openstack
/
tripleo-common
Code Issues Proposed changes

[FIPS] Install nettle-3.8-3.el9 in tcib base container 

This patch adds installation of nettle-3.8-3.el9 to replace the rhel-9.0
version of the package, since 'dnf udpate' doesn't replace it.
The rhel-9.0 version of this package fails when running under FIPS.
When we get a new version o nettle in centos mirrors, the 'dnf update'
shall install a new version of the package and the workaround can be
remove.
We can't add a condition to install only when fips is enabled, since
build containers job doesn't run under fips enabled mode.

Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2154924
Related-Bug: https://bugs.launchpad.net/tripleo/+bug/1984237
Change-Id: Iedc128120fd6925800c7e95664ce4e13ee8868a8
This commit is contained in:
Douglas Viroel 2023-01-03 16:59:50 -03:00 committed by Douglas Viroel
parent 19b2a2a548
commit bd6900efa3
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
container-images/tcib/base/base.yaml
View File

@ -60,12 +60,17 @@ tcib_envs:
tcib_labels:
maintainer: OpenStack TripleO team
tcib_managed: True
# TODO: Temporary pinning nettle to 3.8-3.el9, so it can be reinstalled from centos-9 repos.
# nettle-3.8-3 is already installed in ubi9 image, but it conflicts with newer versions on gnutls
# installed from centos-9 repos. This workaround can be reverted once ubi9.2 is released, which
# should contain a newer version of gnutls with fixes to run under FIPS mode.
tcib_packages:
common:
- ca-certificates
- dumb-init
- glibc-langpack-en
- iscsi-initiator-utils
- nettle-3.8-3.el9
- openstack-tripleo-common-containers
- openstack-tripleo-common-container-base
- procps-ng