From c0ee1bed066861a9f58d31129522862312d39b0f Mon Sep 17 00:00:00 2001
From: Maeve Andrews <maeve@git.mail.maeveandrews.com>
Date: Mon, 24 May 2021 17:30:17 -0400
Subject: [PATCH 1/2] Use latest Buster CI image

---
 devops/gce-nested/gce-start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devops/gce-nested/gce-start.sh b/devops/gce-nested/gce-start.sh
index 9cbcb5bcd7..0328eeda05 100755
--- a/devops/gce-nested/gce-start.sh
+++ b/devops/gce-nested/gce-start.sh
@@ -25,7 +25,7 @@ function find_latest_ci_image() {
     #    --filter="family:fpf-securedrop AND name ~ ^ci-nested-virt" \
     #    --sort-by=~Name --limit=1 --format="value(Name)"
     # Return hardcoded image id to prevent newer builds from breaking CI
-    echo "ci-nested-virt-buster-1606755081"
+    echo "ci-nested-virt-buster-1623169910"
 }
 
 # Call out to GCE API and start a new instance, designating

From 011a0d11f3ab95c7d45fb9c19ba074718c314bd9 Mon Sep 17 00:00:00 2001
From: Maeve Andrews <maeve@git.mail.maeveandrews.com>
Date: Tue, 27 Jul 2021 17:51:02 -0400
Subject: [PATCH 2/2] Move apt-get update to separate command

Update is failing on Buster when done inside apache install `apt`.
---
 .../roles/app/tasks/install_and_harden_apache.yml             | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/install_files/ansible-base/roles/app/tasks/install_and_harden_apache.yml b/install_files/ansible-base/roles/app/tasks/install_and_harden_apache.yml
index 5bbfc5814c..de6c47ccd1 100644
--- a/install_files/ansible-base/roles/app/tasks/install_and_harden_apache.yml
+++ b/install_files/ansible-base/roles/app/tasks/install_and_harden_apache.yml
@@ -1,9 +1,11 @@
 ---
+- name: Update apt cache.
+  shell: apt-get update -q
+
 - name: Install apache packages.
   apt:
     pkg: "{{ apache_packages }}"
     state: present
-    update_cache: yes
     cache_valid_time: 3600
   tags:
     - apt