rpm: Set up crypto-policies configuration for OpenSSL

Some of the tests currently fail with OpenSSL failed to create a new SSL_CTX: error:80000002:system library::No such file or directory This is caused by the fact that the crypto-policies configuration is completely missing inside the containers, likely as a consequence of the fact that bazeldnf skips all of the usual RPM postinst logic. Make sure that the configuration for OpenSSL exists by manually creating the necessary symlinks. This ensures nc works, both in the virt-launcher container and the one used for testing. The crypto-policies configuration actually covers more than just OpenSSL, but the other files don't seem to be necessary for the purpose of KubeVirt working. We can add more symlinks in the future if they turn out to be needed. Note that the files in question were absent in the CentOS Stream 8-based container too, but no errors were reported at the time. Either nc or OpenSSL must have become more strict in CentOS Stream 9. Signed-off-by: Andrea Bolognani <[email protected]>
cnchef · Oct 27, 2022 · e25d36b · e25d36b
1 parent e949387
commit e25d36b
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/rpm/BUILD.bazel b/rpm/BUILD.bazel
@@ -617,6 +617,8 @@ rpmtree(
         "@zlib-0__1.2.11-20.el8.aarch64//rpm",
     ],
     symlinks = {
+        "/etc/crypto-policies/back-ends/openssl.config": "/usr/share/crypto-policies/DEFAULT/openssl.txt",
+        "/etc/crypto-policies/back-ends/opensslcnf.config": "/usr/share/crypto-policies/DEFAULT/opensslcnf.txt",
         "/var/run": "../run",
         "/usr/sbin/iptables": "/usr/sbin/iptables-legacy",
         "/usr/bin/nc": "/usr/bin/ncat",
@@ -833,6 +835,8 @@ rpmtree(
         "@zlib-0__1.2.11-20.el8.x86_64//rpm",
     ],
     symlinks = {
+        "/etc/crypto-policies/back-ends/openssl.config": "/usr/share/crypto-policies/DEFAULT/openssl.txt",
+        "/etc/crypto-policies/back-ends/opensslcnf.config": "/usr/share/crypto-policies/DEFAULT/opensslcnf.txt",
         "/var/run": "../run",
         "/usr/sbin/iptables": "/usr/sbin/iptables-legacy",
         "/usr/bin/nc": "/usr/bin/ncat",
@@ -1658,6 +1662,8 @@ rpmtree(
         "@zlib-0__1.2.11-20.el8.aarch64//rpm",
     ],
     symlinks = {
+        "/etc/crypto-policies/back-ends/openssl.config": "/usr/share/crypto-policies/DEFAULT/openssl.txt",
+        "/etc/crypto-policies/back-ends/opensslcnf.config": "/usr/share/crypto-policies/DEFAULT/opensslcnf.txt",
         "/var/run": "../run",
         "/usr/bin/nc": "/usr/bin/ncat",
     },
@@ -1781,6 +1787,8 @@ rpmtree(
         "@zlib-0__1.2.11-20.el8.x86_64//rpm",
     ],
     symlinks = {
+        "/etc/crypto-policies/back-ends/openssl.config": "/usr/share/crypto-policies/DEFAULT/openssl.txt",
+        "/etc/crypto-policies/back-ends/opensslcnf.config": "/usr/share/crypto-policies/DEFAULT/opensslcnf.txt",
         "/var/run": "../run",
         "/usr/bin/nc": "/usr/bin/ncat",
     },