Description of problem: In Fedora CoreOS (FCOS) we don't ship any interpreters (aside from some basic ones like bash or awk), which means we don't ship python. FCOS is also intended to be used as an immutable OS, where configuration does not change after the initial provisioning. All configuration is handled via Ignition which reads Ignition configs and applies then on first boot from the initramfs. Having a python script to apply configuration is problematic for FCOS, both because it's in python and because applying configuration via a script is an antipattern for FCOS. It appears the script is just setting up symlinks for various config files. Am I missing anything else? We can create Ignition config snippets to do the same and have them applied like the rest of the configuration we apply. Furthermore, we have a tool for generating Ignition configs from a human-friendly format (the Fedora CoreOS Config Transpiler). We could add a keyword for setting the crypto policy there and generate Ignition configs with the corresponding symlinks automatically. How would you feel about splitting out the scripts and the actual configs into subpackage(s) so we can pull in the configs without pulling in a script that's not idiomatic for FCOS and pulls in python? Ref: https://github.com/coreos/fedora-coreos-tracker/issues/280
The reason for the python script is that only the 4 base policies are present in the package, but custom policies need the python to actually generate the configuration files for the crypto back-ends. But yes, if the crypto-policies support is limited to the 4 base policies, this could be done. If you propose a concrete patch to the package which will not break the full functionality on regulard Fedora install, I will be happy to merge it.
This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle. Changing version to 32.
This was already fixed as of F32 final release.