Commit Graph

85 Commits

Author SHA1 Message Date
Petr Viktorin
68f4af3122 tests: Create the testing service certificate on demand
Replace the make-testcert command with a module that creates
the certificate when it is first needed.
As a result the tests are more self-contained, and can be run from
a read-only location (such as installed from a system package).

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-03-06 10:33:21 +01:00
Nathaniel McCallum
5c299758b9 Enable building in C99 mode
C99 is supported on all compilers we target and
provides some useful features, including:
  * Standard struct initializers
  * Compound literals
  * For-loop declarations
  * Standard bool type
  * Variable arrays (use with caution)
  * Too many others to mention...

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-02-14 16:03:24 +01:00
Xiao-Long Chen
5e96fbc22a Use /usr/bin/python2
Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.

FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2

https://fedorahosted.org/freeipa/ticket/3438

Updated by pviktori@redhat.com
2014-01-03 09:46:05 +01:00
Petr Vobornik
ccac000012 Increase stack size for Web UI builder
Web UI build fails on some architectures or configuration due to
StackOverflow. This patch increases the stack size to solve it.

512k is usually enough but we encountered fail on ppc64 even with 2m,
therefore the 8m. The build is single threaded so it shouldn't waste
much memory.
2013-12-13 15:17:48 +01:00
Jan Cholasta
8bfa79289a Add stricter default CFLAGS to Makefile.
https://fedorahosted.org/freeipa/ticket/3896
2013-12-06 14:44:40 +01:00
Petr Vobornik
b4fc6f4ba8 Load updated Web UI files after server upgrade
Issue:
* There was no caching policy specified.
* -> Browsers use their own default policy.
* -> After upgrade, some Web UI files might have been actualized some not.
* -> With schema change may result into weird bugs in Web UI

Solution considerations:

1. Detect server version change and hard-reload at runtime
Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it.

2. Application Cache
HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files).

Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail.

3. Set Expires to now() for everything
Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed.

Solution:
* Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded.
* The loader adds a version parameter (?v=__NUM_VERSION__) to all requests.
* Version is defined in the loader. It's set to current in `make version-update`.
* All static pages use this loader to fetch their resources.
* Version is also passed to dojo loader as cache-bust for the same effect.
* Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration).

Possible issues:
* Images are cached but not requested with version param.
  * Images with version and without are considered different
  * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS.
  * Proposed solution is to change image name when changing image. Image change is done rarely.
* Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins.
  * No action taken to address this issue yet.
  * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/)
  * or set expires to now for all plugins
* running `make version-update` is required in order to use static version of UI for testing

https://fedorahosted.org/freeipa/ticket/3798
2013-10-16 18:06:30 +02:00
Timo Aaltonen
afce2f8162 Use /usr/bin/python as fallback python path 2013-09-16 17:35:22 +02:00
Petr Viktorin
f742520760 Add man pages for testing tools
Add man pages for ipa-run-tests, ipa-test-task, and ipa-test-config.

https://fedorahosted.org/freeipa/ticket/3855 (part 5)
2013-08-29 15:18:34 +02:00
Martin Kosek
b9ec4d1a67 Prevent *.pyo and *.pyc multilib problems
Differences in the python byte code fails in a build validation
(rpmdiff) done on difference architecture of the same package.

This patch:
 1) Ensures that timestamps of generated *.pyo and *.pyc files match
 2) Python integer literals greater or equal 2^32 and lower than 2^64
    are converted to long right away to prevent different type of
    the integer on architectures with different size of int

https://fedorahosted.org/freeipa/ticket/3858
2013-08-13 15:31:46 +02:00
Petr Viktorin
c60142efda Make an ipa-tests package
Rename the 'tests' directory to 'ipa-tests', and create an ipa-tests RPM
containing the test suite

Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
2013-06-17 19:22:50 +02:00
Martin Kosek
ad6abdb576 Drop SELinux subpackage
All SELinux policy needed by FreeIPA server is now part of the global
system SELinux policy which makes the subpackage redundant and slowing
down the installation. This patch drops it.

https://fedorahosted.org/freeipa/ticket/3683
https://fedorahosted.org/freeipa/ticket/3684
2013-06-17 17:35:37 +02:00
Petr Viktorin
8897b51814 Remove leading zero from IPA_NUM_VERSION
The numeric IPA_NUM_VERSION contained a leading zero, so it was treated
as octal value in Python code instead of decimal.

https://fedorahosted.org/freeipa/ticket/3622
2013-05-14 18:49:05 +02:00
Petr Viktorin
9125285a05 Use two digits for each part of NUM_VERSION
https://fedorahosted.org/freeipa/ticket/3545
2013-04-19 10:55:05 -04:00
Petr Vobornik
c71937fc0c Updated makefiles to build FreeIPA Web UI layer
Updated makefiles to comply to new directory structure and also to use builder
for building Web UI.

