Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.2.0.z
Affects Version/s: None
Component/s: git-lfs
Labels:
None

Fixed in Build:
git-lfs-3.2.0-2.el9_2
Regression:
None
Severity:
None
Keywords:

ZStream

Pool Team:

sst_cs_apps
Sub-System Group:

ssg_core_services

Story Points:
3
ACKs Check:

Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None
Release Blocker:
Approved Blocker
Target Backport Versions:

rhel-9.4.z

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/138736
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

The git-lfs binary is currently being shipped in the DevWorkspace Operator Project Clone container, which is a Red Hat product. The Operator FIPS Static Check CVP test is currently showing a warning that the git-lfs binary is not FIPS compliant, see https://issues.redhat.com/browse/CRW-6246. This test will become a gating test (i.e. we can't ship Devworkspace Operator unless the git-lfs binary becomes FIPS compliant) by the end of CY24 Q2.

I'm hopeful that in order for git-lfs to be FIPS compliant, some additional go compiler flags need to be added, something along the lines of:

CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime GOOS=linux GOARCH=${ARCH} GO111MODULE=on go build ...  -tags strictfipsruntime

blocks

CRW-6246 git-lfs binary used in DevWorkspace Operator Project Clone container is not FIPS compliant

Open

links to

RHBA-2024:138736 git-lfs update

Assignee:: Ondrej Pohorelsky

Reporter:: Andrew Obuchowicz

QA Contact:: Lukas Zachar

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/06/05 6:20 PM

Updated:: 2024/10/01 2:29 AM

Resolved:: 2024/10/01 2:29 AM

Release Date:: 2024/10/01

Details

Description

Attachments

Issue Links

Activity

People

Dates