From e5606578de7485568f626660743ed3ad58e8a037 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 3 Nov 2020 14:10:39 -0800
Subject: [PATCH] base: try changing f33 crypto-policies to a less open version
 to get 2fa working

LEGACY allows all kinds of old junk, lets try and just
enable the things that FEDORA32 allowed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/base/tasks/crypto-policies.yml        | 4 ++--
 roles/base/templates/crypto-policies-config | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)
 delete mode 100644 roles/base/templates/crypto-policies-config

diff --git a/roles/base/tasks/crypto-policies.yml b/roles/base/tasks/crypto-policies.yml
index 7f2bb5f111..5c2d9bc8fe 100644
--- a/roles/base/tasks/crypto-policies.yml
+++ b/roles/base/tasks/crypto-policies.yml
@@ -17,8 +17,8 @@
   - base/crypto-policies
 
 - name: Set crypto-policy on fedora 33 and higher hosts to allow 2fa to work
-  command: "update-crypto-policies --set LEGACY"
-  when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('LEGACY') == -1 or cryptopolicyapplied.rc != 0)"
+  command: "update-crypto-policies --set DEFAULT:FEDORA32"
+  when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT:FEDORA32') == -1 or cryptopolicyapplied.rc != 0)"
   tags:
   - crypto-policies
   - base/crypto-policies
diff --git a/roles/base/templates/crypto-policies-config b/roles/base/templates/crypto-policies-config
deleted file mode 100644
index af05e9bc61..0000000000
--- a/roles/base/templates/crypto-policies-config
+++ /dev/null
@@ -1 +0,0 @@
-LEGACY