[Freeipa-interest] FreeIPA 4.8.5 released
Alexander Bokovoy
abokovoy at redhat.com
Tue Mar 17 09:39:52 UTC 2020
Hello!
The FreeIPA team would like to announce FreeIPA 4.8.5 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora 30-32 versions will be available soon.
== Highlights in 4.8.5 ==
- [8214] openDNSSEC 2.1 support
- [8221] AJP connector protection
for Dogtag/FreeIPA communication for CVE-2020-1938 mitigation. Fedora
and RHEL do not force encrypted AJP connector by default with 9.0.31
but FreeIPA 4.8.5 will convert to encrypted AJP channel on upgrade or
at a new deployment. Use of AJP is limited to localhost connections
with integrated CA already.
- Default authentication indicators are now documented in FreeIPA
workshop, https://github.com/freeipa/freeipa-workshop/blob/master/11-kerberos-ticket-policy.rst
- [6891] FreeIPA SELinux policy is now part of the upstream packaging
and replaces distribution-wide policies.
- New internal mechanism to promote Trust Agents in
ipa-adtrust-install, to allow configuring schema compatibility plugin
on remote replicas.
- [8124] New "ipa-cacert-manage delete" command to allow pruning a CA
certificate from LDAP store
=== Enhancements ===
- Backup / restore tools now check whether packages for various optional
IPA master features installed before restore
- IPA CLI commands for DNS operations display additional attributes and
handle optional parameters when a record is removed
- Additional checks for external CA certificate properties during
installation
- Minor content improvements in ipa-client-samba's tool output
- Preliminary support for building with MIT Kerberos 1.18
- Increased test coverage in upstream test suite
- Ability to test multi-host scenarios in upstream CI using Azure
Pipelines
=== Known Issues ===
=== Bug fixes ===
FreeIPA 4.8.5 is a stabilization release for the features delivered as a
part of 4.8.0 release series.
There are more than 50 bug-fixes details of which can be seen in
the list of resolved tickets below.
== Upgrading ==
Upgrade instructions are available on [[Upgrade]] page.
== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users mailing
list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/)
or #freeipa channel on Freenode.
== Resolved tickets ==
* [https://pagure.io/freeipa/issue/6891 #6891] Move FreeIPA SELinux policy from system policy to project policy
* [https://pagure.io/freeipa/issue/7522 #7522] Disable cert publishing in dogtag
* [https://pagure.io/freeipa/issue/7537 #7537] PR-CI: external_ca tests are hitting timeout
* [https://pagure.io/freeipa/issue/7600 #7600] Enable compat tree to provide information about AD users and groups on trust agents
* [https://pagure.io/freeipa/issue/7630 #7630] ipa-restore should check that optional feature packages are installed before restoring a backup using a feature
* [https://pagure.io/freeipa/issue/7744 #7744] ipa-replica-install picks wrong replica for CA initial replication
* [https://pagure.io/freeipa/issue/7830 #7830] FreeIPA installation fails with 389-DS 1.4.0.20-1
* [https://pagure.io/freeipa/issue/7856 #7856] Nightly test failure in test_uninstallation.py::TestUninstallBase::()::test_failed_uninstall
* [https://pagure.io/freeipa/issue/7861 #7861] Make IPADiscovery available in PyPI packages
* [https://pagure.io/freeipa/issue/7909 #7909] Wrong evaluation of replication update status
* [https://pagure.io/freeipa/issue/7917 #7917] Occasional 'whoami.data is undefined' error in FreeIPA web UI
* [https://pagure.io/freeipa/issue/7938 #7938] 'ipa dnszone-show/find' should display "Dynamic Update" and "Bind update policy" by default
