Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: set fips in manifest according to our customizations #709

Merged
merged 1 commit into from
Nov 12, 2024
Merged

fix: set fips in manifest according to our customizations #709

merged 1 commit into from
Nov 12, 2024

Conversation

stevenperaltaf5
Copy link
Contributor

addresses #708

cgwalters
cgwalters reviewed Nov 10, 2024
View reviewed changes
Copy link
Contributor

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know enough about this code to 100% say this is correct but it looks plausible.

Basically as long as we end up with fips=1 on the Anaconda kernel commandline, that's what we want.

@mvo5 mvo5 mentioned this pull request Nov 12, 2024
Merged
@mvo5
Copy link
Collaborator

mvo5 commented Nov 12, 2024

Thanks, this looks good, I did a small followup in #715 that adds a (manifest level) test to ensure this does not regress.

mvo5
mvo5 approved these changes Nov 12, 2024
View reviewed changes
Copy link
Collaborator

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we also want to support this customization for non-iso images(?)

@mvo5 mvo5 added this pull request to the merge queue Nov 12, 2024
mvo5 added a commit to mvo5/images that referenced this pull request Nov 12, 2024
@mvo5
image: add support for FIPS customization to BootcDiskImage
f63e313 
This commit is a followup for
osbuild/bootc-image-builder#709 and adds
support for FIPS to the `BootcDiskImage` image type.

One open question is if this should be done at this level or
if the container itself should set the kernel cmdline to FIPS
and bib would not bother.
@mvo5 mvo5 mentioned this pull request Nov 12, 2024
Closed
@mvo5
Copy link
Collaborator

mvo5 commented Nov 12, 2024

I also did a small followup in osbuild/images#1035 for non-iso bootc containers but there is an open questions if this should come via customization or the bootc container itself would set it.

Merged via the queue into osbuild:main with commit bd71da0 Nov 12, 2024
6 of 9 checks passed
@henrywang
Copy link
Member

I guess we also want to support this customization for non-iso images(?)

Only ISO use non-bootc to deploy image. bootc supports kargs. So for non-ISO, FIPS can be enabled in Containerfile. Just in case fips=1 configured twice.

@stevenperaltaf5 stevenperaltaf5 mentioned this pull request Nov 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgwalters cgwalters cgwalters left review comments

@mvo5 mvo5 mvo5 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@stevenperaltaf5 @mvo5 @henrywang @cgwalters