Skip to content

[ubuntu24.04][FIPS] disable FIPS enforcement temporarily when enabling pro mode #418

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 27, 2025
Merged

[ubuntu24.04][FIPS] disable FIPS enforcement temporarily when enabling pro mode #418

merged 1 commit into from
Aug 27, 2025

Conversation

@tariq1890
Copy link
Contributor

@tariq1890 tariq1890 commented Aug 26, 2025
edited
Loading

When running pro attach on an Ubuntu 24.04 container, we are faced with a strange "chicken & egg" problem as the pro client attempts to use openssl + fips when it detects that the underlying kernel is fips_enabled, however, the FIPS packages are only available after the pro client enables APT repo access to the FIPS packages.

To work around this problem, we explicitly set the env var OPENSSL_FORCE_FIPS_MODE=0 to unblock the pro client calls. After successful enablement of FIPS mode, we download the OpenSSL FIPS module and unset the OPENSSL_FORCE_FIPS_MODE env var

@tariq1890 tariq1890 requested a review from cdesiniotis August 26, 2025 22:03
@tariq1890 tariq1890 force-pushed the u24.04-disable-fips-enforcement branch from d926595 to 83ea514 Compare August 26, 2025 22:43
@tariq1890 tariq1890 changed the title [ubuntu24.04][FIPS] disable FIPS enforcement when enabling pro mode [ubuntu24.04][FIPS] disable FIPS enforcement temporarily when enabling pro mode Aug 26, 2025
@tariq1890 tariq1890 force-pushed the u24.04-disable-fips-enforcement branch from 83ea514 to 2f8b08b Compare August 27, 2025 00:00
tariq1890
tariq1890 commented Aug 27, 2025
View reviewed changes
@tariq1890 tariq1890 force-pushed the u24.04-disable-fips-enforcement branch from 2f8b08b to d2f80b9 Compare August 27, 2025 16:29
@tariq1890 tariq1890 force-pushed the u24.04-disable-fips-enforcement branch from d2f80b9 to 84526e4 Compare August 27, 2025 16:54
@tariq1890 tariq1890 merged commit b577c14 into main Aug 27, 2025
17 checks passed
@tariq1890 tariq1890 deleted the u24.04-disable-fips-enforcement branch August 27, 2025 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cdesiniotis cdesiniotis cdesiniotis approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tariq1890 @cdesiniotis