* [https://pagure.io/freeipa/issue/7941 #7941] ipapython/dn_ctypes.py: libldap_r shared library missing
* [https://pagure.io/freeipa/issue/7942 #7942] WebUI test for automount is broken
* [https://pagure.io/freeipa/issue/7948 #7948] [FIPS] Use 3DES for certificate encryption when creating a PKCS#12
* [https://pagure.io/freeipa/issue/7953 #7953] ipa-pwd-extop: do not remove MagicRegen mod, replace it
* [https://pagure.io/freeipa/issue/7965 #7965] Stop using 389-ds legacy tools for backup and restore
* [https://pagure.io/freeipa/issue/7974 #7974] Nightly test failure in ipatests.test_integration.test_user_permissions.TestUserPermissions
* [https://pagure.io/freeipa/issue/7984 #7984] make sure 'make fastlint' processes Python .in files
* [https://pagure.io/freeipa/issue/7987 #7987] Python shebang: Use isolated mode
* [https://pagure.io/freeipa/issue/7989 #7989] Pytest4.2+ errors
* [https://pagure.io/freeipa/issue/7990 #7990] Assumptions about systemd name of `named`
* [https://pagure.io/freeipa/issue/7998 #7998] Use system-wide crypto policy in TLS client
* [https://pagure.io/freeipa/issue/8001 #8001] Need default authentication indicators for SPAKE, PKINIT and encrypted challenge preauth
* [https://pagure.io/freeipa/issue/8004 #8004] RHEL 8 uses nis-domainname instead of rhel-domainname
* [https://pagure.io/freeipa/issue/8029 #8029] ipa host-find --pkey-only includes SSH keys in output
* [https://pagure.io/freeipa/issue/8079 #8079] [Security] By default, DNS recursion is open, breaking best practices
* [https://pagure.io/freeipa/issue/8098 #8098] Host principals lack ACI to look up DNS objects in LDAP
* [https://pagure.io/freeipa/issue/8105 #8105] getcert with -F option returns before cacert file is created
* [https://pagure.io/freeipa/issue/8110 #8110] Enable AES SHA 256 and 384 Kerberos enctypes
* [https://pagure.io/freeipa/issue/8116 #8116] Pylint parallel execution with custom plugin
* [https://pagure.io/freeipa/issue/8124 #8124] Add option to ipa-cacert-manage to delete certificates
* [https://pagure.io/freeipa/issue/8135 #8135] When Service weight is set as 0 for server in IPA location "IPA Error 903: InternalError" is displayed
* [https://pagure.io/freeipa/issue/8142 #8142] check Not Before / Not After in externally signed CA sanity check
* [https://pagure.io/freeipa/issue/8149 #8149] SIDs of AD domains do not display in ipa-client-samba installer
* [https://pagure.io/freeipa/issue/8150 #8150] IPA Server install fail
* [https://pagure.io/freeipa/issue/8151 #8151] test_commands timing-out
* [https://pagure.io/freeipa/issue/8153 #8153] Kerberos ticket policy reset does not reset per-indicator policies
* [https://pagure.io/freeipa/issue/8157 #8157] NIghtly test failure in fedora-rawhide/test_webui_network
* [https://pagure.io/freeipa/issue/8163 #8163] "Internal Server Error" reported for minor issues implies IPA is broken [IdmHackfest2019]
* [https://pagure.io/freeipa/issue/8164 #8164] Renewed certs are not picked up by IPA CAs
* [https://pagure.io/freeipa/issue/8169 #8169] NIghtly test failure in fedora-rawhide/test_webui_policy
* [https://pagure.io/freeipa/issue/8170 #8170] Nightly test failure in fedora-rawhide/test_backup_and_restore_TestBackupReinstallRestoreWithDNS
* [https://pagure.io/freeipa/issue/8173 #8173] Broken -k argument parsing in ipa-run-tests 4.8.4-1 package
* [https://pagure.io/freeipa/issue/8176 #8176] External CA is tracked for renewals and replaced with a self-signed certificate
* [https://pagure.io/freeipa/issue/8179 #8179] Tests broken with python version < 3.7 (module 're' has no attribute 'Pattern')
