decode function > of the dict key, because that's just what we need in ldap2 and the > decoding table wasn't working properly with complex compound types > anyway (e.g. dicts in a dict). Having some type of table driven mechanism which maps an LDAP attribute to it's corresponding Python type sounds like the right approach. It's essential the LDAP attribute expressed as a string be parsed into the correct Python type. Where does this mapping come from? Well, I thought we used the schema to perform this mapping. In fact I fixed a bug in this code recently where the type conversion was not happening because the schema hadn't been loaded. Given the schema defines the type, we load the schema and use it to do type conversions, then that leaves confused as to what the issue is. There must be something else I'm missing, can you fill me in? -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jdennis at redhat.com Thu Feb 11 15:45:04 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 11 Feb 2010 10:45:04 -0500 Subject: [Freeipa-devel] Calling for translation help Message-ID: <4B742600.7010109@redhat.com> Are you multilingual? Would you like to contribute to the FreeIPA project by providing translations? If so we could use your help! We just recently added FreeIPA to the Transifex.net translation portal. You can register yourself as a translator on Transifex.net, select a language of your choice and go to the FreeIPA project area in Transifex.net and provide translations for FreeIPA. The FreeIPA project area is: https://www.transifex.net/projects/p/freeipa/c/master We will include your translations in a future release and credit you for your contribution. For more information about Transifex, how to sign up and how to contribute please start with the Transifex main page: https://www.transifex.net Thank you for your help! The FreeIPA team. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From rcritten at redhat.com Thu Feb 11 19:56:47 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 11 Feb 2010 14:56:47 -0500 Subject: [Freeipa-devel] [PATCH] jderose 042 output_params In-Reply-To: <1265862291.2621.13.camel@jgd-dsk> References: <1265862291.2621.13.camel@jgd-dsk> Message-ID: <4B7460FF.1060205@redhat.com> Jason Gerard DeRose wrote: > As discussed with Rob on IRC, this patch changes the > Command.get_output_params() method so that by default your > Command.output_params will be the same as your Command.params. > > This make the behavior similar to how Method.get_output_params() fills > your Method.params with the params in the corresponding Object.params. > > If you have args or options that you *don't* want in output_params, add > the 'no_output' flag, like this: > > Str('foo', flags=['no_output']) > > This is similar to the 'no_create', 'no_update', and 'no_search' flags > for Method plugins. > > If you need output that wont be in your args or options, add them in a > `has_output_params` tuple, like this: > > has_output_params = ( > 'bar', > 'baz', > ) > > I'll add docstrings in another patch, but this is blocking Rob, so I > made it a quickie. > ack, pushed to master. Working great. rob From rcritten at redhat.com Thu Feb 11 19:57:49 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 11 Feb 2010 14:57:49 -0500 Subject: [Freeipa-devel] [PATCH] jderose 042 Fix ctypes SELinux problem In-Reply-To: <1265881588.2621.28.camel@jgd-dsk> References: <1265881588.2621.28.camel@jgd-dsk> Message-ID: <4B74613D.2080103@redhat.com> Jason Gerard DeRose wrote: > Under Fedora12, the httpd SELinux policy causes IPA to bomb when the > Python `ctypes` module gets imported. The `ctypes` module is used by > python-pygments, which in turn is used by python-wehjit. > > I just made a python-wehjit 0.2.2 bugfix release with a hack to prevent > wehjit from importing pygments. This also disables the pygments-based > source code highlighting plugins, but we aren't using those in IPA at > the moment anyway. > > This patch changes the .spec to require python-wehjit >= 0.2.2 and adds > the pygments disabling hack in ipawebui/__init__.py > Ack. Lets hold off on pushing this until the library gets into the Fedora update stream. rob From rcritten at redhat.com Thu Feb 11 20:00:01 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 11 Feb 2010 15:00:01 -0500 Subject: [Freeipa-devel] [PATCH] Friendlier diagnostics for i18n test In-Reply-To: <4B72E7A9.70109@redhat.com> References: <4B72E7A9.70109@redhat.com> Message-ID: <4B7461C1.6070402@redhat.com> John Dennis wrote: > The diagnostic messages in test_i18n.py were a bit confusing > because it didn't indicate what the test string was and where > it came from. Hopefully this is clearer now. > > ack, pushed to master. From jderose at redhat.com Thu Feb 11 20:06:31 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Thu, 11 Feb 2010 13:06:31 -0700 Subject: [Freeipa-devel] [PATCH] jderose 042 Fix ctypes SELinux problem In-Reply-To: <4B74613D.2080103@redhat.com> References: <1265881588.2621.28.camel@jgd-dsk> <4B74613D.2080103@redhat.com> Message-ID: <1265918791.13816.0.camel@jgd-dsk> On Thu, 2010-02-11 at 14:57 -0500, Rob Crittenden wrote: > Jason Gerard DeRose wrote: > > Under Fedora12, the httpd SELinux policy causes IPA to bomb when the > > Python `ctypes` module gets imported. The `ctypes` module is used by > > python-pygments, which in turn is used by python-wehjit. > > > > I just made a python-wehjit 0.2.2 bugfix release with a hack to prevent > > wehjit from importing pygments. This also disables the pygments-based > > source code highlighting plugins, but we aren't using those in IPA at > > the moment anyway. > > > > This patch changes the .spec to require python-wehjit >= 0.2.2 and adds > > the pygments disabling hack in ipawebui/__init__.py > > > > Ack. Lets hold off on pushing this until the library gets into the > Fedora update stream. Agreed. > rob From admin at transifex.net Thu Feb 11 20:40:37 2010 From: admin at transifex.net (admin at transifex.net) Date: Thu, 11 Feb 2010 20:40:37 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team Creation Requested: Persian Message-ID: <20100211204037.15275.94680@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A translation team for 'Persian' has been required to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/teams/ in order to manage the teams of the project. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Thu Feb 11 20:54:58 2010 From: admin at transifex.net (admin at transifex.net) Date: Thu, 11 Feb 2010 20:54:58 -0000 Subject: [Freeipa-devel] [www.transifex.net] New Team Added: Persian Message-ID: <20100211205458.14732.27172@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A new translation team called 'Persian' has been added to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/fa/ in order to see this new team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Thu Feb 11 22:30:51 2010 From: admin at transifex.net (admin at transifex.net) Date: Thu, 11 Feb 2010 22:30:51 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100211223051.15988.36967@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by raven Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- A non-text attachment was scrubbed... Name: install/po/pl.po Type: application/octet-stream Size: 18979 bytes Desc: not available URL: From admin at transifex.net Thu Feb 11 23:00:31 2010 From: admin at transifex.net (admin at transifex.net) Date: Thu, 11 Feb 2010 23:00:31 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team Creation Requested: Indonesian Message-ID: <20100211230031.15985.9208@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A translation team for 'Indonesian' has been required to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/teams/ in order to manage the teams of the project. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Thu Feb 11 23:16:58 2010 From: admin at transifex.net (admin at transifex.net) Date: Thu, 11 Feb 2010 23:16:58 -0000 Subject: [Freeipa-devel] [www.transifex.net] New Team Added: Indonesian Message-ID: <20100211231658.16016.35131@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A new translation team called 'Indonesian' has been added to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/id/ in order to see this new team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Thu Feb 11 23:30:05 2010 From: admin at transifex.net (admin at transifex.net) Date: Thu, 11 Feb 2010 23:30:05 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100211233005.16013.12696@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by dheche Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- A non-text attachment was scrubbed... Name: install/po/id.po Type: text/x-gettext-translation Size: 17190 bytes Desc: not available URL: From jdennis at redhat.com Thu Feb 11 23:36:18 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 11 Feb 2010 18:36:18 -0500 Subject: [Freeipa-devel] [PATCH] add Polish translation Message-ID: <4B749472.1080108@redhat.com> Woo ho! We got our first translation, Polish. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-Polish-translation.patch Type: text/x-patch Size: 20311 bytes Desc: not available URL: From jdennis at redhat.com Thu Feb 11 23:45:00 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 11 Feb 2010 18:45:00 -0500 Subject: [Freeipa-devel] [PATCH] add Polish translation In-Reply-To: <4B749472.1080108@redhat.com> References: <4B749472.1080108@redhat.com> Message-ID: <4B74967C.8090105@redhat.com> On 02/11/2010 06:36 PM, John Dennis wrote: > Woo ho! We got our first translation, Polish. NAK Something got screwed up with the encoding when the patch was sent through email. I need to figure out what went wrong and resubmit it. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jdennis at redhat.com Fri Feb 12 00:00:00 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 11 Feb 2010 19:00:00 -0500 Subject: [Freeipa-devel] So what's up with this new stream of email from Transifex on freeipa-devel? Message-ID: <4B749A00.5030702@redhat.com> You may have noticed this email list has started to receive email from Transifex. What's up with that anyway? Transifex is an open source translation portal. We recently registered our project with Transifex to get our language translations performed for us by experienced translators. Normally Transifex is set up to integrate with the projects version control system (VCS), e.g. cvs, svn, mercurial, git, etc. When a translator submits a translation (e.g. a .po file) the typical behavior is for Transifex to commit the .po file to the projects VCS. But we have very strict access control on our git repository. So instead we've set it up so submissions are emailed to us. I will convert that submission into a git patch and post it for approval. We've also registered this email list as our administrative contact with Transifex. That means administrative requests from Transifex will also appear on this list. For the time being I will handle all the emails coming from Transifex. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From admin at transifex.net Fri Feb 12 08:19:28 2010 From: admin at transifex.net (admin at transifex.net) Date: Fri, 12 Feb 2010 08:19:28 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team Creation Requested: Russian Message-ID: <20100212081928.13230.69528@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A translation team for 'Russian' has been required to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/teams/ in order to manage the teams of the project. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From jderose at redhat.com Fri Feb 12 08:23:14 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 12 Feb 2010 08:23:14 +0000 Subject: [Freeipa-devel] [PATCH] jderose 042 Fix ctypes SELinux problem In-Reply-To: <4B74613D.2080103@redhat.com> References: <1265881588.2621.28.camel@jgd-dsk> <4B74613D.2080103@redhat.com> Message-ID: <1265962994.13816.6.camel@jgd-dsk> On Thu, 2010-02-11 at 14:57 -0500, Rob Crittenden wrote: > Jason Gerard DeRose wrote: > > Under Fedora12, the httpd SELinux policy causes IPA to bomb when the > > Python `ctypes` module gets imported. The `ctypes` module is used by > > python-pygments, which in turn is used by python-wehjit. > > > > I just made a python-wehjit 0.2.2 bugfix release with a hack to prevent > > wehjit from importing pygments. This also disables the pygments-based > > source code highlighting plugins, but we aren't using those in IPA at > > the moment anyway. > > > > This patch changes the .spec to require python-wehjit >= 0.2.2 and adds > > the pygments disabling hack in ipawebui/__init__.py > > > > Ack. Lets hold off on pushing this until the library gets into the > Fedora update stream. > > rob python-wehjit 0.2.2 has landed in Fedora 11 & 12. Pushed to master. From sgallagh at redhat.com Fri Feb 12 11:34:06 2010 From: sgallagh at redhat.com (Stephen Gallagher) Date: Fri, 12 Feb 2010 06:34:06 -0500 Subject: [Freeipa-devel] [PATCH] add Polish translation In-Reply-To: <4B74967C.8090105@redhat.com> References: <4B749472.1080108@redhat.com> <4B74967C.8090105@redhat.com> Message-ID: <4B753CAE.1030107@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/11/2010 06:45 PM, John Dennis wrote: > On 02/11/2010 06:36 PM, John Dennis wrote: >> Woo ho! We got our first translation, Polish. > > NAK > > Something got screwed up with the encoding when the patch was sent > through email. I need to figure out what went wrong and resubmit it. > I suggest always sending translation patches as forced base-64 encoded attachments. Sometimes the extended character set gets broken by mailman. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt1PK0ACgkQeiVVYja6o6NDDwCgokzquH9kJPfMOsjeaS7SxVqq ReQAnRYaWMkunFHokAl5oq84aqw+8yMS =vIVJ -----END PGP SIGNATURE----- From pzuna at redhat.com Fri Feb 12 12:42:59 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Fri, 12 Feb 2010 13:42:59 +0100 Subject: [Freeipa-devel] [PATCH] Add default automount location. Auto-create auto.direct in new locations. Message-ID: <4B754CD3.9090702@redhat.com> This patch replaces deprecated automount entries created after installation with a 'default' automount location with auto.master and auto.direct maps. It also makes the automount plugin create the auto.master and auto.direct maps when a new location is added. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-default-automount-location.-Auto-create-auto.dir.patch Type: application/mbox Size: 2084 bytes Desc: not available URL: From admin at transifex.net Fri Feb 12 14:34:25 2010 From: admin at transifex.net (admin at transifex.net) Date: Fri, 12 Feb 2010 14:34:25 -0000 Subject: [Freeipa-devel] [www.transifex.net] New Team Added: Russian Message-ID: <20100212143425.28020.4154@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A new translation team called 'Russian' has been added to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/ru/ in order to see this new team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From rcritten at redhat.com Fri Feb 12 15:46:45 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 12 Feb 2010 10:46:45 -0500 Subject: [Freeipa-devel] [PATCH] Add default automount location. Auto-create auto.direct in new locations. In-Reply-To: <4B754CD3.9090702@redhat.com> References: <4B754CD3.9090702@redhat.com> Message-ID: <4B7577E5.7060900@redhat.com> Pavel Zuna wrote: > This patch replaces deprecated automount entries created after > installation with a 'default' automount location with auto.master and > auto.direct maps. It also makes the automount plugin create the > auto.master and auto.direct maps when a new location is added. > > Pavel > ack, pushed to master From rcritten at redhat.com Fri Feb 12 15:56:28 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 12 Feb 2010 10:56:28 -0500 Subject: [Freeipa-devel] [PATCH] 377 fix deprecation warning Message-ID: <4B757A2C.9090807@redhat.com> Fix a deprecation warning importing sha. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-377-sha.patch Type: application/mbox Size: 912 bytes Desc: not available URL: From rcritten at redhat.com Fri Feb 12 16:03:19 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 12 Feb 2010 11:03:19 -0500 Subject: [Freeipa-devel] [PATCH] 378 allow one-character Param names Message-ID: <4B757BC7.8040402@redhat.com> Loosen up the variable name restrictions in Params so we can handle the attribute l (localityname). rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-378-name.patch Type: application/mbox Size: 3581 bytes Desc: not available URL: From jderose at redhat.com Fri Feb 12 19:57:08 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 12 Feb 2010 12:57:08 -0700 Subject: [Freeipa-devel] [PATCH] 377 fix deprecation warning In-Reply-To: <4B757A2C.9090807@redhat.com> References: <4B757A2C.9090807@redhat.com> Message-ID: <1266004628.32569.8.camel@jgd-dsk> On Fri, 2010-02-12 at 10:56 -0500, Rob Crittenden wrote: > Fix a deprecation warning importing sha. > > rob nack. There is no `sha` attribute in the `hashlib` module; instead, you'll need to use `hashlib.sha1`, like this: try: from hashlib import sha1 as sha except ImportError: from sha import sha I'd like to start consolidating these Python compatibility hacks in the `ipalib.compat` module. But in the case of the `uuid` module, with its funky imports inside of functions, we should probably keep our modifications to a minimum. So I agree with your approach. ack once you fix the import. ;) From jdennis at redhat.com Fri Feb 12 20:06:26 2010 From: jdennis at redhat.com (John Dennis) Date: Fri, 12 Feb 2010 15:06:26 -0500 Subject: [Freeipa-devel] [PATCH] 377 fix deprecation warning In-Reply-To: <1266004628.32569.8.camel@jgd-dsk> References: <4B757A2C.9090807@redhat.com> <1266004628.32569.8.camel@jgd-dsk> Message-ID: <4B75B4C2.9000809@redhat.com> On 02/12/2010 02:57 PM, Jason Gerard DeRose wrote: > On Fri, 2010-02-12 at 10:56 -0500, Rob Crittenden wrote: >> Fix a deprecation warning importing sha. >> >> rob > > nack. There is no `sha` attribute in the `hashlib` module; instead, > you'll need to use `hashlib.sha1`, like this: > > try: > from hashlib import sha1 as sha > except ImportError: > from sha import sha > > I'd like to start consolidating these Python compatibility hacks in the > `ipalib.compat` module. But in the case of the `uuid` module, with its > funky imports inside of functions, we should probably keep our > modifications to a minimum. > > So I agree with your approach. ack once you fix the import. ;) FWIW, python-nss has: hash_buf (specify any hash algorithm supported my NSS) md5_digest sha1_digest sha256_digest sha512_digest -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Fri Feb 12 20:11:45 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 12 Feb 2010 13:11:45 -0700 Subject: [Freeipa-devel] [PATCH] jderose 044 Add sha1, md5 to compat Message-ID: <1266005505.32569.14.camel@jgd-dsk> This patch adds `sha1` and `md5` classes to the `compat` module. These will work in Python 2.4 - 2.5 without raising a `DeprecationWarning`. -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-044-Add-sha1-md5-to-compat.patch Type: text/x-patch Size: 2294 bytes Desc: not available URL: From jderose at redhat.com Fri Feb 12 20:19:54 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 12 Feb 2010 13:19:54 -0700 Subject: [Freeipa-devel] [PATCH] 378 allow one-character Param names In-Reply-To: <4B757BC7.8040402@redhat.com> References: <4B757BC7.8040402@redhat.com> Message-ID: <1266005994.32569.15.camel@jgd-dsk> On Fri, 2010-02-12 at 11:03 -0500, Rob Crittenden wrote: > Loosen up the variable name restrictions in Params so we can handle the > attribute l (localityname). > > rob ack. pushed to master. From rcritten at redhat.com Fri Feb 12 21:29:33 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 12 Feb 2010 16:29:33 -0500 Subject: [Freeipa-devel] [PATCH] 379 fix automountlocation-tofiles Message-ID: <4B75C83D.4070000@redhat.com> The command automountlocation-tofiles hadn't been ported to the new return value format. It should work again. I also added a few labels to make the output more readable. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-379-automount.patch Type: application/mbox Size: 3163 bytes Desc: not available URL: From rcritten at redhat.com Fri Feb 12 21:41:27 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 12 Feb 2010 16:41:27 -0500 Subject: [Freeipa-devel] [PATCH] 380 Use the Output settings to determine output order Message-ID: <4B75CB07.9060201@redhat.com> This patch does a number of things. I considered breaking it up but it is so interdependent I thought that would make more work. The core of this is using the Output tuple defined for the command to determine the order of output. This is a very broad brush, controlling only the summary, entry and value order, but it's a start. This also fixes displaying group membership and failed membership modifications. I added a bit of recursion to support that. It may need some more beautification work but the basics are there. I've also got all tests passing at 100%. The only thing left to do is to get the framework to return the dn again. Once that works we can remove the hash for all the #dn entries in the tests. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-380-output.patch Type: application/mbox Size: 57694 bytes Desc: not available URL: From rcritten at redhat.com Fri Feb 12 22:08:58 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 12 Feb 2010 17:08:58 -0500 Subject: [Freeipa-devel] [PATCH] 377 fix deprecation warning In-Reply-To: <1266004628.32569.8.camel@jgd-dsk> References: <4B757A2C.9090807@redhat.com> <1266004628.32569.8.camel@jgd-dsk> Message-ID: <4B75D17A.9070200@redhat.com> Jason Gerard DeRose wrote: > On Fri, 2010-02-12 at 10:56 -0500, Rob Crittenden wrote: >> Fix a deprecation warning importing sha. >> >> rob > > nack. There is no `sha` attribute in the `hashlib` module; instead, > you'll need to use `hashlib.sha1`, like this: > > try: > from hashlib import sha1 as sha > except ImportError: > from sha import sha > > I'd like to start consolidating these Python compatibility hacks in the > `ipalib.compat` module. But in the case of the `uuid` module, with its > funky imports inside of functions, we should probably keep our > modifications to a minimum. > > So I agree with your approach. ack once you fix the import. ;) > > > Gah, good catch. Fixed and pushed. rob From rcritten at redhat.com Fri Feb 12 22:09:13 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 12 Feb 2010 17:09:13 -0500 Subject: [Freeipa-devel] [PATCH] jderose 040 In-Reply-To: <1265632972.2715.7.camel@jgd-dsk> References: <1265632972.2715.7.camel@jgd-dsk> Message-ID: <4B75D189.2020109@redhat.com> Jason Gerard DeRose wrote: > This is (knock on wood) a low risk change that adds an Object.label > attribute that is exposed through the webUI, cleans up some UI > funkiness. > > I was accidentally making post-alpha changes in the same branch as my > error and other string cleanups, which is taking me a bit to sort out, > so this is the last patch from me till after the alpha. ack, pushed to master From rcritten at redhat.com Fri Feb 12 22:13:26 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 12 Feb 2010 17:13:26 -0500 Subject: [Freeipa-devel] [PATCH] jderose 044 Add sha1, md5 to compat In-Reply-To: <1266005505.32569.14.camel@jgd-dsk> References: <1266005505.32569.14.camel@jgd-dsk> Message-ID: <4B75D286.1060307@redhat.com> Jason Gerard DeRose wrote: > This patch adds `sha1` and `md5` classes to the `compat` module. These > will work in Python 2.4 - 2.5 without raising a `DeprecationWarning`. > I wonder if we should import both the name sha and sha1. If we did that we could modify ipauuid to import from compat directly. This would be nicer too because it shortens the diffs from the upstream uuid.py. The reason we have our own local copy is partly due to the fact that uuid.py imports ctypes which is not at all SELinux friendly. That and so we can work on Python 2.4 systems. rob From rcritten at redhat.com Fri Feb 12 22:20:53 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 12 Feb 2010 17:20:53 -0500 Subject: [Freeipa-devel] [PATCH] jderose 044 Add sha1, md5 to compat In-Reply-To: <4B75D286.1060307@redhat.com> References: <1266005505.32569.14.camel@jgd-dsk> <4B75D286.1060307@redhat.com> Message-ID: <4B75D445.4050607@redhat.com> Rob Crittenden wrote: > Jason Gerard DeRose wrote: >> This patch adds `sha1` and `md5` classes to the `compat` module. These >> will work in Python 2.4 - 2.5 without raising a `DeprecationWarning`. >> > > I wonder if we should import both the name sha and sha1. If we did that > we could modify ipauuid to import from compat directly. This would be > nicer too because it shortens the diffs from the upstream uuid.py. > > The reason we have our own local copy is partly due to the fact that > uuid.py imports ctypes which is not at all SELinux friendly. That and so > we can work on Python 2.4 systems. > > rob > Ok, as Jason suggested, we can do something like: from compat import sha1 as sha ack, pushed to master From jdennis at redhat.com Fri Feb 12 22:43:40 2010 From: jdennis at redhat.com (John Dennis) Date: Fri, 12 Feb 2010 17:43:40 -0500 Subject: [Freeipa-devel] git patch email issues Message-ID: <4B75D99C.7090909@redhat.com> I spent the better part of today investigating why we appear to have problems with our patch emails when the contents is are 7-bit ASCII. I'be been through the source code of git-format-patch and git-send-email, refreshed my memory of various RFC's, and have performed a number of experiments. The Details: ------------ If an email, or any mime part of an email does *not* specify a Content-Type with a charset parameter then the encoding defaults to 7-bit US-ASCII. That hasn't been a problem in the past because virtually all our patches have been restricted to 7-bit ASCII so we never really noticed the problem. However more recently we been sending files with UTF-8 encoded values and we started to see what appeared to be corruption in the patch. This was most noticeable when the mail passed through Mailman, some versions of which attempt to transcode the email to match the list preferences. Here is what is actually going on: git-format-patch does *not* set the charset when it formats the email. Without a charset specified anybody handling the email according to the RFC's are supposed to treat the body as 7-bit ASCII. Thus patches which contain UTF-8 characters outside the range of 7-bit ASCII will have the potential to be mangled because the content (8-bit UTF-8) does not match the content declaration (7-bit ASCII). You can instruct git-format-patch to add arbitrary email headers. Thus we can force git-format-patch to provide the correct content declaration. This is best done by adding a format parameter to your ~/.gitconfig like this: [format] headers = "Content-Type: text/plain; charset=\"utf-8\"\nContent-Transfer-Encoding: 8bit\n" When you do this the headers at the top of your formatted patch will include: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit While that's a good start *it's not enough* Why? Those extra email headers have to actually make it into the email headers being sent via SMTP. Just because those header lines are sitting in a file which might be attached to the email you're sending is not sufficient. Why? Because the patch being attached becomes part of the email body, the headers in the patch file never make it into the actual SMTP email headers. Sending a patch as an attachment prevents the Content-Type from being inserted into the headers of the email, that's why when we send patches as an attachment they get their UTF-8 content screwed up. So, is there a solution which causes the headers inserted by git-format-patch to become part of the actual email headers? Yes, it's called git-send-email. git-send-email is designed to send a git patch and as such it knows how to parse a patch formatted by git-format-patch. One of the things it does is look for email headers in the git-format-patch file and inserts them into the SMTP headers for the email. What happens when you send a patch as an attachment? This causes the email body to become a collection of mime multiparts. Each mime part *should* have it's own Content-Type declaration. Unfortunately neither "git-send-email --attach" nor Thunderbird when attaching a patch set the charset parameter of the Content-Type declaration for the patch content. Remember the rules of the various RFC's, if the charset parameter is absent the encoding of the content is to be interpreted as 7-bit ASCII. So any of our patches which contain UTF-8 can be mangled because we've violated the rules of email. We sent something which we implicitly declared was 7-bit ASCII but was actually 8-bit UTF-8! I could find no way to make Thunderbird use a specific Content-Type when sending a patch file. git-send-email with the attach option has the Content-Type hardcoded which I consider a bug. Unfortunately I couldn't find a git bug reporting tool to report this bug. If you have git-format-patch add the Content-Type and use git-send-email to send the patch it will be *correct*. Why? Because git-send-email will insert the Content-Type into the SMTP header which will apply to the *entire* email body because there are *no* mime multipart's as there would be if it were an attachment. If you do that not only will the patch be sent correctly, but it will also display correctly in your email reader! But isn't there another way to send the patch without it getting it's charset screwed up? Yes, you can send the patch as binary data (e.g. base64 encoded), which implies it must be an attachment. What happens when you base64 encode the attachment? Basically it means to the mail handling components along the way "keep your grubby hands off, do not try to interpret this". That's both good and bad for us. It's good that the UTF-8 encoded patch makes it through the mail system unscathed, but mail readers have no clue how to properly display it, in fact they won't even try. That means you can't read the patch in your mail reader, you'll have to save it which invokes the base64 decoding, then you can open it as a file. But wait a minute! I've seen base64 encoded patches on this email list and I can read the patch. You're lying! Well, that might be because of this email Stephen sent out a while ago. > Stephen Gallagher wrote: > > The latest versions of git (including that shipped with Fedora 12) > has some trouble parsing patch files sent through mailman that are > encoded as "Content-Type: text/plain;" > > Thunderbird can be made to send all attachments in base64-encoded > form (which should be safe for mailman) by changing the following > settings. > > In Thunderbird Preferences, go to the Advanced->General tab. Select > "Config Editor" > > Search for mail.file_attach_binary and set this value to true. > > Now all of your attachments will be base64-encoded. Yes, it increases > the filesize somewhat, but accuracy > bandwidth. So what's going on in this case? Let's follow the steps. You start by attaching a patch file, whose Content-Type is correctly determined to be "text/x-patch", then it's base64 encoded and sent as an attachment. On the receiving end the mime part containing the patch has these headers: Content-Type: text/x-patch; Content-Transfer-Encoding: base64 So the mail reader (Thunderbird in my instance) sees this was transferred as base64 and decodes it. Then it looks at the Content-Type and sees that it's text (but *without* the charset parameter). So the mail reader displays it as 7-bit ASCII. O.K. I lied a little. Thunderbird actually has a configuration which specifies the default charset if one is not found, which defaults to ISO-8859-1, this is somewhat in violation of the RFC's but ISO-8859-1 has become a practical default in practice. So in this case Thunderbird tries to display the UTF-8 encoded patch as ISO-8859-1 text. This is a *display problem only*, the actual data is correct because it was sent as base64 and thus was never mucked with, but Thunderbird is displaying it incorrectly. There is a manual work around for this in Thunderbird. If you're looking a patch which looks like it's rendered with the wrong encoding (e.g. charset) then go to the View --> Character Encoding menu and select UTF-8. Let's go back a minute to Stephen's assertion that Mailman is screwing up the patches and we need to have Thunderbird base64 encode them to prevent mailman from mucking with them. This really isn't a mailman problem, rather it's our problem with how we're sending patches. We've lied to mailman and all the other components which might handle the mail along the way. We told those mail systems the body of the mail was 7-bit ASCII (because we omitted the charset parameter in the mail header) and then inserted 8-bit UTF-8 into the mail body. That kind of a lie won't bite you until one of the mail components decides to transcode the mail body. One of the features of mailman is transcoding to match the list's encoding preference. The fact mailman corrupted the mail body is not mailman's fault because we lied to mailman about the encoding of the mail body, the old saying holds true "garbage in; garbage out". O.K. so what our options here? 1) Continue to send patches the way we have making sure Thunderbird is configured to base64 encode them. Accept the fact that when displayed in a mail reader any UTF-8 will be garbled and you have to manually force Thunderbird to render the patch in UTF-8. The contents of the patch remains uncorrupted, it's just a display issue in the mail reader. 2) Configure git-send-email to add the correct SMTP headers and use git-send-email. This is probably preferred because it's actually correct from an RFC standpoint. Option 2 is actually pretty easy to use. My ~/.gitconfig is set up like this: [sendemail] smtpserver = smtp.corp.redhat.com to = freeipa-devel at redhat.com from = John Dennis confirm = never [format] headers = "Content-Type: text/plain; charset=\"utf-8\"\nContent-Transfer-Encoding: 8bit\n" Those defaults in my .gitconfig means I never have to add any command line args to either git-format-patch or git-send-email, it's as easy as: % git format-patch -1 % git send-email 0001-some-patch-file The downside of using git-send-email is whoever is applying the patch will have to save the entire email to a file instead of an attachment, which might be slightly more awkward. But as you can see from above it's very hard, and in most cases impossible, to get a patch sent as an attachment to have the correct charset specified. This is a pretty serious shortcoming and calls into question the use of attachments in the first place. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From admin at transifex.net Sat Feb 13 02:40:57 2010 From: admin at transifex.net (admin at transifex.net) Date: Sat, 13 Feb 2010 02:40:57 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team Creation Requested: Bengali (India) Message-ID: <20100213024057.1651.70729@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A translation team for 'Bengali (India)' has been required to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/teams/ in order to manage the teams of the project. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From jdennis at redhat.com Sat Feb 13 13:55:20 2010 From: jdennis at redhat.com (John Dennis) Date: Sat, 13 Feb 2010 08:55:20 -0500 Subject: [Freeipa-devel] [PATCH] 379 fix automountlocation-tofiles In-Reply-To: <4B75C83D.4070000@redhat.com> References: <4B75C83D.4070000@redhat.com> Message-ID: <4B76AF48.7050109@redhat.com> On 02/12/2010 04:29 PM, Rob Crittenden wrote: > The command automountlocation-tofiles hadn't been ported to the new > return value format. It should work again. I also added a few labels to > make the output more readable. Shouldn't the labels be localized? -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From admin at transifex.net Sat Feb 13 14:01:19 2010 From: admin at transifex.net (admin at transifex.net) Date: Sat, 13 Feb 2010 14:01:19 -0000 Subject: [Freeipa-devel] [www.transifex.net] New Team Added: Bengali (India) Message-ID: <20100213140119.12462.90830@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A new translation team called 'Bengali (India)' has been added to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/bn_IN/ in order to see this new team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Sat Feb 13 16:39:39 2010 From: admin at transifex.net (admin at transifex.net) Date: Sat, 13 Feb 2010 16:39:39 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team Creation Requested: Kannada Message-ID: <20100213163939.14007.44326@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A translation team for 'Kannada' has been required to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/teams/ in order to manage the teams of the project. