Bug 1474886

Summary: Missing /etc/crypto-policies/back-ends/krb5.config in crypto-policies-20170606-2.git7c32281.fc27 does not provide
Product: [Fedora] Fedora Reporter: Lukas Slebodnik <lslebodn>
Component: crypto-policiesAssignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: nmavrogi
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-25 15:54:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Slebodnik 2017-07-25 14:55:27 UTC 
Description of problem:
The latest update of crypto-policies in rawhide broke sssd unit test.
We already discussed it in different bugzilla ticket which I cannot quickly find.

IMHO symbolic link /etc/krb5.conf.d/crypto-policies in krb5-libs to file generated in crypto-policies /etc/crypto-policies/back-ends/krb5.config is quite from ideal solution. Because broken symbolic link basically disable all krb5 features.

I would appreciate if crypto-policies could be fixed in rawhide. So we can build sssd. (I would like to avoid disabling unit-test due to issues in other package)

<mock-chroot> sh-4.4# rpm -q crypto-policies
crypto-policies-20170606-2.git7c32281.fc27.noarch
<mock-chroot> sh-4.4# ls -l /etc/crypto-policies/back-ends/
total 0 

Version-Release number of selected component (if applicable):
sh# rpm -q crypto-policies
crypto-policies-20170606-2.git7c32281.fc27.noarch

How reproducible:
Quite often in koji

https://koji.fedoraproject.org/koji/taskinfo?taskID=20723443
https://koji.fedoraproject.org/koji/taskinfo?taskID=20722446

Additional info:
We can see scriptlet erros in root.log for failed builds.
https://kojipkgs.fedoraproject.org//work/tasks/2462/20722462/root.log

DEBUG util.py:439:  warning: /etc/hosts created as /etc/hosts.rpmnew
DEBUG util.py:439:  /usr/bin/update-crypto-policies: line 56: cat: command not found
DEBUG util.py:439:  /usr/bin/update-crypto-policies: line 66: cat: command not found
DEBUG util.py:439:  warning: %post(crypto-policies-20170606-2.git7c32281.fc27.noarch) scriptlet failed, exit status 1


An I can see in root.log that crypt-policies were installed before coreutils
DEBUG util.py:439:  cpio-2.12-4.fc26.i686
DEBUG util.py:439:  libatomic-7.1.1-6.fc27.i686
DEBUG util.py:439:  libmpx-7.1.1-6.fc27.i686
DEBUG util.py:439:  crypto-policies-20170606-2.git7c32281.fc27.noarch
DEBUG util.py:439:  coreutils-8.27-10.fc27.i686
DEBUG util.py:439:  libmount-2.30.1-1.fc27.i686
DEBUG util.py:439:  cracklib-2.9.6-5.fc26.i686
DEBUG util.py:439:  pam-1.3.0-3.fc27.i686

I assume there are missing "Requires(post)" for dome dependencies used in /usr/bin/update-crypto-policies

sh$ rpm -q --scripts crypto-policies
postinstall scriptlet (using /bin/sh):
/usr/bin/update-crypto-policies --no-check >/dev/null
Comment 1 Nikos Mavrogiannopoulos 2017-07-25 15:54:29 UTC 

*** This bug has been marked as a duplicate of bug 1474757 ***