* [https://pagure.io/freeipa/issue/8190 #8190] ipa-client-automount fails after repeated installation/uninstallation
* [https://pagure.io/freeipa/issue/8192 #8192] ipa-adtrust-install does not list service records for manual addition to DNS zone
* [https://pagure.io/freeipa/issue/8193 #8193] Re-order 50-externalmembers.update to be after 80-schema_compat.update
* [https://pagure.io/freeipa/issue/8196 #8196] API: dnsrecord_del failure with empty list aaaarecord
* [https://pagure.io/freeipa/issue/8200 #8200] ipa krb5kdc db: krb5kdc coredump
* [https://pagure.io/freeipa/issue/8201 #8201] update ssbrowser.html
* [https://pagure.io/freeipa/issue/8202 #8202] Azure: add support for multi-container tests
* [https://pagure.io/freeipa/issue/8214 #8214] Support for opendnssec 2.1.6
* [https://pagure.io/freeipa/issue/8219 #8219] ipatests: unify editing of sssd.conf
* [https://pagure.io/freeipa/issue/8221 #8221] Secure AJP connector between Dogtag and Apache proxy
* [https://pagure.io/freeipa/issue/8226 #8226] ipa-restore does not restart httpd
== Detailed changelog since 4.8.4 ==
=== Armando Neto (4) ===
* prci: update fedora used for testing ipa-4-8 [https://pagure.io/freeipa/c/c1660a4c023a28cdad40720fd91d7e57870b4808 commit]
* prci: Bump template version [https://pagure.io/freeipa/c/59593194d3eaf646ae757b88dc8a9231c21301c2 commit]
* ipatests: Skip test_sss_ssh_authorizedkeys method [https://pagure.io/freeipa/c/011734279c37ca1e9a013694525563b4e77ace78 commit] [https://pagure.io/freeipa/issue/8151 #8151]
* ipatests: Improve test_commands reliability [https://pagure.io/freeipa/c/5431dd9706253ea7cd75f62f5cd387bbf25ac878 commit]
=== Alexander Bokovoy (11) ===
* Become FreeIPA 4.8.5 [https://pagure.io/freeipa/c/5f49e6d1aaab56f8dd72e991f16ff575b7f4c9ee commit]
* Add new contributors to the list [https://pagure.io/freeipa/c/1af953680ba95d7a9da382e05f373375d1e6a35d commit]
* Add more contributor emails to the mailmap [https://pagure.io/freeipa/c/b598982520891d2907070101c8953019613a4694 commit]
* Secure AJP connector between Dogtag and Apache proxy [https://pagure.io/freeipa/c/d4d8b98c3588b212db6a26610e690cccb3af84ca commit] [https://pagure.io/freeipa/issue/8221 #8221]
* Tighten permissions on PKI proxy configuration [https://pagure.io/freeipa/c/1deb1010b245df6c363c5655f9a548bdf4dbc040 commit] [https://pagure.io/freeipa/issue/8221 #8221]
* Azure Pipelines: re-enable nodejs:12 stream for Fedora 31+ [https://pagure.io/freeipa/c/4eb48492b354ecc30ffe1dd9654dcc0e0e833d64 commit]
* kdb: make sure audit_as_req callback signature change is preserved [https://pagure.io/freeipa/c/30b8c8b9985a5eb41e700b80fd03f95548e45fba commit] [https://pagure.io/freeipa/issue/8200 #8200]
* adtrust: print DNS records for external DNS case after role is enabled [https://pagure.io/freeipa/c/936e27f75961c67e619ecfa641e256ce80662d68 commit] [https://pagure.io/freeipa/issue/8192 #8192]
* Update Azure Pipelines to use Fedora 31 [https://pagure.io/freeipa/c/f4e2acd1333f0f3d88da81d3fda80e85c9c418c2 commit]
* install/updates: move external members past schema compat update [https://pagure.io/freeipa/c/14dbf04148c6284b176eca34aa70df4bef09b857 commit] [https://pagure.io/freeipa/issue/8193 #8193]
* Reset per-indicator Kerberos policy [https://pagure.io/freeipa/c/a8b52eaf3cf56c90e3d94fdef0b9e426052634ea commit] [https://pagure.io/freeipa/issue/8153 #8153]
=== Anuja More (11) ===
* Mark test to skip sssd-2.2.2 [https://pagure.io/freeipa/c/a9922639f3541fe25cadbba79a94de7ada29c7f3 commit]
* ipatests: User and group with same name should not break reading AD user data. [https://pagure.io/freeipa/c/c3053e287b8d29da40ef9c36fbe8915f616f8501 commit]
