Loading...

XML

Word

Printable

Release Note Type:
Known Issue
Release Note Text:

Hide
.FIPS bootc image creation fails on FIPS enabled host

Building a disk image on a host by using Podman with enabled the FIPS mode fails with the exit code 3 because of the update-crypto-policies package:
----
# Enable the FIPS crypto policy
# crypto-policies-scripts is not installed by default in RHEL-10
RUN dnf install -y crypto-policies-scripts && update-crypto-policies --no-reload --set FIPS
----
Workaround: Build the bootc image with FIPS mode disabled.

Show
.FIPS bootc image creation fails on FIPS enabled host Building a disk image on a host by using Podman with enabled the FIPS mode fails with the exit code 3 because of the update-crypto-policies package: ---- # Enable the FIPS crypto policy # crypto-policies-scripts is not installed by default in RHEL-10 RUN dnf install -y crypto-policies-scripts && update-crypto-policies --no-reload --set FIPS ---- Workaround: Build the bootc image with FIPS mode disabled.
Release Note Status:
Done
ProdDocsReview-CCS:
Done
ProdDocsReview-Dev:
Done
ProdDocsReview-QE:
Done

Document link:

Section number and name:

7.1. Enabling the FIPS mode by using bootc-image-builder

Describe the issue:

When running podman build from a host that is in FIPS mode, the update-crypto-policies step fails with exit code 3.

Impact of this issue:

Must disable FIPS mode on the host before the image will build.

Suggestions for improvement: