1564595 – Rename of /etc/crypto-policies/back-ends/opensshserver.config can cause /etc/crypto-policies/local.d parsing error

Bug 1564595 - Rename of /etc/crypto-policies/back-ends/opensshserver.config can cause /etc/crypto-policies/local.d parsing error

Summary: Rename of /etc/crypto-policies/back-ends/opensshserver.config can cause /etc/...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	crypto-policies
Sub Component:
Version:	28
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Red Hat Crypto Team
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-06 17:34 UTC by Andrew
Modified:	2018-04-27 23:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:	crypto-policies-20180425-1.git6ad4018.fc28
Clone Of:
Environment:
Last Closed:	2018-04-27 23:07:59 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
"diff -u" output to fix greedy local.d filename glob (566 bytes, patch) 2018-04-11 18:47 UTC, Andrew	no flags	Details \| Diff
View All

Description Andrew 2018-04-06 17:34:02 UTC

Description of problem:

The recent rename of /etc/crypto-policies/back-ends/openssh-server.config to "opensshserver.conf" can cause a (non-fatal) parsing error when running update-crypto-policies if "opensshserver-*.config" exists in /etc/crypto-policies/local.d but "openssh-*.config" does not.  The glob in update-crypto-policies is incorrectly and greedily grabbing both.


Version-Release number of selected component (if applicable):

crypto-policies-20180306-1.gitaea6928.fc28

How reproducible:

Always

Steps to Reproduce:
1.Have a /etc/crypto-policies/local.d/opensshserver-*.config but NOT a /etc/crypto-policies/local.d/openssh-*.config
2. Run update-crypto-policies.

Actual results:

# update-crypto-policies
Setting system policy to FUTURE
cat: '/etc/crypto-policies/local.d/openssh-*.config': No such file or directory

Expected results:

# update-crypto-policies
Setting system policy to FUTURE


Additional info:

Comment 1 Nikos Mavrogiannopoulos 2018-04-11 09:07:00 UTC

Thanks. Would you like to send a patch to address that upstream?
https://gitlab.com/redhat-crypto/fedora-crypto-policies

Comment 2 Andrew 2018-04-11 16:42:08 UTC

I'd love to help, but I'm not actually a developer.

Comment 3 Andrew 2018-04-11 18:47:55 UTC

Created attachment 1420510 [details]
"diff -u" output to fix greedy local.d filename glob

I took a quick look and the fix seems quite simple.  Attaching a "diff -u" showing the fix.

Comment 4 Nikos Mavrogiannopoulos 2018-04-12 07:14:21 UTC

Thank you. I moved it upstream:
https://gitlab.com/redhat-crypto/fedora-crypto-policies/merge_requests/20

Comment 5 Fedora Update System 2018-04-25 15:37:45 UTC

crypto-policies-20180425-1.git6ad4018.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-878bffe79b

Comment 6 Fedora Update System 2018-04-26 04:53:30 UTC

crypto-policies-20180425-1.git6ad4018.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-878bffe79b

Comment 7 Fedora Update System 2018-04-27 23:07:59 UTC

crypto-policies-20180425-1.git6ad4018.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.