fixup! Disable FIPS mode in Docker container during apt-get update

DataBiosphere · Nov 19, 2024 · ae8aed8 · ae8aed8
1 parent bb9fa93
commit ae8aed8
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -46,7 +46,7 @@ RUN mkdir terraform \
 RUN install -m 0755 -d /etc/apt/keyrings
 COPY --chmod=0644 bin/keys/docker-apt-keyring.pgp /etc/apt/keyrings/docker.gpg
 ARG azul_docker_version
-ARG azul_proc_sys_crypto=/tmp
+ARG azul_proc_sys_crypto
 RUN --mount=type=bind,source=fips_enabled,target=${azul_proc_sys_crypto}/fips_enabled \
     set -o pipefail \
     && ( \

diff --git a/environment.py b/environment.py
@@ -901,5 +901,13 @@ def env() -> Mapping[str, Optional[str]]:
         # in the Azul VPC. This subnet can't overlap the VPC CIDR and the subnet
         # mask must be less than 22 bits.
         #
-        'azul_vpn_subnet': None
+        'azul_vpn_subnet': None,
+
+        # When building the Azul dockerfile on a FIPS mode enabled system (e.g.
+        # GitLab), this variable should be set to `/proc/sys/crypto`, the path
+        # where a `fips_enabled` file will be mounted. This is required for the
+        # command `apt-get update` to succeed which would otherwise fail on
+        # Debian bookworm with FIPS mode enabled.
+        #
+        'azul_proc_sys_crypto': '/tmp'
     }