Uploaded image for project: 'RHEL Documentation'
  1. RHEL Documentation
  2. RHELDOCS-19539

FIPS bootc image creation fails on FIPS enabled host

XMLWordPrintable

    • None
    • rhel-container-tools
    • 2
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • CCS 2025-6
    • None
    • Known Issue
    • Hide
      .FIPS bootc image creation fails on FIPS enabled host

      Building a disk image on a host by using Podman with enabled the FIPS mode fails with the exit code 3 because of the update-crypto-policies package:
      ----
      # Enable the FIPS crypto policy
      # crypto-policies-scripts is not installed by default in RHEL-10
      RUN dnf install -y crypto-policies-scripts && update-crypto-policies --no-reload --set FIPS
      ----
      Workaround: Build the bootc image with FIPS mode disabled.
      Show
      .FIPS bootc image creation fails on FIPS enabled host Building a disk image on a host by using Podman with enabled the FIPS mode fails with the exit code 3 because of the update-crypto-policies package: ---- # Enable the FIPS crypto policy # crypto-policies-scripts is not installed by default in RHEL-10 RUN dnf install -y crypto-policies-scripts && update-crypto-policies --no-reload --set FIPS ---- Workaround: Build the bootc image with FIPS mode disabled.
    • Done
    • Done
    • Done
    • Done

      Document link:

      https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_image_mode_for_rhel_to_build_deploy_and_manage_operating_systems/index#enabling-the-fips-mode-by-using-bootc-image-builder-tool_enabling-the-fips-mode-while-building-a-bootc-image

      Section number and name:

      7.1. Enabling the FIPS mode by using bootc-image-builder

      Describe the issue:

      When running podman build from a host that is in FIPS mode, the update-crypto-policies step fails with exit code 3.

      Impact of this issue:

      Must disable FIPS mode on the host before the image will build.

      Suggestions for improvement:

              gnecasov@redhat.com Gabriela Necasova
              cbrophy@probitas-project.com Charles Brophy (Inactive)
              Eliane Pereira
              Gabriela Necasova Gabriela Necasova
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: