Description of problem: `update-crypto-policies --set <policy>` should create the files and symbolic links in /etc/crypto-policies/back-ends. If there is a file of the form $app-XXX.config in /etc/crypto-policies/local.d it's supposed to be appended to the policy file of $app. Currently, this does not work, local custom files get ignored. Version-Release number of selected component (if applicable): crypto-policies-20180925-1.git71ca85f.fc29 How reproducible: Steps to Reproduce: 1. place a custom file in /etc/crypto-policies/local.d, e.g. /etc/crypto-policies/local.d/gnutls-test.config, fill it with some string, e.g. "OPENCONNECT=NONE:+DHE-RSA:+AES-256-CBC:+SHA256:+VERS-TLS1.2:+SIGN-RSA-SHA256" 2. run `update-crypto-policies --set DEFAULT` 3. /etc/crypto-policies/back-ends/gnutls.config should now contain the content of /usr/share/crypto-policies/DEFAULT/gnutls.txt and appended "OPENCONNECT=NONE:+DHE-RSA:+AES-256-CBC:+SHA256:+VERS-TLS1.2:+SIGN-RSA-SHA256" but it's just a link to /usr/share/crypto-policies/DEFAULT/gnutls.txt Actual results: The custom configuration files don't get included. Expected results: The custom configuration files should get included. Additional info: I believe the culprit is in /usr/bin/update-crypto-policies in line 90: ``` if test -z $(ls "$local_dir/$basefile-*.config" 2>/dev/null);then ``` Here, the glob symbol * gets used within quotation marks and this does not expand. Therefore the local customization file isn't found and the code branch for appending it does not get executed. I think the quotation marks are intended to catch the case that someone uses custom configuration files with white spaces in the file name. In this case I propose ``` if test -z "$(ls $local_dir/$basefile-*.config 2>/dev/null)";then ``` This way `test -z` gets a quoted string that can contain white spaces and the glob within also works. But please take a critical look at it yourself, I might have misunderstood what was intended with the quotes.
crypto-policies-20181026-1.gitd42aaa6.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-bd3e06a89a
crypto-policies-20181026-1.gitd42aaa6.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-bd3e06a89a
crypto-policies-20181026-1.gitd42aaa6.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.