On a FIPS-enabled 4.12 cluster, FileIntegrity fails to reach Active status because the default AIDE configuration uses a non-FIPS-compliant algorithm, resulting in the error: 'Error initializing the AIDE DB: Use of FIPS disallowed algorithm under FIPS mode (exit status 64)'."    

4.12.0-0.nightly-2025-05-15-032348 + quay.io/redhat-user-workloads/ocp-isc-tenant/file-integrity-operator-fbc-4-12:latest index image(operator image registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:69670664d82a5cacc2f3d0c0c0066fcdcf93de74b4ddf176f7458df274d69a42)    

Always    

1. Install File Integrity Operatorv1.3.6 on a fips enabled cluster 
2. Create a fileintegrity with the default aide config:
% oc apply -f -<<EOF
apiVersion: fileintegrity.openshift.io/v1alpha1
kind: FileIntegrity
metadata:
  name: example-fileintegrity
  namespace: openshift-file-integrity
spec:
  debug: true
  config:
    gracePeriod: 60
EOF
fileintegrity.fileintegrity.openshift.io/example-fileintegrity created

FileIntegrity fails to reach Active status due to “Error initializing the AIDE DB: Use of FIPS disallowed algorithm under FIPS mode exit status 64”
% oc get fileintegrity example-fileintegrity -o json | jq '.status'
{
  "phase": "Initializing"
}
xiyuan@xiyuan-mac openshift-tests-private % oc get pod
NAME                                      READY   STATUS             RESTARTS      AGE
aide-example-fileintegrity-2brz6          1/1     Running            5 (87s ago)   8m
aide-example-fileintegrity-glmrk          0/1     CrashLoopBackOff   4 (86s ago)   8m1s
aide-example-fileintegrity-mnh2l          0/1     CrashLoopBackOff   4 (55s ago)   7m35s
aide-example-fileintegrity-ndtnc          0/1     CrashLoopBackOff   4 (82s ago)   7m55s
aide-example-fileintegrity-r58wq          0/1     CrashLoopBackOff   4 (91s ago)   8m
aide-example-fileintegrity-zzmhw          1/1     Running            5 (96s ago)   8m
file-integrity-operator-968f68f98-kxf6v   1/1     Running            2 (69m ago)   69m
xiyuan@xiyuan-mac openshift-tests-private % oc logs pod/aide-example-fileintegrity-glmrk  --all-containers 
2025-05-29T07:43:37Z: Starting the AIDE runner daemon
W0529 07:43:37.357148       1 client_config.go:659] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
2025-05-29T07:43:37Z: debug: Getting FileIntegrity openshift-file-integrity/example-fileintegrity
2025-05-29T07:43:37Z: debug: Still waiting for file integrity instance initialization
2025-05-29T07:43:37Z: debug: initializing set to true by handleAIDEInit
2025-05-29T07:43:37Z: debug: aide files locked by handleAIDEInit
2025-05-29T07:43:37Z: initializing AIDE db
2025-05-29T07:43:37Z: debug: /hostroot/etc/kubernetes/aide.db.gz is missing or empty, did not back-up
2025-05-29T07:43:37Z: debug: copying /hostroot/etc/kubernetes/aide.log to /hostroot/etc/kubernetes/aide.log.backup-20250529T07_43_37
2025-05-29T07:43:37Z: debug: pruned backup files - removed /hostroot/etc/kubernetes/aide.log.backup-20250529T07_35_39
2025-05-29T07:43:37Z: Error initializing the AIDE DB: Use of FIPS disallowed algorithm under FIPS mode exit status 64
2025-05-29T07:43:37Z: debug: creating temporary configMap 'aide-example-fileintegrity-ip-10-0-68-62.us-east-2.compute.internal' to report an ERROR scan result
2025-05-29T07:43:37Z: debug: logging event for error: exit status 64
2025-05-29T07:43:37Z: warning: couldn't report the daemon failure (the server could not find the requested resource)
2025-05-29T07:43:37Z: debug: aide files unlocked by handleAIDEInit
2025-05-29T07:43:37Z: debug: initializing set to false by handleAIDEInit
2025-05-29T07:43:37Z: debug: cancelling main routine
2025-05-29T07:43:37Z: debug: exiting.. waiting for goroutines to finish
2025-05-29T07:43:37Z: debug: logCollectorLoop canceled by the main routine!
E0529 07:43:38.449081       1 retrywatcher.go:129] "Watch failed" err="context canceled"
2025-05-29T07:43:39Z: debug: holdOffLoop cancelled by the main routine!
E0529 07:43:39.449402       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:40.449762       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:41.449911       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:42.450089       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:43.450198       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:44.450379       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:45.450479       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:46.450687       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:47.450714       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:48.451748       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:49.452774       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:50.452900       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:51.453747       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:52.453930       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:53.454052       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:54.454229       1 retrywatcher.go:129] "Watch failed" err="context canceled"
E0529 07:43:55.454378       1 retrywatcher.go:129] "Watch failed" err="context canceled”    

FileIntegrity should reach Active status soon.    

The issue is for 4.12 only