FreeIPA package spec is modified to use the output of the builder.

https://fedorahosted.org/freeipa/ticket/112
2013-01-18 15:10:37 +01:00
Lynn Root
9ee8e11164 Added the ability to do Beta versioning
The VERSION file and Makefile now handles beta versioning when given an argument.

Ticket: https://fedorahosted.org/freeipa/ticket/2893
2012-12-11 11:02:11 +01:00
Martin Kosek
abbecf450f Fix python Requires in Fedora 17 build
When python's distutils build process prepares python scripts, it use
current Python interpreter in an updated shebang for python scripts.
Since Makefile did not use absolute path to python interpreter, it
may be translated to "/bin/python" in Fedora 17 which is then taken
by rpmbuild as freeipa-admintools dependency. This can break of F-17
python package which provides just "/usr/bin/python"

This patch updates Makefile to use a correct absolute path to python
interpreter which is then filled to freeipa scripts shebang and rpm
Requires list. The value is taken from RPM __python macro so that
we do not hardcode it.

https://fedorahosted.org/freeipa/ticket/2727
2012-05-15 10:43:39 +02:00
John Dennis
81c65ee0b2 validate i18n strings when running "make lint"
* Add bootstrap-autogen depdenency to lint target to force
  generated files to be created.

* Add validate-src-strings to lint rules

* Add validate-src-strings as dependency to lint targett

* Remove obsolete test_lang frm test target

* Add diagnostic message to validation command in i18n.py
  that outputs how many objects were scanned. Formerly it only
  output a message if there were errors. This made it impossible to
  distinguish an empty file from one with no errors.

* While adding the validation counts it was discovered plurals had
  been omitted for some of the validation checks. Added the missing
  checks for plural forms.

* Also distinguished between errors and warnings. Permit warnings to
  be emitted but do not fail the validatition unless actual errors
  were also detected.
2012-04-26 13:53:37 +02:00
John Dennis
2403545163 Remove old RPMROOT contents before it is used for rpmbuild 2011-12-09 10:03:41 +01:00
John Dennis
90b1c6b1b3 ticket 2172 - If "make rpms" fails so will the next make
If "make rpms" fails it doesn't clean up the rpmbuild directory it created.
The next make-lint will also fail because it finds files under rpmbuild.
make-lint is invoked by "make rpms", a vicous cycle.

The patch contains two sets of changes

Include "rpmbuild" in the IGNORE_PATHS list of make-lint.

Fix the Makefile to use $(RPMBUILD) consistently, there were a number
of hardcoded uses of "rpmbuild" as a direcotry.
2011-12-08 08:33:00 +01:00
Alexander Bokovoy
534ca86b69 Create directories for client install
When ``make client-install`` is called, create /etc/ipa and
/var/lib/ipa-client/sysrestore directories required for successful use of
ipa-client-install.

Do it only if DESTDIR is set to help packagers to notice that these
directories have to exist

https://fedorahosted.org/freeipa/ticket/1849
2011-11-16 19:58:18 -05:00
Alexander Bokovoy
25d5d7ed93 Add support for systemd environments and use it to support Fedora 16
https://fedorahosted.org/freeipa/ticket/1192
2011-10-24 15:10:11 +02:00
Alexander Bokovoy
1362202653 Introduce platform-specific adaptation for services used by FreeIPA.
Refactor FreeIPA code to allow abstracting all calls to external processes and
dependencies on modification of system-wide configuration. A platform provider
would give its own implementation of those methods and FreeIPA would use it
based on what's built in packaging process.

https://fedorahosted.org/freeipa/ticket/1605
2011-09-13 11:25:58 +02:00
Martin Kosek
f2df2a6954 Multi-process build problems
Fix a problem when a target missed a version-update requirement.
This caused build problems, especially in a parallel build
environment.

https://fedorahosted.org/freeipa/ticket/1215
2011-06-19 20:28:51 -04:00
Rob Crittenden
a2a3782efb Require an imported certificate's issuer to match our issuer.
The goal is to not import foreign certificates.

This caused a bunch of tests to fail because we had a hardcoded server
certificate. Instead a developer will need to run make-testcert to
create a server certificate generated by the local CA to test against.

ticket 1134
2011-06-16 19:27:17 -04:00
Jan Cholasta
88353edcb1 Run lint during each build.
ticket 1180
2011-05-05 11:52:45 +02:00
Jan Cholasta
fb329bc8b0 Add lint script for static code analysis.
ticket 867
2011-04-13 15:43:47 +02:00
Jan Zeleny
24a582304f Rename package to freeipa
https://fedorahosted.org/freeipa/ticket/581
2011-01-25 14:18:18 -05:00
Rob Crittenden
c69d8084c1 Add API version and have server reject incompatible clients.
This patch contains 2 parts.

The first part is a small utility to create and validate the current
API. To do this it needs to load ipalib which on a fresh system
introduces a few problems, namely that it relies on a python plugin
to set the default encoding to utf8. For our purposes we can skip that.
It is also important that any optional plugins be loadable so the
API can be examined.