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Sat Feb 13 17:44:42 2010 From: admin at transifex.net (admin at transifex.net) Date: Sat, 13 Feb 2010 17:44:42 -0000 Subject: [Freeipa-devel] [www.transifex.net] New Team Added: Kannada Message-ID: <20100213174442.14757.54060@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A new translation team called 'Kannada' has been added to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/kn/ in order to see this new team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Sun Feb 14 17:22:00 2010 From: admin at transifex.net (admin at transifex.net) Date: Sun, 14 Feb 2010 17:22:00 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100214172200.30994.46257@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by gundachandru Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # Kannada translations for ipa-server package. # Copyright (C) 2010 Red Hat # This file is distributed under the same license as the PACKAGE package. # gundachandru , 2010. # msgid "" msgstr "" "Project-Id-Version: ipa\n" "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-02-10 09:13-0500\n" "PO-Revision-Date: 2010-02-14 22:37+0530\n" "Last-Translator: gundachandru \n" "Language-Team: Kannada \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: ../../ipalib/parameters.py:228 msgid "incorrect type" msgstr "???????? ???" #: ../../ipalib/parameters.py:231 msgid "Only one value is allowed" msgstr "???? ???? ???? ????? ??????????????" #: ../../ipalib/parameters.py:795 msgid "must be True or False" msgstr "??? (True) ???? ?????? (False) ????????" #: ../../ipalib/parameters.py:896 msgid "must be an integer" msgstr "???????? ????????" #: ../../ipalib/parameters.py:947 #, python-format msgid "must be at least %(minvalue)d" msgstr "" #: ../../ipalib/parameters.py:957 #, python-format msgid "can be at most %(maxvalue)d" msgstr "" #: ../../ipalib/parameters.py:967 msgid "must be a decimal number" msgstr "" #: ../../ipalib/parameters.py:989 #, python-format msgid "must be at least %(minvalue)f" msgstr "" #: ../../ipalib/parameters.py:999 #, python-format msgid "can be at most %(maxvalue)f" msgstr "" #: ../../ipalib/parameters.py:1059 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "" #: ../../ipalib/parameters.py:1077 msgid "must be binary data" msgstr "" #: ../../ipalib/parameters.py:1092 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "" #: ../../ipalib/parameters.py:1102 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "" #: ../../ipalib/parameters.py:1112 #, python-format msgid "must be exactly %(length)d bytes" msgstr "" #: ../../ipalib/parameters.py:1130 msgid "must be Unicode text" msgstr "" #: ../../ipalib/parameters.py:1160 #, python-format msgid "must be at least %(minlength)d characters" msgstr "" #: ../../ipalib/parameters.py:1170 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "" #: ../../ipalib/parameters.py:1180 #, python-format msgid "must be exactly %(length)d characters" msgstr "" #: ../../ipalib/parameters.py:1219 #, python-format msgid "must be one of %(values)r" msgstr "" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "" #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "" #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "" #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "" #: ../../ipalib/errors.py:386 #: ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "" msgstr[1] "" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "" #: ../../ipalib/errors.py:706 #: ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "" #: ../../ipalib/errors.py:783 #: ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "" #: ../../ipalib/errors.py:831 #, python-format msgid "Service principal is not of the form: service/fully-qualified host name: %(reason)s" msgstr "" #: ../../ipalib/errors.py:847 msgid "The realm for the principal does not match the realm for this IPA server" msgstr "" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "" #: ../../ipalib/plugins/rolegroup.py:73 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:83 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:93 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:104 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/host.py:149 #, python-format msgid "Added host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:178 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:206 #, python-format msgid "Modified host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:255 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/group.py:85 #, python-format msgid "Added group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:108 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:134 #, python-format msgid "Modified group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:163 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/cert.py:63 #: ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "" #: ../../ipalib/plugins/cert.py:106 #: ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:112 msgid "at least one of: type, filter, subtree, targetgroup, attrs or memberof are required" msgstr "" #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "" #: ../../ipalib/plugins/aci.py:255 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:305 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:345 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:405 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:139 #, python-format msgid "Added user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:184 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:203 #, python-format msgid "Modified user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:214 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:234 #, python-format msgid "Locked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:260 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:73 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:83 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:93 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:104 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/hostgroup.py:72 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:82 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:92 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:103 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "" #: ../../ipaserver/install/certs.py:571 #: ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "Request subject \"%(request_subject)s\" does not match the form \"%(subject_base)s\"" msgstr "" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "" From rcritten at redhat.com Mon Feb 15 15:05:43 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 15 Feb 2010 10:05:43 -0500 Subject: [Freeipa-devel] [PATCH] 379 fix automountlocation-tofiles In-Reply-To: <4B76AF48.7050109@redhat.com> References: <4B75C83D.4070000@redhat.com> <4B76AF48.7050109@redhat.com> Message-ID: <4B7962C7.7050206@redhat.com> John Dennis wrote: > On 02/12/2010 04:29 PM, Rob Crittenden wrote: >> The command automountlocation-tofiles hadn't been ported to the new >> return value format. It should work again. I also added a few labels to >> make the output more readable. > > Shouldn't the labels be localized? > Yup, oversight on my part. rob From sgallagh at redhat.com Mon Feb 15 17:10:07 2010 From: sgallagh at redhat.com (Stephen Gallagher) Date: Mon, 15 Feb 2010 12:10:07 -0500 Subject: [Freeipa-devel] git patch email issues In-Reply-To: <4B75D99C.7090909@redhat.com> References: <4B75D99C.7090909@redhat.com> Message-ID: <4B797FEF.6090908@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/12/2010 05:43 PM, John Dennis wrote: > > 1) Continue to send patches the way we have making sure Thunderbird is > configured to base64 encode them. Accept the fact that when displayed in > a mail reader any UTF-8 will be garbled and you have to manually force > Thunderbird to render the patch in UTF-8. The contents of the patch > remains uncorrupted, it's just a display issue in the mail reader. > > 2) Configure git-send-email to add the correct SMTP headers and use > git-send-email. This is probably preferred because it's actually correct > from an RFC standpoint. > > Option 2 is actually pretty easy to use. My ~/.gitconfig is set up like > this: > > [sendemail] > smtpserver = smtp.corp.redhat.com > to = freeipa-devel at redhat.com > from = John Dennis > confirm = never > [format] > headers = "Content-Type: text/plain; > charset=\"utf-8\"\nContent-Transfer-Encoding: 8bit\n" > > Those defaults in my .gitconfig means I never have to add any command > line args to either git-format-patch or git-send-email, it's as easy as: > > % git format-patch -1 > % git send-email 0001-some-patch-file > > The downside of using git-send-email is whoever is applying the patch > will have to save the entire email to a file instead of an attachment, > which might be slightly more awkward. But as you can see from above it's > very hard, and in most cases impossible, to get a patch sent as an > attachment to have the correct charset specified. This is a pretty > serious shortcoming and calls into question the use of attachments in > the first place. > The problem with option 2 is that you can only send a single patch as a single email. This makes it difficult to invest a group of patches with a sense that they are meant to sequentially effect a specific result. I for one very often submit two or more patches as attachments to the same email. Furthermore, sometimes it's useful to provide more information about a patch than you put in the commit message. I think 'git send-email' is unsuitable for our purposes, and I strongly recommend the use of base64 encoding. Also, for the record, Thunderbird can be configured to use UTF-8 for incoming and outgoing mail by default. In Thunderbird preferences, go to Display->Formatting->Fonts & Encodings. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt5f+sACgkQeiVVYja6o6MZpACfcQxZkzo/aRFqOpbOujqSXN6C LsAAniYbAjCbzUasJm4478Q2YOuclaPK =Ue5e -----END PGP SIGNATURE----- From jdennis at redhat.com Mon Feb 15 18:03:39 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 15 Feb 2010 13:03:39 -0500 Subject: [Freeipa-devel] git patch email issues In-Reply-To: <4B797FEF.6090908@redhat.com> References: <4B75D99C.7090909@redhat.com> <4B797FEF.6090908@redhat.com> Message-ID: <4B798C7B.7010608@redhat.com> On 02/15/2010 12:10 PM, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/12/2010 05:43 PM, John Dennis wrote: >> >> 1) Continue to send patches the way we have making sure Thunderbird is >> configured to base64 encode them. Accept the fact that when displayed in >> a mail reader any UTF-8 will be garbled and you have to manually force >> Thunderbird to render the patch in UTF-8. The contents of the patch >> remains uncorrupted, it's just a display issue in the mail reader. >> >> 2) Configure git-send-email to add the correct SMTP headers and use >> git-send-email. This is probably preferred because it's actually correct >> from an RFC standpoint. >> >> Option 2 is actually pretty easy to use. My ~/.gitconfig is set up like >> this: >> >> [sendemail] >> smtpserver = smtp.corp.redhat.com >> to = freeipa-devel at redhat.com >> from = John Dennis >> confirm = never >> [format] >> headers = "Content-Type: text/plain; >> charset=\"utf-8\"\nContent-Transfer-Encoding: 8bit\n" >> >> Those defaults in my .gitconfig means I never have to add any command >> line args to either git-format-patch or git-send-email, it's as easy as: >> >> % git format-patch -1 >> % git send-email 0001-some-patch-file >> >> The downside of using git-send-email is whoever is applying the patch >> will have to save the entire email to a file instead of an attachment, >> which might be slightly more awkward. But as you can see from above it's >> very hard, and in most cases impossible, to get a patch sent as an >> attachment to have the correct charset specified. This is a pretty >> serious shortcoming and calls into question the use of attachments in >> the first place. >> > > The problem with option 2 is that you can only send a single patch as a > single email. This makes it difficult to invest a group of patches with > a sense that they are meant to sequentially effect a specific result. I > for one very often submit two or more patches as attachments to the same > email. From the summary of the git-send-email man page: "git-send-email - Send a collection of patches as emails" It sends a sequence of patches as a sequence of emails with an optional summary email sent first. It sets up threading such that the emails appear as a group and in order. This is how the kernel team works (or so I'm lead to believe). We can also continue to do things as we have, I'm O.K. with that. But we do need to educate people as to what is actually going on, how we're violating the RFC's, and how to interpret and adjust for violating those RFC's, so they can have some trust in what they're seeing on their screen. It's important for people to know and understand in it's default configuration Thunderbird (and probably many other mail readers) will silently display the patch incorrectly. Silently showing the wrong data but writing different data to a file when the attachment is saved is IMHO a problem we should not just paper over or wave our hands at. We should actively understand what is going on and pro-actively modify our configurations to adjust for our group approved practices. > > Furthermore, sometimes it's useful to provide more information about a > patch than you put in the commit message. > > I think 'git send-email' is unsuitable for our purposes, and I strongly > recommend the use of base64 encoding. We can continue to use base64 encoded attachments. We should adjust our mail readers and other tools to default to UTF-8. We should be aware that doing so may adversely affect other email we display. We should be aware base64 encoding our attachments is a hack work-around for our groups decision to not adhere to RFC's (sometimes that's justified). > Also, for the record, Thunderbird can be configured to use UTF-8 for > incoming and outgoing mail by default. In Thunderbird preferences, go > to Display->Formatting->Fonts& Encodings. Yes, that helps and we should do that. But at the time someone modifies their configuration I hope it comes with an awareness of what they are doing, why they are doing it, and what the adverse consequences might be. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Mon Feb 15 18:22:32 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 15 Feb 2010 11:22:32 -0700 Subject: [Freeipa-devel] [PATCH] 379 fix automountlocation-tofiles In-Reply-To: <4B76AF48.7050109@redhat.com> References: <4B75C83D.4070000@redhat.com> <4B76AF48.7050109@redhat.com> Message-ID: <1266258152.7063.0.camel@jgd-dsk> On Sat, 2010-02-13 at 08:55 -0500, John Dennis wrote: > On 02/12/2010 04:29 PM, Rob Crittenden wrote: > > The command automountlocation-tofiles hadn't been ported to the new > > return value format. It should work again. I also added a few labels to > > make the output more readable. > > Shouldn't the labels be localized? > Yes, this is fixed in a patch I have in the works, but I was saving it for post-alpha. From jdennis at redhat.com Mon Feb 15 18:28:14 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 15 Feb 2010 13:28:14 -0500 Subject: [Freeipa-devel] [PATCH] 379 fix automountlocation-tofiles In-Reply-To: <1266258152.7063.0.camel@jgd-dsk> References: <4B75C83D.4070000@redhat.com> <4B76AF48.7050109@redhat.com> <1266258152.7063.0.camel@jgd-dsk> Message-ID: <4B79923E.5050202@redhat.com> On 02/15/2010 01:22 PM, Jason Gerard DeRose wrote: > On Sat, 2010-02-13 at 08:55 -0500, John Dennis wrote: >> On 02/12/2010 04:29 PM, Rob Crittenden wrote: >>> The command automountlocation-tofiles hadn't been ported to the new >>> return value format. It should work again. I also added a few labels to >>> make the output more readable. >> >> Shouldn't the labels be localized? >> > > Yes, this is fixed in a patch I have in the works, but I was saving it > for post-alpha. > I was going to go through and find all labels not marked for translation and mark them. Have you already done this? I don't think we should postpone patches to post-alpha whose purpose is to mark strings for translation because we've asked the community of translators to start working on our translations and in fairness to them the pot file should be as complete as possible when they begin work, plus I think marking strings for translation is very low risk (especially in the context of an alpha release). -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Mon Feb 15 18:33:26 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 15 Feb 2010 11:33:26 -0700 Subject: [Freeipa-devel] [PATCH] 379 fix automountlocation-tofiles In-Reply-To: <4B79923E.5050202@redhat.com> References: <4B75C83D.4070000@redhat.com> <4B76AF48.7050109@redhat.com> <1266258152.7063.0.camel@jgd-dsk> <4B79923E.5050202@redhat.com> Message-ID: <1266258806.7063.2.camel@jgd-dsk> On Mon, 2010-02-15 at 13:28 -0500, John Dennis wrote: > On 02/15/2010 01:22 PM, Jason Gerard DeRose wrote: > > On Sat, 2010-02-13 at 08:55 -0500, John Dennis wrote: > >> On 02/12/2010 04:29 PM, Rob Crittenden wrote: > >>> The command automountlocation-tofiles hadn't been ported to the new > >>> return value format. It should work again. I also added a few labels to > >>> make the output more readable. > >> > >> Shouldn't the labels be localized? > >> > > > > Yes, this is fixed in a patch I have in the works, but I was saving it > > for post-alpha. > > > > I was going to go through and find all labels not marked for translation > and mark them. Have you already done this? > > I don't think we should postpone patches to post-alpha whose purpose is > to mark strings for translation because we've asked the community of > translators to start working on our translations and in fairness to them > the pot file should be as complete as possible when they begin work, > plus I think marking strings for translation is very low risk > (especially in the context of an alpha release). This change requires some changes to the Params (to change the type of the label), which is a bit more disruptive, why I was waiting. From jdennis at redhat.com Mon Feb 15 18:38:28 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 15 Feb 2010 13:38:28 -0500 Subject: [Freeipa-devel] [PATCH] 379 fix automountlocation-tofiles In-Reply-To: <1266258806.7063.2.camel@jgd-dsk> References: <4B75C83D.4070000@redhat.com> <4B76AF48.7050109@redhat.com> <1266258152.7063.0.camel@jgd-dsk> <4B79923E.5050202@redhat.com> <1266258806.7063.2.camel@jgd-dsk> Message-ID: <4B7994A4.1040904@redhat.com> On 02/15/2010 01:33 PM, Jason Gerard DeRose wrote: > On Mon, 2010-02-15 at 13:28 -0500, John Dennis wrote: >> On 02/15/2010 01:22 PM, Jason Gerard DeRose wrote: >>> On Sat, 2010-02-13 at 08:55 -0500, John Dennis wrote: >>>> On 02/12/2010 04:29 PM, Rob Crittenden wrote: >>>>> The command automountlocation-tofiles hadn't been ported to the new >>>>> return value format. It should work again. I also added a few labels to >>>>> make the output more readable. >>>> >>>> Shouldn't the labels be localized? >>>> >>> >>> Yes, this is fixed in a patch I have in the works, but I was saving it >>> for post-alpha. >>> >> >> I was going to go through and find all labels not marked for translation >> and mark them. Have you already done this? >> >> I don't think we should postpone patches to post-alpha whose purpose is >> to mark strings for translation because we've asked the community of >> translators to start working on our translations and in fairness to them >> the pot file should be as complete as possible when they begin work, >> plus I think marking strings for translation is very low risk >> (especially in the context of an alpha release). > > > This change requires some changes to the Params (to change the type of > the label), which is a bit more disruptive, why I was waiting. > How about the answer to the first question. Have you gone through the code and marked all labels for translation? -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Mon Feb 15 18:47:52 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 15 Feb 2010 11:47:52 -0700 Subject: [Freeipa-devel] [PATCH] 379 fix automountlocation-tofiles In-Reply-To: <4B7994A4.1040904@redhat.com> References: <4B75C83D.4070000@redhat.com> <4B76AF48.7050109@redhat.com> <1266258152.7063.0.camel@jgd-dsk> <4B79923E.5050202@redhat.com> <1266258806.7063.2.camel@jgd-dsk> <4B7994A4.1040904@redhat.com> Message-ID: <1266259672.7063.3.camel@jgd-dsk> On Mon, 2010-02-15 at 13:38 -0500, John Dennis wrote: > On 02/15/2010 01:33 PM, Jason Gerard DeRose wrote: > > On Mon, 2010-02-15 at 13:28 -0500, John Dennis wrote: > >> On 02/15/2010 01:22 PM, Jason Gerard DeRose wrote: > >>> On Sat, 2010-02-13 at 08:55 -0500, John Dennis wrote: > >>>> On 02/12/2010 04:29 PM, Rob Crittenden wrote: > >>>>> The command automountlocation-tofiles hadn't been ported to the new > >>>>> return value format. It should work again. I also added a few labels to > >>>>> make the output more readable. > >>>> > >>>> Shouldn't the labels be localized? > >>>> > >>> > >>> Yes, this is fixed in a patch I have in the works, but I was saving it > >>> for post-alpha. > >>> > >> > >> I was going to go through and find all labels not marked for translation > >> and mark them. Have you already done this? > >> > >> I don't think we should postpone patches to post-alpha whose purpose is > >> to mark strings for translation because we've asked the community of > >> translators to start working on our translations and in fairness to them > >> the pot file should be as complete as possible when they begin work, > >> plus I think marking strings for translation is very low risk > >> (especially in the context of an alpha release). > > > > > > This change requires some changes to the Params (to change the type of > > the label), which is a bit more disruptive, why I was waiting. > > > > How about the answer to the first question. Have you gone through the > code and marked all labels for translation? Yes, this patch marks all the Param.labels for translations. From jderose at redhat.com Mon Feb 15 20:04:12 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 15 Feb 2010 13:04:12 -0700 Subject: [Freeipa-devel] [PATCH] 379 fix automountlocation-tofiles In-Reply-To: <4B75C83D.4070000@redhat.com> References: <4B75C83D.4070000@redhat.com> Message-ID: <1266264252.7063.4.camel@jgd-dsk> On Fri, 2010-02-12 at 16:29 -0500, Rob Crittenden wrote: > The command automountlocation-tofiles hadn't been ported to the new > return value format. It should work again. I also added a few labels to > make the output more readable. > > rob ack. pushed to master. From jdennis at redhat.com Mon Feb 15 20:44:12 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 15 Feb 2010 15:44:12 -0500 Subject: [Freeipa-devel] [PATCH] Add 3 new translations for Polish, Indonesian, Kannada Message-ID: <4B79B21C.2040509@redhat.com> Add 3 new translations for Polish, Indonesian, Kannada. Remove the dummy Italian translation (it.po), it's only purpose was to have some translation in the tarball so %{find_lang} wouldn't fail. Add a new file contributing_translators.txt so we can track our translators contributions and give them credit. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-new-translations-Polish-Indonesian-Kannada.patch Type: text/x-patch Size: 77328 bytes Desc: not available URL: From jderose at redhat.com Mon Feb 15 23:13:06 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 15 Feb 2010 16:13:06 -0700 Subject: [Freeipa-devel] [PATCH] 380 Use the Output settings to determine output order In-Reply-To: <4B75CB07.9060201@redhat.com> References: <4B75CB07.9060201@redhat.com> Message-ID: <1266275586.7063.20.camel@jgd-dsk> On Fri, 2010-02-12 at 16:41 -0500, Rob Crittenden wrote: > This patch does a number of things. I considered breaking it up but it > is so interdependent I thought that would make more work. > > The core of this is using the Output tuple defined for the command to > determine the order of output. This is a very broad brush, controlling > only the summary, entry and value order, but it's a start. > > This also fixes displaying group membership and failed membership > modifications. I added a bit of recursion to support that. It may need > some more beautification work but the basics are there. > > I've also got all tests passing at 100%. The only thing left to do is to > get the framework to return the dn again. Once that works we can remove > the hash for all the #dn entries in the tests. > > rob ack. pushed to master. Nice patch, Rob. The only thing I'd like us to add (in a separate patch) is to change Output.flags to be a frozenset. I'm a big fan of using immutable data types to prevent multi-threading gotchas. From jderose at redhat.com Tue Feb 16 11:31:25 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Tue, 16 Feb 2010 04:31:25 -0700 Subject: [Freeipa-devel] [PATCH] Use unicode instead of str for environmental variables in Env. In-Reply-To: <4B74123A.7010001@redhat.com> References: <4B74123A.7010001@redhat.com> Message-ID: <1266319885.11393.1.camel@jgd-dsk> On Thu, 2010-02-11 at 15:20 +0100, Pavel Zuna wrote: > The patch is not far from trivial, but... > > It makes the assumption, that IPA config files are utf-8 encoded (or compatible > like ASCII). Is that OK? > > Pavel Ack, but I wonder if we should wait till after the alpha to push this? From mnagy at redhat.com Tue Feb 16 14:55:50 2010 From: mnagy at redhat.com (Martin Nagy) Date: Tue, 16 Feb 2010 15:55:50 +0100 Subject: [Freeipa-devel] [PATCH] 373 fix ipa-getkeytab man page In-Reply-To: <4B69F19C.4030902@redhat.com> References: <4B69F19C.4030902@redhat.com> Message-ID: <1266332150.15167.0.camel@wolverine.englab.brq.redhat.com> On Wed, 2010-02-03 at 16:58 -0500, Rob Crittenden wrote: > The usage on the man page didn't follow standard conventions. Optional > arguments shouldn't be enclosed in brackets []. > > rob Ack From mnagy at redhat.com Tue Feb 16 14:57:47 2010 From: mnagy at redhat.com (Martin Nagy) Date: Tue, 16 Feb 2010 15:57:47 +0100 Subject: [Freeipa-devel] [PATCH] 374 don't make assumptions about cwd In-Reply-To: <4B69FC5B.4040700@redhat.com> References: <4B69FC5B.4040700@redhat.com> Message-ID: <1266332267.15167.1.camel@wolverine.englab.brq.redhat.com> On Wed, 2010-02-03 at 17:44 -0500, Rob Crittenden wrote: > Don't assume that cwd exists or is writable. I had worked on this > previously so that we change to a known writable directory when issuing > server certs. Enhance that so we change to the NSS db dir when issuing > the self-signed CA. certutil wants to write a file to the cwd when > generating a key so we need to be some place writable. > > Also handle the case where cwd is an invalid directory. I tested this with: > > term 1: mkdir foo > cd foo > > term 2: rmdir foo > > term 1: ipa-server-install ... > > Probably not a major issue but not hard to more carefully handle it > either. The installation will still fail but at least we have a good > message when it does. > > rob Cool, I actually hit this problem once, thanks. ACK Martin From mnagy at redhat.com Tue Feb 16 14:58:47 2010 From: mnagy at redhat.com (Martin Nagy) Date: Tue, 16 Feb 2010 15:58:47 +0100 Subject: [Freeipa-devel] [PATCH] fix install example error In-Reply-To: <4B69D385.6060104@redhat.com> References: <4B69D385.6060104@redhat.com> Message-ID: <1266332327.15167.2.camel@wolverine.englab.brq.redhat.com> On Wed, 2010-02-03 at 14:50 -0500, Rob Crittenden wrote: > I pushed this patch under the 1-line trivial rule. I just changed the > command name in the sample we provide at the end of installation: > > --- a/install/tools/ipa-server-install > +++ b/install/tools/ipa-server-install > @@ -798,7 +798,7 @@ def main(): > print "\t\t * 123: ntp" > print "" > print "\t2. You can now obtain a kerberos ticket using the > command: 'kinit admin'" > - print "\t This ticket will allow you to use the IPA tools (e.g., > ipa-adduser)" > + print "\t This ticket will allow you to use the IPA tools (e.g., > ipa user-add)" > print "\t and the web user interface." > > if not service.is_running("ntpd"): ACK Martin From mnagy at redhat.com Tue Feb 16 15:04:38 2010 From: mnagy at redhat.com (Martin Nagy) Date: Tue, 16 Feb 2010 16:04:38 +0100 Subject: [Freeipa-devel] [PATCH] 358 remove files on uninstall In-Reply-To: <4B61E484.9080900@redhat.com> References: <4B61E484.9080900@redhat.com> Message-ID: <1266332678.15167.3.camel@wolverine.englab.brq.redhat.com> On Thu, 2010-01-28 at 14:24 -0500, Rob Crittenden wrote: > Remove some IPA configuration files when doing an uninstallation. > > rob ACK Martin From mnagy at redhat.com Tue Feb 16 15:39:15 2010 From: mnagy at redhat.com (Martin Nagy) Date: Tue, 16 Feb 2010 16:39:15 +0100 Subject: [Freeipa-devel] [PATCH] Fix a crash and memory leak in get_config_entry() Message-ID: <1266334755.15167.15.camel@wolverine.englab.brq.redhat.com> Hi, noticed this while reading some older emails from freeipa-devel. I didn't test the patch, since it is really trivial. Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-a-crash-and-memory-leak-in-get_config_entry.patch Type: text/x-patch Size: 928 bytes Desc: not available URL: From rcritten at redhat.com Tue Feb 16 15:42:10 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 16 Feb 2010 10:42:10 -0500 Subject: [Freeipa-devel] [PATCH] Fix a crash and memory leak in get_config_entry() In-Reply-To: <1266334755.15167.15.camel@wolverine.englab.brq.redhat.com> References: <1266334755.15167.15.camel@wolverine.englab.brq.redhat.com> Message-ID: <4B7ABCD2.10902@redhat.com> Martin Nagy wrote: > Hi, > noticed this while reading some older emails from freeipa-devel. I > didn't test the patch, since it is really trivial. > > Martin ack pushed to master. From jdennis at redhat.com Tue Feb 16 15:50:10 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 16 Feb 2010 10:50:10 -0500 Subject: [Freeipa-devel] [PATCH] Add translation statistics Message-ID: <4B7ABEB2.2080006@redhat.com> The Makefile in install/po has a new target "msg-stats" which prints out statistics concerning the current pot and po files. Here is an example: % make msg-stats ipa.pot has 133 messages id.po: 107/133 80.5% 13 po untranslated, 13 missing, 26 untranslated kn.po: 4/133 3.0% 116 po untranslated, 13 missing, 129 untranslated pl.po: 120/133 90.2% 0 po untranslated, 13 missing, 13 untranslated Also update configure.ac to search for msgcmp, awk & sed programs. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-translation-statistics.patch Type: text/x-patch Size: 5452 bytes Desc: not available URL: From rcritten at redhat.com Tue Feb 16 18:46:29 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 16 Feb 2010 13:46:29 -0500 Subject: [Freeipa-devel] [PATCH] Make the DNS forwarders interactive input less confusing In-Reply-To: <1265661103.5345.10.camel@wolverine.englab.brq.redhat.com> References: <1265661103.5345.10.camel@wolverine.englab.brq.redhat.com> Message-ID: <4B7AE805.60605@redhat.com> Martin Nagy wrote: > Here's the simple patch for #558984. > > Specifically, with this patch, ipa-server-install/ipa-dns-install will > ask you this: > > Do you wish to configure DNS forwarders? > > If you say yes, you will also see: > > Please enter the IP addresses of DNS forwarders that you want to use. > After you are done, enter a blank line to stop. > > And the rest is the same, except it doesn't say "(empty to stop)" at the > end of the prompt as it used to. > > David, Jenny, do you think this is good enough? I can change it easily > if there are any objections/ideas. > > Patch attached. > Martin Ack, pushed to master. I have another suggestion. When verify_ip_address() fails it would be nice if it would also say "not adding to list" or something. It isn't obvious that the forwarder isn't added when reverse dns fails. rob From mnagy at redhat.com Tue Feb 16 18:50:53 2010 From: mnagy at redhat.com (Martin Nagy) Date: Tue, 16 Feb 2010 19:50:53 +0100 Subject: [Freeipa-devel] [PATCH] Make the DNS forwarders interactive input less confusing In-Reply-To: <4B7AE805.60605@redhat.com> References: <1265661103.5345.10.camel@wolverine.englab.brq.redhat.com> <4B7AE805.60605@redhat.com> Message-ID: <1266346253.15167.17.camel@wolverine.englab.brq.redhat.com> On Tue, 2010-02-16 at 13:46 -0500, Rob Crittenden wrote: > Martin Nagy wrote: > > Here's the simple patch for #558984. > > > > Specifically, with this patch, ipa-server-install/ipa-dns-install will > > ask you this: > > > > Do you wish to configure DNS forwarders? > > > > If you say yes, you will also see: > > > > Please enter the IP addresses of DNS forwarders that you want to use. > > After you are done, enter a blank line to stop. > > > > And the rest is the same, except it doesn't say "(empty to stop)" at the > > end of the prompt as it used to. > > > > David, Jenny, do you think this is good enough? I can change it easily > > if there are any objections/ideas. > > > > Patch attached. > > Martin > > Ack, pushed to master. > > I have another suggestion. When verify_ip_address() fails it would be > nice if it would also say "not adding to list" or something. It isn't > obvious that the forwarder isn't added when reverse dns fails. > > rob Yeah, that's a very good idea, I'll make another patch later for this (post-alpha 2 should be fine). Thanks. Martin From rcritten at redhat.com Wed Feb 17 04:00:14 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 16 Feb 2010 23:00:14 -0500 Subject: [Freeipa-devel] [PATCH] 381 fix output of integers Message-ID: <4B7B69CE.8090207@redhat.com> Integers are included in the list of things to convert to str internally. This makes them be considered binary by ipalib.cli.encode_binary(). Add a hackish test for now to see if we have an integer or not. I know that Pavel is working on more graceful way to handle encoding and I can live with this for now. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-381-encode.patch Type: application/mbox Size: 1002 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 17 04:01:09 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 16 Feb 2010 23:01:09 -0500 Subject: [Freeipa-devel] [PATCH] 382 fix pwpolicy output Message-ID: <4B7B6A05.2080704@redhat.com> Convert the pwpolicy plugin to use the new output system. Otherwise some of these commands output nothing at all, or at best something not quite useful. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-382-pwpolicy.patch Type: application/mbox Size: 5078 bytes Desc: not available URL: From jderose at redhat.com Wed Feb 17 11:39:17 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 17 Feb 2010 04:39:17 -0700 Subject: [Freeipa-devel] [PATCH] 381 fix output of integers In-Reply-To: <4B7B69CE.8090207@redhat.com> References: <4B7B69CE.8090207@redhat.com> Message-ID: <1266406757.14353.0.camel@jgd-dsk> On Tue, 2010-02-16 at 23:00 -0500, Rob Crittenden wrote: > Integers are included in the list of things to convert to str > internally. This makes them be considered binary by > ipalib.cli.encode_binary(). Add a hackish test for now to see if we have > an integer or not. I know that Pavel is working on more graceful way to > handle encoding and I can live with this for now. > > rob ack. pushed to master. From jderose at redhat.com Wed Feb 17 11:39:41 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 17 Feb 2010 04:39:41 -0700 Subject: [Freeipa-devel] [PATCH] 382 fix pwpolicy output In-Reply-To: <4B7B6A05.2080704@redhat.com> References: <4B7B6A05.2080704@redhat.com> Message-ID: <1266406781.14353.1.camel@jgd-dsk> On Tue, 2010-02-16 at 23:01 -0500, Rob Crittenden wrote: > Convert the pwpolicy plugin to use the new output system. Otherwise some > of these commands output nothing at all, or at best something not quite > useful. > > rob ack. pushed to master. From pzuna at redhat.com Wed Feb 17 14:53:36 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Wed, 17 Feb 2010 15:53:36 +0100 Subject: [Freeipa-devel] [PATCH] 381 fix output of integers In-Reply-To: <4B7B69CE.8090207@redhat.com> References: <4B7B69CE.8090207@redhat.com> Message-ID: <4B7C02F0.1000605@redhat.com> Rob Crittenden wrote: > Integers are included in the list of things to convert to str > internally. This makes them be considered binary by > ipalib.cli.encode_binary(). Add a hackish test for now to see if we have > an integer or not. I know that Pavel is working on more graceful way to > handle encoding and I can live with this for now. > > rob I know it's late, but NACK. This isn't the right solution. I just posted a patch that solves this problem at its root (ldap2). Pavel From pzuna at redhat.com Wed Feb 17 14:56:22 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Wed, 17 Feb 2010 15:56:22 +0100 Subject: [Freeipa-devel] [PATCH] Convert integers and boolean values to unicode, don't leave them as str. Message-ID: <4B7C0396.60506@redhat.com> This solves the bug, where integer and boolean values are interpreted as binary. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Convert-integer-and-boolean-values-to-unicode-don-t-.patch Type: application/mbox Size: 1319 bytes Desc: not available URL: From pzuna at redhat.com Wed Feb 17 14:59:15 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Wed, 17 Feb 2010 15:59:15 +0100 Subject: [Freeipa-devel] [PATCH] Auto-generate --all and --raw for commands, that return entries. Message-ID: <4B7C0443.7000806@redhat.com> This patch makes the Command base class generate --all and --raw parameters for every command, that has either an Entry or a ListOfEntries instance in its has_output. It also modifies the default output_for_cli to take these options into account. I think its better if output_for_cli (instead of textui.print_entry) handles things like attribute labels and attribute order. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Auto-generate-all-and-raw-for-commands-that-return-e.patch Type: application/mbox Size: 14938 bytes Desc: not available URL: From pzuna at redhat.com Wed Feb 17 15:25:00 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Wed, 17 Feb 2010 16:25:00 +0100 Subject: [Freeipa-devel] [PATCH] Convert password policy integer values to unicode instead of str. Message-ID: <4B7C0A4C.3000805@redhat.com> Password policy plugin was converting integers to str, which is unfriendly with our str==binary approach. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Convert-password-policy-integer-values-to-unicode-in.patch Type: application/mbox Size: 1065 bytes Desc: not available URL: From jdennis at redhat.com Wed Feb 17 15:28:48 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 17 Feb 2010 10:28:48 -0500 Subject: [Freeipa-devel] [PATCH] Convert password policy integer values to unicode instead of str. In-Reply-To: <4B7C0A4C.3000805@redhat.com> References: <4B7C0A4C.3000805@redhat.com> Message-ID: <4B7C0B30.4010605@redhat.com> On 02/17/2010 10:25 AM, Pavel Zuna wrote: > Password policy plugin was converting integers to str, which is > unfriendly with our str==binary approach. > > Pavel ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jdennis at redhat.com Wed Feb 17 15:45:33 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 17 Feb 2010 10:45:33 -0500 Subject: [Freeipa-devel] [PATCH] Convert integers and boolean values to unicode, don't leave them as str. In-Reply-To: <4B7C0396.60506@redhat.com> References: <4B7C0396.60506@redhat.com> Message-ID: <4B7C0F1D.5000007@redhat.com> On 02/17/2010 09:56 AM, Pavel Zuna wrote: > This solves the bug, where integer and boolean values are interpreted as > binary. ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From rcritten at redhat.com Wed Feb 17 15:57:49 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 17 Feb 2010 10:57:49 -0500 Subject: [Freeipa-devel] [PATCH] Convert integers and boolean values to unicode, don't leave them as str. In-Reply-To: <4B7C0396.60506@redhat.com> References: <4B7C0396.60506@redhat.com> Message-ID: <4B7C11FD.5070906@redhat.com> Pavel Zuna wrote: > This solves the bug, where integer and boolean values are interpreted as > binary. > > Pavel ack, pushed to master From rcritten at redhat.com Wed Feb 17 15:57:57 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 17 Feb 2010 10:57:57 -0500 Subject: [Freeipa-devel] [PATCH] Auto-generate --all and --raw for commands, that return entries. In-Reply-To: <4B7C0443.7000806@redhat.com> References: <4B7C0443.7000806@redhat.com> Message-ID: <4B7C1205.4090602@redhat.com> Pavel Zuna wrote: > This patch makes the Command base class generate --all and --raw > parameters for every command, that has either an Entry or a > ListOfEntries instance in its has_output. > > It also modifies the default output_for_cli to take these options into > account. I think its better if output_for_cli (instead of > textui.print_entry) handles things like attribute labels and attribute > order. > > Pavel ack, pushed to master From rcritten at redhat.com Wed Feb 17 15:58:07 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 17 Feb 2010 10:58:07 -0500 Subject: [Freeipa-devel] [PATCH] Convert password policy integer values to unicode instead of str. In-Reply-To: <4B7C0A4C.3000805@redhat.com> References: <4B7C0A4C.3000805@redhat.com> Message-ID: <4B7C120F.8000308@redhat.com> Pavel Zuna wrote: > Password policy plugin was converting integers to str, which is > unfriendly with our str==binary approach. > > Pavel ack, pushed to master From rcritten at redhat.com Wed Feb 17 15:59:07 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 17 Feb 2010 10:59:07 -0500 Subject: [Freeipa-devel] [PATCH] 383 reverse special handling for it Message-ID: <4B7C124B.3060508@redhat.com> Well this hack lasted less time than I expected. This backs out special handling for ints. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-383-int.patch Type: application/mbox Size: 864 bytes Desc: not available URL: From jderose at redhat.com Wed Feb 17 16:24:49 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 17 Feb 2010 09:24:49 -0700 Subject: [Freeipa-devel] [PATCH] 383 reverse special handling for it In-Reply-To: <4B7C124B.3060508@redhat.com> References: <4B7C124B.3060508@redhat.com> Message-ID: <1266423889.18142.3.camel@jgd-dsk> On Wed, 2010-02-17 at 10:59 -0500, Rob Crittenden wrote: > Well this hack lasted less time than I expected. This backs out special > handling for ints. > > rob ack. pushed to master. From rcritten at redhat.com Wed Feb 17 16:56:40 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 17 Feb 2010 11:56:40 -0500 Subject: [Freeipa-devel] [PATCH 384-386 small problems discovered in migration Message-ID: <4B7C1FC8.1040009@redhat.com> Here are 3 tiny patches that fix some problems in the migration plugin. This should allow group migration from an IPA v1 server to work. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-384-attr.patch Type: application/mbox Size: 1058 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-385-list.patch Type: application/mbox Size: 801 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-386-migrate.patch Type: application/mbox Size: 859 bytes Desc: not available URL: From pzuna at redhat.com Wed Feb 17 17:01:18 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Wed, 17 Feb 2010 18:01:18 +0100 Subject: [Freeipa-devel] [PATCH 384-386 small problems discovered in migration In-Reply-To: <4B7C1FC8.1040009@redhat.com> References: <4B7C1FC8.1040009@redhat.com> Message-ID: <4B7C20DE.1010304@redhat.com> Rob Crittenden wrote: > Here are 3 tiny patches that fix some problems in the migration plugin. > This should allow group migration from an IPA v1 server to work. > > rob > ack all 3 patches Pavel From rcritten at redhat.com Wed Feb 17 17:05:22 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 17 Feb 2010 12:05:22 -0500 Subject: [Freeipa-devel] [PATCH 384-386 small problems discovered in migration In-Reply-To: <4B7C20DE.1010304@redhat.com> References: <4B7C1FC8.1040009@redhat.com> <4B7C20DE.1010304@redhat.com> Message-ID: <4B7C21D2.5090101@redhat.com> Pavel Zuna wrote: > Rob Crittenden wrote: >> Here are 3 tiny patches that fix some problems in the migration >> plugin. This should allow group migration from an IPA v1 server to work. >> >> rob >> > ack all 3 patches > > Pavel pushed all 3 to master From pzuna at redhat.com Wed Feb 17 17:44:20 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Wed, 17 Feb 2010 18:44:20 +0100 Subject: [Freeipa-devel] [PATCH] Make error messages in migration plugin unicode. Message-ID: <4B7C2AF4.60508@redhat.com> Fixes output of the migration plugin. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Make-error-message-in-migration-plugin-unicode.patch Type: application/mbox Size: 1298 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 17 17:48:08 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 17 Feb 2010 12:48:08 -0500 Subject: [Freeipa-devel] [PATCH] Make error messages in migration plugin unicode. In-Reply-To: <4B7C2AF4.60508@redhat.com> References: <4B7C2AF4.60508@redhat.com> Message-ID: <4B7C2BD8.2000907@redhat.com> Pavel Zuna wrote: > Fixes output of the migration plugin. > > Pavel Tested, works fine for me. pushed to master rob From admin at transifex.net Thu Feb 18 15:15:23 2010 From: admin at transifex.net (admin at transifex.net) Date: Thu, 18 Feb 2010 15:15:23 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team User Joining Requested: Russian Message-ID: <20100218151523.1923.10016@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The user 'andzaytsev' has asked to join the 'Russian' translation team of the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/ru/ in order to manage this team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Thu Feb 18 15:28:49 2010 From: admin at transifex.net (admin at transifex.net) Date: Thu, 18 Feb 2010 15:28:49 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team User Joining Approved: Russian Message-ID: <20100218152849.1923.89219@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The user 'andzaytsev' has been approved as a member of the 'Russian' translation team of the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/ru/ in order to see this team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From rcritten at redhat.com Thu Feb 18 19:07:54 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 18 Feb 2010 14:07:54 -0500 Subject: [Freeipa-devel] Announcing FreeIPA v2 Server Alpha 2 Release Message-ID: <4B7D900A.2090605@redhat.com> To all freeipa-interest, freeipa-users and freeipa-devel list members, The FreeIPA project team is pleased to announce the availability of the Alpha 2 release of the long-awaited freeIPA 2.0 server [1]. This version of the server includes: * Draft UI pages for all plugins that fit into a Create-Retrieve-Update-Delete model. After running the `ipa-server-install` script, point your browser to: https://yourhost.com/ipa/ui/ Replacing `yourhost.com` with the fully-qualified domain name of your IPA server. Please take a moment to play with these pages. Please do not pay attention to style, rather focus attention to the work flow, layout and data being added, displayed or modified. We need to understand if the direction that this interface establishes is the right one. Should we continue with the proposed approach or do something else. What? Your opinion is very important to us! Please do not hesitate to share it with us on the mailing list: freeipa-users at redhat.com * Optionally installable DNS server * Optionally installable Certificate Authority to manage server certificates * NIS compatibility plug-in * Simplified migration of the users from IPA v1 or external LDAP server * IPA client component to configure SSSD to integrate with IPA * Integration with "certmonger" certificate tracking utility. The utility allows automatic provisioning, tracking and renewal of certificates on a member server. * General improvements and enhancements across the whole project. The freeIPA 2.0 server is capable of: * Providing Kerberos authentication of users and hosts * Managing different objects via extensible CLI and UI framework Including: * Managing user and host identities * Managing user and host groups * Managing kerberised services * Managing default kerberos policies * Defining host-based access control rules that will be enforced on the client side by the IPA back end for SSSD * Serving netgroups based on user and host objects stored in IPA * Serving sets of different automount maps to different clients * Finer-grained management delegation * Group-based password policies * Provisioning of the certificates for services running on member servers. The FreeIPA 2.0 client machines can be configured in the same way as the clients of freeIPA 1.2 following the installation instructions [2]. FreeIPA 2.0 client machines running Red Hat Enterprise Linux 5.4, Fedora 11 and 12 will be configured to take advantage of the SSSD client component. (Note that we currently only provide Fedora builds). For more information about SSSD its features, how to build it and how to manually configure it see the SSSD project page [3]. For Fedora 11 and 12 the SSSD component is available from the Fedora repository. For Red Hat Enterprise Lunix 5.4 the SSSD can be downloaded and built from sources. To configure SSSD automatically install ipa-client package and use ipa-client-install command. Use "--help" command line argument to get full list of options for the ipa-client-install command. For more information about features delivered in this release, see documentation [4] on the freeIPA web site. For all other freeIPA-related documentation [5], see freeIPA web site. [1] http://www.freeipa.org/page/Downloads [2] http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/ [3] https://fedorahosted.org/sssd/ [4] http://www.freeipa.org/page/IPAv2_development_status#Documentation [5] http://www.freeipa.org/page/DocumentationPortal From admin at transifex.net Fri Feb 19 06:00:05 2010 From: admin at transifex.net (admin at transifex.net) Date: Fri, 19 Feb 2010 06:00:05 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100219060005.22596.77571@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by sankarshan Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the PACKAGE package. # sankarshan mukhopadhyay , 2010. msgid "" msgstr "" "Project-Id-Version: ipa\n" "Report-Msgid-Bugs-To: " "https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-02-10 09:13-0500\n" "PO-Revision-Date: 2010-02-19 11:25+0530\n" "Last-Translator: sankarshan mukhopadhyay \n" "Language-Team: anubad at lists.ankur.org.in\n" "Language: en\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Virtaal 0.5.1\n" #: ../../ipalib/parameters.py:228 msgid "incorrect type" msgstr "??? ??????" #: ../../ipalib/parameters.py:231 msgid "Only one value is allowed" msgstr "????????? ???? ??? ???????" #: ../../ipalib/parameters.py:795 msgid "must be True or False" msgstr "" #: ../../ipalib/parameters.py:896 msgid "must be an integer" msgstr "" #: ../../ipalib/parameters.py:947 #, python-format msgid "must be at least %(minvalue)d" msgstr "" #: ../../ipalib/parameters.py:957 #, python-format msgid "can be at most %(maxvalue)d" msgstr "" #: ../../ipalib/parameters.py:967 msgid "must be a decimal number" msgstr "???? ????? ?????? ???? ?????" #: ../../ipalib/parameters.py:989 #, python-format msgid "must be at least %(minvalue)f" msgstr "" #: ../../ipalib/parameters.py:999 #, python-format msgid "can be at most %(maxvalue)f" msgstr "" #: ../../ipalib/parameters.py:1059 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "" #: ../../ipalib/parameters.py:1077 msgid "must be binary data" msgstr "" #: ../../ipalib/parameters.py:1092 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "" #: ../../ipalib/parameters.py:1102 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "" #: ../../ipalib/parameters.py:1112 #, python-format msgid "must be exactly %(length)d bytes" msgstr "" #: ../../ipalib/parameters.py:1130 msgid "must be Unicode text" msgstr "" #: ../../ipalib/parameters.py:1160 #, python-format msgid "must be at least %(minlength)d characters" msgstr "" #: ../../ipalib/parameters.py:1170 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "" #: ../../ipalib/parameters.py:1180 #, python-format msgid "must be exactly %(length)d characters" msgstr "" #: ../../ipalib/parameters.py:1219 #, python-format msgid "must be one of %(values)r" msgstr "" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "" #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "" #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "????? ??? ??????" #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "????? ???????? %(name)r" #: ../../ipalib/errors.py:386 ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "" msgstr[1] "" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "" #: ../../ipalib/errors.py:706 ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "?????????? ???? ????? ??" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "" #: ../../ipalib/errors.py:783 ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "" #: ../../ipalib/errors.py:831 #, python-format msgid "" "Service principal is not of the form: service/fully-qualified host name: %" "(reason)s" msgstr "" #: ../../ipalib/errors.py:847 msgid "" "The realm for the principal does not match the realm for this IPA server" msgstr "" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "???? ?????? (posix) ????? ??? ???? ???????" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "%(desc)s:%(info)s" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "%(info)s" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "" #: ../../ipalib/plugins/rolegroup.py:73 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:83 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:93 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:104 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/host.py:149 #, python-format msgid "Added host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:178 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:206 #, python-format msgid "Modified host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:255 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/group.py:85 #, python-format msgid "Added group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:108 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:134 #, python-format msgid "Modified group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:163 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/cert.py:63 ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "" #: ../../ipalib/plugins/cert.py:106 ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:112 msgid "" "at least one of: type, filter, subtree, targetgroup, attrs or memberof are " "required" msgstr "" #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "" #: ../../ipalib/plugins/aci.py:255 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:305 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:345 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:405 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:139 #, python-format msgid "Added user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:184 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:203 #, python-format msgid "Modified user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:214 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:234 #, python-format msgid "Locked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:260 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:73 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:83 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:93 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:104 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/hostgroup.py:72 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:82 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:92 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:103 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "" #: ../../ipaserver/install/certs.py:571 ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "" "Request subject \"%(request_subject)s\" does not match the form \"%" "(subject_base)s\"" msgstr "" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "???? ?????" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "" From admin at transifex.net Fri Feb 19 07:05:47 2010 From: admin at transifex.net (admin at transifex.net) Date: Fri, 19 Feb 2010 07:05:47 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100219070547.23856.95579@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by sankarshan Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the PACKAGE package. # sankarshan mukhopadhyay , 2010. msgid "" msgstr "" "Project-Id-Version: ipa\n" "Report-Msgid-Bugs-To: " "https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-02-10 09:13-0500\n" "PO-Revision-Date: 2010-02-19 12:34+0530\n" "Last-Translator: sankarshan mukhopadhyay \n" "Language-Team: anubad at lists.ankur.org.in\n" "Language: en\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Virtaal 0.5.1\n" #: ../../ipalib/parameters.py:228 msgid "incorrect type" msgstr "??? ??????" #: ../../ipalib/parameters.py:231 msgid "Only one value is allowed" msgstr "????????? ???? ??? ???????" #: ../../ipalib/parameters.py:795 msgid "must be True or False" msgstr "" #: ../../ipalib/parameters.py:896 msgid "must be an integer" msgstr "" #: ../../ipalib/parameters.py:947 #, python-format msgid "must be at least %(minvalue)d" msgstr "" #: ../../ipalib/parameters.py:957 #, python-format msgid "can be at most %(maxvalue)d" msgstr "" #: ../../ipalib/parameters.py:967 msgid "must be a decimal number" msgstr "???? ????? ?????? ???? ?????" #: ../../ipalib/parameters.py:989 #, python-format msgid "must be at least %(minvalue)f" msgstr "" #: ../../ipalib/parameters.py:999 #, python-format msgid "can be at most %(maxvalue)f" msgstr "" #: ../../ipalib/parameters.py:1059 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "" #: ../../ipalib/parameters.py:1077 msgid "must be binary data" msgstr "" #: ../../ipalib/parameters.py:1092 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "" #: ../../ipalib/parameters.py:1102 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "" #: ../../ipalib/parameters.py:1112 #, python-format msgid "must be exactly %(length)d bytes" msgstr "" #: ../../ipalib/parameters.py:1130 msgid "must be Unicode text" msgstr "" #: ../../ipalib/parameters.py:1160 #, python-format msgid "must be at least %(minlength)d characters" msgstr "" #: ../../ipalib/parameters.py:1170 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "" #: ../../ipalib/parameters.py:1180 #, python-format msgid "must be exactly %(length)d characters" msgstr "" #: ../../ipalib/parameters.py:1219 #, python-format msgid "must be one of %(values)r" msgstr "" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "" #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "" #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "????? ??? ??????" #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "????? ???????? %(name)r" #: ../../ipalib/errors.py:386 ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "" msgstr[1] "" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "" #: ../../ipalib/errors.py:706 ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "?????????? ???? ????? ??" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "" #: ../../ipalib/errors.py:783 ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "" #: ../../ipalib/errors.py:831 #, python-format msgid "" "Service principal is not of the form: service/fully-qualified host name: %" "(reason)s" msgstr "" #: ../../ipalib/errors.py:847 msgid "" "The realm for the principal does not match the realm for this IPA server" msgstr "" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "???? ?????? (posix) ????? ??? ???? ???????" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "%(desc)s:%(info)s" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "%(info)s" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "" #: ../../ipalib/plugins/rolegroup.py:73 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:83 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:93 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:104 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/host.py:149 #, python-format msgid "Added host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:178 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:206 #, python-format msgid "Modified host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:255 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/group.py:85 #, python-format msgid "Added group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:108 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:134 #, python-format msgid "Modified group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:163 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/cert.py:63 ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "" #: ../../ipalib/plugins/cert.py:106 ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:112 msgid "" "at least one of: type, filter, subtree, targetgroup, attrs or memberof are " "required" msgstr "" #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "" #: ../../ipalib/plugins/aci.py:255 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:305 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:345 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:405 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "%(count)d ?????????" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "%(count)d ?????-?? ??? ??? ?????" msgstr[1] "%(count)d ?????-?? ??? ??? ?????" #: ../../ipalib/plugins/user.py:139 #, python-format msgid "Added user \"%(value)s\"" msgstr "\"%(value)s\" ??????????? ??? ??? ?????" #: ../../ipalib/plugins/user.py:184 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:203 #, python-format msgid "Modified user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:214 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:234 #, python-format msgid "Locked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:260 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:73 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:83 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:93 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:104 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/hostgroup.py:72 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:82 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:92 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:103 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "" #: ../../ipaserver/install/certs.py:571 ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "" "Request subject \"%(request_subject)s\" does not match the form \"%" "(subject_base)s\"" msgstr "" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "???? ?????" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "??????? ????? ????? ????? ????" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "" From jdennis at redhat.com Fri Feb 19 13:45:12 2010 From: jdennis at redhat.com (John Dennis) Date: Fri, 19 Feb 2010 08:45:12 -0500 Subject: [Freeipa-devel] [PATCH] Message-ID: <4B7E95E8.4020603@redhat.com> Add translation for Bengali India (bn_IN). -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-add-Bengali-India-translation.patch Type: text/x-patch Size: 16162 bytes Desc: not available URL: From jdennis at redhat.com Fri Feb 19 14:41:55 2010 From: jdennis at redhat.com (John Dennis) Date: Fri, 19 Feb 2010 09:41:55 -0500 Subject: [Freeipa-devel] [PATCH] strip .po file suffix in translation statistics Message-ID: <4B7EA333.2070202@redhat.com> The goal is to get the statistics to line up in columns and not exceed an 80 character line which might cause wrapping. Removing .po suffix from the translation name gives us 3 extra characters. Formatting problems were observed when bn_IN.po was added. Instead of: ipa.pot has 133 messages bn_IN.po: 14/133 10.5% 106 po untranslated, 13 missing, 119 untranslated id.po: 107/133 80.5% 13 po untranslated, 13 missing, 26 untranslated kn.po: 4/133 3.0% 116 po untranslated, 13 missing, 129 untranslated pl.po: 120/133 90.2% 0 po untranslated, 13 missing, 13 untranslated [jdennis at jdennis po]$ make msg-stats the statistics now read: ipa.pot has 133 messages bn_IN: 14/133 10.5% 106 po untranslated, 13 missing, 119 untranslated id: 107/133 80.5% 13 po untranslated, 13 missing, 26 untranslated kn: 4/133 3.0% 116 po untranslated, 13 missing, 129 untranslated pl: 120/133 90.2% 0 po untranslated, 13 missing, 13 untranslated -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-strip-.po-file-suffix-in-translation-statistics.patch Type: text/x-patch Size: 1973 bytes Desc: not available URL: From jderose at redhat.com Fri Feb 19 15:30:55 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 19 Feb 2010 08:30:55 -0700 Subject: [Freeipa-devel] [PATCH] jderose 045 Remove bugfix widgets Message-ID: <1266593455.26979.25.camel@jgd-dsk> We were overriding some wehjit builtins with bugfix widgets, but these have all been fixed as of wehjit 0.2.1, so we don't need them anymore. -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-045-Remove-bugfix-widgets.patch Type: text/x-patch Size: 5240 bytes Desc: not available URL: From jderose at redhat.com Fri Feb 19 15:32:59 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 19 Feb 2010 08:32:59 -0700 Subject: [Freeipa-devel] [PATCH] jderose 046 Add buildrequires script Message-ID: <1266593579.26979.30.camel@jgd-dsk> I want to make our development process more easily automated and repeatable, so I started on this script to install all the packages a person would likely need to hack on the server. I'm using this to bootstrap fresh VMs. Plus this lowers the barrier for new developers. -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-046-Add-buildrequires-script.patch Type: text/x-patch Size: 1427 bytes Desc: not available URL: From jderose at redhat.com Fri Feb 19 15:33:14 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 19 Feb 2010 08:33:14 -0700 Subject: [Freeipa-devel] [PATCH] jderose 047 Fix tests Message-ID: <1266593594.26979.31.camel@jgd-dsk> This fixes some tests (non XML-RPC) that got broken in the last few days. Please please update tests in the same patch if your patch breaks them. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-047-Fix-non-XML-RPC-tests.patch Type: text/x-patch Size: 4106 bytes Desc: not available URL: From sgallagh at redhat.com Fri Feb 19 15:50:07 2010 From: sgallagh at redhat.com (Stephen Gallagher) Date: Fri, 19 Feb 2010 10:50:07 -0500 Subject: [Freeipa-devel] [PATCH] jderose 046 Add buildrequires script In-Reply-To: <1266593579.26979.30.camel@jgd-dsk> References: <1266593579.26979.30.camel@jgd-dsk> Message-ID: <4B7EB32F.9030607@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/19/2010 10:32 AM, Jason Gerard DeRose wrote: > I want to make our development process more easily automated and > repeatable, so I started on this script to install all the packages a > person would likely need to hack on the server. I'm using this to > bootstrap fresh VMs. > > Plus this lowers the barrier for new developers. > FYI, on Fedora and similar one can also do: yum-builddep and it will automatically pull in any build dependencies listed in the SRPM. Alternately, 'yum-builddep --enablerepo=ipa-devel ipa-server' will also accomplish this (assuming they have the development repo in their yum configuration) I think directing people to use this will prove easier than trying to maintain this script separate from the RPM spec. It would also probably be easy to parse the RPM spec itself to accomplish this. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt+sy8ACgkQeiVVYja6o6NRVwCfQakzfTv0MEyN6oFH6uhmIDnz CcYAoKfVBTKkf71ERN05ydVI+tREAcpQ =YqNO -----END PGP SIGNATURE----- From jderose at redhat.com Fri Feb 19 16:15:15 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 19 Feb 2010 09:15:15 -0700 Subject: [Freeipa-devel] [PATCH] jderose 048 Translatable Param.label, Param.doc Message-ID: <1266596115.26979.65.camel@jgd-dsk> This patch: 1. Changes Param.label, Param.doc so they can be either text.Gettext or str instances. This is transitional till we get any outstanding patches merged in, then they will only allow text.Gettext instances. 2. Adds a docstring to the ipalib/parameters.py module explaining the difference between cli_name, label, and doc. It also has some style guidelines for the label and doc. 3. Marks all Param.label and Param.doc for translation, does some cleanup to hopefully make things a bit more consistent. 4. Various small changes needed to adjust to Param.label, Param.doc being text.Gettext instances. -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-048-Translatable-labels.patch Type: text/x-patch Size: 55041 bytes Desc: not available URL: From rcritten at redhat.com Fri Feb 19 18:33:20 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 13:33:20 -0500 Subject: [Freeipa-devel] [PATCH] 385 don't try to revoke revoked certs Message-ID: <4B7ED970.7020200@redhat.com> Check the status of a certificate before trying to revoke it. We get an error thrown when we revoke a revoked cert that is difficult to distinguish between a real error and "this is already revoked". rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-385-revoke.patch Type: application/mbox Size: 3231 bytes Desc: not available URL: From rcritten at redhat.com Fri Feb 19 18:35:59 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 13:35:59 -0500 Subject: [Freeipa-devel] [PATCH] 386 replica management Message-ID: <4B7EDA0F.2070808@redhat.com> ipa-replica-manage used to require the DM password for every operation. This adds a couple of ACIs so a privileged user can use the 'list' and 'del' commands. Doing add is possible but tricky since we use the same replication password for all replicas (currently the DM password). We'd probably want to create a separate user for each replica if this were the case and prompt for a password to use. This also has a problem where it can't distinguish between "there are no replication agreements" and "you aren't allowed to see them" because queries to cn=config don't return an error if you are not authorized. Pavel is in the process of switching to using ldap2 for all LDAP access and this module already has Get Effective Rights support. Once the switch is done we can improve the logic here. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-386-replica.patch Type: application/mbox Size: 8116 bytes Desc: not available URL: From rcritten at redhat.com Fri Feb 19 18:37:48 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 13:37:48 -0500 Subject: [Freeipa-devel] [PATCH] 373 fix ipa-getkeytab man page In-Reply-To: <1266332150.15167.0.camel@wolverine.englab.brq.redhat.com> References: <4B69F19C.4030902@redhat.com> <1266332150.15167.0.camel@wolverine.englab.brq.redhat.com> Message-ID: <4B7EDA7C.4000907@redhat.com> Martin Nagy wrote: > On Wed, 2010-02-03 at 16:58 -0500, Rob Crittenden wrote: >> The usage on the man page didn't follow standard conventions. Optional >> arguments shouldn't be enclosed in brackets []. >> >> rob > > Ack > pushed to master From rcritten at redhat.com Fri Feb 19 18:38:03 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 13:38:03 -0500 Subject: [Freeipa-devel] [PATCH] 374 don't make assumptions about cwd In-Reply-To: <1266332267.15167.1.camel@wolverine.englab.brq.redhat.com> References: <4B69FC5B.4040700@redhat.com> <1266332267.15167.1.camel@wolverine.englab.brq.redhat.com> Message-ID: <4B7EDA8B.8060408@redhat.com> Martin Nagy wrote: > On Wed, 2010-02-03 at 17:44 -0500, Rob Crittenden wrote: >> Don't assume that cwd exists or is writable. I had worked on this >> previously so that we change to a known writable directory when issuing >> server certs. Enhance that so we change to the NSS db dir when issuing >> the self-signed CA. certutil wants to write a file to the cwd when >> generating a key so we need to be some place writable. >> >> Also handle the case where cwd is an invalid directory. I tested this with: >> >> term 1: mkdir foo >> cd foo >> >> term 2: rmdir foo >> >> term 1: ipa-server-install ... >> >> Probably not a major issue but not hard to more carefully handle it >> either. The installation will still fail but at least we have a good >> message when it does. >> >> rob > > Cool, I actually hit this problem once, thanks. > ACK > > Martin > pushed to master From rcritten at redhat.com Fri Feb 19 18:39:49 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 13:39:49 -0500 Subject: [Freeipa-devel] [PATCH] Use unicode instead of str for environmental variables in Env. In-Reply-To: <1266319885.11393.1.camel@jgd-dsk> References: <4B74123A.7010001@redhat.com> <1266319885.11393.1.camel@jgd-dsk> Message-ID: <4B7EDAF5.1040805@redhat.com> Jason Gerard DeRose wrote: > On Thu, 2010-02-11 at 15:20 +0100, Pavel Zuna wrote: >> The patch is not far from trivial, but... >> >> It makes the assumption, that IPA config files are utf-8 encoded (or compatible >> like ASCII). Is that OK? >> >> Pavel > > Ack, but I wonder if we should wait till after the alpha to push this? > I had decided to wait, pushed to master rob From jdennis at redhat.com Fri Feb 19 18:42:52 2010 From: jdennis at redhat.com (John Dennis) Date: Fri, 19 Feb 2010 13:42:52 -0500 Subject: [Freeipa-devel] [PATCH] 385 don't try to revoke revoked certs In-Reply-To: <4B7ED970.7020200@redhat.com> References: <4B7ED970.7020200@redhat.com> Message-ID: <4B7EDBAC.2070707@redhat.com> On 02/19/2010 01:33 PM, Rob Crittenden wrote: > Check the status of a certificate before trying to revoke it. We get an > error thrown when we revoke a revoked cert that is difficult to > distinguish between a real error and "this is already revoked". Conditional ACK. Please try to remember to localize all labels. That's a 1 line change so it falls into the "make the fix & commit" category. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From rcritten at redhat.com Fri Feb 19 18:50:25 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 13:50:25 -0500 Subject: [Freeipa-devel] [PATCH] Add 3 new translations for Polish, Indonesian, Kannada In-Reply-To: <4B79B21C.2040509@redhat.com> References: <4B79B21C.2040509@redhat.com> Message-ID: <4B7EDD71.4090206@redhat.com> John Dennis wrote: > Add 3 new translations for Polish, Indonesian, Kannada. > > Remove the dummy Italian translation (it.po), it's only purpose was to > have some translation in the tarball so %{find_lang} wouldn't fail. > > Add a new file contributing_translators.txt so we can track our > translators contributions and give them credit. > ack, pushed to master From rcritten at redhat.com Fri Feb 19 18:54:48 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 13:54:48 -0500 Subject: [Freeipa-devel] [PATCH] Add translation statistics In-Reply-To: <4B7ABEB2.2080006@redhat.com> References: <4B7ABEB2.2080006@redhat.com> Message-ID: <4B7EDE78.8040702@redhat.com> John Dennis wrote: > The Makefile in install/po has a new target "msg-stats" which > prints out statistics concerning the current pot and po files. > Here is an example: > > % make msg-stats > ipa.pot has 133 messages > id.po: 107/133 80.5% 13 po untranslated, 13 missing, 26 > untranslated > kn.po: 4/133 3.0% 116 po untranslated, 13 missing, 129 > untranslated > pl.po: 120/133 90.2% 0 po untranslated, 13 missing, 13 > untranslated > > Also update configure.ac to search for msgcmp, awk & sed programs. ack, pushed to master. rob From rcritten at redhat.com Fri Feb 19 18:56:12 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 13:56:12 -0500 Subject: [Freeipa-devel] [PATCH] In-Reply-To: <4B7E95E8.4020603@redhat.com> References: <4B7E95E8.4020603@redhat.com> Message-ID: <4B7EDECC.1090006@redhat.com> John Dennis wrote: > Add translation for Bengali India (bn_IN). > ack, pushed to master From rcritten at redhat.com Fri Feb 19 22:11:22 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 17:11:22 -0500 Subject: [Freeipa-devel] [PATCH] jderose 045 Remove bugfix widgets In-Reply-To: <1266593455.26979.25.camel@jgd-dsk> References: <1266593455.26979.25.camel@jgd-dsk> Message-ID: <4B7F0C8A.5050403@redhat.com> Jason Gerard DeRose wrote: > We were overriding some wehjit builtins with bugfix widgets, but these > have all been fixed as of wehjit 0.2.1, so we don't need them anymore. > ack pushed to master From rcritten at redhat.com Fri Feb 19 22:12:14 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 17:12:14 -0500 Subject: [Freeipa-devel] [PATCH] jderose 047 Fix tests In-Reply-To: <1266593594.26979.31.camel@jgd-dsk> References: <1266593594.26979.31.camel@jgd-dsk> Message-ID: <4B7F0CBE.7050004@redhat.com> Jason Gerard DeRose wrote: > This fixes some tests (non XML-RPC) that got broken in the last few > days. > > Please please update tests in the same patch if your patch breaks > them. :) This fixes all but the 10 that broke with Env now being utf-8. Pavel, can you take a crack at these? Ack, this patch pushed to master rob From admin at transifex.net Fri Feb 19 22:32:21 2010 From: admin at transifex.net (admin at transifex.net) Date: Fri, 19 Feb 2010 22:32:21 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team User Joining Requested: Russian Message-ID: <20100219223221.24017.49370@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The user 'ypoyarko' has asked to join the 'Russian' translation team of the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/ru/ in order to manage this team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Fri Feb 19 22:37:56 2010 From: admin at transifex.net (admin at transifex.net) Date: Fri, 19 Feb 2010 22:37:56 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team User Joining Approved: Russian Message-ID: <20100219223756.24401.93369@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The user 'ypoyarko' has been approved as a member of the 'Russian' translation team of the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/ru/ in order to see this team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From rcritten at redhat.com Fri Feb 19 22:43:43 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 19 Feb 2010 17:43:43 -0500 Subject: [Freeipa-devel] [PATCH] jderose 046 Add buildrequires script In-Reply-To: <4B7EB32F.9030607@redhat.com> References: <1266593579.26979.30.camel@jgd-dsk> <4B7EB32F.9030607@redhat.com> Message-ID: <4B7F141F.1010509@redhat.com> Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/19/2010 10:32 AM, Jason Gerard DeRose wrote: >> I want to make our development process more easily automated and >> repeatable, so I started on this script to install all the packages a >> person would likely need to hack on the server. I'm using this to >> bootstrap fresh VMs. >> >> Plus this lowers the barrier for new developers. >> > > FYI, on Fedora and similar one can also do: > yum-builddep and it will automatically pull in any build > dependencies listed in the SRPM. > > Alternately, 'yum-builddep --enablerepo=ipa-devel ipa-server' will also > accomplish this (assuming they have the development repo in their yum > configuration) > > I think directing people to use this will prove easier than trying to > maintain this script separate from the RPM spec. > > It would also probably be easy to parse the RPM spec itself to > accomplish this. > Well, it probably isn't very convenient to build from srpm but getting BuildRequires works well: # yum install rpm-build `grep "^BuildRequires" ipa.spec.in | awk '{ print $2 }' | grep -v "^/"` rob From admin at transifex.net Sat Feb 20 01:39:29 2010 From: admin at transifex.net (admin at transifex.net) Date: Sat, 20 Feb 2010 01:39:29 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100220013929.25686.99488@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by raven Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # translation of pl.po to Polish # Piotr Dr?g , 2010. # msgid "" msgstr "" "Project-Id-Version: pl\n" "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/" "newticket\n" "POT-Creation-Date: 2010-02-15 14:55-0500\n" "PO-Revision-Date: 2010-02-10 02:39+0100\n" "Last-Translator: Piotr Dr?g \n" "Language-Team: Polish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2);\n" #: ../../ipalib/parameters.py:224 msgid "incorrect type" msgstr "niepoprawny typ" #: ../../ipalib/parameters.py:227 msgid "Only one value is allowed" msgstr "Dozwolona jest tylko jedna warto??" #: ../../ipalib/parameters.py:791 msgid "must be True or False" msgstr "musi by? prawd? lub fa?szem" #: ../../ipalib/parameters.py:892 msgid "must be an integer" msgstr "musi by? liczba ca?kowit?" #: ../../ipalib/parameters.py:943 #, python-format msgid "must be at least %(minvalue)d" msgstr "musi wynosi? co najmniej %(minvalue)d" #: ../../ipalib/parameters.py:953 #, python-format msgid "can be at most %(maxvalue)d" msgstr "mo?e wynosi? co najwy?ej %(maxvalue)d" #: ../../ipalib/parameters.py:963 msgid "must be a decimal number" msgstr "musi by? liczb? dziesi?tn?" #: ../../ipalib/parameters.py:985 #, python-format msgid "must be at least %(minvalue)f" msgstr "musi wynosi? co najmniej %(minvalue)f" #: ../../ipalib/parameters.py:995 #, python-format msgid "can be at most %(maxvalue)f" msgstr "mo?e wynosi? co najwy?ej %(maxvalue)f" #: ../../ipalib/parameters.py:1055 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "musi pasowa? do wzorca \"%(pattern)s\"" #: ../../ipalib/parameters.py:1073 msgid "must be binary data" msgstr "musi by? danymi binarnymi" #: ../../ipalib/parameters.py:1088 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "musi wynosi? co najmniej %(minlength)d bajt?w" #: ../../ipalib/parameters.py:1098 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "mo?e wynosi? co najwy?ej %(maxlength)d bajt?w" #: ../../ipalib/parameters.py:1108 #, python-format msgid "must be exactly %(length)d bytes" msgstr "musi wynosi? dok?adnie %(length)d bajt?w" #: ../../ipalib/parameters.py:1126 msgid "must be Unicode text" msgstr "musi by? tekstem w unikodzie" #: ../../ipalib/parameters.py:1156 #, python-format msgid "must be at least %(minlength)d characters" msgstr "musi wynosi? co najmniej %(minlength)d znak?w" #: ../../ipalib/parameters.py:1166 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "mo?e wynosi? co najwy?ej %(maxlength)d znak?w" #: ../../ipalib/parameters.py:1176 #, python-format msgid "must be exactly %(length)d characters" msgstr "musi wynosi? dok?adnie %(length)d znak?w" #: ../../ipalib/parameters.py:1215 #, python-format msgid "must be one of %(values)r" msgstr "musi by? jednym z %(values)r" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "Prosz? poda? %(label)s ponownie, aby sprawdzi?: " #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "Has?a si? nie zgadzaj?." #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "Anulowano." #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "" "Wyniki zosta?y obci?te, prosz? spr?bowa? bardziej konkretnego wyszukiwania" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "" "klient w wersji %(cver)s nie jest zgodny z serwerem w wersji %(sver)s na %" "(server)r" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "nieznany b??d %(code)d z %(server)s: %(error)s" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "wyst?pi? wewn?trzny b??d" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "wyst?pi? wewn?trzny b??d w serwerze na %(server)r" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "nieznane polecenie %(name)r" #: ../../ipalib/errors.py:386 ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "b??d w serwerze %(server)r: %(error)s" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "nie mo?na po??czy? si? z %(uri)r: %(error)s" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "Nieprawid?owe ??danie JSON-RPC: %(error)s" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "B??d Kerberosa: %(major)s/%(minor)s" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "nie otrzymano danych uwierzytelniaj?cych Kerberosa" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "Nie odnaleziono us?ugi %(service)r w bazie danych Kerberosa" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "Nie odnaleziono pami?ci podr?cznej danych uwierzytelniaj?cych" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "Zg?oszenie wygas?o" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "" "Uprawnienia pami?ci podr?cznej danych uwierzytelniaj?cych s? niepoprawne" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "B??dny format w pami?ci podr?cznej danych uwierzytelniaj?cych" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "Nie mo?na rozwi?za? KDC dla ??danego obszaru" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "Niewystarczaj?cy dost?p: %(info)s" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "polecenie %(name)r nie przyjmuje parametr?w" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "polecenie %(name)r przyjmuje co najwy?ej %(count)d parametr" msgstr[1] "polecenie %(name)r przyjmuje co najwy?ej %(count)d parametry" msgstr[2] "polecenie %(name)r przyjmuje co najwy?ej %(count)d parametr?w" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "pokrywanie parametr?w i opcji: %(names)r" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "%(name)r jest wymagane" #: ../../ipalib/errors.py:706 ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "nieprawid?owe %(name)r: %(error)s" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "API nie posiada takiej przestrzeni nazw: %(name)r" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "Has?a si? nie zgadzaj?" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "Polecenie nie jest zaimplementowane" #: ../../ipalib/errors.py:783 ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "%(reason)s" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "Ten wpis ju? istnieje" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "Nale?y zapisa? si? do komputera, aby utworzy? jego us?ug?" #: ../../ipalib/errors.py:831 #, python-format msgid "" "Service principal is not of the form: service/fully-qualified host name: %" "(reason)s" msgstr "" "Naczelnik us?ugi nie jest w formacie: us?uga/w pe?ni kwalifikowana nazwa " "komputera: %(reason)s" #: ../../ipalib/errors.py:847 msgid "" "The realm for the principal does not match the realm for this IPA server" msgstr "Obszar naczelnika nie zgadza si? z obszarem dla tego serwera IPA" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "Te polecenie wymaga dost?pu roota" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "To jest ju? grupa POSIX" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "Naczelnik nie jest w formacie u?ytkownik at OBSZAR: %(principal)r" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "Ten wpis jest ju? odblokowany" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "Ten wpis jest ju? zablokowany" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "" "Ten wpis posiada ustawione nsAccountLock, nie mo?e by? zablokowany lub " "niezablokowany" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "Ten wpis nie jest elementem grupy" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "Grupa nie mo?e by? w?asnym elementem" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "Ten wpis jest ju? elementem grupy" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "Dekodowanie base64 nie powiod?o si?: %(reason)s" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "Nie mo?na doda? grupy jako elementu jej samej" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "Nie mo?na usun?? domy?lnej grupy u?ytkownik?w" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "nie ma takiego polecenia lub tematu pomocy %(topic)r" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "zmiana koliduje z inn? zmian?" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "?adne modyfikacje nie zostan? wykonane" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "%(desc)s:%(info)s" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "przekroczono ograniczenia dla tego zapytania" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "%(info)s" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "Nie mo?na uko?czy? dzia?ania na certyfikacie: %(error)s" #: ../../ipalib/plugins/rolegroup.py:50 msgid "Role Groups" msgstr "Grupy rol" #: ../../ipalib/plugins/rolegroup.py:75 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "Dodano grup? roli \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:85 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "Usuni?to grup? roli \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:95 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "Zmodyfikowano grup? roli \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:106 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "Pasuje %(count)d grupa roli" msgstr[1] "Pasuj? %(count)d grupy roli" msgstr[2] "Pasuje %(count)d grup roli" #: ../../ipalib/plugins/host.py:82 msgid "Hosts" msgstr "Komputery" #: ../../ipalib/plugins/host.py:151 #, python-format msgid "Added host \"%(value)s\"" msgstr "Dodano komputer \"%(value)s\"" #: ../../ipalib/plugins/host.py:180 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "Usuni?to komputer \"%(value)s\"" #: ../../ipalib/plugins/host.py:208 #, python-format msgid "Modified host \"%(value)s\"" msgstr "Zmodyfikowano komputer \"%(value)s\"" #: ../../ipalib/plugins/host.py:257 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "Pasuje %(count)d komputer" msgstr[1] "Pasuje %(count)d komputery" msgstr[2] "Pasuje %(count)d komputer?w" #: ../../ipalib/plugins/group.py:58 msgid "User Groups" msgstr "Grupy u?ytkownik?w" #: ../../ipalib/plugins/group.py:87 #, python-format msgid "Added group \"%(value)s\"" msgstr "Dodano grup? \"%(value)s\"" #: ../../ipalib/plugins/group.py:110 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "Usuni?to grup? \"%(value)s\"" #: ../../ipalib/plugins/group.py:136 #, python-format msgid "Modified group \"%(value)s\"" msgstr "Zmodyfikowano grup? \"%(value)s\"" #: ../../ipalib/plugins/group.py:165 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "Pasuje %(count)d grupa" msgstr[1] "Pasuj? %(count)d grupy" msgstr[2] "Pasuje %(count)d grup" #: ../../ipalib/plugins/service.py:122 msgid "Services" msgstr "Us?ugi" #: ../../ipalib/plugins/hbac.py:62 msgid "HBAC" msgstr "HBAC" #: ../../ipalib/plugins/cert.py:63 ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "Nie mo?na dekodowa? certyfikatu we wpisie" #: ../../ipalib/plugins/cert.py:106 ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "Dekodowanie ??dania podpisywania certyfikatu nie powiod?o si?" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "Dekodowanie ??dania podpisywania certyfikatu nie powiod?o si?: %s" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "" "warto?ci \"type\", \"filter\", \"subtree\" i \"targetgroup\" s? wzajemnie " "wy??czne" #: ../../ipalib/plugins/aci.py:112 msgid "" "at least one of: type, filter, subtree, targetgroup, attrs or memberof are " "required" msgstr "" "co najmniej jedna z warto?ci: \"type\", \"filter\", \"subtree\", " "\"targetgroup\", \"attrs\" lub \"memberof\" jest wymagana" #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "warto?ci \"group\" i \"taskgroup\" s? wzajemnie wy??czne" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "Wymagana jest warto?? \"group\" lub \"taskgroup\"" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "Grupa \"%s\" nie istnieje" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "Nie odnaleziono ACI o nazwie \"%s\"" #: ../../ipalib/plugins/aci.py:201 msgid "ACIs" msgstr "ACI" #: ../../ipalib/plugins/aci.py:258 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "Utworzono ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:308 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "Usuni?to ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:348 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "Zmodyfikowano ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:408 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "Pasuje %(count)d ACI" msgstr[1] "Pasuj? %(count)d ACI" msgstr[2] "Pasuje %(count)d ACI" #: ../../ipalib/plugins/dns.py:114 msgid "DNS" msgstr "DNS" #: ../../ipalib/plugins/automount.py:231 msgid "Automount Maps" msgstr "Automatyczne montowanie map" #: ../../ipalib/plugins/automount.py:321 msgid "Automount Keys" msgstr "Automatyczne montowanie kluczy" #: ../../ipalib/plugins/netgroup.py:55 msgid "Net Groups" msgstr "Grupy sieci" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "%(count)d zmiennych" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "Wczytano %(count)d wtyczk?" msgstr[1] "Wczytano %(count)d wtyczki" msgstr[2] "Wczytano %(count)d wtyczek" #: ../../ipalib/plugins/user.py:71 msgid "Users" msgstr "U?ytkownicy" #: ../../ipalib/plugins/user.py:141 #, python-format msgid "Added user \"%(value)s\"" msgstr "Dodano u?ytkownika \"%(value)s\"" #: ../../ipalib/plugins/user.py:186 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "Usuni?to u?ytkownika \"%(value)s\"" #: ../../ipalib/plugins/user.py:205 #, python-format msgid "Modified user \"%(value)s\"" msgstr "Zmodyfikowano u?ytkownika \"%(value)s\"" #: ../../ipalib/plugins/user.py:216 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "Pasuje %(count)d u?ytkownik" msgstr[1] "Pasuje %(count)d u?ytkownik?w" msgstr[2] "Pasuje %(count)d u?ytkownik?w" #: ../../ipalib/plugins/user.py:236 #, python-format msgid "Locked user \"%(value)s\"" msgstr "Zablokowany u?ytkownik \"%(value)s\"" #: ../../ipalib/plugins/user.py:262 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "Odblokowany u?ytkownik \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:50 msgid "Task Groups" msgstr "Grupy zadaniowe" #: ../../ipalib/plugins/taskgroup.py:75 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "Dodano grup? zadaniow? \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:85 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "Usuni?to grup? zadaniow? \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:95 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "Zmodyfikowano grup? zadaniow? \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:106 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "Pasuje %(count)d grupa zadaniowa" msgstr[1] "Pasuj? %(count)d grupy zadaniowe" msgstr[2] "Pasuje %(count)d grup zadaniowych" #: ../../ipalib/plugins/hostgroup.py:49 msgid "Host Groups" msgstr "Grupy komputer?w" #: ../../ipalib/plugins/hostgroup.py:74 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "Dodano grup? komputera \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:84 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "Usuni?to grup? komputera \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:94 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "Zmodyfikowano grup? komputera \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:105 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "Pasuje %(count)d grupa komputera" msgstr[1] "Pasuj? %(count)d grupy komputera" msgstr[2] "Pasuje %(count)d grup komputera" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "nie mo?na ustawia? priorytetu na globalnej polityce" #: ../../ipaserver/install/certs.py:571 ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "Nie mo?na komunikowa? si? z CMS (%s)" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "" "Request subject \"%(request_subject)s\" does not match the form \"%" "(subject_base)s\"" msgstr "" "Temat ??dania \"%(request_subject)s\" nie pasuje do formatu \"%(subject_base)" "s\"" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "nie mo?na dekodowa? csr: %s" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "dzia?anie na pliku" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "nie mo?na uzyska? nast?pnego numeru szeregowego" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "narz?dzie certyfikat?w nie powiod?o si?" From admin at transifex.net Sat Feb 20 11:53:44 2010 From: admin at transifex.net (admin at transifex.net) Date: Sat, 20 Feb 2010 11:53:44 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100220115344.5122.28790@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by andrmart Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the PACKAGE package. # # Andrew Martynov , 2010. msgid "" msgstr "" "Project-Id-Version: ipa\n" "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-02-10 09:13-0500\n" "PO-Revision-Date: 2010-02-12 16:31+0000\n" "Last-Translator: Andrew Martynov \n" "Language-Team: Russian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n" "X-Generator: Lokalize 1.0\n" #: ../../ipalib/parameters.py:228 msgid "incorrect type" msgstr "???????? ???" #: ../../ipalib/parameters.py:231 msgid "Only one value is allowed" msgstr "??????????? ?????? ???? ????????" #: ../../ipalib/parameters.py:795 msgid "must be True or False" msgstr "?????? ???? ???? True, ???? False" #: ../../ipalib/parameters.py:896 msgid "must be an integer" msgstr "?????? ???? ?????" #: ../../ipalib/parameters.py:947 #, python-format msgid "must be at least %(minvalue)d" msgstr "?????? ???? ?? ????? %(minvalue)d" #: ../../ipalib/parameters.py:957 #, python-format msgid "can be at most %(maxvalue)d" msgstr "????? ???? ?? ????? %(maxvalue)d" #: ../../ipalib/parameters.py:967 msgid "must be a decimal number" msgstr "?????? ???? ?????????? ??????" #: ../../ipalib/parameters.py:989 #, python-format msgid "must be at least %(minvalue)f" msgstr "?????? ???? ?? ????? %(minvalue)f" #: ../../ipalib/parameters.py:999 #, python-format msgid "can be at most %(maxvalue)f" msgstr "????? ???? ?? ????? %(maxvalue)f" #: ../../ipalib/parameters.py:1059 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "?????? ????????? ? ???????? \"%(pattern)s\"" #: ../../ipalib/parameters.py:1077 msgid "must be binary data" msgstr "?????? ???????? ????????? ???????" #: ../../ipalib/parameters.py:1092 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "?????? ????????? ?? ????? %(minlength)d ????" #: ../../ipalib/parameters.py:1102 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "????? ????????? ?? ????? %(maxlength)d ????" #: ../../ipalib/parameters.py:1112 #, python-format msgid "must be exactly %(length)d bytes" msgstr "?????? ????????? ????? %(length)d ????" #: ../../ipalib/parameters.py:1130 msgid "must be Unicode text" msgstr "?????? ???????? ??????? Unicode" #: ../../ipalib/parameters.py:1160 #, python-format msgid "must be at least %(minlength)d characters" msgstr "?????? ???? ?? ?????? %(minlength)d ????????" #: ../../ipalib/parameters.py:1170 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "????? ???? ?? ??????? %(maxlength)d ????????" #: ../../ipalib/parameters.py:1180 #, python-format msgid "must be exactly %(length)d characters" msgstr "?????? ???? ????? %(length)d ???????? ???????" #: ../../ipalib/parameters.py:1219 #, python-format msgid "must be one of %(values)r" msgstr "?????? ???????? ????? ?? %(values)r" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "???????? ??????? %(label)s ??? ????????: " #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "?????? ?? ?????????!" #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "????????." #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "?????????? ???????. ?????????? ?????? ????? ?????? ??????? ??????" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "%(cver)s ?????? ?? ????????? ? %(sver)s ???????? ?? %(server)r" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "???????? ??????????? ?????? %(code)d ?? %(server)s: %(error)s" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "????????? ?????????? ??????" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "????????? ?????????? ?????? ?? ??????? %(server)r" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "??????????? ??????? %(name)r" #: ../../ipalib/errors.py:386 ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "?????? ?? ??????? %(server)r: %(error)s" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "?????????? ???????????? ? %(uri)r: %(error)s" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "???????? JSON-RPC ??????: %(error)s" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "?????? Kerberos: %(major)s/%(minor)s" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "?? ???????? ??????????????? ?????? Kerberos" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "?????? %(service)r ?? ??????? ? ???? ?????? Kerberos" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "??? ??????????????? ?????? ?? ??????" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "???? ???????? ?????? ?????" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "????? ??????? ?? ??? ??????????????? ?????? ???????" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "????????? ?????? ? ???? ??????????????? ?????? " #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "?? ???? ?????????? KDC ??? ??????????? ??????? (realm)" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "???????????? ???? ??? ???????: %(info)s" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "??????? %(name)r ?? ????????? ?????????" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "??????? %(name)r ????????? ?? ????? %(count)d ?????????" msgstr[1] "??????? %(name)r ????????? ?? ????? %(count)d ??????????" msgstr[2] "??????? %(name)r ????????? ?? ????? %(count)d ??????????" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "????????? ?????????? ? ??????????: %(names)r" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "????????? %(name)r" #: ../../ipalib/errors.py:706 ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "????????(??) %(name)r: %(error)s" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "api ?? ????????????? ?????? ???????????? ???? (namespace): %(name)r" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "?????? ?? ?????????" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "??????? ???? ?? ???????????" #: ../../ipalib/errors.py:783 ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "%(reason)s" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "????? ?????? ??? ??????????" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "" "??? ???? ????? ??????? ?????? ??? ????, ??? ?????????? ???????????????? " "???? ????" #: ../../ipalib/errors.py:831 #, python-format msgid "" "Service principal is not of the form: service/fully-qualified host name: %" "(reason)s" msgstr "" "??????? ?????? ?????? ?? ???????????? ? ?????: " "??????/?????????-????????????-???: %" "(reason)s" #: ../../ipalib/errors.py:847 msgid "The realm for the principal does not match the realm for this IPA server" msgstr "??????? (realm) ??? ??????? ?????? ?? ????????? ? ???????? IPA ???????" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "???? ??????? ????????? ????? ??????????????" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "??? ???????? posix ???????" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "??????? ?????? ?????? ? ????? ???????? ?? user at REALM: %(principal)r" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "??? ?????? ??? ??????????????" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "??? ?????? ??? ?????????????" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "" "??? ???? ?????? ?????????? ??????? nsAccountLock, ??????? ??? ?? ????? " "???? ????????????? ??? ??????????????" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "??? ?????? ?? ???????? ?????? ??????" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "?????? ?? ????? ??????? ? ?????? ????? ????" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "??? ?????? ??? ???????? ?????? ??????" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "????????????? Base64 ?????? ? ???????: %(reason)s" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "?????? ?? ????? ???? ????????? ???? ? ????" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "?????? ?? ????????? ??? ???????????? ?? ????? ???? ???????" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "??? ??????? ??? ??????? ??????? ??? %(topic)r" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "????????? ???????????? ??????? ?????????? ?????????" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "????????? ?? ???????" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "%(desc)s:%(info)s" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "??? ????? ??????? ????????? ???????????" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "%(info)s" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "???????? ? ???????????? ?? ????? ???? ?????????: %(error)s" #: ../../ipalib/plugins/rolegroup.py:73 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "????????? rolegroup \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:83 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "??????? rolegroup \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:93 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "???????? rolegroup \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:104 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "????????? %(count)d rolegroup" msgstr[1] "????????? %(count)d rolegroup" msgstr[2] "????????? %(count)d rolegroup" #: ../../ipalib/plugins/host.py:149 #, python-format msgid "Added host \"%(value)s\"" msgstr "???????? ???? \"%(value)s\"" #: ../../ipalib/plugins/host.py:178 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "?????? ???? \"%(value)s\"" #: ../../ipalib/plugins/host.py:206 #, python-format msgid "Modified host \"%(value)s\"" msgstr "??????? ???? \"%(value)s\"" #: ../../ipalib/plugins/host.py:255 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "????????? %(count)d ????" msgstr[1] "????????? %(count)d ????" msgstr[2] "????????? %(count)d ?????" #: ../../ipalib/plugins/group.py:85 #, python-format msgid "Added group \"%(value)s\"" msgstr "????????? ?????? \"%(value)s\"" #: ../../ipalib/plugins/group.py:108 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "??????? ?????? \"%(value)s\"" #: ../../ipalib/plugins/group.py:134 #, python-format msgid "Modified group \"%(value)s\"" msgstr "???????? ?????? \"%(value)s\"" #: ../../ipalib/plugins/group.py:163 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "????????? %(count)d ??????" msgstr[1] "????????? %(count)d ??????" msgstr[2] "????????? %(count)d ?????" #: ../../ipalib/plugins/cert.py:63 ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "?????????? ???????????? ?????????? ? ??????" #: ../../ipalib/plugins/cert.py:106 ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "???? ??? ????????????? Certificate Signing Request" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "???? ??? ????????????? Certificate Signing Request: %s" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "type, filter, subtree ? targetgroup ???????? ??????????????????" #: ../../ipalib/plugins/aci.py:112 msgid "" "at least one of: type, filter, subtree, targetgroup, attrs or memberof are " "required" msgstr "" "????????? ??? ??????? ???? ??: type, filter, subtree, targetgroup, attrs " "??? memberof" #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "group ? taskgroup ???????? ??????????????????" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "????????? ???? ??: group ??? taskgroup" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "?????? '%s' ?? ??????????" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "ACI ? ?????? \"%s\" ?? ??????" #: ../../ipalib/plugins/aci.py:255 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "?????? ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:305 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "?????? ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:345 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "??????? ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:405 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "????????? %(count)d ACI" msgstr[1] "????????? %(count)d ACI" msgstr[2] "????????? %(count)d ACI" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "%(count)d ??????????" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "???????? %(count)d ???????????? ??????" msgstr[1] "????????? %(count)d ???????????? ??????" msgstr[2] "????????? %(count)d ???????????? ???????" #: ../../ipalib/plugins/user.py:139 #, python-format msgid "Added user \"%(value)s\"" msgstr "???????? ???????????? \"%(value)s\"" #: ../../ipalib/plugins/user.py:184 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "?????? ???????????? \"%(value)s\"" #: ../../ipalib/plugins/user.py:203 #, python-format msgid "Modified user \"%(value)s\"" msgstr "??????? ???????????? \"%(value)s\"" #: ../../ipalib/plugins/user.py:214 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "????????? %(count)d ????????????" msgstr[1] "????????? %(count)d ????????????" msgstr[2] "????????? %(count)d ?????????????" #: ../../ipalib/plugins/user.py:234 #, python-format msgid "Locked user \"%(value)s\"" msgstr "???????????? ???????????? \"%(value)s\"" #: ../../ipalib/plugins/user.py:260 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "????????????? ???????????? \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:73 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "????????? taskgroup \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:83 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "??????? taskgroup \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:93 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "???????? taskgroup \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:104 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "????????? %(count)d taskgroup" msgstr[1] "????????? %(count)d taskgroup" msgstr[2] "????????? %(count)d taskgroup" #: ../../ipalib/plugins/hostgroup.py:72 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "????????? hostgroup \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:82 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "??????? hostgroup \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:92 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "???????? hostgroup \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:103 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "????????? %(count)d hostgroup" msgstr[1] "????????? %(count)d hostgroup" msgstr[2] "????????? %(count)d hostgroup" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "????????? ?? ????? ???? ????? ??? ?????????? ????????" #: ../../ipaserver/install/certs.py:571 ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "?????????? ????????? ? CMS (%s)" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "" "Request subject \"%(request_subject)s\" does not match the form \"%" "(subject_base)s\"" msgstr "" "????????? ??????? \"%(request_subject)s\" ?? ????????? ? ?????? \"%" "(subject_base)s\"" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "?????????? ???????????? csr: %s" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "???????? ??? ??????" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "?????????? ???????? ????????? ?????????? ?????" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "?????? certutil" From jdennis at redhat.com Sat Feb 20 14:10:37 2010 From: jdennis at redhat.com (John Dennis) Date: Sat, 20 Feb 2010 09:10:37 -0500 Subject: [Freeipa-devel] [PATCH] Add new Russian translation, update Polish Message-ID: <4B7FED5D.2040202@redhat.com> Add new Russian translation. Update the Polish translation. Add count of how many po translations we have in msg-stats. Current translation statistics with this patch: ipa.pot has 133 messages. There are 5 po translation files. bn_IN: 14/133 10.5% 106 po untranslated, 13 missing, 119 untranslated id: 107/133 80.5% 13 po untranslated, 13 missing, 26 untranslated kn: 4/133 3.0% 116 po untranslated, 13 missing, 129 untranslated pl: 133/133 100.0% 0 po untranslated, 0 missing, 0 untranslated ru: 120/133 90.2% 0 po untranslated, 13 missing, 13 untranslated -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-new-Russian-translation-update-Polish.patch Type: text/x-patch Size: 37430 bytes Desc: not available URL: From jdennis at redhat.com Sat Feb 20 16:15:46 2010 From: jdennis at redhat.com (John Dennis) Date: Sat, 20 Feb 2010 11:15:46 -0500 Subject: [Freeipa-devel] [PATCH] make update-pot will not touch pot file if msgid's are unmodified Message-ID: <4B800AB2.30805@redhat.com> Formerly running 'make update-pot' would write an insignificantly different pot file even if the msgid's xgettext found were unmodfied. Now the result of running xgettext is compared to the existing pot file after adjusting for things like timestamps, and only copies the result of xgettext to the new pot file if there were differences. This will help eliminate git commits on the pot file if all one did was see if the pot file was up to date, if it was up to date git won't see any modifications. It used to be that timestamps would be different in the pot file just by virtue of checking if the pot file was current. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-make-update-pot-will-not-touch-pot-file-if-unmodified.patch Type: text/x-patch Size: 2775 bytes Desc: not available URL: From jdennis at redhat.com Sat Feb 20 16:46:21 2010 From: jdennis at redhat.com (John Dennis) Date: Sat, 20 Feb 2010 11:46:21 -0500 Subject: [Freeipa-devel] [PATCH] make update-pot will not touch pot file if msgid's are unmodified In-Reply-To: <4B800AB2.30805@redhat.com> References: <4B800AB2.30805@redhat.com> Message-ID: <4B8011DD.9080209@redhat.com> Resending modified patch. I discovered the original patch had a minor bug which might leave temporary files in the directory. Please use this patch instead. On 02/20/2010 11:15 AM, John Dennis wrote: > Formerly running 'make update-pot' would write an insignificantly > different pot file even if the msgid's xgettext found were unmodfied. > Now the result of running xgettext is compared to the existing > pot file after adjusting for things like timestamps, and only > copies the result of xgettext to the new pot file if there > were differences. > > This will help eliminate git commits on the pot file if all one > did was see if the pot file was up to date, if it was up to date > git won't see any modifications. It used to be that timestamps > would be different in the pot file just by virtue of checking > if the pot file was current. > > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-make-update-pot-will-not-touch-pot-file-if-unmodified.patch Type: text/x-patch Size: 2848 bytes Desc: not available URL: From admin at transifex.net Sun Feb 21 17:59:56 2010 From: admin at transifex.net (admin at transifex.net) Date: Sun, 21 Feb 2010 17:59:56 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100221175956.26035.2779@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by gundachandru Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # Kannada translations for ipa-server package. # Copyright (C) 2010 Red Hat # This file is distributed under the same license as the PACKAGE package. # gundachandru , 2010. # msgid "" msgstr "" "Project-Id-Version: ipa\n" "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-02-15 14:55-0500\n" "PO-Revision-Date: 2010-02-14 22:37+0530\n" "Last-Translator: gundachandru \n" "Language-Team: Kannada \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: ../../ipalib/parameters.py:224 msgid "incorrect type" msgstr "???????? ???" #: ../../ipalib/parameters.py:227 msgid "Only one value is allowed" msgstr "???? ???? ???? ????? ??????????????" #: ../../ipalib/parameters.py:791 msgid "must be True or False" msgstr "??? (True) ???? ?????? (False) ??????????" #: ../../ipalib/parameters.py:892 msgid "must be an integer" msgstr "???????? ??????????" #: ../../ipalib/parameters.py:943 #, python-format msgid "must be at least %(minvalue)d" msgstr "?????????? %(minvalue)d ??????????" #: ../../ipalib/parameters.py:953 #, python-format msgid "can be at most %(maxvalue)d" msgstr "?????????? %(maxvalue)d ?????????" #: ../../ipalib/parameters.py:963 msgid "must be a decimal number" msgstr "????? ?????? ??????????" #: ../../ipalib/parameters.py:985 #, python-format msgid "must be at least %(minvalue)f" msgstr "?????????? %(minvalue)f ??????????" #: ../../ipalib/parameters.py:995 #, python-format msgid "can be at most %(maxvalue)f" msgstr "?????????? %(maxvalue)f ?????????" #: ../../ipalib/parameters.py:1055 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "????? \"%(pattern)s\" ??????????????????" #: ../../ipalib/parameters.py:1073 msgid "must be binary data" msgstr "????? ???? ??????????" #: ../../ipalib/parameters.py:1088 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "?????????? %(minlength)d ?????? ??????????" #: ../../ipalib/parameters.py:1098 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "?????????? %(maxlength)d ?????? ?????????" #: ../../ipalib/parameters.py:1108 #, python-format msgid "must be exactly %(length)d bytes" msgstr "???????? %(length)d ?????? ??????????" #: ../../ipalib/parameters.py:1126 msgid "must be Unicode text" msgstr "???????? ???? ??????????" #: ../../ipalib/parameters.py:1156 #, python-format msgid "must be at least %(minlength)d characters" msgstr "?????????? %(minlength)d ???????? ????????" #: ../../ipalib/parameters.py:1166 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "?????????? %(maxlength)d ???????? ???????" #: ../../ipalib/parameters.py:1176 #, python-format msgid "must be exactly %(length)d characters" msgstr "???????? %(length)d ???????? ????????" #: ../../ipalib/parameters.py:1215 #, python-format msgid "must be one of %(values)r" msgstr "%(values)r ????? ???? ??????????" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "????????? ?????????? %(label)s ????? ????" #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "" #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "" #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "" #: ../../ipalib/errors.py:386 ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "" msgstr[1] "" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "" #: ../../ipalib/errors.py:706 ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "" #: ../../ipalib/errors.py:783 ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "" #: ../../ipalib/errors.py:831 #, python-format msgid "Service principal is not of the form: service/fully-qualified host name: %(reason)s" msgstr "" #: ../../ipalib/errors.py:847 msgid "The realm for the principal does not match the realm for this IPA server" msgstr "" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "" #: ../../ipalib/plugins/rolegroup.py:50 msgid "Role Groups" msgstr "" #: ../../ipalib/plugins/rolegroup.py:75 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:85 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:95 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:106 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/host.py:82 msgid "Hosts" msgstr "" #: ../../ipalib/plugins/host.py:151 #, python-format msgid "Added host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:180 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:208 #, python-format msgid "Modified host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:257 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/group.py:58 msgid "User Groups" msgstr "" #: ../../ipalib/plugins/group.py:87 #, python-format msgid "Added group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:110 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:136 #, python-format msgid "Modified group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:165 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/service.py:122 msgid "Services" msgstr "" #: ../../ipalib/plugins/hbac.py:62 msgid "HBAC" msgstr "" #: ../../ipalib/plugins/cert.py:63 ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "" #: ../../ipalib/plugins/cert.py:106 ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:112 msgid "at least one of: type, filter, subtree, targetgroup, attrs or memberof are required" msgstr "" #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "" #: ../../ipalib/plugins/aci.py:201 msgid "ACIs" msgstr "" #: ../../ipalib/plugins/aci.py:258 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:308 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:348 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:408 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/dns.py:114 msgid "DNS" msgstr "" #: ../../ipalib/plugins/automount.py:231 msgid "Automount Maps" msgstr "" #: ../../ipalib/plugins/automount.py:321 msgid "Automount Keys" msgstr "" #: ../../ipalib/plugins/netgroup.py:55 msgid "Net Groups" msgstr "" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:71 msgid "Users" msgstr "" #: ../../ipalib/plugins/user.py:141 #, python-format msgid "Added user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:186 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:205 #, python-format msgid "Modified user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:216 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:236 #, python-format msgid "Locked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:262 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:50 msgid "Task Groups" msgstr "" #: ../../ipalib/plugins/taskgroup.py:75 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:85 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:95 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:106 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/hostgroup.py:49 msgid "Host Groups" msgstr "" #: ../../ipalib/plugins/hostgroup.py:74 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:84 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:94 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:105 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "" #: ../../ipaserver/install/certs.py:571 ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "Request subject \"%(request_subject)s\" does not match the form \"%(subject_base)s\"" msgstr "" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "" From jdennis at redhat.com Sun Feb 21 21:03:54 2010 From: jdennis at redhat.com (John Dennis) Date: Sun, 21 Feb 2010 16:03:54 -0500 Subject: [Freeipa-devel] [PATCH] Add more Kannada translations Message-ID: <4B819FBA.4050605@redhat.com> Add more Kannada translations -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-more-Kannada-translations.patch Type: text/x-patch Size: 13535 bytes Desc: not available URL: From admin at transifex.net Mon Feb 22 12:48:39 2010 From: admin at transifex.net (admin at transifex.net) Date: Mon, 22 Feb 2010 12:48:39 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team Creation Requested: Spanish (Castilian) Message-ID: <20100222124839.10479.29150@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A translation team for 'Spanish (Castilian)' has been required to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/teams/ in order to manage the teams of the project. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Mon Feb 22 13:54:25 2010 From: admin at transifex.net (admin at transifex.net) Date: Mon, 22 Feb 2010 13:54:25 -0000 Subject: [Freeipa-devel] [www.transifex.net] New Team Added: Spanish (Castilian) Message-ID: <20100222135425.10474.99718@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. A new translation team called 'Spanish (Castilian)' has been added to the 'FreeIPA' project. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/es/ in order to see this new team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From admin at transifex.net Mon Feb 22 16:15:55 2010 From: admin at transifex.net (admin at transifex.net) Date: Mon, 22 Feb 2010 16:15:55 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100222161555.12392.48664@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by logan Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # Fedora Spanish translation of freeipa.master.ipa. # This file is distributed under the same license as the freeipa.master.ipa package. # # H?ctor Daniel Cabrera , 2010. # msgid "" msgstr "" "Project-Id-Version: freeipa.master.ipa\n" "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-02-15 14:55-0500\n" "PO-Revision-Date: \n" "Last-Translator: H?ctor Daniel Cabrera \n" "Language-Team: Fedora Spanisg \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Spanish\n" "X-Poedit-Country: ARGENTINA\n" #: ../../ipalib/parameters.py:224 msgid "incorrect type" msgstr "tipo incorrecto" #: ../../ipalib/parameters.py:227 msgid "Only one value is allowed" msgstr "S?lo se permite un valor" #: ../../ipalib/parameters.py:791 msgid "must be True or False" msgstr "debe ser True o False" #: ../../ipalib/parameters.py:892 msgid "must be an integer" msgstr "debe ser un entero" #: ../../ipalib/parameters.py:943 #, python-format msgid "must be at least %(minvalue)d" msgstr "debe ser como m?nimo %(minvalue)d" #: ../../ipalib/parameters.py:953 #, python-format msgid "can be at most %(maxvalue)d" msgstr "puede ser como m?ximo %(maxvalue)d" #: ../../ipalib/parameters.py:963 msgid "must be a decimal number" msgstr "debe ser un n?mero decimal" #: ../../ipalib/parameters.py:985 #, python-format msgid "must be at least %(minvalue)f" msgstr "debe ser como m?nimo %(minvalue)f" #: ../../ipalib/parameters.py:995 #, python-format msgid "can be at most %(maxvalue)f" msgstr "puede ser como m?ximo %(maxvalue)f" #: ../../ipalib/parameters.py:1055 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "debe coincidir con el modelo \"%(pattern)s" #: ../../ipalib/parameters.py:1073 msgid "must be binary data" msgstr "debe ser un dato binario" #: ../../ipalib/parameters.py:1088 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "debe ser como m?nimo de %(minlength)d bytes" #: ../../ipalib/parameters.py:1098 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "puede ser a lo sumo de %(maxlength)d bytes" #: ../../ipalib/parameters.py:1108 #, python-format msgid "must be exactly %(length)d bytes" msgstr "debe ser exactamente de %(length)d bytes" #: ../../ipalib/parameters.py:1126 msgid "must be Unicode text" msgstr "debe ser texto Unicode" #: ../../ipalib/parameters.py:1156 #, python-format msgid "must be at least %(minlength)d characters" msgstr "debe tener como m?nimo %(minlength)d caracteres" #: ../../ipalib/parameters.py:1166 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "puede tener a lo sumo %(maxlength)d caracteres" #: ../../ipalib/parameters.py:1176 #, python-format msgid "must be exactly %(length)d characters" msgstr "debe tener exactamente %(length)d caracteres" #: ../../ipalib/parameters.py:1215 #, python-format msgid "must be one of %(values)r" msgstr "debe ser uno de %(values)r" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "ngrese %(label)s nuevamente para su verificaci?n: " #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "?Las contrase?as no coinciden!" #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "Cancelado." #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "Los resultados se encuentran truncados, intente realizar una b?squeda m?s espec?fica" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "el cliente %(cver)s no es compatible con el servidor %(sver)s en %(server)r" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "error %(code)d desconocido de %(server)s: %(error)s" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "ha ocurrido un error interno" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "ha ocurrido un error interno en el servidor en %(server)r" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "comando desconocido %(name)r" #: ../../ipalib/errors.py:386 #: ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "error en el servidor %(server)r: %(error)s" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "no es posible conectar con %(uri)r: %(error)s" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "Petici?n JSON-RPC no v?lida: %(error)s" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "Error de kerberos: %(major)s/%(minor)s" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "no se ha recibido ninguna credencial Kerberos" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "El servicio %(service)r no se ha encontrado en la base de datos Kerberos" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "No se han encontrado credenciales de cach?" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "El ticket ha expirado" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "Los permisos de credenciales de cach? son incorrectos" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "Las credenciales de cach? est?n mal formadas" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "No es posible resolver KDC para el reinado solicitado" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "Acceso insuficiente: %(info)s" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "el comando %(name)r no tiene argumentos" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "" msgstr[1] "" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "" #: ../../ipalib/errors.py:706 #: ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "" #: ../../ipalib/errors.py:783 #: ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "" #: ../../ipalib/errors.py:831 #, python-format msgid "Service principal is not of the form: service/fully-qualified host name: %(reason)s" msgstr "" #: ../../ipalib/errors.py:847 msgid "The realm for the principal does not match the realm for this IPA server" msgstr "" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "" #: ../../ipalib/plugins/rolegroup.py:50 msgid "Role Groups" msgstr "" #: ../../ipalib/plugins/rolegroup.py:75 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:85 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:95 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/rolegroup.py:106 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/host.py:82 msgid "Hosts" msgstr "" #: ../../ipalib/plugins/host.py:151 #, python-format msgid "Added host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:180 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:208 #, python-format msgid "Modified host \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/host.py:257 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/group.py:58 msgid "User Groups" msgstr "" #: ../../ipalib/plugins/group.py:87 #, python-format msgid "Added group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:110 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:136 #, python-format msgid "Modified group \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/group.py:165 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/service.py:122 msgid "Services" msgstr "" #: ../../ipalib/plugins/hbac.py:62 msgid "HBAC" msgstr "" #: ../../ipalib/plugins/cert.py:63 #: ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "" #: ../../ipalib/plugins/cert.py:106 #: ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:112 msgid "at least one of: type, filter, subtree, targetgroup, attrs or memberof are required" msgstr "" #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "" #: ../../ipalib/plugins/aci.py:201 msgid "ACIs" msgstr "" #: ../../ipalib/plugins/aci.py:258 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:308 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:348 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/aci.py:408 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/dns.py:114 msgid "DNS" msgstr "" #: ../../ipalib/plugins/automount.py:231 msgid "Automount Maps" msgstr "" #: ../../ipalib/plugins/automount.py:321 msgid "Automount Keys" msgstr "" #: ../../ipalib/plugins/netgroup.py:55 msgid "Net Groups" msgstr "" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:71 msgid "Users" msgstr "" #: ../../ipalib/plugins/user.py:141 #, python-format msgid "Added user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:186 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:205 #, python-format msgid "Modified user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:216 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:236 #, python-format msgid "Locked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/user.py:262 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:50 msgid "Task Groups" msgstr "" #: ../../ipalib/plugins/taskgroup.py:75 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:85 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:95 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/taskgroup.py:106 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/hostgroup.py:49 msgid "Host Groups" msgstr "" #: ../../ipalib/plugins/hostgroup.py:74 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:84 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:94 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "" #: ../../ipalib/plugins/hostgroup.py:105 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "" #: ../../ipaserver/install/certs.py:571 #: ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "Request subject \"%(request_subject)s\" does not match the form \"%(subject_base)s\"" msgstr "" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "" From jdennis at redhat.com Mon Feb 22 17:23:30 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 22 Feb 2010 12:23:30 -0500 Subject: [Freeipa-devel] [PATCH] Add Spanish translation Message-ID: <4B82BD92.8070601@redhat.com> Add Spanish translation -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-Spanish-translation.patch Type: text/x-patch Size: 17832 bytes Desc: not available URL: From admin at transifex.net Mon Feb 22 17:48:27 2010 From: admin at transifex.net (admin at transifex.net) Date: Mon, 22 Feb 2010 17:48:27 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team Changed: Spanish (Castilian) Message-ID: <20100222174827.12392.31033@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The 'Spanish (Castilian)' translation team of the 'FreeIPA' project has been changed. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/es/ in order to see this new team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From rcritten at redhat.com Mon Feb 22 19:32:04 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 22 Feb 2010 14:32:04 -0500 Subject: [Freeipa-devel] [PATCH] 387 fix test failures Message-ID: <4B82DBB4.5080707@redhat.com> This fixes the failures in the Env due to switching to unicode internally. Now that --all works this also adds the dn to the output in the XML-RPC tests. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-387-tests.patch Type: application/mbox Size: 19015 bytes Desc: not available URL: From rcritten at redhat.com Mon Feb 22 20:41:45 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 22 Feb 2010 15:41:45 -0500 Subject: [Freeipa-devel] [PATCH] Add new Russian translation, update Polish In-Reply-To: <4B7FED5D.2040202@redhat.com> References: <4B7FED5D.2040202@redhat.com> Message-ID: <4B82EC09.6070606@redhat.com> John Dennis wrote: > Add new Russian translation. > Update the Polish translation. > Add count of how many po translations we have in msg-stats. > > Current translation statistics with this patch: > > ipa.pot has 133 messages. There are 5 po translation files. > bn_IN: 14/133 10.5% 106 po untranslated, 13 missing, 119 > untranslated > id: 107/133 80.5% 13 po untranslated, 13 missing, 26 > untranslated > kn: 4/133 3.0% 116 po untranslated, 13 missing, 129 > untranslated > pl: 133/133 100.0% 0 po untranslated, 0 missing, 0 > untranslated > ru: 120/133 90.2% 0 po untranslated, 13 missing, 13 > untranslated ack, pushed to master From rcritten at redhat.com Mon Feb 22 20:42:14 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 22 Feb 2010 15:42:14 -0500 Subject: [Freeipa-devel] [PATCH] make update-pot will not touch pot file if msgid's are unmodified In-Reply-To: <4B8011DD.9080209@redhat.com> References: <4B800AB2.30805@redhat.com> <4B8011DD.9080209@redhat.com> Message-ID: <4B82EC26.8060003@redhat.com> John Dennis wrote: > Resending modified patch. I discovered the original patch had a minor > bug which might leave temporary files in the directory. Please use this > patch instead. > > On 02/20/2010 11:15 AM, John Dennis wrote: >> Formerly running 'make update-pot' would write an insignificantly >> different pot file even if the msgid's xgettext found were unmodfied. >> Now the result of running xgettext is compared to the existing >> pot file after adjusting for things like timestamps, and only >> copies the result of xgettext to the new pot file if there >> were differences. >> >> This will help eliminate git commits on the pot file if all one >> did was see if the pot file was up to date, if it was up to date >> git won't see any modifications. It used to be that timestamps >> would be different in the pot file just by virtue of checking >> if the pot file was current. >> >> >> >> _______________________________________________ Ack, pushed this updated patch. From rcritten at redhat.com Mon Feb 22 20:42:25 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 22 Feb 2010 15:42:25 -0500 Subject: [Freeipa-devel] [PATCH] Add more Kannada translations In-Reply-To: <4B819FBA.4050605@redhat.com> References: <4B819FBA.4050605@redhat.com> Message-ID: <4B82EC31.2000205@redhat.com> John Dennis wrote: > Add more Kannada translations > ack, pushed to master From rcritten at redhat.com Mon Feb 22 20:42:33 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 22 Feb 2010 15:42:33 -0500 Subject: [Freeipa-devel] [PATCH] Add Spanish translation In-Reply-To: <4B82BD92.8070601@redhat.com> References: <4B82BD92.8070601@redhat.com> Message-ID: <4B82EC39.7070401@redhat.com> John Dennis wrote: > Add Spanish translation > ack, pushed to master From jdennis at redhat.com Mon Feb 22 21:21:19 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 22 Feb 2010 16:21:19 -0500 Subject: [Freeipa-devel] [PATCH] fix i18n build problem Message-ID: <4B82F54F.9040208@redhat.com> There was a typo in install/po/Makefile.in which caused (some) of the .po files to be overwritten because the test to see if a po file existed had a typo in it. This patch also removes the unnecessary rebuilding of the pot which was happening when using the "all" target (the default). The pot file now must be manually remade, which is what we want. Added a new target "mo-files" to manually generate the .mo files. This is useful to run before checking in a new .po file just to assure it "compiles" and we don't have to discover this during a build. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-fix-i18n-build-problem.patch Type: text/x-patch Size: 2099 bytes Desc: not available URL: From nalin at redhat.com Mon Feb 22 21:29:04 2010 From: nalin at redhat.com (Nalin Dahyabhai) Date: Mon, 22 Feb 2010 16:29:04 -0500 Subject: [Freeipa-devel] [PATCH] fix typo in install/updates/30-automount.update Message-ID: <20100222212904.GE16206@redhat.com> This'll keep cn=default,cn=automount,$SUFFIX from getting a second "cn" value that it doesn't need. Nalin -------------- next part -------------- >From 5a1992896dcf33f382b475ef9e09e9b2ff2c48c3 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 22 Feb 2010 16:23:39 -0500 Subject: [PATCH 1/1] - fix a typo --- install/updates/30-automount.update | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/install/updates/30-automount.update b/install/updates/30-automount.update index 93f29a0..3dd4960 100644 --- a/install/updates/30-automount.update +++ b/install/updates/30-automount.update @@ -6,7 +6,7 @@ add:cn: automount dn: cn=default,cn=automount,$SUFFIX add:objectClass: nsContainer -add:cn: automount +add:cn: default dn: automountmapname=auto.master,cn=default,cn=automount,$SUFFIX add:objectClass: automountMap -- 1.7.0 From jderose at redhat.com Mon Feb 22 21:47:05 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 22 Feb 2010 14:47:05 -0700 Subject: [Freeipa-devel] [PATCH] fix i18n build problem In-Reply-To: <4B82F54F.9040208@redhat.com> References: <4B82F54F.9040208@redhat.com> Message-ID: <1266875225.25339.0.camel@jgd-dsk> On Mon, 2010-02-22 at 16:21 -0500, John Dennis wrote: > There was a typo in install/po/Makefile.in which caused (some) of > the .po files to be overwritten because the test to see if a po > file existed had a typo in it. > > This patch also removes the unnecessary rebuilding of the pot which was > happening when using the "all" target (the default). The pot file now > must be manually remade, which is what we want. > > Added a new target "mo-files" to manually generate the .mo files. > This is useful to run before checking in a new .po file just to > assure it "compiles" and we don't have to discover this during a > build. ack. pushed to master. I confirmed that this fixes the build problem in my tree. Thanks. From jdennis at redhat.com Mon Feb 22 21:54:50 2010 From: jdennis at redhat.com (John Dennis) Date: Mon, 22 Feb 2010 16:54:50 -0500 Subject: [Freeipa-devel] [PATCH] minor makefile cleanup Message-ID: <4B82FD2A.5060900@redhat.com> Nalin correctly identified two minor issues in the install/po/Makefile he noticed after my last patch. The empty rule for the all target is bad style. The newly added target "mo-files" should have been listed in the .PHONY list. Neither one should cause problem, but they should be cleaned up. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-minor-makefile-cleanup.patch Type: text/x-patch Size: 848 bytes Desc: not available URL: From jderose at redhat.com Mon Feb 22 22:01:52 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Mon, 22 Feb 2010 15:01:52 -0700 Subject: [Freeipa-devel] [PATCH] minor makefile cleanup In-Reply-To: <4B82FD2A.5060900@redhat.com> References: <4B82FD2A.5060900@redhat.com> Message-ID: <1266876112.25339.1.camel@jgd-dsk> On Mon, 2010-02-22 at 16:54 -0500, John Dennis wrote: > Nalin correctly identified two minor issues in the install/po/Makefile > he noticed after my last patch. > > The empty rule for the all target is bad style. > > The newly added target "mo-files" should have been listed in the .PHONY > list. > > Neither one should cause problem, but they should be cleaned up. ack. pushed to master. From pzuna at redhat.com Tue Feb 23 11:40:29 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Tue, 23 Feb 2010 12:40:29 +0100 Subject: [Freeipa-devel] [PATCH] 387 fix test failures In-Reply-To: <4B82DBB4.5080707@redhat.com> References: <4B82DBB4.5080707@redhat.com> Message-ID: <4B83BEAD.4060402@redhat.com> Rob Crittenden wrote: > This fixes the failures in the Env due to switching to unicode > internally. Now that --all works this also adds the dn to the output in > the XML-RPC tests. > > rob > ack. Pavel From pzuna at redhat.com Tue Feb 23 14:32:42 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Tue, 23 Feb 2010 15:32:42 +0100 Subject: [Freeipa-devel] [PATCH] Fix bug where parameter cloning didn't clone validating rules. Message-ID: <4B83E70A.6010706@redhat.com> I thought we had validation fixed, but this little bit was still missing. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-bug-where-parameter-cloning-didn-t-clone-validat.patch Type: application/mbox Size: 747 bytes Desc: not available URL: From pzuna at redhat.com Tue Feb 23 14:33:59 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Tue, 23 Feb 2010 15:33:59 +0100 Subject: [Freeipa-devel] [PATCH] Replace incorrect use of str.index with str.find in host plugin. Message-ID: <4B83E757.7090900@redhat.com> index was used as if it was find in the validation function. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Replace-incorrect-use-of-str.index-with-str.find-in-.patch Type: application/mbox Size: 765 bytes Desc: not available URL: From pzuna at redhat.com Tue Feb 23 14:35:04 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Tue, 23 Feb 2010 15:35:04 +0100 Subject: [Freeipa-devel] [PATCH] Complete netgroup attributes. Message-ID: <4B83E798.901@redhat.com> Add missing attributes to the netgroup plugin. The plugin will now correctly display membership information and allow searching for netgroups by UUID. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0003-Complete-netgroup-attributes.patch Type: application/mbox Size: 1972 bytes Desc: not available URL: From pzuna at redhat.com Tue Feb 23 15:01:42 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Tue, 23 Feb 2010 16:01:42 +0100 Subject: [Freeipa-devel] [PATCH] Make the --all option work in Add/Remove Member commands. Message-ID: <4B83EDD6.6000203@redhat.com> Add/Remove Member commands didn't work with the --all option. They do now. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Make-the-all-option-work-in-Add-Remove-Member-comman.patch Type: application/mbox Size: 1696 bytes Desc: not available URL: From pzuna at redhat.com Tue Feb 23 15:05:30 2010 From: pzuna at redhat.com (=?UTF-8?B?UGF2ZWwgWsWvbmE=?=) Date: Tue, 23 Feb 2010 16:05:30 +0100 Subject: [Freeipa-devel] [DOC] about netgroups Message-ID: <4B83EEBA.1060402@redhat.com> I was asked to complete the documentation of IPA commands on the internal wiki. Unfortunatly, I currently don't have access to it and have decided to put some of the information I've been gathering here on freeipa-devel. It's not a secret after all and is easier to review by other team members. I'm going to put this on the wiki as soon as I can. So, in the first (and possibly last) issue of CommandDocs(tm), we're going to look at netgroups and commands related to them. What are netgroups? =================== Netgroups are a concept introduced in the directory service NIS. They are supposed to contain users, hosts (machines) and other netgroups. Here are a few examples of why such groups can be useful: http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F Don't continue reading after the "What are NIS netgroups good for?" part. Netgroup entries are different in IPA. Some more info about netgroups (optional reading; I'll explain most of the important stuff): http://www.softpanorama.org/Net/Application_layer/NIS/nis_netgroups.shtml How do we store netgroups in the IPA backend (LDAP)? ==================================================== NIS groups traditionally contain a so called netgroup triple of the format: (machine, user, domain) machine - machine name, a host name user - user name domain - NIS domain of the machine and user Note that there is no necessary relationship between the machine and the user. Only one of those fields is usually used at a time to avoid confusion. In IPA, we don't use the triple anymore. It's ugly and unclear. Instead we use the membership relationship between LDAP entries. You simple add users, host and even their groups as members of a netgroup. The domain field is constant for each netgroup and defaults to the current IPA domain. Example of a netgroup displayed using the IPA CLI: # ipa netgroup-show net1 Netgroup name: net1 Description: test netgroup NIS domain name: pzuna Member User: admin Member Host: testbox.pzuna What commands are available in IPA for handling netgroups? ========================================================== The management plugin for netgroups in IPA conforms to the CRUD command naming conventions used in all other plugins, that come with the default IPA installation. Creating new netgroups ---------------------- ipa netgroup-add NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] NAME is the name of the netgroup (can be anything, but must be unique) DESCRIPTION is the netgroup description (required) NISDOMAIN is the NIS domain name, defaults to the current IPA domain Deleting netgroups ------------------ ipa netgroup-del NAME Displaying netgroups -------------------- ipa netgroup-show NAME Modifying netgroups ------------------- ipa netgroup-mod NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] Same as `ipa netgroup-add`, except modifying description is required and NISDOMAIN doesn't default to anything. Searching for netgroups ----------------------- ipa netgroup-find [CRITERIA] [--name=NAME] [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] [--uuid=UUID] CRITERIA is an optional substring, that has to appear in either the name, the description or the NIS domain of the groups you're looking for Other options are the same as `ipa netgroup-add`, except nothing is required and doesn't default to anything. There's a new UUID option, that allows searching netgroups by ipaUniqueID. If one of these options is set, the command returns only exact matches of this option. Adding users and hosts to netgroups ----------------------------------- ipa netgroup-add-member NAME [--users=USERS] [--groups=GROUPS] [--hosts=HOSTS] [--hostgroups=HOSTGROUPS] [--netgroups=NETGROUPS] USERS,GROUPS,HOSTS,HOSTGROUPS,NETGROUPS are comma-separated lists of names of the appropriate objects. Removing users and hosts from netgroups --------------------------------------- ipa netgroup-remove-member NAME [--users=USERS] [--groups=GROUPS] [--hosts=HOSTS] [--hostgroups=HOSTGROUPS] [--netgroups=NETGROUPS] Same as `netgroup-add-member`. Examples -------- # ipa netgroup-add net0 --desc="test netgroup" Netgroup name: net0 Description: test netgroup NIS domain name: pzuna IPA unique ID: 9e6e089c-2089-11df-b677-5452004c033a # ipa netgroup-mod net0 --desc="description change" Netgroup name: net0 Description: description change NIS domain name: pzuna # ipa netgroup-add-member net0 --users=admin --hosts=testbox.pzuna Netgroup name: net0 Description: description change NIS domain name: pzuna Member User: admin Member Host: testbox.pzuna ------------------------- Number of members added 2 ------------------------- # ipa netgroup-remove-member net0 --users=admin Netgroup name: net0 Description: description change NIS domain name: pzuna Member Host: testbox.pzuna --------------------------- Number of members removed 1 --------------------------- # ipa netgroup-del net0 # ipa netgroup-show net0 ipa: ERROR: no such entry Pavel From mnagy at redhat.com Tue Feb 23 15:19:13 2010 From: mnagy at redhat.com (Martin Nagy) Date: Tue, 23 Feb 2010 16:19:13 +0100 Subject: [Freeipa-devel] [PATCH] Replace incorrect use of str.index with str.find in host plugin. In-Reply-To: <4B83E757.7090900@redhat.com> References: <4B83E757.7090900@redhat.com> Message-ID: <1266938353.8157.3.camel@wolverine.englab.brq.redhat.com> On Tue, 2010-02-23 at 15:33 +0100, Pavel Z?na wrote: > index was used as if it was find in the validation function. > > Pavel Ack. Martin From admin at transifex.net Tue Feb 23 15:17:24 2010 From: admin at transifex.net (admin at transifex.net) Date: Tue, 23 Feb 2010 15:17:24 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100223151724.32591.70583@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by logan Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # Fedora Spanish translation of freeipa.master.ipa. # This file is distributed under the same license as the freeipa.master.ipa package. # # H?ctor Daniel Cabrera , 2010. # msgid "" msgstr "" "Project-Id-Version: freeipa.master.ipa\n" "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-02-15 14:55-0500\n" "PO-Revision-Date: \n" "Last-Translator: H?ctor Daniel Cabrera \n" "Language-Team: Fedora Spanisg \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Spanish\n" "X-Poedit-Country: ARGENTINA\n" #: ../../ipalib/parameters.py:224 msgid "incorrect type" msgstr "tipo incorrecto" #: ../../ipalib/parameters.py:227 msgid "Only one value is allowed" msgstr "S?lo se permite un valor" #: ../../ipalib/parameters.py:791 msgid "must be True or False" msgstr "debe ser True o False" #: ../../ipalib/parameters.py:892 msgid "must be an integer" msgstr "debe ser un entero" #: ../../ipalib/parameters.py:943 #, python-format msgid "must be at least %(minvalue)d" msgstr "debe ser como m?nimo %(minvalue)d" #: ../../ipalib/parameters.py:953 #, python-format msgid "can be at most %(maxvalue)d" msgstr "puede ser como m?ximo %(maxvalue)d" #: ../../ipalib/parameters.py:963 msgid "must be a decimal number" msgstr "debe ser un n?mero decimal" #: ../../ipalib/parameters.py:985 #, python-format msgid "must be at least %(minvalue)f" msgstr "debe ser como m?nimo %(minvalue)f" #: ../../ipalib/parameters.py:995 #, python-format msgid "can be at most %(maxvalue)f" msgstr "puede ser como m?ximo %(maxvalue)f" #: ../../ipalib/parameters.py:1055 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "debe coincidir con el modelo \"%(pattern)s" #: ../../ipalib/parameters.py:1073 msgid "must be binary data" msgstr "debe ser un dato binario" #: ../../ipalib/parameters.py:1088 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "debe ser como m?nimo de %(minlength)d bytes" #: ../../ipalib/parameters.py:1098 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "puede ser a lo sumo de %(maxlength)d bytes" #: ../../ipalib/parameters.py:1108 #, python-format msgid "must be exactly %(length)d bytes" msgstr "debe ser exactamente de %(length)d bytes" #: ../../ipalib/parameters.py:1126 msgid "must be Unicode text" msgstr "debe ser texto Unicode" #: ../../ipalib/parameters.py:1156 #, python-format msgid "must be at least %(minlength)d characters" msgstr "debe tener como m?nimo %(minlength)d caracteres" #: ../../ipalib/parameters.py:1166 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "puede tener a lo sumo %(maxlength)d caracteres" #: ../../ipalib/parameters.py:1176 #, python-format msgid "must be exactly %(length)d characters" msgstr "debe tener exactamente %(length)d caracteres" #: ../../ipalib/parameters.py:1215 #, python-format msgid "must be one of %(values)r" msgstr "debe ser uno de %(values)r" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "ngrese %(label)s nuevamente para su verificaci?n: " #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "?Las contrase?as no coinciden!" #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "Cancelado." #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "Los resultados se encuentran truncados, intente realizar una b?squeda m?s espec?fica" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "el cliente %(cver)s no es compatible con el servidor %(sver)s en %(server)r" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "error %(code)d desconocido de %(server)s: %(error)s" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "ha ocurrido un error interno" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "ha ocurrido un error interno en el servidor en %(server)r" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "comando desconocido %(name)r" #: ../../ipalib/errors.py:386 #: ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "error en el servidor %(server)r: %(error)s" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "no es posible conectar con %(uri)r: %(error)s" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "Petici?n JSON-RPC no v?lida: %(error)s" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "Error de kerberos: %(major)s/%(minor)s" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "no se ha recibido ninguna credencial Kerberos" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "El servicio %(service)r no se ha encontrado en la base de datos Kerberos" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "No se han encontrado credenciales de cach?" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "El ticket ha expirado" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "Los permisos de credenciales de cach? son incorrectos" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "Las credenciales de cach? est?n mal formadas" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "No es posible resolver KDC para el reinado solicitado" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "Acceso insuficiente: %(info)s" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "el comando %(name)r no tiene argumentos" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "" msgstr[1] "" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "superponiendo argumentos y opciones: %(names)r" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "%(name)r es necesario" #: ../../ipalib/errors.py:706 #: ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "%(name)r inv?lido: %(error)s" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "api no posee tal nombre de espacio: %(name)r" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "Las contrase?as no coinciden" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "El comando no se ha implementado" #: ../../ipalib/errors.py:783 #: ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "%(reason)s" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "Esta entrada ya existe" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "Debe registrar un equipo para poder generar un servicio de equipo" #: ../../ipalib/errors.py:831 #, python-format msgid "Service principal is not of the form: service/fully-qualified host name: %(reason)s" msgstr "El servicio principal no tiene la forma de servicio/nombre de equipo totalmente calificado: %(reason)s" #: ../../ipalib/errors.py:847 msgid "The realm for the principal does not match the realm for this IPA server" msgstr "El reinado para el principal no coincide con el reinado para este servidor IPA" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "Este comando necesita acceso de usuario root" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "Este ya es un grupo posix" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "El principal no tiene la forma usuario at REINADO: %(principal)r" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "Esta entrada ya se encuentra desbloqueada" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "Esta entrada ya se encuentra bloqueada" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "Esta entrada posee definido nsAccountLock, no puede ser bloqueada ni desbloqueada" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "Esta entrada no es miembro del grupo" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "Un grupo no puede ser miembro de s? mismo" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "Esta entrada ya es miembro del grupo" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "Fall? la decodificaci?n base64: %(reason)s" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "Un grupo no puede ser agregado como miembro de s? mismo" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "El grupo de usuarios predeterminado no puede ser eliminado" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "no existe un comando para el t?pico de ayuda %(topic)r" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "la modificaci?n choca con otra modificaci?n diferente" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "no existen modificaciones a ser realizadas" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "%(desc)s:%(info)s" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "han sido excedidos los l?mites para esta consulta" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "%(info)s" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "La operaci?n certificada no puede ser completada: %(error)s" #: ../../ipalib/plugins/rolegroup.py:50 msgid "Role Groups" msgstr "Grupos de funciones" #: ../../ipalib/plugins/rolegroup.py:75 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "Ha sido agregado el grupo de funciones \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:85 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "Ha sido eliminado el grupo de funciones \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:95 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "Ha sido modificado el grupo de funciones \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:106 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/host.py:82 msgid "Hosts" msgstr "Equipos" #: ../../ipalib/plugins/host.py:151 #, python-format msgid "Added host \"%(value)s\"" msgstr "Ha sido agregado el equipo \"%(value)s\"" #: ../../ipalib/plugins/host.py:180 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "Ha sido eliminado el equipo \"%(value)s\"" #: ../../ipalib/plugins/host.py:208 #, python-format msgid "Modified host \"%(value)s\"" msgstr "Ha sido modificado el equipo \"%(value)s\"" #: ../../ipalib/plugins/host.py:257 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/group.py:58 msgid "User Groups" msgstr "Grupos de usuarios" #: ../../ipalib/plugins/group.py:87 #, python-format msgid "Added group \"%(value)s\"" msgstr "Ha sido agregado el grupo \"%(value)s\"" #: ../../ipalib/plugins/group.py:110 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "Ha sido eliminado el grupo \"%(value)s\"" #: ../../ipalib/plugins/group.py:136 #, python-format msgid "Modified group \"%(value)s\"" msgstr "Ha sido modificado el grupo \"%(value)s\"" #: ../../ipalib/plugins/group.py:165 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/service.py:122 msgid "Services" msgstr "Servicios" #: ../../ipalib/plugins/hbac.py:62 msgid "HBAC" msgstr "HBAC" #: ../../ipalib/plugins/cert.py:63 #: ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "No es posible decodificar el certificado en la entrada" #: ../../ipalib/plugins/cert.py:106 #: ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "Falla al intentar decodificar la petici?n de identificaci?n de certificado" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "Falla al intentar decodificar la petici?n de identificaci?n de certificado: %s" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "tipo, filtro, sub?rbol y grupo de destino, se excluyen mutuamente" #: ../../ipalib/plugins/aci.py:112 msgid "at least one of: type, filter, subtree, targetgroup, attrs or memberof are required" msgstr "es necesario como m?nimo alguno de: tipo, filtro, sub?rbol, grupo de destino, atributos, o miembro de " #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "grupo y grupo de tareas se excluyen mutuamente" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "Es necesario grupo o grupo de tareas" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "El grupo '%s' no existe" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "No se encuentra un ACI cuyo nombre sea \"%s\"" #: ../../ipalib/plugins/aci.py:201 msgid "ACIs" msgstr "ACIs" #: ../../ipalib/plugins/aci.py:258 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "Ha sido creado ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:308 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "Ha sido eliminado ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:348 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "Ha sido modificado ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:408 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/dns.py:114 msgid "DNS" msgstr "DNS" #: ../../ipalib/plugins/automount.py:231 msgid "Automount Maps" msgstr "Mapeos de automontaje" #: ../../ipalib/plugins/automount.py:321 msgid "Automount Keys" msgstr "Llaves de automontaje" #: ../../ipalib/plugins/netgroup.py:55 msgid "Net Groups" msgstr "Grupos de red" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "%(count)d variables" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:71 msgid "Users" msgstr "Usuarios" #: ../../ipalib/plugins/user.py:141 #, python-format msgid "Added user \"%(value)s\"" msgstr "Ha sido agregado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:186 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "Ha sido eliminado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:205 #, python-format msgid "Modified user \"%(value)s\"" msgstr "Ha sido modificado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:216 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/user.py:236 #, python-format msgid "Locked user \"%(value)s\"" msgstr "Ha sido bloqueado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:262 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "Ha sido desbloqueado el usuario \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:50 msgid "Task Groups" msgstr "Grupos de tareas" #: ../../ipalib/plugins/taskgroup.py:75 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "Ha sido agregado el grupo de tareas \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:85 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "Ha sido eliminado el grupo de tareas \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:95 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "Ha sido modificado el grupo de tareas \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:106 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/hostgroup.py:49 msgid "Host Groups" msgstr "Grupos de equipo" #: ../../ipalib/plugins/hostgroup.py:74 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "Ha sido agregado el grupo de equipo \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:84 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "Ha sido eliminado el grupo de equipo \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:94 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "Ha sido modificado el grupo de equipo \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:105 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "" msgstr[1] "" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "la prioridad no puede ser definida en una pl?tica global" #: ../../ipaserver/install/certs.py:571 #: ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "No es posible comunicarse con CMS (%s)" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "Request subject \"%(request_subject)s\" does not match the form \"%(subject_base)s\"" msgstr "El asunto solicitado \"%(request_subject)s\" no coincide con la forma \"%(subject_base)s\"" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "no es posible decodificar csr: %s" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "operaci?n de archivo" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "no es posible obtener el pr?ximo n?mero de serie" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "falla de certutil" From dpal at redhat.com Tue Feb 23 15:54:23 2010 From: dpal at redhat.com (Dmitri Pal) Date: Tue, 23 Feb 2010 10:54:23 -0500 Subject: [Freeipa-devel] [DOC] about netgroups In-Reply-To: <4B83EEBA.1060402@redhat.com> References: <4B83EEBA.1060402@redhat.com> Message-ID: <4B83FA2F.50804@redhat.com> Pavel Z?na wrote: > I was asked to complete the documentation of IPA commands on the > internal wiki. Unfortunatly, I currently don't have access to it and > have decided to put some of the information I've been gathering here > on freeipa-devel. It's not a secret after all and is easier to review > by other team members. I'm going to put this on the wiki as soon as I > can. > Try now... > So, in the first (and possibly last) issue of CommandDocs(tm), we're > going to look at netgroups and commands related to them. > > What are netgroups? > =================== > Netgroups are a concept introduced in the directory service NIS. They > are supposed to contain users, hosts (machines) and other netgroups. > Here are a few examples of why such groups can be useful: > > http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F > > > Don't continue reading after the "What are NIS netgroups good for?" > part. Netgroup entries are different in IPA. Though they are different it is important to underline that there are two plugins in IPA that make the data in the new format available via NIS or old standard RFC2307/2307bis LDAP schema. For details see the documentation and examples here: https://fedorahosted.org/slapi-nis/ The entries stored using the new schema are converted into the standard NIS netgroup map and served via the NIS protocol by the first plugin described on the slapi-nis project page and the compatibility plugin can be used to create a virtual LDAP view that matches the standard 2307 or 2307bis schema for netgroups using the IPA specific schema. I am not sure that we have it configured by default. This is something that Nalin would be able to clarify. Nalin? But anyways it is definitely possible to configure the compatibility plugin to automatically translate the IPA netgroups schema into schema that standard nss_ldap client expects. > > Some more info about netgroups (optional reading; I'll explain most of > the important stuff): > http://www.softpanorama.org/Net/Application_layer/NIS/nis_netgroups.shtml > > How do we store netgroups in the IPA backend (LDAP)? > ==================================================== > NIS groups traditionally contain a so called netgroup triple of the > format: > > (machine, user, domain) > > machine - machine name, a host name > user - user name > domain - NIS domain of the machine and user > > Note that there is no necessary relationship between the machine and > the user. Only one of those fields is usually used at a time to avoid > confusion. > > In IPA, we don't use the triple anymore. It's ugly and unclear. > Instead we use the membership relationship between LDAP entries. You > simple add users, host and even their groups as members of a netgroup. > The domain field is constant for each netgroup and defaults to the > current IPA domain. > > Example of a netgroup displayed using the IPA CLI: > > # ipa netgroup-show net1 > Netgroup name: net1 > Description: test netgroup > NIS domain name: pzuna > Member User: admin > Member Host: testbox.pzuna > > What commands are available in IPA for handling netgroups? > ========================================================== > The management plugin for netgroups in IPA conforms to the CRUD > command naming conventions used in all other plugins, that come with > the default > IPA installation. > > Creating new netgroups > ---------------------- > ipa netgroup-add NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] > > NAME is the name of the netgroup (can be anything, but must be unique) > DESCRIPTION is the netgroup description (required) > NISDOMAIN is the NIS domain name, defaults to the current IPA domain > > Deleting netgroups > ------------------ > ipa netgroup-del NAME > > Displaying netgroups > -------------------- > ipa netgroup-show NAME > > Modifying netgroups > ------------------- > ipa netgroup-mod NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] > > Same as `ipa netgroup-add`, except modifying description is required > and NISDOMAIN doesn't default to anything. > > Searching for netgroups > ----------------------- > ipa netgroup-find [CRITERIA] [--name=NAME] [--desc=DESCRIPTION] > [--nisdomain=NISDOMAIN] [--uuid=UUID] > > CRITERIA is an optional substring, that has to appear in either the > name, the description or the NIS domain of the groups you're looking for > > Other options are the same as `ipa netgroup-add`, except nothing is > required and doesn't default to anything. There's a new UUID option, > that allows searching netgroups by ipaUniqueID. If one of these > options is set, the command returns only exact matches of this option. > > Adding users and hosts to netgroups > ----------------------------------- > ipa netgroup-add-member NAME [--users=USERS] [--groups=GROUPS] > [--hosts=HOSTS] [--hostgroups=HOSTGROUPS] > [--netgroups=NETGROUPS] > > USERS,GROUPS,HOSTS,HOSTGROUPS,NETGROUPS are comma-separated lists of > names of the appropriate objects. > > Removing users and hosts from netgroups > --------------------------------------- > ipa netgroup-remove-member NAME [--users=USERS] [--groups=GROUPS] > [--hosts=HOSTS] > [--hostgroups=HOSTGROUPS] > [--netgroups=NETGROUPS] > > Same as `netgroup-add-member`. > > Examples > -------- > # ipa netgroup-add net0 --desc="test netgroup" > Netgroup name: net0 > Description: test netgroup > NIS domain name: pzuna > IPA unique ID: 9e6e089c-2089-11df-b677-5452004c033a > > # ipa netgroup-mod net0 --desc="description change" > Netgroup name: net0 > Description: description change > NIS domain name: pzuna > > # ipa netgroup-add-member net0 --users=admin --hosts=testbox.pzuna > Netgroup name: net0 > Description: description change > NIS domain name: pzuna > Member User: admin > Member Host: testbox.pzuna > ------------------------- > Number of members added 2 > ------------------------- > > # ipa netgroup-remove-member net0 --users=admin > Netgroup name: net0 > Description: description change > NIS domain name: pzuna > Member Host: testbox.pzuna > --------------------------- > Number of members removed 1 > --------------------------- > > # ipa netgroup-del net0 > > # ipa netgroup-show net0 > ipa: ERROR: no such entry > > > > Pavel > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Tue Feb 23 16:22:05 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Tue, 23 Feb 2010 09:22:05 -0700 Subject: [Freeipa-devel] mod_wsgi troubles Message-ID: <1266942125.29321.155.camel@jgd-dsk> So I've been working on migrating freeIPA from mod_python to mod_wsgi. This isn't a big change as the IPA server is already all WSGI internally, but I've run into 2 unexpected problems. mod_wsgi daemon mode ==================== First, the easy problem. The mod_wsgi documentation clearly states that the daemon mode is the preferred way to deploy. See the "Defining Process Groups" section in: http://code.google.com/p/modwsgi/wiki/ConfigurationGuidelines In daemon mode, Apache starts mod_wsgi in a separate process and communicates with it via a Unix socket. Unfortunately, Fedora12 doesn't support daemon mode nicely out of the box and tries create the socket in /etc/httpd/run, which of course make selinux mad (as it should). I believe Apache is being run with the Apache home set to /etc/httpd (which itself seems weird to me, not sure if this is a bug). Anyway, we can fix this with the WSGISocketPrefix directive. But this directive is server-scope (can't be virtual-host-scope), so we really need to fix this in the mod_wsgi package. We just need to add this to /etc/httpd/conf.d/wsgi.conf: WSGISocketPrefix /var/run/httpd/wsgi This config file is owned by mod_wsgi, not IPA, so I don't think IPA should be writing stuff to this during it's install. Again, needs to be fixed in the mod_wsgi package. I haven't tried this under Fedora11 yet, so I don't know if the same problem is present there. Simplify Kerberos protected URLs ================================ Currently in our URL space we have: /ipa/xml - Kerberos protected /ipa/json - Kerberos protected /ipa/ui - Kerberos protected /ipa/errors - Not protected /ipa/config - Not protected /ipa/crl - Not protected Under mod_python, we have separate handlers for the xml, json, and ui URLs. My upcoming patch has a new WSGI middleware component this is a single entry point at /ipa. I did this so that the LDAP auth and session stuff is handled in exactly the same way regardless of which app is the final target. Anyway, right now we have to handle stuff in a pretty funky way (including under mod_python). We turn on Kerb auth for /ipa, then turn it off for /ipa/errors and friends. I would really like us to have two base URLs, something like this: /ipa/* - Kerberos projected /ipa-static/* - Not projected Doesn't have to be called ipa-static, just throwing a name out there. We can work around this (as we already do), but there 2 reasons I think we should do this: 1. Security - our current approach is confusing and opens us up to mistakes (our mistakes or a sysadmin's). 2. Extensibility - in the V2 cycle we have added several new things in /ipa/*, some Kerberos protected, some not. I'm sure this will happen again in the future, so we might as well clean this up now. What do people think? I'm not sure I explained this well, but look in install/conf/ipa.conf and you'll see what I mean. From jdennis at redhat.com Tue Feb 23 16:22:55 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 23 Feb 2010 11:22:55 -0500 Subject: [Freeipa-devel] [PATCH] Add more Spanish translations Message-ID: <4B8400DF.4030101@redhat.com> Add more Spanish translations: Current translation status: ipa.pot has 133 messages. There are 6 po translation files. bn_IN: 14/133 10.5% 106 po untranslated, 13 missing, 119 untranslated es: 124/133 93.2% 9 po untranslated, 0 missing, 9 untranslated id: 107/133 80.5% 13 po untranslated, 13 missing, 26 untranslated kn: 20/133 15.0% 113 po untranslated, 0 missing, 113 untranslated pl: 133/133 100.0% 0 po untranslated, 0 missing, 0 untranslated ru: 120/133 90.2% 0 po untranslated, 13 missing, 13 untranslated -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-more-Spanish-translations.patch Type: text/x-patch Size: 14116 bytes Desc: not available URL: From dpal at redhat.com Tue Feb 23 17:48:09 2010 From: dpal at redhat.com (Dmitri Pal) Date: Tue, 23 Feb 2010 12:48:09 -0500 Subject: [Freeipa-devel] [DOC] about netgroups In-Reply-To: <4B83FA2F.50804@redhat.com> References: <4B83EEBA.1060402@redhat.com> <4B83FA2F.50804@redhat.com> Message-ID: <4B8414D9.5070701@redhat.com> Dmitri Pal wrote: > Pavel Z?na wrote: > >> I was asked to complete the documentation of IPA commands on the >> internal wiki. Unfortunatly, I currently don't have access to it and >> have decided to put some of the information I've been gathering here >> on freeipa-devel. It's not a secret after all and is easier to review >> by other team members. I'm going to put this on the wiki as soon as I >> can. >> >> > > Try now... > > >> So, in the first (and possibly last) issue of CommandDocs(tm), we're >> going to look at netgroups and commands related to them. >> >> What are netgroups? >> =================== >> Netgroups are a concept introduced in the directory service NIS. They >> are supposed to contain users, hosts (machines) and other netgroups. >> Here are a few examples of why such groups can be useful: >> >> http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F >> >> >> Don't continue reading after the "What are NIS netgroups good for?" >> part. Netgroup entries are different in IPA. >> > > > Though they are different it is important to underline that there are > two plugins in IPA that make the data in the new format available via > NIS or old standard RFC2307/2307bis LDAP schema. For details see the > documentation and examples here: https://fedorahosted.org/slapi-nis/ > The entries stored using the new schema are converted into the standard > NIS netgroup map and served via the NIS protocol by the first plugin > described on the slapi-nis project page and the compatibility plugin can > be used to create a virtual LDAP view that matches the standard 2307 or > 2307bis schema for netgroups using the IPA specific schema. > I am not sure that we have it configured by default. This is something > that Nalin would be able to clarify. Nalin? > But anyways it is definitely possible to configure the compatibility > plugin to automatically translate the IPA netgroups schema into schema > that standard nss_ldap client expects. > > And Nalin confirmed that this is in the default configuration. >> Some more info about netgroups (optional reading; I'll explain most of >> the important stuff): >> http://www.softpanorama.org/Net/Application_layer/NIS/nis_netgroups.shtml >> >> How do we store netgroups in the IPA backend (LDAP)? >> ==================================================== >> NIS groups traditionally contain a so called netgroup triple of the >> format: >> >> (machine, user, domain) >> >> machine - machine name, a host name >> user - user name >> domain - NIS domain of the machine and user >> >> Note that there is no necessary relationship between the machine and >> the user. Only one of those fields is usually used at a time to avoid >> confusion. >> >> In IPA, we don't use the triple anymore. It's ugly and unclear. >> Instead we use the membership relationship between LDAP entries. You >> simple add users, host and even their groups as members of a netgroup. >> The domain field is constant for each netgroup and defaults to the >> current IPA domain. >> >> Example of a netgroup displayed using the IPA CLI: >> >> # ipa netgroup-show net1 >> Netgroup name: net1 >> Description: test netgroup >> NIS domain name: pzuna >> Member User: admin >> Member Host: testbox.pzuna >> >> What commands are available in IPA for handling netgroups? >> ========================================================== >> The management plugin for netgroups in IPA conforms to the CRUD >> command naming conventions used in all other plugins, that come with >> the default >> IPA installation. >> >> Creating new netgroups >> ---------------------- >> ipa netgroup-add NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] >> >> NAME is the name of the netgroup (can be anything, but must be unique) >> DESCRIPTION is the netgroup description (required) >> NISDOMAIN is the NIS domain name, defaults to the current IPA domain >> >> Deleting netgroups >> ------------------ >> ipa netgroup-del NAME >> >> Displaying netgroups >> -------------------- >> ipa netgroup-show NAME >> >> Modifying netgroups >> ------------------- >> ipa netgroup-mod NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] >> >> Same as `ipa netgroup-add`, except modifying description is required >> and NISDOMAIN doesn't default to anything. >> >> Searching for netgroups >> ----------------------- >> ipa netgroup-find [CRITERIA] [--name=NAME] [--desc=DESCRIPTION] >> [--nisdomain=NISDOMAIN] [--uuid=UUID] >> >> CRITERIA is an optional substring, that has to appear in either the >> name, the description or the NIS domain of the groups you're looking for >> >> Other options are the same as `ipa netgroup-add`, except nothing is >> required and doesn't default to anything. There's a new UUID option, >> that allows searching netgroups by ipaUniqueID. If one of these >> options is set, the command returns only exact matches of this option. >> >> Adding users and hosts to netgroups >> ----------------------------------- >> ipa netgroup-add-member NAME [--users=USERS] [--groups=GROUPS] >> [--hosts=HOSTS] [--hostgroups=HOSTGROUPS] >> [--netgroups=NETGROUPS] >> >> USERS,GROUPS,HOSTS,HOSTGROUPS,NETGROUPS are comma-separated lists of >> names of the appropriate objects. >> >> Removing users and hosts from netgroups >> --------------------------------------- >> ipa netgroup-remove-member NAME [--users=USERS] [--groups=GROUPS] >> [--hosts=HOSTS] >> [--hostgroups=HOSTGROUPS] >> [--netgroups=NETGROUPS] >> >> Same as `netgroup-add-member`. >> >> Examples >> -------- >> # ipa netgroup-add net0 --desc="test netgroup" >> Netgroup name: net0 >> Description: test netgroup >> NIS domain name: pzuna >> IPA unique ID: 9e6e089c-2089-11df-b677-5452004c033a >> >> # ipa netgroup-mod net0 --desc="description change" >> Netgroup name: net0 >> Description: description change >> NIS domain name: pzuna >> >> # ipa netgroup-add-member net0 --users=admin --hosts=testbox.pzuna >> Netgroup name: net0 >> Description: description change >> NIS domain name: pzuna >> Member User: admin >> Member Host: testbox.pzuna >> ------------------------- >> Number of members added 2 >> ------------------------- >> >> # ipa netgroup-remove-member net0 --users=admin >> Netgroup name: net0 >> Description: description change >> NIS domain name: pzuna >> Member Host: testbox.pzuna >> --------------------------- >> Number of members removed 1 >> --------------------------- >> >> # ipa netgroup-del net0 >> >> # ipa netgroup-show net0 >> ipa: ERROR: no such entry >> >> >> >> Pavel >> >> _______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel >> >> >> > > > -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Tue Feb 23 18:16:59 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Tue, 23 Feb 2010 11:16:59 -0700 Subject: [Freeipa-devel] [PATCH] jderose 049 Consolidate to single WSGI entry point Message-ID: <1266949019.29321.175.camel@jgd-dsk> This is part1 of the mod_wsgi transition. It provides a new plugin: api.Backend.session. This is a WSGI middleware component that will create the LDAP connection and then route the request to the appropriate WSGI application (/xml or /json or /ui). The end result is that we have a single entry point (/ipa) instead of 3, and we also use the exact same code path to create and destroy the LDAP connection (which is obviously good for security). All this still is running under mod_python, but my next patch switches things to mod_wsgi (still have a few issues on that front). -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-049-Single-WSGI-entry-point.patch Type: text/x-patch Size: 17039 bytes Desc: not available URL: From jdennis at redhat.com Tue Feb 23 19:39:10 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 23 Feb 2010 14:39:10 -0500 Subject: [Freeipa-devel] [PATCH] jderose 048 Translatable Param.label, Param.doc In-Reply-To: <1266596115.26979.65.camel@jgd-dsk> References: <1266596115.26979.65.camel@jgd-dsk> Message-ID: <4B842EDE.9020904@redhat.com> On 02/19/2010 11:15 AM, Jason Gerard DeRose wrote: > This patch: > > 1. Changes Param.label, Param.doc so they can be either text.Gettext or > str instances. This is transitional till we get any outstanding patches > merged in, then they will only allow text.Gettext instances. > > 2. Adds a docstring to the ipalib/parameters.py module explaining the > difference between cli_name, label, and doc. It also has some style > guidelines for the label and doc. > > 3. Marks all Param.label and Param.doc for translation, does some > cleanup to hopefully make things a bit more consistent. > > 4. Various small changes needed to adjust to Param.label, Param.doc > being text.Gettext instances. ACK Sometime in the near future (it can be part of another patch) I'd like to see the doc for cli_name expanded upon to explain it's only purpose is to provide a name for the command line argument (e.g. --foo) and how this is completely independent of the label used for prompts and displaying a value. Also the text.FixMe class needs some documentation on how we plan on using it to find unstranslated strings. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From ssorce at redhat.com Tue Feb 23 20:38:55 2010 From: ssorce at redhat.com (Simo Sorce) Date: Tue, 23 Feb 2010 15:38:55 -0500 Subject: [Freeipa-devel] mod_wsgi troubles In-Reply-To: <1266942125.29321.155.camel@jgd-dsk> References: <1266942125.29321.155.camel@jgd-dsk> Message-ID: <20100223153855.5efe514f@willson.li.ssimo.org> On Tue, 23 Feb 2010 09:22:05 -0700 Jason Gerard DeRose wrote: > So I've been working on migrating freeIPA from mod_python to mod_wsgi. > This isn't a big change as the IPA server is already all WSGI > internally, but I've run into 2 unexpected problems. > > > mod_wsgi daemon mode > ==================== > > First, the easy problem. The mod_wsgi documentation clearly states > that the daemon mode is the preferred way to deploy. See the > "Defining Process Groups" section in: > > http://code.google.com/p/modwsgi/wiki/ConfigurationGuidelines > > In daemon mode, Apache starts mod_wsgi in a separate process and > communicates with it via a Unix socket. Unfortunately, Fedora12 > doesn't support daemon mode nicely out of the box and tries create > the socket in /etc/httpd/run, which of course make selinux mad (as it > should). I believe Apache is being run with the Apache home set > to /etc/httpd (which itself seems weird to me, not sure if this is a > bug). > > Anyway, we can fix this with the WSGISocketPrefix directive. But this > directive is server-scope (can't be virtual-host-scope), so we really > need to fix this in the mod_wsgi package. We just need to add this > to /etc/httpd/conf.d/wsgi.conf: > > WSGISocketPrefix /var/run/httpd/wsgi > > This config file is owned by mod_wsgi, not IPA, so I don't think IPA > should be writing stuff to this during it's install. Again, needs to > be fixed in the mod_wsgi package. I haven't tried this under > Fedora11 yet, so I don't know if the same problem is present there. Shouldn't you open a bug against mod_wsgi in fedora and have it fixed there ? > Simplify Kerberos protected URLs > ================================ > > Currently in our URL space we have: > > /ipa/xml - Kerberos protected > /ipa/json - Kerberos protected > /ipa/ui - Kerberos protected > /ipa/errors - Not protected > /ipa/config - Not protected > /ipa/crl - Not protected > > Under mod_python, we have separate handlers for the xml, json, and ui > URLs. My upcoming patch has a new WSGI middleware component this is a > single entry point at /ipa. I did this so that the LDAP auth and > session stuff is handled in exactly the same way regardless of which > app is the final target. > > Anyway, right now we have to handle stuff in a pretty funky way > (including under mod_python). We turn on Kerb auth for /ipa, then > turn it off for /ipa/errors and friends. I would really like us to > have two base URLs, something like this: > > /ipa/* - Kerberos projected > /ipa-static/* - Not projected When you say "kerberos protected" do you mean it uses mod_auth_kerb for each access, or does it include also pages you can access only if you previously authenticated but are just using a session to validate it ? I would say /ipa/auth/* - only authenticated access /ipa/* - anything else > Doesn't have to be called ipa-static, just throwing a name out there. > We can work around this (as we already do), but there 2 reasons I > think we should do this: > > 1. Security - our current approach is confusing and opens us up to > mistakes (our mistakes or a sysadmin's). > > 2. Extensibility - in the V2 cycle we have added several new > things in /ipa/*, some Kerberos protected, some not. I'm sure this > will happen again in the future, so we might as well clean this up > now. > > What do people think? I'm not sure I explained this well, but look in > install/conf/ipa.conf and you'll see what I mean. your proposal looks sane I think we already tried to do that once, better discipline should be used, but also a better, clear naming will help. Perhaps adding a README in the directory that server /ipa/ that explains what should go where, might help ? Simo. -- Simo Sorce * Red Hat, Inc * New York From rcritten at redhat.com Tue Feb 23 21:54:48 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 23 Feb 2010 16:54:48 -0500 Subject: [Freeipa-devel] [PATCH] Make the --all option work in Add/Remove Member commands. In-Reply-To: <4B83EDD6.6000203@redhat.com> References: <4B83EDD6.6000203@redhat.com> Message-ID: <4B844EA8.7050100@redhat.com> Pavel Z?na wrote: > Add/Remove Member commands didn't work with the --all option. They do now. > > Pavel Nack, it causes 5 tests to fail. rob From rcritten at redhat.com Tue Feb 23 21:55:57 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 23 Feb 2010 16:55:57 -0500 Subject: [Freeipa-devel] [PATCH] Fix bug where parameter cloning didn't clone validating rules. In-Reply-To: <4B83E70A.6010706@redhat.com> References: <4B83E70A.6010706@redhat.com> Message-ID: <4B844EED.9060409@redhat.com> Pavel Z?na wrote: > I thought we had validation fixed, but this little bit was still missing. > > Pavel ack, pushed to master From rcritten at redhat.com Tue Feb 23 21:56:12 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 23 Feb 2010 16:56:12 -0500 Subject: [Freeipa-devel] [PATCH] Replace incorrect use of str.index with str.find in host plugin. In-Reply-To: <1266938353.8157.3.camel@wolverine.englab.brq.redhat.com> References: <4B83E757.7090900@redhat.com> <1266938353.8157.3.camel@wolverine.englab.brq.redhat.com> Message-ID: <4B844EFC.3030005@redhat.com> Martin Nagy wrote: > On Tue, 2010-02-23 at 15:33 +0100, Pavel Z?na wrote: >> index was used as if it was find in the validation function. >> >> Pavel > > Ack. > Martin pushed to master From rcritten at redhat.com Tue Feb 23 21:56:27 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 23 Feb 2010 16:56:27 -0500 Subject: [Freeipa-devel] [PATCH] Complete netgroup attributes. In-Reply-To: <4B83E798.901@redhat.com> References: <4B83E798.901@redhat.com> Message-ID: <4B844F0B.8000006@redhat.com> Pavel Z?na wrote: > Add missing attributes to the netgroup plugin. The plugin will now > correctly display membership information and allow searching for > netgroups by UUID. > > Pavel ack, pushed to master From rcritten at redhat.com Tue Feb 23 22:11:07 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 23 Feb 2010 17:11:07 -0500 Subject: [Freeipa-devel] [PATCH] fix typo in install/updates/30-automount.update In-Reply-To: <20100222212904.GE16206@redhat.com> References: <20100222212904.GE16206@redhat.com> Message-ID: <4B84527B.2080003@redhat.com> Nalin Dahyabhai wrote: > This'll keep cn=default,cn=automount,$SUFFIX from getting a second "cn" > value that it doesn't need. > > Nalin ack, pushed to master Note, I slightly tweaked the patch description. rob From jdennis at redhat.com Tue Feb 23 22:30:18 2010 From: jdennis at redhat.com (John Dennis) Date: Tue, 23 Feb 2010 17:30:18 -0500 Subject: [Freeipa-devel] [PATCH] Add contributors file Message-ID: <4B8456FA.7090103@redhat.com> Add contributors file. This gets installed along side the LICENSE and README files in the doc dir for each rpm package. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-contributors-file.patch Type: text/x-patch Size: 3057 bytes Desc: not available URL: From jderose at redhat.com Wed Feb 24 10:08:40 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 24 Feb 2010 03:08:40 -0700 Subject: [Freeipa-devel] [PATCH] jderose 048 Translatable Param.label, Param.doc In-Reply-To: <4B842EDE.9020904@redhat.com> References: <1266596115.26979.65.camel@jgd-dsk> <4B842EDE.9020904@redhat.com> Message-ID: <1267006120.30926.0.camel@jgd-dsk> On Tue, 2010-02-23 at 14:39 -0500, John Dennis wrote: > On 02/19/2010 11:15 AM, Jason Gerard DeRose wrote: > > This patch: > > > > 1. Changes Param.label, Param.doc so they can be either text.Gettext or > > str instances. This is transitional till we get any outstanding patches > > merged in, then they will only allow text.Gettext instances. > > > > 2. Adds a docstring to the ipalib/parameters.py module explaining the > > difference between cli_name, label, and doc. It also has some style > > guidelines for the label and doc. > > > > 3. Marks all Param.label and Param.doc for translation, does some > > cleanup to hopefully make things a bit more consistent. > > > > 4. Various small changes needed to adjust to Param.label, Param.doc > > being text.Gettext instances. > > ACK > > Sometime in the near future (it can be part of another patch) I'd like > to see the doc for cli_name expanded upon to explain it's only purpose > is to provide a name for the command line argument (e.g. --foo) and how > this is completely independent of the label used for prompts and > displaying a value. Also the text.FixMe class needs some documentation > on how we plan on using it to find unstranslated strings. pushed to master. thanks for the review. From pzuna at redhat.com Wed Feb 24 12:59:50 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Wed, 24 Feb 2010 13:59:50 +0100 Subject: [Freeipa-devel] [PATCH] Make the --all option work in Add/Remove Member commands. In-Reply-To: <4B844EA8.7050100@redhat.com> References: <4B83EDD6.6000203@redhat.com> <4B844EA8.7050100@redhat.com> Message-ID: <4B8522C6.1000302@redhat.com> Rob Crittenden wrote: > Pavel Z?na wrote: >> Add/Remove Member commands didn't work with the --all option. They do >> now. >> >> Pavel > > Nack, it causes 5 tests to fail. > > rob New version attached. Fixes the tests and makes Add/Remove Member commands return DN as well. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Make-the-all-option-work-in-Add-Remove-Member-comman.patch Type: application/mbox Size: 7507 bytes Desc: not available URL: From sgallagh at redhat.com Wed Feb 24 13:06:16 2010 From: sgallagh at redhat.com (Stephen Gallagher) Date: Wed, 24 Feb 2010 08:06:16 -0500 Subject: [Freeipa-devel] [PATCH] Add contributors file In-Reply-To: <4B8456FA.7090103@redhat.com> References: <4B8456FA.7090103@redhat.com> Message-ID: <4B852448.6080706@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/23/2010 05:30 PM, John Dennis wrote: > Add contributors file. This gets installed along side the LICENSE and > README files in the doc dir for each rpm package. > My name is spelled "Stephen", not "Steven". - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkuFJEcACgkQeiVVYja6o6PdFACeJotWvaYt8Ct4aZl9fntwKcIw 66YAoJpKCwB21qKhiLKnhHSZEgn7xpCt =NyTA -----END PGP SIGNATURE----- From admin at transifex.net Wed Feb 24 14:19:52 2010 From: admin at transifex.net (admin at transifex.net) Date: Wed, 24 Feb 2010 14:19:52 -0000 Subject: [Freeipa-devel] [www.transifex.net] Team Changed: Spanish (Castilian) Message-ID: <20100224141952.17345.55554@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The 'Spanish (Castilian)' translation team of the 'FreeIPA' project has been changed. Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/team/es/ in order to see this new team. For changing how you receive notifications, please go to http://www.transifex.net/notices/. Thank you, Transifex From rcritten at redhat.com Wed Feb 24 15:41:27 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 24 Feb 2010 10:41:27 -0500 Subject: [Freeipa-devel] [PATCH] 388 update client command man pages Message-ID: <4B8548A7.4050606@redhat.com> Update the client command man pages with recent option additions and some additional verbiage. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-388-man.patch Type: application/mbox Size: 6102 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 24 15:43:34 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 24 Feb 2010 10:43:34 -0500 Subject: [Freeipa-devel] [PATCH] 389 enable popt macro Message-ID: <4B854926.8000707@redhat.com> Add the POPT_AUTOHELP macro to the options table to provide more verbose help output. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-389-popt.patch Type: application/mbox Size: 2560 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 24 16:41:59 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 24 Feb 2010 11:41:59 -0500 Subject: [Freeipa-devel] [PATCH] 391 make dogtag a required and default component Message-ID: <4B8556D7.3020702@redhat.com> Make the CA a required component and configured by default. To install IPA without dogtag use the --selfsign option. The --ca option is now deprecated. A bit of wiki documentation will need to be updated once this is pushed to remove references to --ca. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-391-ca.patch Type: application/mbox Size: 6238 bytes Desc: not available URL: From jdennis at redhat.com Wed Feb 24 18:26:55 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 24 Feb 2010 13:26:55 -0500 Subject: [Freeipa-devel] [PATCH] Add contributors file. (corrected) Message-ID: <4B856F6F.3030306@redhat.com> Note: This is a corrected version, Stephen's name misspelled (also there were inconsistencies with the indentation which I fixed as well) This gets installed along side the LICENSE and README files in the doc dir for each rpm package. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-contributors-file.patch Type: text/x-patch Size: 1713 bytes Desc: not available URL: From rcritten at redhat.com Wed Feb 24 18:57:18 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 24 Feb 2010 13:57:18 -0500 Subject: [Freeipa-devel] [PATCH] Make the --all option work in Add/Remove Member commands. In-Reply-To: <4B8522C6.1000302@redhat.com> References: <4B83EDD6.6000203@redhat.com> <4B844EA8.7050100@redhat.com> <4B8522C6.1000302@redhat.com> Message-ID: <4B85768E.6070001@redhat.com> Pavel Zuna wrote: > Rob Crittenden wrote: >> Pavel Z?na wrote: >>> Add/Remove Member commands didn't work with the --all option. They do >>> now. >>> >>> Pavel >> >> Nack, it causes 5 tests to fail. >> >> rob > New version attached. Fixes the tests and makes Add/Remove Member > commands return DN as well. > > Pavel ack, pushed to master rob From rcritten at redhat.com Wed Feb 24 19:02:18 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 24 Feb 2010 14:02:18 -0500 Subject: [Freeipa-devel] [PATCH] Add contributors file. (corrected) In-Reply-To: <4B856F6F.3030306@redhat.com> References: <4B856F6F.3030306@redhat.com> Message-ID: <4B8577BA.4040001@redhat.com> John Dennis wrote: > Note: This is a corrected version, Stephen's name misspelled (also there > were inconsistencies with the indentation which I fixed as well) > > This gets installed along side the LICENSE and README files in the doc > dir for each rpm package. Ack, pushed to master John will supply a follow-up patch adding this to the spec file. From jdennis at redhat.com Wed Feb 24 19:09:57 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 24 Feb 2010 14:09:57 -0500 Subject: [Freeipa-devel] [PATCH] Install Contributors.txt Message-ID: <4B857985.7090402@redhat.com> -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Install-Contributors.txt.patch Type: text/x-patch Size: 1739 bytes Desc: not available URL: From jdennis at redhat.com Wed Feb 24 19:10:42 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 24 Feb 2010 14:10:42 -0500 Subject: [Freeipa-devel] [PATCH] 391 make dogtag a required and default component In-Reply-To: <4B8556D7.3020702@redhat.com> References: <4B8556D7.3020702@redhat.com> Message-ID: <4B8579B2.8060806@redhat.com> On 02/24/2010 11:41 AM, Rob Crittenden wrote: > Make the CA a required component and configured by default. > > To install IPA without dogtag use the --selfsign option. > > The --ca option is now deprecated. A bit of wiki documentation will need > to be updated once this is pushed to remove references to --ca. > > rob ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Wed Feb 24 21:17:18 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Wed, 24 Feb 2010 14:17:18 -0700 Subject: [Freeipa-devel] [PATCH] jderose 050 Run ipaserver under mod_wsgi Message-ID: <1267046238.1872.152.camel@jgd-dsk> This patch completes the transition to running under mod_wsgi. It requires my previous "049 Consolidate to single WSGI entry point" patch. This is pretty strait forward, but a few things need highlighting: 1. mod_wsgi requires an entry point script (you can't give it a Python package name like we were doing with mod_python). Based on my reading of the Filesystem Hierarchy Standard, it seems this should be in share/ipa, so that's what I did. The script is /usr/share/ipa/wsgi.py I was expecting this to cause SELinux problems, but things seem to work fine. 2. We are running mod_wsgi in daemon mode, which is the preferred way of deploying it. The mod_wsgi daemon has both multi-process and multi-threading capabilities. As we haven't actually used threaded code much in IPA thus far (although lite-server.py is threaded), for now I have the daemon running 2 processes and 1 thread (aka it's not threaded). For production I think we probably should run something like 4 processes and 8 threads per process. This can be a later change (just requires a change in our ipa.conf Apache config file). 3. As ipaserver is now running inside the mod_wsgi daemon, we can changed from using the Apache "prefork" MPM to using "worker", which is far superior for static content. I haven't changed this yet, but we should put this on our TODO. I pretty much had this patch all done last Friday, but I've let things slow-roast for several days to make sure it's stable. I feel confident that this is a low risk change. All the same, I think we should get this pushed as soon as possible so we can shake out any remaining issues. -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-jderose-050-Run-ipaserver-under-mod_wsgi.patch Type: text/x-patch Size: 12529 bytes Desc: not available URL: From jdennis at redhat.com Wed Feb 24 22:01:22 2010 From: jdennis at redhat.com (John Dennis) Date: Wed, 24 Feb 2010 17:01:22 -0500 Subject: [Freeipa-devel] [PATCH] Rework contributors list from Simo's input Message-ID: <4B85A1B2.90903@redhat.com> O.K., let's try this one more time. The list has be modified according to Simo's suggestions. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Rework-contributors-list-from-Simo-s-input.patch Type: text/x-patch Size: 1246 bytes Desc: not available URL: From pzuna at redhat.com Thu Feb 25 12:51:25 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Thu, 25 Feb 2010 13:51:25 +0100 Subject: [Freeipa-devel] Plugin versioning scheme and plugin dependencies Message-ID: <4B86724D.8080103@redhat.com> I've been thinking about this a little bit and came up with the following proposition. All plugin, that are going to be registered in API, will need a version number or preferably two. A major and a minor version number. The major number will only be incremented when a backward incompatible change is made. Method plugins should be able to inherit version number from their parent object. We should make it possible for plugins to define dependencies on other plugins. This will be probably implemented as a list of tuples containing the plugin name and a major version number. I was thinking about extracting the dependencies automatically, but there doesn't seem to be an easy way to do this "from inside the code". We could have an automated tool, that would validate plugins, checks versions and fill in the dependencies... but that might be overkill. Dependencies will be checked when API is finalizing. Version number can be also used when registering plugins. Newer version will automatically override older ones. This will also enable us, to make new versions of plugins, that only extend a previous version. For example: class user_show(LDAPRetrieve): PLUGIN_VERSION = (1, 0) ... def pre_callback(...): ... api.register(user_show) class user_show(user_show): # this is legal even in the same file in python! PLUGIN_VERSION = (1, 1) def pre_callback(...): super(user_show, self).pre_callback(...) # do something new here ... api.register(user_show) # new version will override old one Thoughts? Comments? Pavel From pzuna at redhat.com Thu Feb 25 13:23:34 2010 From: pzuna at redhat.com (Pavel Zuna) Date: Thu, 25 Feb 2010 14:23:34 +0100 Subject: [Freeipa-devel] [PATCH] Code cleanup: remove unused stuff, take 1. Message-ID: <4B8679D6.4080809@redhat.com> Removes most of the deprecated output code from plugins. "take 1" because there might be more patches like this in the near future. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Code-cleanup-remove-unused-stuff-take-1.patch Type: application/mbox Size: 18756 bytes Desc: not available URL: From admin at transifex.net Thu Feb 25 13:30:13 2010 From: admin at transifex.net (admin at transifex.net) Date: Thu, 25 Feb 2010 13:30:13 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100225133013.2302.6876@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by beckerde Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # Fedora Spanish translation of freeipa.master.ipa. # This file is distributed under the same license as the freeipa.master.ipa package. # # H?ctor Daniel Cabrera , 2010. # msgid "" msgstr "" "Project-Id-Version: freeipa.master.ipa\n" "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-02-15 14:55-0500\n" "PO-Revision-Date: \n" "Last-Translator: Domingo Becker \n" "Language-Team: Fedora Spanisg \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Spanish\n" "X-Poedit-Country: ARGENTINA\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: ../../ipalib/parameters.py:224 msgid "incorrect type" msgstr "tipo incorrecto" #: ../../ipalib/parameters.py:227 msgid "Only one value is allowed" msgstr "S?lo se permite un valor" #: ../../ipalib/parameters.py:791 msgid "must be True or False" msgstr "debe ser True o False" #: ../../ipalib/parameters.py:892 msgid "must be an integer" msgstr "debe ser un entero" #: ../../ipalib/parameters.py:943 #, python-format msgid "must be at least %(minvalue)d" msgstr "debe ser como m?nimo %(minvalue)d" #: ../../ipalib/parameters.py:953 #, python-format msgid "can be at most %(maxvalue)d" msgstr "puede ser como m?ximo %(maxvalue)d" #: ../../ipalib/parameters.py:963 msgid "must be a decimal number" msgstr "debe ser un n?mero decimal" #: ../../ipalib/parameters.py:985 #, python-format msgid "must be at least %(minvalue)f" msgstr "debe ser como m?nimo %(minvalue)f" #: ../../ipalib/parameters.py:995 #, python-format msgid "can be at most %(maxvalue)f" msgstr "puede ser como m?ximo %(maxvalue)f" #: ../../ipalib/parameters.py:1055 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "debe coincidir con el modelo \"%(pattern)s" #: ../../ipalib/parameters.py:1073 msgid "must be binary data" msgstr "debe ser un dato binario" #: ../../ipalib/parameters.py:1088 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "debe ser como m?nimo de %(minlength)d bytes" #: ../../ipalib/parameters.py:1098 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "puede ser a lo sumo de %(maxlength)d bytes" #: ../../ipalib/parameters.py:1108 #, python-format msgid "must be exactly %(length)d bytes" msgstr "debe ser exactamente de %(length)d bytes" #: ../../ipalib/parameters.py:1126 msgid "must be Unicode text" msgstr "debe ser texto Unicode" #: ../../ipalib/parameters.py:1156 #, python-format msgid "must be at least %(minlength)d characters" msgstr "debe tener como m?nimo %(minlength)d caracteres" #: ../../ipalib/parameters.py:1166 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "puede tener a lo sumo %(maxlength)d caracteres" #: ../../ipalib/parameters.py:1176 #, python-format msgid "must be exactly %(length)d characters" msgstr "debe tener exactamente %(length)d caracteres" #: ../../ipalib/parameters.py:1215 #, python-format msgid "must be one of %(values)r" msgstr "debe ser uno de %(values)r" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "ngrese %(label)s nuevamente para su verificaci?n: " #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "?Las contrase?as no coinciden!" #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "Cancelado." #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "Los resultados se encuentran truncados, intente realizar una b?squeda m?s espec?fica" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "el cliente %(cver)s no es compatible con el servidor %(sver)s en %(server)r" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "error %(code)d desconocido de %(server)s: %(error)s" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "ha ocurrido un error interno" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "ha ocurrido un error interno en el servidor en %(server)r" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "comando desconocido %(name)r" #: ../../ipalib/errors.py:386 #: ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "error en el servidor %(server)r: %(error)s" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "no es posible conectar con %(uri)r: %(error)s" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "Petici?n JSON-RPC no v?lida: %(error)s" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "Error de kerberos: %(major)s/%(minor)s" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "no se ha recibido ninguna credencial Kerberos" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "El servicio %(service)r no se ha encontrado en la base de datos Kerberos" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "No se han encontrado credenciales de cach?" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "El ticket ha expirado" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "Los permisos de credenciales de cach? son incorrectos" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "Las credenciales de cach? est?n mal formadas" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "No es posible resolver KDC para el reinado solicitado" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "Acceso insuficiente: %(info)s" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "el comando %(name)r no tiene argumentos" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "el comando %(name)r lleva al menos %(count)d argumento" msgstr[1] "el comando %(name)r lleva al menos %(count)d argumentos" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "superponiendo argumentos y opciones: %(names)r" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "%(name)r es necesario" #: ../../ipalib/errors.py:706 #: ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "%(name)r inv?lido: %(error)s" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "api no posee tal nombre de espacio: %(name)r" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "Las contrase?as no coinciden" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "El comando no se ha implementado" #: ../../ipalib/errors.py:783 #: ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "%(reason)s" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "Esta entrada ya existe" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "Debe registrar un equipo para poder generar un servicio de equipo" #: ../../ipalib/errors.py:831 #, python-format msgid "Service principal is not of the form: service/fully-qualified host name: %(reason)s" msgstr "El servicio principal no tiene la forma de servicio/nombre de equipo totalmente calificado: %(reason)s" #: ../../ipalib/errors.py:847 msgid "The realm for the principal does not match the realm for this IPA server" msgstr "El reinado para el principal no coincide con el reinado para este servidor IPA" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "Este comando necesita acceso de usuario root" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "Este ya es un grupo posix" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "El principal no tiene la forma usuario at REINADO: %(principal)r" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "Esta entrada ya se encuentra desbloqueada" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "Esta entrada ya se encuentra bloqueada" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "Esta entrada posee definido nsAccountLock, no puede ser bloqueada ni desbloqueada" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "Esta entrada no es miembro del grupo" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "Un grupo no puede ser miembro de s? mismo" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "Esta entrada ya es miembro del grupo" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "Fall? la decodificaci?n base64: %(reason)s" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "Un grupo no puede ser agregado como miembro de s? mismo" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "El grupo de usuarios predeterminado no puede ser eliminado" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "no existe un comando para el t?pico de ayuda %(topic)r" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "la modificaci?n choca con otra modificaci?n diferente" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "no existen modificaciones a ser realizadas" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "%(desc)s:%(info)s" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "han sido excedidos los l?mites para esta consulta" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "%(info)s" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "La operaci?n certificada no puede ser completada: %(error)s" #: ../../ipalib/plugins/rolegroup.py:50 msgid "Role Groups" msgstr "Grupos de funciones" #: ../../ipalib/plugins/rolegroup.py:75 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "Ha sido agregado el grupo de funciones \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:85 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "Ha sido eliminado el grupo de funciones \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:95 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "Ha sido modificado el grupo de funciones \"%(value)s\"" #: ../../ipalib/plugins/rolegroup.py:106 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "%(count)d grupo de roles coincidente" msgstr[1] "%(count)d grupo de roles coincidentes" #: ../../ipalib/plugins/host.py:82 msgid "Hosts" msgstr "Equipos" #: ../../ipalib/plugins/host.py:151 #, python-format msgid "Added host \"%(value)s\"" msgstr "Ha sido agregado el equipo \"%(value)s\"" #: ../../ipalib/plugins/host.py:180 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "Ha sido eliminado el equipo \"%(value)s\"" #: ../../ipalib/plugins/host.py:208 #, python-format msgid "Modified host \"%(value)s\"" msgstr "Ha sido modificado el equipo \"%(value)s\"" #: ../../ipalib/plugins/host.py:257 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "%(count)d equipo coincidente" msgstr[1] "%(count)d equipos coincidentes" #: ../../ipalib/plugins/group.py:58 msgid "User Groups" msgstr "Grupos de usuarios" #: ../../ipalib/plugins/group.py:87 #, python-format msgid "Added group \"%(value)s\"" msgstr "Ha sido agregado el grupo \"%(value)s\"" #: ../../ipalib/plugins/group.py:110 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "Ha sido eliminado el grupo \"%(value)s\"" #: ../../ipalib/plugins/group.py:136 #, python-format msgid "Modified group \"%(value)s\"" msgstr "Ha sido modificado el grupo \"%(value)s\"" #: ../../ipalib/plugins/group.py:165 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "%(count)d grupo coincidente" msgstr[1] "%(count)d grupos coincidentes" #: ../../ipalib/plugins/service.py:122 msgid "Services" msgstr "Servicios" #: ../../ipalib/plugins/hbac.py:62 msgid "HBAC" msgstr "HBAC" #: ../../ipalib/plugins/cert.py:63 #: ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "No es posible decodificar el certificado en la entrada" #: ../../ipalib/plugins/cert.py:106 #: ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "Falla al intentar decodificar la petici?n de identificaci?n de certificado" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "Falla al intentar decodificar la petici?n de identificaci?n de certificado: %s" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "tipo, filtro, sub?rbol y grupo de destino, se excluyen mutuamente" #: ../../ipalib/plugins/aci.py:112 msgid "at least one of: type, filter, subtree, targetgroup, attrs or memberof are required" msgstr "es necesario como m?nimo alguno de: tipo, filtro, sub?rbol, grupo de destino, atributos, o miembro de " #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "grupo y grupo de tareas se excluyen mutuamente" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "Es necesario grupo o grupo de tareas" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr "El grupo '%s' no existe" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "No se encuentra un ACI cuyo nombre sea \"%s\"" #: ../../ipalib/plugins/aci.py:201 msgid "ACIs" msgstr "ACIs" #: ../../ipalib/plugins/aci.py:258 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "Ha sido creado ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:308 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "Ha sido eliminado ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:348 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "Ha sido modificado ACI \"%(value)s\"" #: ../../ipalib/plugins/aci.py:408 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "%(count)d ACI coincidente" msgstr[1] "%(count)d ACIs coincidentes" #: ../../ipalib/plugins/dns.py:114 msgid "DNS" msgstr "DNS" #: ../../ipalib/plugins/automount.py:231 msgid "Automount Maps" msgstr "Mapeos de automontaje" #: ../../ipalib/plugins/automount.py:321 msgid "Automount Keys" msgstr "Llaves de automontaje" #: ../../ipalib/plugins/netgroup.py:55 msgid "Net Groups" msgstr "Grupos de red" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "%(count)d variables" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "%(count)d complemento cargado" msgstr[1] "%(count)d complementos cargados" #: ../../ipalib/plugins/user.py:71 msgid "Users" msgstr "Usuarios" #: ../../ipalib/plugins/user.py:141 #, python-format msgid "Added user \"%(value)s\"" msgstr "Ha sido agregado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:186 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "Ha sido eliminado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:205 #, python-format msgid "Modified user \"%(value)s\"" msgstr "Ha sido modificado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:216 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "%(count)d usuario coincidente" msgstr[1] "%(count)d usuarios coincidentes" #: ../../ipalib/plugins/user.py:236 #, python-format msgid "Locked user \"%(value)s\"" msgstr "Ha sido bloqueado el usuario \"%(value)s\"" #: ../../ipalib/plugins/user.py:262 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "Ha sido desbloqueado el usuario \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:50 msgid "Task Groups" msgstr "Grupos de tareas" #: ../../ipalib/plugins/taskgroup.py:75 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "Ha sido agregado el grupo de tareas \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:85 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "Ha sido eliminado el grupo de tareas \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:95 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "Ha sido modificado el grupo de tareas \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:106 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "%(count)d grupo de tarea coincidente" msgstr[1] "%(count)d grupos de tarea coincidentes" #: ../../ipalib/plugins/hostgroup.py:49 msgid "Host Groups" msgstr "Grupos de equipo" #: ../../ipalib/plugins/hostgroup.py:74 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "Ha sido agregado el grupo de equipo \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:84 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "Ha sido eliminado el grupo de equipo \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:94 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "Ha sido modificado el grupo de equipo \"%(value)s\"" #: ../../ipalib/plugins/hostgroup.py:105 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "%(count)d grupo de equipos coincidente" msgstr[1] "%(count)d grupos de equipos coincidentes" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "la prioridad no puede ser definida en una pl?tica global" #: ../../ipaserver/install/certs.py:571 #: ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "No es posible comunicarse con CMS (%s)" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "Request subject \"%(request_subject)s\" does not match the form \"%(subject_base)s\"" msgstr "El asunto solicitado \"%(request_subject)s\" no coincide con la forma \"%(subject_base)s\"" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "no es posible decodificar csr: %s" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "operaci?n de archivo" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "no es posible obtener el pr?ximo n?mero de serie" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "falla de certutil" From jdennis at redhat.com Thu Feb 25 14:51:56 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 25 Feb 2010 09:51:56 -0500 Subject: [Freeipa-devel] [PATCH] Code cleanup: remove unused stuff, take 1. In-Reply-To: <4B8679D6.4080809@redhat.com> References: <4B8679D6.4080809@redhat.com> Message-ID: <4B868E8C.6070901@redhat.com> On 02/25/2010 08:23 AM, Pavel Zuna wrote: > Removes most of the deprecated output code from plugins. "take 1" > because there might be more patches like this in the near future. > > Pavel ACK I love getting rid of cruft. Thanks! -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jdennis at redhat.com Thu Feb 25 16:15:04 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 25 Feb 2010 11:15:04 -0500 Subject: [Freeipa-devel] [PATCH] fixed the contributors patch Message-ID: <4B86A208.3010504@redhat.com> O.K. I'm lame :-) I noticed that when I sent the patch yesterday with Simo's update I hadn't rebased the patch and squashed, so it only picked up the diff. Sorry. Here's the patch again, hopefully correct, it has Simo's suggested fixes pulled in plus the spec file changes I missed the last time around (which I did send a patch for separately). This should have everything all together and updated. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-contributors-file.patch Type: text/x-patch Size: 3229 bytes Desc: not available URL: From jdennis at redhat.com Thu Feb 25 16:22:38 2010 From: jdennis at redhat.com (John Dennis) Date: Thu, 25 Feb 2010 11:22:38 -0500 Subject: [Freeipa-devel] [PATCH] full Spanish translations as of 20100225 Message-ID: <4B86A3CE.7030204@redhat.com> ipa.pot has 133 messages. There are 6 po translation files. bn_IN: 14/133 10.5% 106 po untranslated, 13 missing, 119 untranslated es: 133/133 100.0% 0 po untranslated, 0 missing, 0 untranslated id: 107/133 80.5% 13 po untranslated, 13 missing, 26 untranslated kn: 20/133 15.0% 113 po untranslated, 0 missing, 113 untranslated pl: 133/133 100.0% 0 po untranslated, 0 missing, 0 untranslated ru: 120/133 90.2% 0 po untranslated, 13 missing, 13 untranslated -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-full-Spanish-translations-as-of-20100225.patch Type: text/x-patch Size: 4483 bytes Desc: not available URL: From rcritten at redhat.com Fri Feb 26 16:26:21 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 26 Feb 2010 11:26:21 -0500 Subject: [Freeipa-devel] [PATCH] 392 retrieve schema using kerberos credentials Message-ID: <4B87F62D.30405@redhat.com> Retrieve the LDAP schema using kerberos credentials. This is required so we can disable anonymous access in 389-ds. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: freeipa-392-bind.patch Type: application/mbox Size: 5569 bytes Desc: not available URL: From rcritten at redhat.com Fri Feb 26 16:31:16 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 26 Feb 2010 11:31:16 -0500 Subject: [Freeipa-devel] [PATCH] 385 don't try to revoke revoked certs In-Reply-To: <4B7EDBAC.2070707@redhat.com> References: <4B7ED970.7020200@redhat.com> <4B7EDBAC.2070707@redhat.com> Message-ID: <4B87F754.9040800@redhat.com> John Dennis wrote: > On 02/19/2010 01:33 PM, Rob Crittenden wrote: >> Check the status of a certificate before trying to revoke it. We get an >> error thrown when we revoke a revoked cert that is difficult to >> distinguish between a real error and "this is already revoked". > > Conditional ACK. Please try to remember to localize all labels. That's a > 1 line change so it falls into the "make the fix & commit" category. > Fixed. At the time I did this patch GetText was not a valid data type for labels. pushed to master. From rcritten at redhat.com Fri Feb 26 16:34:27 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 26 Feb 2010 11:34:27 -0500 Subject: [Freeipa-devel] [PATCH] 387 fix test failures In-Reply-To: <4B83BEAD.4060402@redhat.com> References: <4B82DBB4.5080707@redhat.com> <4B83BEAD.4060402@redhat.com> Message-ID: <4B87F813.6060201@redhat.com> Pavel Z?na wrote: > Rob Crittenden wrote: >> This fixes the failures in the Env due to switching to unicode >> internally. Now that --all works this also adds the dn to the output >> in the XML-RPC tests. >> >> rob >> > ack. > > Pavel pushed to master From rcritten at redhat.com Fri Feb 26 16:37:00 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 26 Feb 2010 11:37:00 -0500 Subject: [Freeipa-devel] [PATCH] Add more Spanish translations In-Reply-To: <4B8400DF.4030101@redhat.com> References: <4B8400DF.4030101@redhat.com> Message-ID: <4B87F8AC.1090603@redhat.com> John Dennis wrote: > Add more Spanish translations: > > Current translation status: > > ipa.pot has 133 messages. There are 6 po translation files. > bn_IN: 14/133 10.5% 106 po untranslated, 13 missing, 119 > untranslated > es: 124/133 93.2% 9 po untranslated, 0 missing, 9 > untranslated > id: 107/133 80.5% 13 po untranslated, 13 missing, 26 > untranslated > kn: 20/133 15.0% 113 po untranslated, 0 missing, 113 > untranslated > pl: 133/133 100.0% 0 po untranslated, 0 missing, 0 > untranslated > ru: 120/133 90.2% 0 po untranslated, 13 missing, 13 > untranslated > ack, pushed to master From rcritten at redhat.com Fri Feb 26 16:51:21 2010 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 26 Feb 2010 11:51:21 -0500 Subject: [Freeipa-devel] [PATCH] 387 fix test failures In-Reply-To: <4B83BEAD.4060402@redhat.com> References: <4B82DBB4.5080707@redhat.com> <4B83BEAD.4060402@redhat.com> Message-ID: <4B87FC09.50909@redhat.com> Pavel Z?na wrote: > Rob Crittenden wrote: >> This fixes the failures in the Env due to switching to unicode >> internally. Now that --all works this also adds the dn to the output >> in the XML-RPC tests. >> >> rob >> > ack. > > Pavel pushed to master From admin at transifex.net Fri Feb 26 17:37:22 2010 From: admin at transifex.net (admin at transifex.net) Date: Fri, 26 Feb 2010 17:37:22 -0000 Subject: [Freeipa-devel] [Transifex] File submitted via email to FreeIPA | master Message-ID: <20100226173722.20381.76112@web1.transifex.net> Hello freeipa, this is Transifex at http://www.transifex.net. The following attached files were submitted to FreeIPA | master by gundachandru Please, visit Transifex at http://www.transifex.net/projects/p/freeipa/c/master/ in order to see the component page. Thank you, Transifex -------------- next part -------------- # Kannada translations for ipa-server package. # Copyright (C) 2010 Red Hat # This file is distributed under the same license as the PACKAGE package. # gundachandru , 2010. # msgid "" msgstr "" "Project-Id-Version: ipa\n" "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/newticket\n" "POT-Creation-Date: 2010-02-15 14:55-0500\n" "PO-Revision-Date: 2010-02-26 23:05+0530\n" "Last-Translator: gundachandru \n" "Language-Team: Kannada \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: ../../ipalib/parameters.py:224 msgid "incorrect type" msgstr "???????? ???" #: ../../ipalib/parameters.py:227 msgid "Only one value is allowed" msgstr "???? ???? ???? ????? ??????????????" #: ../../ipalib/parameters.py:791 msgid "must be True or False" msgstr "??? (True) ???? ?????? (False) ??????????" #: ../../ipalib/parameters.py:892 msgid "must be an integer" msgstr "???????? ??????????" #: ../../ipalib/parameters.py:943 #, python-format msgid "must be at least %(minvalue)d" msgstr "?????????? %(minvalue)d ??????????" #: ../../ipalib/parameters.py:953 #, python-format msgid "can be at most %(maxvalue)d" msgstr "?????????? %(maxvalue)d ?????????" #: ../../ipalib/parameters.py:963 msgid "must be a decimal number" msgstr "????? ?????? ??????????" #: ../../ipalib/parameters.py:985 #, python-format msgid "must be at least %(minvalue)f" msgstr "?????????? %(minvalue)f ??????????" #: ../../ipalib/parameters.py:995 #, python-format msgid "can be at most %(maxvalue)f" msgstr "?????????? %(maxvalue)f ?????????" #: ../../ipalib/parameters.py:1055 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "????? \"%(pattern)s\" ??????????????????" #: ../../ipalib/parameters.py:1073 msgid "must be binary data" msgstr "????? ???? ??????????" #: ../../ipalib/parameters.py:1088 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "?????????? %(minlength)d ?????? ??????????" #: ../../ipalib/parameters.py:1098 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "?????????? %(maxlength)d ?????? ?????????" #: ../../ipalib/parameters.py:1108 #, python-format msgid "must be exactly %(length)d bytes" msgstr "???????? %(length)d ?????? ??????????" #: ../../ipalib/parameters.py:1126 msgid "must be Unicode text" msgstr "???????? ???? ??????????" #: ../../ipalib/parameters.py:1156 #, python-format msgid "must be at least %(minlength)d characters" msgstr "?????????? %(minlength)d ???????? ????????" #: ../../ipalib/parameters.py:1166 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "?????????? %(maxlength)d ???????? ???????" #: ../../ipalib/parameters.py:1176 #, python-format msgid "must be exactly %(length)d characters" msgstr "???????? %(length)d ???????? ????????" #: ../../ipalib/parameters.py:1215 #, python-format msgid "must be one of %(values)r" msgstr "%(values)r ????? ???? ??????????" #: ../../ipalib/cli.py:505 #, python-format msgid "Enter %(label)s again to verify: " msgstr "????????? ?????????? %(label)s ????? ????:" #: ../../ipalib/cli.py:509 msgid "Passwords do not match!" msgstr "?????????? ????????????????????!" #: ../../ipalib/cli.py:514 msgid "Cancelled." msgstr "????????????????." #: ../../ipalib/frontend.py:377 msgid "Results are truncated, try a more specific search" msgstr "?????????? ????????????????, ???????? ???????????? ????? ??????????" #: ../../ipalib/errors.py:297 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at %(server)r" msgstr "%(server)r ????? ??????? %(cver)s ??????? %(sver)s ??????? ??????????????????" #: ../../ipalib/errors.py:315 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "%(server)s ??????????? ?????? ??? %(code)d: %(error)s" #: ../../ipalib/errors.py:331 msgid "an internal error has occurred" msgstr "?????? ??? ????????" #: ../../ipalib/errors.py:353 #, python-format msgid "an internal error has occurred on server at %(server)r" msgstr "%(server)r ????? ???????????? ?????? ??? ????????" #: ../../ipalib/errors.py:369 #, python-format msgid "unknown command %(name)r" msgstr "?????? ?????