* ipatests: Added test when 2FA prompting configurations is set. [https://pagure.io/freeipa/c/dcdcbe37f42a219541716938fd34ac1df7d8170c commit]
* ipatests: SSSD should fetch external groups without any limit. [https://pagure.io/freeipa/c/d4b8081e6c0a745451ff314f7a42d5ff344ac327 commit]
* ipatests: Add test for ipa-extdom-extop plugin should allow @ in group name [https://pagure.io/freeipa/c/985c99fc7ad6fdd30d428d099e006b1a0836a87d commit]
* Update topology for test_integration/test_sssd.py [https://pagure.io/freeipa/c/2d0da2f9aff2e6256ae9f43838ca24335381e7e8 commit]
* After mounting "Unspecified GSS failure" should not be in logs. [https://pagure.io/freeipa/c/4d7eac93b0249d6f4081bb4857079875afa21423 commit]
* Add xmlrpc test with input validation check for kerberos ticket policy. [https://pagure.io/freeipa/c/acbbc52999f8c7694d549b709bc8caea801dc94c commit]
* Fix fedora version for xfail for sssd test [https://pagure.io/freeipa/c/2b19749a3769bbac5f11aa901bf6291b6240dddb commit]
* Add integration test for otp kerberos ticket policy. [https://pagure.io/freeipa/c/27a6920d50e5d63afbfc198e64885a2cd3fadc48 commit] [https://pagure.io/freeipa/issue/8001 #8001]
* ipatests: filter_users should be applied correctly. [https://pagure.io/freeipa/c/71a4d574bd94eda3cb7490a2254ce764fe9bcdb1 commit]
=== Christian Heimes (7) ===
* Allow hosts to read DNS records for IP SAN [https://pagure.io/freeipa/c/e4a611aee8ca839c59798210b56e65f21a24e965 commit] [https://pagure.io/freeipa/issue/8098 #8098]
* Cleanup SELinux policy [https://pagure.io/freeipa/c/87e0d82dd4409cdecaacee1fa27d27033aa65f7a commit] [https://pagure.io/freeipa/issue/6891 #6891]
* Integrate SELinux policy into build system [https://pagure.io/freeipa/c/18ce2033c04aed2c4a34f61b9ee3642b01f53017 commit]
* dnsrecord: Treat empty list arguments correctly [https://pagure.io/freeipa/c/2ade60ac63ff9a626ae1ec17196121fe694ee212 commit] [https://pagure.io/freeipa/issue/8196 #8196]
* Remove dependency on custodia package [https://pagure.io/freeipa/c/b240b54bb4ff160851c7681914eb210934ae2abc commit]
* Make assert_error compatible with Python 3.6 [https://pagure.io/freeipa/c/e9ed8e78454f12fcfc3d0484dd36995cbef65961 commit] [https://pagure.io/freeipa/issue/8179 #8179]
* Print LDAP diagnostic messages on error [https://pagure.io/freeipa/c/4fe1f7701a616c17167f75e1e81f3a479a2ee50f commit]
=== Dinesh Prasanth M K (1) ===
* Adding auto COPR builds [https://pagure.io/freeipa/c/21fb038c9bdfa05fa96ac2a0fc6f4cc1e74ce916 commit]
=== François Cami (5) ===
* ipa-restore: restart services at the end [https://pagure.io/freeipa/c/8d6a609d6e55dc11b4768ee54da46393228660f9 commit] [https://pagure.io/freeipa/issue/8226 #8226]
* ipatests: make sure ipa-client-automount reverts sssd.conf [https://pagure.io/freeipa/c/7ae804c726970ae467a7f76efa21bae40405551d commit] [https://pagure.io/freeipa/issue/8190 #8190]
* ipa-client-automount: call save_domain() for each change [https://pagure.io/freeipa/c/6332aed9ba67e2ee759a9d988ba92139486469d4 commit] [https://pagure.io/freeipa/issue/8190 #8190]
* ipatests: expect "Dynamic Update" and "Bind update policy" in default dnszone* output [https://pagure.io/freeipa/c/578bdce292c142b7fca6e237ccb3f5cec641e618 commit] [https://pagure.io/freeipa/issue/7938 #7938]
* ipaserver/plugins/dns.py: add "Dynamic Update" and "Bind update policy" to default dnszone* output [https://pagure.io/freeipa/c/e3cff5d152fc36802f7ddfcd0730696e154d1b4c commit] [https://pagure.io/freeipa/issue/7938 #7938]
=== Florence Blanc-Renaud (16) ===
