IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
10,566 Commits 11 Branches 60 Tags
bb5d3f702d243d2a804bfaa50f825366cbfc2cc4
Commit Graph

10566 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Timo Aaltonen
bb5d3f702d fix-match-hostname.diff, control: Drop the patch and python-openssl deps, not needed anymore 2015-10-03 09:01:03 +03:00
Timo Aaltonen
fddbb15428 update the changelog 2015-10-03 08:57:09 +03:00
Timo Aaltonen
b8a9350a1c Merge tag 'release-4-2-1' into master-next-exp 
tagging IPAv4 4.2.1
 2015-10-03 08:56:14 +03:00
Timo Aaltonen
cae5fe17e6 Merge branch 'master-next' into master-next-exp 2015-10-03 08:55:34 +03:00
Timo Aaltonen
2c1bb40f78 releasing package freeipa version 4.1.4-1 debian/4.1.4-1 2015-09-25 14:25:50 +03:00
Timo Aaltonen
e4390c363e server.postrm: Clean logs on purge and disable apache modules on remove/purge. 2015-09-25 13:19:05 +03:00
Timo Aaltonen
a59df18572 server.postinst: Run upgraders only if IPA is configured 2015-09-25 12:42:26 +03:00
Timo Aaltonen
d1f383fe85 Add some verbosity to server postinst 2015-09-25 07:06:28 +03:00
Timo Aaltonen
cca5d0e90f begone, dnssec 2015-09-25 06:50:59 +03:00
Timo Aaltonen
e968c1e166 Revert DNSSEC changes to schema and ACI, makes upgrade tools fail. 2015-09-25 06:31:31 +03:00
Timo Aaltonen
9e9d3f909f Merge branch 'master' into master-next 2015-09-24 23:33:40 +03:00
Timo Aaltonen
6a2bcdb46a releasing package freeipa version 4.0.5-6 debian/4.0.5-6 2015-09-24 23:22:44 +03:00
Timo Aaltonen
fcf048153b Rebuild against current krb5, there was an abi break which broke at least the setup phase. 2015-09-24 23:21:35 +03:00
Timo Aaltonen
c015bbd52c client.postrm: make rmdir non-fatal 2015-09-24 19:14:37 +03:00
Timo Aaltonen
1164026eb2 server.postinst: Run ipa-ldap-updater and ipa-upgradeconfig on postinst. 2015-09-24 17:59:36 +03:00
Timo Aaltonen
0d344d09d8 disable dnssec some more 2015-09-24 17:34:13 +03:00
Timo Aaltonen
f3f8f667b1 close a few bugs on LP 2015-09-24 16:38:33 +03:00
Timo Aaltonen
c4c3b940cf platform, disable-dnssec-support.patch: Fix named.conf template. 2015-09-24 13:27:23 +03:00
Timo Aaltonen
4c57292ec7 platform: Add DebianNamedService. 2015-09-24 13:22:19 +03:00
Timo Aaltonen
44a774c3cb freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling. 2015-09-24 11:31:48 +03:00
Timo Aaltonen
75fd43a8ef control: Bump python-nss depends. 2015-09-24 05:57:51 +03:00
Timo Aaltonen
b2bc83332c control: Bump certmonger depends. 2015-09-24 05:51:36 +03:00
Timo Aaltonen
26e6614bbd bump sssd dependencies 2015-09-24 05:45:01 +03:00
Timo Aaltonen
560b11f44a control: Server needs newer python-ldap, bump build-dep too. 2015-09-24 05:33:56 +03:00
Timo Aaltonen
70ea426d96 control: Drop dogtag-pki-server-theme from server depends, it's not needed. 2015-09-24 05:08:33 +03:00
Timo Aaltonen
b94a04aafd control: Bump 389-ds-base, pki-ca depends. 2015-09-24 05:08:00 +03:00
Timo Aaltonen
868b5eaa20 control: Bump Depends on slapi-nis for CVE fixes. 2015-09-24 05:02:49 +03:00
Timo Aaltonen
3b6b7f287a wrap-and-sort -s 2015-09-24 04:52:32 +03:00
Timo Aaltonen
ac78bc5dbd freeipa-{server,client}.install: Add new files. 2015-09-24 04:51:14 +03:00
Petr Vobornik
60fe517c9b Become IPA 4.2.1 2015-09-07 18:11:57 +02:00
Endi S. Dewata
3973da56d3 Using LDAPI to setup CA and KRA agents. 
The CA and KRA installation code has been modified to use LDAPI
to create the CA and KRA agents directly in the CA and KRA
database. This way it's no longer necessary to use the Directory
Manager password or CA and KRA admin certificate.

https://fedorahosted.org/freeipa/ticket/5257

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-09-07 18:01:13 +02:00
Timo Aaltonen
8b6c61b1a1 control: Add libsofthsm2-dev to build-depends and softhsm2 to server depends. 2015-09-05 07:06:18 +03:00
Timo Aaltonen
b20b4e6832 control Add gnupg-agent to python-freeipa depends, and change gnupg to gnupg2. (LP: #1492184) 2015-09-05 06:52:02 +03:00
Jan Cholasta
fa1529779d ldap: Make ldap2 connection management thread-safe again 
This fixes the connection code in LDAPClient to not store the LDAP connection
in an attribute of the object, which in combination with ldap2's per-thread
connections lead to race conditions resulting in connection failures. ldap2
code was updated accordingly.

https://fedorahosted.org/freeipa/ticket/5268

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-09-04 13:32:22 +02:00
Timo Aaltonen
975dfdd861 control: Add gnupg-agent to python-freeipa depends, and change gnupg to gnupg2. 2015-09-03 22:21:26 +03:00
Petr Spacek
5ad806ecf8 DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5. 
https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-09-03 18:22:53 +02:00
Petr Spacek
73058caa62 DNSSEC: Fix key metadata export 
Incorrect SQL join condition could lead to situation where metadata from
ZSK and KSK were interchanged.

https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
 2015-09-03 18:20:36 +02:00
Petr Spacek
e1101c22f6 DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC key master 
https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
 2015-09-03 18:20:36 +02:00
Petr Spacek
87c494593e DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction 
https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
 2015-09-03 18:20:36 +02:00
Petr Spacek
f8c637d95d DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart 
It might happen that systemd will restart the service even if there is
no incomming connection to service socket. In that case we want to exit
because HSM synchronization is done before socket.accept() and we want
to synchronize HSM and DNS zones at the same time.

https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
 2015-09-03 18:20:36 +02:00
Martin Basti
8767fff853 DNSSEC: remove ccache and keytab of ipa-ods-exporter 
Reusing old ccache after reinstall causes authentication error. And
prevents DNSSEC from working.

Related to ticket: https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-09-03 18:18:25 +02:00
Martin Basti
a007a15e2e DNSSEC: backup and restore opendnssec zone list file 
When zone list is not restored after unninstall, this may slow down
enbaling DNSSEC signing for zones and print unwanted
errors into log after new installation.

Related to: https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-09-03 18:18:25 +02:00
Martin Basti
af10e865f7 Installer: do not modify /etc/hosts before user agreement 
https://fedorahosted.org/freeipa/ticket/4561

As side effect this also fixes:
https://fedorahosted.org/freeipa/ticket/5266

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-09-03 16:02:19 +02:00
Fraser Tweedale
b7386dc985 certprofile: remove 'rename' option 
The initial fix of ticket 5247 rejected renames, but left the option
behind for API compatibility.  Remove the option now, according to
the consensus that because it never worked, it is fine to remove it.

Fixes: https://fedorahosted.org/freeipa/ticket/5247
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2015-09-02 13:47:48 +02:00
Martin Basti
e6a018276b Backup: back up the hosts file 
https://fedorahosted.org/freeipa/ticket/5275

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-09-02 13:21:02 +02:00
Martin Basti
cdad393413 DNSSEC: remove "DNSSEC is experimental" warnings 
https://fedorahosted.org/freeipa/ticket/5265

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-09-02 10:26:42 +02:00
Rob Crittenden
30cfae7823 Use %license instead of %doc for packaging the license 
https://fedorahosted.org/freeipa/ticket/5227

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-08-31 13:28:54 +02:00
Jan Cholasta
cea6636262 cert renewal: Automatically update KRA agent PEM file 
https://fedorahosted.org/freeipa/ticket/5253

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2015-08-27 15:53:42 +02:00
Jan Cholasta
a3310c3b51 cert renewal: Include KRA users in Dogtag LDAP update 
https://fedorahosted.org/freeipa/ticket/5253

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2015-08-27 15:53:42 +02:00
Lenka Doudova
f5dcb03a1c Fix user tracker to reflect new user-del message 
Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-08-27 12:24:23 +02:00