Undefined
The boot image was recently bumped from 9.6.20251023-0 to 9.6.20251113-0 and this is preventing retrieval of bootstrap.ign from the S3 bucket in AWS jobs with the following error.
^[M^M^[[K[ ^[[0;31m*^[[0;1;31m*^[[0m^[[0;31m* ^[[0m] A start job is running for Ignition (fetch) (3min 24s / no limit) [ 207.575171] ignition[830]: GET https://openshift-bootstrap-data-ci-op-5b80im7c-1df13-t28s9.s3.us-east-2.amazonaws.com/control-plane/ci-op-5b80im7c-1df13-t28s9-bootstrap?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=A--redacted--t&X-Amz-Date=20251117T094929Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=1-redacted-2: attempt #45 [ 207.592320] ignition[830]: GET error: Get "https://openshift-bootstrap-data-ci-op-5b80im7c-1df13-t28s9.s3.us-east-2.amazonaws.com/control-plane/ci-op-5b80im7c-1df13-t28s9-bootstrap?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=A--redacted--t&X-Amz-Date=20251117T094929Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=1-redacted-2": crypto/ecdh: invalid random source in FIPS 140-only mode
Included in that boot image bump is the following package diff where the most likely issue is the updated Ignition build.
ignition-0-2.21.0-4.rhaos4.19.el9-x86_64 -> ignition-0-2.21.0-5.el9_6-x86_64
Comparing the two builds I see the following differences according to `go version -m` biggest likely moving from Go 1.23 to Go 1.25 where Go 1.24 in the middle grew native FIPS support and may enforce constraints that are not present in 1.23, hard to tell.
diff -uw0 ignition-rhaos-4.19.txt ignition-rhel-9.6.z.txt --- ignition-rhaos-4.19.txt 2025-11-17 11:28:46.977926780 -0500 +++ ignition-rhel-9.6.z.txt 2025-11-17 11:28:41.372926731 -0500 @@ -1 +1 @@ -./ignition: go1.23.9 (Red Hat 1.23.9-1.el9_6) +./ignition-rhel-9.6.z: go1.25.3 (Red Hat 1.25.3-1.el9_6) @@ -76 +76 @@ - build -ldflags="-linkmode=external -compressdwarf=false -X github.com/coreos/ignition/v2/internal/version.Raw=2.21.0 -X github.com/coreos/ignition/v2/internal/distro.selinuxRelabel=true -X github.com/coreos/ignition/v2/internal/distro.writeAuthorizedKeysFragment=false -compressdwarf=false -B 0x23c21ef154bf506415293b9f3a3d623d90cd30ae -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 '" + build -ldflags="-linkmode=external -compressdwarf=false -X github.com/coreos/ignition/v2/internal/version.Raw=2.21.0 -X github.com/coreos/ignition/v2/internal/distro.selinuxRelabel=true -compressdwarf=false -B 0xa088dbc383e01fb3752243acf7153f8b5bc4b7da -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 '" @@ -78 +78 @@ - build DefaultGODEBUG=asynctimerchan=1,gotypesalias=0,httpservecontentkeepheaders=1,tls3des=1,tlskyber=0,winreadlinkvolume=0,winsymlink=0,x509keypairleaf=0,x509negativeserial=1 + build DefaultGODEBUG=asynctimerchan=1,containermaxprocs=0,decoratemappings=0,gotestjsonbuildtext=1,gotypesalias=0,httpcookiemaxnum=0,httpservecontentkeepheaders=1,multipathtcp=0,randseednop=0,rsa1024min=0,tls3des=1,tlsmlkem=0,tlssha1=1,updatemaxprocs=0,winreadlinkvolume=0,winsymlink=0,x509keypairleaf=0,x509negativeserial=1,x509rsacrt=0,x509sha256skid=0,x509usepolicies=0
- links to