Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package base-fips-image for openSUSE:Factory
checked in at 2025-12-19 16:42:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/base-fips-image (Old)
and /work/SRC/openSUSE:Factory/.base-fips-image.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "base-fips-image"
Fri Dec 19 16:42:45 2025 rev:13 rq:1323572 version:%OS_VERSION_ID_SP%.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/base-fips-image/base-fips-image.changes
2025-12-17 17:40:25.265869382 +0100
+++
/work/SRC/openSUSE:Factory/.base-fips-image.new.1928/base-fips-image.changes
2025-12-19 16:43:33.288123211 +0100
@@ -1,0 +2,5 @@
+Thu Dec 18 19:50:49 UTC 2025 - SUSE Update Bot <[email protected]>
+
+- switch to fips-mode-setup and cleanup scripts after run
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ Dockerfile ++++++
--- /var/tmp/diff_new_pack.KtitLQ/_old 2025-12-19 16:43:35.744225922 +0100
+++ /var/tmp/diff_new_pack.KtitLQ/_new 2025-12-19 16:43:35.764226758 +0100
@@ -23,7 +23,7 @@
FROM opensuse/tumbleweed:latest
RUN set -euo pipefail; \
- zypper -n install --no-recommends openSUSE-release
openSUSE-release-appliance-docker coreutils crypto-policies-scripts
+ zypper -n install --no-recommends openSUSE-release
openSUSE-release-appliance-docker coreutils crypto-policies-scripts
update-bootloader
# cleanup logs and temporary files
RUN set -euo pipefail; zypper -n clean -a; \
@@ -54,7 +54,15 @@
# endlabelprefix
LABEL io.artifacthub.package.readme-url="%SOURCEURL_WITH(README.md)%"
LABEL usage="This container should only be used on a FIPS enabled host (fips=1
on kernel cmdline)."
-RUN set -euo pipefail; update-crypto-policies --no-reload --set FIPS
+
+RUN set -euo pipefail; fips-mode-setup --enable --no-bootcfg
+RUN set -euo pipefail; rpm -e libpython3_13-1_0 python313-base
update-bootloader crypto-policies-scripts
+RUN set -euo pipefail; rm -rf
{/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2};
\
+ rm -rf {/target,}/run/*; \
+ rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \
+ rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \
+ rm -f {/target,}/var/cache/ldconfig/aux-cache; \
+ command -v zypper >/dev/null 2>&1 || rm -f /var/lib/zypp/AutoInstalled
ENV GNUTLS_FORCE_FIPS_MODE=1
ENV LIBGCRYPT_FORCE_FIPS_MODE=1