* opendnssec2.1 support: move all ods tasks to specific file [https://pagure.io/freeipa/c/799ebc8be681165e622778848a9b2989434a29dd commit] [https://pagure.io/freeipa/issue/8214 #8214]
* DnsSecMaster migration: move the call to zonelist export later [https://pagure.io/freeipa/c/598c55cc0dc884aa780ac2dc2f3adfd8299e6ea0 commit] [https://pagure.io/freeipa/issue/8214 #8214]
* Support OpenDNSSEC 2.1: new ods-signer protocol [https://pagure.io/freeipa/c/fc4ccfa5c3a7ecd7c9e5539595e0440965d62336 commit] [https://pagure.io/freeipa/issue/8214 #8214]
* With opendnssec 2, read the zone list from file [https://pagure.io/freeipa/c/6cb3b11a61d5b9b7df93130188c7feef83398090 commit] [https://pagure.io/freeipa/issue/8214 #8214]
* Remove the <Interval> from opendnssec conf [https://pagure.io/freeipa/c/5716c3b78f43391d2ab7b4b1fd672135f3b55bdb commit] [https://pagure.io/freeipa/issue/8214 #8214]
* Support opendnssec 2.1.6 [https://pagure.io/freeipa/c/23993f58e1da98e537b03b9274d91308cbc63a6c commit] [https://pagure.io/freeipa/issue/8214 #8214]
* selinux policy: add the right context for org.freeipa.server.trust-enable-agent [https://pagure.io/freeipa/c/df0df14bf31dba5800747aa08824b24b8be41eab commit] [https://pagure.io/freeipa/issue/7600 #7600]
* ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg missing [https://pagure.io/freeipa/c/21c923c4cf21f30f20ec4b21c488db6f6fa92b67 commit] [https://pagure.io/freeipa/issue/7600 #7600]
* ipatests: fix TestSubCAkeyReplication [https://pagure.io/freeipa/c/c444f7a35ada0dcb4f565557b7c71f3644fdd446 commit]
* ipatests: add test for ipa-adtrust-install --add-agents [https://pagure.io/freeipa/c/4afd6e5e07061dde6e30b5352668bdf23cd6dedd commit] [https://pagure.io/freeipa/issue/7600 #7600]
* ipa-adtrust-install: run remote configuration for new agents [https://pagure.io/freeipa/c/5edc674e7262ce4506c40b8c066207f9e5f55c33 commit] [https://pagure.io/freeipa/issue/7600 #7600]
* Privilege: add a helper checking if a principal has a given privilege [https://pagure.io/freeipa/c/66154f8bf79584b8fa6792e3d2ca534900dfa481 commit] [https://pagure.io/freeipa/issue/7600 #7600]
* Part2: Don't fully quality the FQDN in ssbrowser.html for Chrome [https://pagure.io/freeipa/c/8a5bfaba83da700bed29fc82ef1d280bfabb8379 commit] [https://pagure.io/freeipa/issue/8201 #8201]
* ipatests: fix modify_sssd_conf() [https://pagure.io/freeipa/c/8e527507c0971ed1a8468e10246232491b1ef36c commit]
* ipatests: fix backup and restore [https://pagure.io/freeipa/c/1b7cf51e292b917a18ec7959708cb62ceddd44b7 commit] [https://pagure.io/freeipa/issue/8170 #8170]
* AD user without override receive InternalServerError with API [https://pagure.io/freeipa/c/4db18be5467c0b8f7633b281c724f469f907e573 commit] [https://pagure.io/freeipa/issue/8163 #8163]
=== Fraser Tweedale (4) ===
* Do not renew externally-signed CA as self-signed [https://pagure.io/freeipa/c/4b5513660cb73ee685e09c4f84634ac9d1fa792d commit] [https://pagure.io/freeipa/issue/8176 #8176]
* ipatests: add test for certinstall with notBefore in the future [https://pagure.io/freeipa/c/25310105da0540eb84b6d0ee4c30649750583703 commit] [https://pagure.io/freeipa/issue/8142 #8142]
* Fix test regressions caused by certificate validation changes [https://pagure.io/freeipa/c/d833b5ba607f79a495e0245722e8ccef7cefbd7a commit] [https://pagure.io/freeipa/issue/8142 #8142]
* ipatests: assert_error: allow regexp match [https://pagure.io/freeipa/c/44fca092ead0316084d68917032e28e5cbb20ad4 commit] [https://pagure.io/freeipa/issue/8142 #8142]
=== Gaurav Talreja (1) ===
* Normalize test definations titles [https://pagure.io/freeipa/c/875769c7c0a66a217a152b7c8cb064c3ceabf541 commit]
=== Isaac Boukris (2) ===
