Copy existing crypto policies from the host into package manager tree

apt on Fedora uses gnutls which requires
/etc/crypto-policies/back-ends/gnutls.config to work properly. Let's
copy the default crypto policies from the tools tree into the package
manager tree to make sure things keep working.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 30f33a2124025422f9778cf2dec79e6303956a17..3c24921481cc86f62c3e7ee6dbfb7eb607449875 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1479,6 +1479,15 @@ def install_package_manager_trees(context: Context) -> None:
             passwd.write(f"{name}:x:{INVOKING_USER.uid}:{INVOKING_USER.gid}:{name}:{home}:/bin/sh\n")
         os.fchown(passwd.fileno(), INVOKING_USER.uid, INVOKING_USER.gid)
 
+    if (p := context.config.tools() / "etc/crypto-policies").exists():
+        copy_tree(
+            p, context.pkgmngr / "etc/crypto-policies",
+            preserve=False,
+            dereference=True,
+            tools=context.config.tools(),
+            sandbox=context.config.sandbox,
+        )
+
     if not context.config.package_manager_trees:
         return