Bug 1564595 - Rename of /etc/crypto-policies/back-ends/opensshserver.config can cause /etc/crypto-policies/local.d parsing error
Summary: Rename of /etc/crypto-policies/back-ends/opensshserver.config can cause /etc/...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: crypto-policies
Version: 28
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Red Hat Crypto Team
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-06 17:34 UTC by Andrew
Modified: 2018-04-27 23:07 UTC (History)
3 users (show)

Fixed In Version: crypto-policies-20180425-1.git6ad4018.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-27 23:07:59 UTC
Type: Bug

Attachments (Terms of Use)
"diff -u" output to fix greedy local.d filename glob (566 bytes, patch)
2018-04-11 18:47 UTC, Andrew 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description Andrew 2018-04-06 17:34:02 UTC 
Description of problem:

The recent rename of /etc/crypto-policies/back-ends/openssh-server.config to "opensshserver.conf" can cause a (non-fatal) parsing error when running update-crypto-policies if "opensshserver-*.config" exists in /etc/crypto-policies/local.d but "openssh-*.config" does not.  The glob in update-crypto-policies is incorrectly and greedily grabbing both.


Version-Release number of selected component (if applicable):

crypto-policies-20180306-1.gitaea6928.fc28

How reproducible:

Always

Steps to Reproduce:
1.Have a /etc/crypto-policies/local.d/opensshserver-*.config but NOT a /etc/crypto-policies/local.d/openssh-*.config
2. Run update-crypto-policies.

Actual results:

# update-crypto-policies
Setting system policy to FUTURE
cat: '/etc/crypto-policies/local.d/openssh-*.config': No such file or directory

Expected results:

# update-crypto-policies
Setting system policy to FUTURE


Additional info:
Comment 1 Nikos Mavrogiannopoulos 2018-04-11 09:07:00 UTC 
Thanks. Would you like to send a patch to address that upstream?
https://gitlab.com/redhat-crypto/fedora-crypto-policies
Comment 2 Andrew 2018-04-11 16:42:08 UTC 
I'd love to help, but I'm not actually a developer.
Comment 3 Andrew 2018-04-11 18:47:55 UTC 
Created attachment 1420510 [details]
"diff -u" output to fix greedy local.d filename glob

I took a quick look and the fix seems quite simple.  Attaching a "diff -u" showing the fix.
Comment 4 Nikos Mavrogiannopoulos 2018-04-12 07:14:21 UTC 
Thank you. I moved it upstream:
https://gitlab.com/redhat-crypto/fedora-crypto-policies/merge_requests/20
Comment 5 Fedora Update System 2018-04-25 15:37:45 UTC 
crypto-policies-20180425-1.git6ad4018.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-878bffe79b
Comment 6 Fedora Update System 2018-04-26 04:53:30 UTC 
crypto-policies-20180425-1.git6ad4018.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-878bffe79b
Comment 7 Fedora Update System 2018-04-27 23:07:59 UTC 
crypto-policies-20180425-1.git6ad4018.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.