crypto-policies/crypto-policies-FIPS.patch

Index: fedora-crypto-policies/Makefile
===================================================================
--- fedora-crypto-policies.orig/Makefile
+++ fedora-crypto-policies/Makefile
@@ -5,8 +5,8 @@ MANDIR?=/usr/share/man
 CONFDIR?=/etc/crypto-policies
 DESTDIR?=
 MAN7PAGES=crypto-policies.7
-MAN8PAGES=update-crypto-policies.8 fips-finish-install.8 fips-mode-setup.8
-SCRIPTS=update-crypto-policies fips-finish-install fips-mode-setup
+MAN8PAGES=update-crypto-policies.8 fips-finish-install.8
+SCRIPTS=update-crypto-policies fips-finish-install
 NUM_PROCS = $$(getconf _NPROCESSORS_ONLN)
 PYVERSION = -3
 DIFFTOOL?=meld
Index: fedora-crypto-policies/crypto-policies.7.txt
===================================================================
--- fedora-crypto-policies.orig/crypto-policies.7.txt
+++ fedora-crypto-policies/crypto-policies.7.txt
@@ -144,9 +144,6 @@ PROVIDED POLICIES
 
 *FIPS*::
   A policy to aid conformance to the *FIPS 140-2* requirements.
-  This policy is used internally by the *fips-mode-setup(8)* tool
-  which can switch the system into the *FIPS 140-2* mode.
-  This policy provides at least 112-bit security.
 
   * MACs: all *HMAC* with *SHA1* or better
   * Curves: all prime >= 256 bits
@@ -255,12 +252,6 @@ COMMANDS
   back ends and allows the system administrator to change the active
   cryptographic policy.
 
-*fips-mode-setup(8)*::
-  This command allows the system administrator to enable, or disable the
-  system FIPS mode and also apply the *FIPS* cryptographic policy
-  which limits the allowed algorithms and protocols to these allowed by
-  the FIPS 140-2 requirements.
-
 
 NOTES
 -----
@@ -427,7 +418,7 @@ FILES
 
 SEE ALSO
 --------
-update-crypto-policies(8), fips-mode-setup(8)
+update-crypto-policies(8)
 
 
 AUTHOR
Index: fedora-crypto-policies/python/update-crypto-policies.py
===================================================================
--- fedora-crypto-policies.orig/python/update-crypto-policies.py
+++ fedora-crypto-policies/python/update-crypto-policies.py
@@ -344,16 +344,12 @@ def apply_policy(pconfig, profile=None,
                 eprint("Warning: Using 'update-crypto-policies --set FIPS' "
                        "is not sufficient for")
                 eprint("         FIPS compliance.")
-                eprint("         Use 'fips-mode-setup --enable' "
-                       "command instead.")
             elif fips_mode():
                 eprint("Warning: Using 'update-crypto-policies --set' "
                        "in FIPS mode will make the system")
                 eprint("         non-compliant with FIPS.")
                 eprint("         It can also break "
                        "the ssh access to the system.")
-                eprint("         Use 'fips-mode-setup --disable' "
-                       "to disable the system FIPS mode.")
 
