From 44c6b10a1813bfa019fb8ee2ec08a619e325ba08 Mon Sep 17 00:00:00 2001
From: Matej Matuska <mmatuska@redhat.com>
Date: Thu, 21 Aug 2025 14:34:37 +0200
Subject: [PATCH 45/55] modify_userspace_for_livemode: Remove RHEL7
 crypto-policies workaround

---
 .../libraries/prepareliveimage.py                   | 13 -------------
 .../tests/test_livemode_userspace_modifications.py  |  2 --
 2 files changed, 15 deletions(-)

diff --git a/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/libraries/prepareliveimage.py b/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/libraries/prepareliveimage.py
index 686c4cd6..116c463d 100644
--- a/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/libraries/prepareliveimage.py
+++ b/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/libraries/prepareliveimage.py
@@ -381,19 +381,6 @@ def setup_sshd(context, authorized_keys):
                 error
             )
 
-    # @Todo(mhecko): This is hazardous. I guess we are setting this so that we can use weaker SSH keys from RHEL7,
-    # #              but this way we change crypto settings system-wise (could be a problem for FIPS). Instead, we
-    # #              should check whether the keys will be OK on RHEL8, and inform the user otherwise.
-    if get_target_major_version() == '8':  # set to LEGACY for 7>8 only
-        try:
-            with context.open('/etc/crypto-policies/config', 'w+') as f:
-                f.write('LEGACY\n')
-        except OSError as error:
-            api.current_logger().warning('Cannot set crypto policy to LEGACY')
-            details = {'details': 'Failed to set crypto-policies to LEGACY due to the error: {0}'.format(error)}
-            raise StopActorExecutionError('Failed to set up livemode SSHD', details=details)
-
-
 # stolen from upgradeinitramfsgenerator.py
 def _get_target_kernel_version(context):
     """
diff --git a/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/tests/test_livemode_userspace_modifications.py b/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/tests/test_livemode_userspace_modifications.py
index e890f45a..b046d8c7 100644
--- a/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/tests/test_livemode_userspace_modifications.py
+++ b/repos/system_upgrade/common/actors/livemode/modify_userspace_for_livemode/tests/test_livemode_userspace_modifications.py
@@ -296,8 +296,6 @@ def test_setup_sshd(monkeypatch):
         Action(type_=ActionType.SYMLINK,
                args=('/usr/lib/systemd/system/sshd.service',
                      '/USERSPACE/etc/systemd/system/multi-user.target.wants/sshd.service')),
-        Action(type_=ActionType.OPEN, args=('/USERSPACE/etc/crypto-policies/config',)),
-        Action(type_=ActionType.WRITE, args=('LEGACY\n',)),
     ]
 
     error = assert_execution_trace_subsumes_other(actual_trace, expected_trace)
-- 
2.51.1