Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Labels:
None

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
COS-3427
Intelligence Requested:
Market:

Sprint:
Ready to Pick, CoreOS West - 276, CoreOS West - Sprint 277, CoreOS West - Sprint 278
Cost of Delay:
0

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

It was recommended to build ignition with GOEXPERIMENT=strictfipsruntime

Context slack thread:

https://redhat-internal.slack.com/archives/C04668B0XK2/p1751425524378039

TLDR; while debugging an issue with a fips.enable test failure, we discovered that golang 1.22 requires openssl fips shared object to be present in the initrd. openssl-fips-provider-so was changed to a subpackage at a later version and it was missing in the rhcos initrd. David Benoit from the go toolset team recommended we bulid with GOEXPERIMENT=strictfipsruntime for ignition.

account is impacted by

RHEL-118756 [c9s] Update ignition to use "strictfipsruntime"

In Progress

RHEL-118757 [c10s] Update ignition packaging to use "strictfipsruntime"

In Progress

Assignee:: Steven Presti

Reporter:: Michael Nguyen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/07/03 12:38 PM

Updated:: 2025/10/06 3:12 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates