[Freeipa-devel] [PATCHES 0117, 0135-0149] DNSSEC support

Martin Basti mbasti at redhat.com
Mon Oct 20 21:40:21 UTC 2014 

On 20/10/14 18:28, Jan Cholasta wrote:
> Hi,
>
> Dne 20.10.2014 v 17:37 Petr Spacek napsal(a):
>> On 20.10.2014 17:21, Martin Basti wrote:
>>> Hello! Hold your hats, DNSSEC patches are here.
>>>
>>> Martin^2, Petr^2
>>
>> For testing you will need following package:
>> http://koji.fedoraproject.org/koji/taskinfo?taskID=7915293
>>
>>  From me, functional self-ACK :-)
>>
>
> Patch 117:
>
> 1)
>
> As we discussed off-line, this code is wrong and a ticket should be 
> opened to fix it to properly handle service files conflicting with the 
> mask command:
>
> +        if instance_name != "":
> +            srv_tgt = os.path.join(paths.ETC_SYSTEMD_SYSTEM_DIR, 
> instance_name)
> +            # remove instance file or link before masking
> +            if os.path.islink(srv_tgt):
> +                os.unlink(srv_tgt)
>
>
> Patch 137:
>
> 1)
>
> There are some whitespace errors:
>
> Applying: DNSSEC: add ipapk11helper module
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:95: 
> trailing whitespace.
>  *
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:100: 
> trailing whitespace.
>  *
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:105: 
> trailing whitespace.
>  *
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:203: 
> trailing whitespace.
>  *
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:208: 
> trailing whitespace.
>  *
> warning: squelched 3 whitespace errors
> warning: 8 lines add whitespace errors.
>
>
> Patch 138:
>
> 1)
>
> There is a whitespace error:
>
> Applying: DNSSEC: DNS key synchronization daemon
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:54: new 
> blank line at EOF.
> +
> warning: 1 line adds whitespace errors.
>
>
> Patch 140:
>
> 1)
>
> Unless there is a dnssec_keys ipalib plugins, I don't think there 
> should be container_dnssec_keys. Use "DN(('cn', 'keys'), ('cn', 
> 'sec'), api.env.container_dns, ...)" instead of 
> "DN(api.env.container_dnssec_keys, ...)".
>
>
> 2)
>
> The masking method definitions in PlatformService should be moved to 
> patch 117.
>
>
> 3)
>
> The changes in dnskeysyncinstance.py, odsexportedinstance.py and 
> opendnssecinstance.py should be moved to patches 138 and 139.
>
>
> Patch 147:
>
> 1)
>
> There are some whitespace errors:
>
> Applying: DNSSEC: add ipa dnssec daemons
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:135: 
> trailing whitespace.
>     # synchronize metadata about master keys in LDAP
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:1228: 
> trailing whitespace.
>
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:1291: 
> trailing whitespace.
>
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:873: new 
> blank line at EOF.
> +
> /home/jcholast/FreeIPA/git/freeipa/.git/rebase-apply/patch:1126: new 
> blank line at EOF.
> +
> warning: squelched 1 whitespace error
> warning: 6 lines add whitespace errors.
>
>
> Honza
>
Whitespaces fixed,
  mask, and dnssec_container issues move to 4.1.1 please.

But we have schema conflict:

[20/Oct/2014:04:48:40 -0400] dse_read_one_file - The entry cn=schema in 
file /etc/dirsrv/slapd-IPA-EXAMPLE/schema/71idviews.ldif (lineno: 1) is 
invalid, error code 20 (Type or value exists) - object class 
ipaOverrideTarget: The name does not match the OID 
"2.16.840.1.113730.3.8.12.34". Another object class is already using the 
name or OID.

git grep -n "2.16.840.1.113730.3.8.12.34"
install/share/60basev3.ldif:79:objectClasses: 
(2.16.840.1.113730.3.8.12.34 NAME 'ipaSecretKeyRefObject' DESC 'Indirect 
storage for encoded key material' SUP top AUXILIARY MUST ( 
ipaSecretKeyRef ) X-...

install/share/71idviews.ldif:8:objectClasses: 
(2.16.840.1.113730.3.8.12.34 NAME 'ipaOverrideTarget' SUP top STRUCTURAL 
MUST ( ipaAnchorUUID ) X-ORIGIN 'IPA v4' )

Updated patches atached.
"2.16.840.1.113730.3.8.12.35" is not used, I change it in patch mbasti-0150

-- 
Martin Basti

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0117.3-Add-mask-unmask-methods-for-service.patch
Type: text/x-patch
Size: 3857 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0135.2-DNSSEC-dependencies.patch
Type: text/x-patch
Size: 2742 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0136.2-DNSSEC-schema.patch
Type: text/x-patch
Size: 20857 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0137.2-DNSSEC-add-ipapk11helper-module.patch
Type: text/x-patch
Size: 87377 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0138.2-DNSSEC-DNS-key-synchronization-daemon.patch
Type: text/x-patch
Size: 24598 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0139.2-DNSSEC-opendnssec-services.patch
Type: text/x-patch
Size: 25999 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0140.2-DNSSEC-platform-paths-and-services.patch
Type: text/x-patch
Size: 12139 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0141.2-DNSSEC-validate-forwarders.patch
Type: text/x-patch
Size: 16523 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0142.2-DNSSEC-modify-named-service-to-support-dnssec.patch
Type: text/x-patch
Size: 6255 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0143.2-DNSSEC-installation.patch
Type: text/x-patch
Size: 8684 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0144.2-DNSSEC-uninstallation.patch
Type: text/x-patch
Size: 4906 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0010.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0145.2-DNSSEC-upgrading.patch
Type: text/x-patch
Size: 4727 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0011.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0146.2-DNSSEC-ACI.patch
Type: text/x-patch
Size: 8999 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0012.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0147.2-DNSSEC-add-ipa-dnssec-daemons.patch
Type: text/x-patch
Size: 92073 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0013.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0148.2-DNSSEC-add-files-to-backup.patch
Type: text/x-patch
Size: 1968 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0014.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0149.2-DNSSEC-change-link-to-ipa-page.patch
Type: text/x-patch
Size: 1324 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0015.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0150-DNSSEC-fix-schema-OID-conflict.patch
Type: text/x-patch
Size: 1561 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141020/55e6bec8/attachment-0016.bin>

More information about the Freeipa-devel mailing list