From 128ecc73a67769232908f8db16ed2e9f773ad734 Mon Sep 17 00:00:00 2001
From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue, 13 Aug 2024 12:45:09 +0200
Subject: [PATCH] Cherry-picked from
 commit:123d8197707e4c773281f68ab7b9128d6c500342 Related to: RHEL-58667

---
 anaconda.spec.in                                         | 2 +-
 pyanaconda/modules/security/installation.py              | 9 +++------
 pyanaconda/modules/security/security.py                  | 2 +-
 .../modules/security/test_module_security.py             | 6 +++---
 4 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/anaconda.spec.in b/anaconda.spec.in
index 8354afa7f42..8789b14a065 100644
--- a/anaconda.spec.in
+++ b/anaconda.spec.in
@@ -129,7 +129,7 @@ Requires: python3-pid
 
 # Required by the systemd service anaconda-fips.
 Requires: crypto-policies
-Requires: /usr/bin/update-crypto-policies
+Requires: crypto-policies-scripts
 
 # required because of the rescue mode and VNC question
 Requires: anaconda-tui = %{version}-%{release}
diff --git a/pyanaconda/modules/security/installation.py b/pyanaconda/modules/security/installation.py
index 4f2096e2053..db0ed675eba 100644
--- a/pyanaconda/modules/security/installation.py
+++ b/pyanaconda/modules/security/installation.py
@@ -161,13 +161,10 @@ def run(self):
             log.debug("Don't set up FIPS on %s.", conf.target.type.value)
             return
 
-        # We use the --no-bootcfg option as we don't want fips-mode-setup
-        # to modify the bootloader configuration. Anaconda already does
-        # everything needed & it would require grubby to be available on
-        # the system.
+        # Bootloader is not modified. Anaconda already does everything needed.
         util.execWithRedirect(
-            "fips-mode-setup",
-            ["--enable", "--no-bootcfg"],
+            "/usr/libexec/fips-setup-helper",
+            ["anaconda"],
             root=self._sysroot
         )
 
diff --git a/pyanaconda/modules/security/security.py b/pyanaconda/modules/security/security.py
index 7034a4fc685..fd3c3ca22c7 100644
--- a/pyanaconda/modules/security/security.py
+++ b/pyanaconda/modules/security/security.py
@@ -224,7 +224,7 @@ def collect_requirements(self):
         # Add FIPS requirements.
         if self.fips_enabled:
             requirements.append(Requirement.for_package(
-                "/usr/bin/fips-mode-setup",
+                "crypto-policies-scripts",
                 reason="Required for FIPS compliance."
             ))
 
diff --git a/tests/unit_tests/pyanaconda_tests/modules/security/test_module_security.py b/tests/unit_tests/pyanaconda_tests/modules/security/test_module_security.py
index d63ace7d2c3..4e2d89abc2e 100644
--- a/tests/unit_tests/pyanaconda_tests/modules/security/test_module_security.py
+++ b/tests/unit_tests/pyanaconda_tests/modules/security/test_module_security.py
@@ -360,7 +360,7 @@ def test_fips_requirements(self, kernel_arguments_mock):
         assert self.security_interface.CollectRequirements() == [
             {
                 "type": get_variant(Str, "package"),
-                "name": get_variant(Str, "/usr/bin/fips-mode-setup"),
+                "name": get_variant(Str, "crypto-policies-scripts"),
                 "reason": get_variant(Str, "Required for FIPS compliance.")
             }
         ]
@@ -1038,7 +1038,7 @@ def test_configure_fips_task(self, mock_util):
         task.run()
 
         mock_util.execWithRedirect.assert_called_once_with(
-            "fips-mode-setup",
-            ["--enable", "--no-bootcfg"],
+            "/usr/libexec/fips-setup-helper",
+            ["anaconda"],
             root="/mnt/sysroot"
         )