From 1fc63e2b5150548edb3e910aa270e49c8b35223b Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 14 Aug 2024 10:16:25 +0200 Subject: [PATCH] HSM: fix the module name During the server installation, the installer checks if the SElinux policy module for the specific hardware is detected. The current code mixed up SElinux policy module name and RPM package name and resulted in a false warning that the module was missing. The module name is ipa-nfast or ipa-luna, not ipa-selinux-nfast or ipa-selinux-luna. The name is defined in the spec file as %{module}-nfast and module=ipa. Fixes: https://pagure.io/freeipa/issue/9636 Signed-off-by: Florence Blanc-Renaud Reviewed-By: Alexander Bokovoy --- ipaserver/install/ca.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 9ff91b9cc..ffcb52683 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -277,9 +277,9 @@ def hsm_validator(token_name, token_library, token_password): # validate that the appropriate SELinux module is installed # Only warn in case the expected paths don't match. if 'nfast' in token_library: - module = 'ipa-selinux-nfast' + module = 'ipa-nfast' elif 'luna' in token_library: - module = 'ipa-selinux-luna' + module = 'ipa-luna' else: module = None if module: