[Freeipa-devel] [PATCH] 6 - Dogtag DRM -IPA plugin

Thu May 29 15:15:58 UTC 2014

Petr Viktorin wrote:
> On 05/28/2014 08:48 AM, Fraser Tweedale wrote:
>> On Tue, May 27, 2014 at 05:57:40PM -0400, Ade Lee wrote:
>>> There have been a couple of changes in the Dogtag interface, that
>>> require some changes in the IPA patches.  Also, I had to add back a
>>> function in order to rebase to the latest IPA code.
>>>
>>> Most are the patches are as before, attached to this email by default.
>>>
>>> The latest Dogtag 10.2 build with the relevant changes needed to work
>>> with these patches is at:
>>> http://copr.fedoraproject.org/coprs/vakwetu/dogtag/
>>>
>>> Ade
>>>
>>
>> ACK.
>>
>> ipa-server-install worked fine for me, and the formatting changes
>> seem good.  Patch 0003 did not apply cleanly on master (due to minor
>> conflict in 71c6d2f:installutils.py); an updated patch 0003 is
>> attached.
> 
> Hello,
> If you do a rebase, could you attach all the patches again?
> I don't have the Git objects that result from the original patch, so
> `git am` fails on the later patches:
> 
> $ git am -3 *.patch
> Applying: Add a DRM to IPA
> Applying: Added ipa-drm-install
> Applying: Fix various pep 8 issues and comments from review
> Applying: Added nolog to pkispawn and some additional fixes from review.
> Applying: Added dogtag plugin for DRM
> Applying: set drm to not install by default with ipa-server-install
> Applying: Allow ipa-replica-install to be used for installing replicas
> error: invalid object 100755 0385a823baa971b0e08d1d93d7409b7a7716e33b
> for 'install/tools/ipa-replica-install'
> fatal: git-write-tree: error building trees
> Repository lacks necessary blobs to fall back on 3-way merge.
> Cannot fall back to three-way merge.
> Patch failed at 0007 Allow ipa-replica-install to be used for installing
> replicas
> The copy of the patch that failed is found in:
>    /home/pviktori/freeipa/.git/rebase-apply/patch
> When you have resolved this problem, run "git am --continue".
> If you prefer to skip this patch, run "git am --skip" instead.
> To restore the original branch and stop patching, run "git am --abort".
> 

I needed to rebase patche 9 as well as it contained a duplicate
function, check_entropy. No need to rebase it again yet as we have to
wait to push these until after a future branch anyway.

Speaking of patch 9, it appears to be all formatting and spelling fixes,
not all related to the DRM. Patch 4 does similar work. If we're going to
commit these all separately anyway, is it worthwhile to combine these
two? Something (or someone) is mighty picky about thru vs through too :-)

The DRM patches should all have a ticket referenced. At a minimum the
first one (0002 in this case).

I think 0007 can be rebased into an existing patch unless we want to
record in history that the default stance changed.

Found a place that needs a change. The script
install/restart_scripts/renew_ca_cert handles fixing the trust on the
audit cert after renewal. This needs to update the DRM audit cert trust
as well. Be aware that Honza is making significant changes to this area.

Otherwise looks ok to me. I'm not super-firm on squashing some of the
patches, I just don't know what historical benefit might be gained from
keeping them separate.

rob