Re: rpmlint warning: crypto-policy-non-compliance-gnutls-1
On Mon, May 27, 2019 at 3:00 PM Tomas Mraz wrote: > > Anderson, FYI. Could you please answer the question below? > > On Fri, 2019-05-24 at 17:58 +0100, Richard W.M. Jones wrote: > > > libnbd.x86_64: W: crypto-policy-non-compliance-gnutls-1 > > > /usr/lib64/libnbd.so.0.0.0 gnutls_priority_set_direct > > > This application package calls a function to explicitly set crypto > > > ciphers for > > > SSL/TLS. That may cause the application not to use the system-wide > > > set > > > cryptographic policy and should be modified in accordance to: > > > https://fedoraproject.org/wiki/Packaging:CryptoPolicies > > > > The library does call gnutls_priority_set_direct, but in a way which > > I > > believe still uses the system policies: > > > > %prep > > ./configure --with-tls-priority=@LIBNBD,SYSTEM > > > > sets ... > > > > #define TLS_PRIORITY "@LIBNBD,SYSTEM" > > > > which calls ... > > > > err = gnutls_priority_set_direct (session, TLS_PRIORITY, NULL); > > > > So we're good and we can ignore this warning, right? > > > > I should note that I copied this coding pattern from libvirt. It looks good to me. The rpmlint shouldn't have warned there however. It seems that it incorrectly checks for SYSLOG string instead of SYSTEM. https://src.fedoraproject.org/rpms/rpmlint/blob/master/f/rpmlint.config#_475 regards, Nikos ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: rpmlint warning: crypto-policy-non-compliance-gnutls-1
Anderson, FYI. Could you please answer the question below? On Fri, 2019-05-24 at 17:58 +0100, Richard W.M. Jones wrote: > > libnbd.x86_64: W: crypto-policy-non-compliance-gnutls-1 > > /usr/lib64/libnbd.so.0.0.0 gnutls_priority_set_direct > > This application package calls a function to explicitly set crypto > > ciphers for > > SSL/TLS. That may cause the application not to use the system-wide > > set > > cryptographic policy and should be modified in accordance to: > > https://fedoraproject.org/wiki/Packaging:CryptoPolicies > > The library does call gnutls_priority_set_direct, but in a way which > I > believe still uses the system policies: > > %prep > ./configure --with-tls-priority=@LIBNBD,SYSTEM > > sets ... > > #define TLS_PRIORITY "@LIBNBD,SYSTEM" > > which calls ... > > err = gnutls_priority_set_direct (session, TLS_PRIORITY, NULL); > > So we're good and we can ignore this warning, right? > > I should note that I copied this coding pattern from libvirt. > > Rich. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
rpmlint warning: crypto-policy-non-compliance-gnutls-1
> libnbd.x86_64: W: crypto-policy-non-compliance-gnutls-1 > /usr/lib64/libnbd.so.0.0.0 gnutls_priority_set_direct > This application package calls a function to explicitly set crypto ciphers for > SSL/TLS. That may cause the application not to use the system-wide set > cryptographic policy and should be modified in accordance to: > https://fedoraproject.org/wiki/Packaging:CryptoPolicies The library does call gnutls_priority_set_direct, but in a way which I believe still uses the system policies: %prep ./configure --with-tls-priority=@LIBNBD,SYSTEM sets ... #define TLS_PRIORITY "@LIBNBD,SYSTEM" which calls ... err = gnutls_priority_set_direct (session, TLS_PRIORITY, NULL); So we're good and we can ignore this warning, right? I should note that I copied this coding pattern from libvirt. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/ ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
