Unbreak FIPS detection and hostkey filtering

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Jakub Jelen 2022-04-06 20:28:32 +02:00 committed by Jakub Jelen
parent 09f2c6a999
commit daa81ee84c

View file

@ -41,9 +41,9 @@
- name: Make sure hostkeys are available and have expected permissions - name: Make sure hostkeys are available and have expected permissions
vars: &share_vars vars: &share_vars
__sshd_fips_mode: >- __sshd_fips_mode: >-
- __sshd_hostkeys_nofips | d([]) {{ __sshd_hostkeys_nofips | d([]) and
- __sshd_kernel_fips_mode.content | b64decode == "1" | bool or \ (__sshd_kernel_fips_mode.content | d('MAo=') | b64decode | trim == '1' or
__sshd_userspace_fips_mode.content | b64decode != "0" | bool __sshd_userspace_fips_mode.content | d('MAo=') | b64decode | trim != '0') }}
# This mimics the macro body_option() in sshd_config.j2 # This mimics the macro body_option() in sshd_config.j2
# The explicit to_json filter is needed for Python 2 compatibility # The explicit to_json filter is needed for Python 2 compatibility
__sshd_hostkeys_from_config: >- __sshd_hostkeys_from_config: >-
@ -58,14 +58,14 @@
{{ __sshd_defaults['HostKey'] | to_json }} {{ __sshd_defaults['HostKey'] | to_json }}
{% endif %} {% endif %}
{% else %} {% else %}
[] {{ [] | to_json }}
{% endif %} {% endif %}
__sshd_verify_hostkeys: >- __sshd_verify_hostkeys: >-
{% if not sshd_verify_hostkeys %} {% if not sshd_verify_hostkeys %}
[] {{ [] | to_json }}
{% elif sshd_verify_hostkeys == 'auto' %} {% elif sshd_verify_hostkeys == 'auto' %}
{% if sshd_HostKey is string %} {% if __sshd_hostkeys_from_config | from_json is string %}
[ {{ __sshd_hostkeys_from_config }} ] {{ [ __sshd_hostkeys_from_config | from_json ] | to_json }}
{% else %} {% else %}
{{ __sshd_hostkeys_from_config }} {{ __sshd_hostkeys_from_config }}
{% endif %} {% endif %}