(????????) %(name)r " #: ../../ipalib/errors.py:386 #: ../../ipalib/errors.py:411 #, python-format msgid "error on server %(server)r: %(error)s" msgstr "%(server)r ???????????? ???: %(error)s" #: ../../ipalib/errors.py:402 #, python-format msgid "cannot connect to %(uri)r: %(error)s" msgstr "%(uri)r ?? ?????????? ??????????: %(error)s" #: ../../ipalib/errors.py:420 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "????????? JSON-RPC ??????: %(error)s" #: ../../ipalib/errors.py:448 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "Kerberos ???: %(major)s/%(minor)s" #: ../../ipalib/errors.py:465 msgid "did not receive Kerberos credentials" msgstr "Kerberos ????????????????? ????????" #: ../../ipalib/errors.py:481 #, python-format msgid "Service %(service)r not found in Kerberos database" msgstr "Kerberos ?????????????? %(service)r ????(???????) ???????????" #: ../../ipalib/errors.py:497 msgid "No credentials cache found" msgstr "???????????? ?????????????? ???????????" #: ../../ipalib/errors.py:513 msgid "Ticket expired" msgstr "???????? ???? ????????" #: ../../ipalib/errors.py:529 msgid "Credentials cache permissions incorrect" msgstr "????????????? ???????? ????????? ????????" #: ../../ipalib/errors.py:545 msgid "Bad format in credentials cache" msgstr "????????????? ???????????? ????? ????????" #: ../../ipalib/errors.py:561 msgid "Cannot resolve KDC for requested realm" msgstr "????? ???????(??????)?????? KDC ????? ????????? ??????????" #: ../../ipalib/errors.py:580 #, python-format msgid "Insufficient access: %(info)s" msgstr "???????(???????) ?????????: %(info)s" #: ../../ipalib/errors.py:624 #, python-format msgid "command %(name)r takes no arguments" msgstr "%(name)r ?????(????????) ?????? ????????????????? ???????????????????" #: ../../ipalib/errors.py:644 #, python-format msgid "command %(name)r takes at most %(count)d argument" msgid_plural "command %(name)r takes at most %(count)d arguments" msgstr[0] "%(name)r ?????(????????) ?????? %(count)d ???????????????? ?????????????????" msgstr[1] "%(name)r ?????(????????) ?????? %(count)d ????????????????? ?????????????????" #: ../../ipalib/errors.py:674 #, python-format msgid "overlapping arguments and options: %(names)r" msgstr "????????????????? ????? ??????????? ????????????????????????: %(names)r" #: ../../ipalib/errors.py:690 #, python-format msgid "%(name)r is required" msgstr "%(name)r ?????????" #: ../../ipalib/errors.py:706 #: ../../ipalib/errors.py:722 #, python-format msgid "invalid %(name)r: %(error)s" msgstr "????????? %(name)r: %(error)s" #: ../../ipalib/errors.py:738 #, python-format msgid "api has no such namespace: %(name)r" msgstr "api????? ? ???? ?????? ??????????? ????: %(name)r" #: ../../ipalib/errors.py:747 msgid "Passwords do not match" msgstr "?????????? ????????????????????" #: ../../ipalib/errors.py:755 msgid "Command not implemented" msgstr "?????(????????)????? ?????????????????" #: ../../ipalib/errors.py:783 #: ../../ipalib/errors.py:1023 #, python-format msgid "%(reason)s" msgstr "%(reason)s" #: ../../ipalib/errors.py:799 msgid "This entry already exists" msgstr "? ????? ?????? ???????????????" #: ../../ipalib/errors.py:815 msgid "You must enroll a host in order to create a host service" msgstr "???? ?????? ????(???????)????? ?????? ??????? ???? ???? ?????? ????? ???????????????" #: ../../ipalib/errors.py:831 #, python-format msgid "Service principal is not of the form: service/fully-qualified host name: %(reason)s" msgstr "Service principal? ?????? ???????: service/fully-qualified host name: %(reason)s" #: ../../ipalib/errors.py:847 msgid "The realm for the principal does not match the realm for this IPA server" msgstr "principal? ???????(??????)?? ? IPA ???????? ???????(??????)???? ???????????????" #: ../../ipalib/errors.py:863 msgid "This command requires root access" msgstr "? ?????(????????) ????(root) ???????(???????) ?????????" #: ../../ipalib/errors.py:879 msgid "This is already a posix group" msgstr "? ????? ?????? posix ?????" #: ../../ipalib/errors.py:895 #, python-format msgid "Principal is not of the form user at REALM: %(principal)r" msgstr "Principal? ?????? user at REALM ??????: %(principal)r" #: ../../ipalib/errors.py:911 msgid "This entry is already unlocked" msgstr "? ????? ?????? ???????? ?????" #: ../../ipalib/errors.py:927 msgid "This entry is already locked" msgstr "? ????? ?????? ???? ?????" #: ../../ipalib/errors.py:943 msgid "This entry has nsAccountLock set, it cannot be locked or unlocked" msgstr "? ??????? nsAccountLock ???? ?????, ?????? ???? ???? ???????? ??????????????" #: ../../ipalib/errors.py:959 msgid "This entry is not a member of the group" msgstr "? ????? ?????? ???? ????? ??????" #: ../../ipalib/errors.py:975 msgid "A group may not be a member of itself" msgstr "???? ????? ??? ???? ????? ??????????" #: ../../ipalib/errors.py:991 msgid "This entry is already a member of the group" msgstr "? ????? ?????? ?????? ???? ????? ?????" #: ../../ipalib/errors.py:1007 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "Base64 ????????? ???????????: %(reason)s" #: ../../ipalib/errors.py:1039 msgid "A group may not be added as a member of itself" msgstr "???? ????? ??? ???? ????????? ??????? ??????????" #: ../../ipalib/errors.py:1055 msgid "The default users group cannot be removed" msgstr "???????? ???????? ???????? ??????????? ??????????" #: ../../ipalib/errors.py:1078 #, python-format msgid "no command nor help topic %(topic)r" msgstr "?????(????????) ???? ????? ?????? %(topic)r ??? ????" #: ../../ipalib/errors.py:1102 msgid "change collided with another change" msgstr "??????? ???????? ?????????????? ??????????????" #: ../../ipalib/errors.py:1118 msgid "no modifications to be performed" msgstr "?????? ?????????? ?????????" #: ../../ipalib/errors.py:1134 #, python-format msgid "%(desc)s:%(info)s" msgstr "%(desc)s:%(info)s" #: ../../ipalib/errors.py:1150 msgid "limits exceeded for this query" msgstr "? ???????? ??????? ??????" #: ../../ipalib/errors.py:1165 #, python-format msgid "%(info)s" msgstr "%(info)s" #: ../../ipalib/errors.py:1190 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "??????????? ??????????????? ???????????? ??????????: %(error)s" #: ../../ipalib/plugins/rolegroup.py:50 msgid "Role Groups" msgstr "????(????)? ????????" #: ../../ipalib/plugins/rolegroup.py:75 #, python-format msgid "Added rolegroup \"%(value)s\"" msgstr "\"%(value)s\" ?????????????? ???????????" #: ../../ipalib/plugins/rolegroup.py:85 #, python-format msgid "Deleted rolegroup \"%(value)s\"" msgstr "\"%(value)s\" ?????????????? ??????????" #: ../../ipalib/plugins/rolegroup.py:95 #, python-format msgid "Modified rolegroup \"%(value)s\"" msgstr "\"%(value)s\" ?????????????? ?????????????" #: ../../ipalib/plugins/rolegroup.py:106 #, python-format msgid "%(count)d rolegroup matched" msgid_plural "%(count)d rolegroups matched" msgstr[0] "%(count)d ??????????? ??????????????" msgstr[1] "%(count)d ??????????????? ??????????????" #: ../../ipalib/plugins/host.py:82 msgid "Hosts" msgstr "??????????" #: ../../ipalib/plugins/host.py:151 #, python-format msgid "Added host \"%(value)s\"" msgstr "\"%(value)s\" ????????? ???????????" #: ../../ipalib/plugins/host.py:180 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "\"%(value)s\" ????????? ??????????" #: ../../ipalib/plugins/host.py:208 #, python-format msgid "Modified host \"%(value)s\"" msgstr "\"%(value)s\" ????????? ?????????????" #: ../../ipalib/plugins/host.py:257 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "%(count)d ??????? ??????????????" msgstr[1] "%(count)d ?????????? ??????????????" #: ../../ipalib/plugins/group.py:58 msgid "User Groups" msgstr "???????? ????????" #: ../../ipalib/plugins/group.py:87 #, python-format msgid "Added group \"%(value)s\"" msgstr "\"%(value)s\" ???????? ???????????" #: ../../ipalib/plugins/group.py:110 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "\"%(value)s\" ???????? ??????????" #: ../../ipalib/plugins/group.py:136 #, python-format msgid "Modified group \"%(value)s\"" msgstr "\"%(value)s\" ???????? ?????????????" #: ../../ipalib/plugins/group.py:165 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "%(count)d ????? ??????????????" msgstr[1] "%(count)d ???????? ??????????????" #: ../../ipalib/plugins/service.py:122 msgid "Services" msgstr "???????(????????)" #: ../../ipalib/plugins/hbac.py:62 msgid "HBAC" msgstr "HBAC" #: ../../ipalib/plugins/cert.py:63 #: ../../ipalib/plugins/cert.py:84 msgid "Unable to decode certificate in entry" msgstr "????????????? ??????????? ????????? ????????????????" #: ../../ipalib/plugins/cert.py:106 #: ../../ipalib/plugins/cert.py:120 #: ../../ipalib/plugins/cert.py:137 msgid "Failure decoding Certificate Signing Request" msgstr "??????????? ???? ??????? ??????????? ??????" #: ../../ipalib/plugins/cert.py:139 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "??????????? ???? ??????? ??????????? ??????: %s" #: ../../ipalib/plugins/aci.py:109 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr " ???, ???????, ???????? ????? ??????????????? ??? ?????? ????????" #: ../../ipalib/plugins/aci.py:112 msgid "at least one of: type, filter, subtree, targetgroup, attrs or memberof are required" msgstr "?????? ???? : ???, ???????, ????????, ???????????????, attrs ???? memberof ?? ?????????" #: ../../ipalib/plugins/aci.py:117 msgid "group and taskgroup are mutually exclusive" msgstr "????? ????? ????????????? ?????? ????????" #: ../../ipalib/plugins/aci.py:119 msgid "One of group or taskgroup is required" msgstr "???? ????? ???? ????????????? ?????????" #: ../../ipalib/plugins/aci.py:140 #, python-format msgid "Group '%s' does not exist" msgstr " '%s' ????? ????????????????" #: ../../ipalib/plugins/aci.py:184 #, python-format msgid "ACI with name \"%s\" not found" msgstr "\"%s\" ????? ???????? ACI ????????????" #: ../../ipalib/plugins/aci.py:201 msgid "ACIs" msgstr "ACIs" #: ../../ipalib/plugins/aci.py:258 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "\"%(value)s\" ACI????? ??????????" #: ../../ipalib/plugins/aci.py:308 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "\"%(value)s\" ACI????? ??????????" #: ../../ipalib/plugins/aci.py:348 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "\"%(value)s\" ACI????? ?????????????" #: ../../ipalib/plugins/aci.py:408 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "%(count)d ACI ??????????????" msgstr[1] "%(count)d ACI??? ??????????????" #: ../../ipalib/plugins/dns.py:114 msgid "DNS" msgstr "DNS" #: ../../ipalib/plugins/automount.py:231 msgid "Automount Maps" msgstr "????????? ????????" #: ../../ipalib/plugins/automount.py:321 msgid "Automount Keys" msgstr "???? ????????" #: ../../ipalib/plugins/netgroup.py:55 msgid "Net Groups" msgstr "???? ????????" #: ../../ipalib/plugins/misc.py:37 #, python-format msgid "%(count)d variables" msgstr "%(count)d ?????????????" #: ../../ipalib/plugins/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "%(count)d ??????? ???? ?????" msgstr[1] "%(count)d ??????????? ???? ?????" #: ../../ipalib/plugins/user.py:71 msgid "Users" msgstr "?????????" #: ../../ipalib/plugins/user.py:141 #, python-format msgid "Added user \"%(value)s\"" msgstr "\"%(value)s\" ???????????? ???????????" #: ../../ipalib/plugins/user.py:186 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "\"%(value)s\" ???????????? ??????????" #: ../../ipalib/plugins/user.py:205 #, python-format msgid "Modified user \"%(value)s\"" msgstr "\"%(value)s\" ???????????? ?????????????" #: ../../ipalib/plugins/user.py:216 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "%(count)d ??????? ??????????????????" msgstr[1] "%(count)d ????????? ??????????????????" #: ../../ipalib/plugins/user.py:236 #, python-format msgid "Locked user \"%(value)s\"" msgstr "???? ?????? ??????? \"%(value)s\"" #: ../../ipalib/plugins/user.py:262 #, python-format msgid "Unlocked user \"%(value)s\"" msgstr "???????? ?????? ??????? \"%(value)s\"" #: ../../ipalib/plugins/taskgroup.py:50 msgid "Task Groups" msgstr "????(??????)? ????????" #: ../../ipalib/plugins/taskgroup.py:75 #, python-format msgid "Added taskgroup \"%(value)s\"" msgstr "\"%(value)s\" ???????????????? ???????????" #: ../../ipalib/plugins/taskgroup.py:85 #, python-format msgid "Deleted taskgroup \"%(value)s\"" msgstr "\"%(value)s\" ???????????????? ??????????" #: ../../ipalib/plugins/taskgroup.py:95 #, python-format msgid "Modified taskgroup \"%(value)s\"" msgstr "\"%(value)s\" ???????????????? ?????????????" #: ../../ipalib/plugins/taskgroup.py:106 #, python-format msgid "%(count)d taskgroup matched" msgid_plural "%(count)d taskgroups matched" msgstr[0] "%(count)d ?????????????? ??????????????" msgstr[1] "%(count)d ????????????????? ??????????????" #: ../../ipalib/plugins/hostgroup.py:49 msgid "Host Groups" msgstr "?????? ????????" #: ../../ipalib/plugins/hostgroup.py:74 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "\"%(value)s\" ???????????????? ???????????" #: ../../ipalib/plugins/hostgroup.py:84 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "\"%(value)s\" ???????????????? ??????????" #: ../../ipalib/plugins/hostgroup.py:94 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "\"%(value)s\" ???????????????? ?????????????" #: ../../ipalib/plugins/hostgroup.py:105 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "%(count)d ?????????????? ??????????????" msgstr[1] "%(count)d ????????????????? ??????????????" #: ../../ipalib/plugins/pwpolicy.py:231 msgid "priority cannot be set on global policy" msgstr "??????? ??????????? ??????????? ???? ??????????????" #: ../../ipaserver/install/certs.py:571 #: ../../ipaserver/plugins/dogtag.py:1313 #: ../../ipaserver/plugins/dogtag.py:1398 #: ../../ipaserver/plugins/dogtag.py:1463 #: ../../ipaserver/plugins/dogtag.py:1543 #: ../../ipaserver/plugins/dogtag.py:1602 #, python-format msgid "Unable to communicate with CMS (%s)" msgstr "CMS (%s) ???? ?????????? ????????????????" #: ../../ipaserver/plugins/selfsign.py:102 #, python-format msgid "Request subject \"%(request_subject)s\" does not match the form \"%(subject_base)s\"" msgstr "?????? ???? \"%(request_subject)s\" ?????? \"%(subject_base)s\" ???? ??????????????????" #: ../../ipaserver/plugins/selfsign.py:107 #, python-format msgid "unable to decode csr: %s" msgstr "csr ????? ?????? ????? ????????????????: %s" #: ../../ipaserver/plugins/selfsign.py:128 #: ../../ipaserver/plugins/selfsign.py:143 msgid "file operation" msgstr "???? ??????????" #: ../../ipaserver/plugins/selfsign.py:157 msgid "cannot obtain next serial number" msgstr "?????? ??????? ????? ????? ?????? ??????????" #: ../../ipaserver/plugins/selfsign.py:192 msgid "certutil failure" msgstr "certutil ??????" From jdennis at redhat.com Fri Feb 26 18:01:37 2010 From: jdennis at redhat.com (John Dennis) Date: Fri, 26 Feb 2010 13:01:37 -0500 Subject: [Freeipa-devel] [PATCH] More Kannada translations Message-ID: <4B880C81.3070106@redhat.com> More Kannada translations Current translation status: ipa.pot has 133 messages. There are 6 po translation files. bn_IN: 14/133 10.5% 106 po untranslated, 13 missing, 119 untranslated es: 133/133 100.0% 0 po untranslated, 0 missing, 0 untranslated id: 107/133 80.5% 13 po untranslated, 13 missing, 26 untranslated kn: 133/133 100.0% 0 po untranslated, 0 missing, 0 untranslated pl: 133/133 100.0% 0 po untranslated, 0 missing, 0 untranslated ru: 120/133 90.2% 0 po untranslated, 13 missing, 13 untranslated -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-More-Kannada-translations.patch Type: text/x-patch Size: 26639 bytes Desc: not available URL: From jdennis at redhat.com Fri Feb 26 18:19:47 2010 From: jdennis at redhat.com (John Dennis) Date: Fri, 26 Feb 2010 13:19:47 -0500 Subject: [Freeipa-devel] commit policy for translations (.po files) Message-ID: <4B8810C3.3030907@redhat.com> I'd like to propose that for translations (e.g. .po files) we skip the review process on the patch and just push them to master. Realistically few of us will be able to verify whether the string translations are correct or not. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Fri Feb 26 18:31:49 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 26 Feb 2010 11:31:49 -0700 Subject: [Freeipa-devel] commit policy for translations (.po files) In-Reply-To: <4B8810C3.3030907@redhat.com> References: <4B8810C3.3030907@redhat.com> Message-ID: <1267209109.9200.0.camel@jgd-dsk> On Fri, 2010-02-26 at 13:19 -0500, John Dennis wrote: > I'd like to propose that for translations (e.g. .po files) we skip the > review process on the patch and just push them to master. Realistically > few of us will be able to verify whether the string translations are > correct or not. +1. Whoever pushes it can just make sure it isn't touching anything code related and push the patch. From jdennis at redhat.com Fri Feb 26 20:59:53 2010 From: jdennis at redhat.com (John Dennis) Date: Fri, 26 Feb 2010 15:59:53 -0500 Subject: [Freeipa-devel] JSON problems (the woes of binary data) Message-ID: <4B883649.3010302@redhat.com> The Problem: ------------ I've been looking at the encoding exception which is being thrown when you click on the "Services" menu item in our current implementation. By default we seem to be using JSON as our RPC mechanism. The exception is being thrown when the JSON encoder hits a certificate. Recall that we store certificates in LDAP as binary data and in our implementation we distinguish binary data from text by Python object type, text is *always* a unicode object and binary data is *always* a str object. However in Python 2.x str objects are believed to be text and are subject to encoding/decoding in many parts of the Python world. Unlike XML-RPC JSON does *not* have a binary type. In JSON there are *only* unicode strings. So what is happening is that that when the JSON encoder sees our certificate data in a str object it says "str objects are text and we have to produce a UTF-8 unicode encoding from that str object". There's the problem! It's completely nonsensical to try and encode binary to to UTF-8. The right way to handle this is to encode the binary data to base64 ASCII text and then hand it to JSON. FWIW our XML-RPC handler does this already because XML-RPC knows about binary data and elects to encode/decode it to base64 as it's marshaled and unmarshaled. But JSON can't do this during marhasling and unmarshaling because the JSON protocol has no concept of binary data. The python JSON encoder class does give us the option to hook into the encoder and check if the object is a str object and then base64 encode. But that doesn't help us at the opposite end. How would we know when unmarshaling that a given string is supposed to be base64 decoded back into binary data? We could prepend a special string and hope that string never gets used by normal text (yuck). Keeping a list of what needs base64 decoding is not an option within JSON because at the time of decoding we have no information available about the context of the JSON objects. That means if we want to use JSON we really should push the base64 encode/decode to the parts of the code which have a priori knowledge about the objects they're pushing through the command interface. This would mean any command which passes a certificate should base64 encode it prior to sending it and base64 decode after it come back from a command result. Actually it would be preferable to use PEM encoding, and by the way, the whole reason why PEM encodings for certificates was developed was exactly for this scenario: transporting a certificate through a text based interchange mechanism! Possible Solutions: ------------------- As I see it we have these options in front of us for how to deal with this problem: * Drop support for JSON, only use XML-RPC * Once we read a certificate from LDAP immediately convert it to PEM format. Adopt the convention that anytime we exchange certificates it will be in PEM format. Only convert from PEM format when the target demands binary (e.g. storing it in LDAP, passing it to a library expecting DER encoded data, etc.). * Come up with some hacky protocol on top of JSON which signals "this string is really binary" and check for it on every JSON encode/decode and cross our fingers no one tries to send a legitimate string which would trigger the encode/decode. Question: Are certificates the one and only example of binary data we exchange? Recommendation: --------------- My personal recommendation is we adopt the convention that certificates are always PEM encoded. We've already run into many problems trying to deduce what format a certificate is (e.g. binary, base64, PEM) I think it would be good if we just put a stake in the ground and said "certificates are always PEM encoded" and be done with all these problems we keep having with the data type of certificates. As an aside I'm also skeptical of the robustness of allowing binary data at all in our implementation. Trying to support binary data has been nothing but a headache and a source of many many bugs. Do we really need it? -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From dpal at redhat.com Fri Feb 26 21:28:39 2010 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 26 Feb 2010 16:28:39 -0500 Subject: [Freeipa-devel] JSON problems (the woes of binary data) In-Reply-To: <4B883649.3010302@redhat.com> References: <4B883649.3010302@redhat.com> Message-ID: <4B883D07.7030009@redhat.com> John Dennis wrote: > The Problem: > ------------ > > I've been looking at the encoding exception which is being thrown when > you click on the "Services" menu item in our current implementation. > By default we seem to be using JSON as our RPC mechanism. The > exception is being thrown when the JSON encoder hits a certificate. > Recall that we store certificates in LDAP as binary data and in our > implementation we distinguish binary data from text by Python object > type, text is *always* a unicode object and binary data is *always* a > str object. However in Python 2.x str objects are believed to be text > and are subject to encoding/decoding in many parts of the Python world. > > Unlike XML-RPC JSON does *not* have a binary type. In JSON there are > *only* unicode strings. So what is happening is that that when the > JSON encoder sees our certificate data in a str object it says "str > objects are text and we have to produce a UTF-8 unicode encoding from > that str object". There's the problem! It's completely nonsensical to > try and encode binary to to UTF-8. > > The right way to handle this is to encode the binary data to base64 > ASCII text and then hand it to JSON. FWIW our XML-RPC handler does > this already because XML-RPC knows about binary data and elects to > encode/decode it to base64 as it's marshaled and unmarshaled. But JSON > can't do this during marhasling and unmarshaling because the JSON > protocol has no concept of binary data. > > The python JSON encoder class does give us the option to hook into the > encoder and check if the object is a str object and then base64 > encode. But that doesn't help us at the opposite end. How would we > know when unmarshaling that a given string is supposed to be base64 > decoded back into binary data? We could prepend a special string and > hope that string never gets used by normal text (yuck). Keeping a list > of what needs base64 decoding is not an option within JSON because at > the time of decoding we have no information available about the > context of the JSON objects. > > That means if we want to use JSON we really should push the base64 > encode/decode to the parts of the code which have a priori knowledge > about the objects they're pushing through the command interface. This > would mean any command which passes a certificate should base64 encode > it prior to sending it and base64 decode after it come back from a > command result. Actually it would be preferable to use PEM encoding, > and by the way, the whole reason why PEM encodings for certificates > was developed was exactly for this scenario: transporting a > certificate through a text based interchange mechanism! > > Possible Solutions: > ------------------- > > As I see it we have these options in front of us for how to deal with > this problem: > > * Drop support for JSON, only use XML-RPC > > * Once we read a certificate from LDAP immediately convert it to PEM > format. Adopt the convention that anytime we exchange certificates it > will be in PEM format. Only convert from PEM format when the target > demands binary (e.g. storing it in LDAP, passing it to a library > expecting DER encoded data, etc.). > > * Come up with some hacky protocol on top of JSON which signals "this > string is really binary" and check for it on every JSON encode/decode > and cross our fingers no one tries to send a legitimate string which > would trigger the encode/decode. > > Question: Are certificates the one and only example of binary data we > exchange? > > Recommendation: > --------------- > > My personal recommendation is we adopt the convention that > certificates are always PEM encoded. We've already run into many > problems trying to deduce what format a certificate is (e.g. binary, > base64, PEM) I think it would be good if we just put a stake in the > ground and said "certificates are always PEM encoded" and be done with > all these problems we keep having with the data type of certificates. > > As an aside I'm also skeptical of the robustness of allowing binary > data at all in our implementation. Trying to support binary data has > been nothing but a headache and a source of many many bugs. Do we > really need it? > Yeah, a good Friday afternoon problem to solve... +1 to your recommendations, though I am not a specialist, but suggestion seems logical. -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From ssorce at redhat.com Fri Feb 26 21:37:10 2010 From: ssorce at redhat.com (Simo Sorce) Date: Fri, 26 Feb 2010 16:37:10 -0500 Subject: [Freeipa-devel] JSON problems (the woes of binary data) In-Reply-To: <4B883649.3010302@redhat.com> References: <4B883649.3010302@redhat.com> Message-ID: <20100226163710.2045231c@willson.li.ssimo.org> On Fri, 26 Feb 2010 15:59:53 -0500 John Dennis wrote: > My personal recommendation is we adopt the convention that > certificates are always PEM encoded. +1 Simo. -- Simo Sorce * Red Hat, Inc * New York From ssorce at redhat.com Fri Feb 26 21:37:43 2010 From: ssorce at redhat.com (Simo Sorce) Date: Fri, 26 Feb 2010 16:37:43 -0500 Subject: [Freeipa-devel] commit policy for translations (.po files) In-Reply-To: <4B8810C3.3030907@redhat.com> References: <4B8810C3.3030907@redhat.com> Message-ID: <20100226163743.0e8dbbe5@willson.li.ssimo.org> On Fri, 26 Feb 2010 13:19:47 -0500 John Dennis wrote: > I'd like to propose that for translations (e.g. .po files) we skip > the review process on the patch and just push them to master. > Realistically few of us will be able to verify whether the string > translations are correct or not. +1 we do the same for sssd Simo. -- Simo Sorce * Red Hat, Inc * New York From dpal at redhat.com Fri Feb 26 21:46:57 2010 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 26 Feb 2010 16:46:57 -0500 Subject: [Freeipa-devel] commit policy for translations (.po files) In-Reply-To: <20100226163743.0e8dbbe5@willson.li.ssimo.org> References: <4B8810C3.3030907@redhat.com> <20100226163743.0e8dbbe5@willson.li.ssimo.org> Message-ID: <4B884151.2080607@redhat.com> Simo Sorce wrote: > On Fri, 26 Feb 2010 13:19:47 -0500 > John Dennis wrote: > > >> I'd like to propose that for translations (e.g. .po files) we skip >> the review process on the patch and just push them to master. >> Realistically few of us will be able to verify whether the string >> translations are correct or not. >> > > +1 we do the same for sssd > > Simo. > > I agree too. -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From jderose at redhat.com Fri Feb 26 21:49:37 2010 From: jderose at redhat.com (Jason Gerard DeRose) Date: Fri, 26 Feb 2010 14:49:37 -0700 Subject: [Freeipa-devel] JSON problems (the woes of binary data) In-Reply-To: <4B883649.3010302@redhat.com> References: <4B883649.3010302@redhat.com> Message-ID: <1267220977.9200.17.camel@jgd-dsk> On Fri, 2010-02-26 at 15:59 -0500, John Dennis wrote: > The Problem: > ------------ > > I've been looking at the encoding exception which is being thrown when > you click on the "Services" menu item in our current implementation. By > default we seem to be using JSON as our RPC mechanism. The exception is > being thrown when the JSON encoder hits a certificate. Recall that we > store certificates in LDAP as binary data and in our implementation we > distinguish binary data from text by Python object type, text is > *always* a unicode object and binary data is *always* a str object. > However in Python 2.x str objects are believed to be text and are > subject to encoding/decoding in many parts of the Python world. The CLI communicates to the server over XML-RPC, but the webUI communicates to the server over JSON-RPC. Dealing with JSON on the web client is fast and easy, XML difficult and slow. > Unlike XML-RPC JSON does *not* have a binary type. In JSON there are > *only* unicode strings. So what is happening is that that when the JSON > encoder sees our certificate data in a str object it says "str objects > are text and we have to produce a UTF-8 unicode encoding from that str > object". There's the problem! It's completely nonsensical to try and > encode binary to to UTF-8. Yeah, I do wish JSON had a binary literal type. This is obviously a bug in my JSON-RPC code, but also an issue we need to solve for the UI. When we send binary to the webUI, what is our intent? I think that displaying it as base64 encoded text is not generally what the user wants. I think displaying a link that will allow them to download the file is generally a better idea. Perhaps the Param should indicate how it should be handled in the webUI. > The right way to handle this is to encode the binary data to base64 > ASCII text and then hand it to JSON. FWIW our XML-RPC handler does this > already because XML-RPC knows about binary data and elects to > encode/decode it to base64 as it's marshaled and unmarshaled. But JSON > can't do this during marhasling and unmarshaling because the JSON > protocol has no concept of binary data. > > The python JSON encoder class does give us the option to hook into the > encoder and check if the object is a str object and then base64 encode. > But that doesn't help us at the opposite end. How would we know when > unmarshaling that a given string is supposed to be base64 decoded back > into binary data? We could prepend a special string and hope that string > never gets used by normal text (yuck). Keeping a list of what needs > base64 decoding is not an option within JSON because at the time of > decoding we have no information available about the context of the JSON > objects. I think sending it as a dict with a special key, something like: {'__base64__': b64encode(my_str)} > That means if we want to use JSON we really should push the base64 > encode/decode to the parts of the code which have a priori knowledge > about the objects they're pushing through the command interface. This > would mean any command which passes a certificate should base64 encode > it prior to sending it and base64 decode after it come back from a > command result. Actually it would be preferable to use PEM encoding, and > by the way, the whole reason why PEM encodings for certificates was > developed was exactly for this scenario: transporting a certificate > through a text based interchange mechanism! > > Possible Solutions: > ------------------- > > As I see it we have these options in front of us for how to deal with > this problem: > > * Drop support for JSON, only use XML-RPC We can't do this and keep the flexibility we need in the UI. Also, there is a strong trend to use JSON over XML lately (RPC or otherwise), so I think we do ourselves a disservice by dropping the JSON-RPC. > * Once we read a certificate from LDAP immediately convert it to PEM > format. Adopt the convention that anytime we exchange certificates it > will be in PEM format. Only convert from PEM format when the target > demands binary (e.g. storing it in LDAP, passing it to a library > expecting DER encoded data, etc.). > > * Come up with some hacky protocol on top of JSON which signals "this > string is really binary" and check for it on every JSON encode/decode > and cross our fingers no one tries to send a legitimate string which > would trigger the encode/decode. > > Question: Are certificates the one and only example of binary data we > exchange? At this time, I believe so. But it would be nice to have a plan for how do deal with this in the future for other binary data. > Recommendation: > --------------- > > My personal recommendation is we adopt the convention that certificates > are always PEM encoded. We've already run into many problems trying to > deduce what format a certificate is (e.g. binary, base64, PEM) I think > it would be good if we just put a stake in the ground and said > "certificates are always PEM encoded" and be done with all these > problems we keep having with the data type of certificates. +1. Regardless how (or if) we decide to handle generic binary data, this seems a good approach for the certificate. > As an aside I'm also skeptical of the robustness of allowing binary data > at all in our implementation. Trying to support binary data has been > nothing but a headache and a source of many many bugs. Do we really need it? > > -- > John Dennis > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel From rmeggins at redhat.com Fri Feb 26 23:19:22 2010 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 26 Feb 2010 16:19:22 -0700 Subject: [Freeipa-devel] JSON problems (the woes of binary data) In-Reply-To: <4B883649.3010302@redhat.com> References: <4B883649.3010302@redhat.com> Message-ID: <4B8856FA.2060009@redhat.com> John Dennis wrote: > The Problem: > ------------ > > I've been looking at the encoding exception which is being thrown when > you click on the "Services" menu item in our current implementation. > By default we seem to be using JSON as our RPC mechanism. The > exception is being thrown when the JSON encoder hits a certificate. > Recall that we store certificates in LDAP as binary data and in our > implementation we distinguish binary data from text by Python object > type, text is *always* a unicode object and binary data is *always* a > str object. However in Python 2.x str objects are believed to be text > and are subject to encoding/decoding in many parts of the Python world. > > Unlike XML-RPC JSON does *not* have a binary type. In JSON there are > *only* unicode strings. So what is happening is that that when the > JSON encoder sees our certificate data in a str object it says "str > objects are text and we have to produce a UTF-8 unicode encoding from > that str object". There's the problem! It's completely nonsensical to > try and encode binary to to UTF-8. > > The right way to handle this is to encode the binary data to base64 > ASCII text and then hand it to JSON. FWIW our XML-RPC handler does > this already because XML-RPC knows about binary data and elects to > encode/decode it to base64 as it's marshaled and unmarshaled. But JSON > can't do this during marhasling and unmarshaling because the JSON > protocol has no concept of binary data. > > The python JSON encoder class does give us the option to hook into the > encoder and check if the object is a str object and then base64 > encode. But that doesn't help us at the opposite end. How would we > know when unmarshaling that a given string is supposed to be base64 > decoded back into binary data? We could prepend a special string and > hope that string never gets used by normal text (yuck). Keeping a list > of what needs base64 decoding is not an option within JSON because at > the time of decoding we have no information available about the > context of the JSON objects. > > That means if we want to use JSON we really should push the base64 > encode/decode to the parts of the code which have a priori knowledge > about the objects they're pushing through the command interface. This > would mean any command which passes a certificate should base64 encode > it prior to sending it and base64 decode after it come back from a > command result. Actually it would be preferable to use PEM encoding, > and by the way, the whole reason why PEM encodings for certificates > was developed was exactly for this scenario: transporting a > certificate through a text based interchange mechanism! > > Possible Solutions: > ------------------- > > As I see it we have these options in front of us for how to deal with > this problem: > > * Drop support for JSON, only use XML-RPC > > * Once we read a certificate from LDAP immediately convert it to PEM > format. Adopt the convention that anytime we exchange certificates it > will be in PEM format. Only convert from PEM format when the target > demands binary (e.g. storing it in LDAP, passing it to a library > expecting DER encoded data, etc.). > > * Come up with some hacky protocol on top of JSON which signals "this > string is really binary" and check for it on every JSON encode/decode > and cross our fingers no one tries to send a legitimate string which > would trigger the encode/decode. > > Question: Are certificates the one and only example of binary data we > exchange? > > Recommendation: > --------------- > > My personal recommendation is we adopt the convention that > certificates are always PEM encoded. We've already run into many > problems trying to deduce what format a certificate is (e.g. binary, > base64, PEM) I think it would be good if we just put a stake in the > ground and said "certificates are always PEM encoded" and be done with > all these problems we keep having with the data type of certificates. This is what the directory server console does, which allows you to copy/paste CA certs, cert requests, cert request responses, etc. directly in the UI, and easily convert that pem/ascii format to other formats. > > As an aside I'm also skeptical of the robustness of allowing binary > data at all in our implementation. Trying to support binary data has > been nothing but a headache and a source of many many bugs. Do we > really need it? >