Discussion:
[Freeipa-devel] [freeipa PR#504][opened] Add SHA256 fingerprints
tomaskrizek
2017-02-24 09:16:18 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Author: tomaskrizek
Title: #504: Add SHA256 fingerprints
Action: opened

PR body:
"""
As discussed on the [devel list](https://www.redhat.com/archives/freeipa-devel/2017-February/msg01095.html), adding SHA256 fingerprints for certs and keeping SHA1 as well.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/504/head:pr504
git checkout pr504
stlaz
2017-02-24 09:22:02 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

stlaz commented:
"""
As discussed about hundred times before, do not touch `install/share/copy-schema-to-ca.py`.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-282244201
MartinBasti
2017-02-24 09:23:25 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

MartinBasti commented:
"""
Do not touch `install/share/copy-schema-to-ca.py` ever (this will be removed soon from master, just waiting for ACKs)
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-282244496
tomaskrizek
2017-02-24 09:36:56 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

tomaskrizek commented:
"""
I've dropped the commit that modified the deprecated file.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-282247242
tomaskrizek
2017-02-24 09:34:39 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Author: tomaskrizek
Title: #504: Add SHA256 fingerprints
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/504/head:pr504
git checkout pr504
tomaskrizek
2017-02-24 10:56:45 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Author: tomaskrizek
Title: #504: Add SHA256 fingerprints
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/504/head:pr504
git checkout pr504
stlaz
2017-03-02 13:51:56 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

stlaz commented:
"""
I wanted to test this but nothing is currently shown for either SHA-1 or SHA256 fingerprints in the WebUI so you can either fix it or we'll wait till @pvomacka has that done.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-283658413
pvomacka
2017-03-02 14:07:09 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

pvomacka commented:
"""
@stlaz , @tomaskrizek I will fix that today.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-283662059
pvomacka
2017-03-02 14:47:25 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

pvomacka commented:
"""
@tomaskrizek so, inline comment is not possible to the line where file was not changed. So, please remove line 1979: delete command.options.all; . That should be enough to display fingerprints correctly. Thank you
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-283672713
pvomacka
2017-03-02 14:44:49 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

pvomacka commented:
"""
@tomaskrizek actually you did almost all necessary steps. Just please check inline comments where is described one another change. And in general you do not have to add anything into json files as they are present just because of historical reasons and will be removed soon.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-283672011
tomaskrizek
2017-03-02 14:48:32 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Author: tomaskrizek
Title: #504: Add SHA256 fingerprints
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/504/head:pr504
git checkout pr504
tomaskrizek
2017-03-02 14:49:36 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

tomaskrizek commented:
"""
@pvomacka Thanks! Should be fixed now.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-283673360
tomaskrizek
2017-03-02 14:58:31 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Author: tomaskrizek
Title: #504: Add SHA256 fingerprints
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/504/head:pr504
git checkout pr504
stlaz
2017-03-06 09:14:26 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

Label: +ack
stlaz
2017-03-06 10:32:44 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

Label: -ack
stlaz
2017-03-06 10:36:38 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

stlaz commented:
"""
Please transform `sha256_fingerprint:` into `Fingerprint (SHA1):`
```
$ ipa cert-show --all
Serial number: 1
Issuing CA: ipa
Certificate: <snip />
Subject: CN=Certificate Authority,O=DOM-245.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
Issuer: CN=Certificate Authority,O=DOM-245.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
Not Before: Mon Mar 06 08:57:45 2017 UTC
Not After: Fri Mar 06 08:57:45 2037 UTC
**Fingerprint (SHA1):** 25:ea:cb:01:48:68:9e:8d:1c:25:ac:2c:92:d9:75:3f:0a:45:97:2d
Serial number: 1
Serial number (hex): 0x1
Revoked: False
**sha256_fingerprint:** af:09:dd:ae:66:74:cf:af:e2:4f:25:4d:2f:73:4e:a6:f4:d6:f8:32:c4:48:8e:e7:d9:fa:c6:1f:42:f3:09:c4
```
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-284360401
stlaz
2017-03-06 10:37:52 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

