particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

stages: add org.osbuild.update-crypto-policies stage

Browse source 
This stage calls `update-crypto-policies` to set the
policy applicable for the various cryptographic back-ends,
such as SSL/TLS libraries.

Signed-off-by: Miguel Martín <mmartinv@redhat.com>
This commit is contained in:
Miguel Martín 2023-11-08 14:43:43 +01:00 committed by Miguel Martin
parent 5a58c35680
commit f3d740aaf8
6 changed files with 2306 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1041
test/data/stages/update-crypto-policies/a.json Normal file
View file

File diff suppressed because it is too large Load diff

29
test/data/stages/update-crypto-policies/a.mpp.yaml Normal file
View file

@ -0,0 +1,29 @@
version: '2'
pipelines:
- mpp-import-pipelines:
path: ../manifests/fedora-vars.ipp.yaml
- mpp-import-pipeline:
path: ../manifests/fedora-build-v2.ipp.yaml
id: build
runner:
mpp-format-string: org.osbuild.fedora{release}
- name: tree
build: name:build
stages:
- type: org.osbuild.rpm
inputs:
packages:
type: org.osbuild.files
origin: org.osbuild.source
mpp-depsolve:
architecture: $arch
module-platform-id: $module_platform_id
repos:
mpp-eval: repos
packages:
- crypto-policies-scripts
options:
gpgkeys:
mpp-eval: gpgkeys
exclude:
docs: true

1047
test/data/stages/update-crypto-policies/b.json Normal file
View file

File diff suppressed because it is too large Load diff

32
test/data/stages/update-crypto-policies/b.mpp.yaml Normal file
View file

@ -0,0 +1,32 @@
version: '2'
pipelines:
- mpp-import-pipelines:
path: ../manifests/fedora-vars.ipp.yaml
- mpp-import-pipeline:
path: ../manifests/fedora-build-v2.ipp.yaml
id: build
runner:
mpp-format-string: org.osbuild.fedora{release}
- name: tree
build: name:build
stages:
- type: org.osbuild.rpm
inputs:
packages:
type: org.osbuild.files
origin: org.osbuild.source
mpp-depsolve:
architecture: $arch
module-platform-id: $module_platform_id
repos:
mpp-eval: repos
packages:
- crypto-policies-scripts
options:
gpgkeys:
mpp-eval: gpgkeys
exclude:
docs: true
- type: org.osbuild.update-crypto-policies
options:
policy: FIPS

107
test/data/stages/update-crypto-policies/diff.json Normal file
View file

@ -0,0 +1,107 @@
{
"added_files": ["/dev/null"],
"deleted_files": [],
"differences": {
"/etc/crypto-policies/back-ends/bind.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/bind.txt",
"/usr/share/crypto-policies/FIPS/bind.txt"
]
},
"/etc/crypto-policies/back-ends/gnutls.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/gnutls.txt",
"/usr/share/crypto-policies/FIPS/gnutls.txt"
]
},
"/etc/crypto-policies/back-ends/java.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/java.txt",
"/usr/share/crypto-policies/FIPS/java.txt"
]
},
"/etc/crypto-policies/back-ends/javasystem.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/javasystem.txt",
"/usr/share/crypto-policies/FIPS/javasystem.txt"
]
},
"/etc/crypto-policies/back-ends/krb5.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/krb5.txt",
"/usr/share/crypto-policies/FIPS/krb5.txt"
]
},
"/etc/crypto-policies/back-ends/libreswan.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/libreswan.txt",
"/usr/share/crypto-policies/FIPS/libreswan.txt"
]
},
"/etc/crypto-policies/back-ends/libssh.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/libssh.txt",
"/usr/share/crypto-policies/FIPS/libssh.txt"
]
},
"/etc/crypto-policies/back-ends/nss.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/nss.txt",
"/usr/share/crypto-policies/FIPS/nss.txt"
]
},
"/etc/crypto-policies/back-ends/openssh.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/openssh.txt",
"/usr/share/crypto-policies/FIPS/openssh.txt"]
},
"/etc/crypto-policies/back-ends/opensshserver.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/opensshserver.txt",
"/usr/share/crypto-policies/FIPS/opensshserver.txt"
]
},
"/etc/crypto-policies/back-ends/openssl.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/openssl.txt",
"/usr/share/crypto-policies/FIPS/openssl.txt"
]
},
"/etc/crypto-policies/back-ends/opensslcnf.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/opensslcnf.txt",
"/usr/share/crypto-policies/FIPS/opensslcnf.txt"
]
},
"/etc/crypto-policies/back-ends/rpm-sequoia.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt",
"/usr/share/crypto-policies/FIPS/rpm-sequoia.txt"
]
},
"/etc/crypto-policies/back-ends/sequoia.config": {
"symlink": [
"/usr/share/crypto-policies/DEFAULT/sequoia.txt",
"/usr/share/crypto-policies/FIPS/sequoia.txt"
]
},
"/etc/crypto-policies/config": {
"content": [
"sha256:ecae097fb02a733ac98c03d7527fd923d5c9607c6a02feb5f0d388375f3e70dc",
"sha256:858dd9c983a8e87bbb242952b737f33499c99ff5fd8b377b218da3836357c874"
]
},
"/etc/crypto-policies/state/CURRENT.pol": {
"content": [
"sha256:34459f8b102d05d1df56885c4a103e68ae6353f88ef41386402edf97c56eb505",
"sha256:3433137c54925eb3618bc7a34e33dfbc2d8fedad947256b91aa7ba7ac49eea51"
]
},
"/etc/crypto-policies/state/current": {
"content": [
"sha256:ecae097fb02a733ac98c03d7527fd923d5c9607c6a02feb5f0d388375f3e70dc",
"sha256:858dd9c983a8e87bbb242952b737f33499c99ff5fd8b377b218da3836357c874"
]
}
}
}