From ae8aed80fab268d35be30a09f683a5ec446a9c8c Mon Sep 17 00:00:00 2001
From: Daniel Sotirhos <dsotirho@ucsc.edu>
Date: Thu, 14 Nov 2024 14:51:53 -0800
Subject: [PATCH] fixup! Disable FIPS mode in Docker container during apt-get
 update

---
 Dockerfile     |  2 +-
 environment.py | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e8ba2601cd..09e14acb5c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -46,7 +46,7 @@ RUN mkdir terraform \
 RUN install -m 0755 -d /etc/apt/keyrings
 COPY --chmod=0644 bin/keys/docker-apt-keyring.pgp /etc/apt/keyrings/docker.gpg
 ARG azul_docker_version
-ARG azul_proc_sys_crypto=/tmp
+ARG azul_proc_sys_crypto
 RUN --mount=type=bind,source=fips_enabled,target=${azul_proc_sys_crypto}/fips_enabled \
     set -o pipefail \
     && ( \
diff --git a/environment.py b/environment.py
index 333c701d04..1c5e5e71a2 100644
--- a/environment.py
+++ b/environment.py
@@ -901,5 +901,13 @@ def env() -> Mapping[str, Optional[str]]:
         # in the Azul VPC. This subnet can't overlap the VPC CIDR and the subnet
         # mask must be less than 22 bits.
         #
-        'azul_vpn_subnet': None
+        'azul_vpn_subnet': None,
+
+        # When building the Azul dockerfile on a FIPS mode enabled system (e.g.
+        # GitLab), this variable should be set to `/proc/sys/crypto`, the path
+        # where a `fips_enabled` file will be mounted. This is required for the
+        # command `apt-get update` to succeed which would otherwise fail on
+        # Debian bookworm with FIPS mode enabled.
+        #
+        'azul_proc_sys_crypto': '/tmp'
     }