From 4004e8eb362a6ad535cd2179e4b50468b4e53afd Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 12 Oct 2022 10:11:47 +0100
Subject: [PATCH] appliance: Create symlink
 /etc/crypto-policies/back-ends/opensslcnf.config

Downstream patched openssl in Fedora 37+ broke unless
/etc/crypto-policies/back-ends/opensslcnf.conf is present.  Files in
this directory are generated by %post rules that use scripting
languages so cannot easily be created by supermin.

Add a symlink to the DEFAULT policy file if the configuration file
doesn't exist.

A symptom of this problem is the error:

  Requested hash sha256 is not supported.
  Failed to set pbkdf parameters.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2133884
Updates: commit d6ba398825bfdd67daf57bac0a4d8bcb281a62a8
---
 appliance/init | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/appliance/init b/appliance/init
index 19aa151b7..8bc6aa022 100755
--- a/appliance/init
+++ b/appliance/init
@@ -76,6 +76,13 @@ if ! test -e /etc/mtab; then
   ln -s /proc/mounts /etc/mtab
 fi
 
+# For openssl (RHBZ#2133884).
+if test -d /etc/crypto-policies/back-ends &&
+        ! test -f /etc/crypto-policies/back-ends/opensslcnf.config &&
+        test -f /usr/share/crypto-policies/DEFAULT/opensslcnf.txt ; then
+    ln -sf /usr/share/crypto-policies/DEFAULT/opensslcnf.txt /etc/crypto-policies/back-ends/opensslcnf.config
+fi
+
 # Static nodes must happen before udev is started.
 
 # Set up kmod static-nodes (RHBZ#1011907).