Description of problem:
`update-crypto-policies --set <policy>` should create the files and symbolic links in /etc/crypto-policies/back-ends.
If there is a file of the form $app-XXX.config in /etc/crypto-policies/local.d
it's supposed to be appended to the policy file of $app.
Currently, this does not work, local custom files get ignored.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. place a custom file in /etc/crypto-policies/local.d, e.g.
/etc/crypto-policies/local.d/gnutls-test.config, fill it with some
2. run `update-crypto-policies --set DEFAULT`
3. /etc/crypto-policies/back-ends/gnutls.config should now contain the content
of /usr/share/crypto-policies/DEFAULT/gnutls.txt and appended
but it's just a link to /usr/share/crypto-policies/DEFAULT/gnutls.txt
The custom configuration files don't get included.
The custom configuration files should get included.
I believe the culprit is in /usr/bin/update-crypto-policies in line 90:
if test -z $(ls "$local_dir/$basefile-*.config" 2>/dev/null);then
Here, the glob symbol * gets used within quotation marks and this does not expand. Therefore the local customization file isn't found and the code branch
for appending it does not get executed.
I think the quotation marks are intended to catch the case that someone uses
custom configuration files with white spaces in the file name.
In this case I propose
if test -z "$(ls $local_dir/$basefile-*.config 2>/dev/null)";then
This way `test -z` gets a quoted string that can contain white spaces and the
glob within also works. But please take a critical look at it yourself, I might
have misunderstood what was intended with the quotes.
crypto-policies-20181026-1.gitd42aaa6.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-bd3e06a89a
crypto-policies-20181026-1.gitd42aaa6.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-bd3e06a89a
crypto-policies-20181026-1.gitd42aaa6.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.