Leap 16 container ships with fips #9

New Issue

Open

opened 2025-10-15 20:26:51 +02:00 by crameleon · 1 comment

crameleon commented 2025-10-15 20:26:51 +02:00

Copy Link

Is this supposed to be installed by default?

$ podman run -q --rm --pull=always opensuse/leap:16.0 rpm -qa '*fips*'
libopenssl-3-fips-provider-3.5.0-160000.2.1.x86_64
patterns-base-fips-20241218-lp160.3.1.x86_64

It breaks installing things like openssh-server during OBS container builds using this as a base image

[   31s]  > [4/5] RUN zypper -n in      OOMAnalyser     dehydrated-nginx        git     gitolite        jq      nginx nginx-module-brotli       openssh-server  postfix         redis   systemd:
[   31s] 0.156 'systemd' is already installed.
[   31s] 0.156 No update candidate for 'systemd-257.7-160000.2.2.x86_64'. The highest available version is already installed.
[   31s] 0.156 Resolving package dependencies...
[   31s] 0.159
[   31s] 0.160 Problem: 1: the installed patterns-base-fips-20241218-lp160.3.1.x86_64 requires '(crypto-policies-scripts if openssh-server)', but this requirement cannot be provided
[   31s] 0.160  Solution 1: deinstallation of patterns-base-fips-20241218-lp160.3.1.x86_64
[   31s] 0.160  Solution 2: do not install openssh-server-10.0p2-160000.2.2.x86_64
[   31s] 0.160  Solution 3: break patterns-base-fips-20241218-lp160.3.1.x86_64 by ignoring some of its dependencies
[   31s] 0.160
[   31s] 0.160 Choose from above solutions by number or cancel [1/2/3/c/d/?] (c): c

Is this supposed to be installed by default? ``` $ podman run -q --rm --pull=always opensuse/leap:16.0 rpm -qa '*fips*' libopenssl-3-fips-provider-3.5.0-160000.2.1.x86_64 patterns-base-fips-20241218-lp160.3.1.x86_64 ``` It breaks installing things like openssh-server during OBS container builds using this as a base image ``` [ 31s] > [4/5] RUN zypper -n in OOMAnalyser dehydrated-nginx git gitolite jq nginx nginx-module-brotli openssh-server postfix redis systemd: [ 31s] 0.156 'systemd' is already installed. [ 31s] 0.156 No update candidate for 'systemd-257.7-160000.2.2.x86_64'. The highest available version is already installed. [ 31s] 0.156 Resolving package dependencies... [ 31s] 0.159 [ 31s] 0.160 Problem: 1: the installed patterns-base-fips-20241218-lp160.3.1.x86_64 requires '(crypto-policies-scripts if openssh-server)', but this requirement cannot be provided [ 31s] 0.160 Solution 1: deinstallation of patterns-base-fips-20241218-lp160.3.1.x86_64 [ 31s] 0.160 Solution 2: do not install openssh-server-10.0p2-160000.2.2.x86_64 [ 31s] 0.160 Solution 3: break patterns-base-fips-20241218-lp160.3.1.x86_64 by ignoring some of its dependencies [ 31s] 0.160 [ 31s] 0.160 Choose from above solutions by number or cancel [1/2/3/c/d/?] (c): c ```

maxlin_factory commented 2025-10-16 09:49:32 +02:00

Member

Copy Link

I think crypto-policies-scripts should add to kiwi file in opensuse-leap-image package, but please file a bugreport at the https://bugzilla.suse.com/ then the issue can reach out to the right person.

I think `crypto-policies-scripts` should add to kiwi file in opensuse-leap-image package, but please file a bugreport at the https://bugzilla.suse.com/ then the issue can reach out to the right person.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

leap-16.0

No results found.

Labels

No items

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

abergmann adrianSuSE atartamo autobuild-owner autobuild-review autogits_obs_staging_bot autogits_workflow_pr_bot bfilho bigironman darix dmach eroca factory_bot gitea-actions-autobuild gsonnu jdsn legaldb lkocman-factory maintenance-release-review maxlin_factory mbozicevic mimi_vx mschnitzer msmeissn mstrigl oertel opensuse-review pluskalm qam-openqa-review rfrohl smithfarm

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: openSUSE/Leap-Images#9