samba.git/python/samba/gp, branch talloc-2.4.2 Unnamed repository; edit this file 'description' to name the repository. python:gp: Improve working of log messages to avoid confusion 2024-01-29T10:37:29+00:00 Andreas Schneider asn@samba.org 2024-01-22T14:46:24+00:00 1f823424418e814d9dc0785658e2a7d92643dab2 We should not use the word "Failed". We are totally fine if we can't connect to NDES in the meantime. This logs: Try to get root or server certificates. Unable to install root certificates (requires NDES). Installing the server certificate only. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 29 10:37:29 UTC 2024 on atb-devel-224 
We should not use the word "Failed". We are totally fine if we can't
connect to NDES in the meantime. This logs:

Try to get root or server certificates.
Unable to install root certificates (requires NDES).
Installing the server certificate only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 29 10:37:29 UTC 2024 on atb-devel-224
python:gp: Log an error if update fails 2024-01-29T09:32:46+00:00 Andreas Schneider asn@samba.org 2024-01-22T14:05:24+00:00 367756b85a9ac8daaac2326392bcd1373feed3b7 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 python:gp: Do not print an error if template already exists 2024-01-29T09:32:46+00:00 Andreas Schneider asn@samba.org 2024-01-22T14:05:02+00:00 98dc44286ea102ef7701ccdea26bbde32b523a7e We will get an exit status for duplicate in future: https://www.pagure.io/certmonger/issue/269 We can't really fix that right now, as older version of certmonger don't support the `-v` option. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 
We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 python:gp: Do not print an error, if CA already exists 2024-01-29T09:32:46+00:00 Andreas Schneider asn@samba.org 2024-01-22T14:04:36+00:00 728757cd1ff0465967fcbda100254c9312e87c93 We will get an exit status for duplicate in future: https://www.pagure.io/certmonger/issue/269 We can't really fix that right now, as older version of certmonger don't support the `-v` option. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 
We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 python:gp: Improve logging for certificate enrollment 2024-01-29T09:32:46+00:00 Andreas Schneider asn@samba.org 2024-01-22T13:07:47+00:00 6d5507e05050690cd4c56f3f97f5fb7de0338b87 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 python:gp: Avoid path check for cepces-submit 2024-01-29T09:32:46+00:00 Andreas Schneider asn@samba.org 2024-01-22T13:14:30+00:00 6a9630eff624643fd725219775784e68d967d04c find_cepces_submit() uses which(), which returns None if not found. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 
find_cepces_submit() uses which(), which returns None if not found.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
gp: Skip site GP list if no site is found 2024-01-23T11:20:35+00:00 David Mulder dmulder@samba.org 2024-01-05T15:47:07+00:00 f05b61b4991e7f51bd184d76a79f8b50114a0ff3 [MS-GPOL] 3.2.5.1.4 Site Search says if the site search returns ERROR_NO_SITENAME, the GP site search should be skipped. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548 Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jan 23 11:20:35 UTC 2024 on atb-devel-224 
[MS-GPOL] 3.2.5.1.4 Site Search says if the site
search returns ERROR_NO_SITENAME, the GP site
search should be skipped.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 11:20:35 UTC 2024 on atb-devel-224
gpo: Do not get templates list on first run 2024-01-22T16:48:57+00:00 Gabriel Nagy gabriel.nagy@canonical.com 2024-01-19T09:36:19+00:00 8579340fc540633c13c017d896034904a8dbd55c This is a visual fix and has no impact on functionality apart from cleaner log messages. The point of this is to get the list of supported templates in order to compute a diff between the current applied templates and the updated list, so we are able to unapply and reapply the policy in case there are differences. However this code path is executed on first applies as well, at which point the root CA is not yet set up. This causes the `get_supported_templates` call to fail, which is not a hard failure but still pollutes the logs. In this case it's safe to avoid executing the command as the policy will be applied regardless. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 22 16:48:57 UTC 2024 on atb-devel-224 
This is a visual fix and has no impact on functionality apart from
cleaner log messages.

The point of this is to get the list of supported templates in order to
compute a diff between the current applied templates and the updated
list, so we are able to unapply and reapply the policy in case there are
differences.

However this code path is executed on first applies as well, at which
point the root CA is not yet set up. This causes the
`get_supported_templates` call to fail, which is not a hard failure but
still pollutes the logs. In this case it's safe to avoid executing the
command as the policy will be applied regardless.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 22 16:48:57 UTC 2024 on atb-devel-224
gpo: Decode base64 root cert before importing 2024-01-22T15:41:36+00:00 Gabriel Nagy gabriel.nagy@canonical.com 2024-01-18T18:23:24+00:00 3f3ddfa699a33c2c8a59f7fb9ee044bb2a6e0e06 The reasoning behind this is described in the previous commit message, but essentially this should either be wrapped in certificate blocks and imported as PEM, or converted back to binary and imported as DER. I've opted for the latter since it's how it used to work before it regressed in 157335ee93e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557 Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
The reasoning behind this is described in the previous commit message,
but essentially this should either be wrapped in certificate blocks and
imported as PEM, or converted back to binary and imported as DER.

I've opted for the latter since it's how it used to work before it
regressed in 157335ee93e.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 python:gp: Print a nice message if cepces-submit can't be found 2024-01-10T09:54:34+00:00 Andreas Schneider asn@samba.org 2024-01-09T07:50:01+00:00 8eb42425a8eb1b30ca0e94dfc01d8175ae5cde4b BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jan 10 09:54:34 UTC 2024 on atb-devel-224 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 10 09:54:34 UTC 2024 on atb-devel-224