Discussion:
[Freeipa-devel] [freeipa PR#650][opened] CA-less installation fix
stlaz
2017-03-24 08:59:33 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Author: stlaz
Title: #650: CA-less installation fix
Action: opened

PR body:
"""
These patches fix the CA-less installation by guessing the names for CA and server-cert nicknames in /etc/httpd/alias. The fix is not very nice since it's guessing but I am not sure if there's anything else we can do at this point.

Also, `HTTPInstance.start/stop_tracking_certificates` would probably not need the guessing since it's only relevant for CA-full installations where we know the server-cert nickname is `Server-Cert` so I can replace it there if you think that'd be better.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/650/head:pr650
git checkout pr650
stlaz
2017-03-24 11:11:25 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Author: stlaz
Title: #650: CA-less installation fix
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/650/head:pr650
git checkout pr650
stlaz
2017-03-24 11:13:07 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Author: stlaz
Title: #650: CA-less installation fix
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/650/head:pr650
git checkout pr650
stlaz
2017-03-24 12:54:17 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

stlaz commented:
"""
Fixed according to the comments, thanks.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/650#issuecomment-289014989
HonzaCholasta
2017-03-27 07:53:11 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

HonzaCholasta commented:
"""
@stlaz, `NSSDatabase.publish_ca_cert()` and `CertDB.publish_ca_cert()` become unused after your changes, could we remove them?
"""

See the full comment at https://github.com/freeipa/freeipa/pull/650#issuecomment-289379575
HonzaCholasta
2017-04-03 08:31:23 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

HonzaCholasta commented:
"""
@stlaz, please rebase.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/650#issuecomment-291080182
stlaz
2017-04-03 08:41:40 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Author: stlaz
Title: #650: CA-less installation fix
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/650/head:pr650
git checkout pr650
HonzaCholasta
2017-04-03 10:13:40 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

Label: +ack
HonzaCholasta
2017-04-03 10:13:31 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

HonzaCholasta commented:
"""
I found additional bugs in CA-less (replica) install, but with this PR, `publish_ca_cert` does not fail anymore.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/650#issuecomment-291102436
HonzaCholasta
2017-04-03 10:15:12 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

Label: -ack
HonzaCholasta
2017-04-03 10:15:36 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

HonzaCholasta commented:
"""
Actually, there is a pylint failure introduced by this PR:
```
************* Module ipapython.certdb
ipapython/certdb.py:579: [C0305(trailing-newlines), ] Trailing newlines)
```
"""

See the full comment at https://github.com/freeipa/freeipa/pull/650#issuecomment-291102890
stlaz
2017-04-03 10:47:13 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Author: stlaz
Title: #650: CA-less installation fix
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/650/head:pr650
git checkout pr650
stlaz
2017-04-03 10:47:49 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

stlaz commented:
"""
Sorry, must have screwed up the rebase.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/650#issuecomment-291109172
HonzaCholasta
2017-04-03 11:55:36 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

Label: +ack
HonzaCholasta
2017-04-03 11:59:03 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

HonzaCholasta commented:
"""
@stlaz, please also provide a version of this PR rebased on ipa-4-5.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/650#issuecomment-291122587
stlaz
2017-04-03 12:42:43 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

stlaz commented:
"""
Done in https://github.com/freeipa/freeipa/pull/685
"""

See the full comment at https://github.com/freeipa/freeipa/pull/650#issuecomment-291131467
HonzaCholasta
2017-04-03 13:07:09 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

Label: +pushed
HonzaCholasta
2017-04-03 13:07:16 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Title: #650: CA-less installation fix

HonzaCholasta commented:
"""
master:

* 8c87014e199b3dbe885c69d40a01d2723f813c3e Get correct CA cert nickname in CA-less
* aae9a918b68dc4f9a7b4fb9abf1bb4d26673109d Remove publish_ca_cert() method from NSSDatabase


"""

See the full comment at https://github.com/freeipa/freeipa/pull/650#issuecomment-291137152
HonzaCholasta
2017-04-03 13:07:19 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/650
Author: stlaz
Title: #650: CA-less installation fix
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/650/head:pr650
git checkout pr650

Loading...