* Fix legacy S4U2Proxy in DAL v8 support [https://pagure.io/freeipa/c/0806c1582b2f1dfaf04eb2e8fa222c190e24d818 commit]
* Fix DAL v8 support [https://pagure.io/freeipa/c/99a920cb69e213d211a6ff9622950e81c3e71c8d commit]
=== Jayesh (3) ===
* Test for ipa-ca-install on replica [https://pagure.io/freeipa/c/e1ff95fc618f22886b505a8dbfdfa7651e1a3b9b commit]
* Test ipa-getkeytab quiet mode, encryptons [https://pagure.io/freeipa/c/631054a1c9aff849378278f99722a8711d6bacf3 commit]
* Test if ipactl starts services stopped by systemctl [https://pagure.io/freeipa/c/acbd90d9fb16e76964d36b3d6e8e542a30631172 commit]
=== Kaleemullah Siddiqui (1) ===
* Tests for backup-restore when pkg required is missing [https://pagure.io/freeipa/c/3ced5532576779ee7bb2e7f15ff4b5039ba4daba commit] [https://pagure.io/freeipa/issue/7630 #7630]
=== Mohammad Rizwan Yusuf (6) ===
* Test if getcert creates cacert file with -F option [https://pagure.io/freeipa/c/937fb1d9518c54bf9c05bc0b7d6f43b29971eb3c commit] [https://pagure.io/freeipa/issue/8105 #8105]
* Move wait_for_request() method to tasks.py [https://pagure.io/freeipa/c/5d8d9198ce1ddfd44eb7c0268c397359e6239fca commit]
* Test if server installer lock Bind9 recursion [https://pagure.io/freeipa/c/3fbbd02b0e8bc5e4f196e8d26ecfa8c989dadabb commit] [https://pagure.io/freeipa/issue/8079 #8079]
* Add certmonger wait_for_request that uses run_command [https://pagure.io/freeipa/c/84ae778c8731b0934e011155b668acbb97d775c2 commit]
* Test if certmonger reads the token in HSM [https://pagure.io/freeipa/c/eaf9e79c8000118317527caad4cf6aa521fd0028 commit]
* Test AES SHA 256 and 384 Kerberos enctypes enabled [https://pagure.io/freeipa/c/61577c851e81beabc65e5b96603b88e9f7ec973b commit] [https://pagure.io/freeipa/issue/8110 #8110]
=== Rob Crittenden (7) ===
* Move execution of ipa-healthcheck to a separate function [https://pagure.io/freeipa/c/f36b8697a1d7dcf0f698147b3791c8ed338863d7 commit]
* Fix div-by-zero when svc weight is 0 for all masters in location [https://pagure.io/freeipa/c/12d6864b6dc30155414e2483f7634684ccc9ee3e commit] [https://pagure.io/freeipa/issue/8135 #8135]
* Don't fully quality the FQDN in ssbrowser.html for Chrome [https://pagure.io/freeipa/c/f356d5734662d0a20f06702353b2f10f29b9f55d commit] [https://pagure.io/freeipa/issue/8201 #8201]
* Add tests for ipa-cacert-manage delete command [https://pagure.io/freeipa/c/78827db1aa561613d3fb40f39525f7e8fcae2b98 commit] [https://pagure.io/freeipa/issue/8124 #8124]
* ipa-certupdate removes all CA certs from db before adding new ones [https://pagure.io/freeipa/c/7d81a3458c266a1e0c4baa07717aac110c435e59 commit] [https://pagure.io/freeipa/issue/8124 #8124]
* Add delete option to ipa-cacert-manage to remove CA certificates [https://pagure.io/freeipa/c/37f81cc566cc37a47b7d1b0d900a53273eae01ac commit] [https://pagure.io/freeipa/issue/8124 #8124]
* Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit [https://pagure.io/freeipa/c/3d7d58d8214f3c899c0afd1a3a6a6678f38b7b39 commit] [https://pagure.io/freeipa/issue/8164 #8164]
=== Robbie Harwood (6) ===
* Drop support for DAL version 5.0 [https://pagure.io/freeipa/c/196350444ccab2b99e86accf7eb19ff8327a1e95 commit]
* Support DAL version 8.0 [https://pagure.io/freeipa/c/089c47e212ac077dcd27bc60013d7ac7bf2270ee commit]
* Handle the removal of KRB5_KDB_FLAG_ALIAS_OK [https://pagure.io/freeipa/c/d97cfd72721ed2f7e77f5c397a0ca7b389ea6d72 commit]
* Fix several leaks in ipadb_find_principal [https://pagure.io/freeipa/c/6bdd6b3d265ffc2f437e2a69707978758c2efdd8 commit]
* Use separate variable for client fetch in kdcpolicy [https://pagure.io/freeipa/c/01c1b270cd83ab6573dc0a502ac37d0182503c3d commit]
* Make the coding style explicit [https://pagure.io/freeipa/c/86a8d9480aa402f885c72ccbcfeeb2bac488f268 commit]
=== Stanislav Levin (24) ===
* spec: Take the ownership over '/usr/libexec/ipa/custodia' [https://pagure.io/freeipa/c/5df2f5d856f15c6283644a00004fad5873eb1671 commit]
* Azure: Report elapsed time [https://pagure.io/freeipa/c/8fd1eacfb5c49738f9a26124cfa7a2423244637b commit]
* Azure: Rebalance tests [https://pagure.io/freeipa/c/1fe5c04cdd2f5f998f92debc7f3f46f2807ddc88 commit]
* Azure: Skip tests requiring external DNS [https://pagure.io/freeipa/c/ec21ecc5c6677f9e87fc8ffa5652645469865230 commit]
* Azure: Free Docker resources after usage [https://pagure.io/freeipa/c/4b2cdeef29094dd6b3e4f485993ad5f69c8d84b5 commit]
* Azure: Preliminary check for provided limits [https://pagure.io/freeipa/c/4e6e0c88bb2831b65c1a5a6f1f4a7f09c0b112cf commit]
* Azure: Sync Gating definitions to current PR-CI [https://pagure.io/freeipa/c/0fbdb1357ca3e861bba14d21ceb6e2a6e753a14c commit]
* pylint: Run Pylint over Azure Python scripts [https://pagure.io/freeipa/c/3fff86757cfc7a78db33801e3c75e208b01660f7 commit] [https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Add support for testing multi IPA environments [https://pagure.io/freeipa/c/245a9dc93f086b685b09984ea4a3395b93fd5789 commit] [https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Don't collect twice systemd_journal.log [https://pagure.io/freeipa/c/685d902ca4cf10c8c440036016c2dd3e05d76222 commit] [https://pagure.io/freeipa/issue/8202 #8202]
* yamllint: Lint all the YAML files [https://pagure.io/freeipa/c/2988f5f30c9379f8ac7cbfc56af382f2779479cf commit] [https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Make it possible to configure distro-specific stuff [https://pagure.io/freeipa/c/198cd506592c8dc078e7956a42d0d4e0342cf86d commit] [https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Allow to run integration tests [https://pagure.io/freeipa/c/d33b7d61fc8e012ecfd0354a6d3431301a66d768 commit] [https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Allow SSH for Docker environments [https://pagure.io/freeipa/c/6a6e3f2339c5773f051aaea08922f6853ef5942d commit] [https://pagure.io/freeipa/issue/8202 #8202]
* Azure: Allow to not provide tests to be ignored [https://pagure.io/freeipa/c/11d145300dcd1b9b986f259efa57eddcca9b2e32 commit] [https://pagure.io/freeipa/issue/8202 #8202]
* ipatests: Allow zero-length arguments [https://pagure.io/freeipa/c/c35c066a6d7b7a493e22a4af3043d5d2a72133d4 commit] [https://pagure.io/freeipa/issue/8173 #8173]
* lint: Make Pylint-2.4 happy again [https://pagure.io/freeipa/c/44a59ff39a3f481e90043e546c892c9108231d67 commit] [https://pagure.io/freeipa/issue/8116 #8116]
* pylint: Clean up comment [https://pagure.io/freeipa/c/6f48848562f4e9ab9584154fd85e6ad1ac331ecd commit] [https://pagure.io/freeipa/issue/8116 #8116]
* pylint: Synchronize pylint plugin to ipatests code [https://pagure.io/freeipa/c/3460db4ee7c7ce6c9a639a644a39c4df09ce31ac commit] [https://pagure.io/freeipa/issue/8116 #8116]
* pylint: Teach Pylint how to handle request.context [https://pagure.io/freeipa/c/5939c90752db9da1adaf8c0bfe6bec3d6c1e2ad6 commit] [https://pagure.io/freeipa/issue/8116 #8116]
* ipatests: Properly kill gpg-agent [https://pagure.io/freeipa/c/294694ad69fa909e2f699cb2dad0f36b966a246f commit] [https://pagure.io/freeipa/issue/7989 #7989]
* pytest: Warn about unittest/nose/xunit tests [https://pagure.io/freeipa/c/3659b46d6aeea06b4875860ec69a9215afcbdd91 commit] [https://pagure.io/freeipa/issue/7989 #7989]
