lfg2025/archy
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 33 Wiki Activity

Revert "fix(iso): enable upstream fips.service so fresh installs show "active""

Browse Source 
This reverts commit 810c111ba7.
This commit is contained in:
Dorian
2026-04-19 10:00:25 -04:00
parent 659d44a761
commit da3012b75a
1 changed files with 0 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
image-recipe/build-auto-installer-iso.sh
View File

@@ -368,15 +368,6 @@ COPY --from=fips-builder /tmp/fips.deb /tmp/fips.deb
RUN apt-get update && apt-get install -y --no-install-recommends /tmp/fips.deb && \
apt-get clean && rm -rf /var/lib/apt/lists/* && rm /tmp/fips.deb
# Enable the upstream fips.service so FIPS status reads "active" on
# first boot. Without this, fresh installs show "inactive" — the
# npub is present (debian postinst wrote /etc/fips/fips.pub during
# package install) but the daemon isn't running, so traffic can't
# route over FIPS until the user hits Activate. Upstream unit is
# fine to enable unconditionally: it uses ephemeral identity until
# a persistent key is written, which is what fresh nodes want.
RUN systemctl enable fips.service || true
# Configure locale
RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen