From f2e70b89bf0a9838f8711b2e06d4db86eb2dbadc Mon Sep 17 00:00:00 2001
From: Jakub Kadlcik <frostyx@email.cz>
Date: Wed, 4 Nov 2020 00:56:41 +0100
Subject: [PATCH] copr: fallback to DEFAULT:FEDORA32 instead of LEGACY on
 builders

This option is less open/permitting, but should be good enough since
we are currently running F32 builders and haven't messed with the
crypto policy value. According to

https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Upgrade.2Fcompatibility_impact

the `DEFAULT:FEDORA32` should be the first step and only when it is
not good enough, then we should fallback to `LEGACY`.

Thank you @nirik
---
 inventory/group_vars/copr_back_dev_aws                        | 4 ++--
 .../copr/backend/files/provision/provision_builder_tasks.yml  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/inventory/group_vars/copr_back_dev_aws b/inventory/group_vars/copr_back_dev_aws
index 5a1de3b0be..f950e244c0 100644
--- a/inventory/group_vars/copr_back_dev_aws
+++ b/inventory/group_vars/copr_back_dev_aws
@@ -19,8 +19,8 @@ copr_builder_images:
   ppc64le: copr-builder-ppc64le-f31-20200117_132023
   aarch64: copr-builder-aarch64-f32-20200914_073754
   aws:
-    x86_64: ami-00543302d3ba064c9 # copr-builder-x86_64-f33-20201103_231733
-    aarch64: ami-064aea199aef492fd # copr-builder-aarch64-f33-20201103_232312
+    x86_64: ami-0ad1e73a406ec019c # copr-builder-x86_64-f33-20201103_234804
+    aarch64: ami-0d6ee7c406179d49b # copr-builder-aarch64-f33-20201103_235420
 
 do_sign: "true"
 
diff --git a/roles/copr/backend/files/provision/provision_builder_tasks.yml b/roles/copr/backend/files/provision/provision_builder_tasks.yml
index 1db9c7599a..eaa8105bab 100644
--- a/roles/copr/backend/files/provision/provision_builder_tasks.yml
+++ b/roles/copr/backend/files/provision/provision_builder_tasks.yml
@@ -39,8 +39,8 @@
     - prepare_base_image is defined
 
 # https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
-- name: fallback to the LEGACY crypto policies
-  command: update-crypto-policies --set LEGACY
+- name: fallback to the legacy crypto policies
+  command: update-crypto-policies --set DEFAULT:FEDORA32
   when:
     - prepare_base_image is defined