* pytest: Migrate unittest/nose to Pytest fixtures [https://pagure.io/freeipa/c/356f907fc255ab3a9f93ff2808646b92a6652aec commit] [https://pagure.io/freeipa/issue/7989 #7989]
* pytest: Migrate xunit-style setups to Pytest fixtures [https://pagure.io/freeipa/c/87bc31464b6133af9befd412af54403665c22628 commit] [https://pagure.io/freeipa/issue/7989 #7989]
=== Sergey Orlov (9) ===
* ipatests: add test for SSSD updating expired cache items [https://pagure.io/freeipa/c/40fd96f27d2512212ac99fff9ace0fef1f5a57d4 commit]
* ipatests: provide docstrings instead of imporperly placed comments [https://pagure.io/freeipa/c/1d416a5a5ceaaf3fff9df423cea9114f1918aad2 commit]
* ipatests: remove invalid parameter from sssd.conf [https://pagure.io/freeipa/c/a1695722125674204b6e880b6ac652d78b783c88 commit] [https://pagure.io/freeipa/issue/8219 #8219]
* ipatests: use remote_sssd_config to modify sssd.conf [https://pagure.io/freeipa/c/32584ed34f466e8f474e22d778e3e964d0fcd2c4 commit] [https://pagure.io/freeipa/issue/8219 #8219]
* ipatests: replace utility for editing sssd.conf [https://pagure.io/freeipa/c/5ff9b6e2a506c3ef1179655ae2d2e479005ec99e commit] [https://pagure.io/freeipa/issue/8219 #8219]
* ipatests: update docstring to reflect changes in FileBackup.restore() [https://pagure.io/freeipa/c/9cb8984112ff31721b71dcdd4febcc23c2641691 commit]
* ipatests: add test_trust suite to nightly runs [https://pagure.io/freeipa/c/0ff0ab85a8b1d90fb94e09bdbb3e9eeeb11d191a commit]
* ipatests: add check for output contents of ipa-client-samba [https://pagure.io/freeipa/c/577dd1e47a092cf7e4527707111d28297bb58f53 commit] [https://pagure.io/freeipa/issue/8149 #8149]
* ipatests: add test_winsyncmigrate suite to nightly runs [https://pagure.io/freeipa/c/72e1b135b3862a16df4e8b5a1a7c2bbfcd5b08c9 commit]
=== Sumedh Sidhaye (1) ===
* Added a test to check if ipa host-find --pkey-only does not return SSH public key [https://pagure.io/freeipa/c/2cd67d5a9a22c009f050e493d4b3e2882dbfd81f commit] [https://pagure.io/freeipa/issue/8029 #8029]
=== Serhii Tsymbaliuk (2) ===
* WebUI tests: Fix broken reference to parent facet in table record check [https://pagure.io/freeipa/c/4e1d27c22a90d579a9019829f8ffd0bed51c2e5f commit] [https://pagure.io/freeipa/issue/8157 #8157]
* WebUI tests: Fix 'Button is not displayed' exception [https://pagure.io/freeipa/c/664eed7d0885791a3b16ad082d56f9a14682673e commit] [https://pagure.io/freeipa/issue/8169 #8169]
=== sumenon (3) ===
* ipatests: check that ipa-healthcheck warns if no dna range is set [https://pagure.io/freeipa/c/59bd2fec85a49ff75fbcad05cfd5a641a67c5d56 commit]
* Nightly definition for ipa-healthcheck tool [https://pagure.io/freeipa/c/7a45cd179f846920ffa91df7f28f21e7de09f328 commit]
* Tier-1 test for ipa-healthcheck tool [https://pagure.io/freeipa/c/a6dae4843c2fbaba984bf6bd3add6e2b62b1f59f commit]
=== Thomas Woerner (2) ===
* ipaserver/plugins/hbacrule: Add HBAC to memberservice_hbacsvc* labels [https://pagure.io/freeipa/c/8b5dc6a29e5e1893f9ec864bdde1f769ad6efc39 commit]
* DNS install check: Fix overlapping DNS zone from the master itself [https://pagure.io/freeipa/c/2c2cef7063315766d893b275185b422be3f3c019 commit] [https://pagure.io/freeipa/issue/8150 #8150]
=== Vit Mojzis (3) ===
* selinux: Remove obsolete memcached access [https://pagure.io/freeipa/c/96565414b3fd1e2c946b21f205a3ac3c4b5bad0c commit]
* selinux: move BUILD_SELINUX_POLICY definition [https://pagure.io/freeipa/c/bb6a5a5d9f850bde9b8d81c2dd51d41263c22cd4 commit]
* Add freeipa-selinux subpackage [https://pagure.io/freeipa/c/4ca100999b691c22ff63154edd32af0e8040ef1f commit]
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
More information about the Freeipa-interest
mailing list