Red Hat Bugzilla – Bug 1308984
Add strict requires on crypto-policies
Last modified: 2016-02-21 11:24:23 EST
Description of problem:
There is a know issue with krb5 and inclusion of nonexistent files
BZ1274424. There is a workaround in fedora 23+ for issue with crypto-policies.
However the solution is not sufficient. Because old version of crypto-policies does not contain such file and therefore link can be broken.
And it's hard to explain someone that it's not enough to upgrade krb5-* to the latest version for fixing issues caused by broken symbolic link.
Therefore there shoudl be stricter requires on crypto-policies.
Version-Release number of selected component (if applicable):
sh$ rpm -qf /etc/krb5.conf.d/crypto-policies
The latest krb5-libs can be installed with old version of crypto-policies
sh$ rpm -q krb5-libs crypto-policies
sh$ file /etc/krb5.conf.d/crypto-policies
/etc/krb5.conf.d/crypto-policies: broken symbolic link to /etc/crypto-policies/back-ends/krb5.config
krb5-libs has strict requires for crypto-policies which contains file /etc/crypto-policies/back-ends/krb5.config
and therefore update of krb5-libs will require update of crypto-policies as well
and will prevent issues with broken symbolic link.
You might use
Requires: crypto-policies >= 20151104-1
sh$ rpm -q --whatprovides /etc/crypto-policies/back-ends/krb5.config
krb5-1.14-8.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8be51f14b
Fixed in rawhide as well.
krb5-1.14-8.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8be51f14b
krb5-1.14-8.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.