[Freeipa-devel] [PATCHES] 59-65 SSH public key management

Jan Cholasta jcholast at redhat.com
Wed Feb 8 13:26:33 UTC 2012 

On 8.2.2012 04:23, Rob Crittenden wrote:
> Jan Cholasta wrote:
>> Dne 7.2.2012 00:04, Rob Crittenden napsal(a):
>>> Jan Cholasta wrote:
>>>> Updated & rebased the patches.
>>>>
>>>> I have also attached a patch that Rob made:
>>>>
>>>>
>>>> [PATCH] Don't use sets when calculating the modlist so order is
>>>> preserved.
>>>>
>>>> This is for the LDAP updater in particular. When adding new schema
>>>> order
>>>> can be important when one objectclass depends on another via SUP.
>>>>
>>>>
>>>> Without this patch updates won't work.
>>>>
>>>> Dne 25.1.2012 17:19, Rob Crittenden napsal(a):
>>>>>>>
>>>>>>> Patch 61 you can drop the md5 and sha1 imports and import them from
>>>>>>> ipalib.compat instead.
>>>>>>
>>>>>> Is this OK in ipapython?
>>>>>
>>>>> It should be, ipa-python and ipalib should be packaged together so I
>>>>> think it is safe.
>>>>
>>>> Turns out this change breaks ipa-upgradeconfig.
>>>
>>> The problem is the package initializer, ipalib/__init__.py. Just
>>> importing ipalib.compat also imports a bunch of other stuff.
>>>
>>> I wonder if moving the decode function to ipalib.util would resolve
>>> this. I'm not a big fan of duplicating that import code.
>>
>> I have created a patch that moves compat.py to ipapython - IMO ipapython
>> is the right place for such module.
>>
>>>
>>> Otherwise this works ok. I tested in the ipa-2-2 branch so had to do a
>>> couple of merges, not sure if this applies cleanly to current master or
>>> not.
>>>
>>> rob
>>
>> I have rebased the patches on top of current master and added patch 68,
>> which moves the compat module. See attachments.
>>
>> Honza
>>
>
> Found a couple more issues. I think these will be the last.
>
> Patch 61: --updatedns should be mentioned in the help docs at top,
> perhaps with an example

OK.

>
> Patch 61: there is an unused import base64 in util.py

There's also one in host.py and user.py.

>
> Patch 62: need a failsafe to remove CCACHE_FILE in case something goes
> wrong. I should note too that this won't work on platforms prior to
> Python 2.6 (RHEL-5 is one). This is fine, just means host keys won't be
> automatically updated.

What exactly won't work on Python 2.6?

>
> Lots of tests fail, this patch fixes them:
>
> diff --git a/tests/test_xmlrpc/objectclasses.py
> b/tests/test_xmlrpc/objectclasse
> s.py
> index cdcc642..346d52c 100644
> --- a/tests/test_xmlrpc/objectclasses.py
> +++ b/tests/test_xmlrpc/objectclasses.py
> @@ -31,6 +31,8 @@ user_base = [
> u'krbprincipalaux',
> u'krbticketpolicyaux',
> u'ipaobject',
> + u'ipasshuser',
> + u'ipaSshGroupOfPubKeys',
> ]
>
> user = user_base + [u'mepOriginEntry']
> @@ -44,6 +46,8 @@ group = [
> ]
>
> host = [
> + u'ipasshhost',
> + u'ipaSshGroupOfPubKeys',
> u'ieee802device',
> u'ipaobject',
> u'nshost',

OK, thanks for the patch.

>
> rob

Honza

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list