     if base_dir == DEFAULT_BASE_DIR:
         if not os.geteuid() == 0:
Accepting request 921336 from home:pmonrealgonzalez:branches:security:tls - Remove the scripts and documentation regarding fips-finish-install and test-fips-setup * Add crypto-policies-FIPS.patch - Update to version 20210917.c9d86d1: * openssl: fix disabling ChaCha20 * pacify pylint 2.11: use format strings * pacify pylint 2.11: specify explicit encoding * fix minor things found by new pylint * update-crypto-policies: --check against regenerated * update-crypto-policies: fix --check's walking order * policygenerators/gnutls: revert disabling DTLS0.9... * policygenerators/java: add javasystem backend * LEGACY: bump 1023 key size to 1024 * cryptopolicies: fix 'and' in deprecation warnings * ssh: condition ecdh-sha2-nistp384 on SECP384R1 nss: hopefully the last fix for nss sigalgs check * cryptopolicies: Python 3.10 compatibility * nss: postponing check + testing at least something * Rename 'policy modules' to 'subpolicies' * validation.rules: fix a missing word in error * cryptopolicies: raise errors right after warnings * update-crypto-policies: capitalize warnings * cryptopolicies: syntax-precheck scope errors * .gitlab-ci.yml, Makefile: enable codespell * all: fix several typos * docs: don't leave zero TLS/DTLS protocols on * openssl: separate TLS/DTLS MinProtocol/MaxProtocol * alg_lists: order protocols new-to-old for consistency * alg_lists: max_{d,}tls_version OBS-URL: https://build.opensuse.org/request/show/921336 OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=14 2021-09-27 10:09:29 +02:00			`Index: fedora-crypto-policies/Makefile`
			`===================================================================`
			`--- fedora-crypto-policies.orig/Makefile`
			`+++ fedora-crypto-policies/Makefile`
			`@@ -5,8 +5,8 @@ MANDIR?=/usr/share/man`
			`CONFDIR?=/etc/crypto-policies`
			`DESTDIR?=`
			`MAN7PAGES=crypto-policies.7`
			`-MAN8PAGES=update-crypto-policies.8 fips-finish-install.8 fips-mode-setup.8`
			`-SCRIPTS=update-crypto-policies fips-finish-install fips-mode-setup`
			`+MAN8PAGES=update-crypto-policies.8 fips-finish-install.8`
			`+SCRIPTS=update-crypto-policies fips-finish-install`
			`NUM_PROCS = $$(getconf _NPROCESSORS_ONLN)`
			`PYVERSION = -3`
			`DIFFTOOL?=meld`
			`Index: fedora-crypto-policies/crypto-policies.7.txt`
			`===================================================================`
			`--- fedora-crypto-policies.orig/crypto-policies.7.txt`
			`+++ fedora-crypto-policies/crypto-policies.7.txt`
			`@@ -144,9 +144,6 @@ PROVIDED POLICIES`

			`FIPS::`
			`A policy to aid conformance to the FIPS 140-2 requirements.`
			`- This policy is used internally by the fips-mode-setup(8) tool`
			`- which can switch the system into the FIPS 140-2 mode.`
			`- This policy provides at least 112-bit security.`

			`* MACs: all HMAC with SHA1 or better`
			`* Curves: all prime >= 256 bits`
			`@@ -255,12 +252,6 @@ COMMANDS`
			`back ends and allows the system administrator to change the active`
			`cryptographic policy.`

			`-fips-mode-setup(8)::`
			`- This command allows the system administrator to enable, or disable the`
			`- system FIPS mode and also apply the FIPS cryptographic policy`
			`- which limits the allowed algorithms and protocols to these allowed by`
			`- the FIPS 140-2 requirements.`
			`-`

			`NOTES`
			`-----`
			`@@ -427,7 +418,7 @@ FILES`

			`SEE ALSO`
			`--------`
			`-update-crypto-policies(8), fips-mode-setup(8)`
			`+update-crypto-policies(8)`


			`AUTHOR`
			`Index: fedora-crypto-policies/python/update-crypto-policies.py`
			`===================================================================`
			`--- fedora-crypto-policies.orig/python/update-crypto-policies.py`
			`+++ fedora-crypto-policies/python/update-crypto-policies.py`
			`@@ -344,16 +344,12 @@ def apply_policy(pconfig, profile=None,`
			`eprint("Warning: Using 'update-crypto-policies --set FIPS' "`
			`"is not sufficient for")`
			`eprint(" FIPS compliance.")`
			`- eprint(" Use 'fips-mode-setup --enable' "`
			`- "command instead.")`
			`elif fips_mode():`
			`eprint("Warning: Using 'update-crypto-policies --set' "`
			`"in FIPS mode will make the system")`
			`eprint(" non-compliant with FIPS.")`
			`eprint(" It can also break "`
			`"the ssh access to the system.")`
			`- eprint(" Use 'fips-mode-setup --disable' "`
			`- "to disable the system FIPS mode.")`

			`if base_dir == DEFAULT_BASE_DIR:`
			`if not os.geteuid() == 0:`