From d6ba398825bfdd67daf57bac0a4d8bcb281a62a8 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 11 Oct 2022 21:48:30 +0100
Subject: [PATCH] appliance: Copy in /etc/crypto-policies/back-ends/ files

Downstream patched openssl in Fedora 37+ broke unless
/etc/crypto-policies/back-ends/opensslcnf.conf is present.  Files in
this directory are generated by %post rules that use scripting
languages so cannot easily be created by supermin.

Force a copy of the host files into the appliance.  This is not ideal
and is hopefully a temporary fix until Fedora's openssl is fixed.

A symptom of this problem is the error:

  Requested hash sha256 is not supported.
  Failed to set pbkdf parameters.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2133884
---
 appliance/hostfiles.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/appliance/hostfiles.in b/appliance/hostfiles.in
index e78c79bd34..2c42a858e8 100644
--- a/appliance/hostfiles.in
+++ b/appliance/hostfiles.in
@@ -14,6 +14,12 @@ dnl   FRUGALWARE=1   For Frugalware.
 dnl   MAGEIA=1       For Mageia.
 dnl   OPENMANDRIVA=1 For OpenMandriva.
 
+# Work around broken openssl in Fedora 37+ by forcibly copying in
+# these host configuration files (RHBZ#2133884).
+ifelse(REDHAT,1,
+/etc/crypto-policies/back-ends/*.config
+)
+
 /etc/ld.so.cache
 /lib/lsb/*
 /usr/share/augeas/lenses/*.aug
-- 
2.37.0.rc2