New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check ca_wrapped in ipa-custodia-check #5112
Conversation
c5685a5
to
0a00a93
Compare
7efd035
to
e4bd3ec
Compare
e4bd3ec
to
f0f18ce
Compare
742a61a
to
3e97a73
Compare
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
ipa-custodia-check is working for me locally again in enforcing mode. All certs were successfully checked. |
@fcami it looks ok to me, wanted to give you an opportunity to give it a second look. |
LGTM. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
test_ipa_custodia_check was moved around.
3e97a73
to
f822cc7
Compare
ca_wrapped uses Dogtag's pki tool (written in Java) to wrap key material. Add checks to custodia to verify that key wrapping works. Related: https://pagure.io/freeipa/issue/8488 Signed-off-by: Christian Heimes <cheimes@redhat.com>
ipa-custodia tests will fail if the ipa.pp override module from freeipa-selinux is not correctly installed, loaded, and enabled. Signed-off-by: Christian Heimes <cheimes@redhat.com>
f822cc7
to
6e62409
Compare
ACK, thanks for this @tiran |
ca_wrapped uses Dogtag's pki tool (written in Java) to wrap key
material. Add checks to custodia to verify that key wrapping works.
Signed-off-by: Christian Heimes cheimes@redhat.com