From abb87be6c0b8e89bc8ed071dfd99243759e788e8 Mon Sep 17 00:00:00 2001
From: Marcus Burghardt <maburgha@redhat.com>
Date: Fri, 12 Jul 2024 11:19:03 +0200
Subject: [PATCH] Minimal profile will be removed in future authselect versions

It will be replaced by a profile called local. But the sssd profile will
continue there and therefore will be used to check the available
authselect features. It doesn't affect the existing rules since used
features are part of both profiles.
https://fedoramagazine.org/authselect-in-fedora-linux-40-migrating-to-the-new-local-profile/

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
---
 shared/macros/10-ansible.jinja | 4 ++--
 shared/macros/10-bash.jinja    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/shared/macros/10-ansible.jinja b/shared/macros/10-ansible.jinja
index 45f96fd1d4e6..84f23f4863b7 100644
--- a/shared/macros/10-ansible.jinja
+++ b/shared/macros/10-ansible.jinja
@@ -948,7 +948,7 @@ The following macro remediates Audit syscall rule in :code:`/etc/audit/audit.rul
 
 - name: '{{{ rule_title }}} - Collect the Available authselect Features'
   ansible.builtin.command:
-    cmd: authselect list-features minimal
+    cmd: authselect list-features sssd
   register: result_authselect_available_features
   changed_when: false
   when:
@@ -990,7 +990,7 @@ The following macro remediates Audit syscall rule in :code:`/etc/audit/audit.rul
 
 - name: '{{{ rule_title }}} - Collect the available authselect features'
   ansible.builtin.command:
-    cmd: authselect list-features minimal
+    cmd: authselect list-features sssd
   register: result_authselect_available_features
   changed_when: false
   when:
diff --git a/shared/macros/10-bash.jinja b/shared/macros/10-bash.jinja
index 0073cd87263f..49840b0d0966 100644
--- a/shared/macros/10-bash.jinja
+++ b/shared/macros/10-bash.jinja
@@ -893,7 +893,7 @@ PAM_FILE_PATH="/etc/authselect/$CURRENT_PROFILE/$PAM_FILE_NAME"
 #}}
 {{%- macro bash_pam_lastlog_enable_showfailed(pam_file, control, after_match='') -%}}
 if [ -f /usr/bin/authselect ]; then
-    if authselect list-features minimal | grep -q with-silent-lastlog; then
+    if authselect list-features sssd | grep -q with-silent-lastlog; then
         {{{ bash_disable_authselect_feature('with-silent-lastlog') | indent(8) }}}
     else
         {{# the following macro ensures the PAM_FILE_PATH variable is properly set #}}
@@ -926,7 +926,7 @@ fi
 #}}
 {{%- macro bash_pam_pwhistory_enable(pam_file, control, after_match='') -%}}
 if [ -f /usr/bin/authselect ]; then
-    if authselect list-features minimal | grep -q with-pwhistory; then
+    if authselect list-features sssd | grep -q with-pwhistory; then
         {{{ bash_enable_authselect_feature('with-pwhistory') | indent(8) }}}
     else
         {{# the following macro ensures the PAM_FILE_PATH variable is properly set #}}