The second part is a version exchange between the client and server.
The version has a major and a minor version. The major verion is
updated whenever existing API changes. The minor version is updated when
new API is added. A request will be rejected if either the major versions
don't match or if the client major version is higher than then server
major version (though by implication new API would return a command not
found if allowed to proceed).

To determine the API version of the server from a client use the ping
command.

ticket 584
2011-01-14 14:26:22 -05:00
Simo Sorce
7ee490e35c Remove radius options completely.
This has been completely abandoned since ipa v1 and is not built by default.
Instead of carrying dead weight, let's remove it for now.

Fixes: https://fedorahosted.org/freeipa/ticket/761
2011-01-14 14:06:56 -05:00
Rob Crittenden
09fb073e82 Replication version checking.
Whenever we upgrade IPA such that any data incompatibilities might occur
then we need to bump the DATA_VERSION value so that data will not
replicate to other servers. The idea is that you can do an in-place
upgrade of each IPA server and the different versions own't pollute
each other with bad data.
2010-06-24 10:33:53 -04:00
Rob Crittenden
ebab635250 Drop --with-openldap option in the client. This is no longer optional. 2010-06-21 09:52:11 -04:00
Rob Crittenden
017913a613 Use more traditional make notation to build the test language 2010-04-16 10:58:48 -04:00
John Dennis
5b9d1ee180 Add gettext translation test using test language. 2010-04-16 10:56:48 -04:00
rcrit
3998078461 Fix the client and client-rpms make targets 2010-03-19 07:57:55 -06:00
Rob Crittenden
a3a0c0ae33 Add a separate client-only target 2009-10-17 22:56:47 -06:00
Rob Crittenden
d0587cbdd5 Enrollment for a host in an IPA domain
This will create a host service principal and may create a host entry (for
admins).  A keytab will be generated, by default in /etc/krb5.keytab
If no kerberos credentails are available then enrollment over LDAPS is used
if a password is provided.

This change requires that openldap be used as our C LDAP client. It is much
easier to do SSL using openldap than mozldap (no certdb required). Otherwise
we'd have to write a slew of extra code to create a temporary cert database,
import the CA cert, ...
2009-09-24 17:45:49 -06:00
Rob Crittenden
1dd85475fc Added Rob's 'srpms' make target 2009-05-11 15:38:07 -04:00
Rob Crittenden
c25181be57 Don't build radius by default 2009-03-04 15:40:06 -05:00
Rob Crittenden
262ff2d731 Rename ipa-python directory to ipapython so it is a real python library
We used to install it as ipa, now installing it as ipapython. The rpm
is still ipa-python.
2009-02-09 14:35:15 -05:00
Rob Crittenden
e2bcdabbc0 Remove the temporary tree used during rpmbuild when finished 2009-02-05 09:32:23 -05:00
Rob Crittenden
240fb938d2 Complete consolidation into a single autogen.sh 2009-02-04 09:04:26 -05:00
Rob Crittenden
98d4644bff Fix remaining issues with XML-RPC test cases
Tied the make-test script into the test target of the top-level Makefile
Added code to xmlrpc_test.py so that it configures the API if it isn't
already done which enables individual tests to be executed.
2009-02-04 09:03:40 -05:00
Rob Crittenden
2d7e0de5ea Get merged tree into an installalble state.
I have only tested the all, rpms and *clean targets directly.
install may work but the rpm moves a lot of things around for us.

The Apache configuration file isn't in its final state but it works
with the new mod_python configuration.
2009-02-03 15:29:20 -05:00
Simo Sorce
afad6d96ae apparently the "configure" target is never used 2008-08-13 15:57:28 -04:00
Simo Sorce
9648da8f5f Fix versioning for configure.ac and ipa-python/setup.py
Fix make maintainer-clean

Also make RPM naming consistent by using a temp RELEASE file.
This one helps when testing builds using rpms.
Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...)

Version 1.1.0 was released some times ago, bump up to 1.1.1
2008-08-11 18:31:05 -04:00
Simo Sorce
2dc64eddd4 Fix make all 2008-06-16 14:28:41 -04:00
Rob Crittenden
c58b7a3d7c Move version.py to the common ipa directory instead of being server-based so it can be used by the client tool.
Fix the client tool imports to fail more gracefully.
2008-06-03 22:39:11 -04:00
Simo Sorce
8fb4809465 Use openldap libraries by default as mozldap libs seem to break
ldap_extended_operation() somehow and ipa_kpasswd stops working
2008-05-29 09:43:28 -04:00
Rob Crittenden
9fe649b804 Convert mercurial command to git equivalent for creating an archive.
By default it will use the master branch of the repo this is run from.
To specify a different branch use the argument TARGET=<branch>

e.g. make dist TARGET=ipa-1-0

442419
2008-05-09 11:09:49 -04:00
Rob Crittenden
bd9dea888d Add a version API to the server so it knows what version it is.
435019
2008-05-08 13:01:27 -04:00