ykohut/leapp-repository
1
0
Fork 0
forked from rpms/leapp-repository
Code Pull Requests Activity
316902b8f7
leapp-repository/SOURCES/0045-modify_userspace_for_livemode-Remove-RHEL7-crypto-po.patch
eabdullin 316902b8f7 Import from CS git
2025-12-01 09:14:24 +00:00

52 lines
2.9 KiB
Diff
Raw Blame History

From 44c6b10a1813bfa019fb8ee2ec08a619e325ba08 Mon Sep 17 00:00:00 2001
From: Matej Matuska <mmatuska@redhat.com>
Date: Thu, 21 Aug 2025 14:34:37 +0200
Subject: [PATCH 45/55] modify_userspace_for_livemode: Remove RHEL7
crypto-policies workaround
---
.../libraries/prepareliveimage.py | 13 -------------
.../tests/test_livemode_userspace_modifications.py | 2 --
2 files changed, 15 deletions(-)
diff --git a/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/libraries/prepareliveimage.py b/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/libraries/prepareliveimage.py
index 686c4cd6..116c463d 100644
--- a/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/libraries/prepareliveimage.py
+++ b/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/libraries/prepareliveimage.py
@@ -381,19 +381,6 @@ def setup_sshd(context, authorized_keys):
error
)
- # @Todo(mhecko): This is hazardous. I guess we are setting this so that we can use weaker SSH keys from RHEL7,
- # # but this way we change crypto settings system-wise (could be a problem for FIPS). Instead, we
- # # should check whether the keys will be OK on RHEL8, and inform the user otherwise.
- if get_target_major_version() == '8': # set to LEGACY for 7>8 only
- try:
- with context.open('/etc/crypto-policies/config', 'w+') as f:
- f.write('LEGACY\n')
- except OSError as error:
- api.current_logger().warning('Cannot set crypto policy to LEGACY')
- details = {'details': 'Failed to set crypto-policies to LEGACY due to the error: {0}'.format(error)}
- raise StopActorExecutionError('Failed to set up livemode SSHD', details=details)
-
-
# stolen from upgradeinitramfsgenerator.py
def _get_target_kernel_version(context):
"""
diff --git a/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/tests/test_livemode_userspace_modifications.py b/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/tests/test_livemode_userspace_modifications.py
index e890f45a..b046d8c7 100644
--- a/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/tests/test_livemode_userspace_modifications.py
+++ b/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/tests/test_livemode_userspace_modifications.py
@@ -296,8 +296,6 @@ def test_setup_sshd(monkeypatch):
Action(type_=ActionType.SYMLINK,
args=('/usr/lib/systemd/system/sshd.service',
'/USERSPACE/etc/systemd/system/multi-user.target.wants/sshd.service')),
- Action(type_=ActionType.OPEN, args=('/USERSPACE/etc/crypto-policies/config',)),
- Action(type_=ActionType.WRITE, args=('LEGACY\n',)),
]
error = assert_execution_trace_subsumes_other(actual_trace, expected_trace)
--
2.51.1
View Git Blame Copy Permalink