stlaz commented:
"""
Please transform `sha256_fingerprint:` into `Fingerprint (SHA1):`
```
$ ipa cert-show --all
Serial number: 1
Issuing CA: ipa
Certificate: <snip />
Subject: CN=Certificate Authority,O=DOM-245.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
Issuer: CN=Certificate Authority,O=DOM-245.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
Not Before: Mon Mar 06 08:57:45 2017 UTC
Not After: Fri Mar 06 08:57:45 2037 UTC
**Fingerprint (SHA1):** 25:ea:cb:01:48:68:9e:8d:1c:25:ac:2c:92:d9:75:3f:0a:45:97:2d
Serial number: 1
Serial number (hex): 0x1
Revoked: False
**sha256_fingerprint:** af:09:dd:ae:66:74:cf:af:e2:4f:25:4d:2f:73:4e:a6:f4:d6:f8:32:c4:48:8e:e7:d9:fa:c6:1f:42:f3:09:c4
```
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-284360401
stlaz
2017-03-06 10:38:15 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

stlaz commented:
"""
Please transform `sha256_fingerprint:` into `Fingerprint (SHA-256):`
```
$ ipa cert-show --all
Serial number: 1
Issuing CA: ipa
Certificate: <snip />
Subject: CN=Certificate Authority,O=DOM-245.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
Issuer: CN=Certificate Authority,O=DOM-245.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
Not Before: Mon Mar 06 08:57:45 2017 UTC
Not After: Fri Mar 06 08:57:45 2037 UTC
**Fingerprint (SHA1):** 25:ea:cb:01:48:68:9e:8d:1c:25:ac:2c:92:d9:75:3f:0a:45:97:2d
Serial number: 1
Serial number (hex): 0x1
Revoked: False
**sha256_fingerprint:** af:09:dd:ae:66:74:cf:af:e2:4f:25:4d:2f:73:4e:a6:f4:d6:f8:32:c4:48:8e:e7:d9:fa:c6:1f:42:f3:09:c4
```
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-284360401
tomaskrizek
2017-03-06 17:14:06 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

tomaskrizek commented:
"""
I think this is a translation issue that will resolve itself once we generate new translation files. Is that correct, @MartinBasti ?

When using `make install` that regenerates `*.po`, I get this output:

```
Serial number: 1
Issuing CA: ipa
Certificate: <snip />
Subject: CN=Certificate Authority,O=DOM-058-176.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
Issuer: CN=Certificate Authority,O=DOM-058-176.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
Not Before: Mon Mar 06 17:05:49 2017 UTC
Not After: Fri Mar 06 17:05:49 2037 UTC
Fingerprint (SHA1): 4c:49:28:74:82:94:30:1c:0e:f6:b2:30:2b:91:90:6c:73:bb:c1:d8
Fingerprint (SHA256): 52:d3:3b:5e:70:63:d0:6c:6f:4d:90:a4:bf:50:18:0b:7a:0c:ab:11:45:cf:05:7d:98:d6:e8:b1:bc:e0:9e:a9
Serial number: 1
Serial number (hex): 0x1
Revoked: False
```
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-284464681
stlaz
2017-03-07 08:37:17 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

stlaz commented:
"""
Hm, apparently I had old `po/`, never mind, then.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-284656476
stlaz
2017-03-07 08:37:25 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

Label: +ack
tomaskrizek
2017-03-07 18:54:24 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

Label: +pushed
tomaskrizek
2017-03-07 18:54:26 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Title: #504: Add SHA256 fingerprints

tomaskrizek commented:
"""
master:

* a06c71b1268850e485e89049ed3654f893edff0b Add SHA256 fingerprints for certs
"""

See the full comment at https://github.com/freeipa/freeipa/pull/504#issuecomment-284819750
tomaskrizek
2017-03-07 18:54:27 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/504
Author: tomaskrizek
Title: #504: Add SHA256 fingerprints
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/504/head:pr504
git checkout pr504

Loading...