Closed hillar closed 1 year ago
It is already in the images, see for example:
$ podman run --rm -ti --entrypoint rpm quay.io/freeipa/freeipa-server:fedora-38 -ql python3-ipaclient | grep ipa_epn.py
/usr/lib/python3.11/site-packages/ipaclient/install/ipa_epn.py
yeah, sorry just found it ;/
so as i understand only thin i am missing is https://github.com/freeipa/freeipa/blob/master/client/ipa-epn.in
That file does not seem to be packaged by any of the rpms in Fedora so you wouldn't get it on non-container installations either. If it is needed for anything, please work with the FreeIPA team to get it packaged and distributed -- it will then trickle down the the container images automatically.
@adelton it is freeipa-client-epn
.
@b447dbac4ae1 /]# dnf provides ipa-epn
Last metadata expiration check: 1:08:21 ago on Thu May 4 07:08:44 2023.
freeipa-client-epn-4.10.0-6.fc37.x86_64 : Tools to configure Expiring Password Notification in IPA
Repo : fedora
Matched from:
Filename : /usr/sbin/ipa-epn
freeipa-client-epn-4.10.1-1.fc37.x86_64 : Tools to configure Expiring Password Notification in IPA
Repo : updates
Matched from:
Filename : /usr/sbin/ipa-epn
that was inside
"ImageDigest": "sha256:86ae34efebfa3bc44e7420c7184c131f8ace1e797743a5d82cb38777e3593f27",
"ImageName": "docker.io/freeipa/freeipa-server:fedora-37",
Well, I was searching for
$ podman run --rm -ti registry.fedoraproject.org/fedora:38 dnf whatprovides '*/ipa-epn.in'
Fedora 38 - x86_64 7.7 MB/s | 83 MB 00:10
Fedora 38 openh264 (From Cisco) - x86_64 2.2 kB/s | 2.5 kB 00:01
Fedora Modular 38 - x86_64 1.9 MB/s | 2.8 MB 00:01
Fedora 38 - x86_64 - Updates 4.4 MB/s | 12 MB 00:02
Fedora Modular 38 - x86_64 - Updates 632 B/s | 257 B 00:00
Error: No matches found. If searching for a file, try specifying the full path or using a wildcard prefix ("*/") at the beginning.
:-)
I wonder what the functional expectation would be here and if this should indeed be part of the freeipa-server container, rather than being in a separate container. The name of the package having client in it suggests that this might be meant to be decoupled from the server.
From the technical point of view, the /etc/ipa/
is already a symlink to /data/etc/ipa/
in the freeipa-server container, so configuring epn.conf
should work, and so should enabling the timer in /data/etc/systemd/system/
.
@hillar @abbra Any opinion about including it in the FreeIPA server container image vs. having it in a separate (client) container?
@adelton If you have that separate container, then add there. If not, adding it to IPA server container probably wouldn't hurt much.
Makes sense. Thanks, added to master and to images based on recent OS versions.
please add Expiring Password Notification (EPN) tool