lbu: Wrong cipher match in check_openssl
Configuration : Alpine 3.10.1 (Virt/Standard) with openssl-1.1.1c-r0 and alpine-conf-3.8.3-r0 . I cannot test edge or latest release easily, as I don't have direct access to the internet, but the problem should be the same according to git repositories and the commit related to the bug (https://git.alpinelinux.org/alpine-conf/commit/lbu.in?id=c2275905471687b0cf2470edc20d25f2192b8250).
When generating an encrypted apkovl, lbu failed with :
# lbu commit -e
Cipher aes-256-cbc is not supported
Although "-aes-256-cbc" is listed when executing command
# openssl enc -ciphers
It seems that openssl enc -ciphers now displays 3 ciphers on the same line, each cipher starting with "-", so that, in the function check_openssl (/sbin/lbu), the grep command (line 129) is not working as intended and the error message is displayed.
$OPENSSL enc -ciphers | grep "^$ENCRYPTION$" > /dev/null \
|| die "Cipher $ENCRYPTION is not supported"
I tried this version of the command with success on 3.10.1 :
$OPENSSL enc -ciphers | grep -o "$ENCRYPTION" > /dev/null \
|| die "Cipher $ENCRYPTION is not supported"
I know that we will run into the same problem in the initramfs-init script from mkinitfs (unpack_apkovl function). Should I open an other ticket for this one ? I don't know if this pattern is used elsewhere in Alpine tools.