apt update on FIPS-enabled host
I am using this cypress/included image as a base image and needing to add curl
for some pipeline tasks setting up for our cypress tests to run.
Because of that, I need to run apt update
to get package lists before I can apt install curl
. Due to an issue with the debian base image with FIPS mode enabled, apt update
fails with the error shown below:
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Get:1 https://packages.microsoft.com/repos/edge stable InRelease [3590 B]
Get:2 https://packages.microsoft.com/repos/edge stable/main amd64 Packages [8128 B]
Get:3 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:4 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:5 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:6 https://dl.google.com/linux/chrome/deb stable InRelease [1825 B]
Get:7 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1079 B]
Get:8 http://deb.debian.org/debian bookworm/main amd64 Packages [8786 kB]
Get:9 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [12.7 kB]
Get:10 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [150 kB]
Fetched 9218 kB in 5s (1830 kB/s)
Reading package lists...
fatal error in libgcrypt, file ../../src/misc.c, line 92, function _gcry_fatal_error: requested algo not in md context
Fatal error: requested algo not in md context
Aborted (core dumped)
subprocess exited with status 134
subprocess exited with status 134
Similar issues were reported in various debian container based projects:
- https://github.com/debuerreotype/docker-debian-artifacts/issues/202
- https://github.com/jenkinsci/docker/issues/1694
- https://github.com/calebHankins/jankins/pull/35
- https://github.com/jenkinsci/docker-agent/issues/584
Curious how Iron Bank is getting this image to build or if there is any workaround in place that I might be able to use?