opensourcemirror
/
cockpit
mirror of https://github.com/cockpit-project/cockpit.git
1
0
Fork 0
Code Issues Releases Wiki Activity

systemd: ignore subpolicy for FIPS crypto policies 

Our FIPS check compared the whole policy including subpolicies, as
FIPS:OCPP is a valid FIPS policy we should only check the policy.

Closes #18062
This commit is contained in:
Jelle van der Waa 2023-01-09 11:51:55 +01:00 committed by Jelle van der Waa
parent a1606d1944
commit 99bfebd6cb
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/systemd/overview-cards/cryptoPolicies.jsx
View File

@ -199,7 +199,7 @@ export const CryptoPolicyStatus = () => {
useEffect(() => {
if (currentCryptoPolicy === null) {
cockpit.file("/etc/crypto-policies/state/current")
.watch(content => setCurrentCryptoPolicy(content ? content.trim() : undefined));
.watch(content => setCurrentCryptoPolicy(content ? content.trim().split(':', 1)[0] : undefined));
}
cockpit.file("/proc/sys/crypto/fips_enabled").read()

6
test/verify/check-system-info
View File

@ -947,6 +947,12 @@ password=foobar
b.wait_text("#crypto-policy-button", "FIPS")
self.assertEqual(m.execute("cat /proc/sys/crypto/fips_enabled").strip(), "1")
m.execute(cmd + " --set DEFAULT")
b.wait_text("#inconsistent_crypto_policy", "Crypto policy is inconsistent")
m.execute(cmd + " --set FIPS:OSPP")
b.wait_text("#crypto-policy-button", "Fips:ospp")
b.wait_not_present("#inconsistent_crypto_policy")
# Setting via dialog
m.execute(cmd + " --set DEFAULT")
b.wait_text("#inconsistent_crypto_policy", "Crypto policy is inconsistent")