This version builds only one version of Python packages. If you want to
build for Python 2 & 3 call configure twice using different --with-python
or specify PYTHON variable when calling make.
dist-hook is using SOURCES.txt file from egg-info.
According to Petr Viktorin this should be enough for our purposes
and avoids need to create plugins for setuptools.
Currently VPATH builds do not work for various reasons.
This should be fixed later on.
Most credit goes to these guys:
Christian Heimes <cheimes@redhat.com>
Petr Viktorin <pviktori@redhat.com>
Kevin Brown <kevin@kevin-brown.com>
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Remove unused and obsolete function arguments:
* tls_certfile
* tls_keyfile
* debug_level
* Rename tls_cacertfile to cacert (same as name in LDAPClient)
* Set cacert to constants.CACERT by default.
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipca-ca-install: Use a single ldap connection for the entire
script. Connecting with ccache in promote is not needed.
* ipa-cacert-manage: Always connect to ldap, since renew and install
are the only options and renew seems to need ldap connection even
for self signed certificates.
* ipa-compat-manage: Use one ldap connection for the entire script.
Replaced try-finally with proper disconnect, code block reindented.
* ipa-csreplica-manage: Properly establish and close the ldap connection.
* ipa-dns-install: Proper connect, disconnect to ldap.
* ipa-kra-install: Proper connect/disconnect for install and uninstall.
* ipa-ldap-update: Proper connect and disconnect to ldap.
* ipa-nis-manage: Proper connect/disconnect for ldap. Try-finally removed
and code block reindented.
* ipa-replica-manage: Proper connect/disconnect to ldap.
* ipa-replica-prepare: Connect added to validate_options(), where api is
initialized and disconnected added at the end of run. Reconnect in
ask_for_options() to validate directory manager password.
* ipa-server-certinstall: Use api.Backend.ldap2 for ldap connections.
* ipa-server-upgrade: Connect to and disconnect from api.Backend.ldap2.
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Remove adhoc connects and disconnects of api.Backend.ldap2. Connection
should be established only at the start of the script, destroyed at the
end of the script and re-established when directory server is restarted.
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Create a utility function to restart a directory server and
reconnect the api.Backend.ldap2 connection.
* Use restart_dirsrv instead of knownservices.dirsrv.restart to
ensure api.Backend.ldap2 is reconnected.
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Connect and/or disconnect api.Backend.ldap2 connection when directory
server is stopped/restarted. Checking is ldap2 connection is connected
is neccesary for edge cases during ds installation (initial start).
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* move IPAdmin methods to LDAPClient
* add extra arguments (cacert, sasl_nocanon) to LDAPClient.__init__()
* add host, port, _protocol to LDAPClient (parsed from ldap_uri)
* create get_ldap_uri() method to create ldap_uri from former
IPAdmin.__init__() arguments
* replace IPAdmin with LDAPClient + get_ldap_uri()
* remove ununsed function argument hostname from
enable_replication_version_checking()
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
With FreeIPA 4.4 we moved child domains behind the 'trustdomain' topic.
Update 'ipa trustdomain-del' command to properly calculate DN to the
actual child domain and handle the case when it is missing correctly.
Fixes https://fedorahosted.org/freeipa/ticket/6445
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Replica installation on DL1 would fail to create a httpd instance
due to missing '/etc/httpd/alias/cacert.asc'. Create this file
in the setup_ssl step to avoid the error.
https://fedorahosted.org/freeipa/ticket/6393
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The Object Signing certificate created during server installation
was used only for signing the (recently removed) Firefox extension,
so there's no need to create that certificate any more.
Fixes: https://fedorahosted.org/freeipa/ticket/6399
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
httpd did not publish its certificate on DL1 which could
cause issues during client installation in a rare corner
case where there would be no way of getting the certificate
but from a HTTP instance.
https://fedorahosted.org/freeipa/ticket/6393
Reviewed-By: Martin Basti <mbasti@redhat.com>
This reverts commit d650c54fe4. The proposed fix
is incorrect since the Configurable class has no knowledge about used debug
options. These are used only in upper layers when configuring loggers.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
- Make sure to pass down the debug flag to ipa-client-install when
the server install is run in debug mode
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
On pwpolicy module import, "klist -V" is run to determine if the installed
krb5 version supports account lockout (>= 1.8).
Remove the check, as we require a krb5 version which does support account
lockout (1.12).
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Instead of importing ipalib to get IPA version string, create setup.py from
a template and have the version string automatically filled in.
This makes it possible to build the ipaserver package without having to
have ipalib dependencies installed.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
The original approach with __path__ implemented
by 8f98fa1bd5 broke Pylint:
We decided to resort back to symlinks as it is easiest solution
which does not break pylint in weird ways.
This commit introduces configure --with-ipaplatform option.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
All setup.py files are now using setuptools through a common file
ipasetup.py. The file is auto-generated and contain all common
settings.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
In commit c718ef0588 some param values were
accidentally removed from cert-find output.
In commit 22d5f579bb `serial_number_hex` and
`revoked` were added back.
Add back `revocation_reason` as well. Also, do not include `revoked` with
--raw, as it's a virtual attribute.
https://fedorahosted.org/freeipa/ticket/6269
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Add commentary to 'ca' plugin documentation to explain what happens
when a CA gets deleted - namely, that its signing cert gets revoked
and its private key deleted.
Also break the docstring up into smaller chunks to aid translation.
Fixes: https://fedorahosted.org/freeipa/ticket/6256
Reviewed-By: Martin Basti <mbasti@redhat.com>
