August 2015 - Pki-devel - Dogtag Pki List Archives

[PATCH] Ticket 1566 on HSM, non-CA subystem installations failing, while trying to join security domain

by Christina Fu

this patch is to address: https://fedorahosted.org/pki/ticket/1566 non-CA subystem installations failing while trying to join security domain Please note that the two TLS_RSA ciphers have been left under ecc for installation in place of the TLS_ECDHE_RSA ones. thanks, Christina

8 years, 8 months

2
2
0 / 0

[PATCH 040] Silence no-name-in-module error

by Christian Heimes

Endi has found a problem with F21: http://www.fpaste.org/256300/08336143/ . The attached patch silences the pylint warning. Some versions of pylint complain about six's moves magic: No name 'urllib' in module '_MovedItems' (no-name-in-module)

8 years, 8 months

2
2
0 / 0

[PATCH 039] Unit tests for upgraders and pki.crypto

by Christian Heimes

The new unit test import files like deployment scriptlets and upgrade scriptlets that were not executed in tests before. The basic operations of pki.crypto are also covered.

8 years, 8 months

1
0
0 / 0

[PATCH 035-038] Python 3 compatibility

by Christian Heimes

Hi, the second large patch makes the code work on Python 3.4. It mostly fixes a couple of str/bytes related issues. With the patches I'm able to pkispawn a CA, KRA and OCSP with Python 3.4. Christian

8 years, 8 months

2
1
0 / 0

[PATCH 024-034] Python 3 modernizations

by Christian Heimes

Hello, this patch set replaces patch 22 and 23. The patches 24 to 31 are the same as the patches from my git fork https://github.com/tiran/pki/commits/modernize. I just have squashed some related patches into one patch and added long descriptions. Patch 32 is the same as patch 23 Patch 33 also fixes a second occurrence of 'import seobject'. Patch 34 addresses Ade's request to use six.moves and fixes Endi's pylint warnings. Christian

8 years, 8 months

2
1
0 / 0

Dogtag PKI is Python 3.4 compatible (mostly)

by Christian Heimes

Hello, Good news everybody! I got Dogtag's Python code working under Python 3.4. With my patches 24-38 I'm able to run pkispawn and pkidestroy under Python 2.7 and 3.4 from the same code base. I was able to spawn a CA, KRA and OCSP responder with Python 3.4 successfully. There is still much work to do, though. I have neither tested the PKI client API nor the upgrade framework. I also suspect problems with non-ASCII paths and internationalized domain names. Packaging has to be addressed, too. I like to thank John and Miro for their hard work on Python 3 ports of NSS and pyldap. How to test under Python 3.4 ---------------------------- Install Python 3 versions of Python dependencies: # dnf install python3-lxml python3-sphinx python3-requests python3-six libselinux-python3 policycoreutils3-python Install build dependencies for pyldap and python-nss # dnf install python-dnf-plugins-core python3-pip python-tox # dnf builddep python-nss # dnf builddep python-ldap You also have to disable SELinux enforcement because seobject is missing: # setenforce 0 Now you can use a tox virtual env to install the dependencies and test the Python 3 port $ tox -e py34 (ignore the error) $ .tox/py34/bin/pip3.4 install pyldap $ .tox/py34/bin/pip3.4 install hg+https://fedorapeople.org/~jdennis/python-nss/repos/python-nss/ # .tox/py34/bin/python3.4 .tox/py34/bin/pkispawn Christian

8 years, 8 months

1
0
0 / 0

Karma Request for Dogtag 10.2.6 in Fedora 22 & 23

by Matthew Harmsen

Everyone, Please provide Karma for the following Dogtag 10.2.6 packages for Fedora 22: * dogtag-pki-theme-10.2.6-1.fc22 <https://admin.fedoraproject.org/updates/dogtag-pki-theme-10.2.6-1.fc22> * pki-core-10.2.6-1.fc22 <https://admin.fedoraproject.org/updates/pki-core-10.2.6-1.fc22> * pki-core-10.2.6-2.fc22 <https://admin.fedoraproject.org/updates/pki-core-10.2.6-2.fc22> * pki-core-10.2.6-4.fc22 <https://admin.fedoraproject.org/updates/pki-core-10.2.6-4.fc22> * pki-core-10.2.6-5.fc22 <http://koji.fedoraproject.org/koji/buildinfo?buildID=676279> * *pki-core-10.2.6-6.fc22 <https://admin.fedoraproject.org/updates/pki-core-10.2.6-6.fc22> * * pki-console-10.2.6-1.fc22 <https://admin.fedoraproject.org/updates/pki-console-10.2.6-1.fc22> * dogtag-pki-10.2.6-1.fc22 <https://admin.fedoraproject.org/updates/dogtag-pki-10.2.6-1.fc22> and for Fedora 23: * pki-core-10.2.6-5.fc23 <http://koji.fedoraproject.org/koji/buildinfo?buildID=676280> * *pki-core-10.2.6-6.fc23 <https://admin.fedoraproject.org/updates/pki-core-10.2.6-6.fc23> * Thanks, -- Matt

8 years, 8 months

1
0
0 / 0

[PATCH 022] Modernize for Python 3 support

by Christian Heimes

One big step for Python 3 support. With this patch and manual installation of pyldap and nss, pki can be imported under Python 3.4. The code doesn't run properly yet, though. Run python-modernize fixers: libmodernize.fixes.fix_import libmodernize.fixes.fix_print libmodernize.fixes.fix_input_six libmodernize.fixes.fix_xrange_six lib2to3.fixes.fix_execfile libmodernize.fixes.fix_metaclass libmodernize.fixes.fix_unicode_type libmodernize.fixes.fix_dict_six Add more from __future__ import absolute_import Manually fix import problems with either six.moves or manual try/except ImportError blocks. Remove Exception.message attribute access. Add a workaround for policycoreutils-python3. It lacks sepolgen on Fedora 22. Test pep8 and lint on Python 3 with tox.

8 years, 8 months

3
5
0 / 0

[PATCH] Ticket #1556 Weak HTTPS TLS ciphers

by Christina Fu

(this patch overrides the preliminary one sent out yesterday) https://fedorahosted.org/pki/ticket/1556 Please note that the cipher lists can be considered to be ack'ed by Bob Relyea as it incorporates feedback directly from him. All changes have been tested to work for both RSA and ECC servers. Ticket #1556 Weak HTTPS TLS ciphers This patch fixes the RSA ciphers that were mistakenly turned on under ECC section, and off under RSA section. A few adjustments have also been made based on Bob Relyea's feedback. A new file, <instance>/conf/ciphers.info was also created to 1. provide info on the ciphers 2. provide default rsa and ecc ciphers for admins to incorporate into earlier instances (as migration script might not be ideal due to possible customization) thanks, Christina

8 years, 8 months

2
2
0 / 0

[PATCH] pki-cfu-0096-Ticket-1556-Weak-HTTPS-TLS-ciphers.patch

by Christina Fu

This is a preliminary patch for: https://fedorahosted.org/pki/ticket/1556 Weak HTTPS TLS ciphers It is preliminary because I have to leave a couple RSA ciphers under the ECC option due to the fact that if we leave that out, the configuration will not be able to connect with the temporary ssl server cert. We could add code to remove those after the configuration, or we can leave it for a separate ticket. We can discuss tomorrow morning. thanks, Christina

8 years, 8 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel August 2015