[Freeipa-devel] [PATCH 0053] Implement OTP token importing
Alexander Bokovoy
abokovoy at redhat.com
Wed Jun 25 10:40:01 UTC 2014
On Wed, 18 Jun 2014, Nathaniel McCallum wrote:
>On Wed, 2014-06-18 at 17:48 -0400, Simo Sorce wrote:
>> On Wed, 2014-06-18 at 17:34 -0400, Nathaniel McCallum wrote:
>> > On Tue, 2014-05-13 at 12:38 -0400, Nathaniel McCallum wrote:
>> > > This patch adds support for importing tokens using RFC 6030 key
>> > > container files. This includes decryption support. For sysadmin sanity,
>> > > any tokens which fail to add will be written to the output file for
>> > > examination. The main use case here is where a small subset of a large
>> > > set of tokens fails to validate or add. Using the output file, the
>> > > sysadmin can attempt to recover these specific tokens.
>> > >
>> > > This code is implemented as a server-side script. However, it doesn't
>> > > actually need to run on the server. This was done because importing is
>> > > an odd fit for the IPA command framework:
>> > > 1. We need to write an output file.
>> > > 2. The operation may be long-running (thousands of tokens).
>> > > 3. Only admins need to perform this task and it only happens
>> > > infrequently.
>> >
>> > Attached is revision 4. I believe this addresses all the points given
>> > over the last few days in all emails. The ipa_otptoken_import.py has
>> > been significantly reworked to make it simpler and easy to test, but
>> > none of the logic has changed.
>> >
>> > I have removed most of the inheritance and sorted out most of the style
>> > issues (like map() vs comprehension). I did not change the XML parsing
>> > because it appears that network access is disabled by default.
>> >
>> > I have also included a test suite which should have 100% code coverage.
>> > It even tests for features we don't support yet (like X.509). All tests
>> > pass for me.
>> >
>> > Nathaniel
>>
>> +++ b/install/tools/man/ipa-otptoken-import.1
>> @@ -0,0 +1,36 @@
>> +.\" A man page for ipa-compat-manage
>>
>> Bad Copy&paste here ^^^
>
>Thanks! Fixed.
There is whitespace warning in the man page, needs to be fixed.
Also, spec file changes are incomplete, man page is not there.
The patch itself works fine for me with the test suite.
Attached is the specfile fix, with that one and whitespace removal --
ACK.
Attached also is a small fix for ipaplatform changes as specfile now has
wrong scoping for the platform files.
--
/ Alexander Bokovoy
-------------- next part --------------
>From c4c303fc471e8ad2561bd8e3180985485981472d Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Wed, 25 Jun 2014 09:46:39 +0300
Subject: [PATCH 08/10] fixup! Implement OTP token importing
---
freeipa.spec.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 63f7477..2ba9786 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -775,6 +775,7 @@ fi
%{_mandir}/man1/ipa-backup.1.gz
%{_mandir}/man1/ipa-restore.1.gz
%{_mandir}/man1/ipa-advise.1.gz
+%{_mandir}/man1/ipa-otptoken-import.1.gz
%files server-trust-ad
%{_sbindir}/ipa-adtrust-install
--
1.9.3
-------------- next part --------------
>From 6e5aabecc290e170882f53de52987d675a9b78b6 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Tue, 24 Jun 2014 15:51:45 +0300
Subject: [PATCH 06/10] Fix packaging issue with doubly specified directories
---
freeipa.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index ed125e5..63f7477 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -837,7 +837,7 @@ fi
%dir %{python_sitelib}/ipaplatform
%dir %{python_sitelib}/ipaplatform/base
%dir %{python_sitelib}/ipaplatform/fedora
-%{python_sitelib}/ipaplatform/*
+%{python_sitelib}/ipaplatform/*.py*
%{python_sitelib}/ipaplatform/base/*.py*
%{python_sitelib}/ipaplatform/fedora/*.py*
%attr(0644,root,root) %{python_sitearch}/default_encoding_utf8.so
--
1.9.3
More information about the Freeipa-devel
mailing list