1601426 – rkhunter complains about hidden files in libkcapi-hmaccalc

Bug 1601426 - rkhunter complains about hidden files in libkcapi-hmaccalc

Summary: rkhunter complains about hidden files in libkcapi-hmaccalc

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libkcapi
Sub Component:
Version:	28
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Ondrej Mosnacek
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-07-16 11:50 UTC by redhat
Modified:	2018-07-20 17:44 UTC (History)
CC List:	2 users (show)
Fixed In Version:	libkcapi-1.1.1-6.fc28
Clone Of:
Environment:
Last Closed:	2018-07-20 17:44:08 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description redhat 2018-07-16 11:50:23 UTC

Description of problem:
Package libkcapi-hmaccalc contains dot-files (aka hidden files) and rkhunter is complaining about these files. Are these files necessary?

# rpm -ql libkcapi-hmaccalc
/usr/bin/.sha1hmac.hmac
/usr/bin/.sha224hmac.hmac
/usr/bin/.sha256hmac.hmac
/usr/bin/.sha384hmac.hmac
/usr/bin/.sha512hmac.hmac

Version-Release number of selected component (if applicable):
libkcapi-1.1.1-1.fc28

How reproducible:
Always

Steps to Reproduce:
1. run rkhunter
2.
3.

Actual results:
Warning: Hidden file found: /usr/bin/.sha1hmac.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.sha224hmac.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.sha256hmac.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.sha384hmac.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.sha512hmac.hmac: ASCII text


Expected results:
No warning.

Additional info:
Either remove these files from the package or whitelist them in rkhunter data.

Comment 1 Ondrej Mosnacek 2018-07-16 13:49:05 UTC

These files are needed for FIPS integrity check of the sha*hmac binaries. They are marked as hidden because they are not executable files. It is also possible to use a different location for them where they wouldn't need to be hidden, but it will need some work. I had planned to do that eventually anyway, so I'll get back to it now (at least one other person has already complained about it).

Comment 2 Ondrej Mosnacek 2018-07-16 14:25:33 UTC

Builds are now running for new version that should fix the problem:
F28:     https://koji.fedoraproject.org/koji/taskinfo?taskID=28336977
rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=28336993

Comment 3 Fedora Update System 2018-07-17 08:02:55 UTC

libkcapi-1.1.1-6.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-49735c61ba

Comment 4 Fedora Update System 2018-07-19 20:18:25 UTC

libkcapi-1.1.1-6.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-49735c61ba

Comment 5 Fedora Update System 2018-07-20 17:44:08 UTC

libkcapi-1.1.1-6.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.