[Freeipa-devel] [PATCHES] 59-65 SSH public key management

Rob Crittenden rcritten at redhat.com
Wed Feb 8 03:23:55 UTC 2012 

Jan Cholasta wrote:
> Dne 7.2.2012 00:04, Rob Crittenden napsal(a):
>> Jan Cholasta wrote:
>>> Updated & rebased the patches.
>>>
>>> I have also attached a patch that Rob made:
>>>
>>>
>>> [PATCH] Don't use sets when calculating the modlist so order is
>>> preserved.
>>>
>>> This is for the LDAP updater in particular. When adding new schema order
>>> can be important when one objectclass depends on another via SUP.
>>>
>>>
>>> Without this patch updates won't work.
>>>
>>> Dne 25.1.2012 17:19, Rob Crittenden napsal(a):
>>>>>>
>>>>>> Patch 61 you can drop the md5 and sha1 imports and import them from
>>>>>> ipalib.compat instead.
>>>>>
>>>>> Is this OK in ipapython?
>>>>
>>>> It should be, ipa-python and ipalib should be packaged together so I
>>>> think it is safe.
>>>
>>> Turns out this change breaks ipa-upgradeconfig.
>>
>> The problem is the package initializer, ipalib/__init__.py. Just
>> importing ipalib.compat also imports a bunch of other stuff.
>>
>> I wonder if moving the decode function to ipalib.util would resolve
>> this. I'm not a big fan of duplicating that import code.
>
> I have created a patch that moves compat.py to ipapython - IMO ipapython
> is the right place for such module.
>
>>
>> Otherwise this works ok. I tested in the ipa-2-2 branch so had to do a
>> couple of merges, not sure if this applies cleanly to current master or
>> not.
>>
>> rob
>
> I have rebased the patches on top of current master and added patch 68,
> which moves the compat module. See attachments.
>
> Honza
>

Found a couple more issues. I think these will be the last.

Patch 61: --updatedns should be mentioned in the help docs at top, 
perhaps with an example

Patch 61: there is an unused import base64 in util.py

Patch 62: need a failsafe to remove CCACHE_FILE in case something goes 
wrong. I should note too that this won't work on platforms prior to 
Python 2.6 (RHEL-5 is one). This is fine, just means host keys won't be 
automatically updated.

Lots of tests fail, this patch fixes them:

diff --git a/tests/test_xmlrpc/objectclasses.py 
b/tests/test_xmlrpc/objectclasse
s.py
index cdcc642..346d52c 100644
--- a/tests/test_xmlrpc/objectclasses.py
+++ b/tests/test_xmlrpc/objectclasses.py
@@ -31,6 +31,8 @@ user_base = [
      u'krbprincipalaux',
      u'krbticketpolicyaux',
      u'ipaobject',
+    u'ipasshuser',
+    u'ipaSshGroupOfPubKeys',
  ]

  user = user_base + [u'mepOriginEntry']
@@ -44,6 +46,8 @@ group = [
  ]

  host = [
+    u'ipasshhost',
+    u'ipaSshGroupOfPubKeys',
      u'ieee802device',
      u'ipaobject',
      u'nshost',

rob

More information about the Freeipa-devel mailing list