From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 6 Mar 2024 19:53:11 +0000 (+0100)
Subject: Copy existing crypto policies from the host into package manager tree
X-Git-Tag: v21~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51977327d6d8a735bd71f8b624e5a2e5713d01eb;p=thirdparty%2Fmkosi.git

Copy existing crypto policies from the host into package manager tree

apt on Fedora uses gnutls which requires
/etc/crypto-policies/back-ends/gnutls.config to work properly. Let's
copy the default crypto policies from the tools tree into the package
manager tree to make sure things keep working.
---

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 30f33a212..3c2492148 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1479,6 +1479,15 @@ def install_package_manager_trees(context: Context) -> None:
             passwd.write(f"{name}:x:{INVOKING_USER.uid}:{INVOKING_USER.gid}:{name}:{home}:/bin/sh\n")
         os.fchown(passwd.fileno(), INVOKING_USER.uid, INVOKING_USER.gid)
 
+    if (p := context.config.tools() / "etc/crypto-policies").exists():
+        copy_tree(
+            p, context.pkgmngr / "etc/crypto-policies",
+            preserve=False,
+            dereference=True,
+            tools=context.config.tools(),
+            sandbox=context.config.sandbox,
+        )
+
     if not context.config.package_manager_trees:
         return